- rel 2; Updating default maximum TLS version to 1.2

diff --git a/nss.spec b/nss.spec
index cecb1cfcd21b919fefcf01ad11d8661feee94076..6c89cededa42e49f3167bc0f8419cd1998230d0c 100644 (file)
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@ Summary:        NSS - Network Security Services
 Summary(pl.UTF-8):     NSS - Network Security Services
 Name:          nss
 Version:       3.17.2
-Release:       1
+Release:       2
 Epoch:         1
 License:       MPL v2.0
 Group:         Libraries
@@ -15,6 +15,8 @@ Source2:      %{name}-config.in
 Source3:       http://www.cacert.org/certs/root.der
 # Source3-md5: a61b375e390d9c3654eebd2031461f6b
 Patch0:                %{name}-Makefile.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch1:                tls12.patch
 URL:           http://www.mozilla.org/projects/security/pki/nss/
 BuildRequires: nspr-devel >= %{nspr_ver}
 BuildRequires: nss-tools
@@ -22,8 +24,8 @@ BuildRequires:        perl-base
 BuildRequires: sqlite3-devel
 BuildRequires: zlib-devel
 BuildConflicts:        mozilla < 0.9.6-3
-Requires:      nspr >= %{nspr_ver}
 Requires:      %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
+Requires:      nspr >= %{nspr_ver}
 Obsoletes:     libnss3
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -96,6 +98,9 @@ Biblioteka kryptograficzna freebl dla bibliotek NSS.
 %prep
 %setup -q
 %patch0 -p1
+cd nss
+%patch1 -p1
+cd ..
 
 %if 0%{!?debug:1}
 # strip before signing

diff --git a/tls12.patch b/tls12.patch
new file mode 100644 (file)
index 0000000..0293383
--- /dev/null
+++ b/tls12.patch
@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1413479112 25200
+#      Thu Oct 16 10:05:12 2014 -0700
+# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
+# Parent  24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
+Bug 1083900 - Updating default maximum version to 1.2
+
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
+     PR_FALSE    /* enableFallbackSCSV */
+ };
+ 
+ /*
+  * default range of enabled SSL/TLS protocols
+  */
+ static SSLVersionRange versions_defaults_stream = {
+     SSL_LIBRARY_VERSION_3_0,
+-    SSL_LIBRARY_VERSION_TLS_1_0
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ static SSLVersionRange versions_defaults_datagram = {
+     SSL_LIBRARY_VERSION_TLS_1_1,
+-    SSL_LIBRARY_VERSION_TLS_1_1
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ #define VERSIONS_DEFAULTS(variant) \
+     (variant == ssl_variant_stream ? &versions_defaults_stream : \
+                                      &versions_defaults_datagram)
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;
+ sslSessionIDCacheFunc   ssl_sid_cache;