[arch-commits] Commit in nss/trunk (4 files)
Jan de Groot
jgc at archlinux.org
Sun Mar 21 14:32:59 UTC 2010
Date: Sunday, March 21, 2010 @ 10:32:59
Author: jgc
Revision: 72887
upgpkg: nss 3.12.6-1
Update to 3.12.6 - add patch to enable ssl renegotiation support for now, the new RFC for this has not been implemented everywhere yet
Added:
nss/trunk/ssl-renegotiate-transitional.patch
Modified:
nss/trunk/PKGBUILD
nss/trunk/add_spi+cacert_ca_certs.patch
nss/trunk/nss-nolocalsql.patch
------------------------------------+
PKGBUILD | 31 ++++++++-----
add_spi+cacert_ca_certs.patch | 83 ++++++++++++++++-------------------
nss-nolocalsql.patch | 33 ++++++-------
ssl-renegotiate-transitional.patch | 21 ++++++++
4 files changed, 96 insertions(+), 72 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-03-21 13:47:02 UTC (rev 72886)
+++ PKGBUILD 2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,35 +1,42 @@
# $Id$
# Maintainer: Jan de Groot <jgc at archlinux.org>
pkgname=nss
-pkgver=3.12.4
-pkgrel=2
+pkgver=3.12.6
+pkgrel=1
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
url="http://www.mozilla.org/projects/security/pki/nss/"
license=('MPL' 'GPL')
-_nsprver=4.8.0
-depends=('nspr>=4.8' 'sqlite3>=3.6.17' 'zlib')
+_nsprver=4.8.4
+depends=("nspr>=${_nsprver}" 'sqlite3>=3.6.17' 'zlib')
replaces=('nss-nspr')
-source=(ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgname}-${pkgver}.tar.gz
+source=(#ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgname}-${pkgver}.tar.gz
+ ftp://ftp.archlinux.org/other/nss/nss_3.12.6.orig.tar.gz
nss-nolocalsql.patch
nss-no-rpath.patch
nss.pc.in
nss-config.in
- add_spi+cacert_ca_certs.patch)
-md5sums=('1ee3ed9c1900079319bd1de51388d856'
- '1837781eed35bfb6f826cfb3efcd6409'
+ add_spi+cacert_ca_certs.patch
+ ssl-renegotiate-transitional.patch)
+md5sums=('fbba38700b460caff6acf54fc7273553'
+ '1d8305dc458d28c6f32746d9132b9873'
'e5c97db0c884d5f4cfda21e562dc9bba'
'c547b030c57fe1ed8b77c73bf52b3ded'
'46bee81908f1e5b26d6a7a2e14c64d9f'
- '0361e2d05410ab24602b5f972c9187b1')
+ 'a744b499e7da252acd9ac8ff09af3d48'
+ 'd83c7b61abb7e9f8f7bcd157183d1ade')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
- # Adds the SPI Inc. and CAcert.org CA certificates
- # patch from Debian
- patch -p1 -i "${srcdir}/add_spi+cacert_ca_certs.patch" || return 1
+ # Adds the SPI Inc. and CAcert.org CA certificates - patch from Debian
+ patch -Np1 -i "${srcdir}/add_spi+cacert_ca_certs.patch" || return 1
+ # Adds transitional SSL renegotiate support - patch from Debian
+ patch -Np1 -i "${srcdir}/ssl-renegotiate-transitional.patch" || return 1
+ # Builds against system sqlite - patch from Fedora
patch -Np0 -i "${srcdir}/nss-nolocalsql.patch" || return 1
+ # Removes rpath
patch -Np0 -i "${srcdir}/nss-no-rpath.patch" || return 1
+
unset CFLAGS
unset CXXFLAGS
export BUILD_OPT=1
Modified: add_spi+cacert_ca_certs.patch
===================================================================
--- add_spi+cacert_ca_certs.patch 2010-03-21 13:47:02 UTC (rev 72886)
+++ add_spi+cacert_ca_certs.patch 2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,63 +1,60 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 95_add_spi+cacert_ca_certs.dpatch by martin f. krafft <madduck at debian.org>
+## 95_add_spi+cacert_ca_certs.patch by martin f. krafft <madduck at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Adds the SPI Inc. and CAcert.org CA certificates
- at DPATCH@
-
diff --git a/mozilla/security/nss/lib/ckfw/builtins/certdata.c b/mozilla/security/nss/lib/ckfw/builtins/certdata.c
-index e8a52a2..7a2c031 100644
+index 2c6fdab..2fb754c 100644
--- a/mozilla/security/nss/lib/ckfw/builtins/certdata.c
+++ b/mozilla/security/nss/lib/ckfw/builtins/certdata.c
@@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
--static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $";
-+static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.54 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $";
+-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $";
++static const char CVS_ID[] = "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.58 $ $Date: 2010/02/16 22:14:35 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
-@@ -900,6 +900,24 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_280 [] = {
- static const CK_ATTRIBUTE_TYPE nss_builtins_types_281 [] = {
+@@ -1020,6 +1020,24 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_320 [] = {
