|
|
|
|
Changelog for nss-3.44.0-9.el8_1.x86_64.rpm :
* Wed Dec 04 2019 Bob Relyea - 3.44.0-9- Fix out-of-bounds write in NSC_EncryptUpdate (#1775912) * Thu Aug 08 2019 Bob Relyea - 3.44.0-8- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive *() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE *_DERIVE mechanism. * Wed Jul 03 2019 Daiki Ueno - 3.44.0-7- Backport fixes from 3.44.1 * Wed Jun 26 2019 Daiki Ueno - 3.44.0-6- Add continuous RNG test required by FIPS- fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism * Mon Jun 10 2019 Daiki Ueno - 3.44.0-5- Rebuild with the correct build target * Fri Jun 07 2019 Bob Relyea - 3.44.0-4.1- rebuild to try to retrigger CI tests * Wed Jun 05 2019 Bob Relyea - 3.44.0-4- Fix certutil man page- Fix extracting a public key from a private key for dh, ec, and dsa * Thu May 30 2019 Daiki Ueno - 3.44.0-3- Disable TLS 1.3 under FIPS mode- Disable RSASSA-PKCS1-v1_5 in TLS 1.3- Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Revert the change to use XDG basedirs (mozilla#818686) * Fri May 24 2019 Bob Relyea - 3.44.0-2- Add ike mechanisms in softokn- Add FIPS checks in softoken * Fri May 24 2019 Daiki Ueno - 3.44.0-1- Update to NSS 3.44- Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy- Use %autosetup- Clean up manual pages generation- Clean up %check- Remove prelink dependency, which is not available in RHEL-8- Remove upstreamed patches * Mon Dec 17 2018 Daiki Ueno - 3.41.0-5- Update manual pages to reflect recent changes in commands * Fri Dec 14 2018 Bob Relyea - 3.41.0-4- Make sure corresponding public keys are created when importing private keys. * Thu Dec 13 2018 Daiki Ueno - 3.41.0-3- Fix the last change- Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons * Thu Dec 13 2018 Daiki Ueno - 3.41.0-2- Restore LDFLAGS injection when linking DSO * Mon Dec 10 2018 Daiki Ueno - 3.41.0-1- Update to NSS 3.41- Consolidate nss-util, nss-softokn, and nss into a single source package * Fri Dec 07 2018 Daiki Ueno - 3.39.0-1.5- Fix the last commit * Tue Dec 04 2018 Bob Relyea - 3.39.0-1.4- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU * Thu Nov 29 2018 Daiki Ueno - 3.39.0-1.3- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854- Document PKCS #11 URI- Add warning when adding module with modutil while p11-kit is enabled * Tue Nov 13 2018 Daiki Ueno - 3.39.0-1.2- Update nss-dsa.patch to not advertise DSA signature algorithm- Update PayPal test certs for testing * Thu Oct 18 2018 Daiki Ueno - 3.39.0-1.1- Backport \"DSA\" keyword in crypto-policies * Tue Sep 25 2018 Daiki Ueno - 3.39.0-1.0- Update to NSS 3.39 * Fri Sep 14 2018 Daiki Ueno - 3.38.0-1.2- Fix LDFLAGS injection when linking DSO * Tue Jul 24 2018 Daiki Ueno - 3.38.0-1.1- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules- Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7- Use %ldconfig_scriptlets- Remove needless use of %defattr, by Jason Tibbitts * Wed Jul 18 2018 Daiki Ueno - 3.38.0-1.0- Update to NSS 3.38 * Tue Jul 17 2018 Kai Engert - 3.36.1-1.2- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875 * Fri May 25 2018 Daiki Ueno - 3.36.1-1.1- Switch the default DB type to SQL- Enable SSLKEYLOGFILE * Wed Apr 11 2018 Daiki Ueno - 3.36.1-1.0- Update to NSS 3.36.1- Remove nss-3.14.0.0-disble-ocsp-test.patch- Fix partial injection of LDFLAGS- Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1.0- Update to NSS 3.36.0- Add gcc-c++ to BuildRequires (C++ is needed for gtests)- Make test failure detection robuster * Thu Feb 08 2018 Fedora Release Engineering - 3.35.