fc09930b4d
Update nss_util_version and nss_softoken_version to 3.24.0
...
- Resolves: Bug 1336849 - nss-3.24 is available
2016-05-24 06:49:40 -07:00
3648d70a92
Update to NSS 3.24.0
...
- Resolves: Bug 1336849 - nss-3.24 is available
- Update patches on account of the rebase
- Remove unused patches un account of the rebase
- Patch pem module to compile with wrning for unitilaized variables treated as errors
- Patch to skip some of the gtests as they use private calls and need to statically link with libnssutil.a
- TODO: bring this up with the external_tests framework developers upstream
2016-05-23 18:10:46 -07:00
2e6c8d6f71
Change POLICY_FILE to "nss.config"
2016-05-12 12:04:57 -07:00
299e9058d1
Change POLICY_FILE to "nss.cfg"
2016-04-22 08:25:14 -07:00
21d9cd13e1
Change the POLICY_PATH to "/etc/crypto-policies/back-ends"
...
- Regenerate the check policy patch with hg to provide more context
- the nss-util portion included though not applied here but in nss-util
- todo: file bug upstream once we have done some testing
2016-04-20 08:49:00 -07:00
b9c9bc550c
Fix typo in the last %changelog entry
2016-04-14 14:16:05 -07:00
ea86d5898c
Load policy file if /etc/pki/nssdb/policy.cfg exists
...
- Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy
2016-03-24 15:18:49 -07:00
b22cf46b7c
Remove unused patch rendered obsolete by pem update
2016-03-08 15:41:14 -08:00
2a45956d5b
Update pem sources to latest from nss-pem upstream
...
- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key
- Fixes memory leak on failed ASN1 decoding of RSA keys with rebase
- https://git.fedorahosted.org/cgit/nss-pem.git
2016-03-08 06:47:48 -08:00
e4343992f0
Rebase to NSS 3.23
2016-03-05 12:42:26 -08:00
c0f6099656
Requite nss and nss-softokn version 3.22.2
2016-02-27 16:45:41 -08:00
69c688f3b5
Rebase to NSS 3.22.2
...
- Resolves: Bug 1304135 - nss-3.22.2 is available
2016-02-26 21:59:01 -08:00
fe44847276
Fix ssl2/exp test disabling to run all the required tests
2016-02-22 20:49:28 -08:00
c281a339e1
Rebase to NSS 3.22.1
...
- Bug 1304135 - nss-3.22.1 is available
2016-02-21 11:30:52 -08:00
317de01a4d
Update .gitignore as part of updating to nss 3.22
2016-02-08 13:47:18 -08:00
5953345108
Update to NSS 3.22
2016-02-08 07:57:39 -08:00
f7ddea92df
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 10:56:52 +00:00
5fe1656484
Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite
...
- Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built
- Use %define when specifying the nss_tests to run
2016-01-15 11:12:08 -08:00
0483a01742
Add 64-bit MIPS to multilib arches
...
- Patch contributed by Michal Toman <michal.toman@gmail.com>
- Resolves: Bug 1294878 - Add 64-bit MIPS to multilib_arches
2015-12-31 08:11:54 -08:00
337a03cdd8
Fix style of commit message
2015-11-20 14:56:41 -08:00
34058a2a6e
Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0
...
- Bug 1284095 - all https fails with sec_error_no_token
2015-11-20 14:39:49 -08:00
66122a0ff7
Add references to bugs filed upstream
2015-11-15 10:51:54 -08:00
03da09b383
Enclose the _isa_bits check inside a %ifnarch noarch ... %endif one
2015-11-14 14:49:57 -08:00
69b02be530
Change the test to %if 0%{__isa_bits} == 64 as required in fedora
...
- As done in the patch contributed by Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit architectures
2015-11-14 11:32:57 -08:00
0a91ce3fe8
Complete the commits to update to NSS 3.21
...
- Add files missed in previous commit as they weren't staged
- Package listsuites as part of the unsupported tools set
- Resolves: Bug 1279912 - nss-3.21 is available
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
2015-11-13 18:03:07 -08:00
75207789dc
Update to NSS 3.20.1
2015-10-31 08:55:27 -07:00
82653be6b2
Enable ECC cipher-suites by default [hrbz#1185708]
...
