Commit Graph

41 Commits

Author SHA1 Message Date
Bob Relyea
09dd8eef9a Resolves: rhbz#2104703
- more complete fix for the client auth crash
2022-07-07 09:34:21 -07:00
Bob Relyea
590eee18a6 Related: rhbz#2097816
- increase the pbe cache size
- remove debugging print from certmonder patch
2022-06-22 13:59:47 -07:00
Bob Relyea
aef9d0723d Resolves: rhbz#2091905 rhbz#2098489
- mark rsa 1023 as FIPS, reject RSA key sizes less than 1023.
- allow applications to rerun the POST arbitrarily (that is after dlopen).
2022-06-21 12:21:13 -07:00
Bob Relyea
e6c0644902 Resolves: rhbz#2064360
- resolve more regressions. selfserv no longer handles IPV4 when configured for IPV6.
2022-06-14 18:50:06 -07:00
Bob Relyea
4d2d68aab9 Resolves: rhbz#2064360
- Fix test case regressions in rebase
2022-06-13 15:25:32 -07:00
Bob Relyea
328433776d Resolves: rhbz#2064360
- fix coverity issues
 - add dbtool
2022-06-10 16:51:19 -07:00
Bob Relyea
347b7343a5 Resolves: rhbz#2064360
Rebase nss to 3.79, nspr to 4.34 for Firefox 102 ESR
2022-06-02 11:14:49 -07:00
Bob Relyea
abcefb3fa4 Resolves: rhbz#2041832
openssl pkcs12 unable to process nss pk12util generated pkcs12 file if its password length is >= 64 chars
2022-02-16 12:55:59 -08:00
Bob Relyea
fd0aecc80b Resolves: rhbz#2039862 rhbz#1986987
Turn on lto (fixing gtests issue with lto)
Fix pkcs12 man page to include changes made in that command.
2022-01-27 08:09:17 -08:00
Robert Relyea
8857078930 Related: rhbz#2033309 2022-01-14 22:06:25 +00:00
Bob Relyea
79eaf96146 Resolves: rhbz#2033309
Remove old db files and man pages
2022-01-11 14:20:39 -08:00
Bob Relyea
34e9500654 Resolves: rhbz#2025362
Fix CVE 2021-43527
2021-12-01 11:54:49 -08:00
Bob Relyea
af61b61e84 Related: rhbz#2008320
- Fix typo that prevented the validation program from building.
- add the validation program to nss-tools.
- Fix issue with NSS_FIPS_MODULE_ID where it wasn't detecting builds on RHEL9
2021-10-19 20:11:17 -07:00
Bob Relyea
c9c633332d Resolves: rhbz#2008320
Rebase to NSS 3.71: (changes since NSS 3.67)

    Network Security Services (NSS) 3.71 was released on 30 September 2021.

    The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/>

    Changes:
    - Bug 1717716 - Set nssckbi version number to 2.52.
    - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
    - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
    - Bug 1717707 - Add HARICA Client ECC Root CA 2021.
    - Bug 1717707 - Add HARICA Client RSA Root CA 2021.
    - Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
    - Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
    - Bug 1728394 - Add TunTrust Root CA certificate to NSS.
    -------------------------------------

    Network Security Services (NSS) 3.70 was released on 4 September 2021.

    The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/>

    Changes:
       - Documentation: release notes for NSS 3.70.
       - Documentation: release notes for NSS 3.69.1.
       - Bug 1726022 - Update test case to verify fix.
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
       - Formatting for lib/util
       - Bug 1681975 - Avoid using a lookup table in nssb64d.
       - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
       - Bug 1714579 - Change default value of enableHelloDowngradeCheck to true.
       - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
       - Bug 1726022 - Cache additional PBE entries.
       - Bug 1709750 - Read HPKE vectors from official JSON.
       - Documentation: update for NSS 3.69 release.

    Network Security Services (NSS) 3.69 was released on 5 August 2021.

    The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer.

    NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/>

    Bugs fixed:
       - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
       - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
       - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
       - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
       - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
       - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
       - Bug 1720232 - SQLite calls could timeout in starvation situations.
       - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
       - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
       - Bug 1720227 - NSS using a tempdir to measure sql performance not active

    Network Security Services (NSS) 3.68 ESR was released on 8 July 2021.

    The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer.

    NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/>

    Bugs fixed:
       -  Bug 1713562 - Fix test leak.
       -  Bug 1717452 - NSS 3.68 should depend on NSPR 4.32.
       -  Bug 1693206 - Implement PKCS8 export of ECDSA keys.
       -  Bug 1712883 - DTLS 1.3 draft-43.
       -  Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
       -  Bug 1713562 - Validate ECH public names.
       -  Bug 1717610 - Add function to get seconds from epoch from pkix::Time.
2021-10-06 12:09:11 -07:00
Bob Relyea
55f8cd2e51 Related: rhbz#1972928
Rebuild for gating
2021-08-25 08:46:15 -07:00
Bob Relyea
9a9e0681ed Related: rhbz#1972928
Update nspr for firefox 92
2021-08-19 13:06:04 -07:00
Florian Weimer
6098d94e9d Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 15:01:01 +02:00
Florian Weimer
ec42b367dc Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 10:54:57 +02:00
Florian Weimer
4b70a03790 Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 07:18:54 +02:00
Mohan Boddu
1fded96fc7 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:34:19 +00:00
Bob Relyea
449fc4a03c Related: rhbz#1972928
- fix relro support in nspr part of build
2021-07-08 15:19:14 -07:00
Bob Relyea
5a8798b5da Related: rhbz#1933778
sigh, bump nspr release number
2021-07-07 12:58:28 -07:00
Bob Relyea
ceb4bbe240 Resolves: rhbz#1933778
Fix incorrect ssl alerts on signature algorithms.
2021-07-07 12:06:28 -07:00
Bob Relyea
b6e19ee8f1 Related: rhbz#1978038
Bump the nspr build number.
2021-07-02 08:08:22 -07:00
Bob Relyea
66eacfa6fd Related: rhbz#1978038
Sigh fix LDFlags to make nspr happy...
2021-07-01 15:54:34 -07:00
Bob Relyea
8e1aafaab1 Resolves: rhbz#1978038
Allow NSS to use databases which have been updated from dbm to sql
on an unpacked version of nss. (prevented pesign from working).
2021-07-01 15:12:42 -07:00
Bob Relyea
4c08989645 Related: rhbz#1972928
- only include nspr man pages in nspr-devel
2021-06-22 19:37:34 -07:00
Bob Relyea
fed7d55f1a Resolves: rhbz#1972928
Rebase nss to 3.67
2021-06-21 10:17:18 -07:00
Bob Relyea
88a947fc0b Resolves: rhbz#1926367
Restore RHEL-8 patch to prevent MD5 and MD4 hash operations
2021-04-16 14:12:00 -07:00
Mohan Boddu
fd919dd3b5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:28:37 +00:00
DistroBaker
c03dc29b59 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#a7057b9bf67f5fc52e340044929ea2054144c049
2021-03-28 23:05:16 +00:00
DistroBaker
aecb39840f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#3eb17533735591440094d76f51da4b4fe41f2334
2021-03-06 05:41:33 +00:00
DistroBaker
ae6ffcc5fd Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#0b3033dcf42266f55ef1d4f9f450f17e298fd229
2021-02-03 03:18:21 +00:00
DistroBaker
435cd25d33 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#37aceda53b5ebf60d706f871c64690477b01e90f
2021-01-23 04:35:49 +00:00
DistroBaker
7ee7f9bbbe Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#4d0b92b33350fc4f84936b3fe001ddec026b5d3a
2021-01-22 05:44:38 +00:00
DistroBaker
ea29cec023 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#4ecb833a82b0039b0eebfcb5dc921e516f47ac2b
2020-12-12 23:43:09 +00:00
DistroBaker
359e1d55d7 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#a0090873a5b47a896b574ea437c5d3b8d0f6c2e4
2020-11-07 11:14:21 +00:00
DistroBaker
1c7a019432 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#b09fff4da101841d043014150107559d3f9f5dfa
2020-10-30 17:47:49 +00:00
DistroBaker
b2961491fc Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#51aa05789caa51bfe3a8162996e8462e76b3c5e5
2020-10-30 02:57:17 +01:00
DistroBaker
7fd5097dca Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#e698f2504cb957f144a0dd5dc6ae48db3d884487
2020-10-27 21:37:19 +01:00
Petr Šabata
70c8536a25 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/nss#8b34570da21ddd732841d9e2d4ed111f590237a3
2020-10-15 21:19:07 +02:00