641740d0f8
Accepting request 1294847 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2025-07-22 03:31:27 +00:00
b3707f65f7
- update to NSS 3.113
Wolfgang Rosenauer
2025-07-22 03:31:27 +00:00
c7df8a94e9
Accepting request 1291170 from mozilla:Factory
Ana Guerrero2025-07-09 15:25:53 +00:00
a89f7b13c9
Accepting request 1291170 from mozilla:Factory
Ana Guerrero2025-07-09 15:25:53 +00:00
d36f17b191
- update to NSS 3.112 * bmo#1963792 - Fix alias for mac workers on try * bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * bmo#1931930 - ABI/API break in ssl certificate processing * bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template. * bmo#1965754 - update taskgraph to v14.2.1. * bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag * bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate * bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer * bmo#1951396 - update taskgraph to v14.1.1 * bmo#1962503 - Partial fix for ACVP build CI job * bmo#1961827 - Initialize find in sftk_searchDatabase * bmo#1963121 - Add clang-18 to extra builds * bmo#1963044 - Fault tolerant git fetch for fuzzing * bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp * bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls. * bmo#1963102 - Remove Cryptofuzz CI version check - Modify bmo1962556.patch to catch OBS specific errors
Wolfgang Rosenauer
2025-07-07 12:23:31 +00:00
dd11f885b2
- update to NSS 3.112 * bmo#1963792 - Fix alias for mac workers on try * bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * bmo#1931930 - ABI/API break in ssl certificate processing * bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template. * bmo#1965754 - update taskgraph to v14.2.1. * bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag * bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate * bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer * bmo#1951396 - update taskgraph to v14.1.1 * bmo#1962503 - Partial fix for ACVP build CI job * bmo#1961827 - Initialize find in sftk_searchDatabase * bmo#1963121 - Add clang-18 to extra builds * bmo#1963044 - Fault tolerant git fetch for fuzzing * bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp * bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls. * bmo#1963102 - Remove Cryptofuzz CI version check - Modify bmo1962556.patch to catch OBS specific errors
Wolfgang Rosenauer
2025-07-07 12:23:31 +00:00
beade5f2e2
- update to NSS 3.110 * bmo#1930806 - FIPS changes need to be upstreamed: force ems policy * bmo#1954724 - Prevent excess allocations in sslBuffer_Grow * bmo#1953429 - Remove Crl templates from ASN1 fuzz target * bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target * bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned * bmo#1930807 - NSS policy updates * bmo#1951161 - Improve locking in nssPKIObject_GetInstances * bmo#1951394 - Fix race in sdb_GetMetaData * bmo#1951800 - Fix member access within null pointer * bmo#1950077 - Increase smime fuzzer memory limit * bmo#1949677 - Enable resumption when using custom extensions * bmo#1952568 - change CN of server12 test certificate * bmo#1949118 - Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * bmo#1949118 - Part 1: Fix smime UBSan errors * bmo#1930806 - FIPS changes need to be upstreamed: updated key checks * bmo#1951491 - Don't build libpkix in static builds * bmo#1951395 - handle -p all in try syntax * bmo#1951346 - fix opt-make builds to actually be opt * bmo#1951346 - fix opt-static builds to actually be opt * bmo#1916439 - Remove extraneous assert - Removed upstreamed nss-fips-stricter-dh.patch - Added bmo1962556.patch to fix test failures - Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
Wolfgang Rosenauer
2025-05-01 04:59:05 +00:00
8473069430
