Commit Graph

267 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
58591dfdb2 - update to 3.15.4
* required for Firefox 27
  * regular CA root store update (1.96)
  * some OSCP improvments
  * other bugfixes
- removed obsolete char.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=146
2014-01-07 08:49:30 +00:00
Stephan Kulow
a73555f5b8 Accepting request 210076 from mozilla:Factory
- update to 3.15.3.1 (bnc#854367)
  * includes certstore update (1.95) (bmo#946351)
    (explicitely distrust AC DG Tresor SSL)

OBS-URL: https://build.opensuse.org/request/show/210076
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=87
2013-12-10 16:43:53 +00:00
Wolfgang Rosenauer
583d3a0e12 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=144 2013-12-09 19:28:29 +00:00
Wolfgang Rosenauer
09fb13cf21 - update to 3.15.3.1 (bnc#854367)
* includes certstore update (1.95) (bmo#946351)
    (explicitely distrust AC DG Tresor SSL)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=143
2013-12-09 12:35:34 +00:00
Stephan Kulow
a24fc6f228 Accepting request 209434 from mozilla:Factory
fix ppc64le build, please forward to factory (forwarded request 209419 from adrianSuSE)

OBS-URL: https://build.opensuse.org/request/show/209434
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=86
2013-12-07 06:46:23 +00:00
Wolfgang Rosenauer
a86677e628 Accepting request 209419 from openSUSE:Factory:PowerLE
fix ppc64le build, please forward to factory

OBS-URL: https://build.opensuse.org/request/show/209419
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=141
2013-12-04 17:44:48 +00:00
Stephan Kulow
c284190dfc Accepting request 206762 from mozilla:Factory
- update to 3.15.3 (bnc#850148)
  * CERT_VerifyCert returns SECSuccess (saying certificate is good)
    even for bad certificates, when the CERTVerifyLog log parameter
    is given (bmo#910438)
  * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello
    (bmo#919677)
  * fix CVE-2013-5605

OBS-URL: https://build.opensuse.org/request/show/206762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=85
2013-11-20 09:48:47 +00:00
Wolfgang Rosenauer
38ebd6f8e7 - update to 3.15.3 (bnc#850148)
* fix CVE-2013-5605

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=139
2013-11-12 20:37:56 +00:00
Wolfgang Rosenauer
d14ddaa1f0 - update to 3.15.3
* CERT_VerifyCert returns SECSuccess (saying certificate is good)
    even for bad certificates, when the CERTVerifyLog log parameter
    is given (bmo#910438)
  * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello
    (bmo#919677)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=138
2013-11-11 22:19:45 +00:00
Stephan Kulow
7b55833f6c Accepting request 201263 from mozilla:Factory
Contains a security relevant bugfix and should be considered for 13.1

- update to 3.15.2 (bnc#842979)
  * Support for AES-GCM ciphersuites that use the SHA-256 PRF
  * MD2, MD4, and MD5 signatures are no longer accepted for OCSP
    or CRLs
  * Add PK11_CipherFinal macro
  * sizeof() used incorrectly
  * nssutil_ReadSecmodDB() leaks memory
  * Allow SSL_HandshakeNegotiatedExtension to be called before
    the handshake is finished.
  * Deprecate the SSL cipher policy code
  * Avoid uninitialized data read in the event of a decryption
    failure. (CVE-2013-1739)

