Elio Maldonado
34058a2a6e
Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0
...
- Bug 1284095 - all https fails with sec_error_no_token
2015-11-20 14:39:49 -08:00
Elio Maldonado
66122a0ff7
Add references to bugs filed upstream
2015-11-15 10:51:54 -08:00
Elio Maldonado
03da09b383
Enclose the _isa_bits check inside a %ifnarch noarch ... %endif one
2015-11-14 14:49:57 -08:00
Elio Maldonado
69b02be530
Change the test to %if 0%{__isa_bits} == 64 as required in fedora
...
- As done in the patch contributed by Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit architectures
2015-11-14 11:32:57 -08:00
Elio Maldonado
0a91ce3fe8
Complete the commits to update to NSS 3.21
...
- Add files missed in previous commit as they weren't staged
- Package listsuites as part of the unsupported tools set
- Resolves: Bug 1279912 - nss-3.21 is available
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
2015-11-13 18:03:07 -08:00
Elio Maldonado
75207789dc
Update to NSS 3.20.1
2015-10-31 08:55:27 -07:00
Elio Maldonado
82653be6b2
Enable ECC cipher-suites by default [hrbz#1185708]
...
- Split the enabling patch in two for easier maintenance
- Remove unused patches rendered obsolete by prior rebase
2015-09-30 11:34:48 -07:00
Elio Maldonado
ae64727ebb
Enable ECC cipher-suites by default [hrbz#1185708]
...
- Implement corrections requested in code review
2015-09-16 09:25:43 -07:00
Elio Maldonado
a046ce773a
Enable ECC cipher-suites by default [hrbz#1185708]
2015-09-15 16:21:10 -07:00
Elio Maldonado
17f536942a
- Fix patches that disable ssl2 and export cipher suites support
...
- Fix libssl patch that disables ssl2 & export cipher suites not disable RSA_WITH_NULL ciphers
- Fix syntax erros in patch to skip ssl2 and export cipher suite tests to only skip what;s needed
- Turn ssl2 off by default in the tstclnt tool
- Disable ssl stress tests containing TLS RC4 128 with MD5
- Resolves: Bug 1263005
2015-09-14 18:15:13 -07:00
Elio Maldonado
b10f7b1f18
Fix the version number in last %%changelog entry to be NSS 3.20
2015-08-20 15:15:28 -07:00
Elio Maldonado
c4f83dca30
Update to NSS 3.120
2015-08-20 13:50:06 -07:00
Elio Maldonado
8b92dbf50e
Update to NSS 3.19.3
...
- Resolves: Bug 1251624 - nss-3.19.3 is available
2015-08-07 21:13:01 -07:00
Elio Maldonado
f35af25385
Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers
...
- Enhancement from Kai Engert already used on RHEL-7
2015-06-26 14:53:21 -07:00
Kai Engert
0779a363b4
Update to NSS 3.19.2
2015-06-17 21:15:31 +02:00
Kai Engert
3a7ef4801d
Update to NSS 3.19.1
2015-05-28 22:28:05 +02:00
Kai Engert
856e33f728
Update to NSS 3.19
2015-05-19 21:07:35 +02:00
Kai Engert
a58533f703
Replace expired test certificates, upstream bug 1151037
2015-05-15 16:23:25 +02:00
Elio Maldonado
f59c0d1275
Update to nss-3.18.0
...
- Resolves: Bug 1203689 - nss-3.18 is available
2015-03-19 09:52:30 -07:00
Elio Maldonado
9b7199b3db
Disable export suites and SSL2 support at build time
...
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-03-03 14:35:20 -08:00
Till Maas
fa80ce0efb
Rebuilt for Fedora 23 Change
...
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 22:27:31 +01:00
Elio Maldonado
8687a87da5
Commented out the export NSS_NO_SSL2=1 line to not disable ssl2
...
- Backing out from disabling ssl2 until the patches are fixed
2015-02-09 17:52:50 -08:00
Elio Maldonado
8cfb70a447
Disable SSL2 support at build time
...
- Fix syntax errors in various shell scripts
- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites
2015-02-08 18:30:17 -08:00
Elio Maldonado
8c142e52fe
Update to nss-3.17.4
...
- remove a patch rendered obsolete by the rebase
2015-01-28 17:23:35 -08:00
Ville Skyttä
c70e45537d
Own the %{_datadir}/doc/nss-tools dir
...
https://bugzilla.redhat.com/show_bug.cgi?id=1185573
2015-01-27 13:16:42 +02:00
Elio Maldonado
62096f81c3
Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
...
