Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsoftokn3-3.101.2-slfo.1.1.11 RPM for ppc64le

From OpenSuSE Leap 16.0 for ppc64le

Name: libsoftokn3 Distribution: SUSE Linux Framework One
Version: 3.101.2 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.11 Build date: Mon Jul 29 14:44:11 2024
Group: System/Libraries Build host: reproducible
Size: 667208 Source RPM: mozilla-nss-3.101.2-slfo.1.1.11.src.rpm
Packager: https://www.suse.com/
Url: https://www.mozilla.org/projects/security/pki/nss/
Summary: Network Security Services Softoken Module
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

Network Security Services Softoken Cryptographic Module

Provides

Requires

License

MPL-2.0

Changelog

* Mon Jul 29 2024 martin.sirringhaus@suse.com
  - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
    depends on it and will create a broken, empty config, if sed is
    missing (bsc#1227918)
* Thu Jul 25 2024 martin.sirringhaus@suse.com
  - update to NSS 3.101.2
    * bmo#1905691 - ChaChaXor to return after the function
* Wed Jul 10 2024 hpj@suse.com
  - Added nss-fips-safe-memset.patch, fixing bsc#1222811.
  - Removed some dead code from nss-fips-constructor-self-tests.patch.
  - Rebased nss-fips-approved-crypto-non-ec.patch on above changes.
  - Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830.
  - Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813,
    bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118.
  - Updated nss-fips-approved-crypto-non-ec.patch and
    nss-fips-constructor-self-tests.patch, fixing bsc#1222807,
    bsc#1222828, bsc#1222834.
  - Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804,
    bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116.
* Wed Jul 10 2024 martin.sirringhaus@suse.com
  - update to NSS 3.101.1
    * bmo#1901932 - missing sqlite header.
    * bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
  - update to NSS 3.101
    * bmo#1900413 - add diagnostic assertions for SFTKObject refcount.
    * bmo#1899759 - freeing the slot in DeleteCertAndKey if authentication failed
    * bmo#1899883 - fix formatting issues.
    * bmo#1889671 - Add Firmaprofesional CA Root-A Web to NSS.
    * bmo#1899593 - remove invalid acvp fuzz test vectors.
    * bmo#1898830 - pad short P-384 and P-521 signatures gtests.
    * bmo#1898627 - remove unused FreeBL ECC code.
    * bmo#1898830 - pad short P-384 and P-521 signatures.
    * bmo#1898825 - be less strict about ECDSA private key length.
    * bmo#1854439 - Integrate HACL* P-521.
    * bmo#1854438 - Integrate HACL* P-384.
    * bmo#1898074 - memory leak in create_objects_from_handles.
    * bmo#1898858 - ensure all input is consumed in a few places in mozilla::pkix
    * bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
    * bmo#1748105 - clean up escape handling
    * bmo#1896353 - Use lib::pkix as default validator instead of the old-one
    * bmo#1827444 - Need to add high level support for PQ signing.
    * bmo#1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
    * bmo#1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
    * bmo#1893404 - Allow for non-full length ecdsa signature when using softoken
    * bmo#1830415 - Modification of .taskcluster.yml due to mozlint indent defects
    * bmo#1793811 - Implement support for PBMAC1 in PKCS#12
    * bmo#1897487 - disable VLA warnings for fuzz builds.
    * bmo#1895032 - remove redundant AllocItem implementation.
    * bmo#1893334 - add PK11_ReadDistrustAfterAttribute.
    * bmo#215997  - Clang-formatting of SEC_GetMgfTypeByOidTag update
    * bmo#1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
    * bmo#1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
    * bmo#1830415 - Switch to the mozillareleases/image_builder image
  - Follow upstream changes in nss-fips-constructor-self-tests.patch (switch from ec_field_GFp to ec_field_plain)
  - Remove part of nss-fips-zeroization.patch that got removed upstream
  - update to NSS 3.100
    - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
      faster Xyber operations.
    - bmo#1893752 - remove ckcapi.
    - bmo#1893162 - avoid a potential PK11GenericObject memory leak.
    - bmo#671060  - Remove incomplete ESDH code.
    - bmo#215997  - Decrypt RSA OAEP encrypted messages.
    - bmo#1887996 - Fix certutil CRLDP URI code.
    - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
    - bmo#676118  - Add ability to encrypt and decrypt CMS messages using ECDH.
    - bmo#676100  - Correct Templates for key agreement in smime/cmsasn.c.
    - bmo#1548723 - Moving the decodedCert allocation to NSS.
    - bmo#1885404 - Allow developers to speed up repeated local execution