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Jan 29 2018 Kai Engert - 3.35.0-4- Fix a compiler error with gcc 8, mozbz#1434070- Set NSS_FORCE_FIPS=1 at %build time, and remove from %check. * Mon Jan 29 2018 Kai Engert - 3.35.0-3- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401 * Tue Jan 23 2018 Daiki Ueno - 3.35.0-2- Update to NSS 3.35.0 * Tue Nov 14 2017 Daiki Ueno - 3.34.0-2- Update to NSS 3.34.0 * Fri Nov 10 2017 Daiki Ueno - 3.33.0-6- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka * Wed Nov 08 2017 Kai Engert - 3.33.0-5- Fix test script * Tue Nov 07 2017 Kai Engert - 3.33.0-4- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package). * Tue Oct 24 2017 Kai Engert - 3.33.0-3- rhbz#1505487, backport upstream fixes required for rhbz#1496560 * Tue Oct 03 2017 Daiki Ueno - 3.33.0-2- Update to NSS 3.33.0 * Fri Sep 15 2017 Daiki Ueno - 3.32.1-2- Update to NSS 3.32.1 * Wed Sep 06 2017 Daiki Ueno - 3.32.0-4- Update iquote.patch to really prefer in-tree headers over system headers * Wed Aug 23 2017 Kai Engert - 3.32.0-3- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449 * Mon Aug 07 2017 Daiki Ueno - 3.32.0-2- Update to NSS 3.32.0 * Thu Aug 03 2017 Fedora Release Engineering - 3.31.0-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 3.31.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jul 18 2017 Daiki Ueno - 3.31.0-4- Backport mozbz#1381784 to avoid deadlock in dnf * Thu Jul 13 2017 Daiki Ueno - 3.31.0-3- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation * Wed Jun 21 2017 Daiki Ueno - 3.31.0-2- Rebase to NSS 3.31.0 * Fri Jun 02 2017 Daiki Ueno - 3.30.2-3- Enable gtests * Mon Apr 24 2017 Daiki Ueno - 3.30.2-2- Rebase to NSS 3.30.2- Enable TLS 1.3 * Thu Mar 30 2017 Kai Engert - 3.30.0-3- Backport upstream mozbz#1328318 to support crypto policy FUTURE. * Tue Mar 21 2017 Daiki Ueno - 3.30.0-2- Rebase to NSS 3.30.0- Remove upstreamed patches * Thu Mar 02 2017 Kai Engert - 3.29.1-3- Backport mozbz#1334976 and mozbz#1336487. * Fri Feb 17 2017 Daiki Ueno - 3.29.1-2- Rebase to NSS 3.29.1 * Thu Feb 09 2017 Daiki Ueno - 3.29.0-3- Disable TLS 1.3, following the upstream change * Wed Feb 08 2017 Daiki Ueno - 3.29.0-2- Rebase to NSS 3.29.0- Suppress -Werror=int-in-bool-context warnings with GCC7 * Mon Jan 23 2017 Daiki Ueno - 3.28.1-6- Work around pkgconfig -> pkgconf transition issue (releng#6597) * Fri Jan 20 2017 Daiki Ueno - 3.28.1-5- Disable TLS 1.3- Add \"Conflicts\" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1- Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream * Tue Jan 17 2017 Daiki Ueno - 3.28.1-4- Add \"Conflicts\" with older firefox packages which don\'t have support for smaller curves added in NSS 3.28.1 * Fri Jan 13 2017 Daiki Ueno - 3.28.1-3- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado * Fri Jan 06 2017 Daiki Ueno - 3.28.1-2- Rebase to NSS 3.28.1- Remove upstreamed patch for disabling RSA-PSS- Re-enable TLS 1.3 * Wed Nov 30 2016 Daiki Ueno - 3.27.2-2- Rebase to NSS 3.27.2 * Tue Nov 15 2016 Daiki Ueno - 3.27.0-5- Revert the previous fix for RSA-PSS and use the upstream fix instead * Wed Nov 02 2016 Kai Engert - 3.27.0-4- Disable the use of RSA-PSS with SSL/TLS. #1383809 * Sun Oct 02 2016 Daiki Ueno - 3.27.0-3- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers * Thu Sep 29 2016 Daiki Ueno - 3.27.0-2- Rebase to NSS 3.27.0- Remove upstreamed ectest patch * Mon Aug 08 2016 Daiki Ueno - 3.26.0-2- Rebase to NSS 3.26.0- Update check policy file patch to better match what was upstreamed- Remove conditionally ignore system policy patch as it has been upstreamed- Skip ectest as well as ecperf, which are built as part of nss-softokn- Fix rpmlint error regarding %define usage * Thu Jul 14 2016 Elio Maldonado - 3.25.0-6- Incorporate some changes requested in upstream review and commited upstream (#1157720) * Fri Jul 01 2016 Elio Maldonado - 3.25.0-5- Add support for conditionally ignoring the system policy (#1157720)- Remove unneeded test scripts patches in order to run more tests- Remove unneeded test data modifications from the spec file * Tue Jun 28 2016 Elio Maldonado - 3.25.0-4- Remove obsolete patch and spurious lines from the spec file (#1347336) * Sun Jun 26 2016 Elio Maldonado - 3.25.0-3- Cleanup spec file and patches and