Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2013-06-14 16:46:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2013-04-24 12:23:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2013-06-14 16:46:42.000000000 +0200 @@ -1,0 +2,70 @@ +Tue Jun 11 04:58:56 UTC 2013 - w...@rosenauer.org + +- update to 3.15 + * Packaging + + removed obsolete patches + * nss-disable-expired-testcerts.patch + * bug-834091.patch + * New Functionality + + Support for OCSP Stapling (RFC 6066, Certificate Status + Request) has been added for both client and server sockets. + TLS client applications may enable this via a call to + SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + + Added function SECITEM_ReallocItemV2. It replaces function + SECITEM_ReallocItem, which is now declared as obsolete. + + Support for single-operation (eg: not multi-part) symmetric + key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + + certutil has been updated to support creating name constraints + extensions. + * New Functions + in ssl.h + SSL_PeerStapledOCSPResponse - Returns the server's stapled + OCSP response, when used with a TLS client socket that + negotiated the status_request extension. + SSL_SetStapledOCSPResponses - Set's a stapled OCSP response + for a TLS server socket to return when clients send the + status_request extension. + in ocsp.h + CERT_PostOCSPRequest - Primarily intended for testing, permits + the sending and receiving of raw OCSP request/responses. + in secpkcs7.h + SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 + signature at a specific time other than the present time. + in xconst.h + CERT_EncodeNameConstraintsExtension - Matching function for + CERT_DecodeNameConstraintsExtension, added in NSS 3.10. + in secitem.h + SECITEM_AllocArray + SECITEM_DupArray + SECITEM_FreeArray + SECITEM_ZfreeArray - Utility functions to handle the + allocation and deallocation of SECItemArrays + SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is + now obsolete. SECITEM_ReallocItemV2 better matches caller + expectations, in that it updates item->len on allocation. + For more details of the issues with SECITEM_ReallocItem, + see Bug 298649 and Bug 298938. + in pk11pub.h + PK11_Decrypt - Performs decryption as a single PKCS#11 + operation (eg: not multi-part). This is necessary for AES-GCM. + PK11_Encrypt - Performs encryption as a single PKCS#11 + operation (eg: not multi-part). This is necessary for AES-GCM. + * New Types + in secitem.h + SECItemArray - Represents a variable-length array of SECItems. + * New Macros + in ssl.h + SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure + TLS client sockets to request the certificate_status extension + (eg: OCSP stapling) when set to PR_TRUE + * Notable changes + + SECITEM_ReallocItem is now deprecated. Please consider using + SECITEM_ReallocItemV2 in all future code. + + The list of root CA certificates in the nssckbi module has + been updated. + + The default implementation of SSL_AuthCertificate has been + updated to add certificate status responses stapled by the TLS + server to the OCSP cache. + * a lot of bugfixes + +------------------------------------------------------------------- Old: ---- bug-834091.patch nss-3.14.3.tar.gz nss-disable-expired-testcerts.patch New: ---- nss-3.15.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:44.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:44.000000000 +0200 @@ -25,7 +25,7 @@ BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.14.3 +Version: 3.15 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -# cvs -d :pserver:anonym...@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_3_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss; hg up NSS_3_15_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in Source4: %{name}-rpmlintrc @@ -55,8 +55,6 @@ Patch6: malloc.patch Patch7: nss-disable-ocsp-test.patch Patch8: nss-sqlitename.patch -Patch9: nss-disable-expired-testcerts.patch -Patch10: bug-834091.patch %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} @@ -161,31 +159,29 @@ %prep %setup -n nss-%{version} -q -cd mozilla -%patch1 -%patch2 -%patch3 -%patch4 -%patch5 +cd nss +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %if %suse_version > 1110 -%patch6 +%patch6 -p1 %endif -%patch7 -%patch8 -%patch9 -%patch10 +%patch7 -p1 +%patch8 -p1 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt #make generate %build +cd nss modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + -cd mozilla/security/nss export FREEBL_NO_DEPEND=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` @@ -214,6 +210,7 @@ %endif %install +cd nss mkdir -p $RPM_BUILD_ROOT%{_libdir} mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3 @@ -221,7 +218,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT%{nssdbdir} -pushd mozilla/dist/Linux* +pushd ../dist/Linux* # copy headers cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 # copy dynamic libs @@ -278,9 +275,9 @@ %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc # prepare nss-config file popd -NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` -NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` -NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` +NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` +NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` +NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ ++++++ char.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:44.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:44.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.2 diff -u -p -6 -r1.2 install-ds.c --- security/nss/cmd/modutil/install-ds.c 25 Apr 2004 15:02:47 -0000 1.2 -+++ security/nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000 ++++ nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000 @@ -249,13 +249,13 @@ Pk11Install_File_Generate(Pk11Install_Fi if(!subval || (subval->type != STRING_VALUE)){ errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], ++++++ malloc.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:44.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:44.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.100 diff -u -r1.100 ssl.sh --- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100 -+++ security/nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000 ++++ nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000 @@ -974,6 +974,7 @@ ################################# main ################################# ++++++ nss-3.14.3.tar.gz -> nss-3.15.tar.gz ++++++ ++++ 1877339 lines of diff (skipped) ++++++ nss-disable-ocsp-test.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:47.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:47.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.10 diff -u -r1.10 scenarios --- security/nss/tests/chains/scenarios/scenarios 7 Jan 2013 03:56:15 -0000 1.10 -+++ security/nss/tests/chains/scenarios/scenarios 28 Jan 2013 18:11:16 -0000 ++++ nss/tests/chains/scenarios/scenarios 28 Jan 2013 18:11:16 -0000 @@ -50,6 +50,5 @@ realcerts.cfg dsa.cfg ++++++ nss-no-rpath.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:48.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:48.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.71 diff -u -p -6 -r1.71 platlibs.mk --- security/nss/cmd/platlibs.mk 17 Jul 2012 15:22:42 -0000 1.71 -+++ security/nss/cmd/platlibs.mk 25 Oct 2012 12:07:35 -0000 ++++ nss/cmd/platlibs.mk 25 Oct 2012 12:07:35 -0000 @@ -15,15 +15,15 @@ else EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps' endif ++++++ nss-opt.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:48.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:48.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.45.2.1 diff -u -r1.45.2.1 Linux.mk --- security/coreconf/Linux.mk 31 Jul 2010 04:23:37 -0000 1.45.2.1 -+++ security/coreconf/Linux.mk 5 Aug 2010 07:35:06 -0000 ++++ nss/coreconf/Linux.mk 5 Aug 2010 07:35:06 -0000 @@ -112,11 +112,7 @@ endif ++++++ nss-sqlitename.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:48.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:48.000000000 +0200 @@ -4,7 +4,7 @@ retrieving revision 1.5 diff -u -r1.5 manifest.mn --- security/nss/lib/sqlite/manifest.mn 25 Apr 2012 14:50:11 -0000 1.5 -+++ security/nss/lib/sqlite/manifest.mn 28 Jan 2013 20:48:22 -0000 ++++ nss/lib/sqlite/manifest.mn 28 Jan 2013 20:48:22 -0000 @@ -6,9 +6,10 @@ MODULE = nss ++++++ renegotiate-transitional.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:48.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:48.000000000 +0200 @@ -1,11 +1,9 @@ -Index: security/nss/lib/ssl/sslsock.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v -retrieving revision 1.96 -diff -u -p -6 -r1.96 sslsock.c ---- security/nss/lib/ssl/sslsock.c 24 Sep 2012 23:57:42 -0000 1.96 -+++ security/nss/lib/ssl/sslsock.c 25 Oct 2012 12:08:56 -0000 -@@ -147,13 +147,13 @@ static sslOptions ssl_defaults = { +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +--- a/lib/ssl/sslsock.c ++++ b/lib/ssl/sslsock.c +@@ -144,17 +144,17 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* fdx */ + PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ PR_TRUE, /* detectRollBack */ PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ @@ -16,7 +14,9 @@ + 3, /* enableRenegotiation (default: requires extension) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ - PR_TRUE /* cbcRandomIV */ + PR_TRUE, /* cbcRandomIV */ + PR_FALSE /* enableOCSPStapling */ }; /* + * default range of enabled SSL/TLS protocols ++++++ system-nspr.patch ++++++ --- /var/tmp/diff_new_pack.H2ZqAb/_old 2013-06-14 16:46:48.000000000 +0200 +++ /var/tmp/diff_new_pack.H2ZqAb/_new 2013-06-14 16:46:48.000000000 +0200 @@ -1,16 +1,22 @@ -Index: security/nss/Makefile -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/Makefile,v -retrieving revision 1.36 -diff -u -p -r1.36 Makefile ---- security/nss/Makefile 2 Dec 2008 23:24:39 -0000 1.36 -+++ security/nss/Makefile 23 Nov 2009 16:19:04 -0000 -@@ -78,7 +78,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -39,17 +39,17 @@ include $(CORE_DEPTH)/coreconf/rules.mk + ####################################################################### + + + + ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### --nss_build_all: build_coreconf build_nspr build_dbm all -+nss_build_all: build_coreconf build_dbm all +-nss_build_all: build_nspr all ++nss_build_all: all + + nss_clean_all: clobber_nspr clobber - nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber + NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status + NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure + # + # Translate coreconf build options to NSPR configure options. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