- Install pp man page in %{_datadir}/doc/nss-tools/pp.1
- Use %{_mandir} instead of /usr/share/man as more generic
2014-12-16 07:43:44 -08:00
Elio Maldonado
a60e3001fe
Install pp man page in alternative location
...
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
2014-12-15 08:26:07 -08:00
Elio Maldonado
a7df0838aa
Update to nss-3.17.3
...
- Resolves: Bug 1171012 - nss-3.17.3 is available
2014-12-05 07:32:38 -08:00
Elio Maldonado
3e2a0ea4de
Resolves: Bug 994599 - Enable TLS 1.2 by default
2014-10-16 16:36:18 -07:00
Elio Maldonado
1765d80a6c
Update to nss-3.17.2
2014-10-12 09:06:05 -07:00
Kai Engert
0ac07fb221
- Update to nss-3.17.1
...
- Add a mechanism to skip test suite execution during development work
2014-09-25 02:12:48 +02:00
Kevin Fenzi
64ca89cbe4
Rebuild for rpm bug 1131960
2014-08-21 11:48:33 -06:00
Elio Maldonado
3e02cae346
Update to nss-3.17.0
...
- Update the iquote.patch on account of the rebase
2014-08-19 10:38:45 -07:00
Peter Robinson
db7f9bfa50
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 12:21:01 +00:00
Elio Maldonado
eaa519320e
Replace expired PayPal test cert with current one to prevent build failure
...
- Using the new cert checked in upstream
- See https://hg.mozilla.org/projects/nss/rev/756ccadf33b3
2014-07-30 11:48:10 -07:00
Tom Callaway
8025e7be74
fix license handling
2014-07-18 18:52:34 -04:00
Elio Maldonado
fd6a1f2171
Update to nss-3.16.2
...
- Resolves: Bug 1114319 - nss-3.16.2 is available
- Remove no longer needed patch
2014-06-29 10:50:40 -07:00
Elio Maldonado
60816050f2
Remove unwanted source directories at the end of %prep so it truly does it
...
- Skip the cipher suite already run as part of the nss-softokn build
- Brings spec file fixes already approved and applied on rhel-6.6
2014-06-15 10:28:18 -07:00
Dennis Gilmore
296fce6af9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 10:09:47 -05:00
Jaromir Capik
f94fcb299b
Replacing ppc64 and ppc64le with the power64 macro
...
- Related: Bug 1052545 - Trivial change for ppc64le in nss spec
2014-05-12 20:09:13 +02:00
Elio Maldonado
4d04992e9a
Update to nss-3.16.1
...
- Update the iquote patch on account of the rebase
- Improve error detection in the %section
- Resolves: Bug 1094702 - nss-3.16.1 is available
2014-05-06 09:32:26 -07:00
Elio Maldonado
37a942df5c
Require nspr-4.10.4
2014-03-19 08:45:26 -07:00
Elio Maldonado
0834927548
Update to nss-3.16.0
...
- Cleanup the copying of the tools man pages
- Update the iquote.patch on account of the rebase
2014-03-18 17:27:02 -07:00
Elio Maldonado
8b13702a67
Restore requiring nss_softokn_version >= 3.15.5
2014-03-04 07:33:25 -08:00
Elio Maldonado
4f24d9e6c9
Remove reference to a patch that we aren't yet ready to apply.
2014-02-23 19:02:24 -08:00
Elio Maldonado
23d7297fce
Temporarily requiring only nss_softokn_version >= 3.15.4
...
- This until a koji build environment prprobmem which that causes i686 nss-softokn builds
- to fail is resolved
- nss-softokn-3.15.5 has the same code as nss-softokn-3.15.4
2014-02-23 18:55:11 -08:00
Elio Maldonado
9b8380a073
Update to nss-3.15.5
...
- Fix location of sharedb files and their manpages
- Move cert9.db, key4.db, and pkcs11.txt to the main package
- Move nss-sysinit manpages tar archives to the main package
- Resolves: Bug 1066877 - nss-3.15.5 is available
- Resolves: Bug 1067091 - Move sharedb files to the %files section
2014-02-19 13:28:37 -08:00
Elio Maldonado
4c076bc0cd
Revert previous change that moved some sysinit manpages
...
- Restore nss-sysinit manpages tar archives to %files sysinit
- Removing spurious wildcard entry was the only change needed
2014-02-06 15:33:20 -08:00
Elio Maldonado
4fb9d07b7f
Add explanatory comments for iquote.patch as was done on f20
...
- The reason for this running patch is far from obvious.
- Helps code reviwers as the patch sometimes needs updating
- when doing rebases to nss that introduce new functions.
2014-01-27 07:51:27 -08:00
Elio Maldonado
a25fc11743
Update pem sources to latest from nss-pem upstream
...
