Hello community, here is the log from the commit of package mozilla-nss.1211 for openSUSE:12.1:Update checked in at 2013-01-11 11:37:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/mozilla-nss.1211 (Old) and /work/SRC/openSUSE:12.1:Update/.mozilla-nss.1211.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss.1211", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:12.1:Update/.mozilla-nss.1211.new/mozilla-nss.changes 2013-01-11 11:37:44.000000000 +0100 @@ -0,0 +1,617 @@ +------------------------------------------------------------------- +Sun Dec 30 17:59:34 UTC 2012 - w...@rosenauer.org + +- updated CA database (nssckbi-1.93.patch) + * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) + revoke mis-issued intermediate certificates from TURKTRUST + +------------------------------------------------------------------- +Tue Dec 18 13:36:09 UTC 2012 - w...@rosenauer.org + +- update to 3.14.1 RTM + * minimal requirement for Gecko 20 + * several bugfixes + +------------------------------------------------------------------- +Thu Oct 25 12:02:22 UTC 2012 - w...@rosenauer.org + +- update to 3.14 RTM + * Support for TLS 1.1 (RFC 4346) + * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) + * Support for AES-CTR, AES-CTS, and AES-GCM + * Support for Keying Material Exporters for TLS (RFC 5705) + * Support for certificate signatures using the MD5 hash algorithm + is now disabled by default + * The NSS license has changed to MPL 2.0. Previous releases were + released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more + information about MPL 2.0, please see + http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional + explanation on GPL/LGPL compatibility, see security/nss/COPYING + in the source code. + * Export and DES cipher suites are disabled by default. Non-ECC + AES and Triple DES cipher suites are enabled by default +- disabled OCSP testcases since they need external network + (nss-disable-ocsp-test.patch) + +------------------------------------------------------------------- +Wed Aug 15 13:57:42 UTC 2012 - w...@rosenauer.org + +- update to 3.13.6 RTM + * root CA update + * other bugfixes + +------------------------------------------------------------------- +Fri Jun 1 18:46:28 UTC 2012 - w...@rosenauer.org + +- update to 3.13.5 RTM + +------------------------------------------------------------------- +Fri Apr 13 18:55:57 UTC 2012 - w...@rosenauer.org + +- update to 3.13.4 RTM + * fixed some bugs + * fixed cert verification regression in PKIX mode (bmo#737802) + introduced in 3.13.2 + +------------------------------------------------------------------- +Thu Feb 23 15:06:34 UTC 2012 - w...@rosenauer.org + +- update to 3.13.3 RTM + - distrust Trustwave's MITM certificates (bmo#724929) + - fix generic blacklisting mechanism (bmo#727204) + +------------------------------------------------------------------- +Thu Feb 16 08:48:42 UTC 2012 - w...@rosenauer.org + +- update to 3.13.2 RTM + * requirement with Gecko >= 11 +- removed obsolete patches + * ckbi-1.88 + * pkcs11n-header-fix.patch + +------------------------------------------------------------------- +Sun Dec 18 15:59:08 UTC 2011 - adr...@suse.de + +- fix spec file syntax for qemu-workaround + +------------------------------------------------------------------- +Mon Nov 14 10:13:17 UTC 2011 - j...@redux.org.uk + +- Added a patch to fix errors in the pkcs11n.h header file. + (bmo#702090) + +------------------------------------------------------------------- +Sat Nov 5 10:58:20 UTC 2011 - wolfg...@rosenauer.org + +- update to 3.13.1 RTM + * better SHA-224 support (bmo#647706) + * fixed a regression (causing hangs in some situations) + introduced in 3.13 (bmo#693228) +- update to 3.13.0 RTM + * SSL 2.0 is disabled by default + * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext + attack demonstrated by Rizzo and Duong (CVE-2011-3389) is + enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to + PR_FALSE to disable it. + * SHA-224 is supported + * Ported to iOS. (Requires NSPR 4.9.) + * Added PORT_ErrorToString and PORT_ErrorToName to return the + error message and symbolic name of an NSS error code + * Added NSS_GetVersion to return the NSS version string + * Added experimental support of RSA-PSS to the softoken only + * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db + anymore (bmo#641052, bnc#726096) + +------------------------------------------------------------------- +Sat Nov 5 10:47:51 UTC 2011 - w...@rosenauer.org + +- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753) +- make sure NSS_NoDB_Init does not try to use wrong certificate + databases (CVE-2011-3640, bnc#726096, bmo#641052) + +------------------------------------------------------------------- +Fri Sep 30 23:27:07 UTC 2011 - crrodrig...@opensuse.org + +- Workaround qemu-arm bugs. + +------------------------------------------------------------------- +Fri Sep 9 05:44:15 UTC 2011 - w...