Commit bbb8fb43 authored by Natanael Copa's avatar Natanael Copa

main/nss: upgrade to 3.20

parent 96a0e131
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.19.2
pkgver=3.20
_ver=${pkgver//./_}
pkgrel=1
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="http://www.mozilla.org/projects/security/pki/nss/"
arch="all"
......@@ -15,8 +15,6 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src
nss.pc.in
nss-config.in
add_spi+cacert_ca_certs.patch
ssl-renegotiate-transitional.patch
fix-cdefs_h.patch
rhbz1185708-enable-ecc-ciphers-by-default.patch
"
depends_dev="nspr-dev"
......@@ -141,24 +139,18 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
md5sums="b02ffd1e8e8ef5f8512fa02d8ca9db3d nss-3.19.2.tar.gz
md5sums="db83988499d1eb3b623d77ecf495b0f5 nss-3.20.tar.gz
c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in
46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in
981e0df9e9cb7a9426b316f68911fb17 add_spi+cacert_ca_certs.patch
2412ff2e97b3ec452cb016f2506a0e08 ssl-renegotiate-transitional.patch
1f83bc41ffe34190bcc27d146c479772 fix-cdefs_h.patch
582b4b93aa8eacc7755b0b87ebf8515f rhbz1185708-enable-ecc-ciphers-by-default.patch"
sha256sums="1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae nss-3.19.2.tar.gz
d3cfe84b67e9fd7c0009f48836b1fe1f rhbz1185708-enable-ecc-ciphers-by-default.patch"
sha256sums="5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c nss-3.20.tar.gz
b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd nss.pc.in
e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9 nss-config.in
592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e add_spi+cacert_ca_certs.patch
1a49be9d7f835be737825252f50e4ee2869228eb303a087dde7fb81794b92ebd ssl-renegotiate-transitional.patch
41866089e3d085f05bc4a7e337f2f5740da4eef9021366a450a8fd111f24975c fix-cdefs_h.patch
655bacc53516469b64b8378aad0e21d91f71340872be610fe685df87cd0c9a89 rhbz1185708-enable-ecc-ciphers-by-default.patch"
sha512sums="d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d nss-3.19.2.tar.gz
5f4466b25051285ef8ab8307d69149eaa72ab36dd5ea67175a5da603a6fd4d4f rhbz1185708-enable-ecc-ciphers-by-default.patch"
sha512sums="50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 nss-3.20.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in
6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16 add_spi+cacert_ca_certs.patch
c21a82247d87d74cb27575efc517a6771476320ce412cd444e83d0782e29f82552676247da093518b07d3eb7dc67c53cd1901ee8d6f59b342d02e47784c39192 ssl-renegotiate-transitional.patch
54080ed5e66185bfb9fae6518b8f898213a00a2803900ee13a958664a7e60aee60b51f0c27176344ebf49e9c671f1f62f56280ab9e8c7f206c5df143c3a7d24c fix-cdefs_h.patch
01c4cf2bf55c9415648aa1b09686bd98c1c61095b48c25047afaf9fe3e00a814fd77a80266da758accc2bfaf3f47db3c0f3e0a268af0ac8500f0809c9f386840 rhbz1185708-enable-ecc-ciphers-by-default.patch"
905b25e7c9f844335a961f3173311b2dbd8e4de9d74a65f2e2ab71b8afcd05ffd408d85ff6d5e134126c878e7b23f0a0ccdb94478e894d8bcc6d50585b9cdcf2 rhbz1185708-enable-ecc-ciphers-by-default.patch"
--- nss-3.15.1/nss/lib/dbm/config/config.mk.orig
+++ nss-3.15.1/nss/lib/dbm/config/config.mk
@@ -25,7 +25,7 @@
DEFINES += -DHAVE_SNPRINTF
endif
-ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
+ifneq ($(wildcard /usr/include/sys/cdefs.h),)
DEFINES += -DHAVE_SYS_CDEFS_H
endif
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
--- a/nss/lib/ssl/ssl3con.c
+++ b/nss/lib/ssl/ssl3con.c
@@ -85,29 +85,29 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
*
* Important: See bug 946147 before enabling, reordering, or adding any cipher
......
Enable transitional scheme for ssl renegotiation:
(from mozilla/security/nss/lib/ssl/ssl.h)
Disallow unsafe renegotiation in server sockets only, but allow clients
to continue to renegotiate with vulnerable servers.
This value should only be used during the transition period when few
servers have been upgraded.
diff --git a/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
index f1d1921..c074360 100644
--- a/nss/lib/ssl/sslsock.c
+++ b/nss/lib/ssl/sslsock.c
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
};
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment