diff --git a/mozilla-nss.changes b/mozilla-nss.changes index e56e12d..338bc47 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Tue Jan 9 12:50:19 UTC 2018 - wr@rosenauer.org + +- update to NSS 3.34.1 + Changes in 3.34: + Notable changes + * The following CA certificates were Added: + GDCA TrustAUTH R5 ROOT + SSL.com Root Certification Authority RSA + SSL.com Root Certification Authority ECC + SSL.com EV Root Certification Authority RSA R2 + SSL.com EV Root Certification Authority ECC + TrustCor RootCert CA-1 + TrustCor RootCert CA-2 + TrustCor ECA-1 + * The following CA certificates were Removed: + Certum CA, O=Unizeto Sp. z o.o. + StartCom Certification Authority + StartCom Certification Authority G2 + TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 + ACEDICOM Root + Certinomis - Autorité Racine + TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı + PSCProcert + CA 沃通根证书, O=WoSign CA Limited + Certification Authority of WoSign + Certification Authority of WoSign G2 + CA WoSign ECC Root + * libfreebl no longer requires SSE2 instructions + New functionality + * When listing an NSS database using certutil -L, but the database + hasn't yet been initialized with any non-empty or empty password, + the text "Database needs user init" will be included in the listing. + * When using certutil to set an inacceptable password in FIPS mode, + a correct explanation of acceptable passwords will be printed. + * SSLKEYLOGFILE is now supported with TLS 1.3, see bmo#1287711 for details. + * SSLChannelInfo has two new fields (bmo#1396525): + SSLNamedGroup originalKeaGroup holds the key exchange group of + the original handshake when the session was resumed. + PRBool resumed is PR_TRUE when the session is resumed and PR_FALSE + otherwise. + * RSA-PSS signatures are now supported on certificates. Certificates + with RSA-PSS or RSA-PKCS#1v1.5 keys can be used to create an RSA-PSS + signature on a certificate using the --pss-sign argument to certutil. + Changes in 3.34.1: + * The following CA certificate was Re-Added. It was removed in NSS + 3.34, but has been re-added with only the Email trust bit set. + (bmo#1418678): + libfreebl no longer requires SSE2 instructionsCN = Certum CA, O=Unizeto Sp. z o.o. + * Removed entries from certdata.txt for actively distrusted + certificates that have expired (bmo#1409872) + * The version of the CA list was set to 2.20. + ------------------------------------------------------------------- Thu Dec 7 11:13:11 UTC 2017 - dimstar@opensuse.org diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 3699c22..3b0c366 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -1,7 +1,7 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2006-2017 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -17,7 +17,7 @@ # -%global nss_softokn_fips_version 3.28 +%global nss_softokn_fips_version 3.34.1 Name: mozilla-nss BuildRequires: gcc-c++ @@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.17 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.33 +Version: 3.34.1 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_33_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.33/nss ; cd nss-3.33/nss ; hg up NSS_3_33_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_34_1_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.34.1/nss ; cd nss-3.34.1/nss ; hg up NSS_3_34_1_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -88,7 +88,7 @@ Summary: Network (Netscape) Security Services development files Group: Development/Libraries/C and C++ Requires: libfreebl3 Requires: libsoftokn3 -Requires: mozilla-nspr-devel >= 4.14 +Requires: mozilla-nspr-devel >= 4.17 Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 @@ -190,6 +190,7 @@ DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + +export NSS_NO_PKCS11_BYPASS=1 export FREEBL_NO_DEPEND=1 export FREEBL_LOWHASH=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` diff --git a/nss-3.33.tar.gz b/nss-3.33.tar.gz deleted file mode 100644 index 28d71b3..0000000 --- a/nss-3.33.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 -size 9578033 diff --git a/nss-3.34.1.tar.gz b/nss-3.34.1.tar.gz new file mode 100644 index 0000000..98622ed --- /dev/null +++ b/nss-3.34.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3c15d367caf784f33d96dbafbdffc16a8e42fb8c8aedfce97bf92a9f918dda0 +size 9562876