Commit graph

11 commits

Author SHA1 Message Date
tsutsui
0ffc65285b Update more RPMs from Suse 13.1. 2016-06-17 17:21:38 +00:00
agc
81bef80aeb Add SHA512 digests for distfiles for emulators category
Problems found with existing digests:
	Package suse131_libSDL
	1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_libdbus
	de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_qt4
	94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
	886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]

Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 20:30:54 +00:00
wiz
376c28e7fe Update RPMs from latest openSUSE 13.1 files.
From Rin Okuyama in PR 50082.
2015-07-28 08:49:14 +00:00
jperkin
fbefd000e6 Put back PKGNAME definitions. 2015-02-16 10:15:43 +00:00
obache
c6d721ccf8 Revert
define PKGNAME instead of fake DISTNAME
PKGNAME is unstable variable in current pkgsrc framework, so packages must not
rely on it.
2015-02-11 09:38:12 +00:00
obache
a3370e508c Apply following updates to suse131_mozilla-nss, bump PKGREVISION to 4.
==============================================================================
   openSUSE Security Update: MozillaFirefox to Firefox 32
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1099-1
Rating:             moderate
References:         #894201 #894370
Cross-References:   CVE-2014-1553 CVE-2014-1562 CVE-2014-1563
                    CVE-2014-1564 CVE-2014-1565 CVE-2014-1567

Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:
 ...
   Mozilla NSS was updated to 3.16.4: Notable Changes:
   * The following 1024-bit root CA certificate was restored to allow more
     time to develop a better transition strategy for affected sites. It was
     removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
     forum led to the decision to keep this root included longer in order to
     give website administrators more time to update their web servers.
       - CN = GTE CyberTrust Global Root
   * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
     Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
     intermediate CA certificate has been included, without explicit trust.
     The intention is to mitigate the effects of the previous removal of the
     1024-bit Entrust.net root certificate, because many public Internet
     sites still use the "USERTrust Legacy Secure Server CA" intermediate
     certificate that is signed by the 1024-bit Entrust.net root certificate.
     The inclusion of the intermediate certificate is a temporary measure to
     allow those sites to function, by allowing them to find a trust path to
     another 2048-bit root CA certificate. The temporarily included
     intermediate certificate expires November 1, 2015.

==============================================================================
   openSUSE Security Update: mozilla-nss: update to avoid signature forgery
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1232-1
Rating:             critical
References:         #897890
Cross-References:   CVE-2014-1568
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   Mozilla NSS is vulnerable to a variant of a signature forgery attack
   previously published by Daniel Bleichenbacher. This is due to lenient
   parsing of ASN.1 values involved in a signature and could lead to the
   forging of RSA certificates.

==============================================================================
   openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1345-1
Rating:             moderate
References:         #894370 #896624 #897890 #900941 #901213
Cross-References:   CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
                    CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
                    CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
                    CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
                    CVE-2014-1586
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:
 ...
   Changes in mozilla-nss:
   - update to 3.17.1 (bnc#897890)
     * Change library's signature algorithm default to SHA256
     * Add support for draft-ietf-tls-downgrade-scsv
     * Add clang-cl support to the NSS build system
     * Implement TLS 1.3:
       * Part 1. Negotiate TLS 1.3
       * Part 2. Remove deprecated cipher suites andcompression.
     * Add support for little-endian powerpc64

