Commit Graph

59 Commits

Author SHA1 Message Date
Robert Relyea
2fef3aa45f Resolves: rhbz#2229399
- add indicator for pbkdf
- fix ems policy bug
2023-08-05 10:43:46 -07:00
Stanislav Zidek
ac0b8ce8dd Disable separate reporting of interop tests
Otherwise, we would have to enumerate all the test plans
in `gating.yaml`. Without separate reporting, we could
simply use `osci.brew-build.tier0.functional`.

Related: rhbz#2209764
2023-07-13 11:31:29 +02:00
Frantisek Krenzelok
b5cdb03af2
Increase the release number
Related: rhbz#2211937

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2023-06-29 14:49:43 +02:00
Frantisek Krenzelok
6bbfd9e4ef
Add dist tag to packages version
Related: rhbz#2211937

Packages lacked dist tag in their version tag after the
92cf70d

move `%patch<num>` from deprecate format to `%patch -P<num>`

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2023-06-28 17:06:00 +02:00
Robert Relyea
92cf70d178 Resolves: rhbz#2211937
Rebase NSS to 3.90 for Firefox 115 ESR
Includes NSPR 4.35
2023-06-22 08:21:33 +02:00
Alexander Sosedkin
f2db67545b delete tests/
The test directory seems to be inherited from Fedora.
The only test in there has become outdated.

Related: rhbz#2209764
2023-05-25 16:50:18 +02:00
Peter Leitmann
9bb1bef019 Add new interop rpm-tmt-tests 2023-05-25 09:24:59 +00:00
Bob Relyea
7391e8d0cd Resolves: rhbz#2179385
Make DH parameter processing in FIPS mode more strict.
Fix memory leak in dh keygen.
2023-03-22 09:38:23 -07:00
Bob Relyea
2ed3d453e9 Related: rhbz#2174613
Fix regression issue in FIPS mode. We need to return a non-locking return
code if the user supplied DH parameters are invalid, rather than a blocking
code we return if the underlying NSS math engine blows up.
2023-03-16 12:53:52 -07:00
Bob Relyea
fe16df6b41 Related: rhbz#2176630 rhbz#2153473 rhbz#2174613
Sync nss.spec with rhel-9.0.0 branch to match versioning.
2023-03-15 10:36:00 -07:00
Bob Relyea
67466513bc Resolves: rhbz#2176630 rhbz#2153473 rhbz#2174613
Fix CVE 2023-0767
Fix FIPS review comments.
2023-03-11 11:19:28 -08:00
Bob Relyea
f445964895 Resolves: rhbz#2004545 rhbz#2122714
- Update fips_algorithms.h to match the final FIPS requirements
    - Disable delegated credentials
2022-09-08 08:56:38 -07:00
Bob Relyea
dcbd11ce7c Resolves: rhbz#2091905
- remove OAEP from the fips indicator list
2022-08-24 15:28:58 -07:00
Bob Relyea
cba98b139c Resolves: rhbz#2091905
- More FIPS changes for FIPS 140-3
    -   drbg seeding fixes
    -   fips indicator fixes
- Fix regressions in pkcs12.
2022-08-24 08:17:30 -07:00
Bob Relyea
09dd8eef9a Resolves: rhbz#2104703
- more complete fix for the client auth crash
2022-07-07 09:34:21 -07:00
Bob Relyea
590eee18a6 Related: rhbz#2097816
- increase the pbe cache size
- remove debugging print from certmonder patch
2022-06-22 13:59:47 -07:00
Bob Relyea
aef9d0723d Resolves: rhbz#2091905 rhbz#2098489
- mark rsa 1023 as FIPS, reject RSA key sizes less than 1023.
- allow applications to rerun the POST arbitrarily (that is after dlopen).
2022-06-21 12:21:13 -07:00
Bob Relyea
e6c0644902 Resolves: rhbz#2064360
- resolve more regressions. selfserv no longer handles IPV4 when configured for IPV6.
2022-06-14 18:50:06 -07:00
Bob Relyea
4d2d68aab9 Resolves: rhbz#2064360
- Fix test case regressions in rebase
2022-06-13 15:25:32 -07:00
Bob Relyea
328433776d Resolves: rhbz#2064360
- fix coverity issues
 - add dbtool
2022-06-10 16:51:19 -07:00
Bob Relyea
347b7343a5 Resolves: rhbz#2064360
Rebase nss to 3.79, nspr to 4.34 for Firefox 102 ESR
2022-06-02 11:14:49 -07:00
Bob Relyea
abcefb3fa4 Resolves: rhbz#2041832
openssl pkcs12 unable to process nss pk12util generated pkcs12 file if its password length is >= 64 chars
2022-02-16 12:55:59 -08:00
Bob Relyea
fd0aecc80b Resolves: rhbz#2039862 rhbz#1986987
Turn on lto (fixing gtests issue with lto)
Fix pkcs12 man page to include changes made in that command.
2022-01-27 08:09:17 -08:00
Robert Relyea
8857078930 Related: rhbz#2033309 2022-01-14 22:06:25 +00:00
Bob Relyea
79eaf96146 Resolves: rhbz#2033309
Remove old db files and man pages
2022-01-11 14:20:39 -08:00
Bob Relyea
34e9500654 Resolves: rhbz#2025362
Fix CVE 2021-43527
2021-12-01 11:54:49 -08:00
Bob Relyea
af61b61e84 Related: rhbz#2008320
- Fix typo that prevented the validation program from building.
- add the validation program to nss-tools.
- Fix issue with NSS_FIPS_MODULE_ID where it wasn't detecting builds on RHEL9
2021-10-19 20:11:17 -07:00
Bob Relyea
c9c633332d Resolves: rhbz#2008320
Rebase to NSS 3.71: (changes since NSS 3.67)

    Network Security Services (NSS) 3.71 was released on 30 September 2021.

