pool/mozilla-nss
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 644083 from mozilla:Factory

Browse Source 
in preparation of Firefox 63

- update to NSS 3.39
  * required by Firefox 63.0
  Notable bug fixes
  * NSS responded to an SSLv2-compatible ClientHello with a
    ServerHello that had an all-zero random (CVE-2018-12384) (bmo#1483128)
  New functionality
  * The tstclnt and selfserv utilities added support for configuring
    the enabled TLS signature schemes using the -J parameter.
  * NSS will use RSA-PSS keys to authenticate in TLS. Support for
    these keys is disabled by default but can be enabled using
    SSL_SignatureSchemePrefSet().
  * certutil added the ability to delete an orphan private key from
    an NSS key database.
  * Added the nss-policy-check utility, which can be used to check
    an NSS policy configuration for problems.
  * A PKCS#11 URI can be used as an identifier for a PKCS#11 token.
  Notable changes
  * The TLS 1.3 implementation uses the final version number from
    RFC 8446.
  * Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
    where the DigestInfo structure was missing the NULL parameter.
    Starting with version 3.39, NSS requires the encoding to contain
    the NULL parameter.
  * The tstclnt and selfserv test utilities no longer accept the -z
    parameter, as support for TLS compression was removed in a
    previous NSS version.
  * The CA certificates list was updated to version 2.26.
  * The following CA certificates were Added:
    - OU = GlobalSign Root CA - R6
    - CN = OISTE WISeKey Global Root GC CA

OBS-URL: https://build.opensuse.org/request/show/644083
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=140
This commit is contained in:
Dominique Leuenberger 2018-10-29 13:15:17 +00:00 committed by Git OBS Bridge
commit 96d7217949
5 changed files with 53 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
malloc.patch
View File

@ -1,19 +1,8 @@
# HG changeset patch
# Parent 032e1235ede0393863f4720ba6746baa24cb68e4
Index: security/nss/tests/ssl/ssl.sh
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v
retrieving revision 1.100
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
index c1730d8..5eee525 100755
--- a/tests/ssl/ssl.sh --- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh
@@ -1354,12 +1354,13 @@ ssl_run_tests() @@ -1449,6 +1449,7 @@ ssl_run_tests()
fi
;;
esac
done
}
################################# main ################################# ################################# main #################################
@ -21,4 +10,3 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
ssl_init ssl_init
ssl_run_tests ssl_run_tests
ssl_cleanup ssl_cleanup

42
mozilla-nss.changes
View File

@ -1,3 +1,45 @@
-------------------------------------------------------------------
Sun Oct 21 07:39:58 UTC 2018 - wr@rosenauer.org
- update to NSS 3.39
* required by Firefox 63.0
Notable bug fixes
* NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random (CVE-2018-12384) (bmo#1483128)
New functionality
* The tstclnt and selfserv utilities added support for configuring
the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
these keys is disabled by default but can be enabled using
SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
an NSS key database.
* Added the nss-policy-check utility, which can be used to check
an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.
Notable changes
* The TLS 1.3 implementation uses the final version number from
RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
where the DigestInfo structure was missing the NULL parameter.
Starting with version 3.39, NSS requires the encoding to contain
the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
parameter, as support for TLS compression was removed in a
previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
- OU = GlobalSign Root CA - R6
- CN = OISTE WISeKey Global Root GC CA
* The following CA certificate was Removed:
- CN = ComSign
* The following CA certificates had the Websites trust bit disabled:
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Oct 14 08:10:08 UTC 2018 - meissner@suse.com Sun Oct 14 08:10:08 UTC 2018 - meissner@suse.com

11
mozilla-nss.spec
View File

@ -13,7 +13,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -21,11 +21,11 @@
Name: mozilla-nss Name: mozilla-nss
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: mozilla-nspr-devel >= 4.19 BuildRequires: mozilla-nspr-devel >= 4.20
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
Version: 3.38 Version: 3.39
Release: 0 Release: 0
# bug437293 # bug437293
%ifarch ppc64 %ifarch ppc64
@ -36,8 +36,8 @@ Summary: Network Security Services
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/ Url: http://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_38_RTM/src/nss-%{version}.tar.gz Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_39_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.38/nss ; cd nss-3.38/nss ; hg up NSS_3_38_RTM # hg clone https://hg.mozilla.org/projects/nss nss-3.39/nss ; cd nss-3.39/nss ; hg up NSS_3_39_RTM
#Source: nss-%{version}.tar.gz #Source: nss-%{version}.tar.gz
Source1: nss.pc.in Source1: nss.pc.in
Source3: nss-config.in Source3: nss-config.in
@ -265,6 +265,7 @@ cp -L lib/libcrmf.a \
cp -L bin/certutil \ cp -L bin/certutil \
bin/cmsutil \ bin/cmsutil \
bin/crlutil \ bin/crlutil \
bin/nss-policy-check \
bin/modutil \ bin/modutil \
bin/pk12util \ bin/pk12util \
bin/signtool \ bin/signtool \

3
nss-3.38.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2c643d3c08d6935f4d325f40743719b6990aa25a79ec2f8f712c99d086672f62
size 23023474

3
nss-3.39.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6be64dd76f212415cc8bc34343ac1e7389048db4db9a023a84873c411dc5864b
size 23048561