Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2017-05-06 18:26:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mozilla-nss" Sat May 6 18:26:16 2017 rev:126 rq:492757 version:3.30.2 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2017-04-18 13:47:29.879100604 +0200 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2017-05-06 18:26:17.487674036 +0200 @@ -1,0 +2,52 @@ +Wed Apr 26 21:30:30 UTC 2017 - wr@rosenauer.org + +- update to NSS 3.30.2 + New Functionality + * In the PKCS#11 root CA module (nssckbi), CAs with positive trust + are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, + set to true. Applications that need to distinguish them from other + other root CAs, may use the exported function PK11_HasAttributeSet. + * Support for callback functions that can be used to monitor SSL/TLS + alerts that are sent or received. + New Functions + * CERT_CompareAVA - performs a comparison of two CERTAVA structures, + and returns a SECComparison result. + * PK11_HasAttributeSet - allows to check if a PKCS#11 object in a + given slot has a specific boolean attribute set. + * SSL_AlertReceivedCallback - register a callback function, that will + be called whenever an SSL/TLS alert is received + * SSL_AlertSentCallback - register a callback function, that will be + called whenever an SSL/TLS alert is sent + * SSL_SetSessionTicketKeyPair - configures an asymmetric key pair, + for use in wrapping session ticket keys, used by the server. This + function currently only accepts an RSA public/private key pair. + New Macros + * PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256 + cipher family identifiers corresponding to the PKCS#5 v2.1 AES + based encryption schemes used in the PKCS#12 support in NSS + * CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11 + attribute, that should be set to true, if a CA is present because + of it's acceptance according to the Mozilla CA Policy + Notable Changes + * The TLS server code has been enhanced to support session tickets + when no RSA certificate (e.g. only an ECDSA certificate) is configured. + * RSA-PSS signatures produced by key pairs with a modulus bit length + that is not a multiple of 8 are now supported. + * The pk12util tool now supports importing and exporting data encrypted + in the AES based schemes defined in PKCS#5 v2.1. + Root CA updates + * The following CA certificates were Removed + - O = Japanese Government, OU = ApplicationCA + - CN = WellsSecure Public Root Certificate Authority + - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 + - CN = Microsec e-Szigno Root + * The following CA certificates were Added + - CN = D-TRUST Root CA 3 2013 + - CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 + * The version number of the updated root CA list has been set to 2.14 + (bmo#1350859) + * Domain name constraints for one of the new CAs have been added to the + NSS code (bmo#1349705) +- removed obsolete nss-bmo1320695.patch + +------------------------------------------------------------------- Old: ---- nss-3.29.5.tar.gz nss-bmo1320695.patch New: ---- nss-3.30.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.GibI0O/_old 2017-05-06 18:26:19.175435885 +0200 +++ /var/tmp/diff_new_pack.GibI0O/_new 2017-05-06 18:26:19.179435320 +0200 @@ -21,11 +21,11 @@ Name: mozilla-nss BuildRequires: gcc-c++ -BuildRequires: mozilla-nspr-devel >= 4.13.1 +BuildRequires: mozilla-nspr-devel >= 4.14 BuildRequires: pkg-config BuildRequires: sqlite-devel BuildRequires: zlib-devel -Version: 3.29.5 +Version: 3.30.2 Release: 0 # bug437293 %ifarch ppc64 @@ -36,8 +36,8 @@ License: MPL-2.0 Group: System/Libraries Url: http://www.mozilla.org/projects/security/pki/nss/ -Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_29_5_RTM/src/nss-%{version}.tar.gz -# hg clone https://hg.mozilla.org/projects/nss nss-3.29.5/nss ; cd nss-3.29.5/nss ; hg up NSS_3_29_5_RTM +Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_30_2_RTM/src/nss-%{version}.tar.gz +# hg clone https://hg.mozilla.org/projects/nss nss-3.30.2/nss ; cd nss-3.30.2/nss ; hg up NSS_3_30_2_RTM #Source: nss-%{version}.tar.gz Source1: nss.pc.in Source3: nss-config.in @@ -57,7 +57,6 @@ Patch6: nss-disable-ocsp-test.patch Patch7: nss-sqlitename.patch Patch8: nss-fix-hash.patch -Patch9: nss-bmo1320695.patch %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{nss_softokn_fips_version} @@ -86,10 +85,10 @@ %package devel Summary: Network (Netscape) Security Services development files -Group: Development/Libraries/Other +Group: Development/Libraries/C and C++ Requires: libfreebl3 Requires: libsoftokn3 -Requires: mozilla-nspr-devel >= 4.13.1 +Requires: mozilla-nspr-devel >= 4.14 Requires: mozilla-nss = %{version}-%{release} # bug437293 %ifarch ppc64 @@ -179,7 +178,6 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt @@ -196,7 +194,7 @@ export FREEBL_LOWHASH=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` -export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +export