Commit Graph

569 Commits

Author SHA1 Message Date
Bob Relyea
ab8074dc44 Rebase to NSS 3.71:
Network Security Services (NSS) 3.71 was released on 30 September 2021.

    The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/>

    Changes:
    - Bug 1717716 - Set nssckbi version number to 2.52.
    - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
    - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
    - Bug 1717707 - Add HARICA Client ECC Root CA 2021.
    - Bug 1717707 - Add HARICA Client RSA Root CA 2021.
    - Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
    - Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
    - Bug 1728394 - Add TunTrust Root CA certificate to NSS.
    -------------------------------------

    Network Security Services (NSS) 3.70 was released on 4 September 2021.

    The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer.

    NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/>

    Changes:
       - Documentation: release notes for NSS 3.70.
       - Documentation: release notes for NSS 3.69.1.
       - Bug 1726022 - Update test case to verify fix.
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
       - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
       - Formatting for lib/util
       - Bug 1681975 - Avoid using a lookup table in nssb64d.
       - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
       - Bug 1714579 - Change default value of enableHelloDowngradeCheck to true.
       - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
       - Bug 1726022 - Cache additional PBE entries.
       - Bug 1709750 - Read HPKE vectors from official JSON.
       - Documentation: update for NSS 3.69 release.
2021-10-05 08:23:46 -07:00
Bob Relyea
4214661da7 Rebase to NSS 3.69 2021-08-10 14:31:47 -07:00
Bob Relyea
cd478aeea9 fix changelog date 2021-06-17 18:32:23 -07:00
Bob Relyea
deb63b62d4 Rebase to NSS 3.67 2021-06-17 15:34:30 -07:00
Bob Relyea
95f9aab4c0 Rebase to NSS 3.65 2021-05-28 10:33:20 -07:00
Bob Relyea
c8f06edaad Update to NSS 3.63.0 2021-03-25 08:58:12 -07:00
Bob Relyea
a22e2da6eb Rebase to nss 3.62.0 2021-02-23 16:41:10 -08:00
Bob Relyea
0af1776a67 Update to NSS 3.60.1 2021-01-22 16:45:23 +00:00
Bob Relyea
0d67947dcf - Back out strict SHA-1 signature control because firefox
Addon system is still using sha-1 signatures
2020-12-15 20:25:48 -08:00
Bob Relyea
a4039ab8d2 - Work around btrfs/sqlite bug
- Disable new policy entries until crypto-polices has been updated
2020-12-12 10:24:46 -08:00
Daiki Ueno
ba08eea9a6 Update to NSS 3.59 2020-12-11 11:27:37 +01:00
Daiki Ueno
97a26627f0 Revert the last change, tolerate the first CCS in TLS 1.3 2020-10-26 06:58:19 +01:00
Daiki Ueno
127b34cee4 Enable TLS 1.3 middlebox compatibility mode by default 2020-10-22 17:07:13 +02:00
Daiki Ueno
75733eef32 Install pk11hpke.h 2020-10-20 11:14:53 +02:00
Daiki Ueno
10e6d16241 Update to NSS 3.58 2020-10-20 09:55:08 +02:00
Daiki Ueno
29f717731a Remove upstreamed patch 2020-09-20 16:03:15 +02:00
Daiki Ueno
425faa5ecc Update to NSS 3.57 2020-09-20 16:03:10 +02:00
Daiki Ueno
2b09df37b8 Fix AArch64 build failure 2020-09-05 11:02:25 +02:00
Daiki Ueno
0f162e7ae2 Update to NSS 3.56 2020-08-24 08:49:41 +02:00
Daiki Ueno
4c54239867 Fix DBM backend disablement
Also add scriptlet to migrate old DBM databases.
2020-08-13 11:29:25 +02:00
