[arch-commits] Commit in nss/trunk (PKGBUILD ssl-renegotiate-transitional.patch)
Jan Steffens
heftig at archlinux.org
Thu May 28 22:13:00 UTC 2015
Date: Friday, May 29, 2015 @ 00:12:59
Author: heftig
Revision: 239865
3.19.1
Modified:
nss/trunk/PKGBUILD
Deleted:
nss/trunk/ssl-renegotiate-transitional.patch
------------------------------------+
PKGBUILD | 10 ++--------
ssl-renegotiate-transitional.patch | 21 ---------------------
2 files changed, 2 insertions(+), 29 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-05-28 21:41:45 UTC (rev 239864)
+++ PKGBUILD 2015-05-28 22:12:59 UTC (rev 239865)
@@ -3,7 +3,7 @@
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
-pkgver=3.18.1
+pkgver=3.19.1
pkgrel=1
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
@@ -18,14 +18,12 @@
bundle.sh
nss.pc.in
nss-config.in
- ssl-renegotiate-transitional.patch
legacy-certs.patch)
-sha256sums=('10d005ca1b143a8b77032a169c595d06cf42d16d54809558ea30f1ffe73fef70'
+sha256sums=('b7be709551ec13206d8e3e8c065b894fa981c11573115e9478fa051029c52fff'
'af13c30801a8a27623948206458432a4cf98061b75ff6e5b5e03912f93c034ee'
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
- '12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97'
'e5531e1620317b73a84e6526b9348c9bf93ec51c336ea4644fdf94ab60e76bc7')
prepare() {
@@ -33,14 +31,10 @@
cd nss-$pkgver
- # Adds transitional SSL renegotiate support - patch from Debian
- patch -Np3 -i ../ssl-renegotiate-transitional.patch
-
# Temporarily reenable several weak certificates until OpenSSL
# and GnuTLS manage to handle multiple intermediates
# https://bugzilla.redhat.com/show_bug.cgi?id=1144808
# https://gist.github.com/grawity/15eabf67191e17080241
- # Altered again to readd trust removed in 3.17.3
patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch
# Respect LDFLAGS
Deleted: ssl-renegotiate-transitional.patch
===================================================================
--- ssl-renegotiate-transitional.patch 2015-05-28 21:41:45 UTC (rev 239864)
+++ ssl-renegotiate-transitional.patch 2015-05-28 22:12:59 UTC (rev 239865)
@@ -1,21 +0,0 @@
-Enable transitional scheme for ssl renegotiation:
-
-(from mozilla/security/nss/lib/ssl/ssl.h)
-Disallow unsafe renegotiation in server sockets only, but allow clients
-to continue to renegotiate with vulnerable servers.
-This value should only be used during the transition period when few
-servers have been upgraded.
-
-diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index f1d1921..c074360 100644
---- a/mozilla/security/nss/lib/ssl/sslsock.c
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* noLocks */
- PR_FALSE, /* enableSessionTickets */
- PR_FALSE, /* enableDeflate */
-- 2, /* enableRenegotiation (default: requires extension) */
-+ 3, /* enableRenegotiation (default: transitional) */
- PR_FALSE, /* requireSafeNegotiation */
- };
-
More information about the arch-commits
mailing list