+ static const CK_ATTRIBUTE_TYPE nss_builtins_types_321 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_282 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_322 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_283 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_323 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_284 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_324 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_285 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_325 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_286 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_326 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_287 [] = {
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_327 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-@@ -908,7 +926,7 @@ static const NSSItem nss_builtins_items_0 [] = {
+@@ -1028,7 +1046,7 @@ static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
-- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $", (PRUint32)160 }
-+ { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.54 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $", (PRUint32)160 }
+- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.59 $ $Date: 2010/02/16 22:14:34 $", (PRUint32)160 }
++ { (void *)"@(#) $RCSfile: certdata.txt,v $ $Revision: 1.58 $ $Date: 2010/02/16 22:14:35 $""; @(#) $RCSfile: certdata.perl,v $ $Revision: 1.12 $ $Date: 2008/01/23 07:34:49 $", (PRUint32)160 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
-@@ -18953,6 +18971,531 @@ static const NSSItem nss_builtins_items_281 [] = {
+@@ -21537,6 +21555,531 @@ static const NSSItem nss_builtins_items_321 [] = {
{ (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-+static const NSSItem nss_builtins_items_282 [] = {
++static const NSSItem nss_builtins_items_322 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -204,7 +201,7 @@
+"\103"
+, (PRUint32)1857 }
+};
-+static const NSSItem nss_builtins_items_283 [] = {
++static const NSSItem nss_builtins_items_323 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -231,7 +228,7 @@
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
-+static const NSSItem nss_builtins_items_284 [] = {
++static const NSSItem nss_builtins_items_324 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -356,7 +353,7 @@
+"\322\156\245\033\231\047\200\347\013\251\250\000"
+, (PRUint32)1548 }
+};
-+static const NSSItem nss_builtins_items_285 [] = {
++static const NSSItem nss_builtins_items_325 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -383,7 +380,7 @@
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
-+static const NSSItem nss_builtins_items_286 [] = {
++static const NSSItem nss_builtins_items_326 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -551,7 +548,7 @@
+"\243\140"
+, (PRUint32)2066 }
+};
-+static const NSSItem nss_builtins_items_287 [] = {
++static const NSSItem nss_builtins_items_327 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -585,32 +582,32 @@
builtinsInternalObject
nss_builtins_data[] = {
-@@ -19239,11 +19782,17 @@ nss_builtins_data[] = {
- { 11, nss_builtins_types_278, nss_builtins_items_278, {NULL} },
- { 13, nss_builtins_types_279, nss_builtins_items_279, {NULL} },
- { 11, nss_builtins_types_280, nss_builtins_items_280, {NULL} },
-- { 13, nss_builtins_types_281, nss_builtins_items_281, {NULL} }
-+ { 13, nss_builtins_types_281, nss_builtins_items_281, {NULL} },
-+ { 11, nss_builtins_types_282, nss_builtins_items_282, {NULL} },
-+ { 13, nss_builtins_types_283, nss_builtins_items_283, {NULL} },
-+ { 11, nss_builtins_types_284, nss_builtins_items_284, {NULL} },
-+ { 13, nss_builtins_types_285, nss_builtins_items_285, {NULL} },
-+ { 11, nss_builtins_types_286, nss_builtins_items_286, {NULL} },
-+ { 13, nss_builtins_types_287, nss_builtins_items_287, {NULL} }
+@@ -21863,11 +22406,17 @@ nss_builtins_data[] = {
+ { 11, nss_builtins_types_318, nss_builtins_items_318, {NULL} },
+ { 13, nss_builtins_types_319, nss_builtins_items_319, {NULL} },
+ { 11, nss_builtins_types_320, nss_builtins_items_320, {NULL} },
+- { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} }
++ { 13, nss_builtins_types_321, nss_builtins_items_321, {NULL} },
++ { 11, nss_builtins_types_322, nss_builtins_items_322, {NULL} },
++ { 13, nss_builtins_types_323, nss_builtins_items_323, {NULL} },
++ { 11, nss_builtins_types_324, nss_builtins_items_324, {NULL} },
