- update to NSS 3.22.3

* required for Firefox 46.0
  * Increase compatibility of TLS extended master secret,
    don't send an empty TLS extension last in the handshake
    (bmo#1243641)

- update to NSS 3.22.2
  New functionality:
  * RSA-PSS signatures are now supported (bmo#1215295)
  * Pseudorandom functions based on hashes other than SHA-1 are now supported
  * Enforce an External Policy on NSS from a config file (bmo#1009429)
  New functions:
  * PK11_SignWithMechanism - an extended version PK11_Sign()
  * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
  * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
    TLS extension data
  * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
    TLS extension data
  New types:
  * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
  * Constants for several object IDs are added to SECOidTag
  New macros:
  * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
  * NSS_USE_ALG_IN_SSL
  * NSS_USE_POLICY_IN_SSL
  * NSS_RSA_MIN_KEY_SIZE
  * NSS_DH_MIN_KEY_SIZE
  * NSS_DSA_MIN_KEY_SIZE
  * NSS_TLS_VERSION_MIN_POLICY
  * NSS_TLS_VERSION_MAX_POLICY

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=209

mozilla-nss.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.3
+  * required for Firefox 46.0
+  * Increase compatibility of TLS extended master secret,
+    don't send an empty TLS extension last in the handshake
+    (bmo#1243641)
+
+-------------------------------------------------------------------
+Wed Mar  9 15:42:01 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.2
+  New functionality:
+  * RSA-PSS signatures are now supported (bmo#1215295)
+  * Pseudorandom functions based on hashes other than SHA-1 are now supported
+  * Enforce an External Policy on NSS from a config file (bmo#1009429)
+  New functions:
+  * PK11_SignWithMechanism - an extended version PK11_Sign()
+  * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
+  * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
+    TLS extension data
+  * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
+    TLS extension data
+  New types:
+  * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
+  * Constants for several object IDs are added to SECOidTag
+  New macros:
+  * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
+  * NSS_USE_ALG_IN_SSL
+  * NSS_USE_POLICY_IN_SSL
+  * NSS_RSA_MIN_KEY_SIZE
+  * NSS_DH_MIN_KEY_SIZE
+  * NSS_DSA_MIN_KEY_SIZE
+  * NSS_TLS_VERSION_MIN_POLICY
+  * NSS_TLS_VERSION_MAX_POLICY
+  * NSS_DTLS_VERSION_MIN_POLICY
+  * NSS_DTLS_VERSION_MAX_POLICY
+  * CKP_PKCS5_PBKD2_HMAC_SHA224
+  * CKP_PKCS5_PBKD2_HMAC_SHA256
+  * CKP_PKCS5_PBKD2_HMAC_SHA384
+  * CKP_PKCS5_PBKD2_HMAC_SHA512
+  * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
+  * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
+  * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
+  Notable changes:
+  * NSS C++ tests are built by default, requiring a C++11 compiler.
+    Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
+  * NSS has been changed to use the PR_GetEnvSecure function that
+    was made available in NSPR 4.12
+
 -------------------------------------------------------------------
 Mon Mar  7 15:41:50 UTC 2016 - wr@rosenauer.org
 
@@ -5,10 +56,8 @@ Mon Mar  7 15:41:50 UTC 2016 - wr@rosenauer.org
   * required for Firefox 45.0
   * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
     Buffer overflow during ASN.1 decoding in NSS
-    (fixed by requiring 3.21.1)
   * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
     Use-after-free during processing of DER encoded keys in NSS
-    (fixed by requiring 3.21.1)
 
 -------------------------------------------------------------------
 Sun Dec 20 10:12:35 UTC 2015 - wr@rosenauer.org

mozilla-nss.spec

@@ -2,7 +2,7 @@
 # spec file for package mozilla-nss
 #
 # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-# Copyright (c) 2006-2016 Wolfgang Rosenauer
+# Copyright (c) 2006-2015 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,11 +21,11 @@
 
 Name:           mozilla-nss
 BuildRequires:  gcc-c++
-BuildRequires:  mozilla-nspr-devel >= 4.10.10
+BuildRequires:  mozilla-nspr-devel >= 4.12
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.21.1
+Version:        3.22.3
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_1_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.21.1/nss ; cd nss-3.21.1/nss ; hg up NSS_3_21_1_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_3_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.22.3/nss ; cd nss-3.22.3/nss ; hg up NSS_3_22_3_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in

nss-3.21.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:daf6bb45246630547b5de31132287bb585fcd283fc856ed4136a69c47c4ad94e
-size 6978378

nss-3.22.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:03be288e20c19a032403318cc819529229aafdf6d50bc77b682e33a3241f9b97
+size 6981457