- update to 3.18

* Firefox target release 38
  New functionality:
  * When importing certificates and keys from a PKCS#12 source,
    it's now possible to override the nicknames, prior to importing
    them into the NSS database, using new API
    SEC_PKCS12DecoderRenameCertNicknames.
  * The tstclnt test utility program has new command-line options
    -C, -D, -b and -R.
    Use -C one, two or three times to print information about the
    certificates received from a server, and information about the
    locally found and trusted issuer certificates, to diagnose
    server side configuration issues. It is possible to run tstclnt
    without providing a database (-D). A PKCS#11 library that
    contains root CA certificates can be loaded by tstclnt, which
    may either be the nssckbi library provided by NSS (-b) or
    another compatible library (-R).
  New Functions:
  * SEC_CheckCrlTimes
  * SEC_GetCrlTimes
  * SEC_PKCS12DecoderRenameCertNicknames
  New Types:
  * SEC_PKCS12NicknameRenameCallback
  Notable Changes:
  * The highest TLS protocol version enabled by default has been
    increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
    protocol version enabled by default has been increased from
    DTLS 1.0 to DTLS 1.2.
  * The default key size used by certutil when creating an RSA key
    pair has been increased from 1024 bits to 2048 bits.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=175

mozilla-nss.changes

@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Fri Apr  3 08:34:59 UTC 2015 - wr@rosenauer.org
+
+- update to 3.18
+  * Firefox target release 38
+  New functionality:
+  * When importing certificates and keys from a PKCS#12 source,
+    it's now possible to override the nicknames, prior to importing
+    them into the NSS database, using new API
+    SEC_PKCS12DecoderRenameCertNicknames.
+  * The tstclnt test utility program has new command-line options
+    -C, -D, -b and -R.
+    Use -C one, two or three times to print information about the
+    certificates received from a server, and information about the
+    locally found and trusted issuer certificates, to diagnose
+    server side configuration issues. It is possible to run tstclnt
+    without providing a database (-D). A PKCS#11 library that
+    contains root CA certificates can be loaded by tstclnt, which
+    may either be the nssckbi library provided by NSS (-b) or
+    another compatible library (-R).
+  New Functions:
+  * SEC_CheckCrlTimes
+  * SEC_GetCrlTimes
+  * SEC_PKCS12DecoderRenameCertNicknames
+  New Types:
+  * SEC_PKCS12NicknameRenameCallback
+  Notable Changes:
+  * The highest TLS protocol version enabled by default has been
+    increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
+    protocol version enabled by default has been increased from
+    DTLS 1.0 to DTLS 1.2.
+  * The default key size used by certutil when creating an RSA key
+    pair has been increased from 1024 bits to 2048 bits.
+  * The following CA certificates had the Websites and Code Signing
+    trust bits turned off:
+    - Equifax Secure Certificate Authority
+    - Equifax Secure Global eBusiness CA-1
+    - TC TrustCenter Class 3 CA II
+  * The following CA certificates were added:
+    - Staat der Nederlanden Root CA - G3
+    - Staat der Nederlanden EV Root CA
+    - IdenTrust Commercial Root CA 1
+    - IdenTrust Public Sector Root CA 1
+    - S-TRUST Universal Root CA
+    - Entrust Root Certification Authority - G2
+    - Entrust Root Certification Authority - EC1
+    - CFCA EV ROOT
+  * The version number of the updated root CA list has been set
+    to 2.3
+
 -------------------------------------------------------------------
 Sat Jan 31 17:53:49 UTC 2015 - wr@rosenauer.org
 

mozilla-nss.spec

@@ -21,11 +21,11 @@
 
 Name:           mozilla-nss
 BuildRequires:  gcc-c++
-BuildRequires:  mozilla-nspr-devel >= 4.10.7
+BuildRequires:  mozilla-nspr-devel >= 4.10.8
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.17.4
+Version:        3.18
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.17.4/nss ; cd nss-3.17.4/nss ; hg up NSS_3_17_4_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.18/nss ; cd nss-3.18/nss ; hg up NSS_3_18_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in
@@ -48,6 +48,7 @@ Source7:        cert9.db
 Source8:        key4.db
 Source9:        pkcs11.txt
 #Source10:       PayPalEE.cert
+Source99:       %{name}.changes
 Patch1:         nss-opt.patch
 Patch2:         system-nspr.patch
 Patch4:         nss-no-rpath.patch
@@ -179,7 +180,7 @@ cd nss
 
 %build
 cd nss
-modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
+modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
 find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +

nss-3.17.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79
-size 6924699

nss-3.18.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:618db0fb2af9f6fc165934d509036b65efc78ab0ae118c06c9488bb667f21d40
+size 6944836