From d8a343069d3fdd09b991710bfbbd397deba3f2f99e00e37c32009fd6da546d11 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 19 Mar 2024 13:39:57 +0000 Subject: [PATCH] - update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=442 --- mozilla-nss.changes | 39 +++++++++++++++++++++++++++++++++++++++ mozilla-nss.spec | 12 ++++++------ nss-3.97.tar.gz | 3 --- nss-3.98.tar.gz | 3 +++ 4 files changed, 48 insertions(+), 9 deletions(-) delete mode 100644 nss-3.97.tar.gz create mode 100644 nss-3.98.tar.gz diff --git a/mozilla-nss.changes b/mozilla-nss.changes index c27023d..4093a06 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,7 +1,46 @@ +------------------------------------------------------------------- +Sat Mar 16 21:39:31 UTC 2024 - Wolfgang Rosenauer + +- update to NSS 3.98 + * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption + in TLS + * bmo#1879513 - Certificate Compression: enabling the check that + the compression was advertised + * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha + * bmo#1879945 - Remove Email trust bit from OISTE WISeKey + Global Root GC CA + * bmo#1877344 - Replace `distutils.spawn.find_executable` with + `shutil.which` within `mach` in `nss` + * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to + support Certificate compression + * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation + * bmo#1875356 - Add valgrind annotations to freebl kyber operations + for constant-time execution tests + * bmo#1870673 - Set nssckbi version number to 2.66 + * bmo#1874017 - Add Telekom Security roots + * bmo#1873095 - Add D-Trust 2022 S/MIME roots + * bmo#1865450 - Remove expired Security Communication RootCA1 root + * bmo#1876179 - move keys to a slot that supports concatenation in + PK11_ConcatSymKeys + * bmo#1876800 - remove unmaintained tls-interop tests + * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim + flags + * bmo#1874937 - bogo: add support for the -curves shim flag and + update Kyber expectations + * bmo#1874937 - bogo: adjust expectation for a key usage bit test + * bmo#1757758 - mozpkix: add option to ignore invalid subject + alternative names + * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value + * bmo#1876390 - take ownership of ecckilla shims + * bmo#1874458 - add valgrind annotations to freebl/ec.c + * bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip + * bmo#1875965 - Update zlib to 1.3.1 + ------------------------------------------------------------------- Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal - Add crypto-policies support [bsc#1211301] + deactivated for now ------------------------------------------------------------------- Fri Feb 23 11:55:45 UTC 2024 - pgajdos@suse.com diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 67dddeb..bc0a0c9 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -2,7 +2,7 @@ # spec file for package mozilla-nss # # Copyright (c) 2024 SUSE LLC -# Copyright (c) 2006-2023 Wolfgang Rosenauer +# Copyright (c) 2006-2024 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,15 +17,15 @@ # -%global nss_softokn_fips_version 3.97 +%global nss_softokn_fips_version 3.98 %define NSPR_min_version 4.35 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb %global crypto_policies_version 20210118 Name: mozilla-nss -Version: 3.97 +Version: 3.98 Release: 0 -%define underscore_version 3_97 +%define underscore_version 3_98 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -284,9 +284,9 @@ export MAKE_FLAGS="BUILD_OPT=1" %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 # Set the policy file location # if set NSS will always check for the policy file and load if it exists -export POLICY_FILE="nss.config" +#export POLICY_FILE="nss.config" # location of the policy file -export POLICY_PATH="/etc/crypto-policies/back-ends" +#export POLICY_PATH="/etc/crypto-policies/back-ends" %endif EOF diff --git a/nss-3.97.tar.gz b/nss-3.97.tar.gz deleted file mode 100644 index e2ef9a3..0000000 --- a/nss-3.97.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:078efb8393f32e40b1fb4bf6930fff7f1aabed01287fcc5fe58aba736765fa0a -size 76664827 diff --git a/nss-3.98.tar.gz b/nss-3.98.tar.gz new file mode 100644 index 0000000..964b8aa --- /dev/null +++ b/nss-3.98.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce +size 76685475