Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-nss-sysinit-3.15.2-1.16.1 RPM for armv7hl

From OpenSuSE 12.3 updates for armv7hl

Name: mozilla-nss-sysinit Distribution: openSUSE 12.3
Version: 3.15.2 Vendor: openSUSE
Release: 1.16.1 Build date: Wed Oct 2 10:11:25 2013
Group: System/Management Build host: armbuild09
Size: 31969 Source RPM: mozilla-nss-3.15.2-1.16.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.mozilla.org/projects/security/pki/nss/
Summary: System NSS Initialization
Default Operation System module that manages applications loading
NSS globally on the system. This module loads the system defined
PKCS #11 modules for NSS and chains with other NSS modules to load
any system or user configured modules.

Provides

Requires

License

MPL-2.0

Changelog

* Sat Sep 28 2013 crrodriguez@opensuse.org
  - update to 3.15.2 (bnc#842979)
    * Support for AES-GCM ciphersuites that use the SHA-256 PRF
    * MD2, MD4, and MD5 signatures are no longer accepted for OCSP
      or CRLs
    * Add PK11_CipherFinal macro
    * sizeof() used incorrectly
    * nssutil_ReadSecmodDB() leaks memory
    * Allow SSL_HandshakeNegotiatedExtension to be called before
      the handshake is finished.
    * Deprecate the SSL cipher policy code
    * Avoid uninitialized data read in the event of a decryption
      failure. (CVE-2013-1739)
* Fri Jul 05 2013 lnussel@suse.de
  - fix 32bit requirement, it's without () actually
* Wed Jul 03 2013 wr@rosenauer.org
  - update to 3.15.1
    * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites
      (RFC 5246 and RFC 5289) are supported, allowing TLS to be used
      without MD5 and SHA-1.
      Note the following limitations:
      The hash function used in the signature for TLS 1.2 client
      authentication must be the hash function of the TLS 1.2 PRF,
      which is always SHA-256 in NSS 3.15.1.
      AES GCM cipher suites are not yet supported.
    * some bugfixes and improvements
* Fri Jun 28 2013 lnussel@suse.de
  - require libnssckbi instead of mozilla-nss-certs so p11-kit can
    conflict with the latter (fate#314991)
* Tue Jun 11 2013 wr@rosenauer.org
  - update to 3.15
    * Packaging
      + removed obsolete patches
    * nss-disable-expired-testcerts.patch
    * bug-834091.patch
    * New Functionality
      + Support for OCSP Stapling (RFC 6066, Certificate Status
      Request) has been added for both client and server sockets.
      TLS client applications may enable this via a call to
      SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
      + Added function SECITEM_ReallocItemV2. It replaces function
      SECITEM_ReallocItem, which is now declared as obsolete.
      + Support for single-operation (eg: not multi-part) symmetric
      key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
      + certutil has been updated to support creating name constraints
      extensions.
    * New Functions
      in ssl.h
      SSL_PeerStapledOCSPResponse - Returns the server's stapled
      OCSP response, when used with a TLS client socket that
      negotiated the status_request extension.
      SSL_SetStapledOCSPResponses - Set's a stapled OCSP response
      for a TLS server socket to return when clients send the
      status_request extension.
      in ocsp.h
      CERT_PostOCSPRequest - Primarily intended for testing, permits
      the sending and receiving of raw OCSP request/responses.
      in secpkcs7.h
      SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7
      signature at a specific time other than the present time.
      in xconst.h
      CERT_EncodeNameConstraintsExtension - Matching function for
      CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
      in secitem.h
      SECITEM_AllocArray
      SECITEM_DupArray
      SECITEM_FreeArray
      SECITEM_ZfreeArray - Utility functions to handle the
      allocation and deallocation of SECItemArrays
      SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is