- update to NSS 3.110 * bmo#1930806 - FIPS changes need to be upstreamed: force ems policy * bmo#1954724 - Prevent excess allocations in sslBuffer_Grow * bmo#1953429 - Remove Crl templates from ASN1 fuzz target * bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target * bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned * bmo#1930807 - NSS policy updates * bmo#1951161 - Improve locking in nssPKIObject_GetInstances * bmo#1951394 - Fix race in sdb_GetMetaData * bmo#1951800 - Fix member access within null pointer * bmo#1950077 - Increase smime fuzzer memory limit * bmo#1949677 - Enable resumption when using custom extensions * bmo#1952568 - change CN of server12 test certificate * bmo#1949118 - Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * bmo#1949118 - Part 1: Fix smime UBSan errors * bmo#1930806 - FIPS changes need to be upstreamed: updated key checks * bmo#1951491 - Don't build libpkix in static builds * bmo#1951395 - handle -p all in try syntax * bmo#1951346 - fix opt-make builds to actually be opt * bmo#1951346 - fix opt-static builds to actually be opt * bmo#1916439 - Remove extraneous assert - Removed upstreamed nss-fips-stricter-dh.patch - Added bmo1962556.patch to fix test failures - Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
Wolfgang Rosenauer
2025-05-01 04:59:05 +00:00
56c53171b6
Accepting request 1266364 from mozilla:Factory
Ana Guerrero2025-04-03 16:40:43 +00:00
4835f77b75
Accepting request 1266364 from mozilla:Factory
Ana Guerrero2025-04-03 16:40:43 +00:00
270ed73af5
- update to NSS 3.109 * bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * bmo#1930807 - NSS policy updates - fix inaccurate key policy issues * bmo#1945883 - SMIME fuzz target * bmo#1914256 - ASN1 decoder fuzz target * bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests for fuzzing” * bmo#1915155 - Add fuzz/README.md * bmo#1936001 - Part 4: Fix tstclnt arguments script * bmo#1944545 - Extend pkcs7 fuzz target * bmo#1912320 - Extend certDN fuzz target * bmo#1944300 - revert changes to HACL* files from bug 1866841 * bmo#1936001 - Part 3: Package frida corpus script
Wolfgang Rosenauer
2025-04-02 05:45:53 +00:00
1507d97637
- update to NSS 3.109 * bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * bmo#1930807 - NSS policy updates - fix inaccurate key policy issues * bmo#1945883 - SMIME fuzz target * bmo#1914256 - ASN1 decoder fuzz target * bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests for fuzzing” * bmo#1915155 - Add fuzz/README.md * bmo#1936001 - Part 4: Fix tstclnt arguments script * bmo#1944545 - Extend pkcs7 fuzz target * bmo#1912320 - Extend certDN fuzz target * bmo#1944300 - revert changes to HACL* files from bug 1866841 * bmo#1936001 - Part 3: Package frida corpus script
Wolfgang Rosenauer
2025-04-02 05:45:53 +00:00
48764c5e07
Accepting request 1250499 from mozilla:Factory
Ana Guerrero2025-03-07 15:38:48 +00:00
e3d9c6a2d9
Accepting request 1250499 from mozilla:Factory
Ana Guerrero2025-03-07 15:38:48 +00:00
b89db2a91e
Accepting request 1250397 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2025-03-05 19:49:24 +00:00
57b6c777a1
Update patch to latest FIPS fixes
Wolfgang Rosenauer
2025-03-05 19:49:24 +00:00
7d8f976730
- update to NSS 3.108 * bmo#1923285 - libclang-16 -> libclang-19 * bmo#1939086 - Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * bmo#1915902 - Remove SwissSign Silver CA – G2 * bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS * bmo#1942301 - fix fips test failure on windows * bmo#1935925 - change default sensitivity of KEM keys * bmo#1936001 - Part 1: Introduce frida hooks and script * bmo#1942350 - add missing arm_neon.h include to gcm.c * bmo#1831552 - ci: update windows workers to win2022 * bmo#1831552 - strip trailing carriage returns in tools tests * bmo#1880256 - work around unix/windows path translation issues in cert test script * bmo#1831552 - ci: let the windows setup script work without $m * bmo#1880255 - detect msys * bmo#1936680 - add a specialized CTR_Update variant for AES-GCM * bmo#1930807 - NSS policy updates * bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG * bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero * bmo#1930806 - FIPS changes need to be upstreamed - updated POST * bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing * bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality * bmo#1935984 - Ensure zero-initialization of collectArgs.cert * bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate * bmo#1915898 - Fix actual underlying ODR violations issue * bmo#1184059 - mozilla::pkix: allow reference ID labels to begin and/or end with hyphens
Wolfgang Rosenauer
2025-03-02 14:54:06 +00:00
99b17fbdca