@rosenauer.org + +- explicitely distrust/override DigiNotar certs (bmo#683261) + (trustdb version 1.87) + +------------------------------------------------------------------- +Fri Sep 2 14:40:07 UTC 2011 - pce...@suse.com + +- removed DigiNotar root certificate from trusted db + (bmo#682927, bnc#714931) + +------------------------------------------------------------------- +Wed Aug 24 08:37:13 UTC 2011 - andrea.turr...@gmail.com + +- fixed typo in summary of mozilla-nss (libsoftokn3) + +------------------------------------------------------------------- +Fri Aug 12 20:55:38 UTC 2011 - w...@rosenauer.org + +- update to 3.12.11 RTM + * no upstream release notes available + +------------------------------------------------------------------- +Wed Jul 13 16:45:23 CEST 2011 - meiss...@suse.de + +- Linux3.0 is the new Linux2.6 (make it build) + +------------------------------------------------------------------- +Mon May 23 17:37:34 UTC 2011 - crrodrig...@opensuse.org + +- Do not include build dates in binaries, messes up + build compare + +------------------------------------------------------------------- +Thu May 19 05:37:02 UTC 2011 - w...@rosenauer.org + +- update to 3.12.10 RTM + * no changes except internal release information + +------------------------------------------------------------------- +Thu Apr 28 06:34:50 UTC 2011 - w...@rosenauer.org + +- update to 3.12.10beta1 + * root CA changes + * filter certain bogus certs (bmo#642815) + * fix minor memory leaks + * other bugfixes + +------------------------------------------------------------------- +Sun Jan 9 23:05:11 UTC 2011 - w...@rosenauer.org + +- update to 3.12.9rc0 + * fix minor memory leaks (bmo#619268) + * fix crash in nss_cms_decoder_work_data (bmo#607058) + * fix crash in certutil (bmo#620908) + * handle invalid argument in JPAKE (bmo#609068) + +------------------------------------------------------------------- +Thu Dec 9 15:03:00 UTC 2010 - w...@rosenauer.org + +- update to 3.12.9beta2 + * J-PAKE support (API requirement for Firefox >= 4.0b8) + +------------------------------------------------------------------- +Tue Nov 9 08:51:51 UTC 2010 - w...@rosenauer.org + +- replaced expired PayPal test certificate (fixing testsuite) + +------------------------------------------------------------------- +Sat Sep 25 08:18:59 CEST 2010 - w...@rosenauer.org + +- update to 3.12.8 RTM release + * support TLS false start (needed for Firefox4) (bmo#525092) + * fix wildcard matching for IP addresses (bnc#637290, bmo#578697) + (CVE-2010-3170) + * bugfixes + +------------------------------------------------------------------- +Fri Jul 23 21:18:30 CEST 2010 - w...@rosenauer.org + ++++ 420 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.mozilla-nss.1211.new/mozilla-nss.changes New: ---- baselibs.conf cert9.db char.patch key4.db malloc.patch mozilla-nss-rpmlintrc mozilla-nss.changes mozilla-nss.spec nss-3.14.1.tar.bz2 nss-config.in nss-disable-ocsp-test.patch nss-no-rpath.patch nss-opt.patch nss.pc.in nssckbi-1.93.patch pkcs11.txt renegotiate-transitional.patch setup-nsssysinit.sh system-nspr.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ # # spec file for package mozilla-nss # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2006-2012 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %global nss_softokn_fips_version 3.12.4 Name: mozilla-nss BuildRequires: gcc-c++ BuildRequires: mozilla-nspr-devel BuildRequires: pkg-config BuildRequires: sqlite3-devel BuildRequires: zlib-devel Version: 3.14.1 Release: 0 # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-64bit %endif # Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ # cvs -d :pserver:anonym...@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS Source: nss-%{version}.tar.bz2 Source1: nss.pc.in Source3: nss-config.in Source4: %{name}-rpmlintrc Source5: baselibs.conf Source6: setup-nsssysinit.sh Source7: cert9.db Source8: key4.db Source9: pkcs11.txt #Source10: PayPalEE.cert Patch1: nss-opt.patch Patch2: system-nspr.patch Patch3: char.patch Patch4: nss-no-rpath.patch Patch5: renegotiate-transitional.patch Patch6: malloc.patch Patch7: nss-disable-ocsp-test.patch Patch8: nssckbi-1.93.patch %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} PreReq: libsoftokn3 >= %{nss_softokn_fips_version} Requires: mozilla-nss-certs BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nssdbdir %{_sysconfdir}/pki/nssdb %ifnarch %sparc %if ! 