pool/mozilla-nss
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Commit Graph

  • 0be0c3fc70 Accepting request 1300982 from mozilla:Factory factory Ana Guerrero 2025-09-03 19:06:26 +00:00
  • 0aac808a02 - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. Wolfgang Rosenauer 2025-08-22 13:21:35 +00:00
  • d18f9c1bef Sync changes to SLFO-1.2 branch slfo-main slfo-1.2 Adrian Schröter 2025-08-20 09:52:46 +02:00
  • ddf96ad23e - update to NSS 3.115 Wolfgang Rosenauer 2025-08-19 05:25:35 +00:00
  • 7ed5f8f34d Accepting request 1295675 from mozilla:Factory Dominique Leuenberger 2025-07-26 11:39:44 +00:00
  • b3707f65f7 - update to NSS 3.113 devel Wolfgang Rosenauer 2025-07-22 03:31:27 +00:00
  • a89f7b13c9 Accepting request 1291170 from mozilla:Factory Ana Guerrero 2025-07-09 15:25:53 +00:00
  • dd11f885b2 - update to NSS 3.112 * bmo#1963792 - Fix alias for mac workers on try * bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * bmo#1931930 - ABI/API break in ssl certificate processing * bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template. * bmo#1965754 - update taskgraph to v14.2.1. * bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag * bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate * bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer * bmo#1951396 - update taskgraph to v14.1.1 * bmo#1962503 - Partial fix for ACVP build CI job * bmo#1961827 - Initialize find in sftk_searchDatabase * bmo#1963121 - Add clang-18 to extra builds * bmo#1963044 - Fault tolerant git fetch for fuzzing * bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp * bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls. * bmo#1963102 - Remove Cryptofuzz CI version check - Modify bmo1962556.patch to catch OBS specific errors Wolfgang Rosenauer 2025-07-07 12:23:31 +00:00
  • 40996100b0 Accepting request 1273776 from mozilla:Factory Dominique Leuenberger 2025-05-02 12:55:33 +00:00
  • 8473069430 - update to NSS 3.110 * bmo#1930806 - FIPS changes need to be upstreamed: force ems policy * bmo#1954724 - Prevent excess allocations in sslBuffer_Grow * bmo#1953429 - Remove Crl templates from ASN1 fuzz target * bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target * bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned * bmo#1930807 - NSS policy updates * bmo#1951161 - Improve locking in nssPKIObject_GetInstances * bmo#1951394 - Fix race in sdb_GetMetaData * bmo#1951800 - Fix member access within null pointer * bmo#1950077 - Increase smime fuzzer memory limit * bmo#1949677 - Enable resumption when using custom extensions * bmo#1952568 - change CN of server12 test certificate * bmo#1949118 - Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * bmo#1949118 - Part 1: Fix smime UBSan errors * bmo#1930806 - FIPS changes need to be upstreamed: updated key checks * bmo#1951491 - Don't build libpkix in static builds * bmo#1951395 - handle -p all in try syntax * bmo#1951346 - fix opt-make builds to actually be opt * bmo#1951346 - fix opt-static builds to actually be opt * bmo#1916439 - Remove extraneous assert - Removed upstreamed nss-fips-stricter-dh.patch - Added bmo1962556.patch to fix test failures - Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch Wolfgang Rosenauer 2025-05-01 04:59:05 +00:00
  • 4835f77b75 Accepting request 1266364 from mozilla:Factory Ana Guerrero 2025-04-03 16:40:43 +00:00
  • 1507d97637 - update to NSS 3.109 * bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * bmo#1930807 - NSS policy updates - fix inaccurate key policy issues * bmo#1945883 - SMIME fuzz target * bmo#1914256 - ASN1 decoder fuzz target * bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests for fuzzing” * bmo#1915155 - Add fuzz/README.md * bmo#1936001 - Part 4: Fix tstclnt arguments script * bmo#1944545 - Extend pkcs7 fuzz target * bmo#1912320 - Extend certDN fuzz target * bmo#1944300 - revert changes to HACL* files from bug 1866841 * bmo#1936001 - Part 3: Package frida corpus script Wolfgang Rosenauer 2025-04-02 05:45:53 +00:00