add references to bugs filed upstream * Fri Jun 24 2016 Elio Maldonado - 3.25.0-2- Rebase to nss 3.25 * Thu Jun 16 2016 Kamil Dudka - 3.24.0-3- decouple nss-pem from the nss package (#1347336) * Fri Jun 03 2016 Elio Maldonado - 3.24.0-2.3- Apply the patch that was last introduced- Renumber and reorder some of the patches- Resolves: Bug 1342158 * Thu Jun 02 2016 Elio Maldonado - 3.24.0-2.2- Allow application requests to disable SSL v2 to succeed- Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails * Sun May 29 2016 Elio Maldonado - 3.24.0-2.1- Rebase to NSS 3.24.0- Restore setting the policy file location- Make ssl tests scripts aware of policy- Ajust tests data expected result for policy * Tue May 24 2016 Elio Maldonado - 3.24.0-2.0- Bootstrap build to rebase to NSS 3.24.0- Temporarily not setting the policy file location * Thu May 12 2016 Elio Maldonado - 3.23.0-9- Change POLICY_FILE to \"nss.config\" * Fri Apr 22 2016 Elio Maldonado - 3.23.0-8- Change POLICY_FILE to \"nss.cfg\" * Wed Apr 20 2016 Elio Maldonado - 3.23.0-7- Change the POLICY_PATH to \"/etc/crypto-policies/back-ends\"- Regenerate the check policy patch with hg to provide more context * Thu Apr 14 2016 Elio Maldonado - 3.23.0-6- Fix typo in the last %changelog entry * Thu Mar 24 2016 Elio Maldonado - 3.23.0-5- Load policy file if /etc/pki/nssdb/policy.cfg exists- Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy * Tue Mar 08 2016 Elio Maldonado - 3.23.0-4- Remove unused patch rendered obsolete by pem update * Tue Mar 08 2016 Elio Maldonado - 3.23.0-3- Update pem sources to latest from nss-pem upstream- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key * Sat Mar 05 2016 Elio Maldonado - 3.23.0-2- Rebase to NSS 3.23 * Sat Feb 27 2016 Elio Maldonado - 3.22.2-2- Rebase to NSS 3.22.2 * Tue Feb 23 2016 Elio Maldonado - 3.22.1-3- Fix ssl2/exp test disabling to run all the required tests * Sun Feb 21 2016 Elio Maldonado - 3.22.1-1- Rebase to NSS 3.22.1 * Mon Feb 08 2016 Elio Maldonado - 3.22.0-3- Update .gitignore as part of updating to nss 3.22 * Mon Feb 08 2016 Elio Maldonado - 3.22.0-2- Update to NSS 3.22 * Thu Feb 04 2016 Fedora Release Engineering - 3.21.0-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Fri Jan 15 2016 Elio Maldonado - 3.21.0-6- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite- Remove \'export NSS_DISABLE_GTESTS=1\' go ssl_gtests are built- Use %define when specifying the nss_tests to run * Wed Dec 30 2015 Michal Toman - 3.21.0-5- Add 64-bit MIPS to multilib arches * Fri Nov 20 2015 Elio Maldonado - 3.21.0-4- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0- Resolves: Bug 1284095 - all https fails with sec_error_no_token * Sun Nov 15 2015 Elio Maldonado - 3.21.0-3- Add references to bugs filed upstream * Fri Nov 13 2015 Elio Maldonado Batiz - 3.21.1-2- Update to NSS 3.21- Package listsuites as part of the unsupported tools set- Resolves: Bug 1279912 - nss-3.21 is available- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set * Fri Oct 30 2015 Elio Maldonado - 3.20.1-2- Update to NSS 3.20.1 * Wed Sep 30 2015 Elio Maldonado - 3.20.0-6- Enable ECC cipher-suites by default [hrbz#1185708]- Split the enabling patch in two for easier maintenance- Remove unused patches rendered obsolete by prior rebase * Wed Sep 16 2015 Elio Maldonado - 3.20.0-5- Enable ECC cipher-suites by default [hrbz#1185708]- Implement corrections requested in code review * Tue Sep 15 2015 Elio Maldonado - 3.20.0-4- Enable ECC cipher-suites by default [hrbz#1185708] * Mon Sep 14 2015 Elio Maldonado - 3.20.0-3- Fix patches that disable ssl2 and export cipher suites support- Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers- Fix syntax errors in patch to skip ssl2 and export cipher suite tests- Turn ssl2 off by default in the tstclnt tool- Disable ssl stress tests containing TLS RC4 128 with MD5 * Thu Aug 20 2015 Elio Maldonado - 3.20.0-2- Update to NSS 3.20 * Sat Aug 08 2015 Elio Maldonado - 3.19.3-2- Update to NSS 3.19.3 * Fri Jun 26 2015 Elio Maldonado - 3.19.2-3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers * Wed Jun 17 2015 Kai Engert - 3.19.2-2- Update to NSS 3.19.2 * Thu May 28 2015 Kai Engert - 3.19.1-2- Update to NSS 3.19.1 * Tue May 19 2015 Kai Engert - 3.19.0-2- Update to NSS 3.19 * Fri May 15 2015 Kai Engert - 3.18.0-2- Replace expired test certificates, upstream bug 1151037 * Thu Mar 19 2015 Elio Maldonado - 3.18.0-1- Update to nss-3.18.0- Resolves: Bug 1203689 - nss-3.18 is available * Tue Mar 03 2015 Elio Maldonado - 3.17.4-5- Disable export suites and SSL2 support at build time- Fix syntax errors in various shell scripts- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites * Sat Feb 21 2015 Till Maas - 3.17.4-4- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Tue Feb 10 2015 Elio Maldonado - 3.17.4-3- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2- Backing out from disabling ssl2 until the patches are fixed * Mon Feb 09 2015 Elio Maldonado - 3.17.4-2- Disable SSL2 support at build time- Fix syntax errors in various shell scripts- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites * Wed Jan 28 2015 Elio Maldonado - 3.17.4-1- Update to nss-3.17.4 * Sat Jan 24 2015 Ville Skyttä - 3.17.3-4- Own the %{_datadir}/doc/nss-tools dir * Tue Dec 16 2014 Elio Maldonado - 3.17.3-3- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Install pp man page in %{_datadir}/doc/nss-tools/pp.1- Use %{_mandir} instead of /usr/share/man as more generic * Mon Dec 15 2014 Elio Maldonado - 3.17.3-2- Install pp man page in alternative location- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer * Fri Dec 05 2014 Elio Maldonado - 3.17.3-1- Update to nss-3.17.3- Resolves: Bug 1171012 - nss-3.17.3 is available * Thu Oct 16 2014 Elio Maldonado - 3.17.2-2- Resolves: Bug 994599 - Enable TLS 1.2 by default * Sun Oct 12 2014 Elio Maldonado - 3.17.2-1- Update to nss-3.17.2 * Wed Sep 24 2014 Kai Engert - 3.17.1-1- Update to nss-3.17.1- Add a mechanism to skip test suite execution during development work * Thu Aug 21 2014 Kevin Fenzi - 3.17.0-2- Rebuild for rpm bug 1131960 * Tue Aug 19 2014 Elio Maldonado - 3.17.0-1- Update to nss-3.17.0 * Sun Aug 17 2014 Fedora Release Engineering - 3.16.2-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Jul 30 2014 Elio Maldonado - 3.16.2-3- Replace expired PayPal test cert with current one to prevent build failure * Fri Jul 18 2014 Tom Callaway - 3.16.2-2- fix license handling * Sun Jun 29 2014 Elio Maldonado - 3.16.2-1- Update to nss-3.16.2 * Sun Jun 15 2014 Elio Maldonado - 3.16.1-4- Remove unwanted source directories at end of %prep so it truly does it- Skip the cipher suite already run as part of the nss-softokn build * Sat Jun 07 2014 Fedora Release Engineering - 3.16.1-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 12 2014 Jaromir Capik - 3.16.1-2- Replacing ppc64 and ppc64le with the power64 macro- Related: Bug 1052545 - Trivial change for ppc64le in nss spec * Tue May 06 2014 Elio Maldonado - 3.16.1-1- Update to nss-3.16.1- Update the iquote patch on account of the rebase- Improve error detection in the %section- Resolves: Bug 1094702 - nss-3.16.1 is available * Tue Mar 18 2014 Elio Maldonado - 3.16.0-1- Update to nss-3.16.0- Cleanup the copying of the tools man pages- Update the iquote.patch on account of the rebase * Tue Mar 04 2014 Elio Maldonado - 3.15.5-2- Restore requiring nss_softokn_version >= 3.15.5 * Wed Feb 19 2014 Elio Maldonado - 3.15.5-1- Update to nss-3.15.5- Temporarily requiring only nss_softokn_version >= 3.15.4- Fix location of sharedb files and their manpages- Move cert9.db, key4.db, and pkcs11.txt to the main package- Move nss-sysinit manpages tar archives to the main package- Resolves: Bug 1066877 - nss-3.15.5 is available- Resolves: Bug 1067091 - Move sharedb files to the %files section * Thu Feb 06 2014 