      of NSS tests that depend on certificates.
  - update to NSS 3.99
    * Removing check for message len in ed25519 (bmo#1325335)
    * add ed25519 to SECU_ecName2params. (bmo#1884276)
    * add EdDSA wycheproof tests. (bmo#1325335)
    * nss/lib layer code for EDDSA. (bmo#1325335)
    * Adding EdDSA implementation. (bmo#1325335)
    * Exporting Certificate Compression types (bmo#1881027)
    * Updating ACVP docker to rust 1.74 (bmo#1880857)
    * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
    * Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
  - update to NSS 3.98
    * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption
      in TLS
    * bmo#1879513 - Certificate Compression: enabling the check that
      the compression was advertised
    * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha
    * bmo#1879945 - Remove Email trust bit from OISTE WISeKey
      Global Root GC CA
    * bmo#1877344 - Replace `distutils.spawn.find_executable` with
      `shutil.which` within `mach` in `nss`
    * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to
      support Certificate compression
    * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation
    * bmo#1875356 - Add valgrind annotations to freebl kyber operations
      for constant-time execution tests
    * bmo#1870673 - Set nssckbi version number to 2.66
    * bmo#1874017 - Add Telekom Security roots
    * bmo#1873095 - Add D-Trust 2022 S/MIME roots
    * bmo#1865450 - Remove expired Security Communication RootCA1 root
    * bmo#1876179 - move keys to a slot that supports concatenation in
      PK11_ConcatSymKeys
    * bmo#1876800 - remove unmaintained tls-interop tests
    * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim
      flags
    * bmo#1874937 - bogo: add support for the -curves shim flag and
      update Kyber expectations
    * bmo#1874937 - bogo: adjust expectation for a key usage bit test
    * bmo#1757758 - mozpkix: add option to ignore invalid subject
      alternative names
    * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value
    * bmo#1876390 - take ownership of ecckilla shims
    * bmo#1874458 - add valgrind annotations to freebl/ec.c
    * bmo#864039  - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
    * bmo#1875965 - Update zlib to 1.3.1
  - Use %patch -P N instead of deprecated %patchN.
  - update to NSS 3.97
    * bmo#1875506 - make Xyber768d00 opt-in by policy
    * bmo#1871631 - add libssl support for xyber768d00
    * bmo#1871630 - add PK11_ConcatSymKeys
    * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
    * bmo#1871152 - add a FreeBL API for Kyber
    * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
    * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
    * bmo#1835828 - Removing the calls to RSA Blind from loader.*
    * bmo#1874111 - fix worker type for level3 mac tasks
    * bmo#1835828 - RSA Blind implementation
    * bmo#1869642 - Remove DSA selftests
    * bmo#1873296 - read KWP testvectors from JSON
    * bmo#1822450 - Backed out changeset dcb174139e4f
    * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
    * bmo#1871219 - Wrap CC shell commands in gyp expansions
  - update to NSS 3.96.1
    * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
    * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups)
    * bmo#1867408 - add a defensive check for large ssl_DefSend return values
    * bmo#1869378 - Add dependency to the taskcluster script for Darwin
    * bmo#1869378 - Upgrade version of the MacOS worker for the CI
  - add nss-allow-slow-tests-s390x.patch: "certutil dump keys with
    explicit default trust flags" test needs longer than the allowed
    6 seconds on s390x
  - update to NSS 3.95
    * bmo#1842932 - Bump builtins version number.
    * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
      Firmaprofesional CIF A62634068 root cert.
    * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
    * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
    * bmo#1850982 - Remove Camerfirma root certificates from NSS.
    * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
      Certificate.
    * bmo#1860670 - Add four Commscope root certificates to NSS.
    * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
    * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
    * bmo#1861728 - Include P-256 Scalar Validation from HACL*.
    * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
      256 ECC without DER wrapping at the softoken level
    * bmo#1837987 - Add means to provide library parameters to C_Initialize
    * bmo#1573097 - clang format
    * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
    * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
    * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
    * bmo#1573097 - Fix Invalid casts in instance.c
  - update to NSS 3.94
    * bmo#1853737 - Updated code and commit ID for HACL*
    * bmo#1840510 - update ACVP fuzzed test vector: refuzzed with
      current NSS
    * bmo#1827303 - Softoken C_ calls should use system FIPS setting
      to select NSC_ or FC_ variants
    * bmo#1774659 - NSS needs a database tool that can dump the low level
      representation of the database
    * bmo#1852179 - declare string literals using char in pkixnames_tests.cpp
    * bmo#1852179 - avoid implicit conversion for ByteString
    * bmo#1818766 - update rust version for acvp docker
    * bmo#1852011 - Moving the init function of the mpi_ints before
      clean-up in ec.c
    * bmo#1615555 - P-256 ECDH and ECDSA from HACL*
    * bmo#1840510 - Add ACVP test vectors to the repository
    * bmo#1849077 - Stop relying on std::basic_string<uint8_t>
    * bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp
  - rebased patches
  - added nss-fips-test.patch to fix broken test
  - Update to NSS 3.93:
    * bmo#1849471 - Update zlib in NSS to 1.3.
    * bmo#1848183 - softoken: iterate hashUpdate calls for long inputs.
    * bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980).
  - Rebase nss-fips-pct-pubkeys.patch.
  - update to NSS 3.92
    * bmo#1822935 - Set nssckbi version number to 2.62
    * bmo#1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS
    * bmo#1839992 - Add 4 SSL.com Root CA certificates
    * bmo#1840429 - Add Sectigo E46 and R46 Root CA certificates
    * bmo#1840437 - Add LAWtrust Root CA2 (4096)
    * bmo#1822936 - Remove E-Tugra Certification Authority root
    * bmo#1827224 - Remove Camerfirma Chambers of Commerce Root.
    * bmo#1840505 - Remove Hongkong Post Root CA 1
    * bmo#1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3
    * bmo#1842937 - Avoid redefining BYTE_ORDER on hppa Linux
  - update to NSS 3.91
    * bmo#1837431 - Implementation of the HW support check for ADX instruction
    * bmo#1836925 - Removing the support of Curve25519
    * bmo#1839795 - Fix comment about the addition of ticketSupportsEarlyData
    * bmo#1839327 - Adding args to enable-legacy-db build
    * bmo#1835357 - dbtests.sh failure in "certutil dump keys with explicit
      default trust flags"
    * bmo#1837617 - Initialize flags in slot structures
    * bmo#1835425 - Improve the length check of RSA input to avoid heap overflow
    * bmo#1829112 - Followup Fixes
    * bmo#1784253 - avoid processing unexpected inputs by checking for
      m_exptmod base sign
    * bmo#1826652 - add a limit check on order_k to avoid infinite loop
    * bmo#1834851 - Update HACL* to commit 5f6051d2
    * bmo#1753026 - add SHA3 to cryptohi and softoken
    * bmo#1753026 - HACL SHA3
    * bmo#1836781 - Disabling ASM C25519 for A but X86_64
  - removed upstreamed patch nss-fix-bmo1836925.patch
* Wed Jul 10 2024 martin.sirringhaus@suse.com
  - update to NSS 3.90.3
    * bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
    * bmo#1748105 - clean up escape handling.
    * bmo#1895032 - remove redundant AllocItem implementation.
    * bmo#1836925 - Disable ASM support for Curve25519.
    * bmo#1836781 - Disable ASM support for Curve25519 for all but X86_64.
  - remove upstreamed nss-fix-bmo1836925.patch
* Fri May 24 2024 martin.sirringhaus@suse.com
  - Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
    when using FIPS-mode (bsc#1223724).
* Tue Feb 27 2024 cgrobertson@suse.com
  - Added "Provides: nss" so other RPMs that require 'nss' can
    be installed (jira PED-6358).
* Mon Feb 19 2024 martin.sirringhaus@suse.com
  - update to NSS 3.90.2
    * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
      decryption in TLS. (bsc#1216198)
    * bmo#1867408 - add a defensive check for large ssl_DefSend
      return values.
* Mon Dec 11 2023 martin.sirringhaus@suse.com
  - update to NSS 3.90.1
    * bmo#1813401 - regenerate NameConstraints test certificates.
    * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
  - Remove nss-fix-bmo1813401.patch which is now upstream.
* Thu Sep 07 2023 martin.sirringhaus@suse.com
  - Add nss-fix-bmo1813401.patch to fix bsc#1214980
* Mon May 15 2023 martin.sirringhaus@suse.com
  - update to NSS 3.90
    * bmo#1623338 - ride along: remove a duplicated doc page
    * bmo#1623338 - remove a reference to IRC
    * bmo#1831983 - clang-format lib/freebl/stubs.c
    * bmo#1831983 - Add a constant time select function
    * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
    * bmo#1830973 - output early build errors by default
