- Wed Jul 29 2015 Elio Maldonado <emaldona@redhat.com> - 3.19.1-1
- Rebase nss to 3.19.1
- Pick up upstream fix for client auth. regression caused by 3.19.1
- Revert upstream change to minimum key sizes
- Remove patches that rendered obsolote by the rebase
- Update existing patches on account of the rebase - Tue Jul 28 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-7
- Pick up upstream patch from nss-3.19.1
- Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
- Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) - Tue Apr 28 2015 Kai Engert <kaie@redhat.com> - 3.18.0-6
- On RHEL 6.x keep the TLS version defaults unchanged.
- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1) - Sat Apr 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-5
- Copy PayPalICA.cert and PayPalRootCA.cert to nss/tests/libpkix/certs
- Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Sat Apr 18 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-4
- Update and reeneable nss-646045.patch on account of the rebase
- Enable additional ssl test cycles and document why some aren't enabled
- Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Mon Apr 13 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-3
- Fix shell syntax error on nss/tests/all.sh
- Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Fri Apr 10 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-2
- Replace expired PayPal test certificate that breaks the build
- Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Fri Mar 27 2015 Elio Maldonado <emaldona@redhat.com> - 3.18.0-1
- Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11]
- Thu Nov 13 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-5
- Resolves: Bug 1158159 - Upgrade to NSS 3.16.2.3 for Firefox 31.3
- Thu Sep 25 2014 Kai Engert <kaie@redhat.com> - 3.16.1-4
- Adjust softokn patch to be compatible with legacy softokn API.
- Resolves: Bug 1145430 - CVE-2014-1568 - Wed Sep 24 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-3
- Add patches published with NSS 3.16.2.1
- Resolves: Bug 1145430 - CVE-2014-1568 - Mon Jun 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-2
- Backport nss-3.12.6 upstream fix required by Firefox 31 ESR
- Resolves: Bug 1110860 - Tue Jun 24 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-1
- Rebase to nss-3.16.1 for FF31
- Resolves: Bug 1110860 - Rebase nss in RHEL 5.11 to NSS 3.16.1, required for FF 31 - Tue Apr 29 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.3-6
- Remove unused and obsolete patches
- Related: Bug 1032468 - Thu Mar 27 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.3-5
- Improve shell code for error detection on %check section
- Resolves: Bug 1035281 - Suboptimal shell code in nss.spec - Fri Dec 13 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-4
- Revoke trust in one mis-issued anssi certificate
- Resolves: Bug 1042684 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Mon Dec 9 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-3
- Pick up corrections made in the rhel-10.Z branch, remove an unused patch
- Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.11] - Fri Nov 22 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-2
- Remove unused patch and retag for update to nss-3.15.3
- Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.11] - Fri Nov 22 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-1
- Update to nss-3.15.3
- Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.11] - Fri Nov 22 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-2
- Remove unused patches
- Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Tue Nov 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-1
- Rebase to nss-3.15.1
- Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x)
- Resolves: rhbz#1015864 - [Regression] NSS no longer trusts MD5 certificates
- Split %check section tests in two: freebl/softoken and rest of nss tests
- Adjust various patches and spec file steps on account of the rebase
- Add various patches and remove obsoleted ones on account of the rebase
- Renumber patches so freeb/softoken ones match the corresponding ones in rhel-6 nss-softokn - Thu Aug 1 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-18
- Make the freebl sources identical to the corresponding ones for rhel-6.5
- Related: rhbz#987131 - Sun Jul 28 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-16
- Adjust the patches to complete the syncup with upstrean nss
- Use NSS_DISABLE_HW_GCM on the patch as we do on the spec file
- Ensure softoken/freebl code is the same on nss side as on the softoken side
- Related: rhbz#987131 - Sun Jul 28 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-16
- Add disable_hw_gcm.patch and in the spec file export NSS_DISABLE_HW_GCM=1
- Disable HW GCM on RHEL-5 as the older kernel lacks support for it
- Related: rhbz#987131 - Thu Jul 25 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-15
