- update to NSS 3.107

* bmo#1923038 - Remove MPI fuzz targets. * bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`. * bmo#1919015 - Enable PKCS8 fuzz target. * bmo#1923037 - Integrate Cryptofuzz in CI. * bmo#1913677 - Part 2: Set tls server target socket options in config class * bmo#1913677 - Part 1: Set tls client target socket options in config class * bmo#1913680 - Support building with thread sanitizer. * bmo#1922392 - set nssckbi version number to 2.72. * bmo#1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4. * bmo#1920641 - remove Security Communication RootCA3 root cert. * bmo#1918559 - remove SecureSign RootCA11 root cert. * bmo#1922387 - Add distrust-after for TLS to Entrust Roots. * bmo#1927096 - update expected error code in pk12util pbmac1 tests. * bmo#1929041 - Use random tstclnt args with handshake collection script * bmo#1920466 - Remove extraneous assert in ssl3gthr.c. * bmo#1928402 - Adding missing release notes for NSS_3_105. * bmo#1874451 - Enable the disabled mlkem tests for dtls. * bmo#1874451 - NSS gtests filter cleans up the constucted buffer before the use. * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe. * bmo#1925503 - Remove short circuit test from ssl_Init. - Added nss-bmo1930797.patch to fix failing tests in testsuite OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=469
2025-01-09 08:25:09 +00:00 · 2025-01-09 08:25:09 +00:00 · f2e713c498
commit f2e713c498
parent a799fca564
5 changed files with 36 additions and 41 deletions
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Jan  7 12:47:09 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to NSS 3.107
+  * bmo#1923038 - Remove MPI fuzz targets.
+  * bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
+  * bmo#1919015 - Enable PKCS8 fuzz target.
+  * bmo#1923037 - Integrate Cryptofuzz in CI.
+  * bmo#1913677 - Part 2: Set tls server target socket options in config class
+  * bmo#1913677 - Part 1: Set tls client target socket options in config class
+  * bmo#1913680 - Support building with thread sanitizer.
+  * bmo#1922392 - set nssckbi version number to 2.72.
+  * bmo#1919913 - remove Websites Trust Bit from Entrust Root
+                  Certification Authority - G4.
+  * bmo#1920641 - remove Security Communication RootCA3 root cert.
+  * bmo#1918559 - remove SecureSign RootCA11 root cert.
+  * bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
+  * bmo#1927096 - update expected error code in pk12util pbmac1 tests.
+  * bmo#1929041 - Use random tstclnt args with handshake collection script
+  * bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
+  * bmo#1928402 - Adding missing release notes for NSS_3_105.
+  * bmo#1874451 - Enable the disabled mlkem tests for dtls.
+  * bmo#1874451 - NSS gtests filter cleans up the constucted buffer
+                  before the use.
+  * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
+  * bmo#1925503 - Remove short circuit test from ssl_Init.
+
 -------------------------------------------------------------------
 Wed Dec 11 15:00:16 UTC 2024 - Adrian Schröter <adrian@suse.de>

@ -7,7 +34,7 @@ Wed Dec 11 15:00:16 UTC 2024 - Adrian Schröter <adrian@suse.de>
 Tue Nov 26 15:07:49 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

 - Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite 
+- Added nss-bmo1930797.patch to fix failing tests in testsuite

 -------------------------------------------------------------------
 Thu Nov 21 14:11:56 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@ -1,8 +1,8 @@
 #
 # spec file for package mozilla-nss
 #
-# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2006-2024 Wolfgang Rosenauer
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2006-2025 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,15 +17,15 @@
 #


-%global nss_softokn_fips_version 3.106
+%global nss_softokn_fips_version 3.107
 %define NSPR_min_version 4.36
 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
 %define nssdbdir %{_sysconfdir}/pki/nssdb
 %global crypto_policies_version 20210218
 Name:           mozilla-nss
-Version:        3.106
+Version:        3.107
 Release:        0
-%define underscore_version 3_106
+%define underscore_version 3_107
 Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
--- a/nss-3.106.tar.gz
+++ b/nss-3.106.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:026b744e1e0784b890c3846ac9506472a92138c1f4d41dec581949574c585c38
-size 76621626
--- a/nss-3.107.tar.gz
+++ b/nss-3.107.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f7e96473e38150771a615f5d40e8c41ba3a19385301ae0c525091f2fc9d6729
+size 76617725
--- a/nss-bmo1930797.patch
+++ b/nss-bmo1930797.patch
@ -307,35 +307,3 @@ Index: nss/lib/util/nsshash.c
         case SEC_OID_SHA1:
             hmacOid = SEC_OID_HMAC_SHA1;
             break;
-Index: nss/tests/tools/tools.sh
-===================================================================
--- nss.orig/tests/tools/tools.sh
-+++ nss/tests/tools/tools.sh
-@@ -541,21 +541,21 @@ tools_p12_import_pbmac1_samples()
-   html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
-   check_tmpfile
- 
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
-   ret=$?
-   html_msg $ret 19 "Fail to list private key with bad iterator"
-   check_tmpfile
- 
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
-   ret=$?
-   echo "Fail to list private key with bad salt val=$ret"
-   html_msg $ret 19 "Fail to import private key with bad salt"
-   check_tmpfile
- 
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
-   ret=$?
-   echo "Fail to import private key with no length val=$ret"
-   html_msg $ret 19 "Fail to import private key with no length"