|
|
|
|
Changelog for nss-softokn-freebl-devel-3.90.0-6.el8_9.x86_64.rpm :
* Tue Jan 23 2024 Bob Relyea - 3.90.0-6- Fix ecc DER wrapping. * Wed Jan 17 2024 Bob Relyea - 3.90.0-5- Pick up validated constant time implementations of p256, p384, and p521 from upsream- More Fips indicator changes * Wed Dec 06 2023 Bob Relyea - 3.90.0-4- FIPS review changes- add PORT_SafeZero to avoid compiler optimizing a way zeroing memory.- update the indicators for this release- allow hashing of longer than int32 values in a single PKCS #11 call. * Tue Nov 21 2023 Bob Relyea - 3.90.0-3.1- Fix expired certs in tests- Fix CVE-2023-5388 * Thu Aug 03 2023 Bob Relyea - 3.90.0-3- add indicators for pbkdf2- add camellia to pkcs12 doc files- fix ems policy bug- disable ech * Thu Jul 27 2023 Bob Relyea - 3.90.0-2- fix the change log * Thu Jul 27 2023 Bob Relyea - 3.90.0-1- rebase to NSS 3.90 * Wed Mar 08 2023 Bob Relyea - 3.79.0-11- Fix CVE-2023-0767 * Thu Aug 11 2022 Bob Relyea - 3.79.0-10- Fix QA found failures:- remove extra \'+\' from sslpolicy.txt file causing test error values- only use GRND_RANDOM if the kernel is in FIPS mode. * Fri Aug 05 2022 Bob Relyea - 3.79.0-9- FIPS 140-3 changes * Wed Jul 13 2022 Bob Relyea - 3.79.0-8- Update fips default for pk12util to AES rather than TDES- Fix bug in pkcs12 files with null passwords * Wed Jul 06 2022 Bob Relyea - 3.79.0-7- Better fix for test regressions * Mon Jun 27 2022 Bob Relyea - 3.79.0-6- fix nss.spec so it works in a rhel-8.1.0 buildroot * Mon Jun 20 2022 Bob Relyea - 3.79.0-5- FIPS 140-3 changes- Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject signature keys by policy- Allow applications to retrigger selftests on demand. * Fri Jun 17 2022 Bob Relyea - 3.79.0-4- Fix pkgconfig output * Wed Jun 15 2022 Bob Relyea - 3.79.0-3- NSR Coverity fix changed selfserv from passive to active, change it back * Sat Jun 11 2022 Bob Relyea - 3.79.0-2- Fix regressions found in test suites. * Thu Jun 02 2022 Bob Relyea - 3.79.0-1- Rebase to NSS 3.79- Set FIPS Module ID- skip attribute verification on attributes with default values- don\'t export trust objects if they are default trust objects from dbm- add dbtool to nss-tools * Thu Nov 18 2021 Bob Relyea - 3.67.0-7- Fix CVE 2021 43527 * Tue Jul 06 2021 Bob Relyea - 3.67.0-6- Fix ssl alert issue * Thu Jul 01 2021 Bob Relyea - 3.67.0-5- Fix issue with reading databases that were updated using unpatched versions of nss * Tue Jun 29 2021 Bob Relyea - 3.67.0-4- Better fix for the sdb timeout. The issue wasn\'t a race, it was the sqlite timeout waiting to begin a transaction under heavy thread usage. * Mon Jun 28 2021 Bob Relyea - 3.67.0-3- Fix sdb race condition * Fri Jun 18 2021 Bob Relyea - 3.67.0-2- Fix coverity issues * Thu Jun 17 2021 Bob Relyea - 3.67.0-1- Rebase to NSS 3.67 * Tue Jun 15 2021 Bob Relyea - 3.66.0-2- Restore old pkcs12 defaults. * Mon Jun 14 2021 Bob Relyea - 3.66.0-1.1- build nss for older nspr so we can pass gating with the new nspr in the build root * Wed Jun 02 2021 Bob Relyea - 3.66.0-1- Rebase to NSS 3.66 * Thu Dec 03 2020 Bob Relyea - 3.53.1-17- Fix various corner cases with ike v1 app b support. * Thu Nov 19 2020 Bob Relyea - 3.53.1-16- Fix the following CVE- CVE-2020-12403 chacha-poly issues- CVE-2020-12400 constant time ECC.- CVE-2020-6829 constant time ECC. * Wed Nov 04 2020 Bob Relyea - 3.53.1-15- Revert some policy changes the generate ABI runtime issues. * Thu Oct 29 2020 Bob Relyea - 3.53.1-14- Add support for enable/disable in policy. Now if your policy file has disallow=x enable=y it will act just like our other libraries. * Mon Oct 26 2020 Bob Relyea - 3.53.1-13- Add OAEP interface so applications can wrap keys with RSA-OAEP rather than RSA-PKCS-1. * Mon Oct 19 2020 Bob Relyea - 3.53.1-12- fips need to reject small primes even if they are approved- code to autodetect whether or not to use the cache needs to do so in a way that doesn\'t mess with filesystem negative file caching.