drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Invalidierung von Zertifikaten in nss
Name: |
Invalidierung von Zertifikaten in nss |
|
ID: |
FEDORA-2013-0261 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Sa, 12. Januar 2013, 23:11 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
NSS |
|
Originalnachricht |
Name : nss Product : Fedora 16 Version : 3.14.1 Release : 3.fc16 URL : http://www.mozilla.org/projects/security/pki/nss/ Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
------------------------------------------------------------------------------- - Update Information:
Pick up NSS release that distrusts the mis-issued Turktrust intermediates Rebase pem sources to pick up two bug fixes from rhel-6.3
Remove fix for gcc 4.7 c++ issue in secmodt.h which actually undoes the upstream fix. Rebase pem sources to pick up two bug fixes from rhel-6.3
Remove fix for gcc 4.7 c++ issue in secmodt.h which actually undoes the upstream fix. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Jan 2 2013 Kai Engert <kaie@redhat.com> - 3.14.1-3 - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM * Sat Dec 22 2012 Elio Maldonado <emaldona@redhat.com> - 3.14.1-2 - Require nspr >= 4.9.4 - Fix changelog invalid dates * Mon Dec 17 2012 Elio Maldonado <emaldona@redhat.com> - 3.14.1-1 - Update to NSS_3_14_1_RTM * Wed Dec 12 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-12 - Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates * Tue Nov 27 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-11 - Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3 * Mon Nov 19 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-7 - Bug 870864 - Add support in NSS for Secure Boot * Fri Nov 9 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6 - Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time - Fix changelog release tags to match what was actually built * Mon Nov 5 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-5 - Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources * Thu Nov 1 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4 - Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources * Thu Nov 1 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3 - Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default - Update the patch to account for the new sources - Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2 - Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14 * Sat Oct 27 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-4 - Update the license to MPLv2.0 * Wed Oct 24 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-3 - Use only -f when removing unwanted headers * Tue Oct 23 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2 - Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14 * Mon Oct 22 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-1 - Update to NSS_3_14_RTM * Sun Oct 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-0.1.rc.1 - Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util * Fri Oct 5 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1 - Update to NSS_3_13_6_RTM * Mon Aug 13 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-2 - Fix pluggable ecc support * Sun Jul 1 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.5-1 - Update to NSS_3_13_5_RTM - Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1 - Selective merge from master * Fri Apr 13 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-3 - Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3 * Sun Apr 8 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2 - Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2 * Fri Apr 6 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1 - Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name * Wed Mar 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-4 - Resolves: Bug 805723 - Library needs partial RELRO support added * Fri Mar 9 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-3 - Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit * Thu Mar 8 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-2 - Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections * Thu Mar 1 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.3-1 - Update to NSS_3_13_3_RTM * Mon Jan 30 2012 Tom Callaway <spot@fedoraproject.org> - 3.13.1-13 - fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals * Thu Jan 26 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-12 - Resolves: Bug 784672 - nss should protect against being called before nss_Init * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.13.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Jan 6 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-11 - Deactivate a patch currently meant for stable branches only * Fri Jan 6 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-10 - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request * Tue Dec 13 2011 elio maldonado <emaldona@redhat.com> - 3.13.1-9 - Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed * Tue Dec 13 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-8 - Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV * Mon Dec 12 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-7 - Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl * Mon Dec 5 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-6 - Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible * Sun Dec 4 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-5 - Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support * Fri Dec 2 2011 Elio Maldonado Batiz <emaldona@redhat.com> - 3.13.1-4 - Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi * Fri Nov 4 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-2 - Fix broken dependencies by updating the nss-util and nss-softokn versions * Thu Nov 3 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-1 - Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM * Sat Oct 15 2011 Elio Maldonado <emaldona@redhat.com> - 3.13-1 - Update to NSS_3_13_RTM * Sat Oct 8 2011 Elio Maldonado <emaldona@redhat.com> - 3.13-0.1.rc0.1 - Update to NSS_3_13_RC0 * Wed Sep 14 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.11-3 - Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #891761 - Pick up NSS release that distrusts the mis-issued Turktrust intermediates https://bugzilla.redhat.com/show_bug.cgi?id=891761 [ 2 ] Bug #847462 - pem module may attempt to free an uninitialized pointer https://bugzilla.redhat.com/show_bug.cgi?id=847462 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update nss' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|