From 0967a1196adb54d87875005a1c4839fe497795783fd3d1f38988406af235fb7e Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 20 Jan 2018 20:25:21 +0000 Subject: [PATCH] =?UTF-8?q?-=20update=20to=20NSS=203.34.1=20=20=20Changes?= =?UTF-8?q?=20in=203.34:=20=20=20Notable=20changes=20=20=20*=20The=20follo?= =?UTF-8?q?wing=20CA=20certificates=20were=20Added:=20=20=20=20=20GDCA=20T?= =?UTF-8?q?rustAUTH=20R5=20ROOT=20=20=20=20=20SSL.com=20Root=20Certificati?= =?UTF-8?q?on=20Authority=20RSA=20=20=20=20=20SSL.com=20Root=20Certificati?= =?UTF-8?q?on=20Authority=20ECC=20=20=20=20=20SSL.com=20EV=20Root=20Certif?= =?UTF-8?q?ication=20Authority=20RSA=20R2=20=20=20=20=20SSL.com=20EV=20Roo?= =?UTF-8?q?t=20Certification=20Authority=20ECC=20=20=20=20=20TrustCor=20Ro?= =?UTF-8?q?otCert=20CA-1=20=20=20=20=20TrustCor=20RootCert=20CA-2=20=20=20?= =?UTF-8?q?=20=20TrustCor=20ECA-1=20=20=20*=20The=20following=20CA=20certi?= =?UTF-8?q?ficates=20were=20Removed:=20=20=20=20=20Certum=20CA,=20O=3DUniz?= =?UTF-8?q?eto=20Sp.=20z=20o.o.=20=20=20=20=20StartCom=20Certification=20A?= =?UTF-8?q?uthority=20=20=20=20=20StartCom=20Certification=20Authority=20G?= =?UTF-8?q?2=20=20=20=20=20T=C3=9CB=C4=B0TAK=20UEKAE=20K=C3=B6k=20Sertifik?= =?UTF-8?q?a=20Hizmet=20Sa=C4=9Flay=C4=B1c=C4=B1s=C4=B1=20-=20S=C3=BCr?= =?UTF-8?q?=C3=BCm=203=20=20=20=20=20ACEDICOM=20Root=20=20=20=20=20Certino?= =?UTF-8?q?mis=20-=20Autorit=C3=A9=20Racine=20=20=20=20=20T=C3=9CRKTRUST?= =?UTF-8?q?=20Elektronik=20Sertifika=20Hizmet=20Sa=C4=9Flay=C4=B1c=C4=B1s?= =?UTF-8?q?=C4=B1=20=20=20=20=20PSCProcert=20=20=20=20=20CA=20=E6=B2=83?= =?UTF-8?q?=E9=80=9A=E6=A0=B9=E8=AF=81=E4=B9=A6,=20O=3DWoSign=20CA=20Limit?= =?UTF-8?q?ed=20=20=20=20=20Certification=20Authority=20of=20WoSign=20=20?= =?UTF-8?q?=20=20=20Certification=20Authority=20of=20WoSign=20G2=20=20=20?= =?UTF-8?q?=20=20CA=20WoSign=20ECC=20Root=20=20=20*=20libfreebl=20no=20lon?= =?UTF-8?q?ger=20requires=20SSE2=20instructions=20=20=20New=20functionalit?= =?UTF-8?q?y=20=20=20*=20When=20listing=20an=20NSS=20database=20using=20ce?= =?UTF-8?q?rtutil=20-L,=20but=20the=20database=20=20=20=20=20hasn't=20yet?= =?UTF-8?q?=20been=20initialized=20with=20any=20non-empty=20or=20empty=20p?= =?UTF-8?q?assword,=20=20=20=20=20the=20text=20"Database=20needs=20user=20?= =?UTF-8?q?init"=20will=20be=20included=20in=20the=20listing.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=254 --- mozilla-nss.changes | 53 +++++++++++++++++++++++++++++++++++++++++++++ mozilla-nss.spec | 13 ++++++----- nss-3.33.tar.gz | 3 --- nss-3.34.1.tar.gz | 3 +++ 4 files changed, 63 insertions(+), 9 deletions(-) delete mode 100644 nss-3.33.tar.gz create mode 100644 nss-3.34.1.tar.gz diff --git a/mozilla-nss.changes b/mozilla-nss.changes index e56e12d..338bc47 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Tue Jan 9 12:50:19 UTC 2018 - wr@rosenauer.org + +- update to NSS 3.34.1 + Changes in 3.34: + Notable changes + * The following CA certificates were Added: + GDCA TrustAUTH R5 ROOT + SSL.com Root Certification Authority RSA + SSL.com Root Certification Authority ECC + SSL.com EV Root Certification Authority RSA R2 + SSL.com EV Root Certification Authority ECC + TrustCor RootCert CA-1 + TrustCor RootCert CA-2 + TrustCor ECA-1 + * The following CA certificates were Removed: + Certum CA, O=Unizeto Sp. z o.o. + StartCom Certification Authority + StartCom Certification Authority G2 + TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 + ACEDICOM Root + Certinomis - Autorité Racine + TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı + PSCProcert + CA 沃通根证书, O=WoSign CA Limited + Certification Authority of WoSign + Certification Authority of WoSign G2 + CA WoSign ECC Root + * libfreebl no longer requires SSE2 instructions + New functionality + * When listing an NSS database using certutil -L, but the database + hasn't yet been initialized with any non-empty or empty password, + the text "Database needs user init" will be included in the listing. + * When using certutil to set an inacceptable password in FIPS mode, + a correct explanation of acceptable passwords will be printed. + * SSLKEYLOGFILE is now supported with TLS 1.3, see bmo#1287711 for details. + * SSLChannelInfo has two new fields (bmo#1396525): + SSLNamedGroup originalKeaGroup holds the key exchange group of + the original handshake when the session was resumed. + PRBool resumed is PR_TRUE when the session is resumed and PR_FALSE + otherwise. + * RSA-PSS signatures are now supported on certificates. Certificates + with RSA-PSS or RSA-PKCS#1v1.5 keys can be used to create an RSA-PSS + signature on a certificate using the --pss-sign argument to certutil. + Changes in 3.34.1: + * The following CA certificate was Re-Added. It was removed in NSS + 3.34, but has been re-added with only the Email trust bit set. + (bmo#1418678): + libfreebl no longer requires SSE2 instructionsCN = Certum CA, O=Unizeto Sp. z o.o. + * Removed entries from certdata.txt for actively distrusted + certificates that have expired (bmo#1409872) + * The version of the CA list was set to 2.20. + ------------------------------------------------------------------- Thu Dec 7 11:13:11 UTC 2017 - dimstar@opensuse.org diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 3699c22..3b0c366 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -1,7 +1,7 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2006-2017 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -17,7 +17,7 @@ # -%global nss_softokn_fips_version 3.28 +%global nss_softokn_fips_version 3.34.1 Name: mozilla-nss BuildRequires: gcc-c++ @@ -25,7 +25,7 @@ BuildRequires: mozilla-nspr-devel >= 4.17 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.33 +Version: 3.34.1 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ Summary: Network Security Services License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_33_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.33/nss ; cd nss-3.33/nss ; hg up NSS_3_33_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_34_1_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.34.1/nss ; cd nss-3.34.1/nss ; hg up NSS_3_34_1_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -88,7 +88,7 @@ Summary: Network (Netscape) Security Services development files Group: Development/Libraries/C and C++ Requires: libfreebl3 Requires: libsoftokn3 -Requires: mozilla-nspr-devel >= 4.14 +Requires: mozilla-nspr-devel >= 4.17 Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 @@ -190,6 +190,7 @@ DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + +export NSS_NO_PKCS11_BYPASS=1 export FREEBL_NO_DEPEND=1 export FREEBL_LOWHASH=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` diff --git a/nss-3.33.tar.gz b/nss-3.33.tar.gz deleted file mode 100644 index 28d71b3..0000000 --- a/nss-3.33.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 -size 9578033 diff --git a/nss-3.34.1.tar.gz b/nss-3.34.1.tar.gz new file mode 100644 index 0000000..98622ed --- /dev/null +++ b/nss-3.34.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3c15d367caf784f33d96dbafbdffc16a8e42fb8c8aedfce97bf92a9f918dda0 +size 9562876