- add kdf selftests * Thu Jul 30 2020 Bob Relyea - 3.53.1-11- Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8) * Thu Jul 30 2020 Bob Relyea - 3.53.1-10- Disable dh timing test because it\'s unreliable on s390 * Thu Jul 30 2020 Daiki Ueno - 3.53.1-9- Explicitly enable upgradedb/sharedb test cycles * Wed Jul 29 2020 Daiki Ueno - 3.53.1-8- Disable Delegated Credentials for TLS * Fri Jul 24 2020 Bob Relyea - 3.53.1-7- Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked. * Mon Jul 13 2020 Daiki Ueno - 3.53.1-6- Update nss-rsa-pkcs1-sigalgs.patch to the upstream version * Sat Jul 11 2020 Bob Relyea - 3.53.1-5- Include required checks for dh and ecdh key generation in FIPS mode. * Wed Jul 08 2020 Bob Relyea - 3.53.1-4- Add better checks for dh derive operations in FIPS mode. * Thu Jun 25 2020 Daiki Ueno - 3.53.1-3- Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938)- Adjust for update-crypto-policies packaging change (#1848649)- Fix compilation with -Werror=strict-prototypes (#1843417) * Wed Jun 24 2020 Daiki Ueno - 3.53.1-2- Fix regression in MD5 disablement (#1849938)- Include rsa_pkcs1_ * in signature_algorithms extension (#1847945) * Mon Jun 22 2020 Daiki Ueno - 3.53.1-1- Update to NSS 3.53.1 * Sat Jun 06 2020 Daiki Ueno - 3.53.0-1- Update to NSS 3.53 * Fri Jan 31 2020 Bob Relyea - 3.44.0-15- Fix swapped CMAC PKCS #11 values.- Fix data alignment crash in CMAC. * Tue Dec 03 2019 Bob Relyea - 3.44.0-14- Fix coverify scan issue * Mon Dec 02 2019 Bob Relyea - 3.44.0-13- Fix endian problem in SP-800 108 code. * Thu Nov 28 2019 Daiki Ueno - 3.44.0-12- Install cmac.h required by blapi.h (#1764513)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775913) * Wed Nov 27 2019 Bob Relyea - 3.44.0-11- Add SP-800 108 Generalized kdf * Mon Nov 11 2019 Daiki Ueno - 3.44.0-10- Check policy against hash algorithms used for ServerKeyExchange (#1730039) * Wed Nov 06 2019 Bob Relyea - 3.44.0-9- Add CMAC * Thu Aug 08 2019 Bob Relyea - 3.44.0-8- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive *() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE *_DERIVE mechanism. * Wed Jul 03 2019 Daiki Ueno - 3.44.0-7- Backport fixes from 3.44.1 * Wed Jun 26 2019 Daiki Ueno - 3.44.0-6- Add continuous RNG test required by FIPS- fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism * Mon Jun 10 2019 Daiki Ueno - 3.44.0-5- Rebuild with the correct build target * Fri Jun 07 2019 Bob Relyea - 3.44.0-4.1- rebuild to try to retrigger CI tests * Wed Jun 05 2019 Bob Relyea - 3.44.0-4- Fix certutil man page- Fix extracting a public key from a private key for dh, ec, and dsa * Thu May 30 2019 Daiki Ueno - 3.44.0-3- Disable TLS 1.3 under FIPS mode- Disable RSASSA-PKCS1-v1_5 in TLS 1.3- Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Revert the change to use XDG basedirs (mozilla#818686) * Fri May 24 2019 Bob Relyea - 3.44.0-2- Add ike mechanisms in softokn- Add FIPS checks in softoken * Fri May 24 2019 Daiki Ueno - 3.44.0-1- Update to NSS 3.44- Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy- Use %autosetup- Clean up manual pages generation- Clean up %check- Remove prelink dependency, which is not available in RHEL-8- Remove upstreamed patches * Mon Dec 17 2018 Daiki Ueno - 3.41.0-5- Update manual pages to reflect recent changes in commands * Fri Dec 14 2018 Bob Relyea - 3.41.0-4- Make sure corresponding public keys are created when importing private keys. * Thu Dec 13 2018 Daiki Ueno - 3.41.0-3- Fix the last change- Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons * Thu Dec 13 2018 Daiki Ueno - 3.41.0-2- Restore LDFLAGS injection when linking DSO * Mon Dec 10 2018 Daiki Ueno - 3.41.0-1- Update to NSS 3.41- Consolidate nss-util, nss-softokn, and nss into a single source package * Fri Dec 07 2018 