- update to NSS 3.108 * bmo#1923285 - libclang-16 -> libclang-19 * bmo#1939086 - Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * bmo#1915902 - Remove SwissSign Silver CA – G2 * bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS * bmo#1942301 - fix fips test failure on windows * bmo#1935925 - change default sensitivity of KEM keys * bmo#1936001 - Part 1: Introduce frida hooks and script * bmo#1942350 - add missing arm_neon.h include to gcm.c * bmo#1831552 - ci: update windows workers to win2022 * bmo#1831552 - strip trailing carriage returns in tools tests * bmo#1880256 - work around unix/windows path translation issues in cert test script * bmo#1831552 - ci: let the windows setup script work without $m * bmo#1880255 - detect msys * bmo#1936680 - add a specialized CTR_Update variant for AES-GCM * bmo#1930807 - NSS policy updates * bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG * bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero * bmo#1930806 - FIPS changes need to be upstreamed - updated POST * bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing * bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality * bmo#1935984 - Ensure zero-initialization of collectArgs.cert * bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate * bmo#1915898 - Fix actual underlying ODR violations issue * bmo#1184059 - mozilla::pkix: allow reference ID labels to begin and/or end with hyphens
Wolfgang Rosenauer
2025-03-02 14:54:06 +00:00
931c3d1fb2
Accepting request 1236115 from mozilla:Factory
Ana Guerrero2025-01-12 10:09:20 +00:00
90b94c1d66
Accepting request 1236115 from mozilla:Factory
Ana Guerrero2025-01-12 10:09:20 +00:00
c9e38464e0
- update to NSS 3.107 * bmo#1923038 - Remove MPI fuzz targets. * bmo#1925512 - Remove globals lockStatus and locksEverDisabled. * bmo#1919015 - Enable PKCS8 fuzz target. * bmo#1923037 - Integrate Cryptofuzz in CI. * bmo#1913677 - Part 2: Set tls server target socket options in config class * bmo#1913677 - Part 1: Set tls client target socket options in config class * bmo#1913680 - Support building with thread sanitizer. * bmo#1922392 - set nssckbi version number to 2.72. * bmo#1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4. * bmo#1920641 - remove Security Communication RootCA3 root cert. * bmo#1918559 - remove SecureSign RootCA11 root cert. * bmo#1922387 - Add distrust-after for TLS to Entrust Roots. * bmo#1927096 - update expected error code in pk12util pbmac1 tests. * bmo#1929041 - Use random tstclnt args with handshake collection script * bmo#1920466 - Remove extraneous assert in ssl3gthr.c. * bmo#1928402 - Adding missing release notes for NSS_3_105. * bmo#1874451 - Enable the disabled mlkem tests for dtls. * bmo#1874451 - NSS gtests filter cleans up the constucted buffer before the use. * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe. * bmo#1925503 - Remove short circuit test from ssl_Init. - Added nss-bmo1930797.patch to fix failing tests in testsuite
Wolfgang Rosenauer
2025-01-09 08:25:09 +00:00
f2e713c498
- update to NSS 3.107 * bmo#1923038 - Remove MPI fuzz targets. * bmo#1925512 - Remove globals lockStatus and locksEverDisabled. * bmo#1919015 - Enable PKCS8 fuzz target. * bmo#1923037 - Integrate Cryptofuzz in CI. * bmo#1913677 - Part 2: Set tls server target socket options in config class * bmo#1913677 - Part 1: Set tls client target socket options in config class * bmo#1913680 - Support building with thread sanitizer. * bmo#1922392 - set nssckbi version number to 2.72. * bmo#1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4. * bmo#1920641 - remove Security Communication RootCA3 root cert. * bmo#1918559 - remove SecureSign RootCA11 root cert. * bmo#1922387 - Add distrust-after for TLS to Entrust Roots. * bmo#1927096 - update expected error code in pk12util pbmac1 tests. * bmo#1929041 - Use random tstclnt args with handshake collection script * bmo#1920466 - Remove extraneous assert in ssl3gthr.c. * bmo#1928402 - Adding missing release notes for NSS_3_105. * bmo#1874451 - Enable the disabled mlkem tests for dtls. * bmo#1874451 - NSS gtests filter cleans up the constucted buffer before the use. * bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe. * bmo#1925503 - Remove short circuit test from ssl_Init. - Added nss-bmo1930797.patch to fix failing tests in testsuite
Wolfgang Rosenauer
2025-01-09 08:25:09 +00:00
0e087358e1
Accepting request 1230141 from mozilla:Factory
Ana Guerrero2024-12-13 21:31:37 +00:00
d23ef53db2
Accepting request 1230141 from mozilla:Factory
Ana Guerrero2024-12-13 21:31:37 +00:00
adf66d6f62