++ { 13, nss_builtins_types_325, nss_builtins_items_325, {NULL} },
++ { 11, nss_builtins_types_326, nss_builtins_items_326, {NULL} },
++ { 13, nss_builtins_types_327, nss_builtins_items_327, {NULL} }
};
const PRUint32
#ifdef DEBUG
-- nss_builtins_nObjects = 281+1;
-+ nss_builtins_nObjects = 287+1;
+- nss_builtins_nObjects = 321+1;
++ nss_builtins_nObjects = 327+1;
#else
-- nss_builtins_nObjects = 281;
-+ nss_builtins_nObjects = 287;
+- nss_builtins_nObjects = 321;
++ nss_builtins_nObjects = 327;
#endif /* DEBUG */
diff --git a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-index 4f38810..77e279b 100644
+index 22ed023..a8b94dd 100644
--- a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-@@ -19536,3 +19536,558 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+@@ -22200,3 +22200,558 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
Modified: nss-nolocalsql.patch
===================================================================
--- nss-nolocalsql.patch 2010-03-21 13:47:02 UTC (rev 72886)
+++ nss-nolocalsql.patch 2010-03-21 14:32:59 UTC (rev 72887)
@@ -1,26 +1,26 @@
-diff -up mozilla/security/nss/lib/Makefile.nolocalsql mozilla/security/nss/lib/Makefile
---- mozilla/security/nss/lib/Makefile.nolocalsql 2007-11-06 15:12:37.000000000 +0100
-+++ mozilla/security/nss/lib/Makefile 2007-11-06 15:13:35.000000000 +0100
-@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
- DIRS := $(filter-out fortcrypt,$(DIRS))
+diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
+--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2010-02-27 16:40:25.891777537 -0800
++++ ./mozilla/security/nss/lib/Makefile 2010-02-27 16:41:59.175902327 -0800
+@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB
+ ZLIB_SRCDIR = zlib # Add the zlib directory to DIRS.
endif
-ifndef MOZILLA_CLIENT
-ifndef NSS_USE_SYSTEM_SQLITE
--DIRS := sqlite $(DIRS)
+-SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
-endif
-endif
+#ifndef MOZILLA_CLIENT
+#ifndef NSS_USE_SYSTEM_SQLITE
-+#DIRS := sqlite $(DIRS)
++#SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
+#endif
+#endif
- #######################################################################
- # (5) Execute "global" rules. (OPTIONAL) #
-diff -up mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql mozilla/security/nss/lib/softoken/legacydb/manifest.mn
---- mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-11-06 15:10:59.000000000 +0100
-+++ mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2007-11-06 15:11:07.000000000 +0100
+ ifndef MOZILLA_CLIENT
+ ifeq ($(OS_ARCH),Linux)
+diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2010-02-27 16:44:24.998777709 -0800
++++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2010-02-27 16:45:08.533803472 -0800
@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
@@ -34,9 +34,9 @@
CSRCS = \
dbmshim.c \
-diff -up mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql mozilla/security/nss/lib/softoken/manifest.mn
---- mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2007-11-06 15:08:14.000000000 +0100
-+++ mozilla/security/nss/lib/softoken/manifest.mn 2007-11-06 15:10:21.000000000 +0100
+diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2010-02-27 16:42:52.213902231 -0800
++++ ./mozilla/security/nss/lib/softoken/manifest.mn 2010-02-27 16:43:34.040776788 -0800
@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
@@ -49,5 +49,4 @@
+#endif
EXPORTS = \
- pkcs11.h \
-diff -up mozilla/security/nss/lib/softoken/config.mk.nolocalsql mozilla/security/nss/lib/softoken/config.mk
+ secmodt.h \
Added: ssl-renegotiate-transitional.patch
===================================================================
--- ssl-renegotiate-transitional.patch (rev 0)
+++ ssl-renegotiate-transitional.patch 2010-03-21 14:32:59 UTC (rev 72887)
@@ -0,0 +1,21 @@
+Enable transitional scheme for ssl renegotiation:
+
+(from mozilla/security/nss/lib/ssl/ssl.h)
+Disallow unsafe renegotiation in server sockets only, but allow clients
+to continue to renegotiate with vulnerable servers.
+This value should only be used during the transition period when few
+servers have been upgraded.
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* noLocks */
+ PR_FALSE, /* enableSessionTickets */
+ PR_FALSE, /* enableDeflate */
+- 2, /* enableRenegotiation (default: requires extension) */
++ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ };
+
More information about the arch-commits
mailing list