Revisions of mozilla-nss
buildservice-autocommit
accepted
request 528036
from
Wolfgang Rosenauer (wrosenauer)
(revision 249)
Wolfgang Rosenauer (wrosenauer)
(revision 249)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 248)
- update to NSS 3.32.1
* no upstream changelog/releasenote provided
- update to NSS 3.32
Notable changes
* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following
root certificates:
AddTrust Class 1 CA Root
Swisscom Root CA 2
* The following CA certificates were Removed:
AddTrust Public CA Root
AddTrust Qualified CA Root
China Internet Network Information Center EV Certificates Root
CNNIC ROOT
ComSign Secured CA
GeoTrust Global CA 2
Secure Certificate Services
Swisscom Root CA 1
Swisscom Root EV CA 2
Trusted Certificate Services
UTN-USERFirst-Hardware
UTN-USERFirst-Object
- requires NSPR 4.16
buildservice-autocommit
accepted
request 523645
from
Wolfgang Rosenauer (wrosenauer)
(revision 247)
Wolfgang Rosenauer (wrosenauer)
(revision 247)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 246)
- update to NSS 3.31.1 * Potential deadlock when using an external PKCS#11 token (bmo#1381784)
buildservice-autocommit
accepted
request 516062
from
Wolfgang Rosenauer (wrosenauer)
(revision 245)
Wolfgang Rosenauer (wrosenauer)
(revision 245)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 243)
- update to NSS 3.31
New functionality
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent
storage status in a thread safe way.
New functions
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.
New macros
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
in RFC7512.
Notable changes
* The APIs that set a TLS version range have been changed to trim the requested
range to the overlap with a systemwide crypto policy, if configured.
buildservice-autocommit
accepted
request 492757
from
Factory Maintainer (factory-maintainer)
(revision 242)
Factory Maintainer (factory-maintainer)
(revision 242)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 241)
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
buildservice-autocommit
accepted
request 487715
from
Wolfgang Rosenauer (wrosenauer)
(revision 240)
Wolfgang Rosenauer (wrosenauer)
(revision 240)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 239)
(boo#1015499, bmo#1320695) (nss-bmo1320695.patch)
Wolfgang Rosenauer (wrosenauer)
committed
(revision 238)
- Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695)
Wolfgang Rosenauer (wrosenauer)
committed
(revision 237)
- update to NSS 3.29.5
* Rare crashes in the base 64 decoder and encoder were fixed.
(bmo#1344380)
* A carry over bug in the RNG was fixed. (bmo#1345089)
buildservice-autocommit
accepted
request 482051
from
Wolfgang Rosenauer (wrosenauer)
(revision 236)
Wolfgang Rosenauer (wrosenauer)
(revision 236)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 235)
- update to NSS 3.29.3 * enables TLS 1.3 by default - TLS 1.3 was already enabled in 3.28.x builds for openSUSE. This build option was removed. - required for Firefox 53
buildservice-autocommit
accepted
request 480619
from
Wolfgang Rosenauer (wrosenauer)
(revision 234)
Wolfgang Rosenauer (wrosenauer)
(revision 234)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 479929
from
Richard Biener (rguenther)
(revision 233)
- Add nss-fix-hash.patch to fix hash computation (and build with GCC 7 which complains about shifts of boolean values).
buildservice-autocommit
accepted
request 459222
from
Wolfgang Rosenauer (wrosenauer)
(revision 232)
Wolfgang Rosenauer (wrosenauer)
(revision 232)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 231)
- update to NSS 3.28.3
* This is a patch release to fix binary compatibility issues.
NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were
in violation with the NSS compatibility promise.
ECParams, which is part of the public API of the freebl/softokn
parts of NSS, had been changed to include an additional attribute.
That size increase caused crashes or malfunctioning with applications
that use that data structure directly, or indirectly through
ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey,
or potentially other data structures that reference ECParams.
The change has been reverted to the original state in bug
bmo#1334108.
SECKEYECPublicKey had been extended with a new attribute, named
"encoding". If an application passed type SECKEYECPublicKey to NSS
(as part of SECKEYPublicKey), the NSS library read the uninitialized
attribute. With this NSS release SECKEYECPublicKey.encoding is
deprecated. NSS no longer reads the attribute, and will always
set it to ECPoint_Undefined. See bug bmo#1340103.
buildservice-autocommit
accepted
request 456518
from
Wolfgang Rosenauer (wrosenauer)
(revision 230)
Wolfgang Rosenauer (wrosenauer)
(revision 230)
baserev update by copy to link target
Displaying revisions 201 - 220 of 449
