Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2015-10-03 20:28:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2015-07-19 11:44:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2015-10-03 20:29:20.000000000 +0200 @@ -1,0 +2,87 @@ +Thu Sep 24 15:41:09 UTC 2015 - [email protected] + +- Install the static libfreebl.a that is needed in order to link + Sun elliptical curves provider in Java 7. + +------------------------------------------------------------------- +Thu Sep 24 09:39:17 UTC 2015 - [email protected] + +- update to NSS 3.20 + New functionality: + * The TLS library has been extended to support DHE ciphersuites in + server applications. + New Functions: + * SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group + parameters that can be used by NSS for a server socket. + * SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group + parameters that are smaller than the library default's minimum size. + New Types: + * SSLDHEGroupType - Enumerates the set of DHE parameters embedded in + NSS that can be used with function SSL_DHEGroupPrefSet. + New Macros: + * SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable + DHE ciphersuites for a server socket. + Notable Changes: + * For backwards compatibility reasons, the server side implementation + of the TLS library keeps all DHE ciphersuites disabled by default. + They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE + and the SSL_OptionSet or the SSL_OptionSetDefault API. + * The server side implementation of the TLS implementation does not + support session tickets when using a DHE ciphersuite (see bmo#1174677). + * Support for the following ciphersuites has been added: + - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 + - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 + - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 + * By default, the server side TLS implementation will use DHE + parameters with a size of 2048 bits when using DHE ciphersuites. + * NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and + 8192 bits, which were copied from version 08 of the Internet-Draft + "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for + TLS", Appendix A. + * A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a + server application to select one or multiple of the embedded DHE + parameters as the preferred parameters. The current implementation of + NSS will always use the first entry in the array that is passed as a + parameter to the SSL_DHEGroupPrefSet API. In future versions of the + TLS implementation, a TLS client might signal a preference for + certain DHE parameters, and the NSS TLS server side implementation + might select a matching entry from the set of parameters that have + been configured as preferred on the server side. + * NSS optionally supports the use of weak DHE parameters with DHE + ciphersuites to support legacy clients. In order to enable this + support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each + time this API is called for the first time in a process, a fresh set + of weak DHE parameters will be randomly created, which may take a + long amount of time. Please refer to the comments in the header file + that declares the SSL_EnableWeakDHEPrimeGroup API for additional + details. + * The size of the default PQG parameters used by certutil when + creating DSA keys has been increased to use 2048 bit parameters. + * The selfserv utility has been enhanced to support the new DHE features. + * NSS no longer supports C compilers that predate the ANSI C standard (C89). + +------------------------------------------------------------------- +Thu Sep 24 09:38:17 UTC 2015 - [email protected] + +- update to NSS 3.19.3; certstore updates only + * The following CA certificates were removed + - Buypass Class 3 CA 1 + - TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı + - SG TRUST SERVICES RACINE + - TC TrustCenter Universal CA I + - TC TrustCenter Class 2 CA II + * The following CA certificate had the Websites trust bit turned off + - ComSign Secured CA + * The following CA certificates were added + - TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 + - TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 + - Certinomis - Root CA + * The version number of the updated root CA list has been set to 2.5 + +------------------------------------------------------------------- +Thu Sep 24 09:31:11 UTC 2015 - [email protected] + +- Install blapi.h and algmac.h that are needed in order to build + Sun elliptical curves provider in Java 7 + +------------------------------------------------------------------- Old: ---- nss-3.19.2.tar.gz New: ---- nss-3.20.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.xFU3UQ/_old 2015-10-03 20:29:22.000000000 +0200 +++ /var/tmp/diff_new_pack.xFU3UQ/_new 2015-10-03 20:29:22.000000000 +0200 @@ -25,7 +25,7 @@ BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.19.2 +Version: 3.20 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.19.2/nss ; cd nss-3.19.2/nss ; hg up NSS_3_19_2_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.20/nss ; cd nss-3.20/nss ; hg up NSS_3_20_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -227,6 +227,11 @@ pushd ../dist/Linux* # copy headers cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 +# copy some freebl include files we also want +for file in blapi.h alghmac.h +do + cp -L ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done # copy dynamic libs cp -L lib/libnss3.so \ lib/libnssdbm3.so \ @@ -246,6 +251,7 @@ # $RPM_BUILD_ROOT%{_libdir} # copy static libs cp -L lib/libcrmf.a \ + lib/libfreebl.a \ lib/libnssb.a \ lib/libnssckfw.a \ $RPM_BUILD_ROOT%{_libdir} ++++++ nss-3.19.2.tar.gz -> nss-3.20.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.19.2.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new/nss-3.20.tar.gz differ: char 5, line 1
