mozilla-nss/mozilla-nss.changes
Wolfgang Rosenauer 15f7757c6e - disable tests with expired certificates
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
  mozilla tree to fulfill Firefox 21 requirements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=118
2013-04-02 20:29:32 +00:00

656 lines
22 KiB
Plaintext

-------------------------------------------------------------------
Sun Mar 24 20:07:59 UTC 2013 - wr@rosenauer.org
- disable tests with expired certificates
- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
mozilla tree to fulfill Firefox 21 requirements
-------------------------------------------------------------------
Thu Feb 28 21:55:49 UTC 2013 - wr@rosenauer.org
- update to 3.14.3
* No new major functionality is introduced in this release. This
release is a patch release to address CVE-2013-1620 (bmo#822365)
* "certutil -a" was not correctly producing ASCII output as
requested. (bmo#840714)
* NSS 3.14.2 broke compilation with older versions of sqlite that
lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now
properly compiles when used with older versions of sqlite
(bmo#837799) - remove system-sqlite.patch
- add aarch64 support
-------------------------------------------------------------------
Tue Feb 5 12:51:56 UTC 2013 - wr@rosenauer.org
- added system-sqlite.patch (bmo#837799)
* do not depend on latest sqlite just for a #define
- enable system sqlite usage again
-------------------------------------------------------------------
Sat Feb 2 16:05:20 UTC 2013 - wr@rosenauer.org
- update to 3.14.2
* required for Firefox >= 20
* removed obsolete nssckbi update patch
- disable system sqlite usage since we depend on 3.7.15 which is
not provided in any openSUSE distribution
* add nss-sqlitename.patch to avoid any name clash
-------------------------------------------------------------------
Sun Dec 30 17:59:34 UTC 2012 - wr@rosenauer.org
- updated CA database (nssckbi-1.93.patch)
* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
revoke mis-issued intermediate certificates from TURKTRUST
-------------------------------------------------------------------
Tue Dec 18 13:36:09 UTC 2012 - wr@rosenauer.org
- update to 3.14.1 RTM
* minimal requirement for Gecko 20
* several bugfixes
-------------------------------------------------------------------
Thu Oct 25 12:02:22 UTC 2012 - wr@rosenauer.org
- update to 3.14 RTM
* Support for TLS 1.1 (RFC 4346)
* Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
* Support for AES-CTR, AES-CTS, and AES-GCM
* Support for Keying Material Exporters for TLS (RFC 5705)
* Support for certificate signatures using the MD5 hash algorithm
is now disabled by default
* The NSS license has changed to MPL 2.0. Previous releases were
released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more
information about MPL 2.0, please see
http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional
explanation on GPL/LGPL compatibility, see security/nss/COPYING
in the source code.
* Export and DES cipher suites are disabled by default. Non-ECC
AES and Triple DES cipher suites are enabled by default
- disabled OCSP testcases since they need external network
(nss-disable-ocsp-test.patch)
-------------------------------------------------------------------
Wed Aug 15 13:57:42 UTC 2012 - wr@rosenauer.org
- update to 3.13.6 RTM
* root CA update
* other bugfixes
-------------------------------------------------------------------
Fri Jun 1 18:46:28 UTC 2012 - wr@rosenauer.org
- update to 3.13.5 RTM
-------------------------------------------------------------------
Fri Apr 13 18:55:57 UTC 2012 - wr@rosenauer.org
- update to 3.13.4 RTM
* fixed some bugs
* fixed cert verification regression in PKIX mode (bmo#737802)
introduced in 3.13.2
-------------------------------------------------------------------
Thu Feb 23 15:06:34 UTC 2012 - wr@rosenauer.org
- update to 3.13.3 RTM
- distrust Trustwave's MITM certificates (bmo#724929)
- fix generic blacklisting mechanism (bmo#727204)
-------------------------------------------------------------------
Thu Feb 16 08:48:42 UTC 2012 - wr@rosenauer.org
- update to 3.13.2 RTM
* requirement with Gecko >= 11
- removed obsolete patches
* ckbi-1.88
* pkcs11n-header-fix.patch
-------------------------------------------------------------------
Sun Dec 18 15:59:08 UTC 2011 - adrian@suse.de
- fix spec file syntax for qemu-workaround
-------------------------------------------------------------------
Mon Nov 14 10:13:17 UTC 2011 - john@redux.org.uk
- Added a patch to fix errors in the pkcs11n.h header file.
