rpms/nss/devel nss-3_11_20060905.patch,NONE,1.1 nss.spec,1.15,1.16

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Sep 6 21:16:49 UTC 2006


Author: kengert

Update of /cvs/dist/rpms/nss/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29393

Modified Files:
	nss.spec 
Added Files:
	nss-3_11_20060905.patch 
Log Message:
* Wed Sep 06 2006 Kai Engert <kengert at redhat.com> - 3.11.2-3
- Update to snapshot NSS_3_11_20060905_TAG, which
  includes fixes for an RSA signature verification flaw.


nss-3_11_20060905.patch:
 coreconf/jdk.mk              |   25 
 coreconf/rules.mk            |    8 
 nss/cmd/lib/secutil.c        |   19 
 nss/cmd/lib/secutil.h        |    2 
 nss/cmd/pk11mode/Makefile    |   93 
 nss/cmd/pk11mode/manifest.mn |   55 
 nss/cmd/pk11mode/pk11mode.c  | 5192 +++++++++++++++++++++++++++++++++++++++++++
 nss/cmd/ssltap/ssltap.c      |  165 -
 nss/lib/base/arena.c         |   10 
 nss/lib/certdb/stanpcertdb.c |   33 
 nss/lib/certhigh/ocsp.c      |   25 
 nss/lib/crmf/challcli.c      |   51 
 nss/lib/crmf/crmfpop.c       |    4 
 nss/lib/cryptohi/secvfy.c    |   11 
 nss/lib/freebl/Makefile      |   32 
 nss/lib/freebl/config.mk     |    4 
 nss/lib/freebl/mpi/mpmontg.c |  146 -
 nss/lib/freebl/unix_rand.c   |  134 +
 nss/lib/nss/nss.h            |   10 
 nss/lib/pk11wrap/pk11cert.c  |   29 
 nss/lib/pki/certificate.c    |   39 
 nss/lib/pki/cryptocontext.c  |   28 
 nss/lib/pki/nsspki.h         |   23 
 nss/lib/pki/pki3hack.c       |  107 
 nss/lib/pki/pkibase.c        |  128 -
 nss/lib/pki/pkim.h           |   11 
 nss/lib/pki/pkistore.c       |   71 
 nss/lib/pki/pkistore.h       |   11 
 nss/lib/pki/pkit.h           |   13 
 nss/lib/pki/tdcache.c        |    6 
 nss/lib/pki/trustdomain.c    |    4 
 nss/lib/smime/cmsrecinfo.c   |   34 
 nss/lib/smime/cmsreclist.c   |   26 
 nss/lib/smime/smimeutil.c    |    4 
 nss/lib/softoken/fipstest.c  |  195 +
 nss/lib/softoken/fipstokn.c  |   58 
 nss/lib/softoken/keydb.c     |   84 
 nss/lib/softoken/lowpbe.c    |    2 
 nss/lib/softoken/pkcs11.c    |   42 
 nss/lib/softoken/pkcs11c.c   |   54 
 nss/lib/softoken/pkcs11i.h   |    2 
 nss/lib/softoken/rsawrapr.c  |   47 
 nss/lib/softoken/softoken.h  |    7 
 nss/lib/ssl/derive.c         |   16 
 nss/lib/ssl/ssl3con.c        |   71 
 nss/lib/ssl/ssl3ecc.c        |    6 
 nss/lib/ssl/sslcon.c         |    8 
 nss/lib/ssl/sslimpl.h        |    4 
 nss/lib/ssl/sslsnce.c        |   11 
 nss/lib/util/secasn1d.c      |    6 
 nss/lib/util/secdig.c        |   19 
 nss/lib/util/secport.c       |   65 
 nss/lib/util/secport.h       |    3 
 nss/tests/cert/cert.sh       |   72 
 nss/tests/ssl/ssl.sh         |   44 
 nss/tests/ssl/sslcov.txt     |   20 
 nss/tests/ssl/sslstress.txt  |    2 
 57 files changed, 6718 insertions(+), 673 deletions(-)

