SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mozilla-nss-3.14.3-9.29.2.x86_64.rpm :

* Sun Mar 24 2013 wrAATTrosenauer.org- disable tests with expired certificates (nss-disable-expired-testcerts.patch)- add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements (bug-834091.patch; bmo#834091)
* Thu Feb 28 2013 wrAATTrosenauer.org- update to 3.14.3
* No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365)
* \"certutil -a\" was not correctly producing ASCII output as requested. (bmo#840714)
* NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch- add aarch64 support
* Tue Feb 05 2013 wrAATTrosenauer.org- added system-sqlite.patch (bmo#837799)
* do not depend on latest sqlite just for a #define- enable system sqlite usage again
* Sat Feb 02 2013 wrAATTrosenauer.org- update to 3.14.2
* required for Firefox >= 20
* removed obsolete nssckbi update patch
* MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage- disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution
* add nss-sqlitename.patch to avoid any name clash
* Sun Dec 30 2012 wrAATTrosenauer.org- updated CA database (nssckbi-1.93.patch)
* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST
* Tue Dec 18 2012 wrAATTrosenauer.org- update to 3.14.1 RTM
* minimal requirement for Gecko 20
* several bugfixes
* Thu Oct 25 2012 wrAATTrosenauer.org- update to 3.14 RTM
* Support for TLS 1.1 (RFC 4346)
* Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
* Support for AES-CTR, AES-CTS, and AES-GCM
* Support for Keying Material Exporters for TLS (RFC 5705)
* Support for certificate signatures using the MD5 hash algorithm is now disabled by default
* The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.
* Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default- disabled OCSP testcases since they need external network (nss-disable-ocsp-test.patch)
* Wed Aug 15 2012 wrAATTrosenauer.org- update to 3.13.6 RTM
* root CA update
* other bugfixes
* Fri Jun 01 2012 wrAATTrosenauer.org- update to 3.13.5 RTM
* Fri Apr 13 2012 wrAATTrosenauer.org- update to 3.13.4 RTM
* fixed some bugs
* fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2
* Thu Feb 23 2012 wrAATTrosenauer.org- update to 3.13.3 RTM - distrust Trustwave\'s MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204)
* Thu Feb 16 2012 wrAATTrosenauer.org- update to 3.13.2 RTM
* requirement with Gecko >= 11- removed obsolete patches
* ckbi-1.88
* pkcs11n-header-fix.patch
* Sun Dec 18 2011 adrianAATTsuse.de- fix spec file syntax for qemu-workaround
* Mon Nov 14 2011 johnAATTredux.org.uk- Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)
* Sat Nov 05 2011 wolfgangAATTrosenauer.org- update to 3.13.1 RTM
* better SHA-224 support (bmo#647706)
* fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228)- update to 3.13.0 RTM
* SSL 2.0 is disabled by default
* A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
* SHA-224 is supported
* Ported to iOS. (Requires NSPR 4.9.)
* Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code
* Added NSS_GetVersion to return the NSS version string
* Added experimental support of RSA-PSS to the softoken only
* NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096)
* Sat Nov 05 2011 wrAATTrosenauer.org- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753)- make sure NSS_NoDB_Init does not try to use wrong certificate databases (CVE-2011-3640, bnc#726096, bmo#641052)
* Fri Sep 30 2011 crrodriguezAATTopensuse.org- Workaround qemu-arm bugs.
* Fri Sep 09 2011 wrAATTrosenauer.org- explicitely distrust/override DigiNotar certs (bmo#683261) (trustdb version 1.87)
* Fri Sep 02 2011 pcernyAATTsuse.com- removed DigiNotar root certificate from trusted db (bmo#682927, bnc#714931)
* Wed Aug 24 2011 andrea.turriniAATTgmail.com- fixed typo in summary of mozilla-nss (libsoftokn3)
* Fri Aug 12 2011 wrAATTrosenauer.org- update to 3.12.11 RTM
* no upstream release notes available
* Wed Jul 13 2011 meissnerAATTsuse.de- Linux3.0 is the new Linux2.6 (make it build)
* Mon May 23 2011 crrodriguezAATTopensuse.org- Do not include build dates in binaries, messes up build compare
* Thu May 19 2011 wrAATTrosenauer.org- update to 3.12.10 RTM
* no changes except internal release information
* Thu Apr 28 2011 wrAATTrosenauer.org- update to 3.12.10beta1
* root CA changes
* filter certain bogus certs (bmo#642815)
* fix minor memory leaks
* other bugfixes
* Sun Jan 09 2011 wrAATTrosenauer.org- update to 3.12.9rc0
* fix minor memory leaks (bmo#619268)
* fix crash in nss_cms_decoder_work_data (bmo#607058)
* fix crash in certutil (bmo#620908)
* handle invalid argument in JPAKE (bmo#609068)
* Thu Dec 09 2010 wrAATTrosenauer.org- update to 3.12.9beta2
* J-PAKE support (API requirement for Firefox >= 4.0b8)
* Tue Nov 09 2010 wrAATTrosenauer.org- replaced expired PayPal test certificate (fixing testsuite)
* Sat Sep 25 2010 wrAATTrosenauer.org- update to 3.12.8 RTM release
* support TLS false start (needed for Firefox4) (bmo#525092)
* fix wildcard matching for IP addresses (bnc#637290, bmo#578697) (CVE-2010-3170)
* bugfixes
* Fri Jul 23 2010 wrAATTrosenauer.org- update to 3.12.7 RTM release
* bugfix release
* updated root CA list- removed obsolete patches
* Fri Jul 09 2010 jengelhAATTmedozas.de- Disable testsuite on SPARC. Some tests fails, probably due to just bad timing/luck.
