Hello community, here is the log from the commit of package mozilla-nss for openSUSE:11.4 checked in at Tue Dec 20 22:20:28 CET 2011.
-------- --- old-versions/11.4/UPDATES/all/mozilla-nss/mozilla-nss.changes 2011-11-05 13:00:03.000000000 +0100 +++ 11.4/mozilla-nss/mozilla-nss.changes 2011-12-18 16:59:30.000000000 +0100 @@ -1,0 +2,33 @@ +Sun Dec 18 15:59:08 UTC 2011 - [email protected] + +- fix spec file syntax for qemu-workaround + +------------------------------------------------------------------- +Mon Nov 14 10:13:17 UTC 2011 - [email protected] + +- Added a patch to fix errors in the pkcs11n.h header file. + (bmo#702090) + +------------------------------------------------------------------- +Sat Nov 5 10:58:20 UTC 2011 - [email protected] + +- update to 3.13.1 RTM + * better SHA-224 support (bmo#647706) + * fixed a regression (causing hangs in some situations) + introduced in 3.13 (bmo#693228) +- update to 3.13.0 RTM + * SSL 2.0 is disabled by default + * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext + attack demonstrated by Rizzo and Duong (CVE-2011-3389) is + enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to + PR_FALSE to disable it. + * SHA-224 is supported + * Ported to iOS. (Requires NSPR 4.9.) + * Added PORT_ErrorToString and PORT_ErrorToName to return the + error message and symbolic name of an NSS error code + * Added NSS_GetVersion to return the NSS version string + * Added experimental support of RSA-PSS to the softoken only + * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db + anymore (bmo#641052, bnc#726096) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 Old: ---- nss-3.12.11.tar.bz2 nss-3.12.11_CVE-2011-3640.patch New: ---- nss-3.13.1.tar.bz2 pkcs11n-header-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.4q1XWy/_old 2011-12-20 22:19:21.000000000 +0100 +++ /var/tmp/diff_new_pack.4q1XWy/_new 2011-12-20 22:19:21.000000000 +0100 @@ -16,29 +16,31 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %global nss_softokn_fips_version 3.12.4 Name: mozilla-nss -BuildRequires: gcc-c++ mozilla-nspr-devel pkg-config zlib-devel +BuildRequires: gcc-c++ +BuildRequires: mozilla-nspr-devel +BuildRequires: pkg-config +BuildRequires: zlib-devel %if %suse_version == 1030 BuildRequires: sqlite-devel %endif %if %suse_version > 1030 BuildRequires: sqlite3-devel %endif -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ -Version: 3.12.11 -Release: 1.<RELEASE7> +Version: 3.13.1 +Release: 0.<RELEASE2> # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-64bit %endif # Summary: Network Security Services -Url: http://www.mozilla.org/projects/security/pki/nss/ +License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Group: System/Libraries +Url: http://www.mozilla.org/projects/security/pki/nss/ # cvs -d :pserver:[email protected]:/cvsroot co -r <RTM_TAG> NSS Source: nss-%{version}.tar.bz2 Source1: nss.pc.in @@ -57,7 +59,7 @@ Patch6: renegotiate-transitional.patch Patch9: malloc.patch Patch10: ckbi-1_88.patch -Patch11: nss-3.12.11_CVE-2011-3640.patch +Patch11: pkcs11n-header-fix.patch %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} @@ -65,9 +67,11 @@ Requires: mozilla-nss-certs BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nssdbdir %{_sysconfdir}/pki/nssdb -%ifnarch %sparc && ! 0%{?qemu_user_space_build} +%ifnarch %sparc +%if ! 0%{?qemu_user_space_build} %define run_testsuite 1 %endif +%endif %description Network Security Services (NSS) is a set of libraries designed to @@ -78,7 +82,7 @@ %package devel -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: Network (Netscape) Security Services development files Group: Development/Libraries/Other Requires: mozilla-nspr-devel @@ -99,7 +103,7 @@ %package tools -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: Tools for developing, debugging, and managing applications that use NSS Group: System/Management PreReq: mozilla-nss >= %{version} @@ -110,7 +114,7 @@ %package sysinit -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: System NSS Initialization Group: System/Management Requires: mozilla-nss >= %{version} @@ -124,7 +128,7 @@ %package -n libfreebl3 -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: Freebl library for the Network Security Services Group: System/Libraries @@ -139,7 +143,7 @@ %package -n libsoftokn3 -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: Network Security Services Softoken Module Group: System/Libraries Requires: libfreebl3 = %{version}-%{release} @@ -155,7 +159,7 @@ %package certs -License: MPLv1.1 or GPLv2+ or LGPLv2.1+ + Summary: CA certificates for NSS Group: Productivity/Networking/Security @@ -189,7 +193,6 @@ find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + cd mozilla/security/nss -#cp %SOURCE10 tests/libpkix/certs/PayPalEE.cert export FREEBL_NO_DEPEND=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` ++++++ ckbi-1_88.patch ++++++ ++++ 3534 lines (skipped) ++++ between old-versions/11.4/UPDATES/all/mozilla-nss/ckbi-1_88.patch ++++ and 11.4/mozilla-nss/ckbi-1_88.patch ++++++ nss-3.12.11.tar.bz2 -> nss-3.13.1.tar.bz2 ++++++ ++++ 36559 lines of diff (skipped) ++++++ pkcs11n-header-fix.patch ++++++ diff -r -U 10 nss-3.13.1.orig/mozilla/security/nss/lib/util/pkcs11n.h nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h --- security/nss/lib/util/pkcs11n.h 2011-11-14 09:53:46.703144803 +0000 +++ security/nss/lib/util/pkcs11n.h 2011-11-14 09:59:07.226273312 +0000 @@ -339,37 +339,37 @@ * to cache resolution data. */ #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) /* * old definitions. They still exist, but the plain meaning of the * labels have never been accurate to what was really implemented. * The new labels correctly reflect what the values effectively mean. */ -#if __GNUC__ > 3 +#if defined(__GNUC__) && (__GNUC__ > 3) /* make GCC warn when we use these #defines */ /* * This is really painful because GCC doesn't allow us to mark random * #defines as deprecated. We can only mark the following: * functions, variables, and types. * const variables will create extra storage for everyone including this * header file, so it's undesirable. * functions could be inlined to prevent storage creation, but will fail * when constant values are expected (like switch statements). * enum types do not seem to pay attention to the deprecated attribute. * * That leaves typedefs. We declare new types that we then deprecate, then * cast the resulting value to the deprecated type in the #define, thus * producting the warning when the #define is used. */ -#if (__GNUC__ == 4) && (__GNUC_MINOR < 5) +#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) /* The mac doesn't like the friendlier deprecate messages. I'm assuming this * is a gcc version issue rather than mac or ppc specific */ typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated)); typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated)); #else /* when possible, get a full deprecation warning. This works on gcc 4.5 * it may work on earlier versions of gcc */ typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST"))); ++++++ renegotiate-transitional.patch ++++++ --- /var/tmp/diff_new_pack.4q1XWy/_old 2011-12-20 22:19:23.000000000 +0100 +++ /var/tmp/diff_new_pack.4q1XWy/_new 2011-12-20 22:19:23.000000000 +0100 @@ -1,11 +1,14 @@ Index: security/nss/lib/ssl/sslsock.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v -retrieving revision 1.67.2.1 -diff -u -p -r1.67.2.1 sslsock.c ---- security/nss/lib/ssl/sslsock.c 31 Jul 2010 04:33:52 -0000 1.67.2.1 -+++ security/nss/lib/ssl/sslsock.c 5 Aug 2010 07:38:13 -0000 -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { +retrieving revision 1.75 +diff -u -p -6 -r1.75 sslsock.c +--- security/nss/lib/ssl/sslsock.c 22 Oct 2011 16:45:40 -0000 1.75 ++++ security/nss/lib/ssl/sslsock.c 24 Oct 2011 12:52:25 -0000 +@@ -178,13 +178,13 @@ static sslOptions ssl_defaults = { + PR_TRUE, /* detectRollBack */ + PR_FALSE, /* noStepDown */ + PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ @@ -13,4 +16,7 @@ + 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ + PR_TRUE /* cbcRandomIV */ }; + + sslSessionIDLookupFunc ssl_sid_lookup; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