OPT_FLAGS="%{optflags} -fno-strict-aliasing" export LIBDIR=%{_libdir} %ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64 export USE_64=1 @@ -222,20 +220,20 @@ %install cd nss -mkdir -p $RPM_BUILD_ROOT%{_libdir} -mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss -mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3 -mkdir -p $RPM_BUILD_ROOT%{_bindir} -mkdir -p $RPM_BUILD_ROOT%{_sbindir} -mkdir -p $RPM_BUILD_ROOT/%{_lib} -mkdir -p $RPM_BUILD_ROOT%{nssdbdir} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_libexecdir}/nss +mkdir -p %{buildroot}%{_includedir}/nss3 +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{nssdbdir} pushd ../dist/Linux* # copy headers -cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 +cp -rL ../public/nss/*.h %{buildroot}%{_includedir}/nss3 # copy some freebl include files we also want for file in blapi.h alghmac.h do - cp -L ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3 + cp -L ../private/nss/$file %{buildroot}/%{_includedir}/nss3 done # copy dynamic libs cp -L lib/libnss3.so \ @@ -248,20 +246,20 @@ lib/libsoftokn3.so \ lib/libsoftokn3.chk \ lib/libssl3.so \ - $RPM_BUILD_ROOT%{_libdir} + %{buildroot}%{_libdir} cp -L lib/libfreebl3.so \ lib/libfreebl3.chk \ lib/libfreeblpriv3.so \ lib/libfreeblpriv3.chk \ - $RPM_BUILD_ROOT/%{_lib} + %{buildroot}/%{_lib} #cp -L lib/libnsssqlite3.so \ -# $RPM_BUILD_ROOT%{_libdir} +# %{buildroot}%{_libdir} # copy static libs cp -L lib/libcrmf.a \ lib/libfreebl.a \ lib/libnssb.a \ lib/libnssckfw.a \ - $RPM_BUILD_ROOT%{_libdir} + %{buildroot}%{_libdir} # copy tools cp -L bin/certutil \ bin/cmsutil \ @@ -271,7 +269,7 @@ bin/signtool \ bin/signver \ bin/ssltap \ - $RPM_BUILD_ROOT%{_bindir} + %{buildroot}%{_bindir} # copy unsupported tools cp -L bin/atob \ bin/btoa \ @@ -285,13 +283,13 @@ bin/tstclnt \ bin/vfyserv \ bin/vfychain \ - $RPM_BUILD_ROOT%{_libexecdir}/nss + %{buildroot}%{_libexecdir}/nss # prepare pkgconfig file -mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/ +mkdir -p %{buildroot}%{_libdir}/pkgconfig/ sed "s:%%LIBDIR%%:%{_libdir}:g s:%%VERSION%%:%{version}:g s:%%NSPR_VERSION%%:%{nspr_ver}:g" \ - %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc + %{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/nss.pc # prepare nss-config file popd NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'` @@ -304,32 +302,32 @@ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ - > $RPM_BUILD_ROOT/%{_bindir}/nss-config -chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config + > %{buildroot}/%{_bindir}/nss-config +chmod 755 %{buildroot}/%{_bindir}/nss-config # setup-nsssysinfo.sh -install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/ +install -m 744 %{SOURCE6} %{buildroot}%{_sbindir}/ # create empty NSS database -#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create -#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null -#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/* +#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/modutil -force -dbdir "sql:%{buildroot}%{nssdbdir}" -create +#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/certutil -N -d "sql:%{buildroot}%{nssdbdir}" -f /dev/null 2>&1 > /dev/null +#chmod 644 "%{buildroot}%{nssdbdir}"/* #sed "s:%{buildroot}::g #s/^library=$/library=libnsssysinit.so/ #/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \ -# $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed -# mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,} +# %{buildroot}%{nssdbdir}/pkcs11.txt > %{buildroot}%{nssdbdir}/pkcs11.txt.sed +# mv %{buildroot}%{nssdbdir}/pkcs11.txt{.sed,} # copy empty NSS database -install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir} -install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir} -install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir} +install -m 644 %{SOURCE7} %{buildroot}%{nssdbdir} +install -m 644 %{SOURCE8} %{buildroot}%{nssdbdir} +install -m 644 %{SOURCE9} %{buildroot}%{nssdbdir} # create shlib sigs after extracting debuginfo %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \ - LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \ - LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ - LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreeblpriv3.so \ + LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libsoftokn3.so \ + LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libnssdbm3.so \ + LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreebl3.so \ + LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreeblpriv3.so \ %{nil} %post -p /sbin/ldconfig @@ -356,9 +354,6 @@ %postun sysinit -p /sbin/ldconfig -%clean -rm -rf $RPM_BUILD_ROOT - %files %defattr(-, root, root) %{_libdir}/libnss3.so ++++++ nss-3.29.5.tar.gz -> nss-3.30.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.29.5.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new/nss-3.30.2.tar.gz differ: char 5, line 1