Compare commits
28 Commits
Author | SHA1 | Date |
---|---|---|
Elio Maldonado | e8daa59fcb | |
Kai Engert | c2152baa1a | |
Kai Engert | 8c77ea4f9f | |
Elio Maldonado | c177888a4f | |
Elio Maldonado | f81702a7b5 | |
Elio Maldonado | 5199745e52 | |
Elio Maldonado | 083ddef00d | |
Elio Maldonado | 436352ce29 | |
Kai Engert | 40c37b4f65 | |
Elio Maldonado | 28a60f45a0 | |
Elio Maldonado | 709563aa6a | |
Elio Maldonado | 890f70eb9a | |
Elio Maldonado | 930689d3a3 | |
Elio Maldonado | 4fbd81e39e | |
Elio Maldonado | 445b786f1c | |
Elio Maldonado | acb52374e2 | |
Elio Maldonado | 137e530090 | |
Elio Maldonado | df4692542f | |
Elio Maldonado | af93a3bdb6 | |
Elio Maldonado | 91a42045c0 | |
Elio Maldonado | a0fd8d9501 | |
Elio Maldonado | 7b557ce61e | |
Elio Maldonado | 346792254e | |
Elio Maldonado | f7afdb6b33 | |
Elio Maldonado | c0d31ae1d8 | |
Elio Maldonado | d61e6dba7b | |
Elio Maldonado | 1bb4981176 | |
Elio Maldonado | bf043713d1 |
|
@ -8,4 +8,6 @@ TestCA.ca.cert
|
||||||
TestUser50.cert
|
TestUser50.cert
|
||||||
TestUser51.cert
|
TestUser51.cert
|
||||||
/nss-pem-20140125.tar.bz2
|
/nss-pem-20140125.tar.bz2
|
||||||
/nss-3.17.4.tar.gz
|
/PayPalRootCA.cert
|
||||||
|
/PayPalICA.cert
|
||||||
|
/nss-3.19.2.tar.gz
|
||||||
|
|
108
nss.spec
108
nss.spec
|
@ -1,6 +1,6 @@
|
||||||
%global nspr_version 4.10.7
|
%global nspr_version 4.10.8
|
||||||
%global nss_util_version 3.17.4
|
%global nss_util_version 3.19.2
|
||||||
%global nss_softokn_version 3.17.4
|
%global nss_softokn_version 3.19.2
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
||||||
|
|
||||||
|
@ -18,8 +18,10 @@
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.17.4
|
Version: 3.19.2
|
||||||
Release: 1%{?dist}
|
# for Rawhide, please always use release >= 2
|
||||||
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
|
Release: 1.0%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
@ -56,11 +58,7 @@ Source6: blank-cert9.db
|
||||||
Source7: blank-key4.db
|
Source7: blank-key4.db
|
||||||
Source8: system-pkcs11.txt
|
Source8: system-pkcs11.txt
|
||||||
Source9: setup-nsssysinit.sh
|
Source9: setup-nsssysinit.sh
|
||||||
Source10: PayPalEE.cert
|
|
||||||
Source12: %{name}-pem-20140125.tar.bz2
|
Source12: %{name}-pem-20140125.tar.bz2
|
||||||
Source17: TestCA.ca.cert
|
|
||||||
Source18: TestUser50.cert
|
|
||||||
Source19: TestUser51.cert
|
|
||||||
Source20: nss-config.xml
|
Source20: nss-config.xml
|
||||||
Source21: setup-nsssysinit.xml
|
Source21: setup-nsssysinit.xml
|
||||||
Source22: pkcs11.txt.xml
|
Source22: pkcs11.txt.xml
|
||||||
|
@ -90,8 +88,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
||||||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||||
Patch50: iquote.patch
|
Patch50: iquote.patch
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
|
|
||||||
Patch51: tls12.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
|
@ -162,10 +158,6 @@ low level services.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs
|
|
||||||
%{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs
|
|
||||||
%{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs
|
|
||||||
%{__cp} %{SOURCE19} -f ./nss/tests/libpkix/certs
|
|
||||||
%setup -q -T -D -n %{name}-%{version} -a 12
|
%setup -q -T -D -n %{name}-%{version} -a 12
|
||||||
|
|
||||||
%patch2 -p0 -b .relro
|
%patch2 -p0 -b .relro
|
||||||
|
@ -178,9 +170,6 @@ low level services.
