Update to NSS 3.41
This commit is contained in:
parent
8be7f95db1
commit
e557c2c2a1
1
.gitignore
vendored
1
.gitignore
vendored
@ -31,3 +31,4 @@ TestUser51.cert
|
|||||||
/nss-3.38.0.tar.gz
|
/nss-3.38.0.tar.gz
|
||||||
/nss-3.39.tar.gz
|
/nss-3.39.tar.gz
|
||||||
/nss-3.40.1.tar.gz
|
/nss-3.40.1.tar.gz
|
||||||
|
/nss-3.41.tar.gz
|
||||||
|
BIN
PayPalEE.cert
BIN
PayPalEE.cert
Binary file not shown.
BIN
PayPalICA.cert
BIN
PayPalICA.cert
Binary file not shown.
@ -1,29 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Daiki Ueno <dueno@redhat.com>
|
|
||||||
# Date 1541595734 -3600
|
|
||||||
# Wed Nov 07 14:02:14 2018 +0100
|
|
||||||
# Node ID 19fd907784e38a5febb54588353368af91b12551
|
|
||||||
# Parent 3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8
|
|
||||||
Bug 1505317, update PayPal test certs
|
|
||||||
|
|
||||||
diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
|
|
||||||
--- a/tests/chains/scenarios/realcerts.cfg
|
|
||||||
+++ b/tests/chains/scenarios/realcerts.cfg
|
|
||||||
@@ -21,7 +21,7 @@ verify TestUser51:x
|
|
||||||
result pass
|
|
||||||
|
|
||||||
verify PayPalEE:x
|
|
||||||
- policy OID.2.16.840.1.114412.1.1
|
|
||||||
+ policy OID.2.16.840.1.114412.2.1
|
|
||||||
result pass
|
|
||||||
|
|
||||||
verify BrAirWaysBadSig:x
|
|
||||||
diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst
|
|
||||||
--- a/tests/libpkix/vfychain_test.lst
|
|
||||||
+++ b/tests/libpkix/vfychain_test.lst
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
# Status | Leaf Cert | Policies | Others(undef)
|
|
||||||
0 TestUser50 undef
|
|
||||||
0 TestUser51 undef
|
|
||||||
-0 PayPalEE OID.2.16.840.1.114412.1.1
|
|
||||||
+0 PayPalEE OID.2.16.840.1.114412.2.1
|
|
14
nss.spec
14
nss.spec
@ -1,5 +1,5 @@
|
|||||||
%global nspr_version 4.20.0
|
%global nspr_version 4.20.0
|
||||||
%global nss_version 3.40.1
|
%global nss_version 3.41.0
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global saved_files_dir %{_libdir}/nss/saved
|
%global saved_files_dir %{_libdir}/nss/saved
|
||||||
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
||||||
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -94,15 +94,9 @@ Source25: key3.db.xml
|
|||||||
Source26: key4.db.xml
|
Source26: key4.db.xml
|
||||||
Source27: secmod.db.xml
|
Source27: secmod.db.xml
|
||||||
Source28: nss-p11-kit.config
|
Source28: nss-p11-kit.config
|
||||||
Source29: PayPalICA.cert
|
|
||||||
Source30: PayPalEE.cert
|
|
||||||
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||||
Patch2: nss-539183.patch
|
Patch2: nss-539183.patch
|
||||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
|
||||||
Patch5: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1505317
|
|
||||||
Patch6: nss-tests-paypal-certs-v2.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -234,7 +228,6 @@ Header and library files for doing development with Network Security Services.
|
|||||||
%setup -q -n %{name}-%{nss_archive_version}
|
%setup -q -n %{name}-%{nss_archive_version}
|
||||||
pushd nss
|
pushd nss
|
||||||
%autopatch -p1
|
%autopatch -p1
|
||||||
cp %{SOURCE29} %{SOURCE30} tests/libpkix/certs
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
|
||||||
@ -854,6 +847,9 @@ update-crypto-policies
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
|
||||||
|
- Update to NSS 3.41
|
||||||
|
|
||||||
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
|
||||||
- Switch to gyp buildsystem
|
- Switch to gyp buildsystem
|
||||||
- Remove unnecessary patches
|
- Remove unnecessary patches
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
--- nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
|
|
||||||
+++ nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
|
|
||||||
@@ -118,18 +118,18 @@
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
||||||
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
2
sources
2
sources
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||||
SHA512 (nss-3.40.1.tar.gz) = 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
|
SHA512 (nss-3.41.tar.gz) = b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114
|
||||||
|
Loading…
Reference in New Issue
Block a user