pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 829609 from mozilla:Factory

Browse Source 
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in

OBS-URL: https://build.opensuse.org/request/show/829609
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=161
This commit is contained in:
Dominique Leuenberger 2020-09-02 23:08:00 +00:00 committed by Git OBS Bridge
commit b6c47560ab
4 changed files with 44 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
mozilla-nss.changes
View File

@ -1,3 +1,40 @@
-------------------------------------------------------------------
Sat Aug 22 06:41:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 23 13:31:51 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> Thu Jul 23 13:31:51 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>

8
mozilla-nss.spec
View File

@ -17,14 +17,14 @@
# #
%global nss_softokn_fips_version 3.54 %global nss_softokn_fips_version 3.55
%define NSPR_min_version 4.26 %define NSPR_min_version 4.27
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb %define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss Name: mozilla-nss
Version: 3.54 Version: 3.55
Release: 0 Release: 0
%define underscore_version 3_54 %define underscore_version 3_55
Summary: Network Security Services Summary: Network Security Services
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries

3
nss-3.54.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dab18bbfcf5e347934cda664df75ce9fd912a5772686c40d3c805e53c08d6e43
size 81190188

3
nss-3.55.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fc692e3db45a082ee6328cd989e795c171a00df9c518df090937f7604f850004
size 81759883