Revisions of mozilla-nss
Stephan Kulow (coolo)
accepted
request 258176
from
Factory Maintainer (factory-maintainer)
(revision 98)
Automatic submission by obs-autosubmit
Stephan Kulow (coolo)
accepted
request 251989
from
Wolfgang Rosenauer (wrosenauer)
(revision 97)
- update to 3.17.1 (bnc#897890) * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64
Stephan Kulow (coolo)
accepted
request 247562
from
Wolfgang Rosenauer (wrosenauer)
(revision 96)
- update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. * On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used. - update to 3.16.4 (bnc#894201)
Adrian Schröter (adrianSuSE)
committed
(revision 95)
Split 13.2 from Factory
Stephan Kulow (coolo)
accepted
request 240770
from
Factory Maintainer (factory-maintainer)
(revision 93)
Automatic submission by obs-autosubmit
Stephan Kulow (coolo)
accepted
request 228183
from
Factory Maintainer (factory-maintainer)
(revision 91)
Automatic submission by obs-autosubmit
Stephan Kulow (coolo)
accepted
request 223809
from
Wolfgang Rosenauer (wrosenauer)
(revision 90)
- update to 3.15.5 * required for Firefox 28 * export FREEBL_LOWHASH to get the correct default headers (bnc#865539) New functionality * Added support for the TLS application layer protocol negotiation (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation. * Added the TLS padding extension. The extension type value is 35655, which may change when an official extension type value is assigned by IANA. NSS automatically adds the padding extension to ClientHello when necessary. * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting the tail of a CERTCertList. Notable Changes * bmo#950129: Improve the OCSP fetching policy when verifying OCSP responses * bmo#949060: Validate the iov input argument (an array of PRIOVec structures) of ssl_WriteV (called via PR_Writev). Applications should still take care when converting struct iov to PRIOVec because the iov_len members of the two structures have different types (size_t vs. int). size_t is unsigned and may be larger than int. - BuildRequire mozilla-nspr >= 4.9
Stephan Kulow (coolo)
accepted
request 220922
from
Wolfgang Rosenauer (wrosenauer)
(revision 89)
Updating just the changelog to stay consistent with security update for older dists * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues
Stephan Kulow (coolo)
accepted
request 210076
from
Wolfgang Rosenauer (wrosenauer)
(revision 87)
- update to 3.15.3.1 (bnc#854367) * includes certstore update (1.95) (bmo#946351) (explicitely distrust AC DG Tresor SSL)
Stephan Kulow (coolo)
accepted
request 209434
from
Wolfgang Rosenauer (wrosenauer)
(revision 86)
fix ppc64le build, please forward to factory (forwarded request 209419 from adrianSuSE)
Stephan Kulow (coolo)
accepted
request 206762
from
Wolfgang Rosenauer (wrosenauer)
(revision 85)
- update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605
Stephan Kulow (coolo)
accepted
request 201263
from
Wolfgang Rosenauer (wrosenauer)
(revision 84)
Contains a security relevant bugfix and should be considered for 13.1 - update to 3.15.2 (bnc#842979) * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739)
Adrian Schröter (adrianSuSE)
committed
(revision 83)
Split 13.1 from Factory
Stephan Kulow (coolo)
accepted
request 182306
from
Wolfgang Rosenauer (wrosenauer)
(revision 82)
- fix 32bit requirement, it's without () actually (forwarded request 182277 from lnussel)
Stephan Kulow (coolo)
accepted
request 181869
from
Wolfgang Rosenauer (wrosenauer)
(revision 81)
- update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)
Stephan Kulow (coolo)
accepted
request 173001
from
Factory Maintainer (factory-maintainer)
(revision 79)
Automatic submission by obs-autosubmit
Displaying revisions 121 - 140 of 218