96d7217949
in preparation of Firefox 63 - update to NSS 3.39 * required by Firefox 63.0 Notable bug fixes * NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (CVE-2018-12384) (bmo#1483128) New functionality * The tstclnt and selfserv utilities added support for configuring the enabled TLS signature schemes using the -J parameter. * NSS will use RSA-PSS keys to authenticate in TLS. Support for these keys is disabled by default but can be enabled using SSL_SignatureSchemePrefSet(). * certutil added the ability to delete an orphan private key from an NSS key database. * Added the nss-policy-check utility, which can be used to check an NSS policy configuration for problems. * A PKCS#11 URI can be used as an identifier for a PKCS#11 token. Notable changes * The TLS 1.3 implementation uses the final version number from RFC 8446. * Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature where the DigestInfo structure was missing the NULL parameter. Starting with version 3.39, NSS requires the encoding to contain the NULL parameter. * The tstclnt and selfserv test utilities no longer accept the -z parameter, as support for TLS compression was removed in a previous NSS version. * The CA certificates list was updated to version 2.26. * The following CA certificates were Added: - OU = GlobalSign Root CA - R6 - CN = OISTE WISeKey Global Root GC CA OBS-URL: https://build.opensuse.org/request/show/644083 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=140 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
add-relro-linker-option.patch | ||
baselibs.conf | ||
bmo-1400603.patch | ||
cert9.db | ||
key4.db | ||
malloc.patch | ||
mozilla-nss-rpmlintrc | ||
mozilla-nss.changes | ||
mozilla-nss.spec | ||
nss-3.39.tar.gz | ||
nss-config.in | ||
nss-disable-ocsp-test.patch | ||
nss-no-rpath.patch | ||
nss-opt.patch | ||
nss-sqlitename.patch | ||
nss.pc.in | ||
pkcs11.txt | ||
setup-nsssysinit.sh | ||
system-nspr.patch |