Commit Graph

8 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
194c062b5d - add FIPS mode patches from SLE stream
nss-fips-aes-keywrap-post.patch
  nss-fips-approved-crypto-non-ec.patch
  nss-fips-cavs-dsa-fixes.patch
  nss-fips-cavs-general.patch
  nss-fips-cavs-kas-ecc.patch
  nss-fips-cavs-kas-ffc.patch
  nss-fips-cavs-keywrap.patch
  nss-fips-cavs-rsa-fixes.patch
  nss-fips-combined-hash-sign-dsa-ecdsa.patch
  nss-fips-constructor-self-tests.patch
  nss-fips-detect-fips-mode-fixes.patch
  nss-fips-dsa-kat.patch
  nss-fips-gcm-ctr.patch
  nss-fips-pairwise-consistency-check.patch
  nss-fips-rsa-keygen-strictness.patch
  nss-fips-tls-allow-md5-prf.patch
  nss-fips-use-getrandom.patch
  nss-fips-use-strong-random-pool.patch
  nss-fips-zeroization.patch
  nss-fix-dh-pkcs-derive-inverted-logic.patch

- update to NSS 3.53.1
  * required for Firefox 78
  * CVE-2020-12402 - Use constant-time GCD and modular inversion in MPI.
    (bmo#1631597, bsc#1173032)

- update to NSS 3.53
  Notable changes
  * SEED is now moved into a new freebl directory freebl/deprecated

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=326
2020-06-27 21:18:50 +00:00
Wolfgang Rosenauer
50df6276cb Accepting request 587646 from home:cgrobertson:branches:mozilla
- update to NSS 3.36
  New functionality
  * Experimental APIs for TLS session cache handling
  Notable Changes
  * Replaces existing vectorized ChaCha20 code with verified 
    HACL* implementation.
- Removed patch as no longer needed: renegotiate-transitional.patch
  upstream fix

OBS-URL: https://build.opensuse.org/request/show/587646
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=258
2018-03-16 06:37:00 +00:00
Wolfgang Rosenauer
d5e09fcf99 - update to NSS 3.28.1
No new functionality is introduced in this release. This is a patch release to
  update the list of root CA certificates and address a minor TLS compatibility
  issue that some applications experienced with NSS 3.28.
  * The following CA certificates were Removed
    CN = Buypass Class 2 CA 1
    CN = Root CA Generalitat Valenciana
    OU = RSA Security 2048 V3
  * The following CA certificates were Added
    OU = AC RAIZ FNMT-RCM
    CN = Amazon Root CA 1
    CN = Amazon Root CA 2
    CN = Amazon Root CA 3
    CN = Amazon Root CA 4
    CN = LuxTrust Global Root 2
    CN = Symantec Class 1 Public Primary Certification Authority - G4
    CN = Symantec Class 1 Public Primary Certification Authority - G6
    CN = Symantec Class 2 Public Primary Certification Authority - G4
    CN = Symantec Class 2 Public Primary Certification Authority - G6
  * The version number of the updated root CA list has been set to 2.11
  * A misleading assertion/alert has been removed when NSS tries to flush data
    to the peer but the connection was already reset.
- update to NSS 3.28
  New functionality:
  * NSS includes support for TLS 1.3 draft -18. This includes a number
    of improvements to TLS 1.3:
    - The signed certificate timestamp, used in certificate
      transparency, is supported in TLS 1.3.
    - Key exporters for TLS 1.3 are supported. This includes the early
      key exporter, which can be used if 0-RTT is enabled. Note that

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=225
2017-01-18 22:18:23 +00:00
Wolfgang Rosenauer
506ad33ba3 - update to 3.15
* Packaging
    + removed obsolete patches
      * nss-disable-expired-testcerts.patch
      * bug-834091.patch
  * New Functionality
    + Support for OCSP Stapling (RFC 6066, Certificate Status
      Request) has been added for both client and server sockets.
      TLS client applications may enable this via a call to
      SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    + Added function SECITEM_ReallocItemV2. It replaces function
      SECITEM_ReallocItem, which is now declared as obsolete.
    + Support for single-operation (eg: not multi-part) symmetric
      key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    + certutil has been updated to support creating name constraints
      extensions.
  * New Functions
    in ssl.h
      SSL_PeerStapledOCSPResponse - Returns the server's stapled
        OCSP response, when used with a TLS client socket that
        negotiated the status_request extension.
      SSL_SetStapledOCSPResponses - Set's a stapled OCSP response
        for a TLS server socket to return when clients send the
        status_request extension.
    in ocsp.h
      CERT_PostOCSPRequest - Primarily intended for testing, permits
        the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
      SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7
        signature at a specific time other than the present time.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=124
2013-06-11 15:41:13 +00:00
Wolfgang Rosenauer
299409744b updated builtin roots
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=36
2009-12-14 06:58:24 +00:00
OBS User autobuild
6b72de2270 checked in
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=35
2009-11-27 12:53:34 +00:00
OBS User autobuild
6f25b7bcda Accepting request 24926 from mozilla:Factory
Copy from mozilla:Factory/mozilla-nss based on submit request 24926 from user wrosenauer

OBS-URL: https://build.opensuse.org/request/show/24926
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=27
2009-11-27 12:53:35 +00:00
OBS User unknown
1c91b6e634 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=1 2007-01-15 23:25:44 +00:00