- Split the enabling patch in two for easier maintenance
- Remove unused patches rendered obsolete by prior rebase
2015-09-30 11:34:48 -07:00
ae64727ebb
Enable ECC cipher-suites by default [hrbz#1185708]
...
- Implement corrections requested in code review
2015-09-16 09:25:43 -07:00
a046ce773a
Enable ECC cipher-suites by default [hrbz#1185708]
2015-09-15 16:21:10 -07:00
17f536942a
- Fix patches that disable ssl2 and export cipher suites support
...
- Fix libssl patch that disables ssl2 & export cipher suites not disable RSA_WITH_NULL ciphers
- Fix syntax erros in patch to skip ssl2 and export cipher suite tests to only skip what;s needed
- Turn ssl2 off by default in the tstclnt tool
- Disable ssl stress tests containing TLS RC4 128 with MD5
- Resolves: Bug 1263005
2015-09-14 18:15:13 -07:00
b10f7b1f18
Fix the version number in last %%changelog entry to be NSS 3.20
2015-08-20 15:15:28 -07:00
c4f83dca30
Update to NSS 3.120
2015-08-20 13:50:06 -07:00
8b92dbf50e
Update to NSS 3.19.3
...
- Resolves: Bug 1251624 - nss-3.19.3 is available
2015-08-07 21:13:01 -07:00
f35af25385
Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers
...
- Enhancement from Kai Engert already used on RHEL-7
2015-06-26 14:53:21 -07:00
0779a363b4
Update to NSS 3.19.2
2015-06-17 21:15:31 +02:00
3a7ef4801d
Update to NSS 3.19.1
2015-05-28 22:28:05 +02:00
856e33f728
Update to NSS 3.19
2015-05-19 21:07:35 +02:00
a58533f703
Replace expired test certificates, upstream bug 1151037
2015-05-15 16:23:25 +02:00
f59c0d1275
Update to nss-3.18.0
...
- Resolves: Bug 1203689 - nss-3.18 is available
2015-03-19 09:52:30 -07:00
9b7199b3db
Disable export suites and SSL2 support at build time
...
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-03-03 14:35:20 -08:00
fa80ce0efb
Rebuilt for Fedora 23 Change
...
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 22:27:31 +01:00
8687a87da5
Commented out the export NSS_NO_SSL2=1 line to not disable ssl2
...
- Backing out from disabling ssl2 until the patches are fixed
2015-02-09 17:52:50 -08:00
8cfb70a447
Disable SSL2 support at build time
...
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-02-08 18:30:17 -08:00
8c142e52fe
Update to nss-3.17.4
...
- remove a patch rendered obsolete by the rebase
2015-01-28 17:23:35 -08:00
c70e45537d
Own the %{_datadir}/doc/nss-tools dir
...
https://bugzilla.redhat.com/show_bug.cgi?id=1185573
2015-01-27 13:16:42 +02:00
62096f81c3
Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
...
- Install pp man page in %{_datadir}/doc/nss-tools/pp.1
- Use %{_mandir} instead of /usr/share/man as more generic
2014-12-16 07:43:44 -08:00
a60e3001fe
Install pp man page in alternative location
...
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
2014-12-15 08:26:07 -08:00
a7df0838aa
Update to nss-3.17.3
...
- Resolves: Bug 1171012 - nss-3.17.3 is available
2014-12-05 07:32:38 -08:00
3e2a0ea4de
Resolves: Bug 994599 - Enable TLS 1.2 by default
2014-10-16 16:36:18 -07:00
1765d80a6c
Update to nss-3.17.2
2014-10-12 09:06:05 -07:00
0ac07fb221
- Update to nss-3.17.1
...
- Add a mechanism to skip test suite execution during development work
2014-09-25 02:12:48 +02:00
64ca89cbe4
Rebuild for rpm bug 1131960
2014-08-21 11:48:33 -06:00
3e02cae346
Update to nss-3.17.0
...
- Update the iquote.patch on account of the rebase
2014-08-19 10:38:45 -07:00
db7f9bfa50
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 12:21:01 +00:00
eaa519320e
Replace expired PayPal test cert with current one to prevent build failure
...
- Using the new cert checked in upstream
- See https://hg.mozilla.org/projects/nss/rev/756ccadf33b3
2014-07-30 11:48:10 -07:00
8025e7be74
fix license handling
2014-07-18 18:52:34 -04:00
fd6a1f2171
Update to nss-3.16.2
...
