2024-03-15 19:51:30 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.99.
Changes:
- Bug 1325335 - Removing check for message len in ed25519
- Bug 1884276 - add ed25519 to SECU_ecName2params.
- Bug 1325335 - add EdDSA wycheproof tests.
- Bug 1325335 - nss/lib layer code for EDDSA.
- Bug 1325335 - Adding EdDSA implementation.
- Bug 1881027 - Exporting Certificate Compression types
- Bug 1880857 - Updating ACVP docker to rust 1.74
- Bug 1325335 - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552
- Bug 1877730 - Add NSS_CMSRecipient_IsSupported.
|
2024-02-15 23:46:50 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.98.
Changes:
- Bug 1780432 - (CVE-2023-5388) Timing attack against RSA
decryption in TLS.
- Bug 1879513 - Certificate Compression: enabling the check
that the compression was advertised.
- Bug 1831552 - Move Windows workers to
nss-1/b-win2022-alpha.
- Bug 1879945 - Remove Email trust bit from OISTE WISeKey
Global Root GC CA.
- Bug 1877344 - Replace `distutils.spawn.find_executable`
with `shutil.which` within `mach` in `nss`.
- Bug 1548723 - Certificate Compression: Updating
nss_bogo_shim to support Certificate compression.
- Bug 1548723 - TLS Certificate Compression (RFC 8879)
Implementation.
- Bug 1875356 - Add valgrind annotations to freebl kyber
operations for constant-time execution tests.
- Bug 1870673 - Set nssckbi version number to 2.66.
- Bug 1874017 - Add Telekom Security roots.
- Bug 1873095 - Add D-Trust 2022 S/MIME roots.
- Bug 1865450 - Remove expired Security Communication RootCA1
root.
- Bug 1876179 - move keys to a slot that supports
concatenation in PK11_ConcatSymKeys.
- Bug 1876800 - remove unmaintained tls-interop tests.
- Bug 1874937 - bogo: add support for the -ipv6 and -shim-id
shim flags.
- Bug 1874937 - bogo: add support for the -curves shim flag
and update Kyber expectations.
- Bug 1874937 - bogo: adjust expectation for a key usage bit
test.
- Bug 1757758 - mozpkix: add option to ignore invalid subject
alternative names.
- Bug 1841029 - Fix selfserv not stripping `publicname:` from
-X value.
- Bug 1876390 - take ownership of ecckilla shims.
- Bug 1874458 - add valgrind annotations to freebl/ec.c.
- Bug 864039 - PR_INADDR_ANY needs PR_htonl before
assignment to inet.ip.
- Bug 1875965 - Update zlib to 1.3.1.
|
2024-01-23 01:42:19 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
nss: update to 3.97.
Changes:
- Bug 1875506 - make Xyber768d00 opt-in by policy.
- Bug 1871631 - add libssl support for xyber768d00.
- Bug 1871630 - add PK11_ConcatSymKeys.
- Bug 1775046 - add Kyber and a PKCS#11 KEM interface to softoken.
- Bug 1871152 - add a FreeBL API for Kyber.
- Bug 1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff.
- Bug 1826451 - part 1: add a script for vendoring kyber from pq-crystals repo.
- Bug 1835828 - Removing the calls to RSA Blind from loader.*
- Bug 1874111 - fix worker type for level3 mac tasks.
- Bug 1835828 - RSA Blind implementation.
- Bug 1869642 - Remove DSA selftests.
- Bug 1873296 - read KWP testvectors from JSON.
- Bug 1822450 - Backed out changeset dcb174139e4f
- Bug 1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation.
- Bug 1871219 - Wrap CC shell commands in gyp expansions.
|
2023-12-18 20:20:13 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.96.1.
There was no 3.96.0 release.
Changes:
Bug 1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh \
<https://hg.mozilla.org/projects/nss/rev/16ccde14ea6714ee0e6a602379194141578859a8>
Bug 1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups). \
<https://hg.mozilla.org/projects/nss/rev/425660da5f297d7583783eb27f877865289efc29>
Bug 1867408 - add a defensive check for large ssl_DefSend return values. \
<https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493bf>
Bug 1869378 - Add dependency to the taskcluster script for Darwin \
<https://hg.mozilla.org/projects/nss/rev/e934c6d1d4366d152e3307cb76af4c02667c9147>
Bug 1869378 - Upgrade version of the MacOS worker for the CI \
<https://hg.mozilla.org/projects/nss/rev/5463f2a14bd430fc793e29a07854dc647f61eae8>
|
2023-12-01 17:50:47 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
nss: update to 3.95
Changelog:
Changes:
- Bug 1842932 - Bump builtins version number.
- Bug 1851044: Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
- Bug 1855318: Remove 4 DigiCert (Symantec/Verisign) Root Certificates
from NSS.
- Bug 1851049: Remove 3 TrustCor Root Certificates from NSS.
- Bug 1850982 - Remove Camerfirma root certificates from NSS.
- Bug 1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
- Bug 1860670 - Add four Commscope root certificates to NSS.
- Bug 1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
- Bug 1863605 - Include P-384 and P-521 Scalar Validation from HACL*
- Bug 1861728 - Include P-256 Scalar Validation from HACL*.
- Bug 1861265 After the HACL 256 ECC patch, NSS incorrectly encodes 256
ECC without DER wrapping at the softoken level
- Bug 1837987:Add means to provide library parameters to C_Initialize
- Bug 1573097 - clang format
- Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Bug 1858241 - Typo in ssl3_AppendHandshakeNumber
- Bug 1858241 - Introducing input check of ssl3_AppendHandshakeNumber
- Bug 1573097 - Fix Invalid casts in instance.c
|
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message:
*: recursive bump for icu 74.1
|
2023-10-04 13:49:22 by Jonathan Perkin | Files touched by this commit (2) |
Log message:
nss: Fix build on SunOS.
|
2023-10-03 09:59:25 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.94.
Changes:
- Bug 1853737 - Updated code and commit ID for HACL*.
- Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS.
- Bug 1827303 - Softoken C_ calls should use system FIPS setting
to select NSC_ or FC_ variants.
- Bug 1774659 - NSS needs a database tool that can dump the low
level representation of the database.
- Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.
- Bug 1852179 - avoid implicit conversion for ByteString.
- Bug 1818766 - update rust version for acvp docker.
- Bug 1852011 - Moving the init function of the mpi_ints before
clean-up in ec.c
- Bug 1615555 - P-256 ECDH and ECDSA from HACL*.
- Bug 1840510 - Add ACVP test vectors to the repository
- Bug 1849077 - Stop relying on std::basic_string<uint8_t>.
- Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.
|
2023-08-31 00:25:20 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.93.
- Bug 1849471 - Update zlib in NSS to 1.3.
- Bug 1848183 - softoken: iterate hashUpdate calls for long inputs.
- Bug 1813401 - regenerate NameConstraints test certificates.
|
2023-07-27 17:14:02 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.92.
Changes:
- Bug 1822935 - Set nssckbi version number to 2.62.
- Bug 1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS.
- Bug 1839992 - Add 4 SSL.com Root CA certificates.
- Bug 1840429 - Add Sectigo E46 and R46 Root CA certificates.
- Bug 1840437 - Add LAWtrust Root CA2 (4096).
- Bug 1822936 - Remove E-Tugra Certification Authority root.
- Bug 1827224 - Remove Camerfirma Chambers of Commerce Root.
- Bug 1840505 - Remove Hongkong Post Root CA 1.
- Bug 1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3.
- Bug 1842937 - Avoid redefining BYTE_ORDER on hppa Linux.
|