OBS-URL: https://build.opensuse.org/request/show/201263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=84
2013-09-29 15:50:27 +00:00
Wolfgang Rosenauer
dc0fe543b4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=136 2013-09-28 08:34:54 +00:00
Wolfgang Rosenauer
5e4a477e3f - update to 3.15.2 (bnc#842979)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=135
2013-09-28 08:24:06 +00:00
Wolfgang Rosenauer
5163190a91 - version 3.15.2
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
  * MD2, MD4, and MD5 signatures are no longer accepted for OCSP
    or CRLs
  * Add PK11_CipherFinal macro
  * sizeof() used incorrectly
  * nssutil_ReadSecmodDB() leaks memory
  * Allow SSL_HandshakeNegotiatedExtension to be called before
    the handshake is finished.
  * Deprecate the SSL cipher policy code
  * Avoid uninitialized data read in the event of a decryption
    failure. (CVE-2013-1739)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=134
2013-09-28 08:17:22 +00:00
Wolfgang Rosenauer
a2949dce64 Accepting request 201249 from home:elvigia:branches:mozilla:Factory
-version 3.15.2
- Support for AES-GCM ciphersuites that use the SHA-256 PRF 
- MD2, MD4, and MD5 signatures are no longer accepted for OCSP 
  or CRLs, 
- Add PK11_CipherFinal macro
- sizeof() used incorrectly
- nssutil_ReadSecmodDB() leaks memory
- Allow SSL_HandshakeNegotiatedExtension to be called before 
  the handshake is finished.
- Deprecate the SSL cipher policy code
- (CVE-2013-1739) Avoid uninitialized data read in the 
   event of a decryption failure.

OBS-URL: https://build.opensuse.org/request/show/201249
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=133
2013-09-28 08:13:46 +00:00
Stephan Kulow
cd0c020b2e Accepting request 182306 from mozilla:Factory
- fix 32bit requirement, it's without () actually (forwarded request 182277 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/182306
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=82
2013-07-05 18:37:37 +00:00
Wolfgang Rosenauer
7dddfd6c24 Accepting request 182277 from home:lnussel:branches:Base:System
- fix 32bit requirement, it's without () actually

OBS-URL: https://build.opensuse.org/request/show/182277
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=131
2013-07-05 12:48:09 +00:00
Stephan Kulow
e071638690 Accepting request 181869 from mozilla:Factory
- update to 3.15.1
  * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites
    (RFC 5246 and RFC 5289) are supported, allowing TLS to be used
    without MD5 and SHA-1.
    Note the following limitations:
      The hash function used in the signature for TLS 1.2 client
      authentication must be the hash function of the TLS 1.2 PRF,
      which is always SHA-256 in NSS 3.15.1.
      AES GCM cipher suites are not yet supported.
  * some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can
  conflict with the latter (fate#314991)

OBS-URL: https://build.opensuse.org/request/show/181869
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=81
2013-07-04 08:11:56 +00:00
Wolfgang Rosenauer
997d66ac8e rebase patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=129
2013-07-03 12:27:52 +00:00
Wolfgang Rosenauer
1256cc6819 - update to 3.15.1
* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites
    (RFC 5246 and RFC 5289) are supported, allowing TLS to be used
    without MD5 and SHA-1.
    Note the following limitations:
      The hash function used in the signature for TLS 1.2 client
      authentication must be the hash function of the TLS 1.2 PRF,
      which is always SHA-256 in NSS 3.15.1.
      AES GCM cipher suites are not yet supported.
  * some bugfixes and improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=128
2013-07-03 12:00:07 +00:00
Wolfgang Rosenauer
80c4a0174f Accepting request 181778 from home:lnussel:branches:Base:System
- require libnssckbi instead of mozilla-nss-certs so p11-kit can
  conflict with the latter (fate#314991)