      now obsolete. SECITEM_ReallocItemV2 better matches caller
      expectations, in that it updates item->len on allocation.
      For more details of the issues with SECITEM_ReallocItem,
      see Bug 298649 and Bug 298938.
      in pk11pub.h
      PK11_Decrypt - Performs decryption as a single PKCS#11
      operation (eg: not multi-part). This is necessary for AES-GCM.
      PK11_Encrypt - Performs encryption as a single PKCS#11
      operation (eg: not multi-part). This is necessary for AES-GCM.
    * New Types
      in secitem.h
      SECItemArray - Represents a variable-length array of SECItems.
    * New Macros
      in ssl.h
      SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure
      TLS client sockets to request the certificate_status extension
      (eg: OCSP stapling) when set to PR_TRUE
    * Notable changes
      + SECITEM_ReallocItem is now deprecated. Please consider using
      SECITEM_ReallocItemV2 in all future code.
      + The list of root CA certificates in the nssckbi module has
      been updated.
      + The default implementation of SSL_AuthCertificate has been
      updated to add certificate status responses stapled by the TLS
      server to the OCSP cache.
    * a lot of bugfixes
* Tue Apr 16 2013 idonmez@suse.com
  - Add Source URL, see https://en.opensuse.org/SourceUrls
* Sun Mar 24 2013 wr@rosenauer.org
  - disable tests with expired certificates
    (nss-disable-expired-testcerts.patch)
  - add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from
    mozilla tree to fulfill Firefox 21 requirements
    (bug-834091.patch; bmo#834091)
* Thu Feb 28 2013 wr@rosenauer.org
  - update to 3.14.3
    * No new major functionality is introduced in this release. This
      release is a patch release to address CVE-2013-1620 (bmo#822365)
    * "certutil -a" was not correctly producing ASCII output as
      requested. (bmo#840714)
    * NSS 3.14.2 broke compilation with older versions of sqlite that
      lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now
      properly compiles when used with older versions of sqlite
      (bmo#837799) - remove system-sqlite.patch
  - add aarch64 support
* Tue Feb 05 2013 wr@rosenauer.org
  - added system-sqlite.patch (bmo#837799)
    * do not depend on latest sqlite just for a #define
  - enable system sqlite usage again
* Sat Feb 02 2013 wr@rosenauer.org
  - update to 3.14.2
    * required for Firefox >= 20
    * removed obsolete nssckbi update patch
    * MFSA 2013-40/CVE-2013-0791 (bmo#629816)
      Out-of-bounds array read in CERT_DecodeCertPackage
  - disable system sqlite usage since we depend on 3.7.15 which is
    not provided in any openSUSE distribution
    * add nss-sqlitename.patch to avoid any name clash
* Sun Dec 30 2012 wr@rosenauer.org
  - updated CA database (nssckbi-1.93.patch)
    * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)
      revoke mis-issued intermediate certificates from TURKTRUST
* Tue Dec 18 2012 wr@rosenauer.org
  - update to 3.14.1 RTM
    * minimal requirement for Gecko 20
    * several bugfixes
* Thu Oct 25 2012 wr@rosenauer.org
  - update to 3.14 RTM
    * Support for TLS 1.1 (RFC 4346)
    * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
    * Support for AES-CTR, AES-CTS, and AES-GCM
    * Support for Keying Material Exporters for TLS (RFC 5705)
    * Support for certificate signatures using the MD5 hash algorithm
      is now disabled by default
    * The NSS license has changed to MPL 2.0. Previous releases were
      released under a MPL 1.1/GPL 2.0/LGPL  2.1 tri-license. For more
      information about MPL 2.0, please see
      http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional
      explanation on GPL/LGPL compatibility, see security/nss/COPYING
      in the source code.
    * Export and DES cipher suites are disabled by default. Non-ECC
      AES and Triple DES cipher suites are enabled by default
  - disabled OCSP testcases since they need external network