Accepting request 1230139 from devel:LoongArch:Factory
Wolfgang Rosenauer
2024-12-11 15:25:16 +00:00
a799fca564
Accepting request 1230139 from devel:LoongArch:Factory
Wolfgang Rosenauer
2024-12-11 15:25:16 +00:00
57ae573e34
Accepting request 1226642 from mozilla:Factory
Ana Guerrero2024-11-27 21:05:43 +00:00
6ac2ba3813
Accepting request 1226642 from mozilla:Factory
Ana Guerrero2024-11-27 21:05:43 +00:00
c0d31603a0
- Remove upstreamed bmo-1400603.patch - Added nss-bmo1930797.patch to fix failing tests in testsuite
Wolfgang Rosenauer
2024-11-26 15:24:39 +00:00
13053eadb0
- Remove upstreamed bmo-1400603.patch - Added nss-bmo1930797.patch to fix failing tests in testsuite
Wolfgang Rosenauer
2024-11-26 15:24:39 +00:00
d3e16c5954
Accepting request 1218810 from mozilla:Factory
Ana Guerrero2024-10-29 13:32:09 +00:00
a7fdbb3a4f
Accepting request 1218810 from mozilla:Factory
Ana Guerrero2024-10-29 13:32:09 +00:00
af423daa15
- update to NSS 3.105 * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
Wolfgang Rosenauer
2024-10-28 12:29:57 +00:00
088d6711db
- update to NSS 3.105 * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
Wolfgang Rosenauer
2024-10-28 12:29:57 +00:00
018558f7b4
Accepting request 1204527 from mozilla:Factory
Ana Guerrero2024-09-30 13:34:33 +00:00
cd9be57a4a
Accepting request 1204527 from mozilla:Factory
Ana Guerrero2024-09-30 13:34:33 +00:00
27298827c3
Accepting request 1204523 from home:ecsos
Wolfgang Rosenauer
2024-09-29 13:54:16 +00:00
cd8891d66e
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
Wolfgang Rosenauer
2024-09-29 13:54:16 +00:00
ff01a82f74
- remove obsolete nss-reproducible-builds.patch * bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1903783 - Adjust libFuzzer size limits * bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible,
Wolfgang Rosenauer
2024-09-28 11:18:58 +00:00
d973dd9e0b
- remove obsolete nss-reproducible-builds.patch * bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1903783 - Adjust libFuzzer size limits * bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible,
Wolfgang Rosenauer
2024-09-28 11:18:58 +00:00
c8328f895b
- update to NSS 3.104 * bmo#1910071 - Copy original corpus to heap-allocated buffer * bmo#1910079 - Fix min ssl version for DTLS client fuzzer * bmo#1908990 - Remove OS2 support just like we did on NSPR * bmo#1910605 - clang-format NSS improvements * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function * bmo#1908990 - removing dirent.c from build * bmo#1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * bmo#1908990 - remove mentions of WIN95 * bmo#1908990 - remove mentions of WIN16 * bmo#1913750 - More explicit directory naming * bmo#1913755 - Add more options to TLS server fuzz target * bmo#1913675 - Add more options to TLS client fuzz target * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI * bmo#1908012 - set nssckbi version number to 2.70. * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA. * bmo#1908006 - Add Cybertrust Japan Roots to NSS. * bmo#1908004 - Add Taiwan CA Roots to NSS. * bmo#1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * bmo#1913132 - Fix tstclnt CI build failure * bmo#1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * bmo#1912427 - Enable all supported protocol versions for UDP * bmo#1910361 - Actually use random PSK hash type
Wolfgang Rosenauer
2024-09-28 11:15:50 +00:00
b91ce5d4d5
- update to NSS 3.104 * bmo#1910071 - Copy original corpus to heap-allocated buffer * bmo#1910079 - Fix min ssl version for DTLS client fuzzer * bmo#1908990 - Remove OS2 support just like we did on NSPR * bmo#1910605 - clang-format NSS improvements * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function * bmo#1908990 - removing dirent.c from build * bmo#1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * bmo#1908990 - remove mentions of WIN95 * bmo#1908990 - remove mentions of WIN16 * bmo#1913750 - More explicit directory naming * bmo#1913755 - Add more options to TLS server fuzz target * bmo#1913675 - Add more options to TLS client fuzz target * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI * bmo#1908012 - set nssckbi version number to 2.70. * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA. * bmo#1908006 - Add Cybertrust Japan Roots to NSS. * bmo#1908004 - Add Taiwan CA Roots to NSS. * bmo#1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * bmo#1913132 - Fix tstclnt CI build failure * bmo#1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * bmo#1912427 - Enable all supported protocol versions for UDP * bmo#1910361 - Actually use random PSK hash type
