rpms/nss/F-12 533125-ammend.patch, NONE, 1.1 nss-sysinit.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 nss.spec, 1.123, 1.124 sources, 1.29, 1.30 newargs.patch, 1.1, NONE sysinit.patch, 1.3, NONE
Elio Maldonado
emaldonado at fedoraproject.org
Fri Dec 4 16:23:46 UTC 2009
Author: emaldonado
Update of /cvs/extras/rpms/nss/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29484
Modified Files:
.cvsignore nss.spec sources
Added Files:
533125-ammend.patch nss-sysinit.patch
Removed Files:
newargs.patch sysinit.patch
Log Message:
Update to 3.12.5
533125-ammend.patch:
ssl3con.c | 2 ++
1 file changed, 2 insertions(+)
--- NEW FILE 533125-ammend.patch ---
Index: mozilla/security/nss/lib/ssl/ssl3con.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
retrieving revision 1.121
diff -u -p -r1.121 ssl3con.c
--- mozilla/security/nss/lib/ssl/ssl3con.c 12 Nov 2009 05:08:27 -0000 1.121
+++ mozilla/security/nss/lib/ssl/ssl3con.c 20 Nov 2009 19:36:30 -0000
@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
return SECFailure;
}
+ /*
if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
ssl_GetXmitBufLock(ss);
rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
return SECFailure;
}
+ */
if (sid) {
ss->sec.uncache(sid);
nss-sysinit.patch:
manifest.mn | 1 +
nss/nssinit.c | 2 ++
2 files changed, 3 insertions(+)
--- NEW FILE nss-sysinit.patch ---
Index: mozilla/security/nss/lib/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/manifest.mn,v
retrieving revision 1.20
diff -u -p -r1.20 manifest.mn
--- mozilla/security/nss/lib/manifest.mn 7 Nov 2009 05:57:41 -0000 1.20
+++ mozilla/security/nss/lib/manifest.mn 4 Dec 2009 02:27:20 -0000
@@ -56,6 +56,7 @@ DIRS = util freebl softoken \
pkcs12 pkcs7 smime \
crmf jar \
ckfw \
+ sysinit \
$(NULL)
# fortcrypt is no longer built
Index: mozilla/security/nss/lib/nss/nssinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/nss/nssinit.c,v
retrieving revision 1.103
diff -u -p -r1.103 nssinit.c
--- mozilla/security/nss/lib/nss/nssinit.c 29 Oct 2009 21:33:10 -0000 1.103
+++ mozilla/security/nss/lib/nss/nssinit.c 4 Dec 2009 01:25:06 -0000
@@ -52,6 +52,7 @@
#include "secoid.h"
#include "nss.h"
#include "pk11func.h"
+#include "pk11priv.h"
#include "secerr.h"
#include "nssbase.h"
#include "pkixt.h"
@@ -64,6 +65,7 @@
#include "ocspti.h"
#include "ocspi.h"
+
/*
* On Windows nss3.dll needs to export the symbol 'mktemp' to be
* fully backward compatible with the nss3.dll in NSS 3.2.x and
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- .cvsignore 7 Sep 2009 19:16:35 -0000 1.27
+++ .cvsignore 4 Dec 2009 16:23:45 -0000 1.28
@@ -1,2 +1,2 @@
-nss-3.12.4-stripped.tar.bz2
+nss-3.12.5-stripped.tar.bz2
nss-pem-20090907.tar.bz2
Index: nss.spec
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/nss.spec,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -p -r1.123 -r1.124
--- nss.spec 26 Oct 2009 18:28:33 -0000 1.123
+++ nss.spec 4 Dec 2009 16:23:46 -0000 1.124
@@ -1,21 +1,23 @@
%global nspr_version 4.8
-%global nss_util_version 3.12.4
+%global nss_util_version 3.12.5
%global nss_softokn_version 3.12.4
+%global nss_softokn_fips_version 3.12.4
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
Summary: Network Security Services
Name: nss
-Version: 3.12.4
-Release: 15%{?dist}
+Version: 3.12.5
+Release: 1%{?dist}.2
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
Requires: nspr >= %{nspr_version}
Requires: nss-util >= %{nss_util_version}
-Requires: nss-softokn%{_isa} >= %{nss_softokn_version}
+Requires: nss-softokn%{_isa} = %{nss_softokn_fips_version}
+Requires: nss-system-init
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
-BuildRequires: nss-softokn-devel >= %{version}
+BuildRequires: nss-softokn-devel = %{nss_softokn_version}
BuildRequires: nss-util-devel >= %{nss_util_version}
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
@@ -39,8 +41,8 @@ Source12: %{name}-pem-20090907.t
Patch2: nss-nolocalsql.patch
Patch6: nss-enable-pem.patch
-Patch7: newargs.patch
-Patch8: sysinit.patch
+Patch7: 533125-ammend.patch
+Patch8: nss-sysinit.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -68,7 +70,7 @@ manipulate the NSS certificate and key d
%package sysinit
Summary: System NSS Initilization
Group: System Environment/Base
-Provides: nss-sysinit = %{version}-%{release}
+Provides: nss-system-init
Requires: nss = %{version}-%{release}
%description sysinit
@@ -106,7 +108,7 @@ low level services.
%patch2 -p0
%patch6 -p0 -b .libpem
-%patch7 -p0 -b .newargs
+%patch7 -p0 -b .533125
%patch8 -p0 -b .sysinit
%build
@@ -137,8 +139,8 @@ export NSPR_LIB_DIR
NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'`
-export NSS_INCLUDE_DIR
-export NSS_LIB_DIR
+#export NSS_INCLUDE_DIR
+#export NSS_LIB_DIR
%ifarch x86_64 ppc64 ia64 s390x sparc64
USE_64=1
@@ -469,6 +471,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/ns
%changelog
+* Thu Dec 04 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.5-1.2
+- Update to 3.12.5
+- CVE-2009-3555 TLS: MITM attacks via session renegotiation
+
* Mon Oct 26 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.4-15
- Require nss-softoken of same arch as nss (#527867)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/nss/F-12/sources,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- sources 7 Sep 2009 19:16:20 -0000 1.29
+++ sources 4 Dec 2009 16:23:46 -0000 1.30
@@ -1,2 +1,2 @@
-954834f7b173bdab366a19880c671c39 nss-3.12.4-stripped.tar.bz2
+51c5958153b6c01fada2e74cedc66835 nss-3.12.5-stripped.tar.bz2
895ef804e11c14868e86df80c2dd9b66 nss-pem-20090907.tar.bz2
--- newargs.patch DELETED ---
--- sysinit.patch DELETED ---
More information about the scm-commits
mailing list