Jeff Law
d4e86043ee Disable LTO for now 2020-08-08 13:15:55 -06:00
Daiki Ueno
661472da51 Remove unused patch 2020-08-02 07:40:16 +02:00
Daiki Ueno
08dea7d5c7 Update to NSS 3.55
Also disable DBM support as per:
https://fedoraproject.org/wiki/Changes/NSSDBMRemoval
2020-08-02 07:36:17 +02:00
Fedora Release Engineering
2d5d6d2cf7 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 06:34:08 +00:00
Fedora Release Engineering
d81f1e4f76 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 11:55:03 +00:00
Daiki Ueno
c2e2fc0161 Update to NSS 3.54 2020-07-15 11:28:22 +02:00
Daiki Ueno
208c55f1d2 Update after crypto-policies packaging change
Suggested by Tomas Mraz in:
https://bugzilla.redhat.com/show_bug.cgi?id=1848649#c7
2020-06-22 15:21:42 +02:00
Bob Relyea
965c121198 Reolves: rhbz#1843417
Cannot compile code with pk11pub.h (an nss header) with -Werror=strict-prototypes
2020-06-04 17:03:01 -07:00
Daiki Ueno
9699d7efc7 Update build procedure after removal of mkdepend 2020-06-02 08:52:10 +02:00
Daiki Ueno
3f35603021 Update to NSS 3.53 2020-06-01 08:08:02 +02:00
Bob Relyea
614f823eb3 Delay new CK_GCM_PARAMS semantics until fedora 34 unless explicitly enabled. 2020-05-13 16:02:36 -07:00
Daiki Ueno
26f93fa193 Restore nss-kremlin-ppc64le.patch 2020-05-11 18:38:26 +02:00
Daiki Ueno
047dc3ed4e Update to NSS 3.52 2020-05-11 18:21:55 +02:00
Daiki Ueno
fc0174ead1 Temporarily revert DBM disablement for kernel build failure (#1827902) 2020-04-25 17:16:02 +02:00
Daiki Ueno
3c018618ca Fix the last change 2020-04-20 15:57:28 +02:00
Daiki Ueno
65271d923d Enable conditional builds on DBM 2020-04-20 14:47:27 +02:00
Daiki Ueno
9ae0f0b9e1 Update to NSS 3.51.1
Also disable building DBM backend
2020-04-20 14:24:47 +02:00
Daiki Ueno
2b122e4485 Update to NSS 3.51 2020-04-07 11:18:10 +02:00
Tom Stellard
507a1cebf0 Use __make macro to invoke make
Using the %__make macro makes it possible for an alternative buildroot
to inject its own flags into the make invocation.  This makes it easier
to do trial rebuilds of fedora using different compilers or different
compiler flags.
2020-03-27 15:39:49 +00:00
Daiki Ueno
7f30e21d0f Apply CMAC fixes from upstream 2020-03-05 09:57:34 +01:00
Daiki Ueno
f512836b78 Fix build on ppc64le, due to bundled kremlin source 2020-02-17 14:30:50 +01:00
Daiki Ueno
58ca69fcaf Update to NSS 3.50 2020-02-17 13:46:37 +01:00
Daiki Ueno
bd89f2ce5c Fix build with gcc 10 2020-02-14 14:28:21 +01:00
Daiki Ueno
9e1e74ca17 Ignore false-positive compiler warnings with gcc 10 2020-02-14 12:07:57 +01:00
Daiki Ueno
656c979c95 Suppress compiler warning (treated as fatal) in libpkix 2020-02-14 10:48:31 +01:00
Fedora Release Engineering
0b17c92d39 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 19:15:25 +00:00
Daiki Ueno
3c27dc2471 Revert "pass %{_smp_mflags} to make to speed up the build"
This reverts commit 6e689ce0cb.

This still has a race condition and causes the build fail.
2020-01-27 11:07:50 +01:00
Daiki Ueno
36505c331d Update to NSS 3.49.2 2020-01-27 10:24:30 +01:00
Kamil Dudka
6e689ce0cb pass %{_smp_mflags} to make to speed up the build
I tried an uncached build of nss on Fedora 30 VM with 8 CPU cores
and the build time was reduced with this patch from 540 s to 250 s
of wall-clock time.
2020-01-24 11:17:23 +01:00
Daiki Ueno
703a4f9a95 Remove leftover debug command in %build 2020-01-11 09:02:36 +01:00