    (nss-disable-ocsp-test.patch)
* Wed Aug 15 2012 wr@rosenauer.org
  - update to 3.13.6 RTM
    * root CA update
    * other bugfixes
* Fri Jun 01 2012 wr@rosenauer.org
  - update to 3.13.5 RTM
* Fri Apr 13 2012 wr@rosenauer.org
  - update to 3.13.4 RTM
    * fixed some bugs
    * fixed cert verification regression in PKIX mode (bmo#737802)
      introduced in 3.13.2
* Thu Feb 23 2012 wr@rosenauer.org
  - update to 3.13.3 RTM
    - distrust Trustwave's MITM certificates (bmo#724929)
    - fix generic blacklisting mechanism (bmo#727204)
* Thu Feb 16 2012 wr@rosenauer.org
  - update to 3.13.2 RTM
    * requirement with Gecko >= 11
  - removed obsolete patches
    * ckbi-1.88
    * pkcs11n-header-fix.patch
* Sun Dec 18 2011 adrian@suse.de
  - fix spec file syntax for qemu-workaround
* Mon Nov 14 2011 john@redux.org.uk
  - Added a patch to fix errors in the pkcs11n.h header file.
    (bmo#702090)
* Sat Nov 05 2011 wolfgang@rosenauer.org
  - update to 3.13.1 RTM
    * better SHA-224 support (bmo#647706)
    * fixed a regression (causing hangs in some situations)
      introduced in 3.13 (bmo#693228)
  - update to 3.13.0 RTM
    * SSL 2.0 is disabled by default
    * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
      attack demonstrated by Rizzo and Duong (CVE-2011-3389) is
      enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to
      PR_FALSE to disable it.
    * SHA-224 is supported
    * Ported to iOS. (Requires NSPR 4.9.)
    * Added PORT_ErrorToString and PORT_ErrorToName to return the
      error message and symbolic name of an NSS error code
    * Added NSS_GetVersion to return the NSS version string
    * Added experimental support of RSA-PSS to the softoken only
    * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db
      anymore (bmo#641052, bnc#726096)
* Sat Nov 05 2011 wr@rosenauer.org
  - explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753)
  - make sure NSS_NoDB_Init does not try to use wrong certificate
    databases (CVE-2011-3640, bnc#726096, bmo#641052)
* Fri Sep 30 2011 crrodriguez@opensuse.org
  - Workaround qemu-arm bugs.
* Fri Sep 09 2011 wr@rosenauer.org
  - explicitely distrust/override DigiNotar certs (bmo#683261)
    (trustdb version 1.87)
* Fri Sep 02 2011 pcerny@suse.com
  - removed DigiNotar root certificate from trusted db
    (bmo#682927, bnc#714931)
* Wed Aug 24 2011 andrea.turrini@gmail.com
  - fixed typo in summary of mozilla-nss (libsoftokn3)
* Fri Aug 12 2011 wr@rosenauer.org
  - update to 3.12.11 RTM
    * no upstream release notes available
* Wed Jul 13 2011 meissner@suse.de
  - Linux3.0 is the new Linux2.6 (make it build)
* Mon May 23 2011 crrodriguez@opensuse.org
  - Do not include build dates in binaries, messes up
    build compare
* Thu May 19 2011 wr@rosenauer.org
  - update to 3.12.10 RTM
    * no changes except internal release information
* Thu Apr 28 2011 wr@rosenauer.org
  - update to 3.12.10beta1
    * root CA changes
    * filter certain bogus certs (bmo#642815)
    * fix minor memory leaks
    * other bugfixes
* Sun Jan 09 2011 wr@rosenauer.org
  - update to 3.12.9rc0
    * fix minor memory leaks (bmo#619268)
    * fix crash in nss_cms_decoder_work_data (bmo#607058)
    * fix crash in certutil (bmo#620908)
    * handle invalid argument in JPAKE (bmo#609068)
* Thu Dec 09 2010 wr@rosenauer.org
  - update to 3.12.9beta2
    * J-PAKE support (API requirement for Firefox >= 4.0b8)
* Tue Nov 09 2010 wr@rosenauer.org
  - replaced expired PayPal test certificate (fixing testsuite)
* Sat Sep 25 2010 wr@rosenauer.org
  - update to 3.12.8 RTM release
    * support TLS false start (needed for Firefox4) (bmo#525092)
    * fix wildcard matching for IP addresses (bnc#637290, bmo#578697)
      (CVE-2010-3170)
    * bugfixes
* Fri Jul 23 2010 wr@rosenauer.org
  - update to 3.12.7 RTM release
    * bugfix release
    * updated root CA list
  - removed obsolete patches
* Fri Jul 09 2010 jengelh@medozas.de
