[nss/f19: 15/15] Merge branch 'f20' into f19

Mon Dec 9 17:17:06 UTC 2013

commit 0fd0ef5232c651ed72ab64204629f37bd4dc29a8
Merge: 5d3e287 3467922
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Mon Dec 9 09:16:45 2013 -0800

    Merge branch 'f20' into f19

 .gitignore                           |    2 +-
 certutil_keyOpFlagsFix.patch         |   24 ++++
 document-certutil-email-option.patch |   25 ++++
 manpages-fixes.patch                 |  209 ----------------------------------
 nss.spec                             |   37 +++++--
 setup-nsssysinit.xml                 |   22 ++--
 sources                              |    2 +-
 7 files changed, 88 insertions(+), 233 deletions(-)
---
diff --cc nss.spec
index 5ca3bb8,77462fc..bf7f3b5

--- a/nss.spec
+++ b/nss.spec
@@@ -19,8 -19,8 +19,8 @@@
  
  Summary:          Network Security Services
  Name:             nss
- Version:          3.15.2
- Release:          2%{?dist}
+ Version:          3.15.3
 -Release:          2%{?dist}
++Release:          1%{?dist}
  License:          MPLv2.0
  URL:              http://www.mozilla.org/projects/security/pki/nss/
  Group:            System Environment/Libraries
@@@ -79,10 -79,6 +79,8 @@@ Patch18:          nss-646045.patc
  # must statically link pem against the freebl in the buildroot
  # Needed only when freebl on tree has new APIS
  Patch25:          nsspem-use-system-freebl.patch
 +# This patch is currently meant for stable branches
 +Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
- # Prevent users from trying to enable ssl pkcs11 bypass
- # Patch39:          nss-ssl-enforce-no-pkcs11-bypass.path
  # TODO: Remove this patch when the ocsp test are fixed
  Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
  Patch44:          0001-sync-up-with-upstream-softokn-changes.patch
@@@ -180,9 -180,6 +182,8 @@@ low level services
  %patch18 -p0 -b .646045
  # link pem against buildroot's freebl, essential when mixing and matching
  %patch25 -p0 -b .systemfreebl
 +# activate for stable and beta branches
 +%patch29 -p0 -b .cbcrandomivoff
- # %%patch39 -p0 -b .nobypass
  %patch40 -p0 -b .noocsptest
  %patch44 -p1 -b .syncupwithupstream
  %patch45 -p0 -b .notrash
@@@ -742,7 -749,18 +753,15 @@@ f
  
  
  %changelog
 -* Tue Dec 03 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-2
 -- Install symlink to setup-nsssysinit.sh, without suffix, to match manpage
 -
 -* Sun Nov 24 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-1
++* Wed Dec 04 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-1
+ - Update to NSS_3_15_3_RTM
+ - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
+ - Fix option descriptions for setup-nsssysinit manpage
+ - Fix man page of nss-sysinit wrong path and other flaws
 -- Document email option for certutil manpage
++- Install symlink to setup-nsssysinit.sh, without suffix, to match manpage
+ - Remove unused patches
+ 
 -* Sun Oct 27 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.2-3
 +* Sun Oct 27 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.2-2
  - Use the full pristine sources from upstream
  - Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
  