(bmo#702090)
-------------------------------------------------------------------
Sat Nov 5 10:58:20 UTC 2011 - wolfgang@rosenauer.org
- update to 3.13.1 RTM
* better SHA-224 support (bmo#647706)
* fixed a regression (causing hangs in some situations)
introduced in 3.13 (bmo#693228)
- update to 3.13.0 RTM
* SSL 2.0 is disabled by default
* A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
attack demonstrated by Rizzo and Duong (CVE-2011-3389) is
enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to
PR_FALSE to disable it.
* SHA-224 is supported
* Ported to iOS. (Requires NSPR 4.9.)
* Added PORT_ErrorToString and PORT_ErrorToName to return the
error message and symbolic name of an NSS error code
* Added NSS_GetVersion to return the NSS version string
* Added experimental support of RSA-PSS to the softoken only
* NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db
anymore (bmo#641052, bnc#726096)
-------------------------------------------------------------------
Sat Nov 5 10:47:51 UTC 2011 - wr@rosenauer.org
- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753)
- make sure NSS_NoDB_Init does not try to use wrong certificate
databases (CVE-2011-3640, bnc#726096, bmo#641052)
-------------------------------------------------------------------
Fri Sep 30 23:27:07 UTC 2011 - crrodriguez@opensuse.org
- Workaround qemu-arm bugs.
-------------------------------------------------------------------
Fri Sep 9 05:44:15 UTC 2011 - wr@rosenauer.org
- explicitely distrust/override DigiNotar certs (bmo#683261)
(trustdb version 1.87)
-------------------------------------------------------------------
Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com
- removed DigiNotar root certificate from trusted db
(bmo#682927, bnc#714931)
-------------------------------------------------------------------
Wed Aug 24 08:37:13 UTC 2011 - andrea.turrini@gmail.com
- fixed typo in summary of mozilla-nss (libsoftokn3)
-------------------------------------------------------------------
Fri Aug 12 20:55:38 UTC 2011 - wr@rosenauer.org
- update to 3.12.11 RTM
* no upstream release notes available
-------------------------------------------------------------------
Wed Jul 13 16:45:23 CEST 2011 - meissner@suse.de
- Linux3.0 is the new Linux2.6 (make it build)
-------------------------------------------------------------------
Mon May 23 17:37:34 UTC 2011 - crrodriguez@opensuse.org
- Do not include build dates in binaries, messes up
build compare
-------------------------------------------------------------------
Thu May 19 05:37:02 UTC 2011 - wr@rosenauer.org
- update to 3.12.10 RTM
* no changes except internal release information
-------------------------------------------------------------------
Thu Apr 28 06:34:50 UTC 2011 - wr@rosenauer.org
- update to 3.12.10beta1
* root CA changes
* filter certain bogus certs (bmo#642815)
* fix minor memory leaks
* other bugfixes
-------------------------------------------------------------------
Sun Jan 9 23:05:11 UTC 2011 - wr@rosenauer.org
- update to 3.12.9rc0
* fix minor memory leaks (bmo#619268)
* fix crash in nss_cms_decoder_work_data (bmo#607058)
* fix crash in certutil (bmo#620908)
* handle invalid argument in JPAKE (bmo#609068)
-------------------------------------------------------------------
Thu Dec 9 15:03:00 UTC 2010 - wr@rosenauer.org
- update to 3.12.9beta2
* J-PAKE support (API requirement for Firefox >= 4.0b8)
-------------------------------------------------------------------
Tue Nov 9 08:51:51 UTC 2010 - wr@rosenauer.org
- replaced expired PayPal test certificate (fixing testsuite)
-------------------------------------------------------------------
Sat Sep 25 08:18:59 CEST 2010 - wr@rosenauer.org
- update to 3.12.8 RTM release
* support TLS false start (needed for Firefox4) (bmo#525092)
* fix wildcard matching for IP addresses (bnc#637290, bmo#578697)
(CVE-2010-3170)
* bugfixes
-------------------------------------------------------------------
Fri Jul 23 21:18:30 CEST 2010 - wr@rosenauer.org
- update to 3.12.7 RTM release
* bugfix release
* updated root CA list
- removed obsolete patches
-------------------------------------------------------------------
Fri Jul 9 16:32:33 UTC 2010 - jengelh@medozas.de
- Disable testsuite on SPARC. Some tests fails, probably due to
just bad timing/luck.