|
||||||
%patch47 -p0 -b .templates
|
%patch47 -p0 -b .templates
|
||||||
%patch49 -p0 -b .skipthem
|
%patch49 -p0 -b .skipthem
|
||||||
%patch50 -p0 -b .iquote
|
%patch50 -p0 -b .iquote
|
||||||
pushd nss
|
|
||||||
%patch51 -p1 -b .994599
|
|
||||||
popd
|
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
# Higher-level libraries and test tools need access to
|
# Higher-level libraries and test tools need access to
|
||||||
|
@ -781,68 +770,58 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.2-1.0
|
||||||
|
- Update to NSS 3.19.2
|
||||||
|
|
||||||
|
* Thu May 28 2015 Kai Engert <kaie@redhat.com> - 3.19.1-1.0
|
||||||
|
- Update to NSS 3.19.1
|
||||||
|
|
||||||
|
* Tue May 19 2015 Kai Engert <kaie@redhat.com> - 3.19.0-1.0
|
||||||
|
- Update to NSS 3.19
|
||||||
|
|
||||||
|
* Mon Mar 23 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-1
|
||||||
|
- Update to nss-3.18.0
|
||||||
|
- Resolves: Bug 1203689 - nss-3.18 is available
|
||||||
|
|
||||||
* Wed Jan 28 2015 Elio Maldonado <emaldona@redhat.com> - 3.17.4-1
|
* Wed Jan 28 2015 Elio Maldonado <emaldona@redhat.com> - 3.17.4-1
|
||||||
- Update to nss-3.17.4
|
- Update to nss-3.17.4
|
||||||
|
|
||||||
* Sat Jan 24 2015 Ville Skyttä <ville.skytta@iki.fi> - 3.17.3-4
|
* Sat Jan 24 2015 Ville Skyttä <ville.skytta@iki.fi> - 3.17.3-4
|
||||||
- Own the %%{_datadir}/doc/nss-tools dir
|
- Own the %%{_datadir}/doc/nss-tools dir
|
||||||
|
|
||||||
* Tue Dec 16 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-3
|
* Mon Dec 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-2
|
||||||
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
|
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
|
||||||
- Install pp man page in %%{_datadir}/doc/nss-tools/pp.1
|
- Install pp man page in %%{_datadir}/doc/nss-tools/pp.1
|
||||||
- Use %%{_mandir} instead of /usr/share/man as more generic
|
- Use %%{_mandir} instead of /usr/share/man as more generic
|
||||||
|
|
||||||
* Mon Dec 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-2
|
* Sat Dec 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
|
||||||
- Install pp man page in alternative location
|
|
||||||
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
|
|
||||||
|
|
||||||
* Fri Dec 05 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
|
|
||||||
- Update to nss-3.17.3
|
- Update to nss-3.17.3
|
||||||
- Resolves: Bug 1171012 - nss-3.17.3 is available
|
- Resolves: Bug 1171012 - nss-3.17.3 is available
|
||||||
|
|
||||||
* Thu Oct 16 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-2
|
|
||||||
- Resolves: Bug 994599 - Enable TLS 1.2 by default
|
- Resolves: Bug 994599 - Enable TLS 1.2 by default
|
||||||
|
|
||||||
* Sun Oct 12 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
|
* Mon Oct 13 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
|
||||||
- Update to nss-3.17.2
|
- Update to nss-3.17.2
|
||||||
|
|
||||||
* Wed Sep 24 2014 Kai Engert <kaie@redhat.com> - 3.17.1-1
|
* Wed Sep 24 2014 Kai Engert <kaie@redhat.com> - 3.17.1-1
|
||||||
- Update to nss-3.17.1
|
- Update to nss-3.17.1
|
||||||
- Add a mechanism to skip test suite execution during development work
|
- Add a mechanism to skip test suite execution during development work
|
||||||
|
|
||||||
* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 3.17.0-2
|
* Fri Aug 22 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.0-1
|
||||||
- Rebuild for rpm bug 1131960
|
|
||||||
|
|
||||||
* Tue Aug 19 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.0-1
|
|
||||||
- Update to nss-3.17.0
|
- Update to nss-3.17.0
|
||||||
|
|
||||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.16.2-4
|
* Wed Jul 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-3
|
|
||||||
- Replace expired PayPal test cert with current one to prevent build failure
|
- Replace expired PayPal test cert with current one to prevent build failure
