- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
  makes the PBKDF known answer test compliant with NIST SP800-132.

- Mozilla NSS 3.68.3 (bsc#1197903)
  This release improves the stability of NSS when used in a multi-threaded 
  environment. In particular, it fixes memory safety violations that 
  can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). 
  We presume that with enough effort these memory safety violations are exploitable.
  * Remove token member from NSSSlot struct (bmo#1756271).
  * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots 
    (bmo#1755555).
  * Check return value of PK11Slot_GetNSSToken (bmo#1370866).

• Files Changed
• Browse Source

- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
  from list of FIPS approved algorithms.

- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
  for build.

- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
  unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
  of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
  This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
  Most of the relevant changes are already upstream since NSS 3.60.

• Files Changed
• Browse Source

initialize package

• Browse Source