[arch-commits] Commit in nss/trunk (4 files)

Jan de Groot jgc at archlinux.org
Sun Mar 21 14:32:59 UTC 2010


    Date: Sunday, March 21, 2010 @ 10:32:59
  Author: jgc
Revision: 72887

upgpkg: nss 3.12.6-1
Update to 3.12.6 - add patch to enable ssl renegotiation support for now, the new RFC for this has not been implemented everywhere yet

Added:
  nss/trunk/ssl-renegotiate-transitional.patch
Modified:
  nss/trunk/PKGBUILD
  nss/trunk/add_spi+cacert_ca_certs.patch
  nss/trunk/nss-nolocalsql.patch

------------------------------------+
 PKGBUILD                           |   31 ++++++++-----
 add_spi+cacert_ca_certs.patch      |   83 ++++++++++++++++-------------------
 nss-nolocalsql.patch               |   33 ++++++-------
 ssl-renegotiate-transitional.patch |   21 ++++++++
 4 files changed, 96 insertions(+), 72 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-03-21 13:47:02 UTC (rev 72886)
+++ PKGBUILD	2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,35 +1,42 @@
 # $Id$
 # Maintainer: Jan de Groot <jgc at archlinux.org>
 pkgname=nss
-pkgver=3.12.4
-pkgrel=2
+pkgver=3.12.6
+pkgrel=1
 pkgdesc="Mozilla Network Security Services"
 arch=(i686 x86_64)
 url="http://www.mozilla.org/projects/security/pki/nss/"
 license=('MPL' 'GPL')
-_nsprver=4.8.0
-depends=('nspr>=4.8' 'sqlite3>=3.6.17' 'zlib')
+_nsprver=4.8.4
+depends=("nspr>=${_nsprver}" 'sqlite3>=3.6.17' 'zlib')
 replaces=('nss-nspr')
-source=(ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgname}-${pkgver}.tar.gz
+source=(#ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgname}-${pkgver}.tar.gz
+        ftp://ftp.archlinux.org/other/nss/nss_3.12.6.orig.tar.gz
         nss-nolocalsql.patch
         nss-no-rpath.patch
         nss.pc.in
         nss-config.in
-        add_spi+cacert_ca_certs.patch)
-md5sums=('1ee3ed9c1900079319bd1de51388d856'
-         '1837781eed35bfb6f826cfb3efcd6409'
+        add_spi+cacert_ca_certs.patch
+        ssl-renegotiate-transitional.patch)
+md5sums=('fbba38700b460caff6acf54fc7273553'
+         '1d8305dc458d28c6f32746d9132b9873'
          'e5c97db0c884d5f4cfda21e562dc9bba'
          'c547b030c57fe1ed8b77c73bf52b3ded'
          '46bee81908f1e5b26d6a7a2e14c64d9f'
-         '0361e2d05410ab24602b5f972c9187b1')
+         'a744b499e7da252acd9ac8ff09af3d48'
+         'd83c7b61abb7e9f8f7bcd157183d1ade')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
-  # Adds the SPI Inc. and CAcert.org CA certificates
-  # patch from Debian
-  patch -p1 -i "${srcdir}/add_spi+cacert_ca_certs.patch" || return 1
+  # Adds the SPI Inc. and CAcert.org CA certificates - patch from Debian
+  patch -Np1 -i "${srcdir}/add_spi+cacert_ca_certs.patch" || return 1
+  # Adds transitional SSL renegotiate support - patch from Debian
+  patch -Np1 -i "${srcdir}/ssl-renegotiate-transitional.patch" || return 1
+  # Builds against system sqlite - patch from Fedora
   patch -Np0 -i "${srcdir}/nss-nolocalsql.patch" || return 1
+  # Removes rpath
   patch -Np0 -i "${srcdir}/nss-no-rpath.patch" || return 1
+
   unset CFLAGS
   unset CXXFLAGS
   export BUILD_OPT=1

Modified: add_spi+cacert_ca_certs.patch
===================================================================
--- add_spi+cacert_ca_certs.patch	2010-03-21 13:47:02 UTC (rev 72886)
+++ add_spi+cacert_ca_certs.patch	2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,63 +1,60 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 95_add_spi+cacert_ca_certs.dpatch by martin f. krafft <madduck at debian.org>
+## 95_add_spi+cacert_ca_certs.patch by martin f. krafft <madduck at debian.org>
 ##
 ## All lines beginning with `## DP:' are a description of the patch.
 ## DP: Adds the SPI Inc. and CAcert.org CA certificates
 
- at DPATCH@
-
 diff --git a/mozilla/security/nss/lib/ckfw/builtins/certdata.c b/mozilla/security/nss/lib/ckfw/builtins/certdata.c
-index e8a52a2..7a2c031 100644
+index 2c6fdab..2fb754c 100644
 --- a/mozilla/security/nss/lib/ckfw/builtins/certdata.c
 +++ b/mozilla/security/nss/lib/ckfw/builtins/certdata.c
 @@ -35,7 +35,7 @@
   *
   * ***** END LICENSE BLOCK ***** */
  #ifdef DEBUG
--static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $";
-+static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.54 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $";
+-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $";
++static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.58 $ $Date: 2010/02/16 22:14:35 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $";
  #endif /* DEBUG */
  
