Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2016-02-03 10:16:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2016-01-05 21:53:39.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2016-02-03 10:16:17.000000000 +0100 @@ -1,0 +2,106 @@ +Sun Dec 20 10:12:35 UTC 2015 - [email protected] + +- update to NSS 3.21 + * required for Firefox 44.0 + New functionality: + * certutil now supports a --rename option to change a nickname (bmo#1142209) + * TLS extended master secret extension (RFC 7627) is supported (bmo#1117022) + * New info functions added for use during mid-handshake callbacks (bmo#1084669) + New Functions: + * NSS_OptionSet - sets NSS global options + * NSS_OptionGet - gets the current value of NSS global options + * SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name + string, module parameters string, NSS specific parameters string, and NSS + configuration parameter string. The module represented by the module + structure is not loaded. The difference with SECMOD_CreateModule is the new + function handles NSS configuration parameter strings. + * SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior + to the handshake being completed, for use with the callbacks that are invoked + during the handshake + * SSL_SignaturePrefSet - configures the enabled signature and hash algorithms + for TLS + * SSL_SignaturePrefGet - retrieves the currently configured signature and hash + algorithms + * SSL_SignatureMaxCount - obtains the maximum number signature algorithms that + can be configured with SSL_SignaturePrefSet + * NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared + library string, module name string, module parameters string, NSS specific + parameters string, and NSS configuration parameter strings. The returned + strings must be freed by the caller. The difference with + NSS_ArgParseModuleSpec is the new function handles NSS configuration + parameter strings. + * NSSUTIL_MkModuleSpecEx - take a shared library string, module name string, + module parameters string, NSS specific parameters string, and NSS + configuration parameter string and returns a module string which the caller + must free when it is done. The difference with NSS_MkModuleSpec is the new + function handles NSS configuration parameter strings. + New Types: + * CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for + CKM_TLS12_MASTER_KEY_DERIVE + * CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for + CKM_TLS12_KEY_AND_MAC_DERIVE + * CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF + * CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC + * SSLHashType - identifies a hash function + * SSLSignatureAndHashAlg - identifies a signature and hash function + * SSLPreliminaryChannelInfo - provides information about the session state + prior to handshake completion + New Macros: + * NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or + get the minimum RSA key size + * NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or + get the minimum DH key size + * NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or + get the minimum DSA key size + * CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret + * CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV + * CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and + ECDH) cipher suites + * CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional + PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS. + * CKM_TLS_MAC - computes TLS Finished MAC + * NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key + exchange + * SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete + DTLS record in a UDP packet + * SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid + signature and hash algorithm is available + * SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an + unsupported signature and hash algorithm is configured + * SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended + master secret is missing after having been negotiated + * SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an + extended master secret when previously not negotiated + * SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended + master secret extension (RFC 7627) + * ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a + TLS version has been selected + * ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate + that a TLS cipher suite has been selected + * ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all + preliminary information has been set + Notable Changes: + * NSS now builds with elliptic curve ciphers enabled by default (bmo#1205688) + * NSS now builds with warnings as errors (bmo#1182667) + * The following CA certificates were Removed + - CN = VeriSign Class 4 Public Primary Certification Authority - G3 + - CN = UTN-USERFirst-Network Applications + - CN = TC TrustCenter Universal CA III + - CN = A-Trust-nQual-03 + - CN = USERTrust Legacy Secure Server CA + - Friendly Name: Digital Signature Trust Co. Global CA 1 + - Friendly Name: Digital Signature Trust Co. Global CA 3 + - CN = UTN - DATACorp SGC + - O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 + * The following CA certificate had the Websites trust bit turned off + - OU = Equifax Secure Certificate Authority + * The following CA certificates were Added + - CN = Certification Authority of WoSign G2 + - CN = CA WoSign ECC Root + - CN = OISTE WISeKey Global Root GB CA +- increased the minimum level of possible mixed installations + (softokn3, freebl3) to 3.21 +- added nss-bmo1236011.patch to fix compiler error (bmo#1236011) +- disabled testsuite as it currently breaks (bmo#1236340) + +------------------------------------------------------------------- Old: ---- nss-3.20.2.tar.gz New: ---- nss-3.21.tar.gz nss-bmo1236011.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.WK1qz9/_old 2016-02-03 10:16:18.000000000 +0100 +++ /var/tmp/diff_new_pack.WK1qz9/_new 2016-02-03 10:16:18.000000000 +0100 @@ -1,8 +1,8 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2006-2014 Wolfgang Rosenauer +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2006-2015 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ # -%global nss_softokn_fips_version 3.18 +%global nss_softokn_fips_version 3.21 Name: mozilla-nss BuildRequires: gcc-c++ @@ -25,7 +25,7 @@ BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.20.2 +Version: 3.21 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_2_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.20.2/nss ; cd nss-3.20.2/nss ; hg up NSS_3_20_2_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.21/nss ; cd nss-3.21/nss ; hg up NSS_3_21_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -56,6 +56,7 @@ Patch6: malloc.patch Patch7: nss-disable-ocsp-test.patch Patch8: nss-sqlitename.patch +Patch9: nss-bmo1236011.patch %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} @@ -69,7 +70,8 @@ %define nssdbdir %{_sysconfdir}/pki/nssdb %ifnarch %sparc %if ! 0%{?qemu_user_space_build} -%define run_testsuite 1 +# disabled temporarily bmo#1236340 +%define run_testsuite 0 %endif %endif @@ -175,6 +177,7 @@ %endif %patch7 -p1 %patch8 -p1 +%patch9 -p1 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt ++++++ nss-3.20.2.tar.gz -> nss-3.21.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.20.2.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new/nss-3.21.tar.gz differ: char 5, line 1 ++++++ nss-bmo1236011.patch ++++++ diff --git a/cmd/modutil/install-ds.h b/nss/cmd/modutil/install-ds.h --- a/cmd/modutil/install-ds.h +++ b/cmd/modutil/install-ds.h @@ -238,17 +238,17 @@ struct Pk11Install_Info_str { int numPlatforms; Pk11Install_PlatformName *forwardCompatible; int numForwardCompatible; }; Pk11Install_Info* Pk11Install_Info_new(); void -Pk11Install_Info_init(); +Pk11Install_Info_init(Pk11Install_Info* _this); void Pk11Install_Info_delete(Pk11Install_Info* _this); /*// Returns NULL for success, error message if parse error.*/ char* Pk11Install_Info_Generate(Pk11Install_Info* _this, const Pk11Install_ValueList *list); /*// Returns NULL if there is no matching platform*/ Pk11Install_Platform*
