Fix a previous unwanted merge from f18

- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources
2012-11-01 11:36:35 -07:00 · 2012-11-01 11:36:35 -07:00 · e4dd1babb0
commit e4dd1babb0
parent edf5ff0634
3 changed files with 21 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,5 +5,4 @@ blank-cert9.db
 blank-key4.db
 PayPalEE.cert
 /nss-pem-20120811.tar.bz2
 /nss-3.13.6-stripped.tar.bz2
 /nss-3.14-stripped.tar.bz2
--- a/nss-ssl-cbc-random-iv-off-by-default.patch
+++ b/nss-ssl-cbc-random-iv-off-by-default.patch
@ -1,25 +1,25 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible	2012-01-05 13:54:36.430389994 -0800
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682	2012-11-01 11:10:54.107504267 -0700
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-01-05 13:55:25.810750394 -0800
+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-11-01 11:07:36.758464814 -0700
-@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
     3,          /* enableRenegotiation (default: transitional) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
-    PR_TRUE     /* cbcRandomIV        */
+-    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
-+    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
+    PR_TRUE     /* cbcRandomIV        */
 };
- sslSessionIDLookupFunc  ssl_sid_lookup;
+ /*
-@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void)
 	                PR_TRUE));
 	}
 	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
-	if (ev && ev[0] == '0') {
+-	if (ev && ev[0] == '1') {
-	    ssl_defaults.cbcRandomIV = PR_FALSE;
+-	    ssl_defaults.cbcRandomIV = PR_TRUE;
-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+-	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
-+	if (ev && ev[0] == '1') {
+	if (ev && ev[0] == '0') {
-+	    ssl_defaults.cbcRandomIV = PR_TRUE;
+	    ssl_defaults.cbcRandomIV = PR_FALSE;
-+	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
 	}
     }
 #endif /* NSS_HAVE_GETENV */
--- a/nss.spec
+++ b/nss.spec
@ -145,8 +145,8 @@ low level services.
 %patch18 -p0 -b .646045
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
-# activate only if requested for this branch
+# activate for stable and beta branches
-%patch29 -p0 -b .770682
+#%patch29 -p0 -b .770682
 %patch40 -p1 -b .noocsptest
 %build
@ -581,10 +581,12 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 %changelog
 * Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
- Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
+- Fix a previous unwanted merge from f18
- Bug 872124 - nss 3.14 breaks fedpkg new-sources
+- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while
 - Keeping the patch disabled while we are still in rawhide and
 - State in comment that patch is needed for both stable and beta branches
 - Update .gitignore to download only the new sources
 * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
 - Fix the spec file so sechash.h gets installed
 - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14