Date: Monday, October 5, 2015 @ 05:04:23 Author: fyan Revision: 142947
upgpkg: lib32-nss 3.20-1 sync with [core] Modified: lib32-nss/trunk/PKGBUILD Deleted: lib32-nss/trunk/ssl-renegotiate-transitional.patch ------------------------------------+ PKGBUILD | 13 ++++--------- ssl-renegotiate-transitional.patch | 21 --------------------- 2 files changed, 4 insertions(+), 30 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-10-05 02:57:05 UTC (rev 142946) +++ PKGBUILD 2015-10-05 03:04:23 UTC (rev 142947) @@ -5,7 +5,7 @@ _pkgbasename=nss pkgname=lib32-${_pkgbasename} -pkgver=3.18.1 +pkgver=3.20 pkgrel=1 pkgdesc="Mozilla Network Security Services (32-bit)" arch=('x86_64') @@ -22,18 +22,13 @@ makedepends=('gcc-multilib' 'perl') options=('!strip' '!makeflags' staticlibs) source=(http://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_pkgbasename}-${pkgver}.tar.gz - nss.pc.in - ssl-renegotiate-transitional.patch) -sha256sums=('10d005ca1b143a8b77032a169c595d06cf42d16d54809558ea30f1ffe73fef70' - 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd' - '12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97') + nss.pc.in) +sha256sums=('5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c' + 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd') prepare() { cd "${srcdir}"/${_pkgbasename}-${pkgver}/ - # Adds transitional SSL renegotiate support - patch from Debian - patch -Np3 -i "${srcdir}/ssl-renegotiate-transitional.patch" - # Respect LDFLAGS sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \ -i nss/coreconf/rules.mk Deleted: ssl-renegotiate-transitional.patch =================================================================== --- ssl-renegotiate-transitional.patch 2015-10-05 02:57:05 UTC (rev 142946) +++ ssl-renegotiate-transitional.patch 2015-10-05 03:04:23 UTC (rev 142947) @@ -1,21 +0,0 @@ -Enable transitional scheme for ssl renegotiation: - -(from mozilla/security/nss/lib/ssl/ssl.h) -Disallow unsafe renegotiation in server sockets only, but allow clients -to continue to renegotiate with vulnerable servers. -This value should only be used during the transition period when few -servers have been upgraded. - -diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c -index f1d1921..c074360 100644 ---- a/mozilla/security/nss/lib/ssl/sslsock.c -+++ b/mozilla/security/nss/lib/ssl/sslsock.c -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - }; -