rpms/nss/F-12 533125-ammend.patch, NONE, 1.1 nss-sysinit.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 nss.spec, 1.123, 1.124 sources, 1.29, 1.30 newargs.patch, 1.1, NONE sysinit.patch, 1.3, NONE

Elio Maldonado emaldonado at fedoraproject.org
Fri Dec 4 16:23:46 UTC 2009 

Author: emaldonado

Update of /cvs/extras/rpms/nss/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29484

Modified Files:
	.cvsignore nss.spec sources 
Added Files:
	533125-ammend.patch nss-sysinit.patch 
Removed Files:
	newargs.patch sysinit.patch 
Log Message:
Update to 3.12.5

533125-ammend.patch:
 ssl3con.c |    2 ++
 1 file changed, 2 insertions(+)

--- NEW FILE 533125-ammend.patch ---
Index: mozilla/security/nss/lib/ssl/ssl3con.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
retrieving revision 1.121
diff -u -p -r1.121 ssl3con.c
--- mozilla/security/nss/lib/ssl/ssl3con.c	12 Nov 2009 05:08:27 -0000	1.121
+++ mozilla/security/nss/lib/ssl/ssl3con.c	20 Nov 2009 19:36:30 -0000
@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
 	return SECFailure;
     }
+    /*
     if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
 	ssl_GetXmitBufLock(ss);
 	rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
 	PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
 	return SECFailure;
     }
+    */
 
     if (sid) {
 	ss->sec.uncache(sid);

nss-sysinit.patch:
 manifest.mn   |    1 +
 nss/nssinit.c |    2 ++
 2 files changed, 3 insertions(+)

--- NEW FILE nss-sysinit.patch ---
Index: mozilla/security/nss/lib/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/manifest.mn,v
retrieving revision 1.20
diff -u -p -r1.20 manifest.mn
--- mozilla/security/nss/lib/manifest.mn	7 Nov 2009 05:57:41 -0000	1.20
+++ mozilla/security/nss/lib/manifest.mn	4 Dec 2009 02:27:20 -0000
@@ -56,6 +56,7 @@ DIRS =  util freebl softoken \
 	pkcs12 pkcs7 smime \
 	crmf jar \
 	ckfw      \
+	sysinit \
 	$(NULL)
 
 #  fortcrypt  is no longer built
Index: mozilla/security/nss/lib/nss/nssinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/nss/nssinit.c,v
retrieving revision 1.103
diff -u -p -r1.103 nssinit.c
--- mozilla/security/nss/lib/nss/nssinit.c	29 Oct 2009 21:33:10 -0000	1.103
+++ mozilla/security/nss/lib/nss/nssinit.c	4 Dec 2009 01:25:06 -0000
@@ -52,6 +52,7 @@
 #include "secoid.h"
 #include "nss.h"
 #include "pk11func.h"
+#include "pk11priv.h"
 #include "secerr.h"
 #include "nssbase.h"
 #include "pkixt.h"
@@ -64,6 +65,7 @@
 #include "ocspti.h"
 #include "ocspi.h"
 
+
 /*
  * On Windows nss3.dll needs to export the symbol 'mktemp' to be
  * fully backward compatible with the nss3.dll in NSS 3.2.x and


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- .cvsignore	7 Sep 2009 19:16:35 -0000	1.27
+++ .cvsignore	4 Dec 2009 16:23:45 -0000	1.28
@@ -1,2 +1,2 @@
-nss-3.12.4-stripped.tar.bz2
+nss-3.12.5-stripped.tar.bz2
 nss-pem-20090907.tar.bz2


Index: nss.spec
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/nss.spec,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -p -r1.123 -r1.124
--- nss.spec	26 Oct 2009 18:28:33 -0000	1.123
+++ nss.spec	4 Dec 2009 16:23:46 -0000	1.124
@@ -1,21 +1,23 @@
 %global nspr_version 4.8
-%global nss_util_version 3.12.4
+%global nss_util_version 3.12.5
 %global nss_softokn_version 3.12.4
+%global nss_softokn_fips_version 3.12.4
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.12.4
-Release:          15%{?dist}
+Version:          3.12.5
+Release:          1%{?dist}.2
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
 Requires:         nspr >= %{nspr_version}
 Requires:         nss-util >= %{nss_util_version}
-Requires:         nss-softokn%{_isa} >= %{nss_softokn_version}
+Requires:         nss-softokn%{_isa} = %{nss_softokn_fips_version}
+Requires:         nss-system-init
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:    nspr-devel >= %{nspr_version}
-BuildRequires:    nss-softokn-devel >= %{version}                                                  
+BuildRequires:    nss-softokn-devel = %{nss_softokn_version}                                                  
 BuildRequires:    nss-util-devel >= %{nss_util_version}
 BuildRequires:    sqlite-devel
 BuildRequires:    zlib-devel
@@ -39,8 +41,8 @@ Source12:         %{name}-pem-20090907.t
 
 Patch2:           nss-nolocalsql.patch
 Patch6:           nss-enable-pem.patch
-Patch7:           newargs.patch
-Patch8:           sysinit.patch
+Patch7:           533125-ammend.patch
+Patch8:           nss-sysinit.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -68,7 +70,7 @@ manipulate the NSS certificate and key d
 %package sysinit
 Summary:          System NSS Initilization
 Group:            System Environment/Base
-Provides:         nss-sysinit = %{version}-%{release}
+Provides:         nss-system-init
 Requires:         nss = %{version}-%{release}
 
 %description sysinit
@@ -106,7 +108,7 @@ low level services.
 
 %patch2 -p0
 %patch6 -p0 -b .libpem
-%patch7 -p0 -b .newargs
+%patch7 -p0 -b .533125
 %patch8 -p0 -b .sysinit
 
 %build
@@ -137,8 +139,8 @@ export NSPR_LIB_DIR
 NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
 NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'`
 
-export NSS_INCLUDE_DIR
-export NSS_LIB_DIR
+#export NSS_INCLUDE_DIR
+#export NSS_LIB_DIR
 
 %ifarch x86_64 ppc64 ia64 s390x sparc64
 USE_64=1
@@ -469,6 +471,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/ns
 
 
 %changelog
+* Thu Dec 04 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.5-1.2
+- Update to 3.12.5
+- CVE-2009-3555 TLS: MITM attacks via session renegotiation
+
 * Mon Oct 26 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.4-15
 - Require nss-softoken of same arch as nss (#527867)
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/sources,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- sources	7 Sep 2009 19:16:20 -0000	1.29
+++ sources	4 Dec 2009 16:23:46 -0000	1.30
@@ -1,2 +1,2 @@
-954834f7b173bdab366a19880c671c39  nss-3.12.4-stripped.tar.bz2
+51c5958153b6c01fada2e74cedc66835  nss-3.12.5-stripped.tar.bz2
 895ef804e11c14868e86df80c2dd9b66  nss-pem-20090907.tar.bz2


--- newargs.patch DELETED ---


--- sysinit.patch DELETED ---

More information about the scm-commits mailing list