Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2019-09-05 12:07:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss"
Thu Sep 5 12:07:05 2019 rev:146 rq:720828 version:3.45
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2019-07-22 12:16:04.143733361 +0200
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948/mozilla-nss.changes 2019-09-05 12:07:10.963887864 +0200
@@ -1,0 +2,73 @@
+Sat Aug 3 21:12:12 UTC 2019 - Wolfgang Rosenauer
+
+- update to NSS 3.45 (bsc#1141322)
+ * required by Firefox 69.0
+ New functions
+ * PK11_FindRawCertsWithSubject - Finds all certificates on the
+ given slot with the given subject distinguished name and returns
+ them as DER bytes. If no such certificates can be found, returns
+ SECSuccess and sets *results to NULL. If a failure is encountered
+ while fetching any of the matching certificates, SECFailure is
+ returned and *results will be NULL.
+ Notable changes
+ * bmo#1540403 - Implement Delegated Credentials
+ * bmo#1550579 - Replace ARM32 Curve25519 implementation with one
+ from fiat-crypto
+ * bmo#1551129 - Support static linking on Windows
+ * bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for
+ finding certificates with a given subject on a given slot
+ * bmo#1546229 - Add IPSEC IKE support to softoken
+ * bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23)
+ * bmo#1543874 - Expose an external clock for SSL
+ * bmo#1546477 - Various changes in response to the ongoing FIPS review
+ Certificate Authority Changes
+ * The following CA certificates were Removed:
+ bmo#1552374 - CN = Certinomis - Root CA
+ Bugs fixed
+ * bmo#1540541 - Don't unnecessarily strip leading 0's from key material
+ during PKCS11 import (CVE-2019-11719)
+ * bmo#1515342 - More thorough input checking (CVE-2019-11729)
+ * bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in
+ TLS 1.3 (CVE-2019-11727)
+ * bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed
+ from lib/freebl/pqg.c (static analysis)
+ * bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams
+ from lib/freebl/pqg.c (static analysis)
+ * bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong
+ * bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where
+ tags could be faked. Only relevant for clients that might have copied
+ the unit test code verbatim
+ * bmo#1550022 - Ensure nssutil3 gets built on Android
+ * bmo#1528174 - ChaCha20Poly1305 should no longer modify output
+ length on failure
+ * bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo()
+ returns error
+ * bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures
+ * bmo#1554659 - Add versioning to OpenBSD builds to fix link time
+ errors using NSS
+ * bmo#1553443 - Send session ticket only after handshake is marked
+ as finished
+ * bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so
+ builds
+ * bmo#1554336 - Optimize away unneeded loop in mpi.c
+ * bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
+ specific mechanism
+ * bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
+ * bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
+ * bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey
+ * bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data
+ * bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work
+ * bmo#1561523 - Add a string for the new-ish error
+ SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
+
+-------------------------------------------------------------------
+Fri Aug 2 14:43:24 UTC 2019 - Wolfgang Rosenauer
+
+- split hmac subpackages to match SLE's packaging
+
+-------------------------------------------------------------------
+Mon Jul 22 07:13:42 UTC 2019 - Martin Liška
+
+- Use -ffat-lto-objects in order to provide assembly for static libs.
+
+-------------------------------------------------------------------
Old:
----
nss-3.44.1.tar.gz
New:
----
nss-3.45.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.kc9rdZ/_old 2019-09-05 12:07:14.599887183 +0200
+++ /var/tmp/diff_new_pack.kc9rdZ/_new 2019-09-05 12:07:14.603887181 +0200
@@ -2,7 +2,7 @@
# spec file for package mozilla-nss
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
-# Copyright (c) 2006-2018 Wolfgang Rosenauer
+# Copyright (c) 2006-2019 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
#
-%global nss_softokn_fips_version 3.36
+%global nss_softokn_fips_version 3.45
%define NSPR_min_version 4.21
Name: mozilla-nss
@@ -26,9 +26,9 @@
BuildRequires: pkg-config
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
-Version: 3.44.1
+Version: 3.45
Release: 0
-%define underscore_version 3_44_1
+%define underscore_version 3_45
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-64bit
@@ -129,7 +129,7 @@
%package -n libfreebl3
Summary: Freebl library for the Network Security Services
Group: System/Libraries
-Provides: libfreebl3-hmac
+Recommends: libfreebl3-hmac = %{version}-%{release}
%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
@@ -141,11 +141,21 @@
This package installs the freebl library from NSS.
+%package -n libfreebl3-hmac
+Summary: Freebl library checksums for the Network Security Services
+Group: System/Libraries
+Requires: libfreebl3 = %{version}-%{release}
+
+%description -n libfreebl3-hmac
+Checksums for libraries contained in the libfreebl3 package
+used in the FIPS 140-2 mode.
+
+
%package -n libsoftokn3
Summary: Network Security Services Softoken Module
Group: System/Libraries
Requires: libfreebl3 = %{version}-%{release}
-Provides: libsoftokn3-hmac
+Recommends: libsoftokn3-hmac = %{version}-%{release}
%description -n libsoftokn3
Network Security Services (NSS) is a set of libraries designed to
@@ -157,6 +167,16 @@
Network Security Services Softoken Cryptographic Module
+%package -n libsoftokn3-hmac
+Summary: Network Security Services Softoken Module checksums
+Group: System/Libraries
+Requires: libsoftokn3 = %{version}-%{release}
+
+%description -n libsoftokn3-hmac
+Checksums for libraries contained in the libsoftokn3 package
+used in the FIPS 140-2 mode.
+
+
%package certs
Summary: CA certificates for NSS
Group: Productivity/Networking/Security
@@ -184,6 +204,7 @@
#make generate
%build
+%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
cd nss
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
@@ -389,15 +410,21 @@
%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so
-/%{_lib}/libfreebl3.chk
/%{_lib}/libfreeblpriv3.so
+
+%files -n libfreebl3-hmac
+%defattr(-, root, root)
+/%{_lib}/libfreebl3.chk
/%{_lib}/libfreeblpriv3.chk
%files -n libsoftokn3
%defattr(-, root, root)
%{_libdir}/libsoftokn3.so
-%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.so
+
+%files -n libsoftokn3-hmac
+%defattr(-, root, root)
+%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.chk
%files certs
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.kc9rdZ/_old 2019-09-05 12:07:14.639887175 +0200
+++ /var/tmp/diff_new_pack.kc9rdZ/_new 2019-09-05 12:07:14.639887175 +0200
@@ -5,9 +5,11 @@
requires "mozilla-nss-certs-<targettype>"
libsoftokn3
requires "libfreebl3-<targettype> = <version>"
+libsoftokn3-hmac
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
+libfreebl3-hmac
+/lib/libfreebl3.chk
+/lib/libfreeblpriv3.chk
mozilla-nss-sysinit
++++++ nss-3.44.1.tar.gz -> nss-3.45.tar.gz ++++++
/work/SRC/openSUSE:Factory/mozilla-nss/nss-3.44.1.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.7948/nss-3.45.tar.gz differ: char 5, line 1