- Resolves: Bug 1114319 - nss-3.16.2 is available
- Remove no longer needed patch
2014-06-29 10:50:40 -07:00
60816050f2
Remove unwanted source directories at the end of %prep so it truly does it
...
- Skip the cipher suite already run as part of the nss-softokn build
- Brings spec file fixes already approved and applied on rhel-6.6
2014-06-15 10:28:18 -07:00
296fce6af9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 10:09:47 -05:00
f94fcb299b
Replacing ppc64 and ppc64le with the power64 macro
...
- Related: Bug 1052545 - Trivial change for ppc64le in nss spec
2014-05-12 20:09:13 +02:00
4d04992e9a
Update to nss-3.16.1
...
- Update the iquote patch on account of the rebase
- Improve error detection in the %section
- Resolves: Bug 1094702 - nss-3.16.1 is available
2014-05-06 09:32:26 -07:00
37a942df5c
Require nspr-4.10.4
2014-03-19 08:45:26 -07:00
0834927548
Update to nss-3.16.0
...
- Cleanup the copying of the tools man pages
- Update the iquote.patch on account of the rebase
2014-03-18 17:27:02 -07:00
8b13702a67
Restore requiring nss_softokn_version >= 3.15.5
2014-03-04 07:33:25 -08:00
4f24d9e6c9
Remove reference to a patch that we aren't yet ready to apply.
2014-02-23 19:02:24 -08:00
23d7297fce
Temporarily requiring only nss_softokn_version >= 3.15.4
...
- This until a koji build environment prprobmem which that causes i686 nss-softokn builds
- to fail is resolved
- nss-softokn-3.15.5 has the same code as nss-softokn-3.15.4
2014-02-23 18:55:11 -08:00
9b8380a073
Update to nss-3.15.5
...
- Fix location of sharedb files and their manpages
- Move cert9.db, key4.db, and pkcs11.txt to the main package
- Move nss-sysinit manpages tar archives to the main package
- Resolves: Bug 1066877 - nss-3.15.5 is available
- Resolves: Bug 1067091 - Move sharedb files to the %files section
2014-02-19 13:28:37 -08:00
4c076bc0cd
Revert previous change that moved some sysinit manpages
...
- Restore nss-sysinit manpages tar archives to %files sysinit
- Removing spurious wildcard entry was the only change needed
2014-02-06 15:33:20 -08:00
4fb9d07b7f
Add explanatory comments for iquote.patch as was done on f20
...
- The reason for this running patch is far from obvious.
- Helps code reviwers as the patch sometimes needs updating
- when doing rebases to nss that introduce new functions.
2014-01-27 07:51:27 -08:00
a25fc11743
Update pem sources to latest from nss-pem upstream
...
- Update picks up pem fixes verified on RHEL and applied upstream
- Fix a problem where same files in two rpms created rpm conflict
- Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1050163
- Move some nss-sysinit manpages tar archives to the %files the
- All man pages are listed by name so there shouldn't be wildcard inclusion
- Add support for ppc64le, Resolves: Bug 1052545
2014-01-25 10:57:37 -08:00
5d65d327f1
ARM tests pass so remove ARM conditional
2014-01-20 18:48:37 +00:00
7285eaab48
Regenerated pem patch to be suitable for submission to interim upstream pem
2014-01-08 10:24:30 -08:00
569d439b91
Update two patches due to upstream changes
...
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
- Update iquote.patch on account of upstream changes
- Resolves: Bug 1049229 - nss-3.15.4 is available
2014-01-07 13:48:44 -08:00
aae9602c01
Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
...
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
2014-01-07 06:13:53 -08:00
b5567867a7
- Resolves: Bug 1040192 - nss-3.15.3.1 is available
2013-12-11 10:41:54 -08:00
4f6555074f
Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
...
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA
2013-117)
2013-12-11 08:37:47 -08:00
f37654e052
Bump the release tag
2013-12-03 14:12:35 -08:00
49e209f91d
Install symlink to setup-nsssysinit.sh, without the ".sh" suffix, that matches the man page documentation
2013-11-26 14:15:45 -08:00
67a7a21b0e
Update to NSS_3_15_3_RTM
...
