Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2019-02-04 21:24:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Mon Feb 4 21:24:24 2019 rev:142 rq:669997 version:3.41.1 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2018-12-19 13:26:09.381181650 +0100 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.28833/mozilla-nss.changes 2019-02-04 21:24:26.091609984 +0100 @@ -1,0 +2,42 @@ +Wed Jan 23 16:30:27 UTC 2019 - Wolfgang Rosenauer <[email protected]> + +- update to NSS 3.41.1 + * (3.41) required by Firefox 65.0 + New functionality + * Implemented EKU handling for IPsec IKE. (bmo#1252891) + * Enable half-closed states for TLS. (bmo#1423043) + * Enabled the following ciphersuites by default: (bmo#1493215) + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + TLS_RSA_WITH_AES_256_GCM_SHA384 + Notable changes + * The following CA certificates were added: + CN = Certigna Root CA + CN = GTS Root R1 + CN = GTS Root R2 + CN = GTS Root R3 + CN = GTS Root R4 + CN = UCA Global G2 Root + CN = UCA Extended Validation Root + * The following CA certificates were removed: + CN = AC Raíz Certicámara S.A. + CN = Certplus Root CA G1 + CN = Certplus Root CA G2 + CN = OpenTrust Root CA G1 + CN = OpenTrust Root CA G2 + CN = OpenTrust Root CA G3 + Bugs fixed + * Reject empty supported_signature_algorithms in Certificate + Request in TLS 1.2 (bmo#1412829) + * Cache side-channel variant of the Bleichenbacher attack (bmo#1485864) + (CVE-2018-12404) + * Resend the same ticket in ClientHello after HelloRetryRequest (bmo#1481271) + * Set session_id for external resumption tokens (bmo#1493769) + * Reject CCS after handshake is complete in TLS 1.3 (bmo#1507179) + * Add additional null checks to several CMS functions to fix a rare + CMS crash. (bmo#1507135, bmo#1507174) (3.41.1) +- removed obsolete patches + nss-disable-ocsp-test.patch + +------------------------------------------------------------------- Old: ---- nss-3.40.1.tar.gz nss-disable-ocsp-test.patch New: ---- nss-3.41.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.mQteJB/_old 2019-02-04 21:24:28.019609508 +0100 +++ /var/tmp/diff_new_pack.mQteJB/_new 2019-02-04 21:24:28.023609506 +0100 @@ -1,7 +1,7 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2006-2018 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties @@ -25,7 +25,7 @@ BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.40.1 +Version: 3.41.1 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_40_1_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.40.1/nss ; cd nss-3.40.1/nss ; hg up NSS_3_40_1_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_41_1_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.41.1/nss ; cd nss-3.41.1/nss ; hg up NSS_3_41_1_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -54,9 +54,8 @@ Patch3: nss-no-rpath.patch Patch4: add-relro-linker-option.patch Patch5: malloc.patch -Patch6: nss-disable-ocsp-test.patch +Patch6: bmo-1400603.patch Patch7: nss-sqlitename.patch -Patch8: bmo-1400603.patch %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} @@ -88,7 +87,7 @@ Group: Development/Libraries/C and C++ Requires: libfreebl3 Requires: libsoftokn3 -Requires: mozilla-nspr-devel >= 4.19 +Requires: mozilla-nspr-devel >= 4.20 Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 @@ -177,7 +176,6 @@ %endif %patch6 -p1 %patch7 -p1 -%patch8 -p1 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt ++++++ nss-3.40.1.tar.gz -> nss-3.41.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.40.1.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.28833/nss-3.41.1.tar.gz differ: char 5, line 1
