buildservice-autocommit accepted request 980155 from Wolfgang Rosenauer (wrosenauer) almost 2 years ago (revision 385)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed almost 2 years ago (revision 384)

- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
                  NSS_CMSDigestContext_FinishMultiple

- update to NSS 3.78
  * bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and
                  tests, zero-length record/fragment handling tests.
  * bmo#1294978 - Reworked overlong record size checks and added TLS1.3
                  specific boundaries.
  * bmo#1763120 - Add ECH Grease Support to tstclnt
  * bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
  * bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
  * bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
  * bmo#1762489 - Update zlib in NSS to 1.2.12.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 974916 from Wolfgang Rosenauer (wrosenauer) almost 2 years ago (revision 383)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed almost 2 years ago (revision 382)

- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
                  from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
                  sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix

• Files Changed
• Browse Source

buildservice-autocommit accepted request 968290 from Wolfgang Rosenauer (wrosenauer) about 2 years ago (revision 381)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) accepted request 968285 from Callum Farmer (gmbr3) about 2 years ago (revision 380)

- Require nss-util in nss.pc and subsequently remove -lnssutil3

• Files Changed
• Browse Source

buildservice-autocommit accepted request 967153 from Wolfgang Rosenauer (wrosenauer) about 2 years ago (revision 379)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed about 2 years ago (revision 378)

- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
                  nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
                  certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
                  in handshake message.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 965234 from Wolfgang Rosenauer (wrosenauer) about 2 years ago (revision 377)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) accepted request 964904 from Callum Farmer (gmbr3) about 2 years ago (revision 376)

- Add nss-util pkgconfig and config files (copied from RH/Fedora)

• Files Changed
• Browse Source

buildservice-autocommit accepted request 960367 from Wolfgang Rosenauer (wrosenauer) about 2 years ago (revision 375)

baserev update by copy to link target

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed about 2 years ago (revision 374)

- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
                  extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
                  by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
                  only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 373)

- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
                 OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
                  certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
                  CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) accepted request 943053 from Andreas Stieger (AndreasStieger) over 2 years ago (revision 372)

NSS 3.73.1

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 371)

  MFSA 2021-51 (bsc#1193170)

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 370)

- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures

- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
                  regression in about:logins

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 369)

- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- required for Firefox 94

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 368)

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 367)

- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93

• Files Changed
• Browse Source

Wolfgang Rosenauer (wrosenauer) committed over 2 years ago (revision 366)

- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
                            on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
                  components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
                  environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
                  nss failures.
                  (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
                  details in all.sh reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE

• Files Changed
• Browse Source