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
2013-11-26 10:36:24 -08:00
658733b0d3
Bump the minimum required verion of nss-util and nss-softokn to 3.15.3
2013-11-23 21:06:02 -08:00
db7fe53123
Update to NSS_3_15_3_RTM
...
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
2013-11-23 20:47:19 -08:00
a6a13f1a66
Bump the release tag
2013-10-27 11:04:28 -07:00
4b2b74e5e0
Revert one change from last commit to preserve full nss pluggable ecc supprt
2013-10-27 11:00:35 -07:00
74d9e91174
Remove obsolete NSS_ECC_MORE_THAN_SUITE_B=1 export. It has no effect.
2013-10-23 11:38:39 -07:00
306dd778f4
Use the full sources from upstream
...
- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
2013-10-23 09:53:20 -07:00
9b70717281
- Update to NSS_3_15_2_RTM
...
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
- On CERT_GetKeyType a const qualifier was added to the input parameter and this we must include
- the cert.h from the build tree intead of the one in system/buildroot which is not up to date yet
2013-09-27 11:32:01 -07:00
8f6f357e88
Update to NSS_3_15_2_RTM
2013-09-27 09:50:45 -07:00
33f25f5720
Fix the release tag to be Release: 7%{?dist}
2013-08-28 15:08:50 -07:00
da85237ace
Update pem sources to pick up a patch applied upstream which a faulty merge had missed
...
- The pem module should not require unique file basenames
2013-08-28 12:59:23 -07:00
1c902d0023
Fix the version of nss-pem source tar ball to use
2013-08-27 21:17:53 -07:00
2c648570aa
Update pem sources to the latest from interim upstream
2013-08-27 21:08:54 -07:00
b4e6e308a6
Resolves: rhbz#996639 - Minor bugs in nss man pages
...
- Fix some typos and improve description and see also sections
2013-08-19 11:56:32 -07:00
5761e30a94
Cleanup spec file to address most rpmlint errors and warnings
...
- Using double percent symbols to fix macro-in-comment warnings
- Ignore unversioned-explicit-provides nss-system-init per spec comments
- Ignore invalid-url Source0 as it comes from the git lookaside cache
- Ignore invalid-url Source12 as it comes from the git lookaside cache
2013-08-11 12:16:20 -07:00
3888f3b230
Add man page for pkcs11.txt configuration file and cert and key databases
...
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
2013-07-25 14:21:44 -07:00
8ae46fa97f
Fix errors in the man pages
...
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
2013-07-19 10:42:57 -07:00
cf4a750103
Update to NSS_3_15_1_RTM
...
- Enable the iquote.patch to access newly introduced types
- New types and constants added to sslprot.h, sslerr.h, and sslt.h require thhe in-tree headers to be picked up first
2013-07-02 15:15:25 -07:00
8943f1ad54
Update to NSS_3_15_RTM
2013-07-02 13:44:44 -07:00
efdced7007
Revert "Reenable patches required for compatibility on stable fedora branches"
...
This reverts commit 65efb2c2f3
2013-06-23 19:39:13 -07:00
65efb2c2f3
Reenable patches required for compatibility on stable fedora branches
...
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
b8273ce04c
Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
...
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
e36079dd45
Build nss without softoken or util sources in the tree
...
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
41e94360c9
Update ssl-cbc-random-iv-by-default.patch
...
- Added a missing comma
2013-06-17 16:23:06 -07:00
2f66633263
Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
...
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
f6ec57311f
Update to NSS_3_15_RTM
2013-06-15 12:48:12 -07:00
2249db62a6
Fix incorrect path that hid failed test from view
...
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
2a8c1318ea
Update to NSS_3_15_BETA1
...
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
59b5d52d9e
* Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
...
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
21e8668243
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
...
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
7b5d7ea05f
* Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
...
- Configure libnssckbi.so to use the alternatives system
in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
b03345792c
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
0370142fd0
Add pem module fix, spec file support for AArch64 and document additional fix
...
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
b3f05b9f44
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
96957e805a
Allow building nss softoken against older sqlite
...
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
7a7f48e712
Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
...
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
830ee96f85
Update to NSS_3_14_2_RTM
...
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
ca00551ea7
- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
2013-01-03 19:17:24 +01:00
b13dc44579
Require nspr >= 4.9.4
...
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
5a0d6572e1
Update to NSS_3_14_1_RTM
...