  #ifndef BUILTINS_H
-@@ -900,6 +900,24 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_280 [] = {
- static const CK_ATTRIBUTE_TYPE nss_builtins_types_281 [] = {
+@@ -1020,6 +1020,24 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_320 [] = {
+ static const CK_ATTRIBUTE_TYPE nss_builtins_types_321 [] = {
   CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
  };
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_282 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_322 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 +};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_283 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_323 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 +};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_284 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_324 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 +};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_285 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_325 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 +};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_286 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_326 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 +};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_287 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_327 [] = {
 + CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 +};
  #ifdef DEBUG
  static const NSSItem nss_builtins_items_0 [] = {
    { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-@@ -908,7 +926,7 @@ static const NSSItem nss_builtins_items_0 [] = {
+@@ -1028,7 +1046,7 @@ static const NSSItem nss_builtins_items_0 [] = {
    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
    { (void *)"CVS ID", (PRUint32)7 },
    { (void *)"NSS", (PRUint32)4 },
--  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $", (PRUint32)160 }
-+  { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.54 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $", (PRUint32)160 }
+-  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $", (PRUint32)160 }
++  { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.58 $ $Date: 2010/02/16 22:14:35 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $", (PRUint32)160 }
  };
  #endif /* DEBUG */
  static const NSSItem nss_builtins_items_1 [] = {
-@@ -18953,6 +18971,531 @@ static const NSSItem nss_builtins_items_281 [] = {
+@@ -21537,6 +21555,531 @@ static const NSSItem nss_builtins_items_321 [] = {
    { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) },
    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
  };
-+static const NSSItem nss_builtins_items_282 [] = {
++static const NSSItem nss_builtins_items_322 [] = {
 +  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -204,7 +201,7 @@
 +"\103"
 +, (PRUint32)1857 }
 +};
-+static const NSSItem nss_builtins_items_283 [] = {
++static const NSSItem nss_builtins_items_323 [] = {
 +  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -231,7 +228,7 @@
 +  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
 +};
-+static const NSSItem nss_builtins_items_284 [] = {
++static const NSSItem nss_builtins_items_324 [] = {
 +  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -356,7 +353,7 @@
 +"\322\156\245\033\231\047\200\347\013\251\250\000"
 +, (PRUint32)1548 }
 +};
-+static const NSSItem nss_builtins_items_285 [] = {
++static const NSSItem nss_builtins_items_325 [] = {
 +  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -383,7 +380,7 @@
 +  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
 +};
-+static const NSSItem nss_builtins_items_286 [] = {
++static const NSSItem nss_builtins_items_326 [] = {
 +  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -551,7 +548,7 @@
 +"\243\140"
 +, (PRUint32)2066 }
 +};
-+static const NSSItem nss_builtins_items_287 [] = {
++static const NSSItem nss_builtins_items_327 [] = {
 +  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
 +  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
 +  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -585,32 +582,32 @@
  
  builtinsInternalObject
  nss_builtins_data[] = {
-@@ -19239,11 +19782,17 @@ nss_builtins_data[] = {
-   { 11, nss_builtins_types_278, nss_builtins_items_278, {NULL} },
-   { 13, nss_builtins_types_279, nss_builtins_items_279, {NULL} },
-   { 11, nss_builtins_types_280, nss_builtins_items_280, {NULL} },
--  { 13, nss_builtins_types_281, nss_builtins_items_281, {NULL} }
-+  { 13, nss_builtins_types_281, nss_builtins_items_281, {NULL} },
-+  { 11, nss_builtins_types_282, nss_builtins_items_282, {NULL} },
-+  { 13, nss_builtins_types_283, nss_builtins_items_283, {NULL} },
-+  { 11, nss_builtins_types_284, nss_builtins_items_284, {NULL} },
-+  { 13, nss_builtins_types_285, nss_builtins_items_285, {NULL} },
-+  { 11, nss_builtins_types_286, nss_builtins_items_286, {NULL} },
-+  { 13, nss_builtins_types_287, nss_builtins_items_287, {NULL} }
+@@ -21863,11 +22406,17 @@ nss_builtins_data[] = {
+   { 11, nss_builtins_types_318, nss_builtins_items_318, {NULL} },
+   { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} },
+   { 11, nss_builtins_types_320, nss_builtins_items_320, {NULL} },
+-  { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} }
++  { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} },
++  { 11, nss_builtins_types_322, nss_builtins_items_322, {NULL} },
++  { 13, nss_builtins_types_323, nss_builtins_items_323, {NULL} },
++  { 11, nss_builtins_types_324, nss_builtins_items_324, {NULL} },
++  { 13, nss_builtins_types_325, nss_builtins_items_325, {NULL} },
++  { 11, nss_builtins_types_326, nss_builtins_items_326, {NULL} },
++  { 13, nss_builtins_types_327, nss_builtins_items_327, {NULL} }
  };
  const PRUint32
  #ifdef DEBUG
--  nss_builtins_nObjects = 281+1;
-+  nss_builtins_nObjects = 287+1;
+-  nss_builtins_nObjects = 321+1;
++  nss_builtins_nObjects = 327+1;
  #else
--  nss_builtins_nObjects = 281;
-+  nss_builtins_nObjects = 287;
+-  nss_builtins_nObjects = 321;
++  nss_builtins_nObjects = 327;
  #endif /* DEBUG */
 diff --git a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-index 4f38810..77e279b 100644
+index 22ed023..a8b94dd 100644
 --- a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
 +++ b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-@@ -19536,3 +19536,558 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+@@ -22200,3 +22200,558 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
  CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
  CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

