Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory
checked in at 2023-01-20 17:36:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nss.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss"
Fri Jan 20 17:36:27 2023 rev:197 rq:1059272 version:3.86
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2022-12-15
19:23:38.591523079 +0100
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.32243/mozilla-nss.changes
2023-01-20 17:36:37.411838960 +0100
@@ -1,0 +2,22 @@
+Sun Jan 15 20:25:25 UTC 2023 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- update to NSS 3.86
+ * bmo#1803190 - conscious language removal in NSS
+ * bmo#1794506 - Set nssckbi version number to 2.60
+ * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
+ CKA_NSS_EMAIL_DISTRUST_AFTER for 3
+ TrustCor Root Certificates
+ * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
+ * bmo#1797559 - Remove EC-ACC root cert from NSS
+ * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
+ * bmo#1794495 - Remove Network Solutions Certificate Authority
+ * bmo#1802331 - compress docker image artifact with zstd
+ * bmo#1799315 - Migrate nss from AWS to GCP
+ * bmo#1800989 - Enable static builds in the CI
+ * bmo#1765759 - Removing SAW docker from the NSS build system
+ * bmo#1783231 - Initialising variables in the rsa blinding code
+ * bmo#320582 - Implementation of the double-signing of the message
+ for ECDSA
+ * bmo#1783231 - Adding exponent blinding for RSA.
+
+-------------------------------------------------------------------
Old:
----
nss-3.85.tar.gz
New:
----
nss-3.86.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.Z6nWWQ/_old 2023-01-20 17:36:39.919852805 +0100
+++ /var/tmp/diff_new_pack.Z6nWWQ/_new 2023-01-20 17:36:39.923852827 +0100
@@ -1,8 +1,8 @@
#
# spec file for package mozilla-nss
#
-# Copyright (c) 2022 SUSE LLC
-# Copyright (c) 2006-2022 Wolfgang Rosenauer
+# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2006-2023 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,14 @@
#
-%global nss_softokn_fips_version 3.85
+%global nss_softokn_fips_version 3.86
%define NSPR_min_version 4.35
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
-Version: 3.85
+Version: 3.86
Release: 0
-%define underscore_version 3_85
+%define underscore_version 3_86
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
++++++ nss-3.85.tar.gz -> nss-3.86.tar.gz ++++++
/work/SRC/openSUSE:Factory/mozilla-nss/nss-3.85.tar.gz
/work/SRC/openSUSE:Factory/.mozilla-nss.new.32243/nss-3.86.tar.gz differ: char
5, line 1
++++++ nss-fips-rsa-keygen-strictness.patch ++++++
--- /var/tmp/diff_new_pack.Z6nWWQ/_old 2023-01-20 17:36:40.095853776 +0100
+++ /var/tmp/diff_new_pack.Z6nWWQ/_new 2023-01-20 17:36:40.099853798 +0100
@@ -9,6 +9,7 @@
Patch 16: nss-fips-rsa-keygen-strictness.patch
diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
+index b757150..41d08b1 100644
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
@@ -14,6 +14,8 @@
@@ -20,7 +21,7 @@
#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
#define RANDOM() rand()
-@@ -451,6 +453,25 @@
+@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start, mp_size nBits,
mp_size strong, mpp_rand
} else
num_tests = 50;
@@ -47,6 +48,7 @@
--nBits;
MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
+index 2b8a3bf..8d40d11 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -16,11 +16,13 @@
@@ -61,9 +63,9 @@
#include "blapii.h"
+#include "fips.h"
- /*
- ** Number of times to attempt to generate a prime (p or q) from a random
-@@ -143,11 +145,24 @@
+ /* The minimal required randomness is 64 bits */
+ /* EXP_BLINDING_RANDOMNESS_LEN is the length of the randomness in mp_digits */
+@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q,
err = mp_invmod(d, &phi, e);
} else {
err = mp_invmod(e, &phi, d);
@@ -90,7 +92,7 @@
if (err != MP_OKAY) {
if (err == MP_UNDEF) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
-@@ -280,10 +295,12 @@
+@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
mp_int q = { 0, 0, 0, NULL };
mp_int e = { 0, 0, 0, NULL };
mp_int d = { 0, 0, 0, NULL };
@@ -104,7 +106,7 @@
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
-@@ -301,11 +318,40 @@
+@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
@@ -149,7 +151,7 @@
}
#endif
-@@ -323,12 +369,7 @@
+@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
key->arena = arena;
/* length of primes p and q (in bytes) */
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
@@ -163,7 +165,7 @@
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
SECITEM_AllocItem(arena, &key->version, 1);
key->version.data[0] = 0;
-@@ -339,13 +380,64 @@
+@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
PORT_SetError(0);
CHECK_SEC_OK(generate_prime(&p, primeLen));
CHECK_SEC_OK(generate_prime(&q, primeLen));
@@ -229,7 +231,7 @@
/* Attempt to use these primes to generate a key */
rv = rsa_build_from_primes(&p, &q,
&e, PR_FALSE, /* needPublicExponent=false
*/
-@@ -368,7 +460,9 @@
+@@ -374,7 +466,9 @@ cleanup:
mp_clear(&q);
mp_clear(&e);
mp_clear(&d);