Elio Maldonado - 3.15.4-5- Revert previous change that moved some sysinit manpages- Restore nss-sysinit manpages tar archives to %files sysinit- Removing spurious wildcard entry was the only change needed * Mon Jan 27 2014 Elio Maldonado - 3.15.4-4- Add explanatory comments for iquote.patch as was done on f20 * Sat Jan 25 2014 Elio Maldonado - 3.15.4-3- Update pem sources to latest from nss-pem upstream- Pick up pem fixes verified on RHEL and applied upstream- Fix a problem where same files in two rpms created rpm conflict- Move some nss-sysinit manpages tar archives to the %files the- All man pages are listed by name so there shouldn\'t be wildcard inclusion- Add support for ppc64le, Resolves: Bug 1052545 * Mon Jan 20 2014 Peter Robinson 3.15.4-2- ARM tests pass so remove ARM conditional * Tue Jan 07 2014 Elio Maldonado - 3.15.4-1- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)- Resolves: Bug 1049229 - nss-3.15.4 is available- Update pem sources to latest from the interim upstream for pem- Remove no longer needed patches- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken- Update iquote.patch on account of upstream changes * Wed Dec 11 2013 Elio Maldonado - 3.15.3.1-1- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)- Resolves: Bug 1040192 - nss-3.15.3.1 is available * Tue Dec 03 2013 Elio Maldonado - 3.15.3-2- Bump the release tag * Sun Nov 24 2013 Elio Maldonado - 3.15.3-1- Update to NSS_3_15_3_RTM- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws- Fix option descriptions for setup-nsssysinit manpage- Fix man page of nss-sysinit wrong path and other flaws- Document email option for certutil manpage- Remove unused patches * Sun Oct 27 2013 Elio Maldonado - 3.15.2-3- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245] * Wed Oct 23 2013 Elio Maldonado - 3.15.2-2- Use the full sources from upstream- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird * Thu Sep 26 2013 Elio Maldonado - 3.15.2-1- Update to NSS_3_15_2_RTM- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel * Wed Aug 28 2013 Elio Maldonado - 3.15.1-7- Update pem sources to pick up a patch applied upstream which a faulty merge had missed- The pem module should not require unique file basenames * Tue Aug 27 2013 Elio Maldonado - 3.15.1-6- Update pem sources to the latest from interim upstream * Mon Aug 19 2013 Elio Maldonado - 3.15.1-5- Resolves: rhbz#996639 - Minor bugs in nss man pages- Fix some typos and improve description and see also sections * Sun Aug 11 2013 Elio Maldonado - 3.15.1-4- Cleanup spec file to address most rpmlint errors and warnings- Using double percent symbols to fix macro-in-comment warnings- Ignore unversioned-explicit-provides nss-system-init per spec comments- Ignore invalid-url Source0 as it comes from the git lookaside cache- Ignore invalid-url Source12 as it comes from the git lookaside cache * Thu Jul 25 2013 Elio Maldonado - 3.15.1-3- Add man page for pkcs11.txt configuration file and cert and key databases- Resolves: rhbz#985114 - Provide man pages for the nss configuration files * Fri Jul 19 2013 Elio Maldonado - 3.15.1-2- Fix errors in the man pages- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit * Tue Jul 02 2013 Elio Maldonado - 3.15.1-1- Update to NSS_3_15_1_RTM- Enable the iquote.patch to access newly introduced types * Wed Jun 19 2013 Elio Maldonado - 3.15-5- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts- Resolves: rhbz#606020 - nss security tools lack man pages * Tue Jun 18 2013 emaldona - 3.15-4- Build nss without softoken or util sources in the tree- Resolves: rhbz#689918 * Mon Jun 17 2013 emaldona - 3.15-3- Update ssl-cbc-random-iv-by-default.patch * Sun Jun 16 2013 Elio Maldonado - 3.15-2- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config * Sat Jun 15 2013 Elio Maldonado - 3.15-1- Update to NSS_3_15_RTM * Wed Apr 24 2013 Elio Maldonado - 3.15-0.1.beta1.2- Fix incorrect path that hid failed test from view- Add ocsp to the test suites to run but ...