Daiki Ueno - 3.39.0-1.5- Fix the last commit * Tue Dec 04 2018 Bob Relyea - 3.39.0-1.4- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU * Thu Nov 29 2018 Daiki Ueno - 3.39.0-1.3- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854- Document PKCS #11 URI- Add warning when adding module with modutil while p11-kit is enabled * Tue Nov 13 2018 Daiki Ueno - 3.39.0-1.2- Update nss-dsa.patch to not advertise DSA signature algorithm- Update PayPal test certs for testing * Thu Oct 18 2018 Daiki Ueno - 3.39.0-1.1- Backport \"DSA\" keyword in crypto-policies * Tue Sep 25 2018 Daiki Ueno - 3.39.0-1.0- Update to NSS 3.39 * Fri Sep 14 2018 Daiki Ueno - 3.38.0-1.2- Fix LDFLAGS injection when linking DSO * Tue Jul 24 2018 Daiki Ueno - 3.38.0-1.1- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules- Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7- Use %ldconfig_scriptlets- Remove needless use of %defattr, by Jason Tibbitts * Wed Jul 18 2018 Daiki Ueno - 3.38.0-1.0- Update to NSS 3.38 * Tue Jul 17 2018 Kai Engert - 3.36.1-1.2- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875 * Fri May 25 2018 Daiki Ueno - 3.36.1-1.1- Switch the default DB type to SQL- Enable SSLKEYLOGFILE * Wed Apr 11 2018 Daiki Ueno - 3.36.1-1.0- Update to NSS 3.36.1- Remove nss-3.14.0.0-disble-ocsp-test.patch- Fix partial injection of LDFLAGS- Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream * Fri Mar 09 2018 Daiki Ueno - 3.36.0-1.0- Update to NSS 3.36.0- Add gcc-c++ to BuildRequires (C++ is needed for gtests)- Make test failure detection robuster * Thu Feb 08 2018 Fedora Release Engineering - 3.35.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Jan 29 2018 Kai Engert - 3.35.0-4- Fix a compiler error with gcc 8, mozbz#1434070- Set NSS_FORCE_FIPS=1 at %build time, and remove from %check. * Mon Jan 29 2018 Kai Engert - 3.35.0-3- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401 * Tue Jan 23 2018 Daiki Ueno - 3.35.0-2- Update to NSS 3.35.0 * Tue Nov 14 2017 Daiki Ueno - 3.34.0-2- Update to NSS 3.34.0 * Fri Nov 10 2017 Daiki Ueno - 3.33.0-6- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka * Wed Nov 08 2017 Kai Engert - 3.33.0-5- Fix test script * Tue Nov 07 2017 Kai Engert - 3.33.0-4- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package). * Tue Oct 24 2017 Kai Engert - 3.33.0-3- rhbz#1505487, backport upstream fixes required for rhbz#1496560 * Tue Oct 03 2017 Daiki Ueno - 3.33.0-2- Update to NSS 3.33.0 * Fri Sep 15 2017 Daiki Ueno - 3.32.1-2- Update to NSS 3.32.1 * Wed Sep 06 2017 Daiki Ueno - 3.32.0-4- Update iquote.patch to really prefer in-tree headers over system headers * Wed Aug 23 2017 Kai Engert - 3.32.0-3- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449 * Mon Aug 07 2017 Daiki Ueno - 3.32.0-2- Update to NSS 3.32.0 * Thu Aug 03 2017 Fedora Release Engineering - 3.31.0-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 3.31.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jul 18 2017 Daiki Ueno - 3.31.0-4- Backport mozbz#1381784 to avoid deadlock in dnf * Thu Jul 13 2017 Daiki Ueno - 3.31.0-3- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation * Wed Jun 21 2017 Daiki Ueno - 3.31.0-2- Rebase to NSS 3.31.0 * Fri Jun 02 2017 Daiki Ueno - 3.30.2-3- Enable gtests * Mon Apr 24 2017 Daiki Ueno - 3.30.2-2- Rebase to NSS 3.30.2- Enable TLS 1.3 * Thu Mar 30 2017 Kai Engert - 3.30.0-3- Backport upstream mozbz#1328318 to support crypto policy FUTURE. * Tue Mar 21 2017 Daiki Ueno - 3.30.0-2- Rebase to NSS 3.30.0- Remove upstreamed patches * Thu Mar 02 2017 Kai Engert - 3.29.1-3- Backport mozbz#1334976 and mozbz#1336487. * Fri Feb 17 2017 Daiki Ueno - 3.29.1-2- Rebase to NSS 3.29.1 * Thu Feb 09 2017 Daiki Ueno - 3.29.0-3- Disable TLS 1.3, following the upstream change * Wed Feb 08 2017 Daiki Ueno - 3.29.0-2- Rebase to NSS 3.29.0- Suppress -Werror=int-in-bool-context