Description of problem: This is needed in order to rebase nss to 3.14 which in turn is needed in order to add TLS 1.1 support to nss. The driver is a corresponding request for mod_nss for Apache 2.2 on rhel-6.4. Version-Release number of selected component (if applicable): RHEL-6.4 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 623802 [details] Changes to rebase to 3.14 - based on private branch work
Comment on attachment 623802 [details] Changes to rebase to 3.14 - based on private branch work r+ for RHEL 6
Built nss-util-3.14.0.0-1.el6
Hi, could you please summarize changes since last build and point out some items that deserve to be tested (except TLS1.1?
The changes to util include: * a buffer overflow function in DER_GetInteger and DER_GetUInteger has been fixed. (calling these functions on a DER integer greater then sizeof(int) on the given platform should not fail). * upstream as turned off MD5 by default. We should verify that we did not turn off md5 by default here in RHEL 6. * Several new ciphers were added, but are not enabled since we did not update softoken, so normal NSS regression testing is sufficient. * Several functions have been moved out of softoken into nss-util. These functions aren't used in RHEL 6 (since we didn't update softoken), so normall regression testing is sufficient here. I'll leave it to Elio to add or correct anything on Wednesday. bob
The only thing to add is that we are rebasing to nss-3.14 from nss-3.13.5 having skipped nss-3.13.6. The bugs fixed on 3.13.6 are listed with this query: https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Components;query_format=advanced;product=NSS;target_milestone=3.13.6;list_id=4708561 I don't see anything striking there. For RHEL-5.9 we rebased nss to 3.13.6 so a review of that test suite is worthwhile to pick up any tests you may have added there.
*** Bug 833480 has been marked as a duplicate of this bug. ***
The nss-util-3.14.0.0-2.el6 build was to fix an inconsistency in the n-v-r tags in the sepc file, no code changes.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0445.html