    * bmo#1804505 - Update the technical constraints for KamuSM
    * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
    * bmo#1790763 - Enable default UBSan Checks
    * bmo#1786018 - Add explicit handling of zero length records
    * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
    * bmo#1786018 - Refactor zero length record tests
    * bmo#1829112 - Fix compiler warning via correct assert
    * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
    * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
    * bmo#1784163 - Fix reading raw negative numbers
    * bmo#1748237 - Repairing unreachable code in clang built with gyp
    * bmo#1783647 - Integrate Vale Curve25519
    * bmo#1799468 - Removing unused flags for Hacl*
    * bmo#1748237 - Adding a better error message
    * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
    * bmo#1782980 - Fall back to the softokn when writing certificate trust
    * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
    * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
    * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
    * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
    * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
    * bmo#1822076 - fix rst warnings in nss doc
    * bmo#1821997 - Fix incorrect pygment style
    * bmo#1821292 - Change GYP directive to apply across platforms
    * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
  - Add nss-fix-bmo1836925.patch to fix build-errors
  - Merge the libfreebl3-hmac and libsoftokn3-hmac packages
    into the respective libraries. (bsc#1185116)
  - update to NSS 3.89.1
    * bmo#1804505 - Update the technical constraints for KamuSM.
    * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
  - update to NSS 3.89
    * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
    * bmo#1820175 - PR_STATIC_ASSERT is cursed
    * bmo#1767883 - Need to add policy control to keys lengths for signatures
    * bmo#1820175 - Fix unreachable code warning in fuzz builds
    * bmo#1820175 - Fix various compiler warnings in NSS
    * bmo#1820175 - Enable various compiler warnings for clang builds
    * bmo#1815136 - set PORT error after sftk_HMACCmp failure
    * bmo#1767883 - Need to add policy control to keys lengths for signatures
    * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
    * bmo#1804660 - Make high tag number assertion failure an error
    * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
      length from 284 to 384
    * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
    * bmo#1789436 - Fix build failure on Windows
    * bmo#1811337 - migrate Win 2012 tasks to Azure
    * bmo#1810702 - fix title length in doc
    * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
    * bmo#1570615 - Add presence/absence tests for TLS GREASE
    * bmo#1804688 - Correct addition of GREASE value to ALPN xtn
    * bmo#1789436 - CH extension permutation
    * bmo#1570615 - TLS GREASE (RFC8701)
    * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
    * bmo#1815870 - use a different treeherder symbol for each docker
      image build task
    * bmo#1815868 - pin an older version of the ubuntu:18.04 and
      20.04 docker images
    * bmo#1810702 - remove nested table in rst doc
    * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
    * bmo#1812671 - build failure while implicitly casting SECStatus
      to PRUInt32
  - update to NSS 3.88.1
    * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
  - update to NSS 3.88
    * bmo#1815870 - use a different treeherder symbol for each docker
      image build task
    * bmo#1815868 - pin an older version of the ubuntu:18.04 and
      20.04 docker images
    * bmo#1810702 - remove nested table in rst doc
    * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
    * bmo#1812671 - build failure while implicitly casting SECStatus
      to PRUInt32
    * bmo#1212915 - Add check for ClientHello SID max length
    * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
    * bmo#1790357 - ECH client - Discard resumption TLS < 1.3
      Session(IDs|Tickets) if ECH configs are setup
    * bmo#1714245 - On HRR skip PSK incompatible with negotiated
      ciphersuites hash algorithm
    * bmo#1789410 - ECH client: Send ech_required alert on server
      negotiating TLS 1.2. Fixed misleading Gtest,
      enabled corresponding BoGo test
    * bmo#1771100 - Added Bogo ECH rejection test support
    * bmo#1771100 - Added ECH 0Rtt support to BoGo shim
    * bmo#1747957 - RSA OAEP Wycheproof JSON
    * bmo#1747957 - RSA decrypt Wycheproof JSON
    * bmo#1747957 - ECDSA Wycheproof JSON
    * bmo#1747957 - ECDH Wycheproof JSON
    * bmo#1747957 - PKCS#1v1.5 wycheproof json