warnings with GCC7 * Mon Jan 23 2017 Daiki Ueno - 3.28.1-6- Work around pkgconfig -> pkgconf transition issue (releng#6597) * Fri Jan 20 2017 Daiki Ueno - 3.28.1-5- Disable TLS 1.3- Add \"Conflicts\" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1- Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream * Tue Jan 17 2017 Daiki Ueno - 3.28.1-4- Add \"Conflicts\" with older firefox packages which don\'t have support for smaller curves added in NSS 3.28.1 * Fri Jan 13 2017 Daiki Ueno - 3.28.1-3- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado * Fri Jan 06 2017 Daiki Ueno - 3.28.1-2- Rebase to NSS 3.28.1- Remove upstreamed patch for disabling RSA-PSS- Re-enable TLS 1.3 * Wed Nov 30 2016 Daiki Ueno - 3.27.2-2- Rebase to NSS 3.27.2 * Tue Nov 15 2016 Daiki Ueno - 3.27.0-5- Revert the previous fix for RSA-PSS and use the upstream fix instead * Wed Nov 02 2016 Kai Engert - 3.27.0-4- Disable the use of RSA-PSS with SSL/TLS. #1383809 * Sun Oct 02 2016 Daiki Ueno - 3.27.0-3- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers * Thu Sep 29 2016 Daiki Ueno - 3.27.0-2- Rebase to NSS 3.27.0- Remove upstreamed ectest patch * Mon Aug 08 2016 Daiki Ueno - 3.26.0-2- Rebase to NSS 3.26.0- Update check policy file patch to better match what was upstreamed- Remove conditionally ignore system policy patch as it has been upstreamed- Skip ectest as well as ecperf, which are built as part of nss-softokn- Fix rpmlint error regarding %define usage * Thu Jul 14 2016 Elio Maldonado - 3.25.0-6- Incorporate some changes requested in upstream review and commited upstream (#1157720) * Fri Jul 01 2016 Elio Maldonado - 3.25.0-5- Add support for conditionally ignoring the system policy (#1157720)- Remove unneeded test scripts patches in order to run more tests- Remove unneeded test data modifications from the spec file * Tue Jun 28 2016 Elio Maldonado - 3.25.0-4- Remove obsolete patch and spurious lines from the spec file (#1347336) * Sun Jun 26 2016 Elio Maldonado - 3.25.0-3- Cleanup spec file and patches and add references to bugs filed upstream * Fri Jun 24 2016 Elio Maldonado - 3.25.0-2- Rebase to nss 3.25 * Thu Jun 16 2016 Kamil Dudka - 3.24.0-3- decouple nss-pem from the nss package (#1347336) * Fri Jun 03 2016 Elio Maldonado - 3.24.0-2.3- Apply the patch that was last introduced- Renumber and reorder some of the patches- Resolves: Bug 1342158 * Thu Jun 02 2016 Elio Maldonado - 3.24.0-2.2- Allow application requests to disable SSL v2 to succeed- Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails * Sun May 29 2016 Elio Maldonado - 3.24.0-2.1- Rebase to NSS 3.24.0- Restore setting the policy file location- Make ssl tests scripts aware of policy- Ajust tests data expected result for policy * Tue May 24 2016 Elio Maldonado - 3.24.0-2.0- Bootstrap build to rebase to NSS 3.24.0- Temporarily not setting the policy file location * Thu May 12 2016 Elio Maldonado - 3.23.0-9- Change POLICY_FILE to \"nss.config\" * Fri Apr 22 2016 Elio Maldonado - 3.23.0-8- Change POLICY_FILE to \"nss.cfg\" * Wed Apr 20 2016 Elio Maldonado - 3.23.0-7- Change the POLICY_PATH to \"/etc/crypto-policies/back-ends\"- Regenerate the check policy patch with hg to provide more context * Thu Apr 14 2016 Elio Maldonado - 3.23.0-6- Fix typo in the last %changelog entry * Thu Mar 24 2016 Elio Maldonado - 3.23.0-5- Load policy file if /etc/pki/nssdb/policy.cfg exists- Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy * Tue Mar 08 2016 Elio Maldonado - 3.23.0-4- Remove unused patch rendered obsolete by pem update * Tue Mar 08 2016 Elio Maldonado - 3.23.0-3- Update pem sources to latest from nss-pem upstream- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key * Sat Mar 05 2016 Elio Maldonado - 3.23.0-2- Rebase to NSS 3.23 * Sat Feb 27 2016 Elio Maldonado - 3.22.2-2- Rebase to NSS 3.22.2 * Tue Feb 23 2016 Elio Maldonado - 3.22.1-3- Fix