- Related: rhbz#987131 - Display cpuifo as part of the tests
- Wed Jul 24 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-14
- Resolves: rhbz#987131 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released
- Fri Jul 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-13
- Roll back to 79c87e69caa7454cbcf5f8161a628c538ff3cab3
- Peviously added patch hasn't solved the sporadic core dumps
- Related: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Fri Jul 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-12
- Resolves: rhbz#983766 - nssutil_ReadSecmodDB leaks memory
- Add patch to get rid of sporadic blapitest core dumps - Thu Jun 20 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-11
- Restore 'export NO_FORK_CHECK=1' required for binary compatibility on RHEL-5
- Remove an unused patch
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 - Tue Jun 18 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-10
- Resolves: rhbz#807419 - nss-tools certutil -H does not list all options
- Thu May 23 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-9
- Apply upstream fixes for ecc enabling and aes gcm
- Rename two macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream
- Apply several upstream AES GCM fixes
- Resolves: rhbz#960241 - Enable ECC in nss and freebl
- Resolves: rhbz#918948 - [RFE][RHEL5] - Tue May 21 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-8
- Enable ECC support limited to suite b
- Export NSS_ENABLE_ECC=1 in the %check section to properly test ecc
- Resolves: rhbz#960241 - Enable ECC in nss and freebl - Tue May 14 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-7
- Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Thu May 9 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-6
- Remove obsolete nss-nochktest.patch
- Related: rhbz#960241 - Enable ECC in nss and freebl - Mon May 6 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-5
- Enable ECC by using the unstripped sources
- Resolves: rhbz#960241 - Enable ECC in nss and freebl - Tue Apr 23 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-4
- Fix rpmdiff test reported failures and remove other unwanted changes
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 22 2013 Elio Maldonado - 3.14.3-3
- Update to NSS_3_14_3_RTM
- Rework the rebase to preserve needed idiosynchracies
- Ensure we install frebl/softoken from the extra build tree
- Don't include freebl static library or its private headers
- Add patch to deal with system sqlite not being recent enough
- Don't install nss-sysinit nor sharedb
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 1 2013 Elio Maldonado - 3.14.3-2
- Restore the freebl-softoken source tar ball updated to 3.14.3
- Renumbering of some sources for clarity
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Sat Mar 30 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1
- Update to NSS_3_14_3_RTM
- Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Thu Jan 10 2013 Elio Maldonado <emaldona@redhat.com> - 3.13.6-2
- Resolves: rhbz#891150 - Dis-trust TURKTRUST mis-issued *.google.com certificate
- Tue Jan 8 2013 Elio Maldonado <emaldona@redhat.com> - 3.13.6-1
- Update to NSS_3_13_6_RTM
- Resolves: rhbz#883788 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 - Fri Aug 17 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-8
- Resolves: rhbz#820684
- Fix last entry in attrFlagsArray to be {NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE} - Tue Jul 24 2012 Robert Relyea <rrelyea@redhat.com> - 3.13.5-7
- Resolves: rhbz#820684
- Enable certutil handle user supplied flags for PKCS #11 attributes.
- This will enable certutil to generate keys in fussy hardware tokens. - Tue Jul 24 2012 Kai Engert <kaie@redhat.com> - 3.13.5-6
- fix an error in the patch meta-information area (no code change)
- Sat Jul 14 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-5
- Related: rhbz#830304 - Fix ia64 / i386 multilib nss install failure
- Remove no longer needed %pre and %preun scriplets meant for nss updates from RHEL-5.0 - Wed Jul 11 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-4
- Related: rhbz#830304 - Fix the changes to the %post line
- Having multiple commands requires that /sbin/lconfig be the beginning of the scriptlet - Wed Jul 11 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-3
- Resolves: rhbz#830304 - Fix multilib and scriptlet problems
- Fix %post and %postun lines per packaging guildelines
- Add %{?_isa} to tools Requires: per packaging guidelines
- Fix explicit-lib-dependency zlib error reported by rpmlint - Thu Jun 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-2
- Resolves: rhbz#830304 - Remove unwanted change to nss.pc.in
- Tue Jun 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-1
- Update to NSS_3_13_5_RTM
- Resolves: rhbz#830304 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 - Tue Feb 28 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-4