-------------------------------------------------------------------
Thu Jun 3 22:45:51 CEST 2010 - wr@rosenauer.org
- Use preloaded empty system database since creating with
modutil leaves database in nonusable state
-------------------------------------------------------------------
Sat Apr 24 11:38:23 UTC 2010 - coolo@novell.com
- buildrequire pkg-config to fix provides
-------------------------------------------------------------------
Sun Apr 4 12:19:43 CEST 2010 - wr@rosenauer.org
- disabled a test using an expired cert (bmo#557071)
-------------------------------------------------------------------
Sat Mar 20 20:19:50 CET 2010 - wr@rosenauer.org
- fixed builds for older dists where internal sqlite3 is used
(nss-sqlitename.patch was not refreshed correctly)
- fixed baselibs.conf as <release> is not a valid identifier
-------------------------------------------------------------------
Tue Mar 9 19:18:24 CET 2010 - wr@rosenauer.org
- update to 3.12.6 RTM release
* added mozilla-nss-sysinit subpackage
- change renegotiation behaviour to the old default for a
transition phase
-------------------------------------------------------------------
Tue Mar 9 13:08:24 CET 2010 - wr@rosenauer.org
- split off libsoftokn3 subpackage to allow mixed NSS installation
-------------------------------------------------------------------
Sat Dec 26 12:42:56 CET 2009 - wr@rosenauer.org
- added mozilla-nss-certs baselibs (bnc#567322)
-------------------------------------------------------------------
Fri Dec 18 13:24:16 CET 2009 - wr@rosenauer.org
- split mozilla-nss-certs from main package
- added rpmlintrc to ignore expected warnings
- added baselibs.conf as source
-------------------------------------------------------------------
Mon Dec 14 07:56:26 CET 2009 - wr@rosenauer.org
- updated builtin certs (version 1.77)
-------------------------------------------------------------------
Mon Nov 23 17:19:43 CET 2009 - wr@rosenauer.org
- rebased patches to apply w/o fuzz
-------------------------------------------------------------------
Fri Aug 14 08:51:00 CEST 2009 - wr@rosenauer.org
- update to 3.12.4 RTM release
-------------------------------------------------------------------
Fri Aug 7 13:10:22 CEST 2009 - wr@rosenauer.org
- update to recent snapshot (20090806)
- libnssdbm3.so has to be signed starting with 3.12.4
-------------------------------------------------------------------
Mon Aug 3 18:45:02 CEST 2009 - wr@rosenauer.org
- update to NSS 3.12.4pre snapshot
- rebased existing patches
- enable testsuite again (was disabled accidentally before)
-------------------------------------------------------------------
Wed Jul 29 09:40:02 CEST 2009 - wr@rosenauer.org
- update to NSS 3.12.3.1 (upstream use in FF 3.5.1) (bmo#504611)
* RNG_SystemInfoForRNG called twice by nsc_CommonInitialize
(bmo#489811; other changes are unrelated to Linux)
- moved shlibsign to tools package again (as it's not needed at
library install time anymore)
- use %{_libexecdir} for the tools
-------------------------------------------------------------------
Sat Jun 6 15:37:13 CEST 2009 - wr@rosenauer.org
- Temporary testsuite fix for Factory (bnc#509308) (malloc.patch)
- remove the post scriptlet which created the *.chk files and
use a RPM feature to create them after debuginfo stuff
-------------------------------------------------------------------
Tue Jun 2 09:41:34 CEST 2009 - wr@rosenauer.org
- updated builtin root certs by updating to
NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the
base for Firefox 3.5.0
- PreReq coreutils in the main package already as "rm" is used
in its %post script
- disable testsuite for this moment as it crashes on Factory
currently for an unknown reason
-------------------------------------------------------------------
Thu May 21 09:03:17 CEST 2009 - wr@rosenauer.org
- renew Paypal certs to fix testsuite errors (bmo#491163)