ssl2/exp test disabling to run all the required tests * Sun Feb 21 2016 Elio Maldonado - 3.22.1-1- Rebase to NSS 3.22.1 * Mon Feb 08 2016 Elio Maldonado - 3.22.0-3- Update .gitignore as part of updating to nss 3.22 * Mon Feb 08 2016 Elio Maldonado - 3.22.0-2- Update to NSS 3.22 * Thu Feb 04 2016 Fedora Release Engineering - 3.21.0-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Fri Jan 15 2016 Elio Maldonado - 3.21.0-6- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite- Remove \'export NSS_DISABLE_GTESTS=1\' go ssl_gtests are built- Use %define when specifying the nss_tests to run * Wed Dec 30 2015 Michal Toman - 3.21.0-5- Add 64-bit MIPS to multilib arches * Fri Nov 20 2015 Elio Maldonado - 3.21.0-4- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0- Resolves: Bug 1284095 - all https fails with sec_error_no_token * Sun Nov 15 2015 Elio Maldonado - 3.21.0-3- Add references to bugs filed upstream * Fri Nov 13 2015 Elio Maldonado Batiz - 3.21.1-2- Update to NSS 3.21- Package listsuites as part of the unsupported tools set- Resolves: Bug 1279912 - nss-3.21 is available- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set * Fri Oct 30 2015 Elio Maldonado - 3.20.1-2- Update to NSS 3.20.1 * Wed Sep 30 2015 Elio Maldonado - 3.20.0-6- Enable ECC cipher-suites by default [hrbz#1185708]- Split the enabling patch in two for easier maintenance- Remove unused patches rendered obsolete by prior rebase * Wed Sep 16 2015 Elio Maldonado - 3.20.0-5- Enable ECC cipher-suites by default [hrbz#1185708]- Implement corrections requested in code review * Tue Sep 15 2015 Elio Maldonado - 3.20.0-4- Enable ECC cipher-suites by default [hrbz#1185708] * Mon Sep 14 2015 Elio Maldonado - 3.20.0-3- Fix patches that disable ssl2 and export cipher suites support- Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers- Fix syntax errors in patch to skip ssl2 and export cipher suite tests- Turn ssl2 off by default in the tstclnt tool- Disable ssl stress tests containing TLS RC4 128 with MD5 * Thu Aug 20 2015 Elio Maldonado - 3.20.0-2- Update to NSS 3.20 * Sat Aug 08 2015 Elio Maldonado - 3.19.3-2- Update to NSS 3.19.3 * Fri Jun 26 2015 Elio Maldonado - 3.19.2-3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers * Wed Jun 17 2015 Kai Engert - 3.19.2-2- Update to NSS 3.19.2 * Thu May 28 2015 Kai Engert - 3.19.1-2- Update to NSS 3.19.1 * Tue May 19 2015 Kai Engert - 3.19.0-2- Update to NSS 3.19 * Fri May 15 2015 Kai Engert - 3.18.0-2- Replace expired test certificates, upstream bug 1151037 * Thu Mar 19 2015 Elio Maldonado - 3.18.0-1- Update to nss-3.18.0- Resolves: Bug 1203689 - nss-3.18 is available * Tue Mar 03 2015 Elio Maldonado - 3.17.4-5- Disable export suites and SSL2 support at build time- Fix syntax errors in various shell scripts- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites * Sat Feb 21 2015 Till Maas - 3.17.4-4- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Tue Feb 10 2015 Elio Maldonado - 3.17.4-3- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2- Backing out from disabling ssl2 until the patches are fixed * Mon Feb 09 2015 Elio Maldonado - 3.17.4-2- Disable SSL2 support at build time- Fix syntax errors in various shell scripts- Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites * Wed Jan 28 2015 Elio Maldonado - 3.17.4-1- Update to nss-3.17.4 * Sat Jan 24 2015 Ville Skyttä - 3.17.3-4- Own the %{_datadir}/doc/nss-tools dir * Tue Dec 16 2014 Elio Maldonado - 3.17.3-3- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Install pp man page in %{_datadir}/doc/nss-tools/pp.1- Use %{_mandir} instead of /usr/share/man as more generic * Mon Dec 15 2014 Elio Maldonado - 3.17.3-2- Install pp man page in alternative location- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer * Fri Dec 05 2014 Elio Maldonado - 3.17.3-1- Update to nss-3.17.3- Resolves: Bug 1171012 - nss-3.17.3 is available * Thu Oct 16 2014 Elio Maldonado - 3.17.2-2- Resolves: Bug 994599 - Enable TLS 1.2 by default * Sun Oct 12 2014 Elio Maldonado - 3.17.2-1- Update to nss-3.17.2 * Wed Sep 24 2014 Kai Engert - 3.17.1-1- Update to nss-3.17.1- Add a mechanism to skip test suite execution during development work * Thu Aug 21 2014 Kevin Fenzi - 3.17.0-2- Rebuild for rpm bug 1131960 * Tue Aug 19 2014 Elio Maldonado - 3.17.0-1- Update to nss-3.17.0 * Sun Aug 17 2014 Fedora Release Engineering - 3.16.2-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Jul 30 2014 Elio Maldonado - 3.16.2-3- Replace expired PayPal test cert with current one to prevent build failure * Fri Jul 18 2014 Tom Callaway - 3.16.2-2- fix license handling * Sun Jun 29 2014 Elio Maldonado - 3.16.2-1- Update to nss-3.16.2 * Sun Jun 15 2014 Elio Maldonado - 3.16.1-4- Remove unwanted source directories at end of %prep so it truly does it- Skip the cipher suite already run as part of the nss-softokn build * Sat Jun 07 2014 Fedora Release Engineering - 3.16.1-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 12 2014 Jaromir Capik - 3.16.1-2- Replacing ppc64 and ppc64le with the power64 macro- Related: Bug 1052545 - Trivial change for ppc64le in nss spec * Tue May 06 2014 Elio Maldonado - 3.16.1-1- Update to nss-3.16.1- Update the iquote patch on account of the rebase- Improve error detection in the %section- Resolves: Bug 1094702 - nss-3.16.1 is available * Tue Mar 18 2014 Elio Maldonado - 3.16.0-1- Update to nss-3.16.0- Cleanup the copying of the tools man pages- Update the iquote.patch on account of the rebase * Tue Mar 04 2014 Elio Maldonado - 3.15.5-2- Restore requiring nss_softokn_version >= 3.15.5 * Wed Feb 19 2014 Elio Maldonado - 3.15.5-1- Update to nss-3.15.5- Temporarily requiring only nss_softokn_version >= 3.15.4- Fix location of sharedb files and their manpages- Move cert9.db, key4.db, and pkcs11.txt to the main package- Move nss-sysinit manpages tar archives to the main package- Resolves: Bug 1066877 - nss-3.15.5 is available- Resolves: Bug 1067091 - Move sharedb files to the %files section * Thu Feb 06 2014 Elio Maldonado - 3.15.4-5- Revert previous change that moved some sysinit manpages- Restore nss-sysinit manpages tar archives to %files sysinit- Removing spurious wildcard entry was the only change needed * Mon Jan 27 2014 Elio Maldonado - 3.15.4-4- Add explanatory comments for iquote.patch as was done on f20 * Sat Jan 25 2014 Elio Maldonado - 3.15.4-3- Update pem sources to latest from nss-pem upstream- Pick up pem fixes verified on RHEL and applied upstream- Fix a problem where same files in two rpms created rpm conflict- Move some nss-sysinit manpages tar archives to the %files the- All man pages are listed by name so there shouldn\'t be wildcard inclusion- Add support for ppc64le, Resolves: Bug 1052545 * Mon Jan 20 2014 Peter Robinson 3.15.4-2- ARM tests pass so remove ARM conditional * Tue Jan 07 2014 Elio Maldonado - 3.15.4-1- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)- Resolves: Bug 1049229 - nss-3.15.4 is available- Update pem sources to latest from the interim upstream for pem- Remove no longer needed patches- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken- Update iquote.patch on account of upstream changes * Wed Dec 11 2013 Elio Maldonado - 3.15.3.1-1- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)- Resolves: Bug 1040192 - nss-3.15.3.1 is available * Tue Dec 03 2013 Elio Maldonado - 3.15.3-2- Bump the release tag * Sun Nov 24 2013 Elio Maldonado - 3.15.3-1- Update to NSS_3_15_3_RTM- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws- Fix option descriptions for setup-nsssysinit manpage- Fix man page of nss-sysinit wrong path and other flaws- Document email option for certutil manpage- Remove unused patches * Sun Oct 27 2013 Elio Maldonado - 