diff --git a/baselibs.conf b/baselibs.conf index cc09aad..9e27921 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -2,7 +2,7 @@ mozilla-nss requires "mozilla-nspr- >= 4.25" requires "libfreebl3-" requires "libsoftokn3-" - requires "mozilla-nss-certs-" + requires "libnssckbi.so" libsoftokn3 requires "libfreebl3- = " libsoftokn3-hmac diff --git a/mozilla-nss.changes b/mozilla-nss.changes index b0320cc..18aff0b 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Thu Sep 17 13:57:18 UTC 2020 - Hans Petter Jansson + +- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code + being moved to deprecated/. +- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made + obsolete by upstream changes. + +------------------------------------------------------------------- +Tue Sep 8 20:17:19 UTC 2020 - Wolfgang Rosenauer + +- update to NSS 3.56 + Notable changes + * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 + * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. + * bmo#1654142 - Add CPU feature detection for Intel SHA extension. + * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. + * bmo#1656986 - Properly detect arm64 during GYP build architecture + detection. + * bmo#1652729 - Add build flag to disable RC2 and relocate to + lib/freebl/deprecated. + * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. + * bmo#1588941 - Send empty certificate message when scheme selection + fails. + * bmo#1652032 - Fix failure to build in Windows arm64 makefile + cross-compilation. + * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. + * bmo#1653975 - Fix 3.53 regression by setting "all" as the default + makefile target. + * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. + * bmo#1659814 - Fix interop.sh failures with newer tls-interop + commit and dependencies. + * bmo#1656519 - NSPR dependency updated to 4.28 +- do not hard require mozilla-nss-certs-32bit via baselibs + (boo#1176206) + ------------------------------------------------------------------- Sat Aug 22 06:41:15 UTC 2020 - Wolfgang Rosenauer diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 716c338..711e769 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -1,7 +1,7 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2006-2020 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -17,14 +17,14 @@ # -%global nss_softokn_fips_version 3.55 -%define NSPR_min_version 4.27 +%global nss_softokn_fips_version 3.56 +%define NSPR_min_version 4.28 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb Name: mozilla-nss -Version: 3.55 +Version: 3.56 Release: 0 -%define underscore_version 3_55 +%define underscore_version 3_56 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -68,7 +68,6 @@ Patch30: nss-fips-tls-allow-md5-prf.patch Patch31: nss-fips-use-strong-random-pool.patch Patch32: nss-fips-detect-fips-mode-fixes.patch Patch34: nss-fips-combined-hash-sign-dsa-ecdsa.patch -Patch35: nss-fix-dh-pkcs-derive-inverted-logic.patch Patch36: nss-fips-aes-keywrap-post.patch %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references @@ -226,7 +225,6 @@ cd nss %patch31 -p1 %patch32 -p1 %patch34 -p1 -%patch35 -p1 %patch36 -p1 # additional CA certificates diff --git a/nss-3.55.tar.gz b/nss-3.55.tar.gz deleted file mode 100644 index 0046701..0000000 --- a/nss-3.55.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fc692e3db45a082ee6328cd989e795c171a00df9c518df090937f7604f850004 -size 81759883 diff --git a/nss-3.56.tar.gz b/nss-3.56.tar.gz new file mode 100644 index 0000000..bd13d8d --- /dev/null +++ b/nss-3.56.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f875e0e8ed3b5ce92d675be4a55aa25a8c1199789a4a01f69b5f2327e2048e9c +size 81706176 diff --git a/nss-fips-approved-crypto-non-ec.patch b/nss-fips-approved-crypto-non-ec.patch index ec3cd50..346d858 100644 --- a/nss-fips-approved-crypto-non-ec.patch +++ b/nss-fips-approved-crypto-non-ec.patch @@ -6,14 +6,14 @@ # Parent 3f4d682c9a1e8b3d939c744ee249e23179db5191 imported patch nss-fips-approved-crypto-non-ec.patch -diff --git a/lib/freebl/alg2268.c b/lib/freebl/alg2268.c ---- a/lib/freebl/alg2268.c -+++ b/lib/freebl/alg2268.c +diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c +--- a/lib/freebl/deprecated/alg2268.c ++++ b/lib/freebl/deprecated/alg2268.c @@ -16,6 +16,8 @@ #include /* for ptrdiff_t */ #endif -+#include "fips.h" ++#include "../fips.h" + /* ** RC2 symmetric block cypher diff --git a/nss-fix-dh-pkcs-derive-inverted-logic.patch b/nss-fix-dh-pkcs-derive-inverted-logic.patch deleted file mode 100644 index 41b3390..0000000 --- a/nss-fix-dh-pkcs-derive-inverted-logic.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User M. Sirringhaus -# Date 1590586654 -7200 -# Wed May 27 15:37:34 2020 +0200 -# Node ID 582ed54a5cda147cd5996603d6066817edb687fa -# Parent ce99bba6375432c55a73c1367f619dfef7c7e9fc -imported patch nss-fix-dh-pkcs-derive-inverted-logic.patch - -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -8316,7 +8316,7 @@ - if (crv == CKR_OK) { - rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime); - PORT_Free(dhSubPrime.data); -- if (rv != SECSuccess) { -+ if (rv == PR_FALSE) { - crv = CKR_ARGUMENTS_BAD; - PORT_Free(dhPrime.data); - PORT_Free(dhValue.data);