Wolfgang Rosenauer
2024-09-28 11:15:50 +00:00
fa94112a03
Accepting request 1198722 from mozilla:Factory
Ana Guerrero2024-09-05 13:46:20 +00:00
907ca87dbe
Accepting request 1198722 from mozilla:Factory
Ana Guerrero2024-09-05 13:46:20 +00:00
a4cb4fcf80
Accepting request 1195054 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-09-04 12:40:12 +00:00
ecbb6574e1
- update to NSS 3.103
Wolfgang Rosenauer
2024-09-04 12:40:12 +00:00
9acab8ea3e
Accepting request 1191192 from home:MSirringhaus:branches:mozilla:Factory-3-102
Wolfgang Rosenauer
2024-08-03 07:37:47 +00:00
9ab66e765c
Accepting request 1191192 from home:MSirringhaus:branches:mozilla:Factory-3-102
Wolfgang Rosenauer
2024-08-03 07:37:47 +00:00
fe52c1bc6e
Accepting request 1185404 from mozilla:Factory
Ana Guerrero2024-07-14 06:50:32 +00:00
299c6c32d9
Accepting request 1185404 from mozilla:Factory
Ana Guerrero2024-07-14 06:50:32 +00:00
da1deedbfa
Accepting request 1185339 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-07-04 13:34:25 +00:00
736cd89747
Accepting request 1185339 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-07-04 13:34:25 +00:00
ad7a3ac250
Accepting request 1179896 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-07-04 07:57:57 +00:00
4bf08b8523
Accepting request 1179896 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-07-04 07:57:57 +00:00
7f0d33e9f2
Accepting request 1176701 from mozilla:Factory
Ana Guerrero2024-05-27 09:44:37 +00:00
ea382df860
Accepting request 1176701 from mozilla:Factory
Ana Guerrero2024-05-27 09:44:37 +00:00
6a053f7490
Accepting request 1176699 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-05-24 09:22:57 +00:00
4aa22f6ca2
Accepting request 1176699 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-05-24 09:22:57 +00:00
4c1989b45a
Accepting request 1174160 from mozilla:Factory
Ana Guerrero2024-05-16 15:12:58 +00:00
bdd567f0a8
Accepting request 1174160 from mozilla:Factory
Ana Guerrero2024-05-16 15:12:58 +00:00
087dc3c0d2
Accepting request 1172639 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-05-15 07:48:31 +00:00
72cb111a96
Accepting request 1172639 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-05-15 07:48:31 +00:00
64e577ae20
Accepting request 1169404 from mozilla:Factory
Ana Guerrero2024-04-24 13:13:06 +00:00
67c31ccdce
Accepting request 1169404 from mozilla:Factory
Ana Guerrero2024-04-24 13:13:06 +00:00
39ec6768b3
Accepting request 1164588 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-04-20 18:30:58 +00:00
d7ce7e3b03
Accepting request 1164588 from home:MSirringhaus:branches:mozilla:Factory
Wolfgang Rosenauer
2024-04-20 18:30:58 +00:00
a141d7b134
Accepting request 1160555 from mozilla:Factory
Ana Guerrero2024-03-25 20:06:19 +00:00
093ab57f1d
Accepting request 1160555 from mozilla:Factory
Ana Guerrero2024-03-25 20:06:19 +00:00
7a0592e966
- update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace distutils.spawn.find_executable with shutil.which within mach in nss * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping publicname: from -X value
Wolfgang Rosenauer
2024-03-19 13:39:57 +00:00
d8a343069d
- update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace distutils.spawn.find_executable with shutil.which within mach in nss * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping publicname: from -X value
Wolfgang Rosenauer
2024-03-19 13:39:57 +00:00
b54714d3ed
Accepting request 1154074 from home:pmonrealgonzalez:branches:mozilla:Factory
Wolfgang Rosenauer
2024-03-16 21:37:01 +00:00
c1d9bc76fd
Accepting request 1154074 from home:pmonrealgonzalez:branches:mozilla:Factory
Wolfgang Rosenauer
2024-03-16 21:37:01 +00:00
c1dda81202
Accepting request 1150519 from mozilla:Factory
Ana Guerrero2024-02-27 21:43:14 +00:00
1043d10496
Accepting request 1150519 from mozilla:Factory
Ana Guerrero2024-02-27 21:43:14 +00:00
34e0a8566c
Accepting request 1149928 from home:pgajdos:m
Wolfgang Rosenauer
2024-02-25 21:22:38 +00:00
8c5e878b47
Accepting request 1149928 from home:pgajdos:m
Wolfgang Rosenauer
2024-02-25 21:22:38 +00:00
Ana Guerrero
Martin Sirringhaus
Wolfgang Rosenauer
Dominique Leuenberger
Adrian Schröter