- update to NSS 3.43

* required by Firefox 67.0
  New functions
  * HASH_GetHashOidTagByHashType - convert type HASH_HashType to type SECOidTag
  * SSL_SendCertificateRequest - allow server to request post-handshake
    client authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism
    is present, post-handshake authentication is currently not TLS 1.3
    compliant due to bug 1532312
  Notable changes
  * The following CA certificates were Added:
    - emSign Root CA - G1
    - emSign ECC Root CA - G3
    - emSign Root CA - C1
    - emSign ECC Root CA - C3
    - Hongkong Post Root CA 3
  Bugs fixed
  * Improve Gyp build system handling (bmo#1528669, bmo#1529308)
  * Improve NSS S/MIME tests for Thunderbird (bmo#1529950, bmo#1521174)
  * If Docker isn't installed, try running a local clang-format as a
    fallback (bmo#1530134)
  * Enable FIPS mode automatically if the system FIPS mode flag is set
    (bmo#1531267)
  * Add a -J option to the strsclnt command to specify sigschemes
    (bmo#1528262)
  * Add manual for nss-policy-check (bmo#1513909)
  * Fix a deref after a null check in SECKEY_SetPublicValue (bmo#1531074)
  * Properly handle ESNI with HRR (bmo#1517714)
  * Expose HKDF-Expand-Label with mechanism (bmo#1529813)
  * Align TLS 1.3 HKDF trace levels (bmo#1535122)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=280

mozilla-nss.changes

@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Tue Apr 23 12:07:00 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to NSS 3.43
+  * required by Firefox 67.0
+  New functions
+  * HASH_GetHashOidTagByHashType - convert type HASH_HashType to type SECOidTag
+  * SSL_SendCertificateRequest - allow server to request post-handshake
+    client authentication. To use this both peers need to enable the
+    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism
+    is present, post-handshake authentication is currently not TLS 1.3
+    compliant due to bug 1532312
+  Notable changes
+  * The following CA certificates were Added:
+    - emSign Root CA - G1
+    - emSign ECC Root CA - G3
+    - emSign Root CA - C1
+    - emSign ECC Root CA - C3
+    - Hongkong Post Root CA 3
+  Bugs fixed
+  * Improve Gyp build system handling (bmo#1528669, bmo#1529308)
+  * Improve NSS S/MIME tests for Thunderbird (bmo#1529950, bmo#1521174)
+  * If Docker isn't installed, try running a local clang-format as a
+    fallback (bmo#1530134)
+  * Enable FIPS mode automatically if the system FIPS mode flag is set
+    (bmo#1531267)
+  * Add a -J option to the strsclnt command to specify sigschemes
+    (bmo#1528262)
+  * Add manual for nss-policy-check (bmo#1513909)
+  * Fix a deref after a null check in SECKEY_SetPublicValue (bmo#1531074)
+  * Properly handle ESNI with HRR (bmo#1517714)
+  * Expose HKDF-Expand-Label with mechanism (bmo#1529813)
+  * Align TLS 1.3 HKDF trace levels (bmo#1535122)
+  * Use getentropy on compatible versions of FreeBSD (bmo#1530102)
+
 -------------------------------------------------------------------
 Sun Mar 17 09:58:17 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 

mozilla-nss.spec

@@ -21,11 +21,11 @@
 
 Name:           mozilla-nss
 BuildRequires:  gcc-c++
-BuildRequires:  mozilla-nspr-devel >= 4.20
+BuildRequires:  mozilla-nspr-devel >= 4.21
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.42.1
+Version:        3.43
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_42_1_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.42.1/nss ; cd nss-3.42.1/nss ; hg up NSS_3_42_1_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_43_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.43/nss ; cd nss-3.43/nss ; hg up NSS_3_43_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in

nss-3.42.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6
-size 23416408

nss-3.43.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca
+size 23466026