-------------------------------------------------------------------
Mon Apr 20 14:47:43 CEST 2009 - wr@rosenauer.org
- update to version 3.12.3 RTM
* default behaviour changed slightly but can be set up
backward compatible using environment variables
https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
* New Korean SEED cipher
* Some new functions in the nss library:
CERT_RFC1485_EscapeAndQuote (see cert.h)
CERT_CompareCerts (see cert.h)
CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
PK11_GetSymKeyHandle (see pk11pqg.h)
UTIL_SetForkState (see secoid.h)
NSS_GetAlgorithmPolicy (see secoid.h)
NSS_SetAlgorithmPolicy (see secoid.h)
- created libfreebl3 subpackage and build it w/o nspr and nss deps
- added patch to make all ASM noexecstack
- create the softokn3 and freebl3 checksums at installation time
(moved shlibsign to the main package to achieve that)
- applied upstream patch to avoid OSCP test failures (bmo#488646)
- applied upstream patch to fix libjar crashes (bmo#485145)
-------------------------------------------------------------------
Wed Feb 4 08:46:15 CET 2009 - wr@rosenauer.org
- update to version 3.12.2 RTM (with CKBI 1.73) as in FF 3.0.6
-------------------------------------------------------------------
Tue Jan 13 09:10:29 CET 2009 - wr@rosenauer.org
- update to version 3.12.2rc1 (as used by FF 3.0.5)
* NSS is now using system zlib (bmo#302670)
- create a system wide, sql based NSS database in /etc/pki/nssdb
(let previously created /etc/ssl/nssdb untouched)
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Thu Oct 23 15:03:11 CDT 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Thu Aug 21 11:36:37 CEST 2008 - wr@rosenauer.org
- run testsuite (bnc#418233)
-------------------------------------------------------------------
Tue Jun 17 19:15:49 CEST 2008 - maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
(bnc#400001 and SWAMP#18164).
-------------------------------------------------------------------
Wed May 28 21:05:13 CEST 2008 - wr@rosenauer.org
- update to 3.12.0rc4 (20080528) (featuring FF3.0)
-------------------------------------------------------------------
Tue Apr 29 20:41:34 CEST 2008 - maw@suse.de
- Prerequire coretools in the -tools subpackage (bnc#379540)
- Require sqlite3-devel to build.
-------------------------------------------------------------------
Mon Apr 14 18:52:59 CEST 2008 - maw@suse.de
- Merge some fixes from the build service's version.
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Mon Mar 31 18:55:42 CEST 2008 - maw@suse.de
- Undo the shared library package split, per discussion in
opensuse-packaging.
-------------------------------------------------------------------
Mon Mar 31 14:22:17 CEST 2008 - wr@rosenauer.org
- new snapshot still based on 3.12.0 Beta 3 (20080330)
-------------------------------------------------------------------
Tue Mar 25 22:21:18 CET 2008 - maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
- Update to a new snapshot of nss based on 3.12.0 Beta 2:
+ Update build requirements accordingly
+ Add nss-sqlitename.patch and nss-no-rpath.patch
- Split out a shared library subpackage.
-------------------------------------------------------------------
Mon Dec 10 16:22:37 CET 2007 - rguenther@suse.de
- disable use of freebl/mpi/mp_comba.c. [#346256]
-------------------------------------------------------------------
Sun Sep 16 10:27:06 CEST 2007 - coolo@suse.de
- fixing errors in %post during installation
-------------------------------------------------------------------
Thu Sep 13 22:26:57 CEST 2007 - jberkman@novell.com
- merge -tools package into main package
- create system-wide nssdb for system configuration of smart cards,
as used by pam_pkcs11, krb5 pkinit, and others
-------------------------------------------------------------------
Thu Jul 26 20:18:38 CEST 2007 - maw@suse.de
- Update to version 3.11.7 (from the build service)
- Bug fixes.