- Temporarily disable the ocsp stapling tests- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors * Thu Apr 04 2013 Elio Maldonado - 3.15-0.1.beta1.1- Update to NSS_3_15_BETA1- Update spec file, patches, and helper scripts on account of a shallower source tree * Sun Mar 24 2013 Kai Engert - 3.14.3-12- Update expired test certificates (fixed in upstream bug 852781) * Fri Mar 08 2013 Kai Engert - 3.14.3-10- Fix incorrect post/postun scripts. Fix broken links in posttrans. * Wed Mar 06 2013 Kai Engert - 3.14.3-9- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement. * Fri Feb 15 2013 Elio Maldonado - 3.14.3-1- Update to NSS_3_14_3_RTM- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack- Resolves: rhbz#896651 - PEM module trashes private keys if login fails- Resolves: rhbz#909775 - specfile support for AArch64- Resolves: rhbz#910584 - certutil -a does not produce ASCII output * Mon Feb 04 2013 Elio Maldonado - 3.14.2-2- Allow building nss against older system sqlite * Fri Feb 01 2013 Elio Maldonado - 3.14.2-1- Update to NSS_3_14_2_RTM * Wed Jan 02 2013 Kai Engert - 3.14.1-3- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM * Sat Dec 22 2012 Elio Maldonado - 3.14.1-2- Require nspr >= 4.9.4- Fix changelog invalid dates * Mon Dec 17 2012 Elio Maldonado - 3.14.1-1- Update to NSS_3_14_1_RTM * Wed Dec 12 2012 Elio Maldonado - 3.14-12- Bug 879978 - Install the nssck.api header template where mod_revocator can access it- Install nssck.api in /usr/includes/nss3/templates * Tue Nov 27 2012 Elio Maldonado - 3.14-11- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it- Install nssck.api in /usr/includes/nss3 * Mon Nov 19 2012 Elio Maldonado - 3.14-10- Bug 870864 - Add support in NSS for Secure Boot * Sat Nov 10 2012 Elio Maldonado - 3.14-9- Disable bypass code at build time and return failure on attempts to enable at runtime- Bug 806588 - Disable SSL PKCS #11 bypass at build time * Sun Nov 04 2012 Elio Maldonado - 3.14-8- Fix pk11wrap locking which fixes \'fedpkg new-sources\' and \'fedpkg update\' hangs- Bug 872124 - nss-3.14 breaks fedpkg new-sources- Fix should be considered preliminary since the patch may change upon upstream approval * Thu Nov 01 2012 Elio Maldonado - 3.14-7- Add a dummy source file for testing /preventing fedpkg breakage- Helps test the fedpkg new-sources and upload commands for breakage by nss updates- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources * Thu Nov 01 2012 Elio Maldonado - 3.14-6- Fix a previous unwanted merge from f18- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while- Keeping the patch disabled while we are still in rawhide and- State in comment that patch is needed for both stable and beta branches- Update .gitignore to download only the new sources * Wed Oct 31 2012 Elio Maldonado - 3.14-5- Fix the spec file so sechash.h gets installed- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14 * Sat Oct 27 2012 Elio Maldonado - 3.14-4- Update the license to MPLv2.0 * Wed Oct 24 2012 Elio Maldonado - 3.14-3- Use only -f when removing unwanted headers * Tue Oct 23 2012 Elio Maldonado - 3.14-2- Add secmodt.h to the headers installed by nss-devel- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14 * Mon Oct 22 2012 Elio Maldonado - 3.14-1- Update to NSS_3_14_RTM * Sun Oct 21 2012 Elio Maldonado - 3.14-0.1.rc.1- Update to NSS_3_14_RC1- update nss-589636.patch to apply to httpdserv- turn off ocsp tests for now- remove no longer needed patches- remove headers shipped by nss-util * Fri Oct 05 2012 Kai Engert - 3.13.6-1- Update to NSS_3_13_6_RTM * Mon Aug 27 2012 Elio Maldonado - 3.13.5-8- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix * Mon Aug 13 2012 Elio Maldonado - 3.13.5-7- Fix pluggable ecc support * Fri Jul 20 2012 Fedora Release Engineering - 3.13.5-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sun Jul 01 2012 Elio Maldonado - 3.13.5-5- Fix checkin comment to prevent unwanted expansions of percents * Sun Jul 01 2012 Elio Maldonado - 3.13.5-4- Resolves: Bug 830410 - Missing Requires %{?