Overview
Request 634751 accepted
- update to NSS 3.38
* required by Firefox 62.0
New Functionality
* Added support for the TLS Record Size Limit Extension
* When creating a certificate request (CSR) using certutil -R, an
existing orphan private key can be reused. Parameter -k may be
used to specify the ID of an existing orphan key. The available
orphan key IDs can be displayed using command certutil -K.
* When using certutil -O to print the chain for a given certificate
nickname, the new parameter --simple-self-signed may be provided,
which can avoid ambiguous output in some scenarios.
New Functions
* SECITEM_MakeItem - Allocate and make an item with the requested contents
(secitem.h)
New Macros
* SSL_RECORD_SIZE_LIMIT - used to control the TLS Record Size Limit
Extension (in ssl.h)
Notable Changes
* Fixed CVE-2018-0495 (bmo#1464971)
* Various security fixes in the ASN.1 code
* NSS automatically enables caching for SQL database storage on
Linux, if it is located on a network filesystem that's known to
benefit from caching.
* When repeatedly importing the same certificate into an SQL database,
the existing nickname will be kept.
- Created by wrosenauer
- In state accepted
Request History
wrosenauer created request
- update to NSS 3.38
* required by Firefox 62.0
New Functionality
* Added support for the TLS Record Size Limit Extension
* When creating a certificate request (CSR) using certutil -R, an
existing orphan private key can be reused. Parameter -k may be
used to specify the ID of an existing orphan key. The available
orphan key IDs can be displayed using command certutil -K.
* When using certutil -O to print the chain for a given certificate
nickname, the new parameter --simple-self-signed may be provided,
which can avoid ambiguous output in some scenarios.
New Functions
* SECITEM_MakeItem - Allocate and make an item with the requested contents
(secitem.h)
New Macros
* SSL_RECORD_SIZE_LIMIT - used to control the TLS Record Size Limit
Extension (in ssl.h)
Notable Changes
* Fixed CVE-2018-0495 (bmo#1464971)
* Various security fixes in the ASN.1 code
* NSS automatically enables caching for SQL database storage on
Linux, if it is located on a network filesystem that's known to
benefit from caching.
* When repeatedly importing the same certificate into an SQL database,
the existing nickname will be kept.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
namtrac accepted review
staging-bot set openSUSE:Factory:Staging:B as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:B"
staging-bot accepted review
Picked openSUSE:Factory:Staging:B
maxlin_factory set openSUSE:Factory:Staging:I as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:I"
maxlin_factory accepted review
Moved to openSUSE:Factory:Staging:I
repo-checker accepted review
cycle and install check passed
dimstar_suse accepted review
Removing from openSUSE:Factory:Staging:I, re-evaluation needed
dimstar_suse approved review
Removing from openSUSE:Factory:Staging:I, re-evaluation needed
dimstar_suse added factory-staging as a reviewer
Requesting new staging review
staging-bot set openSUSE:Factory:Staging:I as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:I"
staging-bot accepted review
Picked openSUSE:Factory:Staging:I
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory
@dimstar_suse, @factory-repo-checker: review reminder