Modified: nss-nolocalsql.patch
===================================================================
--- nss-nolocalsql.patch	2010-03-21 13:47:02 UTC (rev 72886)
+++ nss-nolocalsql.patch	2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,26 +1,26 @@
-diff -up mozilla/security/nss/lib/Makefile.nolocalsql mozilla/security/nss/lib/Makefile
---- mozilla/security/nss/lib/Makefile.nolocalsql	2007-11-06 15:12:37.000000000 +0100
-+++ mozilla/security/nss/lib/Makefile	2007-11-06 15:13:35.000000000 +0100
-@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
- DIRS := $(filter-out fortcrypt,$(DIRS))
+diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
+--- ./mozilla/security/nss/lib/Makefile.nolocalsql	2010-02-27 16:40:25.891777537 -0800
++++ ./mozilla/security/nss/lib/Makefile	2010-02-27 16:41:59.175902327 -0800
+@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB
+ ZLIB_SRCDIR = zlib  # Add the zlib directory to DIRS.
  endif
  
 -ifndef MOZILLA_CLIENT
 -ifndef NSS_USE_SYSTEM_SQLITE
--DIRS := sqlite $(DIRS)
+-SQLITE_SRCDIR = sqlite  # Add the sqlite directory to DIRS.
 -endif
 -endif
 +#ifndef MOZILLA_CLIENT
 +#ifndef NSS_USE_SYSTEM_SQLITE
-+#DIRS := sqlite $(DIRS)
++#SQLITE_SRCDIR = sqlite  # Add the sqlite directory to DIRS.
 +#endif
 +#endif
  
- #######################################################################
- # (5) Execute "global" rules. (OPTIONAL)                              #
-diff -up mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql mozilla/security/nss/lib/softoken/legacydb/manifest.mn
---- mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2007-11-06 15:10:59.000000000 +0100
-+++ mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2007-11-06 15:11:07.000000000 +0100
+ ifndef MOZILLA_CLIENT
+ ifeq ($(OS_ARCH),Linux)
+diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2010-02-27 16:44:24.998777709 -0800
++++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2010-02-27 16:45:08.533803472 -0800
 @@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
  
  DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
@@ -34,9 +34,9 @@
  
  CSRCS = \
  	dbmshim.c \
-diff -up mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql mozilla/security/nss/lib/softoken/manifest.mn
---- mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2007-11-06 15:08:14.000000000 +0100
-+++ mozilla/security/nss/lib/softoken/manifest.mn	2007-11-06 15:10:21.000000000 +0100
+diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2010-02-27 16:42:52.213902231 -0800
++++ ./mozilla/security/nss/lib/softoken/manifest.mn	2010-02-27 16:43:34.040776788 -0800
 @@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
  
  DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
@@ -49,5 +49,4 @@
 +#endif
  
  EXPORTS = \
- 	pkcs11.h \
-diff -up mozilla/security/nss/lib/softoken/config.mk.nolocalsql mozilla/security/nss/lib/softoken/config.mk
+ 	secmodt.h \

Added: ssl-renegotiate-transitional.patch
===================================================================
--- ssl-renegotiate-transitional.patch	                        (rev 0)
+++ ssl-renegotiate-transitional.patch	2010-03-21 14:32:59 UTC (rev 72887)
@@ -0,0 +1,21 @@
+Enable transitional scheme for ssl renegotiation:
+
+(from mozilla/security/nss/lib/ssl/ssl.h)
+Disallow unsafe renegotiation in server sockets only, but allow clients
+to continue to renegotiate with vulnerable servers.
+This value should only be used during the transition period when few
+servers have been upgraded.
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,   /* noLocks            */
+     PR_FALSE,   /* enableSessionTickets */
+     PR_FALSE,   /* enableDeflate      */
+-    2,          /* enableRenegotiation (default: requires extension) */
++    3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+ };
+ 




More information about the arch-commits mailing list