Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2019-09-05 12:07:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Thu Sep 5 12:07:05 2019 rev:146 rq:720828 version:3.45 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2019-07-22 12:16:04.143733361 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948/mozilla-nss.changes 2019-09-05 12:07:10.963887864 +0200 @@ -1,0 +2,73 @@ +Sat Aug 3 21:12:12 UTC 2019 - Wolfgang Rosenauer <[email protected]> + +- update to NSS 3.45 (bsc#1141322) + * required by Firefox 69.0 + New functions + * PK11_FindRawCertsWithSubject - Finds all certificates on the + given slot with the given subject distinguished name and returns + them as DER bytes. If no such certificates can be found, returns + SECSuccess and sets *results to NULL. If a failure is encountered + while fetching any of the matching certificates, SECFailure is + returned and *results will be NULL. + Notable changes + * bmo#1540403 - Implement Delegated Credentials + * bmo#1550579 - Replace ARM32 Curve25519 implementation with one + from fiat-crypto + * bmo#1551129 - Support static linking on Windows + * bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for + finding certificates with a given subject on a given slot + * bmo#1546229 - Add IPSEC IKE support to softoken + * bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23) + * bmo#1543874 - Expose an external clock for SSL + * bmo#1546477 - Various changes in response to the ongoing FIPS review + Certificate Authority Changes + * The following CA certificates were Removed: + bmo#1552374 - CN = Certinomis - Root CA + Bugs fixed + * bmo#1540541 - Don't unnecessarily strip leading 0's from key material + during PKCS11 import (CVE-2019-11719) + * bmo#1515342 - More thorough input checking (CVE-2019-11729) + * bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in + TLS 1.3 (CVE-2019-11727) + * bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed + from lib/freebl/pqg.c (static analysis) + * bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams + from lib/freebl/pqg.c (static analysis) + * bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong + * bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where + tags could be faked. Only relevant for clients that might have copied + the unit test code verbatim + * bmo#1550022 - Ensure nssutil3 gets built on Android + * bmo#1528174 - ChaCha20Poly1305 should no longer modify output + length on failure + * bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() + returns error + * bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures + * bmo#1554659 - Add versioning to OpenBSD builds to fix link time + errors using NSS + * bmo#1553443 - Send session ticket only after handshake is marked + as finished + * bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so + builds + * bmo#1554336 - Optimize away unneeded loop in mpi.c + * bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor + specific mechanism + * bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible + * bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT + * bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey + * bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data + * bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work + * bmo#1561523 - Add a string for the new-ish error + SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION + +------------------------------------------------------------------- +Fri Aug 2 14:43:24 UTC 2019 - Wolfgang Rosenauer <[email protected]> + +- split hmac subpackages to match SLE's packaging + +------------------------------------------------------------------- +Mon Jul 22 07:13:42 UTC 2019 - Martin Liška <[email protected]> + +- Use -ffat-lto-objects in order to provide assembly for static libs. + +------------------------------------------------------------------- Old: ---- nss-3.44.1.tar.gz New: ---- nss-3.45.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.kc9rdZ/_old 2019-09-05 12:07:14.599887183 +0200 +++ /var/tmp/diff_new_pack.kc9rdZ/_new 2019-09-05 12:07:14.603887181 +0200 @@ -2,7 +2,7 @@ # spec file for package mozilla-nss # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2006-2018 Wolfgang Rosenauer +# Copyright (c) 2006-2019 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ # -%global nss_softokn_fips_version 3.36 +%global nss_softokn_fips_version 3.45 %define NSPR_min_version 4.21 Name: mozilla-nss @@ -26,9 +26,9 @@ BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.44.1 +Version: 3.45 Release: 0 -%define underscore_version 3_44_1 +%define underscore_version 3_45 # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-64bit @@ -129,7 +129,7 @@ %package -n libfreebl3 Summary: Freebl library for the Network Security Services Group: System/Libraries -Provides: libfreebl3-hmac +Recommends: libfreebl3-hmac = %{version}-%{release} %description -n libfreebl3 Network Security Services (NSS) is a set of libraries designed to @@ -141,11 +141,21 @@ This package installs the freebl library from NSS. +%package -n libfreebl3-hmac +Summary: Freebl library checksums for the Network Security Services +Group: System/Libraries +Requires: libfreebl3 = %{version}-%{release} + +%description -n libfreebl3-hmac +Checksums for libraries contained in the libfreebl3 package +used in the FIPS 140-2 mode. + + %package -n libsoftokn3 Summary: Network Security Services Softoken Module Group: System/Libraries Requires: libfreebl3 = %{version}-%{release} -Provides: libsoftokn3-hmac +Recommends: libsoftokn3-hmac = %{version}-%{release} %description -n libsoftokn3 Network Security Services (NSS) is a set of libraries designed to @@ -157,6 +167,16 @@ Network Security Services Softoken Cryptographic Module +%package -n libsoftokn3-hmac +Summary: Network Security Services Softoken Module checksums +Group: System/Libraries +Requires: libsoftokn3 = %{version}-%{release} + +%description -n libsoftokn3-hmac +Checksums for libraries contained in the libsoftokn3 package +used in the FIPS 140-2 mode. + + %package certs Summary: CA certificates for NSS Group: Productivity/Networking/Security @@ -184,6 +204,7 @@ #make generate %build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects cd nss modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" @@ -389,15 +410,21 @@ %files -n libfreebl3 %defattr(-, root, root) /%{_lib}/libfreebl3.so -/%{_lib}/libfreebl3.chk /%{_lib}/libfreeblpriv3.so + +%files -n libfreebl3-hmac +%defattr(-, root, root) +/%{_lib}/libfreebl3.chk /%{_lib}/libfreeblpriv3.chk %files -n libsoftokn3 %defattr(-, root, root) %{_libdir}/libsoftokn3.so -%{_libdir}/libsoftokn3.chk %{_libdir}/libnssdbm3.so + +%files -n libsoftokn3-hmac +%defattr(-, root, root) +%{_libdir}/libsoftokn3.chk %{_libdir}/libnssdbm3.chk %files certs ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.kc9rdZ/_old 2019-09-05 12:07:14.639887175 +0200 +++ /var/tmp/diff_new_pack.kc9rdZ/_new 2019-09-05 12:07:14.639887175 +0200 @@ -5,9 +5,11 @@ requires "mozilla-nss-certs-<targettype>" libsoftokn3 requires "libfreebl3-<targettype> = <version>" +libsoftokn3-hmac +/usr/lib/libsoftokn3.chk +/usr/lib/libnssdbm3.chk libfreebl3 +libfreebl3-hmac +/lib/libfreebl3.chk +/lib/libfreeblpriv3.chk mozilla-nss-sysinit ++++++ nss-3.44.1.tar.gz -> nss-3.45.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.44.1.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948/nss-3.45.tar.gz differ: char 5, line 1
