Revisions of mozilla-nss
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 3)
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This makes the PBKDF known answer test compliant with NIST SP800-132. - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866).
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 2)
- Update FIPS validation string to version-release format. - Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - Update nss-fips-approved-crypto-non-ec.patch to claim 3DES unapproved in FIPS mode (bsc#1192080). - Update nss-fips-constructor-self-tests.patch to allow testing of unapproved algorithms (bsc#1192228). - Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086). This adds FIPS version indicators. - Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087). Most of the relevant changes are already upstream since NSS 3.60.
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 1)
initialize package
Displaying all 3 revisions