0%{?qemu_user_space_build} %define run_testsuite 1 %endif %endif %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. %package devel Summary: Network (Netscape) Security Services development files Group: Development/Libraries/Other Requires: libfreebl3 Requires: libsoftokn3 Requires: mozilla-nspr-devel Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-devel-64bit %endif %description devel Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. %package tools Summary: Tools for developing, debugging, and managing applications that use NSS Group: System/Management PreReq: mozilla-nss >= %{version} %description tools The NSS Security Tools allow developers to test, debug, and manage applications that use NSS. %package sysinit Summary: System NSS Initialization Group: System/Management Requires: mozilla-nss >= %{version} Requires(post): coreutils %description sysinit Default Operation System module that manages applications loading NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules. %package -n libfreebl3 Summary: Freebl library for the Network Security Services Group: System/Libraries %description -n libfreebl3 Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This package installs the freebl library from NSS. %package -n libsoftokn3 Summary: Network Security Services Softoken Module Group: System/Libraries Requires: libfreebl3 = %{version}-%{release} %description -n libsoftokn3 Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Network Security Services Softoken Cryptographic Module %package certs Summary: CA certificates for NSS Group: Productivity/Networking/Security %description certs This package contains the integrated CA root certificates from the Mozilla project. %prep %setup -n nss-%{version} -q cd mozilla %patch1 %patch2 %patch3 %patch4 %patch5 %if %suse_version > 1110 %patch6 %endif %patch7 %patch8 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt #make generate %build modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + cd mozilla/security/nss export FREEBL_NO_DEPEND=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export LIBDIR=%{_libdir} %ifarch x86_64 s390x ppc64 ia64 export USE_64=1 %endif %if %suse_version > 1020 export NSS_USE_SYSTEM_SQLITE=1 %endif MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1" make nss_build_all $MAKE_FLAGS # run testsuite %if 0%{?run_testsuite} export BUILD_OPT=1 export HOST="localhost" export DOMSUF=" " export USE_IP=TRUE export IP_ADDRESS="127.0.0.1" cd tests ./all.sh if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then echo "Testsuite FAILED" exit 1 fi %endif %install mkdir -p $RPM_BUILD_ROOT%{_libdir} mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3 mkdir -p $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT%{nssdbdir} pushd mozilla/dist/Linux* # copy headers cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 # copy dynamic libs cp -L lib/libnss3.so \ lib/libnssdbm3.so \ lib/libnssdbm3.chk \ lib/libnssutil3.so \ lib/libnssckbi.so \ lib/libnsssysinit.so \ lib/libsmime3.so \ lib/libsoftokn3.so \ lib/libsoftokn3.chk \ lib/libssl3.so \ $RPM_BUILD_ROOT%{_libdir} cp -L lib/libfreebl3.so \ lib/libfreebl3.chk \ $RPM_BUILD_ROOT/%{_lib} %if %suse_version < 1030 cp -L lib/libnsssqlite3.so \ $RPM_BUILD_ROOT%{_libdir} %endif # copy static libs cp -L lib/libcrmf.a \ lib/libnssb.a \ lib/libnssckfw.a \ $RPM_BUILD_ROOT%{_libdir} # copy tools cp -L bin/certutil \ bin/cmsutil \ bin/crlutil \ bin/modutil \ bin/pk12util \ bin/signtool \ bin/signver \ bin/ssltap \ $RPM_BUILD_ROOT%{_bindir} # copy unsupported tools cp -L bin/atob \ bin/btoa \ bin/derdump \ bin/ocspclnt \ bin/pp \ bin/selfserv \ bin/shlibsign \ bin/strsclnt \ bin/symkeyutil \ bin/tstclnt \ bin/vfyserv \ bin/vfychain \ $RPM_BUILD_ROOT%{_libexecdir}/nss # prepare pkgconfig file mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/ sed "s:%%LIBDIR%%:%{_libdir}:g s:%%VERSION%%:%{version}:g s:%%NSPR_VERSION%%:%{nspr_ver}:g" \ %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc # prepare nss-config file popd NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss3,g" \ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ > $RPM_BUILD_ROOT/%{_bindir}/nss-config chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config # setup-nsssysinfo.sh install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/ # create empty NSS database #LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create #LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null #chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/* #sed "s:%{buildroot}::g #s/^library=$/library=libnsssysinit.so/ #/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \ # $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed # mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,} # copy empty NSS database install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir} install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir} # create shlib sigs after extracting debuginfo %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ %{nil} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post -n libfreebl3 -p /sbin/ldconfig %postun -n libfreebl3 -p /sbin/ldconfig %post -n libsoftokn3 -p /sbin/ldconfig %postun -n libsoftokn3 -p /sbin/ldconfig %post sysinit /sbin/ldconfig # make