Accepting request 440230 from mozilla:Factory

- update to NSS 3.26.2
  * required for Firefox 50.0
  Changes in 3.26
  New Functionality:
  * the selfserv test utility has been enhanced to support ALPN
    (HTTP/1.1) and 0-RTT
  * added support for the System-wide crypto policy available on
    Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy
  * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation
    of NSS without the libpkix library
  Notable Changes:
  * The following CA certificate was Added
    CN = ISRG Root X1
  * NPN is disabled and ALPN is enabled by default
  * the NSS test suite now completes with the experimental TLS 1.3
    code enabled
  * several test improvements and additions, including a NIST known answer test
  Changes in 3.26.2
  * MD5 signature algorithms sent by the server in CertificateRequest
    messages are now properly ignored. Previously, with rare server
    configurations, an MD5 signature algorithm might have been selected
    for client authentication and caused the client to abort the
    connection soon after.

OBS-URL: https://build.opensuse.org/request/show/440230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=119

mozilla-nss.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Mon Nov 14 12:35:55 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.26.2
+  * required for Firefox 50.0
+  Changes in 3.26
+  New Functionality:
+  * the selfserv test utility has been enhanced to support ALPN
+    (HTTP/1.1) and 0-RTT
+  * added support for the System-wide crypto policy available on
+    Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy
+  * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation
+    of NSS without the libpkix library
+  Notable Changes:
+  * The following CA certificate was Added
+    CN = ISRG Root X1
+  * NPN is disabled and ALPN is enabled by default
+  * the NSS test suite now completes with the experimental TLS 1.3
+    code enabled
+  * several test improvements and additions, including a NIST known answer test
+  Changes in 3.26.2
+  * MD5 signature algorithms sent by the server in CertificateRequest
+    messages are now properly ignored. Previously, with rare server
+    configurations, an MD5 signature algorithm might have been selected
+    for client authentication and caused the client to abort the
+    connection soon after.
+
 -------------------------------------------------------------------
 Mon Aug 22 13:02:08 UTC 2016 - wr@rosenauer.org
 

mozilla-nss.spec

@@ -25,7 +25,7 @@ BuildRequires:  mozilla-nspr-devel >= 4.12
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.25
+Version:        3.26.2
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_25_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.25/nss ; cd nss-3.25/nss ; hg up NSS_3_25_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_26_2_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.26.2/nss ; cd nss-3.26.2/nss ; hg up NSS_3_26_2_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in

nss-3.25.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359
-size 7338238

nss-3.26.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:13a40a2f97edf5fab3d4c7fdd928e77df36dc539cd8354b6b5d79ab93a131a5a
+size 7388390