  • e3d9c6a2d9 Accepting request 1250499 from mozilla:Factory Ana Guerrero 2025-03-07 15:38:48 +00:00
  • 57b6c777a1 Update patch to latest FIPS fixes Wolfgang Rosenauer 2025-03-05 19:49:24 +00:00
  • 99b17fbdca - update to NSS 3.108 * bmo#1923285 - libclang-16 -> libclang-19 * bmo#1939086 - Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * bmo#1915902 - Remove SwissSign Silver CA – G2 * bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS * bmo#1942301 - fix fips test failure on windows * bmo#1935925 - change default sensitivity of KEM keys * bmo#1936001 - Part 1: Introduce frida hooks and script * bmo#1942350 - add missing arm_neon.h include to gcm.c * bmo#1831552 - ci: update windows workers to win2022 * bmo#1831552 - strip trailing carriage returns in tools tests * bmo#1880256 - work around unix/windows path translation issues in cert test script * bmo#1831552 - ci: let the windows setup script work without $m * bmo#1880255 - detect msys * bmo#1936680 - add a specialized CTR_Update variant for AES-GCM * bmo#1930807 - NSS policy updates * bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG * bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero * bmo#1930806 - FIPS changes need to be upstreamed - updated POST * bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing * bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality * bmo#1935984 - Ensure zero-initialization of collectArgs.cert * bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate * bmo#1915898 - Fix actual underlying ODR violations issue * bmo#1184059 - mozilla::pkix: allow reference ID labels to begin and/or end with hyphens Wolfgang Rosenauer 2025-03-02 14:54:06 +00:00
  • 90b94c1d66 Accepting request 1236115 from mozilla:Factory Ana Guerrero 2025-01-12 10:09:20 +00:00
  • f2e713c498 - update to NSS 3.107 * bmo#1923038 - Remove MPI fuzz targets. * bmo#1925512 - Remove globals lockStatus and locksEverDisabled. * bmo#1919015 - Enable PKCS8 fuzz target. * bmo#1923037 - Integrate Cryptofuzz in CI. * bmo#1913677 - Part 2: Set tls server target socket options in config class * bmo#1913677 - Part 1: Set tls client target socket options in config class * bmo#1913680 - Support building with thread sanitizer. * bmo#1922392 - set nssckbi version number to 2.72. * bmo#1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4. * bmo#1920641 - remove Security Communication RootCA3 root cert. * bmo#1918559 - remove SecureSign RootCA11 root cert. * bmo#1922387 - Add distrust-after for TLS to Entrust Roots. * bmo#1927096 - update expected error code in pk12util pbmac1 tests. * bmo#1929041 - Use random tstclnt args with handshake collection script * bmo#1920466 - Remove extraneous assert in ssl3gthr.c. * bmo#1928402 - Adding missing release notes for NSS_3_105. * bmo#1874451 - Enable the disabled mlkem tests for dtls. * bmo#1874451 - NSS gtests filter cleans up the constucted buffer before the use. * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe. * bmo#1925503 - Remove short circuit test from ssl_Init. - Added nss-bmo1930797.patch to fix failing tests in testsuite Wolfgang Rosenauer 2025-01-09 08:25:09 +00:00
  • d23ef53db2 Accepting request 1230141 from mozilla:Factory Ana Guerrero 2024-12-13 21:31:37 +00:00
  • a799fca564 Accepting request 1230139 from devel:LoongArch:Factory Wolfgang Rosenauer 2024-12-11 15:25:16 +00:00
  • 6ac2ba3813 Accepting request 1226642 from mozilla:Factory Ana Guerrero 2024-11-27 21:05:43 +00:00
  • 13053eadb0 - Remove upstreamed bmo-1400603.patch - Added nss-bmo1930797.patch to fix failing tests in testsuite Wolfgang Rosenauer 2024-11-26 15:24:39 +00:00
  • a7fdbb3a4f Accepting request 1218810 from mozilla:Factory Ana Guerrero 2024-10-29 13:32:09 +00:00
  • 088d6711db - update to NSS 3.105 * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Wolfgang Rosenauer 2024-10-28 12:29:57 +00:00
