[nss] Update to NSS_3_14_2_RTM

Elio Maldonado emaldonado at fedoraproject.org
Fri Feb 1 19:29:10 UTC 2013 

commit 830ee96f85b9db9e685925b5f7aeb9fecaa99322
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Fri Feb 1 11:24:15 2013 -0800

    Update to NSS_3_14_2_RTM
    
    - Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
    - Remove patch obsoleted by the update and update others
    - Restore missing second half of the cbc random iv by default patch
    - Restore the freebl tests patch until we build without nsssoftoken

 .gitignore                                         |    2 +-
 ...d-key-usage-for-MS-Authenticode-Code-Sign.patch |  168 --------------------
 nss-3.14.0.0-disble-ocsp-test.patch                |    9 +-
 nss-ssl-cbc-random-iv-off-by-default.patch         |   19 ++-
 nss.spec                                           |   30 ++--
 sources                                            |    2 +-
 6 files changed, 38 insertions(+), 192 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 6c7c806..ecfc729 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@ blank-key4.db
 PayPalEE.cert
 /nss-pem-20120811.tar.bz2
 /dummy-sources-for-testing
-/nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
+/nss-3.14.2-stripped.tar.bz2
diff --git a/nss-3.14.0.0-disble-ocsp-test.patch b/nss-3.14.0.0-disble-ocsp-test.patch
index df4e692..393d3ab 100644
--- a/nss-3.14.0.0-disble-ocsp-test.patch
+++ b/nss-3.14.0.0-disble-ocsp-test.patch
@@ -1,9 +1,10 @@
-diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
---- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test	2012-10-12 09:30:07.264987000 -0700
-+++ ./mozilla/security/nss/tests/chains/scenarios/scenarios	2012-10-12 09:34:55.653123000 -0700
-@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
+diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest ./mozilla/security/nss/tests/chains/scenarios/scenarios
+--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest	2013-01-06 19:56:15.000000000 -0800
++++ ./mozilla/security/nss/tests/chains/scenarios/scenarios	2013-02-01 08:38:28.140615299 -0800
+@@ -50,6 +50,5 @@ bridgewithpolicyextensionandmapping.cfg
  realcerts.cfg
  dsa.cfg
  revoc.cfg
 -ocsp.cfg
  crldp.cfg
+ trustanchors.cfg
diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch
index 2678580..8b0f73c 100644
--- a/nss-ssl-cbc-random-iv-off-by-default.patch
+++ b/nss-ssl-cbc-random-iv-off-by-default.patch
@@ -1,6 +1,6 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
---- ./mozilla/security/nss/lib/ssl/sslsock.c.770682	2012-11-01 11:10:54.107504267 -0700
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-11-01 11:07:36.758464814 -0700
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff	2013-02-01 10:14:36.960458329 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c	2013-02-01 10:17:16.532265855 -0800
 @@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
      3,          /* enableRenegotiation (default: transitional) */
      PR_FALSE,   /* requireSafeNegotiation */
@@ -10,3 +10,16 @@ diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/
  };
  
  /*
+@@ -2837,9 +2837,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ 	                PR_TRUE));
+ 	}
+ 	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+-	if (ev && ev[0] == '0') {
+-	    ssl_defaults.cbcRandomIV = PR_FALSE;
+-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++	if (ev && ev[0] == '1') {
++	    ssl_defaults.cbcRandomIV = PR_TRUE;
++	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ 	}
+     }
+ #endif /* NSS_HAVE_GETENV */
diff --git a/nss.spec b/nss.spec
index 1862906..cdb5193 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,17 +1,17 @@
-%global nspr_version 4.9.4
-%global nss_util_version 3.14
+%global nspr_version 4.9.5
+%global nss_util_version 3.14.2
 %global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.14
+%global nss_softokn_version 3.14.2
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 # Define if using a source archive like "nss-version.with.ckbi.version".
 # To "disable", add "#" to start of line, AND a space after "%".
-%define nss_ckbi_suffix .with.ckbi.1.93
+#% define nss_ckbi_suffix .with.ckbi.1.93
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.14.1
-Release:          3%{?dist}
+Version:          3.14.2
+Release:          1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -68,7 +68,7 @@ Patch6:           nss-enable-pem.patch
 Patch16:          nss-539183.patch
 Patch18:          nss-646045.patch
 # must statically link pem against the freebl in the buildroot
-# Needed only when freebl on tree has newe APIS
+# Needed only when freebl on tree has new APIS
 Patch25:          nsspem-use-system-freebl.patch
 # This patch is currently meant for stable branches
 Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
@@ -76,10 +76,8 @@ Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
 Patch39:          nss-ssl-enforce-no-pkcs11-bypass.path
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=807890
-Patch42:          0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
-
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
+# Keeping it disabled until further view upstream
 Patch43:          no-softoken-freebl-tests.patch
 
 %description
@@ -161,11 +159,10 @@ low level services.
 # link pem against buildroot's freebl, essential when mixing and matching
 %patch25 -p0 -b .systemfreebl
 # activate for stable and beta branches
-#%patch29 -p0 -b .770682
+#%patch29 -p0 -b .cbcrandomivoff
 %patch39 -p1 -b .nobypass
-%patch40 -p1 -b .noocsptest
-%patch42 -p0 -b .870864
-%patch43 -p0 -b .nosoftokentests
+#%patch40 -p1 -b .noocsptest
+#%patch43 -p0 -b .nosoftokentests
 
 %build
 
@@ -611,6 +608,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Fri Feb 01 2013 Elio Maldonado <emaldona at redhat.com> - 3.14.2-1
+- Update to NSS_3_14_2_RTM
+
 * Wed Jan 02 2013 Kai Engert <kaie at redhat.com> - 3.14.1-3
 - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
 
diff --git a/sources b/sources
index fa53974..d9ecc95 100644
--- a/sources
+++ b/sources
@@ -6,4 +6,4 @@ a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 bf47cecad861efa77d1488ad4a73cb5b  PayPalEE.cert
 2a06bf7b815d1a666cc3587b895506ce  nss-pem-20120811.tar.bz2
 0be54f196b5da7e9008eb13a71bc2cb0  dummy-sources-for-testing
-331910e63d3ff5ff3acb845ba44dcf56  nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
+828c6949bd348684b15237f8796f54c1  nss-3.14.2-stripped.tar.bz2

More information about the scm-commits mailing list