- Resolves: rhbz#797939 - Protect NSS_Shutdown from clients that fail to initialize nss
- Thu Feb 9 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-3
- Resolves: Bug 788039 - retagging to prevent update problems
- Wed Feb 8 2012 Elio Maldonado <emaldona@redhat.com> 3.13.1-1
- Resolves: Bug 788039 - rebase nss to make firefox 10 LTS rebase possible
- Update to 4.8.9 - Tue Jan 17 2012 Elio Maldonado Batiz <emaldona@redhat.com> - 3.12.10-9
- Resolves: Bug 713373 - File descriptor leak after service httpd reload
- Don't initialize nss if already initialized or if there are no dbs - Fri Jan 13 2012 Elio Maldonado Batiz <emaldona@redhat.com> - 3.12.10-8
- Retagging for a Y-stream version higher than the RHEL-5-7-Z branch
- Wed Jan 11 2012 Elio Maldonado Batiz <emaldona@redhat.com> - 3.12.10-7
- Retagging to keep the n-v-r as high as that for the RHEL-5-7-Z branch
- Tue Nov 8 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-6
- Update builtins certs to those from NSSCKBI_1_88_RTM
- Sat Oct 1 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-5
- Plug file descriptor leaks on httpd reloads
- Fri Sep 2 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-4
- Update builtins certs to those from NSSCKBI_1_87_RTM
- Wed Aug 31 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-3
- Update builtins certs to those from NSSCKBI_1_86_RTM
- Tue Aug 30 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-2
- Update builtins certs to NSSCKBI_1_85_RTM
- Thu Jul 14 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-1
- Update to 3.12.10
- Fri Jun 3 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.8-4
- Fix libcrmf hard-coded maximum size for wrapped private keys
- Thu Mar 24 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.8-3
- Update builtin certs to NSS_3.12.9_WITH_CKBI_1_82_RTM via a patch
- Wed Mar 23 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.8-2
- Update builtin certs to those from NSS_3.12.9_WITH_CKBI_1_82_RTM
- Fri Oct 1 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-1
- Update to 3.12.8
- Fri Aug 27 2010 Kai Engert <kengert@redhat.com> - 3.12.7-2
- fix dependencies, undo previous change
- Thu Aug 26 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-1
- Update to 3.12.7
- Thu Apr 29 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-2
- Enable client applications to build with -Wstrict-prototypes
- Thu Mar 4 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-1
- Update to 3.12.6
- Tue Feb 23 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5.99-1
- Update to NSS_3_12_6_RC1
- Mon Dec 7 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-1.el5_3.3
- CVE-2009-3555 MITM attacks via session renegotiation (bug 54357)
- Fri Jun 12 2009 Kai Engert <kengert@redhat.com> - 3.12.3.99.3-1.el5_3.2
- adjust ssl cipher count constant (bug 505650)
- create z-stream version - Thu Jun 4 2009 Kai Engert <kengert@redhat.com> - 3.12.3.99.3-1
- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75
- Wed May 20 2009 Kai Engert <kengert@redhat.com> - 3.12.3-5
- updated patch to seckey
- Thu May 14 2009 Kai Engert <kengert@redhat.com> - 3.12.3-4
- add a patch to seckey
- Wed May 13 2009 Kai Engert <kengert@redhat.com> - 3.12.3-3
- remove references to SEED
- Wed Apr 15 2009 Kai Engert <kengert@redhat.com> - 3.12.3-2
- update to NSS 3.12.3
- Fri Jan 23 2009 Kai Engert <kengert@redhat.com> - 3.12.2.0-4
- exclude binary db files from change detection
- Fri Jan 23 2009 Kai Engert <kengert@redhat.com> - 3.12.2.0-3
- Update to NSS_3_12_2_WITH_CKBI_1_73_RTM
- Add dependency to pkgconfig to devel package (bug456849) - Wed Dec 10 2008 Kai Engert <kengert@redhat.com> - 3.12.2.0-2
- Update to NSS_3_12_2_RC1
- Use system zlib - Thu Nov 6 2008 Kai Engert <kengert@redhat.com> - 3.12.1.1-3
- Update to NSS_3_12_1_WITH_CKBI_1_72_RTM
- Fri Sep 5 2008 Kai Engert <kengert@redhat.com> - 3.12.1.1-1
- Update to NSS_3_12_1_RC2
- Thu Sep 4 2008 Kai Engert <kengert@redhat.com> - 3.12.1.0-1
- Update to NSS_3_12_1_RC1
- Fri Jun 13 2008 Kai Engert <kengert@redhat.com> - 3.12.0.3-1
- Update to NSS_3_12_RC4
- Enable loading of external ECC modules
- Include upstream fix for a deadlock in the certutil tool, bug 447431 - Tue Apr 1 2008 Kai Engert <kengert@redhat.com> - 3.11.99.5-2
- Include additional tools, rhbz#435928
- Mon Mar 17 2008 Kai Engert <kengert@redhat.com> - 3.11.99.5-1
- Update to NSS_3_12_BETA3
- Fri Feb 22 2008 Kai Engert <kengert@redhat.com> - 3.11.99.4-1
- NSS 3.12 Beta 2
- Fri Jan 25 2008 Kai Engert <kengert@redhat.com> - 3.11.99.3-1
- NSS 3.12 Beta 1
- Thu Jan 17 2008 Kai Engert <kengert@redhat.com> - 3.11.99.2b-1
- Upgrade to NSS 3.12 Alpha 2b
- Fri Aug 3 2007 Kai Engert <kengert@redhat.com> - 3.11.7-1.3
- No longer use immutable file system attributes, rhbz#237350
- Wed Jul 11 2007 Kai Engert <kengert@redhat.com> - 3.11.7-1.2
- Ensure the fix for rhbz#212077 really gets built.
