Age | Commit message (Collapse) | Author | Files | Lines |
|
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html
|
|
A comment in RNG_RandomUpdate() (drdbg.c) says to add the
-DNS_PTR_LE_32=1 flag on ILP32 platforms.
Without this PR, pkgsCross.mips64el-linux-gnuabin32.nss fails to
build. With this PR, it succeeds.
|
|
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/NqCkaX216zY/m/QAUPTaBWCgAJ
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_85.rst
|
|
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/dbVxfMyXEyE
|
|
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/uV-FYp6SUr8/m/M5TvBj0eAQAJ
|
|
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_83.rst
|
|
The 3.68.4 release was the last of the 3.68 ESR series and 3.79 is the
new ESR series.
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79_1.html
|
|
|
|
It's usefulness is not clear to us maintainers.
|
|
The patch url went 404 and other distros¹ have discarded it as well in
favor of packaging nss-pem²
[1] https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/nss?id=5eca3e02c87163b3c541cdee893830d201abfb86
[2] https://github.com/kdudka/nss-pem
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_82.rst
|
|
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_81.rst
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_80.rst
|
|
This reverts commit 1c76a270d2d0331aaed02a308acb607e81e5c414.
This breaks the Firefox 91esr build, which is apparently not compatible
with this NSS version.
/build/firefox-91.10.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
Will revisit this upgrade, when we drop 91esr in favor of 102esr soon.
|
|
This ESR branch has reached EOL:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-z6f6dOWx9A/m/Bpl8VWd_FwAJ
|
|
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_79.rst
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_68_4.rst
|
|
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html
Fixes the ordering of the security load patchset to save us rebuilds.
|
|
This reverts commit 79a5b548cc48770c062a6a60503628017ea0855e.
|
|
This reverts commit eb9c616c79596c9ff43ec9e7ced46c4739a16047.
Breaks the Firefox build and needs further investigation.
In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
^
https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003
|
|
|
|
|
|
|
|
|
|
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_76.rst
|
|
|
|
|
|
|
|
Update done by running the `nss` and `cacert` update scripts, then
running nixpkgs-check to validate things look good enough to be thrown
at hydra
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nss: Set NSS_USE_64=1 for 64-bit platforms
|
|
|
|
The config script does that automatically for a few architectures [1],
but on 64-bit platforms that are not listed (like riscv64) the
freebl build fails. Debian always adds the USE_64=1 flag when
compiling on 64-bit architectures (they use legacy make instead of gyp),
and we should do that as well to fix the general problem at the cost of
a mass rebuild.
[1] https://hg.mozilla.org/projects/nss/file/0ef2306a623f8fcd90f094281678f3ee9e7e4738/coreconf/config.gypi#l212
[2] https://salsa.debian.org/mozilla-team/nss/-/blob/c446c61808a3a30bb0c6c62cc6628ede3f7bc205/debian/rules#L66
|