_isa}- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib- Enable sha224 portion of powerup selftest when running test suites- Require nspr 4.9.1 * Wed Jun 20 2012 Elio Maldonado - 3.13.5-3- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in * Tue Jun 19 2012 Elio Maldonado - 3.13.5-2- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in * Mon Jun 18 2012 Elio Maldonado - 3.13.5-1- Update to NSS_3_13_5_RTM * Fri Apr 13 2012 Elio Maldonado - 3.13.4-3- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3 * Sun Apr 08 2012 Elio Maldonado - 3.13.4-2- Resolves: Bug 805723 - Library needs partial RELRO support added- Patch coreconf/Linux.mk as done on RHEL 6.2 * Fri Apr 06 2012 Elio Maldonado - 3.13.4-1- Update to NSS_3_13_4_RTM- Update the nss-pem source archive to the latest version- Remove no longer needed patches- Resolves: Bug 806043 - use pem files interchangeably in a single process- Resolves: Bug 806051 - PEM various flaws detected by Coverity- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name * Wed Mar 21 2012 Elio Maldonado - 3.13.3-4- Resolves: Bug 805723 - Library needs partial RELRO support added * Fri Mar 09 2012 Elio Maldonado - 3.13.3-3- Cleanup of the spec file- Add references to the upstream bugs- Fix typo in Summary for sysinit * Thu Mar 08 2012 Elio Maldonado - 3.13.3-2- Pick up fixes from RHEL- Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync- Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update- Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections * Thu Mar 01 2012 Elio Maldonado - 3.13.3-1- Update to NSS_3_13_3_RTM * Mon Jan 30 2012 Tom Callaway - 3.13.1-13- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals * Thu Jan 26 2012 Elio Maldonado - 3.13.1-12- Resolves: Bug 784672 - nss should protect against being called before nss_Init * Fri Jan 13 2012 Fedora Release Engineering - 3.13.1-11- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Jan 06 2012 Elio Maldonado - 3.13.1-11- Deactivate a patch currently meant for stable branches only * Fri Jan 06 2012 Elio Maldonado - 3.13.1-10- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity- NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request * Tue Dec 13 2011 elio maldonado - 3.13.1-9- Revert to using current nss_softokn_version- Patch to deal with lack of sha224 is no longer needed * Tue Dec 13 2011 Elio Maldonado - 3.13.1-8- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV * Mon Dec 12 2011 Elio Maldonado - 3.13.1-7- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS- Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y- Only patch blapitest for the lack of sha224 on system freebl- Completed the patch to make pem link against system freebl * Mon Dec 05 2011 Elio Maldonado - 3.13.1-6- Removed unwanted /usr/include/nss3 in front of the normal cflags include path- Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it\'s visible * Sun Dec 04 2011 Elio Maldonado - 3.13.1-5- Statically link the pem module against system freebl found in buildroot- Disabling sha224-related powerup selftest until we update softokn- Disable sha224 and pss tests which nss-softokn 3.12.x doesn\'t support * Fri Dec 02 2011 Elio Maldonado Batiz - 3.13.1-4- Rebuild with nss-softokn from 3.12 in the buildroot- Allows the pem module to statically link against 3.12.x freebl- Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo- Build will be temprarily placed on buildroot override but not pushed in bodhi * Fri Nov 04 2011 Elio Maldonado - 3.13.1-2- Fix broken dependencies by updating the nss-util and nss-softokn versions * Thu Nov 03 2011 Elio Maldonado - 3.13.1-1- Update to NSS_3_13_1_RTM- Update builtin certs to those from NSSCKBI_1_88_RTM * Sat Oct 15 