Overview Repositories Revisions Requests Users Attributes Meta

Revisions of mozilla-nss

Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 251989 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 97) 
- update to 3.17.1 (bnc#897890)
  * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405)
    RSA Signature Forgery in NSS
  * Change library's signature algorithm default to SHA256
  * Add support for draft-ietf-tls-downgrade-scsv
  * Add clang-cl support to the NSS build system
  * Implement TLS 1.3:
    * Part 1. Negotiate TLS 1.3
    * Part 2. Remove deprecated cipher suites andcompression.
  * Add support for little-endian powerpc64
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 247562 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 96) 
- update to 3.17
  * required for Firefox 33
  New functionality:
  * When using ECDHE, the TLS server code may be configured to generate
    a fresh ephemeral ECDH key for each handshake, by setting the
    SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
    SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means
    the server's ephemeral ECDH key is reused for multiple handshakes.
    This option does not affect the TLS client code, which always
    generates a fresh ephemeral ECDH key for each handshake.
  New Macros
  * SSL_REUSE_SERVER_ECDHE_KEY
  Notable Changes:
  * The manual pages for the certutil and pp tools have been updated to
    document the new parameters that had been added in NSS 3.16.2.
  * On Windows, the new build variable USE_STATIC_RTL can be used to
    specify the static C runtime library should be used. By default the
    dynamic C runtime library is used.

- update to 3.16.4 (bnc#894201)
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 95) 
Split 13.2 from Factory
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 240770 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 93) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 228183 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 91) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 223809 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 90) 
- update to 3.15.5
  * required for Firefox 28
  * export FREEBL_LOWHASH to get the correct default headers
    (bnc#865539)
  New functionality
  * Added support for the TLS application layer protocol negotiation
    (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
    SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
    should be used for application layer protocol negotiation.
  * Added the TLS padding extension. The extension type value is 35655,
    which may change when an official extension type value is assigned
    by IANA. NSS automatically adds the padding extension to ClientHello
    when necessary.
  * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
    the tail of a CERTCertList.
  Notable Changes
  * bmo#950129: Improve the OCSP fetching policy when verifying OCSP
    responses
  * bmo#949060: Validate the iov input argument (an array of PRIOVec
    structures) of ssl_WriteV (called via PR_Writev). Applications should
    still take care when converting struct iov to PRIOVec because the
    iov_len members of the two structures have different types
    (size_t vs. int). size_t is unsigned and may be larger than int.

- BuildRequire mozilla-nspr >= 4.9
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 220922 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 89) 
Updating just the changelog to stay consistent with security update for older dists

* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
    NSS ticket handling issues
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 210076 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 87) 
- update to 3.15.3.1 (bnc#854367)
  * includes certstore update (1.95) (bmo#946351)
    (explicitely distrust AC DG Tresor SSL)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 209434 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 86) 
fix ppc64le build, please forward to factory (forwarded request 209419 from adrianSuSE)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 206762 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 85) 
- update to 3.15.3 (bnc#850148)
  * CERT_VerifyCert returns SECSuccess (saying certificate is good)
    even for bad certificates, when the CERTVerifyLog log parameter
    is given (bmo#910438)
  * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello
    (bmo#919677)
  * fix CVE-2013-5605
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 201263 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 84) 
Contains a security relevant bugfix and should be considered for 13.1

- update to 3.15.2 (bnc#842979)
  * Support for AES-GCM ciphersuites that use the SHA-256 PRF
  * MD2, MD4, and MD5 signatures are no longer accepted for OCSP
    or CRLs
  * Add PK11_CipherFinal macro
  * sizeof() used incorrectly
  * nssutil_ReadSecmodDB() leaks memory
  * Allow SSL_HandshakeNegotiatedExtension to be called before
    the handshake is finished.
  * Deprecate the SSL cipher policy code
  * Avoid uninitialized data read in the event of a decryption
    failure. (CVE-2013-1739)
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 83) 
Split 13.1 from Factory
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 182306 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 82) 
- fix 32bit requirement, it's without () actually (forwarded request 182277 from lnussel)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 181869 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 81) 
- update to 3.15.1
  * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites
    (RFC 5246 and RFC 5289) are supported, allowing TLS to be used
    without MD5 and SHA-1.
    Note the following limitations:
      The hash function used in the signature for TLS 1.2 client
      authentication must be the hash function of the TLS 1.2 PRF,
      which is always SHA-256 in NSS 3.15.1.
      AES GCM cipher suites are not yet supported.
  * some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can
  conflict with the latter (fate#314991)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 173001 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 79) 
Automatic submission by obs-autosubmit
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 162347 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 78) 
- disable tests with expired certificates
  (nss-disable-expired-testcerts.patch)
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements
  (bug-834091.patch; bmo#834091)

  * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
    Out-of-bounds array read in CERT_DecodeCertPackage
Displaying revisions 121 - 140 of 217
openSUSE Build Service is sponsored by
Places