  • cd9be57a4a Accepting request 1204527 from mozilla:Factory Ana Guerrero 2024-09-30 13:34:33 +00:00
  • cd8891d66e - Fix build error under Leap by rebasing nss-fips-safe-memset.patch. Wolfgang Rosenauer 2024-09-29 13:54:16 +00:00
  • 936027472f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=460 Wolfgang Rosenauer 2024-09-28 14:54:29 +00:00
  • bf24c515b7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=459 Wolfgang Rosenauer 2024-09-28 11:29:49 +00:00
  • d973dd9e0b - remove obsolete nss-reproducible-builds.patch * bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1903783 - Adjust libFuzzer size limits * bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible, Wolfgang Rosenauer 2024-09-28 11:18:58 +00:00
  • b91ce5d4d5 - update to NSS 3.104 * bmo#1910071 - Copy original corpus to heap-allocated buffer * bmo#1910079 - Fix min ssl version for DTLS client fuzzer * bmo#1908990 - Remove OS2 support just like we did on NSPR * bmo#1910605 - clang-format NSS improvements * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function * bmo#1908990 - removing dirent.c from build * bmo#1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * bmo#1908990 - remove mentions of WIN95 * bmo#1908990 - remove mentions of WIN16 * bmo#1913750 - More explicit directory naming * bmo#1913755 - Add more options to TLS server fuzz target * bmo#1913675 - Add more options to TLS client fuzz target * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI * bmo#1908012 - set nssckbi version number to 2.70. * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA. * bmo#1908006 - Add Cybertrust Japan Roots to NSS. * bmo#1908004 - Add Taiwan CA Roots to NSS. * bmo#1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * bmo#1913132 - Fix tstclnt CI build failure * bmo#1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * bmo#1912427 - Enable all supported protocol versions for UDP * bmo#1910361 - Actually use random PSK hash type Wolfgang Rosenauer 2024-09-28 11:15:50 +00:00
  • 907ca87dbe Accepting request 1198722 from mozilla:Factory Ana Guerrero 2024-09-05 13:46:20 +00:00
  • ecbb6574e1 - update to NSS 3.103 Wolfgang Rosenauer 2024-09-04 12:40:12 +00:00
  • 2112765af8 Accepting request 1191334 from mozilla:Factory Dominique Leuenberger 2024-08-05 15:20:45 +00:00
  • 9ab66e765c Accepting request 1191192 from home:MSirringhaus:branches:mozilla:Factory-3-102 Wolfgang Rosenauer 2024-08-03 07:37:47 +00:00
  • 299c6c32d9 Accepting request 1185404 from mozilla:Factory Ana Guerrero 2024-07-14 06:50:32 +00:00
  • 736cd89747 Accepting request 1185339 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 13:34:25 +00:00
  • 4bf08b8523 Accepting request 1179896 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 07:57:57 +00:00
  • ea382df860 Accepting request 1176701 from mozilla:Factory Ana Guerrero 2024-05-27 09:44:37 +00:00
  • 4aa22f6ca2 Accepting request 1176699 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-24 09:22:57 +00:00
  • bdd567f0a8 Accepting request 1174160 from mozilla:Factory Ana Guerrero 2024-05-16 15:12:58 +00:00
  • 72cb111a96 Accepting request 1172639 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-15 07:48:31 +00:00
  • 67c31ccdce Accepting request 1169404 from mozilla:Factory Ana Guerrero 2024-04-24 13:13:06 +00:00
  • d7ce7e3b03 Accepting request 1164588 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-20 18:30:58 +00:00
  • 093ab57f1d Accepting request 1160555 from mozilla:Factory Ana Guerrero 2024-03-25 20:06:19 +00:00
  • d8a343069d - update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace distutils.spawn.find_executable with shutil.which within mach in nss * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping publicname: from -X value Wolfgang Rosenauer 2024-03-19 13:39:57 +00:00
  • c1d9bc76fd Accepting request 1154074 from home:pmonrealgonzalez:branches:mozilla:Factory Wolfgang Rosenauer 2024-03-16 21:37:01 +00:00
