pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • cf6015d61e Accepting request 251989 from mozilla:Factory Stephan Kulow 2014-10-01 09:22:06 +0000
  • d2eba15b73 * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS Wolfgang Rosenauer 2014-09-24 19:29:06 +0000
  • 3fb5d49790 - update to 3.17.1 (bnc#897890) * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64 Wolfgang Rosenauer 2014-09-23 21:39:14 +0000
  • a2c74afcaf Accepting request 247562 from mozilla:Factory Stephan Kulow 2014-09-08 19:28:11 +0000
  • 8b17b48d47 - update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. * On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used. Wolfgang Rosenauer 2014-09-04 13:58:20 +0000
  • 9fb0f9587a - update to 3.16.4 (bnc#894201) Wolfgang Rosenauer 2014-09-02 18:14:14 +0000
  • 7c23619d74 Accepting request 244502 from mozilla:Factory Ludwig Nussel 2014-08-15 07:58:16 +0000
  • c133651414 - update to 3.16.4 * now required for Firefox 32 Notable Changes: * The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the decision to keep this root included longer in order to give website administrators more time to update their web servers. - CN = GTE CyberTrust Global Root * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit intermediate CA certificate has been included, without explicit trust. The intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root certificate, because many public Internet sites still use the "USERTrust Legacy Secure Server CA" intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The inclusion of the intermediate certificate is a temporary measure to allow those sites to function, by allowing them to find a trust path to another 2048-bit root CA certificate. The temporarily included intermediate certificate expires November 1, 2015. Wolfgang Rosenauer 2014-08-12 11:04:16 +0000
  • d826e8dd6d Accepting request 240770 from mozilla:Factory Stephan Kulow 2014-07-21 19:38:54 +0000
  • 0505423d6d - update to 3.16.3 * required for Firefox 32 New Functions: * CERT_GetGeneralNameTypeFromString (This function was already added in NSS 3.16.2, however, it wasn't declared in a public header file.) Notable Changes: * The following 1024-bit CA certificates were removed - Entrust.net Secure Server Certification Authority - GTE CyberTrust Global Root - ValiCert Class 1 Policy Validation Authority - ValiCert Class 2 Policy Validation Authority - ValiCert Class 3 Policy Validation Authority * Additionally, the following CA certificate was removed as requested by the CA: - TDC Internet Root CA * The following CA certificates were added: - Certification Authority of WoSign - CA 沃通根证书 - DigiCert Assured ID Root G2 - DigiCert Assured ID Root G3 - DigiCert Global Root G2 - DigiCert Global Root G3 - DigiCert Trusted Root G4 - QuoVadis Root CA 1 G3 - QuoVadis Root CA 2 G3 - QuoVadis Root CA 3 G3 * The Trust Bits were changed for the following CA certificates - Class 3 Public Primary Certification Authority - Class 3 Public Primary Certification Authority - Class 2 Public Primary Certification Authority - G2 Wolfgang Rosenauer 2014-07-05 13:02:10 +0000
  • 01bbbc1e3d Accepting request 233606 from mozilla:Factory Stephan Kulow 2014-05-13 18:47:44 +0000