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
edea054ffc
Bug 879978 - Install the nssck.api header template where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
461744f676
Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00
6e1a26a079
Resolves: rhbz#870864 - Add support in NSS for Secure Boot
2012-11-19 21:45:58 -08:00
19ad65d608
Disable bypass code at build time and return failure on attempts to enable at runtime
...
- Bug 806588 - Disable SSL PKCS #11 bypass at build time
2012-11-09 17:20:07 -08:00
fef81756fd
Rename the patch to reflect the correct bug number
...
- Renamed: Bug-872838-fix-pk11wrap-locking.patch -> Bug-872124-fix-pk11wrap-locking.patch
- Fixed the reference in spec file
Please enter the commit message for your changes. Lines starting
2012-11-04 22:00:38 -08:00
b5d7c8e158
Fix the last changelog entry and quote the correct bug number.
2012-11-04 17:07:18 -08:00
247ec13766
Fix pk11wrap locking to fix 'fedpkg new-sources' and 'fedpkg update' hangs
...
- Bug 87838 - nss-3.14 causes fedpkg new-sources breakage
- Fix should be considered preliminary since the patch may change upon upstream approval
2012-11-04 15:44:01 -08:00
f2639d5e85
Fix the change log by adding a missing entry
...
- Add missing - * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5
2012-11-04 15:31:50 -08:00
93eeb31cf1
Add a dummy source file for testing /preventing fedpkg breakage
...
- Helps test the fedpkg new-sources and upload commands for breakage by nss updates
- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 16:07:26 -07:00
e4dd1babb0
Fix a previous unwanted merge from f18
...
- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
- Keeping the patch disabled while we are still in rawhide and
- State in comment that patch is needed for both stable and beta branches
- Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00
edf5ff0634
Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
...
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
2012-11-01 09:29:38 -07:00
c2e20984e1
Fix the spec file so sechash.h gets installed
...
- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14
2012-10-31 14:05:29 -07:00
192d1d33fb
Update the license to MPLv2.0
2012-10-27 01:58:29 -04:00
3be7379237
Use only -f when removing unwanted headers
...
- alerted to this flaw by Kamil Dudka
- unneeded as we are only removing headers, not directories, and a dangerous practice
2012-10-24 11:13:25 -07:00
982583d915
Add secmodt.h to the headers installed by nss-devel
...
- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14
2012-10-23 18:48:54 -04:00
b11609d88a
Update to NSS_3_14_RTM
2012-10-22 14:49:08 -07:00
1f01ab68b1
Update to NSS_3_14_RC1
...
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove headers shipped by nss-util
2012-10-21 20:47:52 -04:00
53a120c4af
* Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
...
- Update to NSS_3_13_6_RTM
2012-10-06 00:22:39 +02:00
ab9d670692
Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3
...
- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load
- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer
- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix
2012-08-27 16:19:41 -07:00
99a740d2ee
Fix pluggable ecc support
...
- Build nss in three phases
- Phase 1: build softoken, freebl, and util with NSS_ENABLE_ECC unset
- Phase 2: build the rest of nss (muinus bltest and fipstest) with NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITEB set
- Phase 3: build bltest and fipstest with NSS_ENABLE_ECC unset as in phsae 1
2012-08-13 15:05:06 -07:00
bd7e7ae750
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-20 00:20:58 -05:00
f304d0d0cf
Fix checkin comment to prevent unwanted expansions of percents
...
- Done on previous commit but must retag now
2012-07-01 11:42:00 -07:00
18cd8ce5de
Fix the checkin comment to use %%
2012-07-01 11:33:54 -07:00
967fa1be0d
Require nspr 4.9.1
2012-07-01 10:35:21 -07:00
7011f18b86
Enable sha224 portion of powerup selftest when running test suites
...
- That disabling was meant for RHEL-6 wich at time has and older softoken
2012-07-01 10:25:16 -07:00
6b33cec549
Resolves: Bug 830410 - Missing Requires %{?_isa}
...
- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools
- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib
2012-07-01 10:13:07 -07:00
e1a1b3583b
Bug 833529 - revert unwanted change to nss.pc.in
...
- Remove the /nss3 fom Lib: line in nss.pc.in
2012-06-20 21:58:09 -07:00
580fd0d7b9
Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in
2012-06-19 10:55:57 -07:00
a27d98a9ec
Update to 3.13.5
2012-06-18 07:20:04 -07:00
c38003c691
Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3
...
