Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2020-09-03 01:08:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Thu Sep 3 01:08:00 2020 rev:161 rq:829609 version:3.55 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2020-07-30 09:58:38.391146711 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.3399/mozilla-nss.changes 2020-09-03 01:08:30.512354075 +0200 @@ -1,0 +2,37 @@ +Sat Aug 22 06:41:15 UTC 2020 - Wolfgang Rosenauer <[email protected]> + +- update to NSS 3.55 + Notable changes + * P384 and P521 elliptic curve implementations are replaced with + verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. + * PK11_FindCertInSlot is added. With this function, a given slot + can be queried with a DER-Encoded certificate, providing performance + and usability improvements over other mechanisms. (bmo#1649633) + * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) + Relevant Bugfixes + * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and + P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. + * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. + * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. + * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part + ChaCha20 (which was not functioning correctly) and more strictly + enforce tag length. + * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). + * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). + * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). + * bmo#1653202 - Fix initialization bug in blapitest when compiled + with NSS_DISABLE_DEPRECATED_SEED. + * bmo#1646594 - Fix AVX2 detection in makefile builds. + * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot + for a DER-encoded certificate. + * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. + * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. + * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. + * bmo#1649226 - Add Wycheproof ECDSA tests. + * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. + * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in + RSA_CheckSignRecover. + * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the + signature_algorithms extension. + +------------------------------------------------------------------- Old: ---- nss-3.54.tar.gz New: ---- nss-3.55.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.B6iuzO/_old 2020-09-03 01:08:37.108356274 +0200 +++ /var/tmp/diff_new_pack.B6iuzO/_new 2020-09-03 01:08:37.112356275 +0200 @@ -17,14 +17,14 @@ # -%global nss_softokn_fips_version 3.54 -%define NSPR_min_version 4.26 +%global nss_softokn_fips_version 3.55 +%define NSPR_min_version 4.27 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb Name: mozilla-nss -Version: 3.54 +Version: 3.55 Release: 0 -%define underscore_version 3_54 +%define underscore_version 3_55 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries ++++++ nss-3.54.tar.gz -> nss-3.55.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.54.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.3399/nss-3.55.tar.gz differ: char 5, line 1
