diff options
| -rw-r--r-- | main/nspr/APKBUILD | 12 | ||||
| -rw-r--r-- | main/nss/APKBUILD | 20 | ||||
| -rw-r--r-- | main/nss/fix-cdefs_h.patch | 11 | ||||
| -rw-r--r-- | main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch | 43 | ||||
| -rw-r--r-- | main/nss/ssl-renegotiate-transitional.patch | 21 | ||||
| -rw-r--r-- | main/xf86-video-vmware/APKBUILD | 2 | ||||
| -rw-r--r-- | testing/corosync/APKBUILD | 10 |
7 files changed, 63 insertions, 56 deletions
diff --git a/main/nspr/APKBUILD b/main/nspr/APKBUILD index 4974f0b86b..25a2192d7f 100644 --- a/main/nspr/APKBUILD +++ b/main/nspr/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=nspr -pkgver=4.10.8 -pkgrel=1 +pkgver=4.10.9 +pkgrel=0 pkgdesc="Netscape Portable Runtime" url="http://www.mozilla.org/projects/nspr/" arch="all" @@ -11,7 +11,7 @@ depends= depends_dev="nspr" makedepends="autoconf automake sed" subpackages="$pkgname-dev" -source="ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$pkgver/src/nspr-$pkgver.tar.gz +source="http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$pkgver/src/nspr-$pkgver.tar.gz fix-getproto.patch " @@ -68,9 +68,9 @@ package() { "$pkgdir"/usr/include/nspr/md } -md5sums="8d7c5bd0a5b0a7d0e705be66479030a0 nspr-4.10.8.tar.gz +md5sums="86769a7fc3b4c30f7fdcb45ab284c452 nspr-4.10.9.tar.gz c417cf87161ee2d12c5c1c772c94cc38 fix-getproto.patch" -sha256sums="507ea57c525c0c524dae4857a642b4ef5c9d795518754c7f83422d22fe544a15 nspr-4.10.8.tar.gz +sha256sums="4112ff6ad91d32696ca0c6c3d4abef6367b5dc0127fa172fcb3c3ab81bb2d881 nspr-4.10.9.tar.gz 46bf377b7e19f8450b81366905237630a85691a55fccddb355b2f55d60e8b4a6 fix-getproto.patch" -sha512sums="f14e3bd46cd1dee9d7163adbf3b09a450ea8c6c65499c5b6696eba7e85b6b12d3f90561a1dfe0dc0dc5fe1b14758b4191e546d9f0e29a66f33c69dd6ed6f50d9 nspr-4.10.8.tar.gz +sha512sums="2a4d6126a6c6d44cd77d55b543939fdac8d43841f32213e44400b57bfee02d1b3beaa10159d13adb140cdad6788aa01adccebf8f8dab9ab391961cf499b7a207 nspr-4.10.9.tar.gz 197f0e644bf402ee9cf1c621a0daf3426659ca05610aa7b6d8bed3d81f1d1c77c0a81ef35a92fa42b271c7f814d718ec1d1b61f5f4b554b3735142903b70e32b fix-getproto.patch" diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD index 05bdc30748..f4582fd04e 100644 --- a/main/nss/APKBUILD +++ b/main/nss/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=nss -pkgver=3.19.2 +pkgver=3.20 _ver=${pkgver//./_} pkgrel=0 pkgdesc="Mozilla Network Security Services" @@ -15,8 +15,7 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src nss.pc.in nss-config.in add_spi+cacert_ca_certs.patch - ssl-renegotiate-transitional.patch - fix-cdefs_h.patch + rhbz1185708-enable-ecc-ciphers-by-default.patch " depends_dev="nspr-dev" @@ -140,21 +139,18 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="b02ffd1e8e8ef5f8512fa02d8ca9db3d nss-3.19.2.tar.gz +md5sums="db83988499d1eb3b623d77ecf495b0f5 nss-3.20.tar.gz c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in 46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in 981e0df9e9cb7a9426b316f68911fb17 add_spi+cacert_ca_certs.patch -2412ff2e97b3ec452cb016f2506a0e08 ssl-renegotiate-transitional.patch -1f83bc41ffe34190bcc27d146c479772 fix-cdefs_h.patch" -sha256sums="1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae nss-3.19.2.tar.gz +d3cfe84b67e9fd7c0009f48836b1fe1f rhbz1185708-enable-ecc-ciphers-by-default.patch" +sha256sums="5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c nss-3.20.tar.gz b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd nss.pc.in e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9 nss-config.in 592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e add_spi+cacert_ca_certs.patch -1a49be9d7f835be737825252f50e4ee2869228eb303a087dde7fb81794b92ebd ssl-renegotiate-transitional.patch -41866089e3d085f05bc4a7e337f2f5740da4eef9021366a450a8fd111f24975c fix-cdefs_h.patch" -sha512sums="d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d nss-3.19.2.tar.gz +5f4466b25051285ef8ab8307d69149eaa72ab36dd5ea67175a5da603a6fd4d4f rhbz1185708-enable-ecc-ciphers-by-default.patch" +sha512sums="50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 nss-3.20.tar.gz 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in 6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16 add_spi+cacert_ca_certs.patch -c21a82247d87d74cb27575efc517a6771476320ce412cd444e83d0782e29f82552676247da093518b07d3eb7dc67c53cd1901ee8d6f59b342d02e47784c39192 ssl-renegotiate-transitional.patch -54080ed5e66185bfb9fae6518b8f898213a00a2803900ee13a958664a7e60aee60b51f0c27176344ebf49e9c671f1f62f56280ab9e8c7f206c5df143c3a7d24c fix-cdefs_h.patch" +905b25e7c9f844335a961f3173311b2dbd8e4de9d74a65f2e2ab71b8afcd05ffd408d85ff6d5e134126c878e7b23f0a0ccdb94478e894d8bcc6d50585b9cdcf2 rhbz1185708-enable-ecc-ciphers-by-default.patch" diff --git a/main/nss/fix-cdefs_h.patch b/main/nss/fix-cdefs_h.patch deleted file mode 100644 index 0ddeea76c5..0000000000 --- a/main/nss/fix-cdefs_h.