  • 1043d10496 Accepting request 1150519 from mozilla:Factory Ana Guerrero 2024-02-27 21:43:14 +00:00
  • 8c5e878b47 Accepting request 1149928 from home:pgajdos:m Wolfgang Rosenauer 2024-02-25 21:22:38 +00:00
  • 5bd20de299 Accepting request 1147963 from mozilla:Factory Ana Guerrero 2024-02-21 16:54:55 +00:00
  • 18c618a54d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=437 Wolfgang Rosenauer 2024-02-20 11:13:49 +00:00
  • e874801589 - update to NSS 3.97 * bmo#1875506 - make Xyber768d00 opt-in by policy * bmo#1871631 - add libssl support for xyber768d00 * bmo#1871630 - add PK11_ConcatSymKeys * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken * bmo#1871152 - add a FreeBL API for Kyber * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo * bmo#1835828 - Removing the calls to RSA Blind from loader.* * bmo#1874111 - fix worker type for level3 mac tasks * bmo#1835828 - RSA Blind implementation * bmo#1869642 - Remove DSA selftests * bmo#1873296 - read KWP testvectors from JSON * bmo#1822450 - Backed out changeset dcb174139e4f * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * bmo#1871219 - Wrap CC shell commands in gyp expansions Wolfgang Rosenauer 2024-02-20 10:34:19 +00:00
  • e04a2ff3cc Accepting request 1141173 from mozilla:Factory Ana Guerrero 2024-01-25 17:39:40 +00:00
  • fe01c5c3a3 - update to NSS 3.96.1 * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups) * bmo#1867408 - add a defensive check for large ssl_DefSend return values * bmo#1869378 - Add dependency to the taskcluster script for Darwin * bmo#1869378 - Upgrade version of the MacOS worker for the CI Wolfgang Rosenauer 2024-01-24 08:28:43 +00:00
  • b69cc0e4c0 Accepting request 1135302 from mozilla:Factory Ana Guerrero 2023-12-28 21:55:05 +00:00
  • f3864dded6 Accepting request 1135301 from home:cboltz:branches:mozilla:Factory Wolfgang Rosenauer 2023-12-27 12:13:11 +00:00
  • eb8065607f Accepting request 1134148 from mozilla:Factory Ana Guerrero 2023-12-20 20:00:15 +00:00
  • 914eacd9d8 - update to NSS 3.95 * bmo#1842932 - Bump builtins version number. * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS. * bmo#1850982 - Remove Camerfirma root certificates from NSS. * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate. * bmo#1860670 - Add four Commscope root certificates to NSS. * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates. * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL* * bmo#1861728 - Include P-256 Scalar Validation from HACL*. * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * bmo#1837987 - Add means to provide library parameters to C_Initialize * bmo#1573097 - clang format * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber * bmo#1573097 - Fix Invalid casts in instance.c Wolfgang Rosenauer 2023-12-20 08:29:33 +00:00
  • ae2cd5c9a0 Accepting request 1120733 from mozilla:Factory Ana Guerrero 2023-10-29 18:39:28 +00:00
  • 2c5bd7ba15 - update to NSS 3.94 * bmo#1853737 - Updated code and commit ID for HACL* * bmo#1840510 - update ACVP fuzzed test vector: refuzzed with current NSS * bmo#1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * bmo#1774659 - NSS needs a database tool that can dump the low level representation of the database * bmo#1852179 - declare string literals using char in pkixnames_tests.cpp * bmo#1852179 - avoid implicit conversion for ByteString * bmo#1818766 - update rust version for acvp docker * bmo#1852011 - Moving the init function of the mpi_ints before clean-up in ec.c * bmo#1615555 - P-256 ECDH and ECDSA from HACL* * bmo#1840510 - Add ACVP test vectors to the repository * bmo#1849077 - Stop relying on std::basic_string<uint8_t> * bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp - rebased patches - added nss-fips-test.patch to fix broken test * bmo#1849471 - Update zlib in NSS to 1.3. * bmo#1848183 - softoken: iterate hashUpdate calls for long inputs. * bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980). Wolfgang Rosenauer 2023-10-27 07:13:16 +00:00
