Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2018-10-29 14:15:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Mon Oct 29 14:15:17 2018 rev:140 rq:644083 version:3.39 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2018-10-18 15:29:13.438793367 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2018-10-29 14:56:55.609732913 +0100 @@ -1,0 +2,42 @@ +Sun Oct 21 07:39:58 UTC 2018 - w...@rosenauer.org + +- update to NSS 3.39 + * required by Firefox 63.0 + Notable bug fixes + * NSS responded to an SSLv2-compatible ClientHello with a + ServerHello that had an all-zero random (CVE-2018-12384) (bmo#1483128) + New functionality + * The tstclnt and selfserv utilities added support for configuring + the enabled TLS signature schemes using the -J parameter. + * NSS will use RSA-PSS keys to authenticate in TLS. Support for + these keys is disabled by default but can be enabled using + SSL_SignatureSchemePrefSet(). + * certutil added the ability to delete an orphan private key from + an NSS key database. + * Added the nss-policy-check utility, which can be used to check + an NSS policy configuration for problems. + * A PKCS#11 URI can be used as an identifier for a PKCS#11 token. + Notable changes + * The TLS 1.3 implementation uses the final version number from + RFC 8446. + * Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature + where the DigestInfo structure was missing the NULL parameter. + Starting with version 3.39, NSS requires the encoding to contain + the NULL parameter. + * The tstclnt and selfserv test utilities no longer accept the -z + parameter, as support for TLS compression was removed in a + previous NSS version. + * The CA certificates list was updated to version 2.26. + * The following CA certificates were Added: + - OU = GlobalSign Root CA - R6 + - CN = OISTE WISeKey Global Root GC CA + * The following CA certificate was Removed: + - CN = ComSign + * The following CA certificates had the Websites trust bit disabled: + - CN = Certplus Root CA G1 + - CN = Certplus Root CA G2 + - CN = OpenTrust Root CA G1 + - CN = OpenTrust Root CA G2 + - CN = OpenTrust Root CA G3 + +------------------------------------------------------------------- Old: ---- nss-3.38.tar.gz New: ---- nss-3.39.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.7I4LEI/_old 2018-10-29 14:56:57.401739386 +0100 +++ /var/tmp/diff_new_pack.7I4LEI/_new 2018-10-29 14:56:57.401739386 +0100 @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,11 +21,11 @@ Name: mozilla-nss BuildRequires: gcc-c++ -BuildRequires: mozilla-nspr-devel >= 4.19 +BuildRequires: mozilla-nspr-devel >= 4.20 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.38 +Version: 3.39 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_38_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.38/nss ; cd nss-3.38/nss ; hg up NSS_3_38_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_39_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.39/nss ; cd nss-3.39/nss ; hg up NSS_3_39_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -265,6 +265,7 @@ cp -L bin/certutil \ bin/cmsutil \ bin/crlutil \ + bin/nss-policy-check \ bin/modutil \ bin/pk12util \ bin/signtool \ ++++++ malloc.patch ++++++ --- /var/tmp/diff_new_pack.7I4LEI/_old 2018-10-29 14:56:57.441739529 +0100 +++ /var/tmp/diff_new_pack.7I4LEI/_new 2018-10-29 14:56:57.441739529 +0100 @@ -1,19 +1,8 @@ -# HG changeset patch -# Parent 032e1235ede0393863f4720ba6746baa24cb68e4 -Index: security/nss/tests/ssl/ssl.sh -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v -retrieving revision 1.100 - diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh +index c1730d8..5eee525 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh -@@ -1354,12 +1354,13 @@ ssl_run_tests() - fi - ;; - esac - done - } +@@ -1449,6 +1449,7 @@ ssl_run_tests() ################################# main ################################# @@ -21,4 +10,3 @@ ssl_init ssl_run_tests ssl_cleanup - ++++++ nss-3.38.tar.gz -> nss-3.39.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.38.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new/nss-3.39.tar.gz differ: char 5, line 1