sure the current config is enabled %{_sbindir}/setup-nsssysinit.sh on %preun sysinit if [ $1 = 0 ]; then %{_sbindir}/setup-nsssysinit.sh off fi %postun sysinit -p /sbin/ldconfig %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-, root, root) %{_libdir}/libnss3.so %{_libdir}/libnssutil3.so %{_libdir}/libsmime3.so %{_libdir}/libssl3.so %if %suse_version < 1030 %{_libdir}/libnsssqlite3.so %endif %files devel %defattr(644, root, root, 755) %{_includedir}/nss3/ %{_libdir}/*.a %{_libdir}/pkgconfig/* %attr(755,root,root) %{_bindir}/nss-config %files tools %defattr(-, root, root) %{_bindir}/* %exclude %{_sbindir}/setup-nsssysinit.sh %{_libexecdir}/nss/ %exclude %{_bindir}/nss-config %files sysinit %defattr(-, root, root) %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/nssdb %config(noreplace) %{_sysconfdir}/pki/nssdb/* %{_libdir}/libnsssysinit.so %{_sbindir}/setup-nsssysinit.sh %files -n libfreebl3 %defattr(-, root, root) /%{_lib}/libfreebl3.so /%{_lib}/libfreebl3.chk %files -n libsoftokn3 %defattr(-, root, root) %{_libdir}/libsoftokn3.so %{_libdir}/libsoftokn3.chk %{_libdir}/libnssdbm3.so %{_libdir}/libnssdbm3.chk %files certs %defattr(-, root, root) %{_libdir}/libnssckbi.so %changelog ++++++ baselibs.conf ++++++ mozilla-nss requires "libfreebl3-<targettype>" requires "libsoftokn3-<targettype>" requires "mozilla-nss-certs-<targettype>" libsoftokn3 requires "libfreebl3-<targettype> = <version>" +/usr/lib/libsoftokn3.chk +/usr/lib/libnssdbm3.chk libfreebl3 +/lib/libfreebl3.chk mozilla-nss-sysinit mozilla-nss-certs ++++++ char.patch ++++++ Index: security/nss/cmd/modutil/install-ds.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/cmd/modutil/install-ds.c,v retrieving revision 1.2 diff -u -p -6 -r1.2 install-ds.c --- security/nss/cmd/modutil/install-ds.c 25 Apr 2004 15:02:47 -0000 1.2 +++ security/nss/cmd/modutil/install-ds.c 5 Feb 2007 06:57:38 -0000 @@ -249,13 +249,13 @@ Pk11Install_File_Generate(Pk11Install_Fi if(!subval || (subval->type != STRING_VALUE)){ errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], _this->jarPath); goto loser; } _this->permissions = (int) strtol(subval->string, &endp, 8); - if(*endp != '\0' || subval->string == "\0") { + if(*endp != '\0' || subval->string[0] == '\0') { errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], _this->jarPath); goto loser; } gotPerms = PR_TRUE; Pk11Install_ListIter_delete(subiter); ++++++ malloc.patch ++++++ Index: security/nss/tests/ssl/ssl.sh =================================================================== RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v retrieving revision 1.100 diff -u -r1.100 ssl.sh --- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100 +++ security/nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000 @@ -974,6 +974,7 @@ ################################# main ################################# +unset MALLOC_CHECK_ ssl_init ssl_run_tests ssl_cleanup ++++++ mozilla-nss-rpmlintrc ++++++ addFilter("shlib-policy-name-error") addFilter("shlib-policy-missing-lib") addFilter("shlib-policy-missing-suffix") addFilter("shlib-unversioned-lib") addFilter("shlib-fixed-dependency") ++++++ nss-config.in ++++++ #!/bin/sh prefix=@prefix@ major_version=@MOD_MAJOR_VERSION@ minor_version=@MOD_MINOR_VERSION@ patch_version=@MOD_PATCH_VERSION@ usage() { cat <<EOF Usage: nss-config [OPTIONS] [LIBRARIES] Options: [--prefix[=DIR]] [--exec-prefix[=DIR]] [--includedir[=DIR]] [--libdir[=DIR]] [--version] [--libs] [--cflags] Dynamic Libraries: nss ssl smime EOF exit $1 } if test $# -eq 0; then usage 1 1>&2 fi lib_ssl=yes lib_smime=yes lib_nss=yes lib_nssutil=yes while test $# -gt 0; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case $1 in --prefix=*) prefix=$optarg ;; --prefix) echo_prefix=yes ;; --exec-prefix=*) exec_prefix=$optarg ;; --exec-prefix) echo_exec_prefix=yes ;; --includedir=*) includedir=$optarg ;; --includedir) echo_includedir=yes ;; --libdir=*) libdir=$optarg ;; --libdir) echo_libdir=yes ;; --version) echo ${major_version}.${minor_version}.${patch_version} ;; --cflags) echo_cflags=yes ;; --libs) echo_libs=yes ;; ssl) lib_ssl=yes ;; smime) lib_smime=yes ;; nss) lib_nss=yes ;; nssutil) lib_nssutil=yes ;; *) usage 1 1>&2 ;; esac shift done # Set variables that may be dependent upon other variables if test -z "$exec_prefix"; then exec_prefix=@exec_prefix@ fi if test -z "$includedir"; then includedir=@includedir@ fi if test -z "$libdir"; then libdir=@libdir@ fi if test "$echo_prefix" = "yes"; then echo $prefix fi if test "$echo_exec_prefix" = "yes"; then echo $exec_prefix fi if test "$echo_includedir" = "yes"; then echo $includedir fi if test "$echo_libdir" = "yes"; then echo $libdir fi if test "$echo_cflags" = "yes"; then echo -I$includedir fi if test "$echo_libs" = "yes"; then libdirs="-Wl,-rpath-link,$libdir -L$libdir" if test -n "$lib_ssl"; then libdirs="$libdirs -lssl${major_version}" fi