[nss] - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
Elio Maldonado
emaldonado at fedoraproject.org
Fri Jan 6 23:51:42 UTC 2012
commit 40928cb8e33ef2b3cc7adc988f87fa36e7f00261
Author: Elio Maldonado <emaldonado at localhost.localdomain>
Date: Fri Jan 6 15:50:45 2012 -0800
- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
nss-ssl-cbc-random-iv-off-by-default.patch | 25 +++++++++++++++++++++++++
nss.spec | 8 +++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch
new file mode 100644
index 0000000..28dfa48
--- /dev/null
+++ b/nss-ssl-cbc-random-iv-off-by-default.patch
@@ -0,0 +1,25 @@
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
+@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ PR_FALSE, /* enableFalseStart */
+- PR_TRUE /* cbcRandomIV */
++ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
+ };
+
+ sslSessionIDLookupFunc ssl_sid_lookup;
+@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ PR_TRUE));
+ }
+ ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+- if (ev && ev[0] == '0') {
+- ssl_defaults.cbcRandomIV = PR_FALSE;
+- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++ if (ev && ev[0] == '1') {
++ ssl_defaults.cbcRandomIV = PR_TRUE;
++ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ }
+ }
+ #endif /* NSS_HAVE_GETENV */
diff --git a/nss.spec b/nss.spec
index 2817b79..88abe25 100644
--- a/nss.spec
+++ b/nss.spec
@@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.13.1
-Release: 9%{?dist}
+Release: 10%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -70,6 +70,7 @@ Patch25: nsspem-use-system-freebl.patch
Patch26: nofipstest.patch
# include this patch in the upstream pem review
Patch28: nsspem-bz754771.patch
+Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
%description
@@ -158,6 +159,7 @@ low level services.
%patch25 -p0 -b .systemfreebl
%patch26 -p0 -b .nofipstest
%patch28 -p0 -b .754771
+%patch29 -p0 -b .770682
%build
@@ -572,6 +574,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Fri Jan 06 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.1-10
+- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
+- NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request
+
* Tue Dec 13 2011 elio maldonado <emaldona at redhat.com> - 3.13.1-9
- Revert to using current nss_softokn_version
- Patch to deal with lack of sha224 is no longer needed
More information about the scm-commits
mailing list