- Wed Jun 27 2007 Kai Engert <kengert@redhat.com> - 3.11.7-1.1
- Fix rhbz#212077, use a workaround to avoid Mozilla.org bug 51429
- Remove link time dependency on libsoftokn3
- Update to 3.11.7, but freebl/softokn remain at 3.11.5 - Wed Apr 18 2007 Kai Engert <kengert@redhat.com> - 3.11.5-4
- Apply upstream patch for mozilla.org bug 51429 in order to
fix an issue with smartcard login (rhbz#212077). - Mon Mar 5 2007 Kai Engert <kengert@redhat.com> - 3.11.5-3
- Prevent .chk files from being modified by prelink and rpm building
by generating chk files at install time and setting immutable
filesystem attribute (230546, 231367). - Wed Jan 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-1
- Update to 3.11.5
- Thu Jan 11 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-5
- handle the case where a smartcard is reset between the time the nss
prompts for the password and the user enters it. - Tue Jan 9 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-4
- cleanout dead code
- Wed Dec 20 2006 Bob Relyea <rrelyea@redhat.com> - 3.11.4-3
- disable ECC
- Thu Nov 30 2006 Kai Engert <kengert@redhat.com> - 3.11.4-2
- rebuild
- Tue Nov 28 2006 Kai Engert <kengert@redhat.com> - 3.11.4-1
- Update to 3.11.4
- Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-2
- Revert the attempt to require latest NSPR, as it is not yet available
in the build infrastructure. - Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-1
- Update to 3.11.3
- Thu Aug 3 2006 Kai Engert <kengert@redhat.com> - 3.11.2-2
- Add /etc/pki/nssdb
- Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.11.2-1.1
- rebuild
- Fri Jun 30 2006 Kai Engert <kengert@redhat.com> - 3.11.2-1
- Update to 3.11.2
- Enable executable bit on shared libs, also fixes debug info. - Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 3.11.1-2
- Enable Elliptic Curve Cryptography (ECC)
- Fri May 26 2006 Kai Engert <kengert@redhat.com> - 3.11.1-1
- Update to 3.11.1
- Include upstream patch to limit curves - Wed Feb 15 2006 Kai Engert <kengert@redhat.com> - 3.11-4
- add --noexecstack when compiling assembler on x86_64
- Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.2
- bump again for double-long bug on ppc(64)
- Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
- Thu Jan 19 2006 Ray Strode <rstrode@redhat.com> 3.11-3
- rebuild
- Fri Dec 16 2005 Christopher Aillon <caillon@redhat.com> 3.11-2
- Update file list for the devel packages
- Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-1
- Update to 3.11
- Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs.2
- Add patch to allow building on ppc*
- Update the pkgconfig file to Require nspr - Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs
- Initial import into Fedora Core, based on a CVS snapshot of
the NSS_3_11_RTM tag
- Fix up the pkcs11-devel subpackage to contain the proper headers
- Build with RPM_OPT_FLAGS
- No need to have rpath of /usr/lib in the pc file - Thu Dec 15 2005 Kai Engert <kengert@redhat.com>
- Adressed review comments by Wan-Teh Chang, Bob Relyea,
Christopher Aillon. - Sat Jul 9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1
- Initial build