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss-3.15.1/nss/lib/dbm/config/config.mk.orig -+++ nss-3.15.1/nss/lib/dbm/config/config.mk -@@ -25,7 +25,7 @@ - DEFINES += -DHAVE_SNPRINTF - endif - --ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -+ifneq ($(wildcard /usr/include/sys/cdefs.h),) - DEFINES += -DHAVE_SYS_CDEFS_H - endif - diff --git a/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch b/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch new file mode 100644 index 0000000000..8b69634abb --- /dev/null +++ b/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch @@ -0,0 +1,43 @@ +diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c +--- a/nss/lib/ssl/ssl3con.c ++++ b/nss/lib/ssl/ssl3con.c +@@ -85,29 +85,29 @@ static SECStatus ssl3_AESGCMBypass(ssl3K + * + * Important: See bug 946147 before enabling, reordering, or adding any cipher + * suites to this list. + */ + static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { + /* cipher_suite policy enabled isPresent */ + + #ifndef NSS_DISABLE_ECC +- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around + * bug 946147. + */ +- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + #endif /* NSS_DISABLE_ECC */ + + { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, diff --git a/main/nss/ssl-renegotiate-transitional.patch b/main/nss/ssl-renegotiate-transitional.patch deleted file mode 100644 index 3796715cb0..0000000000 --- a/main/nss/ssl-renegotiate-transitional.patch +++ /dev/null @@ -1,21 +0,0 @@ -Enable transitional scheme for ssl renegotiation: - -(from mozilla/security/nss/lib/ssl/ssl.h) -Disallow unsafe renegotiation in server sockets only, but allow clients -to continue to renegotiate with vulnerable servers. -This value should only be used during the transition period when few -servers have been upgraded. - -diff --git a/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c -index f1d1921..c074360 100644 ---- a/nss/lib/ssl/sslsock.c -+++ b/nss/lib/ssl/sslsock.c -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - }; - diff --git a/main/xf86-video-vmware/APKBUILD b/main/xf86-video-vmware/APKBUILD index cb5af624d7..0789acee6e 100644 --- a/main/xf86-video-vmware/APKBUILD +++ b/main/xf86-video-vmware/APKBUILD @@ -4,7 +4,7 @@ pkgver=13.1.0 pkgrel=1 pkgdesc="X.org VMWare video driver" url="http://xorg.freedesktop.org/" -arch="all" +arch="x86 x86_64" license="custom" subpackages="$pkgname-doc" depends= diff --git a/testing/corosync/APKBUILD b/testing/corosync/APKBUILD index e42b0ffc60..0d65122ed0 100644 --- a/testing/corosync/APKBUILD +++ b/testing/corosync/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=corosync -pkgver=2.3.4 -pkgrel=1 +pkgver=2.3.5 +pkgrel=0 pkgdesc="The Corosync Cluster Engine and Application Programming Interfaces" url="http://www.corosync.org/" arch="all" @@ -52,9 +52,9 @@ libs() { mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/ || return 1 } -md5sums="4b0f36a1dc014527e5b192265dbd7e70 corosync-2.3.4.tar.gz +md5sums="8894f00d499e0755467b381e6346f9ff corosync-2.3.5.tar.gz 4d18555dfdd036b7a48eb5bdfd0ff053 corosync.initd" -sha256sums="3dae93fb1cf5c560295253b0560cbc25421ed053ee373852864f3a60c03247d4 corosync-2.3.4.tar.gz +sha256sums="1d48cdfa224b0ceb02e27fe9d56b738fb2a92262b04b15bb3a67e1c4248da8e2 corosync-2.3.5.tar.gz 8e5a18febe55a08b8b5be80ca2e3b81cdf961784d7a2f246b9064825d3a847bc corosync.initd" -sha512sums="68cfd22171b8d1158905ce01ba1d85be0ad069a6bea8895729b79ab720d65d1a8f1f2ec47281004810b1e6fdaf5a925afdc497aa4bd75663e7638eeed276f85e corosync-2.3.4.tar.gz +sha512sums="d9e3b8f71e02889320013c219ae078b2076be325bfcf17fa31b3c4ba2a327d680ff0522302e2e44a774889bf7ddb81041904dc68da556aa91b634f9efcbe98e5 corosync-2.3.5.tar.gz be5ec458f8eb234eb01ba1023e59b35f967f0833fd8097eb8f9b5e9d172fe3beffc6ea3d15dd57f1b76ab7b90cdfccdb4868962488d4af573e70c55baf021a65 corosync.initd" |