2011 Elio Maldonado - 3.13-1- Update to NSS_3_13_RTM * Sat Oct 08 2011 Elio Maldonado - 3.13-0.1.rc0.1- Update to NSS_3_13_RC0 * Wed Sep 14 2011 Elio Maldonado - 3.12.11-3- Fix attempt to free initilized pointer (#717338)- Fix leak on pem_CreateObject when given non-existing file name (#734760)- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410) * Tue Sep 06 2011 Kai Engert - 3.12.11-2- Update builtins certs to those from NSSCKBI_1_87_RTM * Tue Aug 09 2011 Elio Maldonado - 3.12.11-1- Update to NSS_3_12_11_RTM * Sat Jul 23 2011 Elio Maldonado - 3.12.10-6- Indicate the provenance of stripped source tarball (#688015) * Mon Jun 27 2011 Michael Schwendt - 3.12.10-5- Provide virtual -static package to meet guidelines (#609612). * Fri Jun 10 2011 Elio Maldonado - 3.12.10-4- Enable pluggable ecc support (#712556)- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045) * Fri May 20 2011 Dennis Gilmore - 3.12.10-3- make the testsuite non fatal on arm arches * Tue May 17 2011 Elio Maldonado - 3.12.10-2- Fix crmf hard-coded maximum size for wrapped private keys (#703656) * Fri May 06 2011 Elio Maldonado - 3.12.10-1- Update to NSS_3_12_10_RTM * Wed Apr 27 2011 Elio Maldonado - 3.12.10-0.1.beta1- Update to NSS_3_12_10_BETA1 * Mon Apr 11 2011 Elio Maldonado - 3.12.9-15- Implement PEM logging using NSPR\'s own (#695011) * Wed Mar 23 2011 Elio Maldonado - 3.12.9-14- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM * Thu Feb 24 2011 Elio Maldonado - 3.12.9-13- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183) * Fri Feb 18 2011 Elio Maldonado - 3.12.9-12- Add a missing requires for pkcs11-devel (#675196) * Tue Feb 15 2011 Elio Maldonado - 3.12.9-11- Run the test suites in the check section (#677809) * Thu Feb 10 2011 Elio Maldonado - 3.12.9-10- Fix cms headers to not use c++ reserved words (#676036)- Reenabling Bug 499444 patches- Fix to swap internal key slot on fips mode switches * Tue Feb 08 2011 Elio Maldonado - 3.12.9-9- Revert patches for 499444 until all c++ reserved words are found and extirpated * Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Feb 08 2011 Elio Maldonado - 3.12.9-7- Fix cms header to not use c++ reserved word (#676036)- Reenable patches for bug 499444 * Tue Feb 08 2011 Christopher Aillon - 3.12.9-6- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail * Fri Feb 04 2011 Elio Maldonado - 3.12.9-5- Fix the earlier infinite recursion patch (#499444)- Remove a header that now nss-softokn-freebl-devel ships * Tue Feb 01 2011 Elio Maldonado - 3.12.9-4- Fix infinite recursion when encoding NSS enveloped/digested data (#499444) * Mon Jan 31 2011 Elio Maldonado - 3.12.9-3- Update the cacert trust patch per upstream review requests (#633043) * Wed Jan 19 2011 Elio Maldonado - 3.12.9-2- Fix to honor the user\'s cert trust preferences (#633043)- Remove obsoleted patch * Wed Jan 12 2011 Elio Maldonado - 3.12.9-1- Update to 3.12.9 * Mon Dec 27 2010 Elio Maldonado - 3.12.9-0.1.beta2- Rebuilt according to fedora pre-release package naming guidelines * Fri Dec 10 2010 Elio Maldonado - 3.12.8.99.2-1- Update to NSS_3_12_9_BETA2- Fix libpnsspem crash when cacert dir contains other directories (#642433) * Wed Dec 08 2010 Elio Maldonado - 3.12.8.99.1-1- Update to NSS_3_12_9_BETA1 * Thu Nov 25 2010 Elio Maldonado - 3.12.8-9- Update pem source tar with fixes for 614532 and 596674- Remove no longer needed patches * Fri Nov 05 2010 Elio Maldonado - 3.12.8-8- Update PayPalEE.cert test certificate which had expired * Sun Oct 31 2010 Elio Maldonado - 3.12.8-7- Tell rpm not to verify md5, size, and modtime of configurations file * Mon Oct 18 2010 Elio Maldonado - 3.12.8-6- Fix certificates trust order (#643134)- Apply nss-sysinit-userdb-first.patch last * Wed Oct 06 2010 Elio Maldonado - 3.12.8-5- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248) * Tue Oct 05 2010 Elio Maldonado - 3.12.8-4- Fix invalid %postun scriptlet (#639248) | |