Commit Graph

298 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
80c4a0174f Accepting request 181778 from home:lnussel:branches:Base:System
- require libnssckbi instead of mozilla-nss-certs so p11-kit can
  conflict with the latter (fate#314991)

OBS-URL: https://build.opensuse.org/request/show/181778
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=127
2013-07-03 10:36:27 +00:00
Stephan Kulow
4089d6b89b Accepting request 178606 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/178606
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=80
2013-06-14 14:46:40 +00:00
Wolfgang Rosenauer
8893871f59 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=125 2013-06-12 08:21:54 +00:00
Wolfgang Rosenauer
506ad33ba3 - update to 3.15
* Packaging
    + removed obsolete patches
      * nss-disable-expired-testcerts.patch
      * bug-834091.patch
  * New Functionality
    + Support for OCSP Stapling (RFC 6066, Certificate Status
      Request) has been added for both client and server sockets.
      TLS client applications may enable this via a call to
      SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    + Added function SECITEM_ReallocItemV2. It replaces function
      SECITEM_ReallocItem, which is now declared as obsolete.
    + Support for single-operation (eg: not multi-part) symmetric
      key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    + certutil has been updated to support creating name constraints
      extensions.
  * New Functions
    in ssl.h
      SSL_PeerStapledOCSPResponse - Returns the server's stapled
        OCSP response, when used with a TLS client socket that
        negotiated the status_request extension.
      SSL_SetStapledOCSPResponses - Set's a stapled OCSP response
        for a TLS server socket to return when clients send the
        status_request extension.
    in ocsp.h
      CERT_PostOCSPRequest - Primarily intended for testing, permits
        the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
      SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7
        signature at a specific time other than the present time.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=124
2013-06-11 15:41:13 +00:00
Stephan Kulow
9fbe48bbad Accepting request 173001 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/173001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=79
2013-04-24 08:47:42 +00:00
Wolfgang Rosenauer
ddbab3a3b8 Accepting request 171078 from home:namtrac:bugfix
- Add Source URL, see https://en.opensuse.org/SourceUrls

OBS-URL: https://build.opensuse.org/request/show/171078
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=122
2013-04-16 11:16:38 +00:00
Stephan Kulow
35724cb521 Accepting request 162347 from mozilla:Factory
- disable tests with expired certificates
  (nss-disable-expired-testcerts.patch)
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements
  (bug-834091.patch; bmo#834091)

  * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
    Out-of-bounds array read in CERT_DecodeCertPackage

OBS-URL: https://build.opensuse.org/request/show/162347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=78
2013-04-05 07:29:13 +00:00
Wolfgang Rosenauer
a1f8432feb (nss-disable-expired-testcerts.patch)
(bug-834091.patch; bmo#834091)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=120
2013-04-03 07:43:24 +00:00
Wolfgang Rosenauer
1400caed25 * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
Out-of-bounds array read in CERT_DecodeCertPackage

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=119
2013-04-02 21:31:01 +00:00
Wolfgang Rosenauer
15f7757c6e - disable tests with expired certificates
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=118
2013-04-02 20:29:32 +00:00
Stephan Kulow
c5c5dba1e1 Accepting request 156925 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/156925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=77
2013-03-01 09:52:35 +00:00
Wolfgang Rosenauer
38168bf8bb - update to 3.14.3
* No new major functionality is introduced in this release. This
    release is a patch release to address CVE-2013-1620 (bmo#822365)
  * "certutil -a" was not correctly producing ASCII output as
    requested. (bmo#840714)
  * NSS 3.14.2 broke compilation with older versions of sqlite that
    lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now
    properly compiles when used with older versions of sqlite
    (bmo#837799) - remove system-sqlite.patch
- add aarch64 support

- added system-sqlite.patch (bmo#837799)
  * do not depend on latest sqlite just for a #define
- enable system sqlite usage again

- update to 3.14.2
  * required for Firefox >= 20
  * removed obsolete nssckbi update patch
- disable system sqlite usage since we depend on 3.7.15 which is
  not provided in any openSUSE distribution
  * add nss-sqlitename.patch to avoid any name clash

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=116
2013-02-28 22:53:05 +00:00
Stephan Kulow
3ec4a7d061 Accepting request 147589 from mozilla:Factory
changelog changes only to sync with sec updates

- updated CA database (nssckbi-1.93.patch)
  * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
    revoke mis-issued intermediate certificates from TURKTRUST