OBS-URL: https://build.opensuse.org/request/show/181778
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=127
2013-07-03 10:36:27 +00:00
Stephan Kulow
4089d6b89b Accepting request 178606 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/178606
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=80
2013-06-14 14:46:40 +00:00
Wolfgang Rosenauer
8893871f59 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=125 2013-06-12 08:21:54 +00:00
Wolfgang Rosenauer
506ad33ba3 - update to 3.15
* Packaging
    + removed obsolete patches
      * nss-disable-expired-testcerts.patch
      * bug-834091.patch
  * New Functionality
    + Support for OCSP Stapling (RFC 6066, Certificate Status
      Request) has been added for both client and server sockets.
      TLS client applications may enable this via a call to
      SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    + Added function SECITEM_ReallocItemV2. It replaces function
      SECITEM_ReallocItem, which is now declared as obsolete.
    + Support for single-operation (eg: not multi-part) symmetric
      key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    + certutil has been updated to support creating name constraints
      extensions.
  * New Functions
    in ssl.h
      SSL_PeerStapledOCSPResponse - Returns the server's stapled
        OCSP response, when used with a TLS client socket that
        negotiated the status_request extension.
      SSL_SetStapledOCSPResponses - Set's a stapled OCSP response
        for a TLS server socket to return when clients send the
        status_request extension.
    in ocsp.h
      CERT_PostOCSPRequest - Primarily intended for testing, permits
        the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
      SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7
        signature at a specific time other than the present time.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=124
2013-06-11 15:41:13 +00:00
Stephan Kulow
9fbe48bbad Accepting request 173001 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/173001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=79
2013-04-24 08:47:42 +00:00
Wolfgang Rosenauer
ddbab3a3b8 Accepting request 171078 from home:namtrac:bugfix
- Add Source URL, see https://en.opensuse.org/SourceUrls

OBS-URL: https://build.opensuse.org/request/show/171078
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=122
2013-04-16 11:16:38 +00:00
Stephan Kulow
35724cb521 Accepting request 162347 from mozilla:Factory
- disable tests with expired certificates
  (nss-disable-expired-testcerts.patch)
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements
  (bug-834091.patch; bmo#834091)

  * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
    Out-of-bounds array read in CERT_DecodeCertPackage

OBS-URL: https://build.opensuse.org/request/show/162347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=78
2013-04-05 07:29:13 +00:00
Wolfgang Rosenauer
a1f8432feb (nss-disable-expired-testcerts.patch)
(bug-834091.patch; bmo#834091)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=120
2013-04-03 07:43:24 +00:00
Wolfgang Rosenauer
1400caed25 * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
Out-of-bounds array read in CERT_DecodeCertPackage

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=119
2013-04-02 21:31:01 +00:00
Wolfgang Rosenauer
15f7757c6e - disable tests with expired certificates
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=118
2013-04-02 20:29:32 +00:00
Stephan Kulow
c5c5dba1e1 Accepting request 156925 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/156925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=77
2013-03-01 09:52:35 +00:00
Wolfgang Rosenauer
38168bf8bb - update to 3.14.3
* No new major functionality is introduced in this release. This
    release is a patch release to address CVE-2013-1620 (bmo#822365)
  * "certutil -a" was not correctly producing ASCII output as
    requested. (bmo#840714)
  * NSS 3.14.2 broke compilation with older versions of sqlite that
    lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now
    properly compiles when used with older versions of sqlite
    (bmo#837799) - remove system-sqlite.patch
- add aarch64 support

- added system-sqlite.patch (bmo#837799)
  * do not depend on latest sqlite just for a #define
- enable system sqlite usage again

- update to 3.14.2
  * required for Firefox >= 20
  * removed obsolete nssckbi update patch
- disable system sqlite usage since we depend on 3.7.15 which is
  not provided in any openSUSE distribution
  * add nss-sqlitename.patch to avoid any name clash

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=116
2013-02-28 22:53:05 +00:00
Stephan Kulow
3ec4a7d061 Accepting request 147589 from mozilla:Factory
changelog changes only to sync with sec updates

- updated CA database (nssckbi-1.93.patch)
  * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
    revoke mis-issued intermediate certificates from TURKTRUST

OBS-URL: https://build.opensuse.org/request/show/147589
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=75
2013-01-10 12:33:23 +00:00
Wolfgang Rosenauer
99a81b336e - updated CA database (nssckbi-1.93.patch)
* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
    revoke mis-issued intermediate certificates from TURKTRUST