--- NEW FILE nss-3_11_20060905.patch ---
Index: mozilla/security/coreconf/jdk.mk
diff -u mozilla/security/coreconf/jdk.mk:1.18 mozilla/security/coreconf/jdk.mk:1.18.2.1
--- mozilla/security/coreconf/jdk.mk:1.18	Thu Nov  3 00:11:59 2005
+++ mozilla/security/coreconf/jdk.mk	Mon Aug 14 17:20:41 2006
@@ -184,6 +184,31 @@
 	JDK_JIT_OPT =
 endif
 
+# set [Mac OS X] platforms
+ifeq ($(OS_ARCH), Darwin)
+	JAVA_CLASSES = $(JAVA_HOME)/../Classes/classes.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/../Classes/classes.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = darwin
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
 # set [IBM AIX] platforms
 ifeq ($(OS_ARCH), AIX)
 	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
Index: mozilla/security/coreconf/rules.mk
diff -u mozilla/security/coreconf/rules.mk:1.66.2.1 mozilla/security/coreconf/rules.mk:1.66.2.2
--- mozilla/security/coreconf/rules.mk:1.66.2.1	Wed Apr 12 21:01:57 2006
+++ mozilla/security/coreconf/rules.mk	Tue Aug 15 21:41:41 2006
@@ -873,8 +873,7 @@
 
 ifneq (,$(filter-out OpenVMS OS2 WIN%,$(OS_TARGET)))
 # Can't use sed because of its 4000-char line length limit, so resort to perl
-.DEFAULT:
-	@perl -e '                                                            \
+PERL_DEPENDENCIES_PROGRAM =                                                   \
 	    open(MD, "< $(DEPENDENCIES)");                                    \
 	    while (<MD>) {                                                    \
 		if (m@ \.*/*$< @) {                                           \
@@ -901,7 +900,10 @@
 	    } elsif ("$<" ne "$(DEPENDENCIES)") {                             \
 		print "$(MAKE): *** No rule to make target $<.  Stop.\n";     \
 		exit(1);                                                      \
-	    }'
+	    }
+
+.DEFAULT:
+	@perl -e '$(PERL_DEPENDENCIES_PROGRAM)'
 endif
 
 #############################################################################
Index: mozilla/security/nss/cmd/lib/secutil.c
diff -u mozilla/security/nss/cmd/lib/secutil.c:1.71.2.2 mozilla/security/nss/cmd/lib/secutil.c:1.71.2.3
--- mozilla/security/nss/cmd/lib/secutil.c:1.71.2.2	Mon Apr 24 04:41:55 2006
+++ mozilla/security/nss/cmd/lib/secutil.c	Wed Jul 19 00:25:03 2006
@@ -3012,25 +3012,6 @@
 
 }
 
-
-SECItem *
-SECU_GetPBEPassword(void *arg)
-{
-    char *p = NULL;
-    SECItem *pwitem = NULL;
-
-    p = SECU_GetPasswordString(arg,"Password: ");
-
-    /* NOTE: This function is obviously unfinished. */
-
-    if ( pwitem == NULL ) {
-	fprintf(stderr, "Error hashing password\n");
-	return NULL;
-    }
-    
-    return pwitem;
-}
-
 SECStatus
 SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd)
 {
Index: mozilla/security/nss/cmd/lib/secutil.h
diff -u mozilla/security/nss/cmd/lib/secutil.h:1.18 mozilla/security/nss/cmd/lib/secutil.h:1.18.24.1
--- mozilla/security/nss/cmd/lib/secutil.h:1.18	Tue Apr 12 02:24:15 2005
+++ mozilla/security/nss/cmd/lib/secutil.h	Wed Jul 19 00:25:03 2006
@@ -289,8 +289,6 @@
 extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
 #endif
 
