Revisions of mozilla-nss
Stefan Lijewski (lijews)
accepted
request 207616
from
Stefan Lijewski (lijews)
(revision 14)
- update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605
Stefan Lijewski (lijews)
accepted
request 206413
from
Stefan Lijewski (lijews)
(revision 13)
- update to 3.15.2 (bnc#842979) * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739)
Wolfgang Rosenauer (wrosenauer)
accepted
request 186805
from
Wolfgang Rosenauer (wrosenauer)
(revision 12)
- fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
Stefan Lijewski (lijews)
accepted
request 162842
from
Stefan Lijewski (lijews)
(revision 11)
- disable tests with expired certificates (nss-disable-expired-testcerts.patch) - add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements (bug-834091.patch; bmo#834091) * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage
Stefan Lijewski (lijews)
accepted
request 161590
from
Stefan Lijewski (lijews)
(revision 10)
- update to 3.14.3 * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch - add aarch64 support - added system-sqlite.patch (bmo#837799) * do not depend on latest sqlite just for a #define - enable system sqlite usage again - update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch - disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash
Stefan Lijewski (lijews)
accepted
request 150289
from
Stefan Lijewski (lijews)
(revision 9)
- updated CA database (nssckbi-1.93.patch) * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST - update to 3.14.1 RTM * minimal requirement for Gecko 20 * several bugfixes - update to 3.14 RTM * Support for TLS 1.1 (RFC 4346) * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) * Support for AES-CTR, AES-CTS, and AES-GCM * Support for Keying Material Exporters for TLS (RFC 5705) * Support for certificate signatures using the MD5 hash algorithm is now disabled by default * The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. * Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default - disabled OCSP testcases since they need external network (nss-disable-ocsp-test.patch)
Stefan Lijewski (lijews)
accepted
request 132199
from
Stefan Lijewski (lijews)
(revision 8)
- update to 3.13.6 RTM * root CA update * other bugfixes
Stefan Lijewski (lijews)
accepted
request 124230
from
Stefan Lijewski (lijews)
(revision 7)
- update to 3.13.5 RTM - update to 3.13.4 RTM * fixed some bugs * fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2
Stefan Lijewski (lijews)
accepted
request 109616
from
Stefan Lijewski (lijews)
(revision 6)
- update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204) - update to 3.13.2 RTM * requirement with Gecko >= 11 - removed obsolete patches * ckbi-1.88 * pkcs11n-header-fix.patch
Stefan Lijewski (lijews)
committed
(revision 5)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:mozilla-nss revision:6
Stefan Lijewski (lijews)
committed
(revision 4)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:mozilla-nss revision:5
Stefan Lijewski (lijews)
committed
(revision 3)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:mozilla-nss revision:4
Stefan Lijewski (lijews)
committed
(revision 2)
removed _link
Stefan Lijewski (lijews)
committed
(revision 1)
osc copypac from project:openSUSE:Evergreen:11.2:Test package:mozilla-nss revision:2
Displaying all 14 revisions