From bbb8fb4310f733f64c6e89529f7d4845b96a0490 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 18 Sep 2015 16:34:18 +0200 Subject: main/nss: upgrade to 3.20 --- main/nss/APKBUILD | 24 ++++++++-------------- main/nss/fix-cdefs_h.patch | 11 ---------- ...rhbz1185708-enable-ecc-ciphers-by-default.patch | 4 ++-- main/nss/ssl-renegotiate-transitional.patch | 21 ------------------- 4 files changed, 10 insertions(+), 50 deletions(-) delete mode 100644 main/nss/fix-cdefs_h.patch delete mode 100644 main/nss/ssl-renegotiate-transitional.patch (limited to 'main/nss') diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD index 77e7246be5..f4582fd04e 100644 --- a/main/nss/APKBUILD +++ b/main/nss/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Ɓukasz Jendrysik # Maintainer: Natanael Copa pkgname=nss -pkgver=3.19.2 +pkgver=3.20 _ver=${pkgver//./_} -pkgrel=1 +pkgrel=0 pkgdesc="Mozilla Network Security Services" url="http://www.mozilla.org/projects/security/pki/nss/" arch="all" @@ -15,8 +15,6 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src nss.pc.in nss-config.in add_spi+cacert_ca_certs.patch - ssl-renegotiate-transitional.patch - fix-cdefs_h.patch rhbz1185708-enable-ecc-ciphers-by-default.patch " depends_dev="nspr-dev" @@ -141,24 +139,18 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="b02ffd1e8e8ef5f8512fa02d8ca9db3d nss-3.19.2.tar.gz +md5sums="db83988499d1eb3b623d77ecf495b0f5 nss-3.20.tar.gz c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in 46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in 981e0df9e9cb7a9426b316f68911fb17 add_spi+cacert_ca_certs.patch -2412ff2e97b3ec452cb016f2506a0e08 ssl-renegotiate-transitional.patch -1f83bc41ffe34190bcc27d146c479772 fix-cdefs_h.patch -582b4b93aa8eacc7755b0b87ebf8515f rhbz1185708-enable-ecc-ciphers-by-default.patch" -sha256sums="1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae nss-3.19.2.tar.gz +d3cfe84b67e9fd7c0009f48836b1fe1f rhbz1185708-enable-ecc-ciphers-by-default.patch" +sha256sums="5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c nss-3.20.tar.gz b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd nss.pc.in e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9 nss-config.in 592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e add_spi+cacert_ca_certs.patch -1a49be9d7f835be737825252f50e4ee2869228eb303a087dde7fb81794b92ebd ssl-renegotiate-transitional.patch -41866089e3d085f05bc4a7e337f2f5740da4eef9021366a450a8fd111f24975c fix-cdefs_h.patch -655bacc53516469b64b8378aad0e21d91f71340872be610fe685df87cd0c9a89 rhbz1185708-enable-ecc-ciphers-by-default.patch" -sha512sums="d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d nss-3.19.2.tar.gz +5f4466b25051285ef8ab8307d69149eaa72ab36dd5ea67175a5da603a6fd4d4f rhbz1185708-enable-ecc-ciphers-by-default.patch" +sha512sums="50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 nss-3.20.tar.gz 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in 6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16 add_spi+cacert_ca_certs.patch -c21a82247d87d74cb27575efc517a6771476320ce412cd444e83d0782e29f82552676247da093518b07d3eb7dc67c53cd1901ee8d6f59b342d02e47784c39192 ssl-renegotiate-transitional.patch -54080ed5e66185bfb9fae6518b8f898213a00a2803900ee13a958664a7e60aee60b51f0c27176344ebf49e9c671f1f62f56280ab9e8c7f206c5df143c3a7d24c fix-cdefs_h.patch -01c4cf2bf55c9415648aa1b09686bd98c1c61095b48c25047afaf9fe3e00a814fd77a80266da758accc2bfaf3f47db3c0f3e0a268af0ac8500f0809c9f386840 rhbz1185708-enable-ecc-ciphers-by-default.patch" +905b25e7c9f844335a961f3173311b2dbd8e4de9d74a65f2e2ab71b8afcd05ffd408d85ff6d5e134126c878e7b23f0a0ccdb94478e894d8bcc6d50585b9cdcf2 rhbz1185708-enable-ecc-ciphers-by-default.patch" diff --git a/main/nss/fix-cdefs_h.patch b/main/nss/fix-cdefs_h.patch deleted file mode 100644 index 0ddeea76c5..0000000000 --- a/main/nss/fix-cdefs_h.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss-3.15.1/nss/lib/dbm/config/config.mk.orig -+++ nss-3.15.1/nss/lib/dbm/config/config.mk -@@ -25,7 +25,7 @@ - DEFINES += -DHAVE_SNPRINTF - endif - --ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -+ifneq ($(wildcard /usr/include/sys/cdefs.h),) - DEFINES += -DHAVE_SYS_CDEFS_H - endif - diff --git a/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch b/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch index aaa524ddaf..8b69634abb 100644 --- a/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch +++ b/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch @@ -1,6 +1,6 @@ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c -+++ b/lib/ssl/ssl3con.c +--- a/nss/lib/ssl/ssl3con.c ++++ b/nss/lib/ssl/ssl3con.c @@ -85,29 +85,29 @@ static SECStatus ssl3_AESGCMBypass(ssl3K * * Important: See bug 946147 before enabling, reordering, or adding any cipher diff --git a/main/nss/ssl-renegotiate-transitional.patch b/main/nss/ssl-renegotiate-transitional.patch deleted file mode 100644 index 3796715cb0..0000000000 --- a/main/nss/ssl-renegotiate-transitional.patch +++ /dev/null @@ -1,21 +0,0 @@ -Enable transitional scheme for ssl renegotiation: - -(from mozilla/security/nss/lib/ssl/ssl.h) -Disallow unsafe renegotiation in server sockets only, but allow clients -to continue to renegotiate with vulnerable servers. -This value should only be used during the transition period when few -servers have been upgraded. - -diff --git a/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c -index f1d1921..c074360 100644 ---- a/nss/lib/ssl/sslsock.c -+++ b/nss/lib/ssl/sslsock.c -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - }; - -- cgit v1.2.3