Update to NSS 3.41

2018-12-10 10:45:52 +01:00 · 2018-12-10 10:45:52 +01:00 · e557c2c2a1
parent 8be7f95db1
commit e557c2c2a1
7 changed files with 7 additions and 62 deletions
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,4 @@ TestUser51.cert
 /nss-3.38.0.tar.gz
 /nss-3.39.tar.gz
 /nss-3.40.1.tar.gz
+/nss-3.41.tar.gz
--- a/PayPalEE.cert
+++ b/PayPalEE.cert
--- a/PayPalICA.cert
+++ b/PayPalICA.cert
--- a/nss-tests-paypal-certs-v2.patch
+++ b/nss-tests-paypal-certs-v2.patch
@ -1,29 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1541595734 -3600
-#      Wed Nov 07 14:02:14 2018 +0100
-# Node ID 19fd907784e38a5febb54588353368af91b12551
-# Parent  3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
-Bug 1505317, update PayPal test certs
-
-diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
--- a/tests/chains/scenarios/realcerts.cfg
-+++ b/tests/chains/scenarios/realcerts.cfg
-@@ -21,7 +21,7 @@ verify TestUser51:x
-   result pass
- 
- verify PayPalEE:x
-  policy OID.2.16.840.1.114412.1.1 
-+  policy OID.2.16.840.1.114412.2.1 
-   result pass
- 
- verify BrAirWaysBadSig:x
-diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
--- a/tests/libpkix/vfychain_test.lst
-+++ b/tests/libpkix/vfychain_test.lst
-@@ -1,4 +1,4 @@
- # Status | Leaf Cert | Policies | Others(undef)
- 0 TestUser50 undef
- 0 TestUser51 undef
-0 PayPalEE OID.2.16.840.1.114412.1.1
-+0 PayPalEE OID.2.16.840.1.114412.2.1
--- a/nss.spec
+++ b/nss.spec
@ -1,5 +1,5 @@
 %global nspr_version 4.20.0
-%global nss_version 3.40.1
+%global nss_version 3.41.0
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 %global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          3%{?dist}
+Release:          1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@ -94,15 +94,9 @@ Source25:         key3.db.xml
 Source26:         key4.db.xml
 Source27:         secmod.db.xml
 Source28:         nss-p11-kit.config
-Source29:         PayPalICA.cert
-Source30:         PayPalEE.cert

 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
 Patch2:           nss-539183.patch
-# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
-Patch5:           rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1505317
-Patch6:           nss-tests-paypal-certs-v2.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -234,7 +228,6 @@ Header and library files for doing development with Network Security Services.
 %setup -q -n %{name}-%{nss_archive_version}
 pushd nss
 %autopatch -p1
-cp %{SOURCE29} %{SOURCE30} tests/libpkix/certs
 popd


@ -854,6 +847,9 @@ update-crypto-policies


 %changelog
+* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
+- Update to NSS 3.41
+
 * Thu Dec  6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
 - Switch to gyp buildsystem
 - Remove unnecessary patches
--- a/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
+++ b/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
@ -1,23 +0,0 @@
--- nss/lib/ssl/ssl3con.c.1185708_3des	2016-06-23 21:10:09.765992512 -0400
-+++ nss/lib/ssl/ssl3con.c	2016-06-23 22:58:39.121398601 -0400
-@@ -118,18 +118,18 @@
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- 
-  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
--- a/2
+++ b/2
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nss-3.40.1.tar.gz) = 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
+SHA512 (nss-3.41.tar.gz) = b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114