Accepting request 829609 from mozilla:Factory
- update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
OBS-URL: https://build.opensuse.org/request/show/829609
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=161
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
b6c47560ab
@ -1,3 +1,40 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 22 06:41:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
- update to NSS 3.55
|
||||
Notable changes
|
||||
* P384 and P521 elliptic curve implementations are replaced with
|
||||
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
|
||||
* PK11_FindCertInSlot is added. With this function, a given slot
|
||||
can be queried with a DER-Encoded certificate, providing performance
|
||||
and usability improvements over other mechanisms. (bmo#1649633)
|
||||
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
|
||||
Relevant Bugfixes
|
||||
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
|
||||
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
|
||||
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
|
||||
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
|
||||
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
|
||||
ChaCha20 (which was not functioning correctly) and more strictly
|
||||
enforce tag length.
|
||||
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
|
||||
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
|
||||
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
|
||||
* bmo#1653202 - Fix initialization bug in blapitest when compiled
|
||||
with NSS_DISABLE_DEPRECATED_SEED.
|
||||
* bmo#1646594 - Fix AVX2 detection in makefile builds.
|
||||
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
|
||||
for a DER-encoded certificate.
|
||||
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
|
||||
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
|
||||
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
|
||||
* bmo#1649226 - Add Wycheproof ECDSA tests.
|
||||
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
|
||||
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
|
||||
RSA_CheckSignRecover.
|
||||
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
|
||||
signature_algorithms extension.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 23 13:31:51 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
|
||||
@ -17,14 +17,14 @@
|
||||
#
|
||||
|
||||
|
||||
%global nss_softokn_fips_version 3.54
|
||||
%define NSPR_min_version 4.26
|
||||
%global nss_softokn_fips_version 3.55
|
||||
%define NSPR_min_version 4.27
|
||||
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
|
||||
%define nssdbdir %{_sysconfdir}/pki/nssdb
|
||||
Name: mozilla-nss
|
||||
Version: 3.54
|
||||
Version: 3.55
|
||||
Release: 0
|
||||
%define underscore_version 3_54
|
||||
%define underscore_version 3_55
|
||||
Summary: Network Security Services
|
||||
License: MPL-2.0
|
||||
Group: System/Libraries
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:dab18bbfcf5e347934cda664df75ce9fd912a5772686c40d3c805e53c08d6e43
|
||||
size 81190188
|
||||
3
nss-3.55.tar.gz
Normal file
3
nss-3.55.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fc692e3db45a082ee6328cd989e795c171a00df9c518df090937f7604f850004
|
||||
size 81759883
|
||||
Loading…
Reference in New Issue
Block a user