3.15.2-3- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245] * Wed Oct 23 2013 Elio Maldonado - 3.15.2-2- Use the full sources from upstream- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird * Thu Sep 26 2013 Elio Maldonado - 3.15.2-1- Update to NSS_3_15_2_RTM- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel * Wed Aug 28 2013 Elio Maldonado - 3.15.1-7- Update pem sources to pick up a patch applied upstream which a faulty merge had missed- The pem module should not require unique file basenames * Tue Aug 27 2013 Elio Maldonado - 3.15.1-6- Update pem sources to the latest from interim upstream * Mon Aug 19 2013 Elio Maldonado - 3.15.1-5- Resolves: rhbz#996639 - Minor bugs in nss man pages- Fix some typos and improve description and see also sections * Sun Aug 11 2013 Elio Maldonado - 3.15.1-4- Cleanup spec file to address most rpmlint errors and warnings- Using double percent symbols to fix macro-in-comment warnings- Ignore unversioned-explicit-provides nss-system-init per spec comments- Ignore invalid-url Source0 as it comes from the git lookaside cache- Ignore invalid-url Source12 as it comes from the git lookaside cache * Thu Jul 25 2013 Elio Maldonado - 3.15.1-3- Add man page for pkcs11.txt configuration file and cert and key databases- Resolves: rhbz#985114 - Provide man pages for the nss configuration files * Fri Jul 19 2013 Elio Maldonado - 3.15.1-2- Fix errors in the man pages- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit * Tue Jul 02 2013 Elio Maldonado - 3.15.1-1- Update to NSS_3_15_1_RTM- Enable the iquote.patch to access newly introduced types * Wed Jun 19 2013 Elio Maldonado - 3.15-5- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts- Resolves: rhbz#606020 - nss security tools lack man pages * Tue Jun 18 2013 emaldona - 3.15-4- Build nss without softoken or util sources in the tree- Resolves: rhbz#689918 * Mon Jun 17 2013 emaldona - 3.15-3- Update ssl-cbc-random-iv-by-default.patch * Sun Jun 16 2013 Elio Maldonado - 3.15-2- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config * Sat Jun 15 2013 Elio Maldonado - 3.15-1- Update to NSS_3_15_RTM * Wed Apr 24 2013 Elio Maldonado - 3.15-0.1.beta1.2- Fix incorrect path that hid failed test from view- Add ocsp to the test suites to run but ...- Temporarily disable the ocsp stapling tests- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors * Thu Apr 04 2013 Elio Maldonado - 3.15-0.1.beta1.1- Update to NSS_3_15_BETA1- Update spec file, patches, and helper scripts on account of a shallower source tree * Sun Mar 24 2013 Kai Engert - 3.14.3-12- Update expired test certificates (fixed in upstream bug 852781) * Fri Mar 08 2013 Kai Engert - 3.14.3-10- Fix incorrect post/postun scripts. Fix broken links in posttrans. * Wed Mar 06 2013 Kai Engert - 3.14.3-9- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement. * Fri Feb 15 2013 Elio Maldonado - 3.14.3-1- Update to NSS_3_14_3_RTM- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3- Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack- Resolves: rhbz#896651 - PEM module trashes private keys if login fails- Resolves: rhbz#909775 - specfile support for AArch64- Resolves: rhbz#910584 - certutil -a does not produce ASCII output * Mon Feb 04 2013 Elio Maldonado - 3.14.2-2- Allow building nss against older system sqlite * Fri Feb 01 2013 Elio Maldonado - 3.14.2-1- Update to NSS_3_14_2_RTM * Wed Jan 02 2013 Kai Engert - 3.14.1-3- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM * Sat Dec 22 2012 Elio Maldonado - 3.14.1-2- Require nspr >= 4.9.4- Fix changelog invalid dates * Mon Dec 17 2012 Elio Maldonado - 3.14.1-1- Update to NSS_3_14_1_RTM * Wed Dec 12 2012 Elio Maldonado - 3.14-12- Bug 879978 - Install the nssck.api header template where mod_revocator can access it- Install nssck.api in /usr/includes/nss3/templates * Tue Nov 27 2012 Elio Maldonado - 