OBS-URL: https://build.opensuse.org/request/show/147589
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=75
2013-01-10 12:33:23 +00:00
Wolfgang Rosenauer
99a81b336e - updated CA database (nssckbi-1.93.patch)
* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
    revoke mis-issued intermediate certificates from TURKTRUST

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=114
2013-01-08 17:55:59 +00:00
Wolfgang Rosenauer
e5e52b65d8 (bmo#825022, bnc#796628)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=113
2013-01-05 14:50:59 +00:00
Ismail Dönmez
4d27219c9a Accepting request 146971 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/146971
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=74
2013-01-04 12:11:52 +00:00
Wolfgang Rosenauer
9e5952a272 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=111 2013-01-04 11:03:16 +00:00
Wolfgang Rosenauer
61b05c4267 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=110 2012-12-30 18:23:59 +00:00
Wolfgang Rosenauer
41f3cb6358 - updated CA database (nssckbi-1.93.patch) (bmo#825022)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=109
2012-12-30 18:06:05 +00:00
Ismail Dönmez
60d88fc972 Accepting request 146303 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/146303
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=73
2012-12-28 21:45:31 +00:00
Wolfgang Rosenauer
9cd1b1b874 - update to 3.14.1 RTM
* minimal requirement for Gecko 20
  * several bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=107
2012-12-18 13:54:06 +00:00
Stephan Kulow
ba6f4f590a Accepting request 139298 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/139298
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=72
2012-10-26 15:26:31 +00:00
Wolfgang Rosenauer
eb3cdf4581 - update to 3.14 RTM
* Support for TLS 1.1 (RFC 4346)
  * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
  * Support for AES-CTR, AES-CTS, and AES-GCM
  * Support for Keying Material Exporters for TLS (RFC 5705)
  * Support for certificate signatures using the MD5 hash algorithm
    is now disabled by default
  * The NSS license has changed to MPL 2.0. Previous releases were
    released under a MPL 1.1/GPL 2.0/LGPL  2.1 tri-license. For more
    information about MPL 2.0, please see
    http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional
    explanation on GPL/LGPL compatibility, see security/nss/COPYING
    in the source code.
  * Export and DES cipher suites are disabled by default. Non-ECC
    AES and Triple DES cipher suites are enabled by default
- disabled OCSP testcases since they need external network
  (nss-disable-ocsp-test.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=105
2012-10-25 14:10:44 +00:00
Ismail Dönmez
0d4bc1d5e6 Accepting request 130997 from mozilla:Factory
some bugfixes (incl. security related) and prerequirement for Firefox 15. Therefore nice to have in 12.2 final already.

OBS-URL: https://build.opensuse.org/request/show/130997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=71
2012-08-16 19:45:00 +00:00
Wolfgang Rosenauer
579c8a7cf9 - update to 3.13.6 RTM
* root CA update
  * other bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=103
2012-08-16 04:53:56 +00:00
Stephan Kulow
a5bceb9c75 Accepting request 123277 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/123277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=69
2012-06-06 14:08:48 +00:00
Wolfgang Rosenauer
20b5fe0209 - update to 3.13.5 RTM
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=101
2012-06-01 20:35:17 +00:00
Stephan Kulow
256bc64644 Accepting request 113444 from mozilla:Factory
- update to 3.13.4 RTM
  * fixed some bugs
  * fixed cert verification regression in PKIX mode (bmo#737802)
    introduced in 3.13.2 (forwarded request 113443 from wrosenauer)

OBS-URL: https://build.opensuse.org/request/show/113444
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=68
2012-04-17 19:59:52 +00:00
Wolfgang Rosenauer
0c217ace95 Accepting request 113443 from mozilla
- update to 3.13.4 RTM
  * fixed some bugs
  * fixed cert verification regression in PKIX mode (bmo#737802)
    introduced in 3.13.2

OBS-URL: https://build.opensuse.org/request/show/113443
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=99
2012-04-13 19:11:33 +00:00
Stephan Kulow
2240340284 Accepting request 106703 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/106703
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=67
2012-02-24 11:06:05 +00:00
Wolfgang Rosenauer
8f7e6d6c4d - update to 3.13.3 RTM
- distrust Trustwave's MITM certificates (bmo#724929)
  - fix generic blacklisting mechanism (bmo#727204)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=97
2012-02-23 15:13:12 +00:00
Stephan Kulow
5ddf92b10e Accepting request 105668 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/105668
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=66
2012-02-17 14:00:51 +00:00
Wolfgang Rosenauer
e36e0c6124 - update to 3.13.2 RTM
* requirement with Gecko >= 11
- removed obsolete patches
  * ckbi-1.88
  * pkcs11n-header-fix.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=95
2012-02-17 08:35:36 +00:00
Stephan Kulow
a40b913f97 Accepting request 96965 from mozilla:Factory
fix qemu workaround (forwarded request 96964 from adrianSuSE)