  • 8f1ab3a949 - update to 3.16.1 * required for Firefox 31 New functionality: * Added the "ECC" flag for modutil to select the module used for elliptic curve cryptography (ECC) operations. New Functions: * PK11_ExportDERPrivateKeyInfo/PK11_ExportPrivKeyInfo exports a private key in a DER-encoded ASN.1 PrivateKeyInfo type or a SECKEYPrivateKeyInfo structure. Only RSA private keys are supported now. * SECMOD_InternalToPubMechFlags converts from NSS-internal to public representation of mechanism flags New Types: * ssl_padding_xtn the value of this enum constant changed from the experimental value 35655 to the IANA-assigned value 21 New Macros * PUBLIC_MECH_ECC_FLAG a public mechanism flag for elliptic curve cryptography (ECC) operations * SECMOD_ECC_FLAG an NSS-internal mechanism flag for elliptic curve cryptography (ECC) operations. This macro has the same numeric value as PUBLIC_MECH_ECC_FLAG. Notable Changes: * Imposed name constraints on the French government root CA ANSSI (DCISS). Wolfgang Rosenauer 2014-05-08 06:02:59 +0000
  • 4ebbb77c33 Accepting request 228183 from mozilla:Factory Stephan Kulow 2014-04-01 04:46:22 +0000
  • 6b78854628 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=156 Wolfgang Rosenauer 2014-03-22 16:18:07 +0000
  • b45e5b8ae6 - update to 3.16 * required for Firefox 29 * bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Supports the Linux x32 ABI. To build for the Linux x32 target, set the environment variable USE_X32=1 when building NSS. New Functions: * NSS_CMSSignerInfo_Verify New Macros * TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that were first defined in SSL 3.0 can now be referred to with their official IANA names in TLS, with the TLS_ prefix. Previously, they had to be referred to with their names in SSL 3.0, with the SSL_ prefix. Notable Changes: * ECC is enabled by default. It is no longer necessary to set the environment variable NSS_ENABLE_ECC=1 when building NSS. To disable ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS. * libpkix should not include the common name of CA as DNS names when evaluating name constraints. * AESKeyWrap_Decrypt should not return SECSuccess for invalid keys. * Fix a memory corruption in sec_pkcs12_new_asafe. * If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime test sdb_measureAccess. * The built-in roots module has been updated to version 1.97, which adds, removes, and distrusts several certificates. * The atob utility has been improved to automatically ignore lines of text that aren't in base64 format. Wolfgang Rosenauer 2014-03-21 21:54:13 +0000
  • 47108391e0 Accepting request 223809 from mozilla:Factory Stephan Kulow 2014-02-26 22:20:34 +0000
  • ceb833b465 - update to 3.15.5 * required for Firefox 28 * export FREEBL_LOWHASH to get the correct default headers (bnc#865539) New functionality * Added support for the TLS application layer protocol negotiation (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation. * Added the TLS padding extension. The extension type value is 35655, which may change when an official extension type value is assigned by IANA. NSS automatically adds the padding extension to ClientHello when necessary. * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting the tail of a CERTCertList. Notable Changes * bmo#950129: Improve the OCSP fetching policy when verifying OCSP responses * bmo#949060: Validate the iov input argument (an array of PRIOVec structures) of ssl_WriteV (called via PR_Writev). Applications should still take care when converting struct iov to PRIOVec because the iov_len members of the two structures have different types (size_t vs. int). size_t is unsigned and may be larger than int. Wolfgang Rosenauer 2014-02-25 12:02:07 +0000
  • d377e44364 Accepting request 223209 from home:aeneas_jaissle:branches:mozilla:Factory Wolfgang Rosenauer 2014-02-20 12:04:07 +0000
  • 3d05b3f5d6 Accepting request 220922 from mozilla:Factory Stephan Kulow 2014-02-06 06:06:30 +0000