3.14-11- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it- Install nssck.api in /usr/includes/nss3 * Mon Nov 19 2012 Elio Maldonado - 3.14-10- Bug 870864 - Add support in NSS for Secure Boot * Sat Nov 10 2012 Elio Maldonado - 3.14-9- Disable bypass code at build time and return failure on attempts to enable at runtime- Bug 806588 - Disable SSL PKCS #11 bypass at build time * Sun Nov 04 2012 Elio Maldonado - 3.14-8- Fix pk11wrap locking which fixes \'fedpkg new-sources\' and \'fedpkg update\' hangs- Bug 872124 - nss-3.14 breaks fedpkg new-sources- Fix should be considered preliminary since the patch may change upon upstream approval * Thu Nov 01 2012 Elio Maldonado - 3.14-7- Add a dummy source file for testing /preventing fedpkg breakage- Helps test the fedpkg new-sources and upload commands for breakage by nss updates- Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources * Thu Nov 01 2012 Elio Maldonado - 3.14-6- Fix a previous unwanted merge from f18- Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while- Keeping the patch disabled while we are still in rawhide and- State in comment that patch is needed for both stable and beta branches- Update .gitignore to download only the new sources * Wed Oct 31 2012 Elio Maldonado - 3.14-5- Fix the spec file so sechash.h gets installed- Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14 * Sat Oct 27 2012 Elio Maldonado - 3.14-4- Update the license to MPLv2.0 * Wed Oct 24 2012 Elio Maldonado - 3.14-3- Use only -f when removing unwanted headers * Tue Oct 23 2012 Elio Maldonado - 3.14-2- Add secmodt.h to the headers installed by nss-devel- nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14 * Mon Oct 22 2012 Elio Maldonado - 3.14-1- Update to NSS_3_14_RTM * Sun Oct 21 2012 Elio Maldonado - 3.14-0.1.rc.1- Update to NSS_3_14_RC1- update nss-589636.patch to apply to httpdserv- turn off ocsp tests for now- remove no longer needed patches- remove headers shipped by nss-util * Fri Oct 05 2012 Kai Engert - 3.13.6-1- Update to NSS_3_13_6_RTM * Mon Aug 27 2012 Elio Maldonado - 3.13.5-8- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3- Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load- Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer- Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix * Mon Aug 13 2012 Elio Maldonado - 3.13.5-7- Fix pluggable ecc support * Fri Jul 20 2012 Fedora Release Engineering - 3.13.5-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sun Jul 01 2012 Elio Maldonado - 3.13.5-5- Fix checkin comment to prevent unwanted expansions of percents * Sun Jul 01 2012 Elio Maldonado - 3.13.5-4- Resolves: Bug 830410 - Missing Requires %{?_isa}- Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools- Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib- Enable sha224 portion of powerup selftest when running test suites- Require nspr 4.9.1 * Wed Jun 20 2012 Elio Maldonado - 3.13.5-3- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in * Tue Jun 19 2012 Elio Maldonado - 3.13.5-2- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in * Mon Jun 18 2012 Elio Maldonado - 3.13.5-1- Update to NSS_3_13_5_RTM * Fri Apr 13 2012 Elio Maldonado - 3.13.4-3- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3 * Sun Apr 08 2012 Elio Maldonado - 3.13.4-2- Resolves: Bug 805723 - Library needs partial RELRO support added- Patch coreconf/Linux.mk as done on RHEL 6.2 * Fri Apr 06 2012 Elio Maldonado - 3.13.4-1- Update to NSS_3_13_4_RTM- Update the nss-pem source archive to the latest version- Remove no longer needed patches- Resolves: Bug 806043 - use pem files interchangeably in a single process- Resolves: Bug 806051 - PEM various flaws detected by Coverity- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name * Wed Mar 21 2012 Elio Maldonado - 3.13.3-4- Resolves: Bug 805723 - Library needs partial RELRO support added | |