  • b1d6d08496 Accepting request 1109133 from mozilla:Factory Ana Guerrero 2023-09-06 16:56:03 +00:00
  • a91fce9daa Accepting request 1109028 from home:dimstar:Factory Wolfgang Rosenauer 2023-09-05 18:57:40 +00:00
  • b92ae36d54 Accepting request 1107943 from mozilla:Factory Ana Guerrero 2023-08-30 08:18:35 +00:00
  • 9e6f8a1c39 - update to NSS 3.92 * bmo#1822935 - Set nssckbi version number to 2.62 * bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS * bmo#1839992 - Add 4 SSL.com Root CA certificates * bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates * bmo#1840437 - Add LAWtrust Root CA2 (4096) * bmo#1822936 - Remove E-Tugra Certification Authority root * bmo#1827224 - Remove Camerfirma Chambers of Commerce Root. * bmo#1840505 - Remove Hongkong Post Root CA 1 * bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3 * bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux Wolfgang Rosenauer 2023-08-28 06:49:16 +00:00
  • cb4219c8ee Accepting request 1101639 from mozilla:Factory Dominique Leuenberger 2023-08-02 14:48:09 +00:00
  • bf9b62ea10 - update to NSS 3.91 * bmo#1837431 - Implementation of the HW support check for ADX instruction * bmo#1836925 - Removing the support of Curve25519 * bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData * bmo#1839327 - Adding args to enable-legacy-db build * bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit default trust flags" * bmo#1837617 - Initialize flags in slot structures * bmo#1835425 - Improve the length check of RSA input to avoid heap overflow * bmo#1829112 - Followup Fixes * bmo#1784253 - avoid processing unexpected inputs by checking for m_exptmod base sign * bmo#1826652 - add a limit check on order_k to avoid infinite loop * bmo#1834851 - Update HACL* to commit 5f6051d2 * bmo#1753026 - add SHA3 to cryptohi and softoken * bmo#1753026 - HACL SHA3 * bmo#1836781 - Disabling ASM C25519 for A but X86_64 - removed upstreamed patch nss-fix-bmo1836925.patch Wolfgang Rosenauer 2023-08-01 07:55:11 +00:00
  • a450bd2dad Accepting request 1101298 from mozilla:Factory Dominique Leuenberger 2023-07-30 18:57:31 +00:00
  • 34e601a718 Accepting request 1101251 from home:dstoecker:branches:mozilla:Factory Wolfgang Rosenauer 2023-07-29 07:24:59 +00:00
  • 055490c69a Accepting request 1096951 from mozilla:Factory Fabian Vogt 2023-07-06 16:28:01 +00:00
  • 846be6085c - update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes Wolfgang Rosenauer 2023-07-05 11:49:19 +00:00
  • d26d35328f Accepting request 1091805 from mozilla:Factory Dominique Leuenberger 2023-06-11 17:52:40 +00:00
  • 9d5a7135d6 Accepting request 1091799 from home:pmonrealgonzalez:branches:mozilla:Factory Wolfgang Rosenauer 2023-06-09 13:20:43 +00:00
  • e005160fbb Accepting request 1091201 from mozilla:Factory Dominique Leuenberger 2023-06-08 19:41:44 +00:00
  • 2495c031fc - update to NSS 3.89.1 * bmo#1804505 - Update the technical constraints for KamuSM. * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates. Wolfgang Rosenauer 2023-06-03 08:22:22 +00:00
  • 535cae4fa1 Accepting request 1090032 from mozilla:Factory Dominique Leuenberger 2023-06-02 22:06:23 +00:00
  • e45fcc9dc6 Accepting request 1090016 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2023-05-31 15:04:59 +00:00
  • efc02b9f40 Accepting request 1078518 from mozilla:Factory Dominique Leuenberger 2023-04-13 12:09:28 +00:00