    * bmo#1747957 - Use X25519 wycheproof json
    * bmo#1766767 - Move scripts to python3
    * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
    * bmo#1805907 - Extending RSA-PSS bltest test coverage
      (Adding SHA-256 and SHA-384)
    * bmo#1804091 - NSS needs to move off of DSA for integrity checks
    * bmo#1805815 - Add initial testing with ACVP vector sets using
      acvp-rust
    * bmo#1806369 - Don't clone libFuzzer, rely on clang instead
  - update to NSS 3.87
    * bmo#1803226 - NULL password encoding incorrect
    * bmo#1804071 - Fix rng stub signature for fuzzing builds
    * bmo#1803595 - Updating the compiler parsing for build
    * bmo#1749030 - Modification of supported compilers
    * bmo#1774654 - tstclnt crashes when accessing gnutls server
      without a user cert in the database.
    * bmo#1751707 - Add configuration option to enable source-based
      coverage sanitizer
    * bmo#1751705 - Update ECCKiila generated files.
    * bmo#1730353 - Add support for the LoongArch 64-bit architecture
    * bmo#1798823 - add checks for zero-length RSA modulus to avoid
      memory errors and failed assertions later
    * bmo#1798823 - Additional zero-length RSA modulus checks
  - Remove nss-fix-bmo1774654.patch which is now upstream
  - update to NSS 3.86
    * bmo#1803190 - conscious language removal in NSS
    * bmo#1794506 - Set nssckbi version number to 2.60
    * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
      CKA_NSS_EMAIL_DISTRUST_AFTER for 3
      TrustCor Root Certificates
    * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
    * bmo#1797559 - Remove EC-ACC root cert from NSS
    * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
    * bmo#1794495 - Remove Network Solutions Certificate Authority
    * bmo#1802331 - compress docker image artifact with zstd
    * bmo#1799315 - Migrate nss from AWS to GCP
    * bmo#1800989 - Enable static builds in the CI
    * bmo#1765759 - Removing SAW docker from the NSS build system
    * bmo#1783231 - Initialising variables in the rsa blinding code
    * bmo#320582 - Implementation of the double-signing of the message
      for ECDSA
    * bmo#1783231 - Adding exponent blinding for RSA.
  - update to NSS 3.85
    * bmo#1792821 - Modification of the primes.c and dhe-params.c in
      order to have better looking tables
    * bmo#1796815 - Update zlib in NSS to 1.2.13
    * bmo#1796504 - Skip building modutil and shlibsign when building
      in Firefox
    * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
    * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
    * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
      and -Wtype-limits warnings
    * bmo#1796281 - Followup: add missing stdint.h include
    * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
    * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
      warnings on Windows
    * bmo#1796079 - Fix -Wstring-conversion warnings
    * bmo#1796075 - Fix -Wempty-body warnings
    * bmo#1795242 - Fix unused-but-set-parameter warning
    * bmo#1795241 - Fix unreachable-code warnings
    * bmo#1795222 - Mark _nss_version_c unused on clang-cl
    * bmo#1795668 - Remove redundant variable definitions in lowhashtest
    * Add note about python executable to build instructions.
  - update to NSS 3.84
    * bmo#1791699 - Bump minimum NSPR version to 4.35
    * bmo#1792103 - Add a flag to disable building libnssckbi.
  - update to NSS 3.83
    * bmo#1788875 - Remove set-but-unused variables from
      SEC_PKCS12DecoderValidateBags
    * bmo#1563221 - remove older oses that are unused part3/ BeOS
    * bmo#1563221 - remove older unix support in NSS part 3 Irix
    * bmo#1563221 - remove support for older unix in NSS part 2 DGUX
    * bmo#1563221 - remove support for older unix in NSS part 1 OSF
    * bmo#1778413 - Set nssckbi version number to 2.58
    * bmp#1785297 - Add two SECOM root certificates to NSS
    * bmo#1787075 - Add two DigitalSign root certificates to NSS
    * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
    * bmo#1771100 - Added bug reference and description to disabled
      UnsolicitedServerNameAck bogo ECH test
    * bmo#1779361 - Removed skipping of ECH on equality of private and
      public server name
    * bmo#1779357 - Added comment and bug reference to
      ECHRandomHRRExtension bogo test
    * bmo#1779370 - Added Bogo shim client HRR test support. Fixed
      overwriting of CHInner.random on HRR
    * bmo#1779234 - Added check for server only sending ECH extension
      with retry configs in EncryptedExtensions and if not
      accepting ECH. Changed config setting behavior to
      skip configs with unsu