   - update to 3.17
     * required for Firefox 33 New functionality:
     * When using ECDHE, the TLS server code may be configured to generate a
       fresh ephemeral ECDH key for each handshake, by setting the
       SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
       SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the
       server's ephemeral ECDH key is reused for multiple handshakes. This
       option does not affect the TLS client code, which always generates a
       fresh ephemeral ECDH key for each handshake. New Macros
     * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes:
     * The manual pages for the certutil and pp tools have been updated to
       document the new parameters that had been added in NSS 3.16.2.
     * On Windows, the new build variable USE_STATIC_RTL can be used to
       specify the static C runtime library should be used. By default the
       dynamic C runtime library is used.
2014-11-03 08:28:08 +00:00
obache
4a631931c8 define PKGNAME instead of fake DISTNAME. 2014-09-07 12:26:39 +00:00
obache
23ad858670 Appy openSUSE-SU-2014:0939-1, fixes CVE-2014-1544.
Bump PKGREVISION.
2014-08-01 09:28:47 +00:00
obache
f9f8b72048 Apply Security Update: openSUSE-SU-2014:0599-1
update for MozillaFirefox

Description:

   This is also a mozilla-nss update to version 3.16:
   * required for Firefox 29
   * bmo#903885 - (CVE-2014-1492) In a wildcard certificate,
   the wildcard character should not be embedded within
   the U-label of an internationalized domain name. See
   the last bullet point in RFC 6125, Section 7.2.
   * Supports the Linux x32 ABI. To build for the Linux x32
   target, set the environment variable USE_X32=1 when
   building NSS. New Functions:
   * NSS_CMSSignerInfo_Verify New Macros
   * TLS_RSA_WITH_RC4_128_SHA,
   TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that
   were first defined in SSL 3.0 can now be referred to
   with their official IANA names in TLS, with the TLS_
   prefix. Previously, they had to be referred to with
   their names in SSL 3.0, with the SSL_ prefix. Notable
   Changes:
   * ECC is enabled by default. It is no longer necessary to
   set the environment variable NSS_ENABLE_ECC=1 when
   building NSS. To disable ECC, set the environment
   variable NSS_DISABLE_ECC=1 when building NSS.
   * libpkix should not include the common name of CA as DNS
   names when evaluating name constraints.
   * AESKeyWrap_Decrypt should not return SECSuccess for
   invalid keys.
   * Fix a memory corruption in sec_pkcs12_new_asafe.
   * If the NSS_SDB_USE_CACHE environment variable is set,
   skip the runtime test sdb_measureAccess.
   * The built-in roots module has been updated to version
   1.97, which adds, removes, and distrusts several
   certificates.
   * The atob utility has been improved to automatically
   ignore lines of text that aren't in base64 format.
   * The certutil utility has been improved to support
   creation of version 1 and version 2 certificates, in
   addition to the existing version 3 support.

Bump PKGREVISION.
2014-05-03 02:19:27 +00:00
obache
58c0e806da Update suse131_mozilla-nss RPM to 3.15.5-16.1 from openSUSE-SU-2014:0448-1.
Changes in mozilla-nss:
   - update to 3.15.5
   * required for Firefox 28
   * export FREEBL_LOWHASH to get the correct default
   headers (bnc#865539) New functionality
   * Added support for the TLS application layer protocol
   negotiation (ALPN) extension. Two SSL socket options,
   SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to
   control whether NPN or ALPN (or both) should be used
   for application layer protocol negotiation.
   * Added the TLS padding extension. The extension type
   value is 35655, which may change when an official
   extension type value is assigned by IANA. NSS
   automatically adds the padding extension to ClientHello
   when necessary.
   * Added a new macro CERT_LIST_TAIL, defined in certt.h,
   for getting the tail of a CERTCertList. Notable Changes
   * bmo#950129: Improve the OCSP fetching policy when
   verifying OCSP responses
   * bmo#949060: Validate the iov input argument (an array
   of PRIOVec structures) of ssl_WriteV (called via
   PR_Writev). Applications should still take care when
   converting struct iov to PRIOVec because the iov_len
   members of the two structures have different types
   (size_t vs. int). size_t is unsigned and may be larger
   than int.

Bump PKGREVISION.
2014-04-04 10:08:21 +00:00
obache
b4454b4f6d Added suse131_mozilla-{nspr,nss} package to support nspr and nss linux module.
Tyey are in base package for suse121.
2013-12-12 02:34:28 +00:00