  • 17f8bab0f2 * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues Wolfgang Rosenauer 2014-02-05 06:01:36 +0000
  • 441ef15ac2 Accepting request 213275 from mozilla:Factory Stephan Kulow 2014-01-10 20:21:02 +0000
  • 14100a1118 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=148 Wolfgang Rosenauer 2014-01-09 10:26:13 +0000
  • 186557c50a * Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. * Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. * When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) New functionality * Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. * Implemented OCSP server functionality for testing purposes (httpserv utility). * Support SHA-1 signatures with TLS 1.2 client authentication. * Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. * Added the -w command-line option to pp: don't wrap long output lines. New functions * CERT_ForcePostMethodForOCSP * CERT_GetSubjectNameDigest * CERT_GetSubjectPublicKeyDigest * SSL_PeerCertificateChain * SSL_RecommendedCanFalseStart * SSL_SetCanFalseStartCallback New types * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST. Wolfgang Rosenauer 2014-01-09 10:24:37 +0000
  • 58591dfdb2 - update to 3.15.4 * required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes - removed obsolete char.patch Wolfgang Rosenauer 2014-01-07 08:49:30 +0000
  • a73555f5b8 Accepting request 210076 from mozilla:Factory Stephan Kulow 2013-12-10 16:43:53 +0000
  • 583d3a0e12 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=144 Wolfgang Rosenauer 2013-12-09 19:28:29 +0000
  • 09fb13cf21 - update to 3.15.3.1 (bnc#854367) * includes certstore update (1.95) (bmo#946351) (explicitely distrust AC DG Tresor SSL) Wolfgang Rosenauer 2013-12-09 12:35:34 +0000
  • a24fc6f228 Accepting request 209434 from mozilla:Factory Stephan Kulow 2013-12-07 06:46:23 +0000
  • a86677e628 Accepting request 209419 from openSUSE:Factory:PowerLE Wolfgang Rosenauer 2013-12-04 17:44:48 +0000
  • c284190dfc Accepting request 206762 from mozilla:Factory Stephan Kulow 2013-11-20 09:48:47 +0000
  • 38ebd6f8e7 - update to 3.15.3 (bnc#850148) * fix CVE-2013-5605 Wolfgang Rosenauer 2013-11-12 20:37:56 +0000
  • d14ddaa1f0 - update to 3.15.3 * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) Wolfgang Rosenauer 2013-11-11 22:19:45 +0000
  • 7b55833f6c Accepting request 201263 from mozilla:Factory Stephan Kulow 2013-09-29 15:50:27 +0000
  • dc0fe543b4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=136 Wolfgang Rosenauer 2013-09-28 08:34:54 +0000
  • 5e4a477e3f - update to 3.15.2 (bnc#842979) Wolfgang Rosenauer 2013-09-28 08:24:06 +0000
  • 5163190a91 - version 3.15.2 * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Wolfgang Rosenauer 2013-09-28 08:17:22 +0000
  • a2949dce64 Accepting request 201249 from home:elvigia:branches:mozilla:Factory Wolfgang Rosenauer 2013-09-28 08:13:46 +0000
  • cd0c020b2e Accepting request 182306 from mozilla:Factory Stephan Kulow 2013-07-05 18:37:37 +0000
  • 7dddfd6c24 Accepting request 182277 from home:lnussel:branches:Base:System Wolfgang Rosenauer 2013-07-05 12:48:09 +0000
  • e071638690 Accepting request 181869 from mozilla:Factory Stephan Kulow 2013-07-04 08:11:56 +0000
  • 997d66ac8e rebase patch Wolfgang Rosenauer 2013-07-03 12:27:52 +0000
  • 1256cc6819 - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements Wolfgang Rosenauer 2013-07-03 12:00:07 +0000
  • 80c4a0174f Accepting request 181778 from home:lnussel:branches:Base:System Wolfgang Rosenauer 2013-07-03 10:36:27 +0000
  • 4089d6b89b Accepting request 178606 from mozilla:Factory Stephan Kulow 2013-06-14 14:46:40 +0000
