Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2024-03-25 21:06:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Mon Mar 25 21:06:19 2024 rev:215 rq:1160555 version:3.98 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2024-02-27 22:43:20.243637007 +0100 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.1905/mozilla-nss.changes 2024-03-25 21:07:18.515222325 +0100 @@ -1,0 +2,44 @@ +Sat Mar 16 21:39:31 UTC 2024 - Wolfgang Rosenauer <[email protected]> + +- update to NSS 3.98 + * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption + in TLS + * bmo#1879513 - Certificate Compression: enabling the check that + the compression was advertised + * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha + * bmo#1879945 - Remove Email trust bit from OISTE WISeKey + Global Root GC CA + * bmo#1877344 - Replace `distutils.spawn.find_executable` with + `shutil.which` within `mach` in `nss` + * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to + support Certificate compression + * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation + * bmo#1875356 - Add valgrind annotations to freebl kyber operations + for constant-time execution tests + * bmo#1870673 - Set nssckbi version number to 2.66 + * bmo#1874017 - Add Telekom Security roots + * bmo#1873095 - Add D-Trust 2022 S/MIME roots + * bmo#1865450 - Remove expired Security Communication RootCA1 root + * bmo#1876179 - move keys to a slot that supports concatenation in + PK11_ConcatSymKeys + * bmo#1876800 - remove unmaintained tls-interop tests + * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim + flags + * bmo#1874937 - bogo: add support for the -curves shim flag and + update Kyber expectations + * bmo#1874937 - bogo: adjust expectation for a key usage bit test + * bmo#1757758 - mozpkix: add option to ignore invalid subject + alternative names + * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value + * bmo#1876390 - take ownership of ecckilla shims + * bmo#1874458 - add valgrind annotations to freebl/ec.c + * bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip + * bmo#1875965 - Update zlib to 1.3.1 + +------------------------------------------------------------------- +Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal <[email protected]> + +- Add crypto-policies support [bsc#1211301] + deactivated for now + +------------------------------------------------------------------- Old: ---- nss-3.97.tar.gz New: ---- nss-3.98.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.G2HXID/_old 2024-03-25 21:07:25.279470867 +0100 +++ /var/tmp/diff_new_pack.G2HXID/_new 2024-03-25 21:07:25.279470867 +0100 @@ -2,7 +2,7 @@ # spec file for package mozilla-nss # # Copyright (c) 2024 SUSE LLC -# Copyright (c) 2006-2023 Wolfgang Rosenauer +# Copyright (c) 2006-2024 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,14 +17,15 @@ # -%global nss_softokn_fips_version 3.97 +%global nss_softokn_fips_version 3.98 %define NSPR_min_version 4.35 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb +%global crypto_policies_version 20210118 Name: mozilla-nss -Version: 3.97 +Version: 3.98 Release: 0 -%define underscore_version 3_97 +%define underscore_version 3_98 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -95,6 +96,9 @@ Requires(pre): libjitterentropy3 Requires: libjitterentropy3 %endif +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies >= %{crypto_policies_version} +%endif Requires: libfreebl3 >= %{nss_softokn_fips_version} Requires: libsoftokn3 >= %{nss_softokn_fips_version} Requires: mozilla-nspr >= %{NSPR_min_version} @@ -277,6 +281,13 @@ export NSS_FIPS_MODULE_ID="\"SUSE Linux Enterprise NSS %{version}-%{release}\"" #export SQLITE_LIB_NAME=nsssqlite3 export MAKE_FLAGS="BUILD_OPT=1" +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +# Set the policy file location +# if set NSS will always check for the policy file and load if it exists +#export POLICY_FILE="nss.config" +# location of the policy file +#export POLICY_PATH="/etc/crypto-policies/back-ends" +%endif EOF source ../obsenv.sh @@ -298,6 +309,11 @@ export DOMSUF="localdomain" export USE_IP=TRUE export IP_ADDRESS="127.0.0.1" +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +# This is necessary because the test suite tests algorithms that are +# disabled by the system policy. +export NSS_IGNORE_SYSTEM_POLICY=1 +%endif EOF source ../obsenv.sh source ../obstestenv.sh @@ -462,6 +478,11 @@ %postun sysinit -p /sbin/ldconfig +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +%posttrans +update-crypto-policies &> /dev/null || : +%endif + %files %{_libdir}/libnss3.so %{_libdir}/libnssutil3.so ++++++ nss-3.97.tar.gz -> nss-3.98.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.97.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.1905/nss-3.98.tar.gz differ: char 5, line 1
