From f2e713c4989dff5fb355fc0cb97bf8e5a68e662abe467712d06cf0127dfeb448 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 9 Jan 2025 08:25:09 +0000
Subject: [PATCH] - update to NSS 3.107 * bmo#1923038 - Remove MPI fuzz
targets. * bmo#1925512 - Remove globals `lockStatus` and
`locksEverDisabled`. * bmo#1919015 - Enable PKCS8 fuzz target. *
bmo#1923037 - Integrate Cryptofuzz in CI. * bmo#1913677 - Part 2: Set tls
server target socket options in config class * bmo#1913677 - Part 1: Set
tls client target socket options in config class * bmo#1913680 - Support
building with thread sanitizer. * bmo#1922392 - set nssckbi version number
to 2.72. * bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4. * bmo#1920641 - remove Security
Communication RootCA3 root cert. * bmo#1918559 - remove SecureSign RootCA11
root cert. * bmo#1922387 - Add distrust-after for TLS to Entrust Roots. *
bmo#1927096 - update expected error code in pk12util pbmac1 tests. *
bmo#1929041 - Use random tstclnt args with handshake collection script *
bmo#1920466 - Remove extraneous assert in ssl3gthr.c. * bmo#1928402 -
Adding missing release notes for NSS_3_105. * bmo#1874451 - Enable the
disabled mlkem tests for dtls. * bmo#1874451 - NSS gtests filter cleans up
the constucted buffer before the use. * bmo#1925505 -
Make ssl_SetDefaultsFromEnvironment thread-safe. * bmo#1925503 - Remove
short circuit test from ssl_Init. - Added nss-bmo1930797.patch to fix failing
tests in testsuite
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=469
---
mozilla-nss.changes | 29 ++++++++++++++++++++++++++++-
mozilla-nss.spec | 10 +++++-----
nss-3.106.tar.gz | 3 ---
nss-3.107.tar.gz | 3 +++
nss-bmo1930797.patch | 32 --------------------------------
5 files changed, 36 insertions(+), 41 deletions(-)
delete mode 100644 nss-3.106.tar.gz
create mode 100644 nss-3.107.tar.gz
diff --git a/mozilla-nss.changes b/mozilla-nss.changes
index c990435..17721c1 100644
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Jan 7 12:47:09 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to NSS 3.107
+ * bmo#1923038 - Remove MPI fuzz targets.
+ * bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
+ * bmo#1919015 - Enable PKCS8 fuzz target.
+ * bmo#1923037 - Integrate Cryptofuzz in CI.
+ * bmo#1913677 - Part 2: Set tls server target socket options in config class
+ * bmo#1913677 - Part 1: Set tls client target socket options in config class
+ * bmo#1913680 - Support building with thread sanitizer.
+ * bmo#1922392 - set nssckbi version number to 2.72.
+ * bmo#1919913 - remove Websites Trust Bit from Entrust Root
+ Certification Authority - G4.
+ * bmo#1920641 - remove Security Communication RootCA3 root cert.
+ * bmo#1918559 - remove SecureSign RootCA11 root cert.
+ * bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
+ * bmo#1927096 - update expected error code in pk12util pbmac1 tests.
+ * bmo#1929041 - Use random tstclnt args with handshake collection script
+ * bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
+ * bmo#1928402 - Adding missing release notes for NSS_3_105.
+ * bmo#1874451 - Enable the disabled mlkem tests for dtls.
+ * bmo#1874451 - NSS gtests filter cleans up the constucted buffer
+ before the use.
+ * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
+ * bmo#1925503 - Remove short circuit test from ssl_Init.
+
-------------------------------------------------------------------
Wed Dec 11 15:00:16 UTC 2024 - Adrian Schröter <adrian@suse.de>
@@ -7,7 +34,7 @@ Wed Dec 11 15:00:16 UTC 2024 - Adrian Schröter <adrian@suse.de>
Tue Nov 26 15:07:49 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Remove upstreamed bmo-1400603.patch
-- Added nss-bmo1930797.patch to fix failing tests in testsuite
+- Added nss-bmo1930797.patch to fix failing tests in testsuite
-------------------------------------------------------------------
Thu Nov 21 14:11:56 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
diff --git a/mozilla-nss.spec b/mozilla-nss.spec
index 889727a..4d1c198 100644
--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@@ -1,8 +1,8 @@
#
# spec file for package mozilla-nss
#
-# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2006-2024 Wolfgang Rosenauer
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2006-2025 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,15 +17,15 @@
#
-%global nss_softokn_fips_version 3.106
+%global nss_softokn_fips_version 3.107
%define NSPR_min_version 4.36
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
%global crypto_policies_version 20210218
Name: mozilla-nss
-Version: 3.106
+Version: 3.107
Release: 0
-%define underscore_version 3_106
+%define underscore_version 3_107
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
diff --git a/nss-3.106.tar.gz b/nss-3.106.tar.gz
deleted file mode 100644
index 8091e55..0000000
--- a/nss-3.106.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:026b744e1e0784b890c3846ac9506472a92138c1f4d41dec581949574c585c38
-size 76621626
diff --git a/nss-3.107.tar.gz b/nss-3.107.tar.gz
new file mode 100644
index 0000000..48d8bbf
--- /dev/null
+++ b/nss-3.107.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f7e96473e38150771a615f5d40e8c41ba3a19385301ae0c525091f2fc9d6729
+size 76617725
diff --git a/nss-bmo1930797.patch b/nss-bmo1930797.patch
index e8f84c5..080a2e6 100644
--- a/nss-bmo1930797.patch
+++ b/nss-bmo1930797.patch
@@ -307,35 +307,3 @@ Index: nss/lib/util/nsshash.c
case SEC_OID_SHA1:
hmacOid = SEC_OID_HMAC_SHA1;
break;
-Index: nss/tests/tools/tools.sh
-===================================================================
---- nss.orig/tests/tools/tools.sh
-+++ nss/tests/tools/tools.sh
-@@ -541,21 +541,21 @@ tools_p12_import_pbmac1_samples()
- html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
- check_tmpfile
-
-- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
- ret=$?
- html_msg $ret 19 "Fail to list private key with bad iterator"
- check_tmpfile
-
-- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
- ret=$?
- echo "Fail to list private key with bad salt val=$ret"
- html_msg $ret 19 "Fail to import private key with bad salt"
- check_tmpfile
-
-- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
-+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
- ret=$?
- echo "Fail to import private key with no length val=$ret"
- html_msg $ret 19 "Fail to import private key with no length"