  • 8893871f59 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=125 Wolfgang Rosenauer 2013-06-12 08:21:54 +0000
  • 506ad33ba3 - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. Wolfgang Rosenauer 2013-06-11 15:41:13 +0000
  • 9fbe48bbad Accepting request 173001 from mozilla:Factory Stephan Kulow 2013-04-24 08:47:42 +0000
  • ddbab3a3b8 Accepting request 171078 from home:namtrac:bugfix Wolfgang Rosenauer 2013-04-16 11:16:38 +0000
  • 35724cb521 Accepting request 162347 from mozilla:Factory Stephan Kulow 2013-04-05 07:29:13 +0000
  • a1f8432feb (nss-disable-expired-testcerts.patch) (bug-834091.patch; bmo#834091) Wolfgang Rosenauer 2013-04-03 07:43:24 +0000
  • 1400caed25 * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage Wolfgang Rosenauer 2013-04-02 21:31:01 +0000
  • 15f7757c6e - disable tests with expired certificates - add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements Wolfgang Rosenauer 2013-04-02 20:29:32 +0000
  • c5c5dba1e1 Accepting request 156925 from mozilla:Factory Stephan Kulow 2013-03-01 09:52:35 +0000
  • 38168bf8bb - update to 3.14.3 * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch - add aarch64 support Wolfgang Rosenauer 2013-02-28 22:53:05 +0000
  • 3ec4a7d061 Accepting request 147589 from mozilla:Factory Stephan Kulow 2013-01-10 12:33:23 +0000
  • 99a81b336e - updated CA database (nssckbi-1.93.patch) * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Wolfgang Rosenauer 2013-01-08 17:55:59 +0000
  • e5e52b65d8 (bmo#825022, bnc#796628) Wolfgang Rosenauer 2013-01-05 14:50:59 +0000
  • 4d27219c9a Accepting request 146971 from mozilla:Factory Ismail Dönmez 2013-01-04 12:11:52 +0000
  • 9e5952a272 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=111 Wolfgang Rosenauer 2013-01-04 11:03:16 +0000
  • 61b05c4267 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=110 Wolfgang Rosenauer 2012-12-30 18:23:59 +0000
  • 41f3cb6358 - updated CA database (nssckbi-1.93.patch) (bmo#825022) Wolfgang Rosenauer 2012-12-30 18:06:05 +0000
  • 60d88fc972 Accepting request 146303 from mozilla:Factory Ismail Dönmez 2012-12-28 21:45:31 +0000
  • 9cd1b1b874 - update to 3.14.1 RTM * minimal requirement for Gecko 20 * several bugfixes Wolfgang Rosenauer 2012-12-18 13:54:06 +0000
  • ba6f4f590a Accepting request 139298 from mozilla:Factory Stephan Kulow 2012-10-26 15:26:31 +0000
  • eb3cdf4581 - update to 3.14 RTM * Support for TLS 1.1 (RFC 4346) * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) * Support for AES-CTR, AES-CTS, and AES-GCM * Support for Keying Material Exporters for TLS (RFC 5705) * Support for certificate signatures using the MD5 hash algorithm is now disabled by default * The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. * Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default - disabled OCSP testcases since they need external network (nss-disable-ocsp-test.patch) Wolfgang Rosenauer 2012-10-25 14:10:44 +0000
  • 0d4bc1d5e6 Accepting request 130997 from mozilla:Factory Ismail Dönmez 2012-08-16 19:45:00 +0000
  • 579c8a7cf9 - update to 3.13.6 RTM * root CA update * other bugfixes Wolfgang Rosenauer 2012-08-16 04:53:56 +0000
  • a5bceb9c75 Accepting request 123277 from mozilla:Factory Stephan Kulow 2012-06-06 14:08:48 +0000
  • 20b5fe0209 - update to 3.13.5 RTM Wolfgang Rosenauer 2012-06-01 20:35:17 +0000
  • 256bc64644 Accepting request 113444 from mozilla:Factory Stephan Kulow 2012-04-17 19:59:52 +0000
  • 0c217ace95 Accepting request 113443 from mozilla Wolfgang Rosenauer 2012-04-13 19:11:33 +0000
  • 2240340284 Accepting request 106703 from mozilla:Factory Stephan Kulow 2012-02-24 11:06:05 +0000