|
||||||
|
|
||||||
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 3.16.2-2
|
* Mon Jun 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-1
|
||||||
- fix license handling
|
|
||||||
|
|
||||||
* Sun Jun 29 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-1
|
|
||||||
- Update to nss-3.16.2
|
- Update to nss-3.16.2
|
||||||
|
- Remove unwanted source directories at end of %%prep so it truly removes them
|
||||||
* Sun Jun 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-4
|
|
||||||
- Remove unwanted source directories at end of %%prep so it truly does it
|
|
||||||
- Skip the cipher suite already run as part of the nss-softokn build
|
- Skip the cipher suite already run as part of the nss-softokn build
|
||||||
|
- Resolves: Bug 1114319 - nss-3.16.2 is available
|
||||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.16.1-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon May 12 2014 Jaromir Capik <jcapik@redhat.com> - 3.16.1-2
|
|
||||||
- Replacing ppc64 and ppc64le with the power64 macro
|
|
||||||
- Related: Bug 1052545 - Trivial change for ppc64le in nss spec
|
|
||||||
|
|
||||||
* Tue May 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-1
|
* Tue May 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-1
|
||||||
- Update to nss-3.16.1
|
- Update to nss-3.16.1
|
||||||
- Update the iquote patch on account of the rebase
|
- Update the iquote patch on account of the rebase
|
||||||
- Improve error detection in the %%section
|
- Improve test error detection in the %%section
|
||||||
- Resolves: Bug 1094702 - nss-3.16.1 is available
|
- Resolves: Bug 1094702 - nss-3.16.1 is available
|
||||||
|
|
||||||
* Tue Mar 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.0-1
|
* Tue Mar 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.0-1
|
||||||
|
@ -850,40 +829,27 @@ fi
|
||||||
- Cleanup the copying of the tools man pages
|
- Cleanup the copying of the tools man pages
|
||||||
- Update the iquote.patch on account of the rebase
|
- Update the iquote.patch on account of the rebase
|
||||||
|
|
||||||
* Tue Mar 04 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.5-2
|
* Fri Feb 28 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.5-1
|
||||||
- Restore requiring nss_softokn_version >= 3.15.5
|
- Update to nss-3.15.5 - Resolves: Bug 1066877
|
||||||
|
- Pick fix for same files in two packages that can create rpm conflict
|
||||||
|
- Move cert9.db, key4.db, and pkcs11.txt and their man pages to the main package where they rightfully belong
|
||||||
|
|
||||||
* Wed Feb 19 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.5-1
|
* Sat Feb 08 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-3
|
||||||
- Update to nss-3.15.5
|
|
||||||
- Temporarily requiring only nss_softokn_version >= 3.15.4
|
|
||||||
- Fix location of sharedb files and their manpages
|
|
||||||
- Move cert9.db, key4.db, and pkcs11.txt to the main package
|
|
||||||
- Move nss-sysinit manpages tar archives to the main package
|
|
||||||
- Resolves: Bug 1066877 - nss-3.15.5 is available
|
|
||||||
- Resolves: Bug 1067091 - Move sharedb files to the %%files section
|
|
||||||
|
|
||||||
* Thu Feb 06 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-5
|
|
||||||
- Revert previous change that moved some sysinit manpages
|
- Revert previous change that moved some sysinit manpages
|
||||||
- Restore nss-sysinit manpages tar archives to %%files sysinit
|
- Restore nss-sysinit manpages tar archives to %%files sysinit
|
||||||
- Removing spurious wildcard entry was the only change needed
|
- Removing spurious wildcard entry was the only change needed
|
||||||
|
|
||||||
* Mon Jan 27 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-4
|
* Sun Feb 02 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-2
|
||||||
- Add explanatory comments for iquote.patch as was done on f20
