Overview Repositories Revisions Requests Users Attributes Meta

Revisions of mozilla-nss

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 421041 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 117) 
- fix build on certain toolchains (nss-uninitialized.patch)
  jarfile.c:805:13: error: 'it' may be used uninitialized in this
  function [-Werror=maybe-uninitialized]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 417032 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 116) 
- also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236)

- update to NSS 3.24
  New functionality:
  * NSS softoken has been updated with the latest National Institute
    of Standards and Technology (NIST) guidance (as of 2015):
    - Software integrity checks and POST functions are executed on
      shared library load. These checks have been disabled by default,
      as they can cause a performance regression. To enable these
      checks, you must define symbol NSS_FORCE_FIPS when building NSS.
    - Counter mode and Galois/Counter Mode (GCM) have checks to
      prevent counter overflow.
    - Additional CSPs are zeroed in the code.
    - NSS softoken uses new guidance for how many Rabin-Miller tests
      are needed to verify a prime based on prime size.
  * NSS softoken has also been updated to allow NSS to run in FIPS
    Level 1 (no password). This mode is triggered by setting the
    database password to the empty string. In FIPS mode, you may move
    from Level 1 to Level 2 (by setting an appropriate password),
    but not the reverse.
  * A SSL_ConfigServerCert function has been added for configuring
    SSL/TLS server sockets with a certificate and private key. Use
    this new function in place of SSL_ConfigSecureServer,
    SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses,
    and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically
    determines the certificate type from the certificate and private key.
    The caller is no longer required to use SSLKEAType explicitly to
    select a "slot" into which the certificate is configured (which
    incorrectly identifies a key agreement type rather than a certificate).
    Separate functions for configuring Online Certificate Status Protocol
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 384318 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 113) 
- update to NSS 3.22.3
  * required for Firefox 46.0
  * Increase compatibility of TLS extended master secret,
    don't send an empty TLS extension last in the handshake
    (bmo#1243641)

- update to NSS 3.22.2
  New functionality:
  * RSA-PSS signatures are now supported (bmo#1215295)
  * Pseudorandom functions based on hashes other than SHA-1 are now supported
  * Enforce an External Policy on NSS from a config file (bmo#1009429)
  New functions:
  * PK11_SignWithMechanism - an extended version PK11_Sign()
  * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
  * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
    TLS extension data
  * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
    TLS extension data
  New types:
  * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
  * Constants for several object IDs are added to SECOidTag
  New macros:
  * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
  * NSS_USE_ALG_IN_SSL
  * NSS_USE_POLICY_IN_SSL
  * NSS_RSA_MIN_KEY_SIZE
  * NSS_DH_MIN_KEY_SIZE
  * NSS_DSA_MIN_KEY_SIZE
  * NSS_TLS_VERSION_MIN_POLICY
  * NSS_TLS_VERSION_MAX_POLICY
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 368766 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 112) 
- update to NSS 3.21.1 (bmo#969894)
  * required for Firefox 45.0
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
    Buffer overflow during ASN.1 decoding in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
    Use-after-free during processing of DER encoded keys in NSS
    (fixed by requiring 3.21.1)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 356139 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 111) 
- update to NSS 3.21
  * required for Firefox 44.0
  New functionality:
  * certutil now supports a --rename option to change a nickname (bmo#1142209)
  * TLS extended master secret extension (RFC 7627) is supported (bmo#1117022)
  * New info functions added for use during mid-handshake callbacks (bmo#1084669)
  New Functions:
  * NSS_OptionSet - sets NSS global options
  * NSS_OptionGet - gets the current value of NSS global options
  * SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
    string, module parameters string, NSS specific parameters string, and NSS
    configuration parameter string. The module represented by the module
    structure is not loaded. The difference with SECMOD_CreateModule is the new
    function handles NSS configuration parameter strings.
  * SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
    to the handshake being completed, for use with the callbacks that are invoked
    during the handshake
  * SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
    for TLS
  * SSL_SignaturePrefGet - retrieves the currently configured signature and hash
    algorithms
  * SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
    can be configured with SSL_SignaturePrefSet
  * NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
    library string, module name string, module parameters string, NSS specific
    parameters string, and NSS configuration parameter strings. The returned
    strings must be freed by the caller. The difference with
    NSS_ArgParseModuleSpec is the new function handles NSS configuration
    parameter strings.
  * NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 351733 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 110) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 350520 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 109) 
- update to NSS 3.20.2 (bnc#959888)

- update to NSS 3.20.1 (bnc#952810)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 342323 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 108) 
- update to NSS 4.20.1 (bnc#952810)
  * requires NSPR 4.10.10
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868)
    memory corruption issues
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 335620 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 107) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 315776 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 106) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 309532 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 104) 
- update to 3.19.1
  No new functionality is introduced in this release. This patch
  release includes a fix for the recently published logjam attack.
  Notable Changes:
  * The minimum strength of keys that libssl will accept for
    finite field algorithms (RSA, Diffie-Hellman, and DSA) have
    been increased to 1023 bits (bmo#1138554).
  * NSS reports the bit length of keys more accurately.  Thus,
    the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
    functions could report smaller values for values that have
    leading zero values. This affects the key strength values that
    are reported by SSL_GetChannelInfo.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 309327 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 103) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 303844 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 102) 
- update to 3.18.1
  * Firefox target release 38
  * No new functionality is introduced in this release.
  Notable Changes:
  * The following CA certificate had the Websites and Code Signing
    trust bits restored to their original state to allow more time
    to develop a better transition strategy for affected sites:
    - OU = Equifax Secure Certificate Authority
  * The following CA certificate was removed:
    - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
  * The following intermediate CA certificate has been added as
    actively distrusted because it was mis-used to issue certificates
    for domain names the holder did not own or control:
    - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
  * The version number of the updated root CA list has been set
    to 2.4
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 284702 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 100) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 267102 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 99) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 258176 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 98) 
Automatic submission by obs-autosubmit
Displaying revisions 101 - 120 of 217
openSUSE Build Service is sponsored by
Places