[packages/nss] - rel 2; Updating default maximum TLS version to 1.2
arekm
arekm at pld-linux.org
Fri Oct 17 15:47:21 CEST 2014
commit 219943bb1f70f62733a06b10fd5f78efc5c06470
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Oct 17 15:47:18 2014 +0200
- rel 2; Updating default maximum TLS version to 1.2
nss.spec | 9 +++++++--
tls12.patch | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 2 deletions(-)
---
diff --git a/nss.spec b/nss.spec
index cecb1cf..6c89ced 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@ Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
Version: 3.17.2
-Release: 1
+Release: 2
Epoch: 1
License: MPL v2.0
Group: Libraries
@@ -15,6 +15,8 @@ Source2: %{name}-config.in
Source3: http://www.cacert.org/certs/root.der
# Source3-md5: a61b375e390d9c3654eebd2031461f6b
Patch0: %{name}-Makefile.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch1: tls12.patch
URL: http://www.mozilla.org/projects/security/pki/nss/
BuildRequires: nspr-devel >= %{nspr_ver}
BuildRequires: nss-tools
@@ -22,8 +24,8 @@ BuildRequires: perl-base
BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
BuildConflicts: mozilla < 0.9.6-3
-Requires: nspr >= %{nspr_ver}
Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
+Requires: nspr >= %{nspr_ver}
Obsoletes: libnss3
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -96,6 +98,9 @@ Biblioteka kryptograficzna freebl dla bibliotek NSS.
%prep
%setup -q
%patch0 -p1
+cd nss
+%patch1 -p1
+cd ..
%if 0%{!?debug:1}
# strip before signing
diff --git a/tls12.patch b/tls12.patch
new file mode 100644
index 0000000..0293383
--- /dev/null
+++ b/tls12.patch
@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson at gmail.com>
+# Date 1413479112 25200
+# Thu Oct 16 10:05:12 2014 -0700
+# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
+# Parent 24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
+Bug 1083900 - Updating default maximum version to 1.2
+
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
+ PR_FALSE /* enableFallbackSCSV */
+ };
+
+ /*
+ * default range of enabled SSL/TLS protocols
+ */
+ static SSLVersionRange versions_defaults_stream = {
+ SSL_LIBRARY_VERSION_3_0,
+- SSL_LIBRARY_VERSION_TLS_1_0
++ SSL_LIBRARY_VERSION_TLS_1_2
+ };
+
+ static SSLVersionRange versions_defaults_datagram = {
+ SSL_LIBRARY_VERSION_TLS_1_1,
+- SSL_LIBRARY_VERSION_TLS_1_1
++ SSL_LIBRARY_VERSION_TLS_1_2
+ };
+
+ #define VERSIONS_DEFAULTS(variant) \
+ (variant == ssl_variant_stream ? &versions_defaults_stream : \
+ &versions_defaults_datagram)
+
+ sslSessionIDLookupFunc ssl_sid_lookup;
+ sslSessionIDCacheFunc ssl_sid_cache;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nss.git/commitdiff/219943bb1f70f62733a06b10fd5f78efc5c06470
More information about the pld-cvs-commit
mailing list