  - Disable testsuite on SPARC. Some tests fails, probably due to
    just bad timing/luck.
* Thu Jun 03 2010 wr@rosenauer.org
  - Use preloaded empty system database since creating with
    modutil leaves database in nonusable state
* Sat Apr 24 2010 coolo@novell.com
  - buildrequire pkg-config to fix provides
* Sun Apr 04 2010 wr@rosenauer.org
  - disabled a test using an expired cert (bmo#557071)
* Sat Mar 20 2010 wr@rosenauer.org
  - fixed builds for older dists where internal sqlite3 is used
    (nss-sqlitename.patch was not refreshed correctly)
  - fixed baselibs.conf as <release> is not a valid identifier
* Tue Mar 09 2010 wr@rosenauer.org
  - update to 3.12.6 RTM release
    * added mozilla-nss-sysinit subpackage
  - change renegotiation behaviour to the old default for a
    transition phase
* Tue Mar 09 2010 wr@rosenauer.org
  - split off libsoftokn3 subpackage to allow mixed NSS installation
* Sat Dec 26 2009 wr@rosenauer.org
  - added mozilla-nss-certs baselibs (bnc#567322)
* Fri Dec 18 2009 wr@rosenauer.org
  - split mozilla-nss-certs from main package
  - added rpmlintrc to ignore expected warnings
  - added baselibs.conf as source
* Mon Dec 14 2009 wr@rosenauer.org
  - updated builtin certs (version 1.77)
* Mon Nov 23 2009 wr@rosenauer.org
  - rebased patches to apply w/o fuzz
* Fri Aug 14 2009 wr@rosenauer.org
  - update to 3.12.4 RTM release
* Fri Aug 07 2009 wr@rosenauer.org
  - update to recent snapshot (20090806)
  - libnssdbm3.so has to be signed starting with 3.12.4
* Mon Aug 03 2009 wr@rosenauer.org
  - update to NSS 3.12.4pre snapshot
  - rebased existing patches
  - enable testsuite again (was disabled accidentally before)
* Wed Jul 29 2009 wr@rosenauer.org
  - update to NSS 3.12.3.1 (upstream use in FF 3.5.1) (bmo#504611)
    * RNG_SystemInfoForRNG called twice by nsc_CommonInitialize
      (bmo#489811; other changes are unrelated to Linux)
  - moved shlibsign to tools package again (as it's not needed at
    library install time anymore)
  - use %{_libexecdir} for the tools
* Sat Jun 06 2009 wr@rosenauer.org
  - Temporary testsuite fix for Factory (bnc#509308) (malloc.patch)
  - remove the post scriptlet which created the *.chk files and
    use a RPM feature to create them after debuginfo stuff
* Tue Jun 02 2009 wr@rosenauer.org
  - updated builtin root certs by updating to
    NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the
    base for Firefox 3.5.0
  - PreReq coreutils in the main package already as "rm" is used
    in its %post script
  - disable testsuite for this moment as it crashes on Factory
    currently for an unknown reason
* Thu May 21 2009 wr@rosenauer.org
  - renew Paypal certs to fix testsuite errors (bmo#491163)
* Mon Apr 20 2009 wr@rosenauer.org
  - update to version 3.12.3 RTM
    * default behaviour changed slightly but can be set up
      backward compatible using environment variables
      https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
    * New Korean SEED cipher
    * Some new functions in the nss library:
      CERT_RFC1485_EscapeAndQuote (see cert.h)
      CERT_CompareCerts (see cert.h)
      CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
      PK11_GetSymKeyHandle (see pk11pqg.h)
      UTIL_SetForkState (see secoid.h)
      NSS_GetAlgorithmPolicy (see secoid.h)
      NSS_SetAlgorithmPolicy (see secoid.h)
  - created libfreebl3 subpackage and build it w/o nspr and nss deps
  - added patch to make all ASM noexecstack
  - create the softokn3 and freebl3 checksums at installation time
    (moved shlibsign to the main package to achieve that)
  - applied upstream patch to avoid OSCP test failures (bmo#488646)
  - applied upstream patch to fix libjar crashes (bmo#485145)

Files

/etc/pki
/etc/pki/nssdb
/etc/pki/nssdb/cert9.db
/etc/pki/nssdb/key4.db
/etc/pki/nssdb/pkcs11.txt
/usr/lib/libnsssysinit.so
/usr/sbin/setup-nsssysinit.sh


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Aug 21 23:53:07 2014