Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2018-02-24 16:38:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Sat Feb 24 16:38:12 2018 rev:133 rq:574217 version:3.35 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2018-01-22 15:56:52.942674065 +0100 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2018-02-24 16:38:15.323876877 +0100 @@ -1,0 +2,55 @@ +Thu Feb 8 06:11:12 UTC 2018 - [email protected] + +- update to NSS 3.35 + New functionality + * TLS 1.3 support has been updated to draft -23. This includes a + large number of changes since 3.34, which supported only draft + -18. See below for details. + New Types + * SSLHandshakeType - The type of a TLS handshake message. + * For the SSLSignatureScheme enum, the enumerated values + ssl_sig_rsa_pss_sha* are deprecated in response to a change in + TLS 1.3. Please use the equivalent ssl_sig_rsa_pss_rsae_sha* + for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys. + Note that this release does not include support for the latter. + Notable Changes + * Previously, NSS used the DBM file format by default. Starting + with version 3.35, NSS uses the SQL file format by default. + Additional information can be found on this Fedora Linux project + page: https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql + * Added formally verified implementations of non-vectorized Chacha20 + and non-vectorized Poly1305 64-bit. + * For stronger security, when creating encrypted PKCS#7 or PKCS#12 data, + the iteration count for the password based encryption algorithm + has been increased to one million iterations. Note that debug builds + will use a lower count, for better performance in test environments. + * NSS 3.30 had introduced a regression, preventing NSS from reading + some AES encrypted data, produced by older versions of NSS. + NSS 3.35 fixes this regression and restores the ability to read + affected data. + * The following CA certificates were Removed: + OU = Security Communication EV RootCA1 + CN = CA Disig Root R1 + CN = DST ACES CA X6 + Subject CN = VeriSign Class 3 Secure Server CA - G2 + * The Websites (TLS/SSL) trust bit was turned off for the following + CA certificates: + CN = Chambers of Commerce Root + CN = Global Chambersign Root + * TLS servers are able to handle a ClientHello statelessly, if the + client supports TLS 1.3. If the server sends a HelloRetryRequest, + it is possible to discard the server socket, and make a new socket + to handle any subsequent ClientHello. This better enables stateless + server operation. (This feature is added in support of QUIC, but it + also has utility for DTLS 1.3 servers.) + * The tstclnt utility now supports DTLS, using the -P option. Note that + a DTLS server is also provided in tstclnt. + * TLS compression is no longer possible with NSS. The option can be + enabled, but NSS will no longer negotiate compression. + * The signatures of functions SSL_OptionSet, SSL_OptionGet, + SSL_OptionSetDefault and SSL_OptionGetDefault have been modified, + to take a PRIntn argument rather than PRBool. This makes it clearer, + that options can have values other than 0 or 1. Note this does + not affect ABI compatibility, because PRBool is a typedef for PRIntn. + +------------------------------------------------------------------- Old: ---- nss-3.34.1.tar.gz New: ---- nss-3.35.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.tjmAvn/_old 2018-02-24 16:38:18.607758691 +0100 +++ /var/tmp/diff_new_pack.tjmAvn/_new 2018-02-24 16:38:18.611758547 +0100 @@ -2,7 +2,7 @@ # spec file for package mozilla-nss # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2006-2017 Wolfgang Rosenauer +# Copyright (c) 2006-2018 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,15 +17,15 @@ # -%global nss_softokn_fips_version 3.34.1 +%global nss_softokn_fips_version 3.35 Name: mozilla-nss BuildRequires: gcc-c++ -BuildRequires: mozilla-nspr-devel >= 4.17 +BuildRequires: mozilla-nspr-devel >= 4.18 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.34.1 +Version: 3.35 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_34_1_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.34.1/nss ; cd nss-3.34.1/nss ; hg up NSS_3_34_1_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_35_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.35/nss ; cd nss-3.35/nss ; hg up NSS_3_35_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -88,7 +88,7 @@ Group: Development/Libraries/C and C++ Requires: libfreebl3 Requires: libsoftokn3 -Requires: mozilla-nspr-devel >= 4.17 +Requires: mozilla-nspr-devel >= 4.18 Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 ++++++ nss-3.34.1.tar.gz -> nss-3.35.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.34.1.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new/nss-3.35.tar.gz differ: char 5, line 1
