[El-errata] ELEA-2017-0460 Oracle Linux 7 nspr, nss-util, and nss bug fix and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Mar 8 13:01:03 PST 2017
Oracle Linux Enhancement Advisory ELEA-2017-0460
http://linux.oracle.com/errata/ELEA-2017-0460.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
nspr-4.13.1-1.0.el7_3.i686.rpm
nspr-4.13.1-1.0.el7_3.x86_64.rpm
nspr-devel-4.13.1-1.0.el7_3.i686.rpm
nspr-devel-4.13.1-1.0.el7_3.x86_64.rpm
nss-3.28.2-1.6.0.1.el7_3.i686.rpm
nss-3.28.2-1.6.0.1.el7_3.x86_64.rpm
nss-devel-3.28.2-1.6.0.1.el7_3.i686.rpm
nss-devel-3.28.2-1.6.0.1.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.2-1.6.0.1.el7_3.i686.rpm
nss-pkcs11-devel-3.28.2-1.6.0.1.el7_3.x86_64.rpm
nss-sysinit-3.28.2-1.6.0.1.el7_3.x86_64.rpm
nss-tools-3.28.2-1.6.0.1.el7_3.x86_64.rpm
nss-util-3.28.2-1.1.el7_3.i686.rpm
nss-util-3.28.2-1.1.el7_3.x86_64.rpm
nss-util-devel-3.28.2-1.1.el7_3.i686.rpm
nss-util-devel-3.28.2-1.1.el7_3.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nspr-4.13.1-1.0.el7_3.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.28.2-1.6.0.1.el7_3.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.28.2-1.1.el7_3.src.rpm
Description of changes:
nspr
[4.13.1-1.0]
- Rebase to NSPR 4.13.1
nss
[3.28.2-1.6.0.1]
- Added nss-vendor.patch to change vendor
[3.28.2-1.6]
- Restore ssl-server-min-key-sizes.patch
- Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default
- Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream
patch in the previous release
- Fix crash with tstclnt -W
[3.28.2-1.5]
- Always enable gtests for supported features
- Prevent ABI incompatibilty of SECKEYECPublicKey
[3.28.2-1.4]
- Add patch to fix bash syntax error in tests/ssl.sh
- Build with support for SSLKEYLOGFILE
- Disable the use of RSA-PSS with SSL/TLS
[3.28.2-1.3]
- Remove %nss_cycles setting, which was also mistakenly added
[3.28.2-1.2]
- Reorder cipher suites for compatibility
- Re-enable BUILD_OPT, mistakenly disabled in the previous build
[3.28.2-1.1]
- Remove mistakenly added R: nss-pem
[3.28.2-1.0]
- Rebase to NSS 3.28.2
- Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which
is no-op now
- Enable gtests when requested
- Remove nss-646045.patch and fix-nss-test-filtering.patch, which are
not necessary
- Remove sslauth-no-v2.patch and
nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is
already disabled in upstream
- Remove ssl-server-min-key-sizes.patch, as we decided to support DH
key size greater than 1023 bits
- Remove local patches for SHA384 cipher suites (now supported in
upstream): dhe-sha384-dss-support.patch,
client_auth_for_sha384_prf_support.patch,
nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch,
nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch,
fix-allowed-sig-alg.patch, tests-extra.patch
- Remove upstreamed patches: rh1238290.patch,
fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch,
call-restartmodules-in-nssinit.patch
nss-util
[3.28.2-1.1]
- Prevent ABI incompatibility of SECKEYECPublicKey structure
[3.28.2-1.0]
- Rebase to nss-3.28.1
- Remove upstreamed build-nss-util-only.patch
- Package new header eccutil.h
More information about the El-errata
mailing list