    The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/>

    Changes:
    - Bug 1717716 - Set nssckbi version number to 2.52.
    - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
    - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
    - Bug 1717707 - Add HARICA Client ECC Root CA 2021.
    - Bug 1717707 - Add HARICA Client RSA Root CA 2021.
    - Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
    - Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
    - Bug 1728394 - Add TunTrust Root CA certificate to NSS.
    -------------------------------------

    Network Security Services (NSS) 3.70 was released on 4 September 2021.

    The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/>

    Changes:
       - Documentation: release notes for NSS 3.70.
       - Documentation: release notes for NSS 3.69.1.
       - Bug 1726022 - Update test case to verify fix.
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
       - Formatting for lib/util
       - Bug 1681975 - Avoid using a lookup table in nssb64d.
       - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
       - Bug 1714579 - Change default value of enableHelloDowngradeCheck to true.
       - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
       - Bug 1726022 - Cache additional PBE entries.
       - Bug 1709750 - Read HPKE vectors from official JSON.
       - Documentation: update for NSS 3.69 release.

    Network Security Services (NSS) 3.69 was released on 5 August 2021.

    The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer.

    NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/>

    Bugs fixed:
       - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
       - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
       - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
       - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
       - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
       - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
       - Bug 1720232 - SQLite calls could timeout in starvation situations.
       - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
       - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
       - Bug 1720227 - NSS using a tempdir to measure sql performance not active

    Network Security Services (NSS) 3.68 ESR was released on 8 July 2021.

    The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer.

    NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/>

    Bugs fixed:
       -  Bug 1713562 - Fix test leak.
       -  Bug 1717452 - NSS 3.68 should depend on NSPR 4.32.
       -  Bug 1693206 - Implement PKCS8 export of ECDSA keys.
       -  Bug 1712883 - DTLS 1.3 draft-43.
       -  Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
       -  Bug 1713562 - Validate ECH public names.
       -  Bug 1717610 - Add function to get seconds from epoch from pkix::Time.
2021-10-06 12:09:11 -07:00
Bob Relyea
55f8cd2e51 Related: rhbz#1972928
Rebuild for gating
2021-08-25 08:46:15 -07:00
Bob Relyea
bcabd96a47 Related: rhbz#1972928
Add gating.yaml
2021-08-20 10:57:03 -07:00
Bob Relyea
9a9e0681ed Related: rhbz#1972928
Update nspr for firefox 92
2021-08-19 13:06:04 -07:00
Florian Weimer
6098d94e9d Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 15:01:01 +02:00
Florian Weimer
ec42b367dc Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 10:54:57 +02:00
Florian Weimer
4b70a03790 Change release number to correct cross-package dependencies (#1991688)
Related: #1991688
2021-08-12 07:18:54 +02:00
Mohan Boddu
1fded96fc7 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:34:19 +00:00
Bob Relyea
449fc4a03c Related: rhbz#1972928
- fix relro support in nspr part of build
2021-07-08 15:19:14 -07:00
Bob Relyea
5a8798b5da Related: rhbz#1933778
sigh, bump nspr release number
2021-07-07 12:58:28 -07:00
Bob Relyea
ceb4bbe240 Resolves: rhbz#1933778
Fix incorrect ssl alerts on signature algorithms.
2021-07-07 12:06:28 -07:00
Bob Relyea
b6e19ee8f1 Related: rhbz#1978038
Bump the nspr build number.
2021-07-02 08:08:22 -07:00
Bob Relyea
66eacfa6fd Related: rhbz#1978038
Sigh fix LDFlags to make nspr happy...
2021-07-01 15:54:34 -07:00
Bob Relyea
8e1aafaab1 Resolves: rhbz#1978038
Allow NSS to use databases which have been updated from dbm to sql
on an unpacked version of nss. (prevented pesign from working).
2021-07-01 15:12:42 -07:00
Bob Relyea
4c08989645 Related: rhbz#1972928
- only include nspr man pages in nspr-devel
2021-06-22 19:37:34 -07:00
Bob Relyea
fed7d55f1a Resolves: rhbz#1972928
Rebase nss to 3.67
2021-06-21 10:17:18 -07:00
Bob Relyea
af6d77e2b5 Related: rhbz1926367
Fix incorrect patch file
2021-04-16 18:13:49 -07:00
Bob Relyea
88a947fc0b Resolves: rhbz#1926367
Restore RHEL-8 patch to prevent MD5 and MD4 hash operations
2021-04-16 14:12:00 -07:00
Mohan Boddu
fd919dd3b5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:28:37 +00:00
DistroBaker
c03dc29b59 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#a7057b9bf67f5fc52e340044929ea2054144c049
2021-03-28 23:05:16 +00:00
DistroBaker
cfd90a0640 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#3eb17533735591440094d76f51da4b4fe41f2334
2021-03-18 14:01:26 +00:00
DistroBaker
aecb39840f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#3eb17533735591440094d76f51da4b4fe41f2334
2021-03-06 05:41:33 +00:00
DistroBaker
ae6ffcc5fd Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#0b3033dcf42266f55ef1d4f9f450f17e298fd229
2021-02-03 03:18:21 +00:00