- Update picks up pem fixes verified on RHEL and applied upstream
- Fix a problem where same files in two rpms created rpm conflict
- Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1050163
- Move some nss-sysinit manpages tar archives to the %files the
- All man pages are listed by name so there shouldn't be wildcard inclusion
- Add support for ppc64le, Resolves: Bug 1052545
2014-01-25 10:57:37 -08:00
Peter Robinson
5d65d327f1
ARM tests pass so remove ARM conditional
2014-01-20 18:48:37 +00:00
Elio Maldonado
7285eaab48
Regenerated pem patch to be suitable for submission to interim upstream pem
2014-01-08 10:24:30 -08:00
Elio Maldonado
569d439b91
Update two patches due to upstream changes
...
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
- Update iquote.patch on account of upstream changes
- Resolves: Bug 1049229 - nss-3.15.4 is available
2014-01-07 13:48:44 -08:00
Elio Maldonado
aae9602c01
Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
...
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
2014-01-07 06:13:53 -08:00
Elio Maldonado
b5567867a7
- Resolves: Bug 1040192 - nss-3.15.3.1 is available
2013-12-11 10:41:54 -08:00
Elio Maldonado
4f6555074f
Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
...
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA
2013-117)
2013-12-11 08:37:47 -08:00
Elio Maldonado
f37654e052
Bump the release tag
2013-12-03 14:12:35 -08:00
Elio Maldonado
49e209f91d
Install symlink to setup-nsssysinit.sh, without the ".sh" suffix, that matches the man page documentation
2013-11-26 14:15:45 -08:00
Elio Maldonado
67a7a21b0e
Update to NSS_3_15_3_RTM
...
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
2013-11-26 10:36:24 -08:00
Elio Maldonado
658733b0d3
Bump the minimum required verion of nss-util and nss-softokn to 3.15.3
2013-11-23 21:06:02 -08:00
Elio Maldonado
db7fe53123
Update to NSS_3_15_3_RTM
...
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
2013-11-23 20:47:19 -08:00
Elio Maldonado
a6a13f1a66
Bump the release tag
2013-10-27 11:04:28 -07:00
Elio Maldonado
4b2b74e5e0
Revert one change from last commit to preserve full nss pluggable ecc supprt
2013-10-27 11:00:35 -07:00
Elio Maldonado
74d9e91174
Remove obsolete NSS_ECC_MORE_THAN_SUITE_B=1 export. It has no effect.
2013-10-23 11:38:39 -07:00
Elio Maldonado
306dd778f4
Use the full sources from upstream
...
- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
2013-10-23 09:53:20 -07:00
Elio Maldonado
9b70717281
- Update to NSS_3_15_2_RTM
...
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
- On CERT_GetKeyType a const qualifier was added to the input parameter and this we must include
- the cert.h from the build tree intead of the one in system/buildroot which is not up to date yet
2013-09-27 11:32:01 -07:00
Elio Maldonado
8f6f357e88
Update to NSS_3_15_2_RTM
2013-09-27 09:50:45 -07:00
Elio Maldonado
33f25f5720
Fix the release tag to be Release: 7%{?dist}
2013-08-28 15:08:50 -07:00
Elio Maldonado
da85237ace
Update pem sources to pick up a patch applied upstream which a faulty merge had missed
...
- The pem module should not require unique file basenames
2013-08-28 12:59:23 -07:00
Elio Maldonado
1c902d0023
Fix the version of nss-pem source tar ball to use
2013-08-27 21:17:53 -07:00
Elio Maldonado
2c648570aa
Update pem sources to the latest from interim upstream
2013-08-27 21:08:54 -07:00
Elio Maldonado
b4e6e308a6
Resolves: rhbz#996639 - Minor bugs in nss man pages
...
- Fix some typos and improve description and see also sections
2013-08-19 11:56:32 -07:00
Elio Maldonado
5761e30a94
Cleanup spec file to address most rpmlint errors and warnings
...
- Using double percent symbols to fix macro-in-comment warnings
- Ignore unversioned-explicit-provides nss-system-init per spec comments
- Ignore invalid-url Source0 as it comes from the git lookaside cache
- Ignore invalid-url Source12 as it comes from the git lookaside cache
2013-08-11 12:16:20 -07:00
Elio Maldonado
3888f3b230
Add man page for pkcs11.txt configuration file and cert and key databases
...
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
2013-07-25 14:21:44 -07:00
Elio Maldonado
8ae46fa97f
Fix errors in the man pages
...
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
2013-07-19 10:42:57 -07:00
Elio Maldonado
cf4a750103
Update to NSS_3_15_1_RTM
...
