- update to NSS 3.98

* bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
                  in TLS
  * bmo#1879513 - Certificate Compression: enabling the check that
                  the compression was advertised
  * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
  * bmo#1879945 - Remove Email trust bit from OISTE WISeKey
                  Global Root GC CA
  * bmo#1877344 - Replace `distutils.spawn.find_executable` with
                  `shutil.which` within `mach` in `nss`
  * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
                  support Certificate compression
  * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
  * bmo#1875356 - Add valgrind annotations to freebl kyber operations
                  for constant-time execution tests
  * bmo#1870673 - Set nssckbi version number to 2.66
  * bmo#1874017 - Add Telekom Security roots
  * bmo#1873095 - Add D-Trust 2022 S/MIME roots
  * bmo#1865450 - Remove expired Security Communication RootCA1 root
  * bmo#1876179 - move keys to a slot that supports concatenation in
                  PK11_ConcatSymKeys
  * bmo#1876800 - remove unmaintained tls-interop tests
  * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
                  flags
  * bmo#1874937 - bogo: add support for the -curves shim flag and
                  update Kyber expectations
  * bmo#1874937 - bogo: adjust expectation for a key usage bit test
  * bmo#1757758 - mozpkix: add option to ignore invalid subject
                  alternative names
  * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=442

mozilla-nss.changes

@@ -1,7 +1,46 @@
+-------------------------------------------------------------------
+Sat Mar 16 21:39:31 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to NSS 3.98
+  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
+                  in TLS
+  * bmo#1879513 - Certificate Compression: enabling the check that
+                  the compression was advertised
+  * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
+  * bmo#1879945 - Remove Email trust bit from OISTE WISeKey
+                  Global Root GC CA
+  * bmo#1877344 - Replace `distutils.spawn.find_executable` with
+                  `shutil.which` within `mach` in `nss`
+  * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
+                  support Certificate compression
+  * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
+  * bmo#1875356 - Add valgrind annotations to freebl kyber operations
+                  for constant-time execution tests
+  * bmo#1870673 - Set nssckbi version number to 2.66
+  * bmo#1874017 - Add Telekom Security roots
+  * bmo#1873095 - Add D-Trust 2022 S/MIME roots
+  * bmo#1865450 - Remove expired Security Communication RootCA1 root
+  * bmo#1876179 - move keys to a slot that supports concatenation in
+                  PK11_ConcatSymKeys
+  * bmo#1876800 - remove unmaintained tls-interop tests
+  * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
+                  flags
+  * bmo#1874937 - bogo: add support for the -curves shim flag and
+                  update Kyber expectations
+  * bmo#1874937 - bogo: adjust expectation for a key usage bit test
+  * bmo#1757758 - mozpkix: add option to ignore invalid subject
+                  alternative names
+  * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
+  * bmo#1876390 - take ownership of ecckilla shims
+  * bmo#1874458 - add valgrind annotations to freebl/ec.c
+  * bmo#864039  - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
+  * bmo#1875965 - Update zlib to 1.3.1
+
 -------------------------------------------------------------------
 Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
 - Add crypto-policies support [bsc#1211301]
+  deactivated for now
 
 -------------------------------------------------------------------
 Fri Feb 23 11:55:45 UTC 2024 - pgajdos@suse.com

mozilla-nss.spec

@@ -2,7 +2,7 @@
 # spec file for package mozilla-nss
 #
 # Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2006-2023 Wolfgang Rosenauer
+# Copyright (c) 2006-2024 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,15 +17,15 @@
 #
 
 
-%global nss_softokn_fips_version 3.97
+%global nss_softokn_fips_version 3.98
 %define NSPR_min_version 4.35
 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
 %define nssdbdir %{_sysconfdir}/pki/nssdb
 %global crypto_policies_version 20210118
 Name:           mozilla-nss
-Version:        3.97
+Version:        3.98
 Release:        0
-%define underscore_version 3_97
+%define underscore_version 3_98
 Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
@@ -284,9 +284,9 @@ export MAKE_FLAGS="BUILD_OPT=1"
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 # Set the policy file location
 # if set NSS will always check for the policy file and load if it exists
-export POLICY_FILE="nss.config"
+#export POLICY_FILE="nss.config"
 # location of the policy file
-export POLICY_PATH="/etc/crypto-policies/back-ends"
+#export POLICY_PATH="/etc/crypto-policies/back-ends"
 %endif
 EOF
 

nss-3.97.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:078efb8393f32e40b1fb4bf6930fff7f1aabed01287fcc5fe58aba736765fa0a
-size 76664827

nss-3.98.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce
+size 76685475