mozilla-nss: FTBFS because expired certificate since 2023-09-04 VUL-0: CVE-2023-5388: mozilla-nss: timing attack against RSA decryption [FIPS 140-3][NSS] Disable DSA [FIPS 140-3][NSS] Remove unsafe prime group [FIPS 140-3][NSS] RNG checks [FIPS 140-3][NSS] TLS 1.2 KDF [FIPS 140-3][NSS] using only allowed primitived IKE KDF/HMAC combinations [FIPS 140-3][NSS] Only use approved hash functions [FIPS 140-3][NSS] Use long enough key material [FIPS 140-3][NSS] KDF compliance [FIPS 140-3][NSS] Powerup selftest not in compliance [FIPS 140-3][NSS] GCM Usage not in compliance [FIPS 140-3][NSS] block non approved KDFs [FIPS 140-3][NSS] RSA 1024 considerations [SECURITY][FIPS] Firefox won't start on 15-SP4 and 15-SP5 if master password is set [FIPS 140-3] [NSS] Consider adding the CKM_ECDH1_COFACTOR_DERIVE to the approved mechanisms list. [FIPS 140-3] [NSS] Consider adding CKM_NSS_AES_KEY_WRAP and CKM_NSS_AES_KEY_WRAP_PAD [FIPS 140-3] [NSS] NSC_GenerateKey Mechanism [FIPS 140-3] [NSS] Block ECDH+ANS X9.63 [security][fips] openjdk crash in FIPS mode MSirringhaus critical security

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: - update to NSS 3.101.2 - ChaChaXor to return after the function - update to NSS 3.101.1 - missing sqlite header. - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. - update to NSS 3.101 - add diagnostic assertions for SFTKObject refcount. - freeing the slot in DeleteCertAndKey if authentication failed - fix formatting issues. - Add Firmaprofesional CA Root-A Web to NSS. - remove invalid acvp fuzz test vectors. - pad short P-384 and P-521 signatures gtests. - remove unused FreeBL ECC code. - pad short P-384 and P-521 signatures. - be less strict about ECDSA private key length. - Integrate HACL* P-521. - Integrate HACL* P-384. - memory leak in create_objects_from_handles. - ensure all input is consumed in a few places in mozilla::pkix - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy - clean up escape handling - Use lib::pkix as default validator instead of the old-one - Need to add high level support for PQ signing. - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy - Allow for non-full length ecdsa signature when using softoken - Modification of .taskcluster.yml due to mozlint indent defects - Implement support for PBMAC1 in PKCS#12 - disable VLA warnings for fuzz builds. - remove redundant AllocItem implementation. - add PK11_ReadDistrustAfterAttribute. - Clang-formatting of SEC_GetMgfTypeByOidTag update - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure - sftk_getParameters(): Fix fallback to default variable after error with configfile. - Switch to the mozillareleases/image_builder image - update to NSS 3.100 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. - remove ckcapi. - avoid a potential PK11GenericObject memory leak. - Remove incomplete ESDH code. - Decrypt RSA OAEP encrypted messages. - Fix certutil CRLDP URI code. - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. - Add ability to encrypt and decrypt CMS messages using ECDH. - Correct Templates for key agreement in smime/cmsasn.c. - Moving the decodedCert allocation to NSS. - Allow developers to speed up repeated local execution of NSS tests that depend on certificates. - update to NSS 3.99 - Removing check for message len in ed25519 - add ed25519 to SECU_ecName2params. - add EdDSA wycheproof tests. - nss/lib layer code for EDDSA. - Adding EdDSA implementation. - Exporting Certificate Compression types - Updating ACVP docker to rust 1.74 - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 - Add NSS_CMSRecipient_IsSupported. - update to NSS 3.98 - CVE-2023-5388: Timing attack against RSA decryption in TLS - Certificate Compression: enabling the check that the compression was advertised - Move Windows workers to nss-1/b-win2022-alpha - Remove Email trust bit from OISTE WISeKey Global Root GC CA - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` - Certificate Compression: Updating nss_bogo_shim to support Certificate compression - TLS Certificate Compression (RFC 8879) Implementation - Add valgrind annotations to freebl kyber operations for constant-time execution tests - Set nssckbi version number to 2.66 - Add Telekom Security roots - Add D-Trust 2022 S/MIME roots - Remove expired Security Communication RootCA1 root - move keys to a slot that supports concatenation in PK11_ConcatSymKeys - remove unmaintained tls-interop tests - bogo: add support for the -ipv6 and -shim-id shim flags - bogo: add support for the -curves shim flag and update Kyber expectations - bogo: adjust expectation for a key usage bit test - mozpkix: add option to ignore invalid subject alternative names - Fix selfserv not stripping `publicname:` from -X value - take ownership of ecckilla shims - add valgrind annotations to freebl/ec.c - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip - Update zlib to 1.3.1 - update to NSS 3.97 - make Xyber768d00 opt-in by policy - add libssl support for xyber768d00 - add PK11_ConcatSymKeys - add Kyber and a PKCS#11 KEM interface to softoken - add a FreeBL API for Kyber - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff - part 1: add a script for vendoring kyber from pq-crystals repo - Removing the calls to RSA Blind from loader.* - fix worker type for level3 mac tasks - RSA Blind implementation - Remove DSA selftests - read KWP testvectors from JSON - Backed out changeset dcb174139e4f - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation - Wrap CC shell commands in gyp expansions - update to NSS 3.96.1 - Use pypi dependencies for MacOS worker in ./build_gyp.sh - p7sign: add -a hash and -u certusage (also p7verify cleanups) - add a defensive check for large ssl_DefSend return values - Add dependency to the taskcluster script for Darwin - Upgrade version of the MacOS worker for the CI - update to NSS 3.95 - Bump builtins version number. - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. - Remove 4 DigiCert (Symantec/Verisign) Root Certificates - Remove 3 TrustCor Root Certificates from NSS. - Remove Camerfirma root certificates from NSS. - Remove old Autoridad de Certificacion Firmaprofesional Certificate. - Add four Commscope root certificates to NSS. - Add TrustAsia Global Root CA G3 and G4 root certificates. - Include P-384 and P-521 Scalar Validation from HACL* - Include P-256 Scalar Validation from HACL*. - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level - Add means to provide library parameters to C_Initialize - clang format - add OSXSAVE and XCR0 tests to AVX2 detection. - Typo in ssl3_AppendHandshakeNumber - Introducing input check of ssl3_AppendHandshakeNumber - Fix Invalid casts in instance.c - update to NSS 3.94 - Updated code and commit ID for HACL* - update ACVP fuzzed test vector: refuzzed with current NSS - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants - NSS needs a database tool that can dump the low level representation of the database - declare string literals using char in pkixnames_tests.cpp - avoid implicit conversion for ByteString - update rust version for acvp docker - Moving the init function of the mpi_ints before clean-up in ec.c - P-256 ECDH and ECDSA from HACL* - Add ACVP test vectors to the repository - Stop relying on std::basic_string<uint8_t> - Transpose the PPC_ABI check from Makefile to gyp - Update to NSS 3.93: - Update zlib in NSS to 1.3. - softoken: iterate hashUpdate calls for long inputs. - regenerate NameConstraints test certificates (bsc#1214980). - update to NSS 3.92 - Set nssckbi version number to 2.62 - Add 4 Atos TrustedRoot Root CA certificates to NSS - Add 4 SSL.com Root CA certificates - Add Sectigo E46 and R46 Root CA certificates - Add LAWtrust Root CA2 (4096) - Remove E-Tugra Certification Authority root - Remove Camerfirma Chambers of Commerce Root. - Remove Hongkong Post Root CA 1 - Remove E-Tugra Global Root CA ECC v3 and RSA v3 - Avoid redefining BYTE_ORDER on hppa Linux - update to NSS 3.91 - Implementation of the HW support check for ADX instruction - Removing the support of Curve25519 - Fix comment about the addition of ticketSupportsEarlyData - Adding args to enable-legacy-db build - dbtests.sh failure in "certutil dump keys with explicit default trust flags" - Initialize flags in slot structures - Improve the length check of RSA input to avoid heap overflow - Followup Fixes - avoid processing unexpected inputs by checking for m_exptmod base sign - add a limit check on order_k to avoid infinite loop - Update HACL* to commit 5f6051d2 - add SHA3 to cryptohi and softoken - HACL SHA3 - Disabling ASM C25519 for A but X86_64 - update to NSS 3.90.3 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. - clean up escape handling. - remove redundant AllocItem implementation. - Disable ASM support for Curve25519. - Disable ASM support for Curve25519 for all but X86_64. mozilla-nss