Revisions of mozilla-nss
buildservice-autocommit
accepted
request 528036
from
Wolfgang Rosenauer (wrosenauer)
(revision 249)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 248)
- update to NSS 3.32.1 * no upstream changelog/releasenote provided - update to NSS 3.32 Notable changes * Various minor improvements and correctness fixes. * The Code Signing trust bit was turned off for all included root certificates. * The Websites (TLS/SSL) trust bit was turned off for the following root certificates: AddTrust Class 1 CA Root Swisscom Root CA 2 * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object - requires NSPR 4.16
buildservice-autocommit
accepted
request 523645
from
Wolfgang Rosenauer (wrosenauer)
(revision 247)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 246)
- update to NSS 3.31.1 * Potential deadlock when using an external PKCS#11 token (bmo#1381784)
buildservice-autocommit
accepted
request 516062
from
Wolfgang Rosenauer (wrosenauer)
(revision 245)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 244)
- removed obsolete nss-fix-hash.patch
Wolfgang Rosenauer (wrosenauer)
committed
(revision 243)
- update to NSS 3.31 New functionality * Allow certificates to be specified by RFC7512 PKCS#11 URIs. * Allow querying a certificate object for its temporary or permanent storage status in a thread safe way. New functions * CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a certificate in a thread safe way. * CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a certificate in a thread safe way. * PK11_FindCertFromURI - find a certificate identified by the given URI. * PK11_FindCertsFromURI - find a list of certificates identified by the given URI. * PK11_GetModuleURI - retrieve the URI of the given module. * PK11_GetTokenURI - retrieve the URI of a token based on the given slot information. * PK11URI_CreateURI - create a new PK11URI object from a set of attributes. * PK11URI_DestroyURI - destroy a PK11URI object. * PK11URI_FormatURI - format a PK11URI object to a string. * PK11URI_GetPathAttribute - retrieve a path attribute with the given name. * PK11URI_GetQueryAttribute - retrieve a query attribute with the given name. * PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object. New macros * Several new macros that start with PK11URI_PATTR_ for path attributes defined in RFC7512. * Several new macros that start with PK11URI_QATTR_ for query attributes defined in RFC7512. Notable changes * The APIs that set a TLS version range have been changed to trim the requested range to the overlap with a systemwide crypto policy, if configured.
buildservice-autocommit
accepted
request 492757
from
Factory Maintainer (factory-maintainer)
(revision 242)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 241)
- update to NSS 3.30.2 New Functionality * In the PKCS#11 root CA module (nssckbi), CAs with positive trust are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to true. Applications that need to distinguish them from other other root CAs, may use the exported function PK11_HasAttributeSet. * Support for callback functions that can be used to monitor SSL/TLS alerts that are sent or received. New Functions * CERT_CompareAVA - performs a comparison of two CERTAVA structures, and returns a SECComparison result. * PK11_HasAttributeSet - allows to check if a PKCS#11 object in a given slot has a specific boolean attribute set. * SSL_AlertReceivedCallback - register a callback function, that will be called whenever an SSL/TLS alert is received * SSL_AlertSentCallback - register a callback function, that will be called whenever an SSL/TLS alert is sent * SSL_SetSessionTicketKeyPair - configures an asymmetric key pair, for use in wrapping session ticket keys, used by the server. This function currently only accepts an RSA public/private key pair. New Macros * PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256 cipher family identifiers corresponding to the PKCS#5 v2.1 AES based encryption schemes used in the PKCS#12 support in NSS * CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11 attribute, that should be set to true, if a CA is present because of it's acceptance according to the Mozilla CA Policy Notable Changes * The TLS server code has been enhanced to support session tickets when no RSA certificate (e.g. only an ECDSA certificate) is configured.
buildservice-autocommit
accepted
request 487715
from
Wolfgang Rosenauer (wrosenauer)
(revision 240)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 239)
(boo#1015499, bmo#1320695) (nss-bmo1320695.patch)
Wolfgang Rosenauer (wrosenauer)
committed
(revision 238)
- Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695)
Wolfgang Rosenauer (wrosenauer)
committed
(revision 237)
- update to NSS 3.29.5 * Rare crashes in the base 64 decoder and encoder were fixed. (bmo#1344380) * A carry over bug in the RNG was fixed. (bmo#1345089)
buildservice-autocommit
accepted
request 482051
from
Wolfgang Rosenauer (wrosenauer)
(revision 236)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 235)
- update to NSS 3.29.3 * enables TLS 1.3 by default - TLS 1.3 was already enabled in 3.28.x builds for openSUSE. This build option was removed. - required for Firefox 53
buildservice-autocommit
accepted
request 480619
from
Wolfgang Rosenauer (wrosenauer)
(revision 234)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 479929
from
Richard Biener (rguenther)
(revision 233)
- Add nss-fix-hash.patch to fix hash computation (and build with GCC 7 which complains about shifts of boolean values).
buildservice-autocommit
accepted
request 459222
from
Wolfgang Rosenauer (wrosenauer)
(revision 232)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 231)
- update to NSS 3.28.3 * This is a patch release to fix binary compatibility issues. NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation with the NSS compatibility promise. ECParams, which is part of the public API of the freebl/softokn parts of NSS, had been changed to include an additional attribute. That size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially other data structures that reference ECParams. The change has been reverted to the original state in bug bmo#1334108. SECKEYECPublicKey had been extended with a new attribute, named "encoding". If an application passed type SECKEYECPublicKey to NSS (as part of SECKEYPublicKey), the NSS library read the uninitialized attribute. With this NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the attribute, and will always set it to ECPoint_Undefined. See bug bmo#1340103.
buildservice-autocommit
accepted
request 456518
from
Wolfgang Rosenauer (wrosenauer)
(revision 230)
baserev update by copy to link target
Displaying revisions 201 - 220 of 449