  • 875b69f395 - update to NSS 3.89 * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase * bmo#1820175 - PR_STATIC_ASSERT is cursed * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1820175 - Fix unreachable code warning in fuzz builds * bmo#1820175 - Fix various compiler warnings in NSS * bmo#1820175 - Enable various compiler warnings for clang builds * bmo#1815136 - set PORT error after sftk_HMACCmp failure * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt * bmo#1804660 - Make high tag number assertion failure an error * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello * bmo#1789436 - Fix build failure on Windows * bmo#1811337 - migrate Win 2012 tasks to Azure * bmo#1810702 - fix title length in doc * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite * bmo#1570615 - Add presence/absence tests for TLS GREASE * bmo#1804688 - Correct addition of GREASE value to ALPN xtn * bmo#1789436 - CH extension permutation * bmo#1570615 - TLS GREASE (RFC8701) * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag * bmo#1812671 - build failure while implicitly casting SECStatus Wolfgang Rosenauer 2023-04-11 20:52:30 +00:00
  • 1132de695b Accepting request 1071795 from mozilla:Factory Dominique Leuenberger 2023-03-15 17:53:39 +00:00
  • 9ad7a5b5cd OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=408 Wolfgang Rosenauer 2023-03-13 08:10:43 +00:00
  • 0524eebc24 - update to NSS 3.88.1 * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types - update to NSS 3.88 * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 * bmo#1212915 - Add check for ClientHello SID max length * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim * bmo#1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * bmo#1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * bmo#1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * bmo#1771100 - Added Bogo ECH rejection test support * bmo#1771100 - Added ECH 0Rtt support to BoGo shim * bmo#1747957 - RSA OAEP Wycheproof JSON * bmo#1747957 - RSA decrypt Wycheproof JSON * bmo#1747957 - ECDSA Wycheproof JSON * bmo#1747957 - ECDH Wycheproof JSON * bmo#1747957 - PKCS#1v1.5 wycheproof json * bmo#1747957 - Use X25519 wycheproof json * bmo#1766767 - Move scripts to python3 * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz. Wolfgang Rosenauer 2023-03-11 13:24:56 +00:00
  • fbb7619329 Accepting request 1065822 from mozilla:Factory Dominique Leuenberger 2023-02-16 15:54:58 +00:00
  • 17b7ee46a4 - update to NSS 3.87 * bmo#1803226 - NULL password encoding incorrect * bmo#1804071 - Fix rng stub signature for fuzzing builds * bmo#1803595 - Updating the compiler parsing for build * bmo#1749030 - Modification of supported compilers * bmo#1774654 - tstclnt crashes when accessing gnutls server without a user cert in the database. * bmo#1751707 - Add configuration option to enable source-based coverage sanitizer * bmo#1751705 - Update ECCKiila generated files. * bmo#1730353 - Add support for the LoongArch 64-bit architecture * bmo#1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * bmo#1798823 - Additional zero-length RSA modulus checks - add man-pages to the tools package (boo#1208242) Wolfgang Rosenauer 2023-02-14 23:11:03 +00:00
  • e9984d037e Accepting request 1059272 from mozilla:Factory Dominique Leuenberger 2023-01-20 16:36:27 +00:00
  • 8f950e8007 - update to NSS 3.86 * bmo#1803190 - conscious language removal in NSS * bmo#1794506 - Set nssckbi version number to 2.60 * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS * bmo#1797559 - Remove EC-ACC root cert from NSS * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS * bmo#1794495 - Remove Network Solutions Certificate Authority * bmo#1802331 - compress docker image artifact with zstd * bmo#1799315 - Migrate nss from AWS to GCP * bmo#1800989 - Enable static builds in the CI * bmo#1765759 - Removing SAW docker from the NSS build system * bmo#1783231 - Initialising variables in the rsa blinding code * bmo#320582 - Implementation of the double-signing of the message for ECDSA * bmo#1783231 - Adding exponent blinding for RSA. Wolfgang Rosenauer 2023-01-15 21:31:50 +00:00
  • c4fbc14867 Accepting request 1042789 from mozilla:Factory Dominique Leuenberger 2022-12-15 18:23:37 +00:00