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=114
2013-01-08 17:55:59 +00:00
Wolfgang Rosenauer
e5e52b65d8 (bmo#825022, bnc#796628)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=113
2013-01-05 14:50:59 +00:00
Ismail Dönmez
4d27219c9a Accepting request 146971 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/146971
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=74
2013-01-04 12:11:52 +00:00
Wolfgang Rosenauer
9e5952a272 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=111 2013-01-04 11:03:16 +00:00
Wolfgang Rosenauer
61b05c4267 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=110 2012-12-30 18:23:59 +00:00
Wolfgang Rosenauer
41f3cb6358 - updated CA database (nssckbi-1.93.patch) (bmo#825022)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=109
2012-12-30 18:06:05 +00:00
Ismail Dönmez
60d88fc972 Accepting request 146303 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/146303
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=73
2012-12-28 21:45:31 +00:00
Wolfgang Rosenauer
9cd1b1b874 - update to 3.14.1 RTM
* minimal requirement for Gecko 20
  * several bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=107
2012-12-18 13:54:06 +00:00
Stephan Kulow
ba6f4f590a Accepting request 139298 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/139298
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=72
2012-10-26 15:26:31 +00:00
Wolfgang Rosenauer
eb3cdf4581 - update to 3.14 RTM
* Support for TLS 1.1 (RFC 4346)
  * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
  * Support for AES-CTR, AES-CTS, and AES-GCM
  * Support for Keying Material Exporters for TLS (RFC 5705)
  * Support for certificate signatures using the MD5 hash algorithm
    is now disabled by default
  * The NSS license has changed to MPL 2.0. Previous releases were
    released under a MPL 1.1/GPL 2.0/LGPL  2.1 tri-license. For more
    information about MPL 2.0, please see
    http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional
    explanation on GPL/LGPL compatibility, see security/nss/COPYING
    in the source code.
  * Export and DES cipher suites are disabled by default. Non-ECC
    AES and Triple DES cipher suites are enabled by default
- disabled OCSP testcases since they need external network
  (nss-disable-ocsp-test.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=105
2012-10-25 14:10:44 +00:00
Ismail Dönmez
0d4bc1d5e6 Accepting request 130997 from mozilla:Factory
some bugfixes (incl. security related) and prerequirement for Firefox 15. Therefore nice to have in 12.2 final already.

OBS-URL: https://build.opensuse.org/request/show/130997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=71
2012-08-16 19:45:00 +00:00
Wolfgang Rosenauer
579c8a7cf9 - update to 3.13.6 RTM
* root CA update
  * other bugfixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=103
2012-08-16 04:53:56 +00:00
Stephan Kulow
a5bceb9c75 Accepting request 123277 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/123277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=69
2012-06-06 14:08:48 +00:00
Wolfgang Rosenauer
20b5fe0209 - update to 3.13.5 RTM
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=101
2012-06-01 20:35:17 +00:00
Stephan Kulow
256bc64644 Accepting request 113444 from mozilla:Factory
- update to 3.13.4 RTM
  * fixed some bugs
  * fixed cert verification regression in PKIX mode (bmo#737802)
    introduced in 3.13.2 (forwarded request 113443 from wrosenauer)

OBS-URL: https://build.opensuse.org/request/show/113444
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=68
2012-04-17 19:59:52 +00:00
Wolfgang Rosenauer
0c217ace95 Accepting request 113443 from mozilla
- update to 3.13.4 RTM
  * fixed some bugs
  * fixed cert verification regression in PKIX mode (bmo#737802)
    introduced in 3.13.2

OBS-URL: https://build.opensuse.org/request/show/113443
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=99
2012-04-13 19:11:33 +00:00
Stephan Kulow
2240340284 Accepting request 106703 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/106703
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=67
2012-02-24 11:06:05 +00:00
Wolfgang Rosenauer
8f7e6d6c4d - update to 3.13.3 RTM
- distrust Trustwave's MITM certificates (bmo#724929)
  - fix generic blacklisting mechanism (bmo#727204)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=97
2012-02-23 15:13:12 +00:00