  • 8f7e6d6c4d - update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204) Wolfgang Rosenauer 2012-02-23 15:13:12 +0000
  • 5ddf92b10e Accepting request 105668 from mozilla:Factory Stephan Kulow 2012-02-17 14:00:51 +0000
  • e36e0c6124 - update to 3.13.2 RTM * requirement with Gecko >= 11 - removed obsolete patches * ckbi-1.88 * pkcs11n-header-fix.patch Wolfgang Rosenauer 2012-02-17 08:35:36 +0000
  • a40b913f97 Accepting request 96965 from mozilla:Factory Stephan Kulow 2011-12-21 13:57:40 +0000
  • f962eacea8 Accepting request 96964 from openSUSE:Factory:ARM Wolfgang Rosenauer 2011-12-18 17:50:41 +0000
  • 6beeecfb7e replace license with spdx.org variant Stephan Kulow 2011-12-06 17:29:55 +0000
  • 747b30ac4b Updating link to change in openSUSE:Factory/mozilla-nss revision 64.0 OBS User buildservice-autocommit 2011-12-06 17:29:55 +0000
  • 5bcc54305e Accepting request 91345 from mozilla:Factory Stephan Kulow 2011-11-16 16:19:33 +0000
  • 7b17b9dfbc - Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090) Wolfgang Rosenauer 2011-11-14 11:10:20 +0000
  • f7efd48411 - update to 3.13.1 RTM * better SHA-224 support (bmo#647706) * fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - update to 3.13.0 RTM * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * SHA-224 is supported * Ported to iOS. (Requires NSPR 4.9.) * Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Added NSS_GetVersion to return the NSS version string * Added experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) Wolfgang Rosenauer 2011-11-14 07:51:45 +0000
  • 763f240ade Accepting request 90154 from mozilla:Factory Stephan Kulow 2011-11-07 13:22:38 +0000
  • 7a675fbd45 - make sure NSS_NoDB_Init does not try to use wrong certificate databases (CVE-2011-3640, bnc#726096, bmo#641052) Wolfgang Rosenauer 2011-11-05 12:00:04 +0000
  • 84b82c7866 - explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753) Wolfgang Rosenauer 2011-11-05 10:51:17 +0000
  • 251217c211 Accepting request 85865 from mozilla:Factory Lars Vogdt 2011-10-02 08:18:57 +0000
  • 1c61842dc3 Accepting request 85842 from home:elvigia:branches:mozilla:Factory Wolfgang Rosenauer 2011-10-01 07:54:39 +0000
  • 156d25300f Autobuild autoformatter for 81757 Sascha Peilicke 2011-09-11 17:30:53 +0000
  • cec2c647df Updating link to change in openSUSE:Factory/mozilla-nss revision 59.0 OBS User buildservice-autocommit 2011-09-11 17:30:53 +0000
  • 616e17d1e1 Accepting request 81757 from mozilla:Factory Sascha Peilicke 2011-09-11 17:30:44 +0000
  • ea9e232b33 more diginotar stuff Wolfgang Rosenauer 2011-09-09 05:52:50 +0000
  • 704775d9ce Autobuild autoformatter for 80751 Lars Vogdt 2011-09-05 14:39:19 +0000
  • 2bf2af7bda Updating link to change in openSUSE:Factory/mozilla-nss revision 57.0 OBS User buildservice-autocommit 2011-09-05 14:39:19 +0000
  • 426b10ed67 Accepting request 80751 from mozilla:Factory Lars Vogdt 2011-09-05 14:39:06 +0000
  • a6441bcebd - removed DigiNotar root certifiate from trusted db (bmo#682927, bnc#714931) Petr Cerny 2011-09-02 15:49:39 +0000
  • 4f81e57f9a Autobuild autoformatter for 79635 Sascha Peilicke 2011-08-24 12:39:37 +0000
  • 637ece63fb Updating link to change in openSUSE:Factory/mozilla-nss revision 55.0 OBS User buildservice-autocommit 2011-08-24 12:39:37 +0000
  • e228a356e3 Accepting request 79635 from mozilla:Factory Sascha Peilicke 2011-08-24 12:39:24 +0000
  • 79b9c0286e Accepting request 79634 from home:aturrini:branches:mozilla:Factory Wolfgang Rosenauer 2011-08-24 08:38:15 +0000
  • 83077600e8 Accepting request 78707 from mozilla:Factory Ruediger Oertel 2011-08-13 15:18:11 +0000