|
- Selective merge fom master to pick up various fixes
|
||||||
|
|
||||||
* Sat Jan 25 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-3
|
|
||||||
- Update pem sources to latest from nss-pem upstream
|
- Update pem sources to latest from nss-pem upstream
|
||||||
- Pick up pem fixes verified on RHEL and applied upstream
|
- Pick up pem fixes verified on RHEL and applied upstream
|
||||||
- Fix a problem where same files in two rpms created rpm conflict
|
- Fix a problem where same files in two rpms created rpm conflict
|
||||||
- Move some nss-sysinit manpages tar archives to the %%files the
|
|
||||||
- All man pages are listed by name so there shouldn't be wildcard inclusion
|
- All man pages are listed by name so there shouldn't be wildcard inclusion
|
||||||
- Add support for ppc64le, Resolves: Bug 1052545
|
|
||||||
|
|
||||||
* Mon Jan 20 2014 Peter Robinson <pbrobinson@fedoraproject.org> 3.15.4-2
|
|
||||||
- ARM tests pass so remove ARM conditional
|
|
||||||
|
|
||||||
* Tue Jan 07 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-1
|
* Tue Jan 07 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-1
|
||||||
- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
|
- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
|
||||||
- Resolves: Bug 1049229 - nss-3.15.4 is available
|
- Resolves: Bug 1049229 - nss-3.15.4 is available
|
||||||
|
- Resolves: Bug 1054456 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue
|
||||||
- Update pem sources to latest from the interim upstream for pem
|
- Update pem sources to latest from the interim upstream for pem
|
||||||
- Remove no longer needed patches
|
- Remove no longer needed patches
|
||||||
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
|
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
|
||||||
|
|
6
sources
6
sources
|
@ -3,9 +3,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||||
c9fefa97dc184a5857f12d938517ed81 PayPalEE.cert
|
|
||||||
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
|
|
||||||
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
|
|
||||||
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
|
|
||||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||||
a77df26072cabf8afb26911b6fa9b755 nss-3.17.4.tar.gz
|
b02ffd1e8e8ef5f8512fa02d8ca9db3d nss-3.19.2.tar.gz
|
||||||
|
|
36
tls12.patch
36
tls12.patch
|
@ -1,36 +0,0 @@
|
||||||
# HG changeset patch
|
|
||||||
# User Martin Thomson <martin.thomson@gmail.com>
|
|
||||||
# Date 1413479112 25200
|
|
||||||
# Thu Oct 16 10:05:12 2014 -0700
|
|
||||||
# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
|
|
||||||
# Parent 24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
|
|
||||||
Bug 1083900 - Updating default maximum version to 1.2
|
|
||||||
|
|
||||||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
|
||||||
--- a/lib/ssl/sslsock.c
|
|
||||||
+++ b/lib/ssl/sslsock.c
|
|
||||||
@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
|
|
||||||
PR_FALSE /* enableFallbackSCSV */
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* default range of enabled SSL/TLS protocols
|
|
||||||
*/
|
|
||||||
static SSLVersionRange versions_defaults_stream = {
|
|
||||||
SSL_LIBRARY_VERSION_3_0,
|
|
||||||
- SSL_LIBRARY_VERSION_TLS_1_0
|
|
||||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
|
||||||
};
|
|
||||||
|
|
||||||
static SSLVersionRange versions_defaults_datagram = {
|
|
||||||
SSL_LIBRARY_VERSION_TLS_1_1,
|
|
||||||
- SSL_LIBRARY_VERSION_TLS_1_1
|
|
||||||
+ SSL_LIBRARY_VERSION_TLS_1_2
|
|
||||||
};
|
|
||||||
|
|
||||||
#define VERSIONS_DEFAULTS(variant) \
|
|
||||||
(variant == ssl_variant_stream ? &versions_defaults_stream : \
|
|
||||||
&versions_defaults_datagram)
|
|
||||||
|
|
||||||
sslSessionIDLookupFunc ssl_sid_lookup;
|
|
||||||
sslSessionIDCacheFunc ssl_sid_cache;
|
|
Loading…
Reference in New Issue