From: Arkadiusz Miśkiewicz <arekm@maven.pl>
Date: Fri, 17 Oct 2014 13:47:18 +0000 (+0200)
Subject: - rel 2; Updating default maximum TLS version to 1.2
X-Git-Tag: auto/th/nss-3.17.2-2
X-Git-Url: https://git.pld-linux.org/?p=packages%2Fnss.git;a=commitdiff_plain;h=refs%2Ftags%2Fauto%2Fth%2Fnss-3.17.2-2

- rel 2; Updating default maximum TLS version to 1.2
---

diff --git a/nss.spec b/nss.spec
index cecb1cf..6c89ced 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@ Summary:	NSS - Network Security Services
 Summary(pl.UTF-8):	NSS - Network Security Services
 Name:		nss
 Version:	3.17.2
-Release:	1
+Release:	2
 Epoch:		1
 License:	MPL v2.0
 Group:		Libraries
@@ -15,6 +15,8 @@ Source2:	%{name}-config.in
 Source3:	http://www.cacert.org/certs/root.der
 # Source3-md5:	a61b375e390d9c3654eebd2031461f6b
 Patch0:		%{name}-Makefile.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch1:		tls12.patch
 URL:		http://www.mozilla.org/projects/security/pki/nss/
 BuildRequires:	nspr-devel >= %{nspr_ver}
 BuildRequires:	nss-tools
@@ -22,8 +24,8 @@ BuildRequires:	perl-base
 BuildRequires:	sqlite3-devel
 BuildRequires:	zlib-devel
 BuildConflicts:	mozilla < 0.9.6-3
-Requires:	nspr >= %{nspr_ver}
 Requires:	%{name}-softokn-freebl = %{epoch}:%{version}-%{release}
+Requires:	nspr >= %{nspr_ver}
 Obsoletes:	libnss3
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -96,6 +98,9 @@ Biblioteka kryptograficzna freebl dla bibliotek NSS.
 %prep
 %setup -q
 %patch0 -p1
+cd nss
+%patch1 -p1
+cd ..
 
 %if 0%{!?debug:1}
 # strip before signing
diff --git a/tls12.patch b/tls12.patch
new file mode 100644
index 0000000..0293383
--- /dev/null
+++ b/tls12.patch
@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1413479112 25200
+#      Thu Oct 16 10:05:12 2014 -0700
+# Node ID f7e1c2c652f4c2522a0a5ec232ecebae1983053d
+# Parent  24852c6f89ea7ed2b8f231320d9a0a03bdd706d4
+Bug 1083900 - Updating default maximum version to 1.2
+
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -85,22 +85,22 @@ static sslOptions ssl_defaults = {
+     PR_FALSE    /* enableFallbackSCSV */
+ };
+ 
+ /*
+  * default range of enabled SSL/TLS protocols
+  */
+ static SSLVersionRange versions_defaults_stream = {
+     SSL_LIBRARY_VERSION_3_0,
+-    SSL_LIBRARY_VERSION_TLS_1_0
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ static SSLVersionRange versions_defaults_datagram = {
+     SSL_LIBRARY_VERSION_TLS_1_1,
+-    SSL_LIBRARY_VERSION_TLS_1_1
++    SSL_LIBRARY_VERSION_TLS_1_2
+ };
+ 
+ #define VERSIONS_DEFAULTS(variant) \
+     (variant == ssl_variant_stream ? &versions_defaults_stream : \
+                                      &versions_defaults_datagram)
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;
+ sslSessionIDCacheFunc   ssl_sid_cache;