  • d1813b37b2 - update to NSS 3.85 * bmo#1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables * bmo#1796815 - Update zlib in NSS to 1.2.13 * bmo#1796504 - Skip building modutil and shlibsign when building in Firefox * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15 * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings * bmo#1796281 - Followup: add missing stdint.h include * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows * bmo#1796079 - Fix -Wstring-conversion warnings * bmo#1796075 - Fix -Wempty-body warnings * bmo#1795242 - Fix unused-but-set-parameter warning * bmo#1795241 - Fix unreachable-code warnings * bmo#1795222 - Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. Wolfgang Rosenauer 2022-12-13 21:31:06 +00:00
  • 65668e1b08 Accepting request 1035465 from mozilla:Factory Dominique Leuenberger 2022-11-13 17:08:53 +00:00
  • e139764bd4 - update to NSS 3.84 * bmo#1791699 - Bump minimum NSPR version to 4.35 * bmo#1792103 - Add a flag to disable building libnssckbi. Wolfgang Rosenauer 2022-11-12 17:33:29 +00:00
  • 96084bf315 Accepting request 1029751 from mozilla:Factory Dominique Leuenberger 2022-10-19 11:17:17 +00:00
  • b9fa3558fa - update to NSS 3.83 * bmo#1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * bmo#1563221 - remove older oses that are unused part3/ BeOS * bmo#1563221 - remove older unix support in NSS part 3 Irix * bmo#1563221 - remove support for older unix in NSS part 2 DGUX * bmo#1563221 - remove support for older unix in NSS part 1 OSF * bmo#1778413 - Set nssckbi version number to 2.58 * bmp#1785297 - Add two SECOM root certificates to NSS * bmo#1787075 - Add two DigitalSign root certificates to NSS * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS * bmo#1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * bmo#1779361 - Removed skipping of ECH on equality of private and public server name * bmo#1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test * bmo#1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * bmo#1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * bmo# 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * bmo#1771100 - Update BoGo tests to recent BoringSSL version Wolfgang Rosenauer 2022-10-18 12:51:51 +00:00
  • 5c79868ac4 Accepting request 1005807 from mozilla:Factory Dominique Leuenberger 2022-09-26 16:47:37 +00:00
  • ff672b897f - update to NSS 3.82 * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length * bmo#1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * bmo#1784191 - Cast the result of GetProcAddress * bmo#1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI. Wolfgang Rosenauer 2022-09-20 20:42:40 +00:00
  • e114781d50 Accepting request 997590 from mozilla:Factory Dominique Leuenberger 2022-08-19 15:52:59 +00:00
  • c93b1c6421 - update to NSS 3.81 * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued * bmo#1779285 - Add no_application_protocol alert handler and test client error code is set * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (boo#1202118) Wolfgang Rosenauer 2022-08-17 11:24:51 +00:00
  • d4dfa4d671 Accepting request 991359 from mozilla:Factory Richard Brown 2022-08-01 19:28:11 +00:00
  • e805adc554 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=391 Wolfgang Rosenauer 2022-07-26 20:46:45 +00:00
  • 36fe40e3e2 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=390 Wolfgang Rosenauer 2022-07-26 20:46:30 +00:00
  • e6797bdfe9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=389 Wolfgang Rosenauer 2022-07-26 20:39:35 +00:00
  • 521f0d9c83 - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. - FIPS patch updates - removed obsolete patches * nss-fips-tests-skip.patch * nss-fips-tls-allow-md5-prf.patch Wolfgang Rosenauer 2022-07-26 19:23:39 +00:00
  • 18a34af8c5 Accepting request 985447 from mozilla:Factory Dominique Leuenberger 2022-06-29 14:00:24 +00:00
  • 8442248c89 - sync with current SLE * latest FIPS changes incl. testsuite fixes (enabled now) nss-fips-180-3-csp-clearing.patch nss-fips-tests-enable-fips.patch nss-fips-tests-skip.patch nss-fips-pbkdf-kat-compliance.patch Wolfgang Rosenauer 2022-06-28 06:46:22 +00:00