- Enable the iquote.patch to access newly introduced types
- New types and constants added to sslprot.h, sslerr.h, and sslt.h require thhe in-tree headers to be picked up first
2013-07-02 15:15:25 -07:00
Elio Maldonado
8943f1ad54
Update to NSS_3_15_RTM
2013-07-02 13:44:44 -07:00
Elio Maldonado
efdced7007
Revert "Reenable patches required for compatibility on stable fedora branches"
...
This reverts commit 65efb2c2f3
.
That commit wasn't untended for this branch
2013-06-23 19:39:13 -07:00
Elio Maldonado
65efb2c2f3
Reenable patches required for compatibility on stable fedora branches
...
- Reenable nss-ssl-enforce-no-pkcs11-bypass.path
- Renable nss-ssl-cbc-random-iv-off-by-default.patch
2013-06-23 19:00:21 -07:00
Elio Maldonado
b8273ce04c
Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
...
- Resolves: rhbz#606020 - nss security tools lack man pages
2013-06-19 20:32:27 -07:00
Elio Maldonado
e36079dd45
Build nss without softoken or util sources in the tree
...
- Resolves: rhbz#689918
2013-06-18 17:45:38 -07:00
Elio Maldonado
41e94360c9
Update ssl-cbc-random-iv-by-default.patch
...
- Added a missing comma
2013-06-17 16:23:06 -07:00
Elio Maldonado
2f66633263
Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
...
- These were blank in nss-config causing build failures on client paclages
- Reported by Martin Stransky when a xulrunner build failed
2013-06-16 10:07:11 -07:00
Elio Maldonado
f6ec57311f
Update to NSS_3_15_RTM
2013-06-15 12:48:12 -07:00
Elio Maldonado
2249db62a6
Fix incorrect path that hid failed test from view
...
- Add ocsp to the test suites to run but ...
- Temporarily disable the ocsp stapling tests
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
2013-04-24 18:46:52 -07:00
Elio Maldonado
2a8c1318ea
Update to NSS_3_15_BETA1
...
- Update spec file, patches, and helper scripts on account of a shallower source tree
- Update the pem sources also to adjust to the sallower source for nss
2013-04-09 16:14:36 -07:00
Kai Engert
59b5d52d9e
* Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
...
- Update expired test certificates (fixed in upstream bug 852781)
2013-03-24 00:28:39 +01:00
Kai Engert
21e8668243
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
...
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
2013-03-08 23:34:55 +01:00
Kai Engert
7b5d7ea05f
* Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
...
- Configure libnssckbi.so to use the alternatives system
in order to prepare for a drop in replacement.
2013-03-06 00:49:27 +01:00
Elio Maldonado
b03345792c
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails,
patch contributed by Nalin Dahyabhai
2013-02-17 20:02:37 -08:00
Elio Maldonado
0370142fd0
Add pem module fix, spec file support for AArch64 and document additional fix
...
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
2013-02-16 15:02:25 -08:00
Elio Maldonado
b3f05b9f44
Update to NSS_3_14_3_RTM
...
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- these changes are in experimental RSA OAEP code currently in a state of flux
- and required for the PEM module to compile with the nss 3.4.3 update
2013-02-15 15:34:49 -08:00
Elio Maldonado
96957e805a
Allow building nss softoken against older sqlite
...
- Adding a patch already applied upstream by Kai Engert
2013-02-04 15:12:54 -08:00
Elio Maldonado
7a7f48e712
Reenable patch to run the freebl tests that were ron as part of the nss-softokn build
...
- continue turning off the ocsp tests
2013-02-01 13:39:03 -08:00
Elio Maldonado
830ee96f85
Update to NSS_3_14_2_RTM
...
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
2013-02-01 11:24:15 -08:00
Kai Engert
ca00551ea7
- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
2013-01-03 19:17:24 +01:00
Elio Maldonado
b13dc44579
Require nspr >= 4.9.4
...
- Fix changelog invalid dates
- Patch highlights nss-softoken tests we plan to disable in upcoming release
2012-12-22 17:50:41 -08:00
Elio Maldonado
5a0d6572e1
Update to NSS_3_14_1_RTM
...
- added a patch to not compile the softoken/freebl tests
- needed due to upstream changes to coreconf
- to be addjusted or removed if patch to enabled building nss without softoken is accepted upstream
2012-12-16 22:25:51 -08:00
Elio Maldonado
edea054ffc
Bug 879978 - Install the nssck.api header template where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3/templates, otherwise it won't install
2012-12-11 21:26:58 -08:00
Elio Maldonado
461744f676
Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it
...
- Install nssck.api in /usr/includes/nss3
2012-11-27 21:55:17 -08:00