- Fix conributed by Kamil Dudka
2012-04-13 10:10:57 -07:00
41064271a8
Resolves: Bug 805723 - Library needs partial RELRO support added
...
- Patch coreconf/Linux.mk as done on RHEL 6.2
2012-04-08 11:13:29 -07:00
034c16be36
Merge branch 'master' into f17
...
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version
- Remove no longer needed patches
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
2012-04-06 15:26:15 -07:00
5203007534
Update to NSS_3_13_14_RTM
2012-04-06 10:06:51 -07:00
310e64d3c2
Update the nss-pem source archive to the latest version
...
- Resolves: Bug 806043 - use pem files interchangeably in a single process
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
- Remove patches obsoleted by the nss and pem updates
2012-04-02 13:34:11 -07:00
c408966515
Require nss-util and nss-softokn at 3.12.4
2012-04-01 17:24:02 -07:00
89045d8452
Update to NSS_3_13.4_BETA1
2012-04-01 16:35:48 -07:00
51c4dcf0e0
Merge branch 'master' into f17
2012-03-27 15:26:25 -07:00
39b507ea3c
- Resolves: Bug 805723 - Library needs partial RELRO support added
2012-03-21 15:01:07 -07:00
19fee62ac7
Enable the Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
...
- F17 is already aplha, let's treat it as a stable branch
- Todo: Ask communinty members to try turning it on and provide
- feedack on servers and clients that may still be broken.
2012-03-09 18:07:15 -08:00
7d1bd46bd6
Cleanup the spec file
...
- Add references to the upstream bugs
- Fix typo in Summary for sysinit
2012-03-09 14:40:23 -08:00
3ccc11c806
Pick up fixes from RHEL
...
- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync
- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update
- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections
2012-03-07 18:39:32 -08:00
85a1075a8d
Require nss-softokn 3.13.3 as part of the update to NSS_3_13_3_RTM
2012-03-01 12:48:17 -08:00
ca7f73c317
- Update to NSS_3_13_3_RTM
...
- Keeping the requires on nss-softokn at 3.13.1 temporarily
- Removed nss-ckbi-1.88.rtm.patch which we no longer need due to the update
2012-02-29 19:20:40 -08:00
6e9d7578fc
fix gcc47 issue causing xulrunner to ftbfs in rawhide
2012-01-30 17:10:53 -05:00
81470bd3c4
- Resolves: Bug 784672 - nss should protect against being called before nss_Init
2012-01-26 14:56:36 -08:00
b6f8eca453
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:16:40 -06:00
1f56c5ccc5
- Deactivate a patch currently meant for stable branches only
2012-01-06 16:01:07 -08:00
40928cb8e3
- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
...
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
2012-01-06 15:50:45 -08:00
d5f0675cc9
- Revert to using current nss_softokn_version
...
- Patch to deal with lack of sha224 is no longer needed
2011-12-13 14:29:45 -08:00
def217ea25
- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV
2011-12-13 06:54:05 -08:00
543ae9ce83
- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS
...
- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y
- Only patch blapitest for the lack of sha224 on system freebl
- Completed the patch to make pem link against system freebl
2011-12-12 15:42:30 -08:00
109e79922c
- Drop the Batiz from my name, it confuses people
2011-12-06 16:56:09 -08:00
3fe2df48eb
- Remove reference to obsoleted terminalrecord.patch
2011-12-05 15:54:44 -08:00
f67889f49c
- Fix the missing CERTDB_TERMINAL_RECORD symbol problem
...
- Removed unwanted /usr/include/nss3 in front of the normal cflags include path
- Removed ugly and unnecessary patch dealing with CERTDB_TERMINAL_RECORD
2011-12-05 15:51:15 -08:00
321e446e77
- Bug 75036 Enable usage of nss-3.13.3 with nss-softokn-3.12.x
2011-12-04 23:21:22 -08:00
cb85c9e1da
- Bug 750376 Enable updating nss to 3.13.x while keeping nss-softokn at 3.12.9
...
- Statically link the pem module against system freebl found in buildroot
- Disable sha224-related powerup selftest until we update softokn
- Disable sha224 and rsapss tests which nss-softokn 3.12.x doesn't support
- nss-softokn 3.12.9 was submitted for FIPS 140 minor revalidation
2011-12-04 23:08:24 -08:00
953f3cef9d
- Rebuild with nss-softokn from 3.12 in the buildroot
...