if test -n "$lib_smime"; then libdirs="$libdirs -lsmime${major_version}" fi if test -n "$lib_nss"; then libdirs="$libdirs -lnss${major_version}" fi if test -n "$lib_nssutil"; then libdirs="$libdirs -lnssutil${major_version}" fi echo $libdirs fi ++++++ nss-disable-ocsp-test.patch ++++++ Index: security/nss/tests/chains/scenarios/scenarios =================================================================== RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/scenarios,v retrieving revision 1.9 diff -u -p -6 -r1.9 scenarios --- security/nss/tests/chains/scenarios/scenarios 9 Nov 2009 14:18:58 -0000 1.9 +++ security/nss/tests/chains/scenarios/scenarios 25 Oct 2012 13:40:00 -0000 @@ -46,8 +46,7 @@ aia.cfg bridgewithaia.cfg bridgewithhalfaia.cfg bridgewithpolicyextensionandmapping.cfg realcerts.cfg dsa.cfg revoc.cfg -ocsp.cfg crldp.cfg ++++++ nss-no-rpath.patch ++++++ Index: security/nss/cmd/platlibs.mk =================================================================== RCS file: /cvsroot/mozilla/security/nss/cmd/platlibs.mk,v retrieving revision 1.71 diff -u -p -6 -r1.71 platlibs.mk --- security/nss/cmd/platlibs.mk 17 Jul 2012 15:22:42 -0000 1.71 +++ security/nss/cmd/platlibs.mk 25 Oct 2012 12:07:35 -0000 @@ -15,15 +15,15 @@ else EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps' endif endif ifeq ($(OS_ARCH), Linux) ifeq ($(USE_64), 1) -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' else -EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' +#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' endif endif endif # BUILD_SUN_PKG ifdef NSS_DISABLE_DBM ++++++ nss-opt.patch ++++++ Index: security/coreconf/Linux.mk =================================================================== RCS file: /cvsroot/mozilla/security/coreconf/Linux.mk,v retrieving revision 1.45.2.1 diff -u -r1.45.2.1 Linux.mk --- security/coreconf/Linux.mk 31 Jul 2010 04:23:37 -0000 1.45.2.1 +++ security/coreconf/Linux.mk 5 Aug 2010 07:35:06 -0000 @@ -112,11 +112,7 @@ endif ifdef BUILD_OPT -ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) - OPTIMIZER = -Os -else - OPTIMIZER = -O2 -endif + OPTIMIZER = $(OPT_FLAGS) ifdef MOZ_DEBUG_SYMBOLS ifdef MOZ_DEBUG_FLAGS OPTIMIZER += $(MOZ_DEBUG_FLAGS) ++++++ nss.pc.in ++++++ prefix=/usr exec_prefix=${prefix} libdir=%LIBDIR% includedir=${prefix}/include/nss3 Name: NSS Description: Network Security Services Version: %VERSION% Requires: nspr >= %NSPR_VERSION% Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 Cflags: -I${includedir} ++++++ nssckbi-1.93.patch ++++++ diff -uprN --exclude CVS nss-3.14.1/mozilla/security/nss/lib/ckfw/builtins/certdata.txt mozilla/security/nss/lib/ckfw/builtins/certdata.txt --- nss-3.14.1/mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2012-10-18 18:26:52.000000000 +0200 +++ security/nss/lib/ckfw/builtins/certdata.txt 2012-12-29 17:32:45.000000000 +0100 @@ -2,7 +2,7 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.86 $ $Date: 2012/10/18 16:26:52 $" +CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date: 2012/12/29 16:32:45 $" # # certdata.txt @@ -24424,171 +24424,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" -# -# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number: 1 (0x1) -# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Tue Dec 25 18:37:19 2007 -# Not Valid After : Fri Dec 22 18:37:19 2017 -# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72 -# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303 -\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 -\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151 -\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304 -\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124 -\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141 -\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234 -\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260 -\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151 -\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151 -\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236 -\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060 -\060\067 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303 -\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 -\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151 -\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304 -\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124 -\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141 -\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234 -\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260 -\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151 -\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151 -\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236 -\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060 -\060\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234 -\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156 -\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172 -\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261 -\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060 -\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061 -\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071 -\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124 -\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162 -\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110 -\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143 -\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002 -\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153 -\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303 -\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304 -\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154 -\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237 -\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305 -\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062 -\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357 -\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077 -\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130 -\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352 -\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132 -\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006 -\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217 -\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302 -\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206 -\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177 -\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044 -\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217 -\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050 -\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371 -\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114 -\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252 -\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006 -\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344 -\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 -\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121 -\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026 -\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050 -\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017 -\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210 -\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153 -\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374 -\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271 -\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330 -\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265 -\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032 -\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325 -\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277 -\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031 -\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146 -\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071 -\175 -END - -# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" -# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number: 1 (0x1) -# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Tue Dec 25 18:37:19 2007 -# Not Valid After : Fri Dec 22 18:37:19 2017 -# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72 -# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020 -\210\331\140\063 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303 -\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 -\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151 -\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304 -\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124 -\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141 -\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234 -\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260 -\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151 -\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151 -\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236 -\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060 -\060\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "T-TeleSec GlobalRoot Class 3" # # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -24880,3 +24715,71 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_T CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022 +# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri +# Serial Number: 2087 (0x827) +# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR +# Not Valid Before: Mon Aug 08 07:07:51 2011 +# Not Valid After : Tue Jul 06 07:07:51 2021 +# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E +# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1" +CKA_ISSUER MULTILINE_OCTAL +\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 +\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 +\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 +\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 +\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 +\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 +\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 +\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 +\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 +\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 +\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\002\010\047 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022 +# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri +# Serial Number: 2148 (0x864) +# Subject: E=il...@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR +# Not Valid Before: Mon Aug 08 07:07:51 2011 +# Not Valid After : Thu Aug 05 07:07:51 2021 +# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2 +# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2" +CKA_ISSUER MULTILINE_OCTAL +\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 +\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 +\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 +\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 +\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 +\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 +\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 +\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 +\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 +\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 +\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\002\010\144 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff -uprN --exclude CVS nss-3.14.1/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h mozilla/security/nss/lib/ckfw/builtins/nssckbi.h --- nss-3.14.1/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2012-10-18 18:26:52.000000000 +0200 +++ security/nss/lib/ckfw/builtins/nssckbi.h 2012-12-29 17:32:45.000000000 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 92 -#define NSS_BUILTINS_LIBRARY_VERSION "1.92" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 93 +#define NSS_BUILTINS_LIBRARY_VERSION "1.93" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 ++++++ pkcs11.txt ++++++ library=libnsssysinit.so name=NSS Internal PKCS #11 Module parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) ++++++ renegotiate-transitional.patch ++++++ Index: security/nss/lib/ssl/sslsock.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v retrieving revision 1.96 diff -u -p -6 -r1.96 sslsock.c --- security/nss/lib/ssl/sslsock.c 24 Sep 2012 23:57:42 -0000 1.96 +++ security/nss/lib/ssl/sslsock.c 25 Oct 2012 12:08:56 -0000 @@ -147,13 +147,13 @@ static sslOptions ssl_defaults = { PR_TRUE, /* detectRollBack */ PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ - 2, /* enableRenegotiation (default: requires extension) */ + 3, /* enableRenegotiation (default: requires extension) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ PR_TRUE /* cbcRandomIV */ }; /* ++++++ setup-nsssysinit.sh ++++++ #!/bin/sh # # Turns on or off the nss-sysinit module db by editing the # global PKCS #11 congiguration file. # # This script can be invoked by the user as super user. # It is invoked at nss-sysinit post install time with argument on # and at nss-sysinit pre uninstall with argument off. # usage() { cat <<EOF Usage: setup-nsssysinit [on|off] on - turns on nsssysinit off - turns off nsssysinit EOF exit $1 } # validate if test $# -eq 0; then usage 1 1>&2 fi # the system-wide configuration file p11conf="/etc/pki/nssdb/pkcs11.txt" # must exist, otherwise report it and exit with failure if [ ! -f $p11conf ]; then echo "Could not find ${p11conf}" exit 1 fi on="1" case "$1" in on | ON ) cat ${p11conf} | \ sed -e 's/^library=$/library=libnsssysinit.so/' \ -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \ ${p11conf}.on mv ${p11conf}.on ${p11conf} ;; off | OFF ) if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then exit 0 fi cat ${p11conf} | \ sed -e 's/^library=libnsssysinit.so/library=/' \ -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ ${p11conf}.off mv ${p11conf}.off ${p11conf} ;; * ) usage 1 1>&2 ;; esac ++++++ system-nspr.patch ++++++ Index: security/nss/Makefile =================================================================== RCS file: /cvsroot/mozilla/security/nss/Makefile,v retrieving revision 1.36 diff -u -p -r1.36 Makefile --- security/nss/Makefile 2 Dec 2008 23:24:39 -0000 1.36 +++ security/nss/Makefile 23 Nov 2009 16:19:04 -0000 @@ -78,7 +78,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### -nss_build_all: build_coreconf build_nspr build_dbm all +nss_build_all: build_coreconf build_dbm all nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org