-extern SECItem *SECU_GetPBEPassword(void *arg);
-
 extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
 
 extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
Index: mozilla/security/nss/cmd/pk11mode/Makefile
diff -u /dev/null mozilla/security/nss/cmd/pk11mode/Makefile:1.1.2.2
--- /dev/null	Wed Sep  6 01:06:12 2006
+++ mozilla/security/nss/cmd/pk11mode/Makefile	Fri Sep  1 22:09:04 2006
@@ -0,0 +1,93 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+	$(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
[...9206 lines suppressed...]
+            -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" "$1" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Import $CERTNAME's mixed EC Cert"
+	certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	    -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+	cert_log "SUCCESS: $CERTNAME's mixed EC Cert Created"
     fi
 
     return 0
@@ -695,6 +723,27 @@
 #
 #     done with EC certs
 #
+#     Repeat again for mixed EC certs
+#
+      EC_CURVE="secp256r1"
+      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed at bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
+      cp ${CERTDIR}/req ${SERVER_CADIR}
+      certu -C -c "chain-2-serverCA" -m 201 -v 60 -d "${P_SERVER_CADIR}" \
+          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed EC Cert  -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+
+#      CU_ACTION="Import Client mixed EC Root CA -t T,, for $CERTNAME (ext.)"
+#      certu -A -n "clientCA-ecmixed" -t "T,," -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-ecmixed.ca.cert" \
+#	  2>&1
   fi
 
   echo "Importing all the server's own CA chain into the servers DB"
@@ -758,6 +807,29 @@
 #
 # done with EC certs
 #
+#
+#     Repeat the above for mixed EC certs
+#
+      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed at bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
+      cp ${CERTDIR}/req ${CLIENT_CADIR}
+      certu -C -c "chain-2-clientCA" -m 301 -v 60 -d "${P_CLIENT_CADIR}" \
+          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed EC Cert -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+
+#      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
+#      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
+#
+# done with mixed EC certs
+#
   fi
 
   echo "Importing all the client's own CA chain into the servers DB"
Index: mozilla/security/nss/tests/ssl/ssl.sh
diff -u mozilla/security/nss/tests/ssl/ssl.sh:1.61.2.4 mozilla/security/nss/tests/ssl/ssl.sh:1.61.2.5
--- mozilla/security/nss/tests/ssl/ssl.sh:1.61.2.4	Wed Mar 29 20:46:19 2006
+++ mozilla/security/nss/tests/ssl/ssl.sh	Thu Aug 24 17:56:37 2006
@@ -205,6 +205,9 @@
   else
       ECC_OPTIONS=""
   fi
+  if [ "$1" = "mixed" ]; then
+      ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
+  fi
   echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
   echo "         ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
   echo "selfserv started at `date`"
@@ -245,6 +248,8 @@
   else
       sparam="$CSHORT"
   fi
+
+  mixed=0
   start_selfserv # Launch the server
                
   p=""
@@ -264,7 +269,34 @@
               TLS_FLAG=""
           fi
 
-          is_selfserv_alive
+# These five tests need an EC cert signed with RSA
+# This requires a different certificate loaded in selfserv
+# due to a (current) NSS limitation of only loaded one cert
+# per type so the default selfserv setup will not work.
+#:C00B TLS ECDH RSA WITH NULL SHA
+#:C00C TLS ECDH RSA WITH RC4 128 SHA
+#:C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+#:C00E TLS ECDH RSA WITH AES 128 CBC SHA
+#:C00F TLS ECDH RSA WITH AES 256 CBC SHA
+
+          if [ $mixed -eq 0 ]; then
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              kill_selfserv
+              start_selfserv mixed
+              mixed=1
+            else
+              is_selfserv_alive
+            fi
+          else 
+            if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
+              is_selfserv_alive
+            else
+              kill_selfserv
+              start_selfserv
+              mixed=0
+            fi
+          fi
+
           echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
           echo "        -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
 
