commit mozilla-nss for openSUSE:Factory

Wed, 16 Nov 2011 08:20:35 -0800 

Hello community,

here is the log from the commit of package mozilla-nss for openSUSE:Factory 
checked in at 2011-11-16 17:19:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
 and      /work/SRC/openSUSE:Factory/.mozilla-nss.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mozilla-nss", Maintainer is "[email protected]"

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes  2011-11-07 
14:22:40.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes     
2011-11-16 17:19:59.000000000 +0100
@@ -1,0 +2,28 @@
+Mon Nov 14 10:13:17 UTC 2011 - [email protected]
+
+- Added a patch to fix errors in the pkcs11n.h header file.
+  (bmo#702090)
+
+-------------------------------------------------------------------
+Sat Nov  5 10:58:20 UTC 2011 - [email protected]
+
+- update to 3.13.1 RTM
+  * better SHA-224 support (bmo#647706)
+  * fixed a regression (causing hangs in some situations)
+    introduced in 3.13 (bmo#693228)
+- update to 3.13.0 RTM
+  * SSL 2.0 is disabled by default
+  * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
+    attack demonstrated by Rizzo and Duong (CVE-2011-3389) is
+    enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to
+    PR_FALSE to disable it.
+  * SHA-224 is supported
+  * Ported to iOS. (Requires NSPR 4.9.)
+  * Added PORT_ErrorToString and PORT_ErrorToName to return the
+    error message and symbolic name of an NSS error code
+  * Added NSS_GetVersion to return the NSS version string
+  * Added experimental support of RSA-PSS to the softoken only
+  * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db
+    anymore (bmo#641052, bnc#726096)
+
+-------------------------------------------------------------------

Old:
----
  nss-3.12.11.tar.bz2
  nss-3.12.11_CVE-2011-3640.patch

New:
----
  nss-3.13.1.tar.bz2
  pkcs11n-header-fix.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.bVXNny/_old  2011-11-16 17:20:02.000000000 +0100
+++ /var/tmp/diff_new_pack.bVXNny/_new  2011-11-16 17:20:02.000000000 +0100
@@ -29,8 +29,8 @@
 BuildRequires:  sqlite3-devel
 %endif
 License:        MPLv1.1 or GPLv2+ or LGPLv2.1+
-Version:        3.12.11
-Release:        6
+Version:        3.13.1
+Release:        2
 # bug437293
 %ifarch ppc64
 Obsoletes:      mozilla-nss-64bit
@@ -57,7 +57,7 @@
 Patch6:         renegotiate-transitional.patch
 Patch9:         malloc.patch
 Patch10:        ckbi-1_88.patch
-Patch11:        nss-3.12.11_CVE-2011-3640.patch
+Patch11:        pkcs11n-header-fix.patch
 %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
 PreReq:         mozilla-nspr >= %nspr_ver
 PreReq:         libfreebl3 >= %{nss_softokn_fips_version}
@@ -189,7 +189,6 @@
 find . -name '*.[ch]' -print -exec sed -i 
"s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
 
 cd mozilla/security/nss
-#cp %SOURCE10 tests/libpkix/certs/PayPalEE.cert
 export FREEBL_NO_DEPEND=1
 export NSPR_INCLUDE_DIR=`nspr-config --includedir`
 export NSPR_LIB_DIR=`nspr-config --libdir`


++++++ ckbi-1_88.patch ++++++
++++ 3534 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/mozilla-nss/ckbi-1_88.patch
++++ and /work/SRC/openSUSE:Factory/.mozilla-nss.new/ckbi-1_88.patch


++++++ nss-3.12.11.tar.bz2 -> nss-3.13.1.tar.bz2 ++++++
++++ 36559 lines of diff (skipped)

++++++ pkcs11n-header-fix.patch ++++++
diff -r -U 10 nss-3.13.1.orig/mozilla/security/nss/lib/util/pkcs11n.h 
nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h
--- security/nss/lib/util/pkcs11n.h     2011-11-14 09:53:46.703144803 +0000
+++ security/nss/lib/util/pkcs11n.h     2011-11-14 09:59:07.226273312 +0000
@@ -339,37 +339,37 @@
  * to cache resolution data.
  */
 #define CKT_NSS_VALID_DELEGATOR    (CKT_NSS + 11)
 
 
 /*
  * old definitions. They still exist, but the plain meaning of the
  * labels have never been accurate to what was really implemented.
  * The new labels correctly reflect what the values effectively mean.
  */
-#if __GNUC__ > 3
+#if defined(__GNUC__) && (__GNUC__ > 3)
 /* make GCC warn when we use these #defines */
 /*
  *  This is really painful because GCC doesn't allow us to mark random
  *  #defines as deprecated. We can only mark the following:
  *      functions, variables, and types.
  *  const variables will create extra storage for everyone including this
  *       header file, so it's undesirable.
  *  functions could be inlined to prevent storage creation, but will fail
  *       when constant values are expected (like switch statements).
  *  enum types do not seem to pay attention to the deprecated attribute.
  *
  *  That leaves typedefs. We declare new types that we then deprecate, then
  *  cast the resulting value to the deprecated type in the #define, thus
  *  producting the warning when the #define is used.
  */
-#if (__GNUC__  == 4) && (__GNUC_MINOR < 5)
+#if (__GNUC__  == 4) && (__GNUC_MINOR__ < 5)
 /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
  * is a gcc version issue rather than mac or ppc specific */
 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
 typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated));
 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
 #else
 /* when possible, get a full deprecation warning. This works on gcc 4.5
  * it may work on earlier versions of gcc */
 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated
     ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
++++++ renegotiate-transitional.patch ++++++
--- /var/tmp/diff_new_pack.bVXNny/_old  2011-11-16 17:20:04.000000000 +0100
+++ /var/tmp/diff_new_pack.bVXNny/_new  2011-11-16 17:20:04.000000000 +0100
@@ -1,11 +1,14 @@
 Index: security/nss/lib/ssl/sslsock.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
-retrieving revision 1.67.2.1
-diff -u -p -r1.67.2.1 sslsock.c
---- security/nss/lib/ssl/sslsock.c     31 Jul 2010 04:33:52 -0000      1.67.2.1
-+++ security/nss/lib/ssl/sslsock.c     5 Aug 2010 07:38:13 -0000
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+retrieving revision 1.75
+diff -u -p -6 -r1.75 sslsock.c
+--- security/nss/lib/ssl/sslsock.c     22 Oct 2011 16:45:40 -0000      1.75
++++ security/nss/lib/ssl/sslsock.c     24 Oct 2011 12:52:25 -0000
+@@ -178,13 +178,13 @@ static sslOptions ssl_defaults = {
+     PR_TRUE,  /* detectRollBack     */
+     PR_FALSE,   /* noStepDown         */
+     PR_FALSE,   /* bypassPKCS11       */
      PR_FALSE,   /* noLocks            */
      PR_FALSE,   /* enableSessionTickets */
      PR_FALSE,   /* enableDeflate      */
@@ -13,4 +16,7 @@
 +    3,          /* enableRenegotiation (default: transitional) */
      PR_FALSE,   /* requireSafeNegotiation */
      PR_FALSE,   /* enableFalseStart   */
+     PR_TRUE     /* cbcRandomIV        */
  };
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to