- Allows the pem module to statically link against 3.12.x freebl
- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge into ia new rhel git repo
- Build to be temporarily placed on buildroot override but never pushed to updates-testing
2011-12-02 14:21:08 -08:00
1c8a4130f1
- Merge from master
...
- This is an experimental build to fix Bug 750376
- To be added to the buildroot override but should not be pushed to updates-testing
until the bug has been verified as fixed
2011-11-28 15:37:12 -08:00
0598777c8d
Merge branch 'master' into f16
...
Keeping softokn at 3.12.10 as we are bootstrapping the system
2011-11-07 08:36:10 -08:00
cc7766a55d
- Fix broken dependencies by updating the nss-util and nss-softokn versions
2011-11-04 12:26:07 -07:00
28928af492
- Fix the name of the patch file
2011-11-03 20:44:32 -07:00
4a87b24862
- Update to NSS_3_13_1_RTM
...
- Update builtin certs to those from NSSCKBI_1_88_RTM
2011-11-03 17:21:40 -07:00
7b078b5247
- Update to NSS_3_13_RTM
2011-10-15 20:24:39 -07:00
bc4ac545c9
- Update to NSS_3_13_RC0
...
- Adjust patches to new sources
- Remove builtin patch which isn't needed due to the update
- update sources
2011-10-08 12:04:26 -07:00
3586aff4e7
- Fix attempt to free initialized pointer ( #717338 )
...
- Fix leak on pem_CreateObject when given non-existing file name (#734760 )
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410 )
2011-09-14 12:28:24 -07:00
a1e61fa589
NSSCKBI_1_87_RTM
2011-09-06 22:51:08 +02:00
c26c5b1326
NSSCKBI_1_87_RTM
2011-09-06 22:48:46 +02:00
d7c5a94ba8
- Update to NSS_3_12_11_RTM
2011-08-09 18:31:35 -07:00
a7fb38e80b
- Indicate the provenance of stripped source tarball ( #688015 )
...
- Add the code stripping script to the sources
2011-07-23 20:16:38 -07:00
e2ce6e022c
Provide virtual -static package to meet guidelines ( #609612 ).
2011-06-27 20:17:03 +02:00
5c50a33200
- Enable pluggable ecc support ( #712556 )
...
- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045 )
2011-06-11 18:05:04 -07:00
321ca50d42
fix typo in date
2011-05-20 09:09:41 -05:00
7232ae1bc7
make the test suite non fatal on arm arches
2011-05-20 09:07:45 -05:00
c409805d45
- Fix crmf hard-coded maximum size for wrapped private keys ( #703658 )
...
- Use the safer bound off
- ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
- which will accomodate other algorithms
2011-05-17 09:07:55 -07:00
656b5456ab
- Update to NSS_3_12_10_RTM
2011-05-06 14:53:40 -07:00
976de5ebbe
- Update to NSS_3_12_10_BETA1
...
- Update nss-539183.patch for new 3.12.10 sources
2011-04-27 18:05:46 -07:00
6e1b6bdc24
- Implement PEM logging using NSPR's own ( #695011 )
2011-04-12 11:53:46 -07:00
4a912ae4d0
Fix the tag name in changelog comment
2011-03-23 15:17:21 -07:00
0b0026515f
- Update to NSS_3.12.9_WITH_CKPI_1_82_RTM
2011-03-23 15:13:45 -07:00
c40f16fc52
Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections
...
Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients. NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.
2011-02-24 15:05:17 -08:00
ab4de6fd80
- Add to pkcs11-devel a requires on nss-softokn-freebl-freebl ( #675196 )
...
- This is needed because the latter now owns headers that pkcs11-devel depends on.
2011-02-18 13:09:28 -08:00
87fcbd4706
- Run the test suites in the check section ( #677809 )
2011-02-15 20:20:54 -08:00
Elio Maldonado
Fedora Release Engineering
Kai Engert
Till Maas
Ville Skyttä
Kevin Fenzi
Peter Robinson
Tom Callaway
Dennis Gilmore
Jaromir Capik
Peter Robinson
Elio Maldonado
Elio Maldonado
Michael Schwendt
Elio Maldonado