* Thu Jun 03 2010 wrAATTrosenauer.org- Use preloaded empty system database since creating with modutil leaves database in nonusable state
* Sat Apr 24 2010 cooloAATTnovell.com- buildrequire pkg-config to fix provides
* Sun Apr 04 2010 wrAATTrosenauer.org- disabled a test using an expired cert (bmo#557071)
* Sat Mar 20 2010 wrAATTrosenauer.org- fixed builds for older dists where internal sqlite3 is used (nss-sqlitename.patch was not refreshed correctly)- fixed baselibs.conf as is not a valid identifier
* Tue Mar 09 2010 wrAATTrosenauer.org- update to 3.12.6 RTM release
* added mozilla-nss-sysinit subpackage- change renegotiation behaviour to the old default for a transition phase
* Tue Mar 09 2010 wrAATTrosenauer.org- split off libsoftokn3 subpackage to allow mixed NSS installation
* Sat Dec 26 2009 wrAATTrosenauer.org- added mozilla-nss-certs baselibs (bnc#567322)
* Fri Dec 18 2009 wrAATTrosenauer.org- split mozilla-nss-certs from main package- added rpmlintrc to ignore expected warnings- added baselibs.conf as source
* Mon Dec 14 2009 wrAATTrosenauer.org- updated builtin certs (version 1.77)
* Mon Nov 23 2009 wrAATTrosenauer.org- rebased patches to apply w/o fuzz
* Fri Aug 14 2009 wrAATTrosenauer.org- update to 3.12.4 RTM release
* Fri Aug 07 2009 wrAATTrosenauer.org- update to recent snapshot (20090806)- libnssdbm3.so has to be signed starting with 3.12.4
* Mon Aug 03 2009 wrAATTrosenauer.org- update to NSS 3.12.4pre snapshot- rebased existing patches- enable testsuite again (was disabled accidentally before)
* Wed Jul 29 2009 wrAATTrosenauer.org- update to NSS 3.12.3.1 (upstream use in FF 3.5.1) (bmo#504611)
* RNG_SystemInfoForRNG called twice by nsc_CommonInitialize (bmo#489811; other changes are unrelated to Linux)- moved shlibsign to tools package again (as it\'s not needed at library install time anymore)- use %{_libexecdir} for the tools
* Sat Jun 06 2009 wrAATTrosenauer.org- Temporary testsuite fix for Factory (bnc#509308) (malloc.patch)- remove the post scriptlet which created the
*.chk files and use a RPM feature to create them after debuginfo stuff
* Tue Jun 02 2009 wrAATTrosenauer.org- updated builtin root certs by updating to NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the base for Firefox 3.5.0- PreReq coreutils in the main package already as \"rm\" is used in its %post script- disable testsuite for this moment as it crashes on Factory currently for an unknown reason
* Thu May 21 2009 wrAATTrosenauer.org- renew Paypal certs to fix testsuite errors (bmo#491163)
* Mon Apr 20 2009 wrAATTrosenauer.org- update to version 3.12.3 RTM
* default behaviour changed slightly but can be set up backward compatible using environment variables https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
* New Korean SEED cipher
* Some new functions in the nss library: CERT_RFC1485_EscapeAndQuote (see cert.h) CERT_CompareCerts (see cert.h) CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h) PK11_GetSymKeyHandle (see pk11pqg.h) UTIL_SetForkState (see secoid.h) NSS_GetAlgorithmPolicy (see secoid.h) NSS_SetAlgorithmPolicy (see secoid.h)- created libfreebl3 subpackage and build it w/o nspr and nss deps- added patch to make all ASM noexecstack- create the softokn3 and freebl3 checksums at installation time (moved shlibsign to the main package to achieve that)- applied upstream patch to avoid OSCP test failures (bmo#488646)- applied upstream patch to fix libjar crashes (bmo#485145)
  
ICM