-------------------------------------------------------------------
Mon Jun 11 11:41:27 CEST 2007 - ro@suse.de
- use string[0] instead of string in char.patch
-------------------------------------------------------------------
Mon Jun 11 11:33:34 CEST 2007 - ro@suse.de
- update to NSS 3.11.6 (pull in from wr from opensuse BS)
-------------------------------------------------------------------
Wed Feb 21 16:55:06 CST 2007 - maw@suse.de
- Update to NSS 3.11.5 (thanks, Wolfgang)
-------------------------------------------------------------------
Sun Oct 1 23:01:38 CEST 2006 - wr@rosenauer.org
- update to NSS 3.11.3
- requires NSPR 4.6.3 (pkgconfig)
-------------------------------------------------------------------
Wed Sep 6 08:23:45 CEST 2006 - stark@suse.de
- update to NSS_3_11_20060905_TAG to be in sync with
Gecko 1.8.1
-------------------------------------------------------------------
Mon Aug 7 13:53:55 CEST 2006 - stark@suse.de
- enabled usage of ECC
-------------------------------------------------------------------
Sat Aug 5 09:50:47 CEST 2006 - stark@suse.de
- update to NSS_3_11_20060731_TAG to be in sync with
Gecko 1.8.1
-------------------------------------------------------------------
Fri Jul 28 07:09:44 CEST 2006 - stark@suse.de
- fixed usage of uninitialized pointers (uninit.patch)
- requires NSPR 4.6.2
-------------------------------------------------------------------
Sat Jul 1 23:37:52 CEST 2006 - stark@suse.de
- update to 3.11.2 RTM version
* ECC not enabled but defines needed symbols
-------------------------------------------------------------------
Thu Jun 8 11:45:14 CEST 2006 - stark@suse.de
- update to 3.11.2 beta
* enabled ECC (needed since MOZILLA_1_8_BRANCH)
-------------------------------------------------------------------
Mon May 15 20:38:37 CEST 2006 - stark@suse.de
- update to 3.11.1 RTM version
including:
* TLS server name indication extension support
* implement RFC 3546 (TLS v1.0 extensions)
* fixed bugs found by Coverity
-------------------------------------------------------------------
Mon Jan 30 08:34:45 CET 2006 - stark@suse.de
- removed additional CA certs
- removed zip from BuildRequires
-------------------------------------------------------------------
Wed Jan 25 21:32:31 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 11 16:15:18 CET 2006 - stark@suse.de
- install nss-config executable
-------------------------------------------------------------------
Fri Dec 16 20:24:05 CET 2005 - stark@suse.de
- marked libfreebl3.so noexec stack
-------------------------------------------------------------------
Fri Dec 16 09:41:15 CET 2005 - stark@suse.de
- update to 3.11 RTM version
- provide nss-config file
- added static libs
- moved include files to /usr/include/nss3
- only ship a subset of the tools
-------------------------------------------------------------------
Sat Nov 26 14:54:03 CET 2005 - stark@suse.de
- update to 3.11rc1
- fixed PC file for 64bit archs
-------------------------------------------------------------------
Tue Nov 15 07:35:25 CET 2005 - stark@suse.de
- update to current 3.10.2 snapshot (20051114)
-------------------------------------------------------------------
Wed Nov 2 12:17:23 CET 2005 - stark@suse.de
- added tools subpackage which provides all NSS related
tools for managing and debugging NSS stuff
-------------------------------------------------------------------
Tue Oct 11 07:08:38 CEST 2005 - stark@suse.de
- update to current 3.10.2 snapshot
-------------------------------------------------------------------
Mon Sep 26 21:59:00 CEST 2005 - stark@suse.de
- prerequire the correct NSPR version
-------------------------------------------------------------------
Thu Sep 22 07:15:30 CEST 2005 - stark@suse.de
- update to NSS_3_10_2_BETA1
-------------------------------------------------------------------
Tue Jul 5 15:33:18 CEST 2005 - stark@suse.de
- use RPM_OPT_FLAGS
- fixed requirements for devel package
-------------------------------------------------------------------
Wed Jun 8 09:19:59 CEST 2005 - stark@suse.de
- added pkgconfig file
- fixed permission for include directory
- fixed compiler/abuild warning
- included correct header files
-------------------------------------------------------------------
Mon May 9 09:34:30 CEST 2005 - stark@suse.de
- update to 3.10 RTM version
-------------------------------------------------------------------
Wed Apr 27 07:52:55 CEST 2005 - stark@suse.de
- don't package static libs
- copy NSPR static libs from new location
-------------------------------------------------------------------
Thu Apr 7 09:08:22 CEST 2005 - stark@suse.de
- update to 3.10beta3
-------------------------------------------------------------------
Fri Apr 1 15:55:58 CEST 2005 - stark@suse.de
- don't parallelize build
-------------------------------------------------------------------
Thu Mar 31 07:39:45 CEST 2005 - stark@suse.de
- fixed build on other archs
- update to 3.10beta2
-------------------------------------------------------------------
Sat Mar 19 13:36:51 CET 2005 - stark@suse.de
- update to 3.10beta1
-------------------------------------------------------------------
Tue Mar 8 09:16:59 CET 2005 - stark@suse.de
- initial standalone package