OBS-URL: https://build.opensuse.org/request/show/96965
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=65
2011-12-21 13:57:40 +00:00
Wolfgang Rosenauer
f962eacea8 Accepting request 96964 from openSUSE:Factory:ARM
fix qemu workaround

OBS-URL: https://build.opensuse.org/request/show/96964
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=93
2011-12-18 17:50:41 +00:00
Stephan Kulow
6beeecfb7e replace license with spdx.org variant
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=64
2011-12-06 17:29:55 +00:00
OBS User buildservice-autocommit
747b30ac4b Updating link to change in openSUSE:Factory/mozilla-nss revision 64.0
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=9d1835345282c5682f9c1b417d851c89
2011-12-06 17:29:55 +00:00
Stephan Kulow
5bcc54305e Accepting request 91345 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/91345
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=63
2011-11-16 16:19:33 +00:00
Wolfgang Rosenauer
7b17b9dfbc - Added a patch to fix errors in the pkcs11n.h header file.
(bmo#702090)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=90
2011-11-14 11:10:20 +00:00
Wolfgang Rosenauer
f7efd48411 - update to 3.13.1 RTM
* better SHA-224 support (bmo#647706)
  * fixed a regression (causing hangs in some situations)
    introduced in 3.13 (bmo#693228)
- update to 3.13.0 RTM
  * SSL 2.0 is disabled by default
  * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
    attack demonstrated by Rizzo and Duong (CVE-2011-3389) is
    enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to
    PR_FALSE to disable it.
  * SHA-224 is supported
  * Ported to iOS. (Requires NSPR 4.9.)
  * Added PORT_ErrorToString and PORT_ErrorToName to return the
    error message and symbolic name of an NSS error code
  * Added NSS_GetVersion to return the NSS version string
  * Added experimental support of RSA-PSS to the softoken only
  * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db
    anymore (bmo#641052, bnc#726096)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=89
2011-11-14 07:51:45 +00:00
Stephan Kulow
763f240ade Accepting request 90154 from mozilla:Factory
Please consider for 12.1 (would need to be released as update otherwise)

- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753)
- make sure NSS_NoDB_Init does not try to use wrong certificate
  databases (CVE-2011-3640, bnc#726096, bmo#641052)

OBS-URL: https://build.opensuse.org/request/show/90154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=62
2011-11-07 13:22:38 +00:00
Wolfgang Rosenauer
7a675fbd45 - make sure NSS_NoDB_Init does not try to use wrong certificate
databases (CVE-2011-3640, bnc#726096, bmo#641052)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=86
2011-11-05 12:00:04 +00:00
Wolfgang Rosenauer
84b82c7866 - explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=85
2011-11-05 10:51:17 +00:00
Lars Vogdt
251217c211 Accepting request 85865 from mozilla:Factory
- Workaround qemu-arm bugs. (forwarded request 85842 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/85865
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=60
2011-10-02 08:18:57 +00:00
Wolfgang Rosenauer
1c61842dc3 Accepting request 85842 from home:elvigia:branches:mozilla:Factory
- Workaround qemu-arm bugs.

OBS-URL: https://build.opensuse.org/request/show/85842
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=83
2011-10-01 07:54:39 +00:00
Sascha Peilicke
156d25300f Autobuild autoformatter for 81757
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=59
2011-09-11 17:30:53 +00:00
OBS User buildservice-autocommit
cec2c647df Updating link to change in openSUSE:Factory/mozilla-nss revision 59.0
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=0bdb996d13d849ef95ec1e85cd0e592a
2011-09-11 17:30:53 +00:00
Sascha Peilicke
616e17d1e1 Accepting request 81757 from mozilla:Factory
- explicitely distrust/override DigiNotar certs (bmo#683261)
  (trustdb version 1.87)

OBS-URL: https://build.opensuse.org/request/show/81757
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=58
2011-09-11 17:30:44 +00:00
Wolfgang Rosenauer
ea9e232b33 more diginotar stuff
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=80
2011-09-09 05:52:50 +00:00
Lars Vogdt
704775d9ce Autobuild autoformatter for 80751
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=57
2011-09-05 14:39:19 +00:00