@@ -335,7 +367,15 @@
           echo "$SCRIPTNAME: skipping  $testname (ECC only)"
       elif [ "$ectype" != "#" ]; then
           cparam=`echo $cparam | sed -e 's;_; ;g'`
-          start_selfserv
+
+# This test needs the mixed cert 
+# Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
+          if [ "${sparam}" = "-c_:C00E" ]; then
+              start_selfserv mixed
+          else
+              start_selfserv
+          fi
+
           if [ "`uname -n`" = "sjsu" ] ; then
               echo "debugging disapering selfserv... ps -ef | grep selfserv"
               ps -ef | grep selfserv
Index: mozilla/security/nss/tests/ssl/sslcov.txt
diff -u mozilla/security/nss/tests/ssl/sslcov.txt:1.5.144.2 mozilla/security/nss/tests/ssl/sslcov.txt:1.5.144.3
--- mozilla/security/nss/tests/ssl/sslcov.txt:1.5.144.2	Thu Apr 13 09:53:29 2006
+++ mozilla/security/nss/tests/ssl/sslcov.txt	Thu Aug 24 17:56:37 2006
@@ -59,11 +59,11 @@
    ECC   noTLS  :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
    ECC   noTLS  :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
    ECC   noTLS  :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
-#  ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
-#  ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
-#  ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
+   ECC   noTLS  :C00B SSL3 ECDH RSA WITH NULL SHA
+   ECC   noTLS  :C00C SSL3 ECDH RSA WITH RC4 128 SHA
+   ECC   noTLS  :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
+   ECC   noTLS  :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
+   ECC   noTLS  :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
    ECC   noTLS  :C010 SSL3 ECDHE RSA WITH NULL SHA
    ECC   noTLS  :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
    ECC   noTLS  :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
@@ -82,11 +82,11 @@
    ECC    TLS   :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
    ECC    TLS   :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
    ECC    TLS   :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
-#  ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
-#  ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
-#  ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
-#  ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
-#  ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
+   ECC    TLS   :C00B TLS ECDH RSA WITH NULL SHA
+   ECC    TLS   :C00C TLS ECDH RSA WITH RC4 128 SHA
+   ECC    TLS   :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
+   ECC    TLS   :C00E TLS ECDH RSA WITH AES 128 CBC SHA
+   ECC    TLS   :C00F TLS ECDH RSA WITH AES 256 CBC SHA
    ECC    TLS   :C010 TLS ECDHE RSA WITH NULL SHA
    ECC    TLS   :C011 TLS ECDHE RSA WITH RC4 128 SHA
    ECC    TLS   :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA
Index: mozilla/security/nss/tests/ssl/sslstress.txt
diff -u mozilla/security/nss/tests/ssl/sslstress.txt:1.5.80.4 mozilla/security/nss/tests/ssl/sslstress.txt:1.5.80.5
--- mozilla/security/nss/tests/ssl/sslstress.txt:1.5.80.4	Mon Apr 24 05:01:57 2006
+++ mozilla/security/nss/tests/ssl/sslstress.txt	Thu Aug 24 17:56:37 2006
@@ -18,7 +18,7 @@
    ECC      0      -c_:C009  -c_100_-C_:C009_-N_-T  Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
    ECC      0      -c_:C013  -c_1000_-C_:C013_-T    Stress SSL3 ECDHE-RSA   AES 128 CBC with SHA
    ECC      0      -c_:C004  -2_-c_100_-C_:C004_-N  Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (no reuse)
-#  ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C00E  -2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
    ECC      0      -c_:C013  -2_-c_1000_-C_:C013    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA
 #
 # add client auth versions here...


Index: nss.spec
===================================================================
RCS file: /cvs/dist/rpms/nss/devel/nss.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- nss.spec	4 Aug 2006 16:51:01 -0000	1.15
+++ nss.spec	6 Sep 2006 21:16:47 -0000	1.16
@@ -3,7 +3,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.11.2
-Release:          2
+Release:          3
 License:          MPL/GPL/LGPL
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -22,6 +22,8 @@
 Source4:          blank-key3.db
 Source5:          blank-secmod.db
 
+Patch1:           nss-3_11_20060905.patch
+
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -71,6 +73,7 @@
 
 %prep
 %setup -q
+%patch1 -p0
 
 %build
 
@@ -326,6 +329,10 @@
 
 
 %changelog
+* Wed Sep 06 2006 Kai Engert <kengert at redhat.com> - 3.11.2-3
+- Update to snapshot NSS_3_11_20060905_TAG, which
+  includes fixes for an RSA signature verification flaw.
+
 * Thu Aug 03 2006 Kai Engert <kengert at redhat.com> - 3.11.2-2
 - Add /etc/pki/nssdb
 




More information about the fedora-cvs-commits mailing list