Recommended update for mozilla-nspr, mozilla-nss

Announcement ID: SUSE-RU-2019:2142-1
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP1
  • Basesystem Module 15
  • Server Applications Module 15-SP1
  • SUSE Linux Enterprise Desktop 15
  • SUSE Linux Enterprise Desktop 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Real Time 15 SP1
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that has one fix can now be installed.

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:

mozilla-nss was updated to NSS 3.45 (bsc#1141322) :

  • New function in pk11pub.h: PK11_FindRawCertsWithSubject
  • The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374)
  • Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078).
  • Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579)
  • Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262)
  • Add IPSEC IKE support to softoken (bmo#1546229)
  • Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616)
  • Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed.
  • Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime.

mozilla-nspr was updated to version 4.21

  • Changed prbit.h to use builtin function on aarch64.
  • Removed Gonk/B2G references.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2142=1
  • Basesystem Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2142=1
  • Server Applications Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2142=1

Package List:

  • Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
    • mozilla-nss-debugsource-3.45-3.19.1
    • libsoftokn3-hmac-3.45-3.19.1
    • mozilla-nss-tools-debuginfo-3.45-3.19.1
    • mozilla-nss-devel-3.45-3.19.1
    • libfreebl3-3.45-3.19.1
    • mozilla-nspr-4.21-3.6.1
    • mozilla-nss-tools-3.45-3.19.1
    • mozilla-nss-certs-debuginfo-3.45-3.19.1
    • mozilla-nspr-debuginfo-4.21-3.6.1
    • mozilla-nss-3.45-3.19.1
    • mozilla-nss-debuginfo-3.45-3.19.1
    • mozilla-nss-sysinit-debuginfo-3.45-3.19.1
    • libsoftokn3-3.45-3.19.1
    • mozilla-nss-sysinit-3.45-3.19.1
    • mozilla-nspr-debugsource-4.21-3.6.1
    • libfreebl3-hmac-3.45-3.19.1
    • libsoftokn3-debuginfo-3.45-3.19.1
    • mozilla-nspr-devel-4.21-3.6.1
    • mozilla-nss-certs-3.45-3.19.1
    • libfreebl3-debuginfo-3.45-3.19.1
  • Basesystem Module 15 (x86_64)
    • libfreebl3-hmac-32bit-3.45-3.19.1
    • libfreebl3-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-certs-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-certs-32bit-3.45-3.19.1
    • libsoftokn3-hmac-32bit-3.45-3.19.1
    • libsoftokn3-32bit-3.45-3.19.1
    • mozilla-nss-32bit-3.45-3.19.1
    • libfreebl3-32bit-3.45-3.19.1
    • libsoftokn3-32bit-debuginfo-3.45-3.19.1
    • mozilla-nspr-32bit-4.21-3.6.1
    • mozilla-nspr-32bit-debuginfo-4.21-3.6.1
  • Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • mozilla-nss-debugsource-3.45-3.19.1
    • mozilla-nss-tools-debuginfo-3.45-3.19.1
    • mozilla-nss-devel-3.45-3.19.1
    • libfreebl3-3.45-3.19.1
    • mozilla-nspr-4.21-3.6.1
    • mozilla-nss-tools-3.45-3.19.1
    • mozilla-nss-certs-debuginfo-3.45-3.19.1
    • mozilla-nspr-debuginfo-4.21-3.6.1
    • mozilla-nss-3.45-3.19.1
    • mozilla-nss-debuginfo-3.45-3.19.1
    • mozilla-nss-sysinit-debuginfo-3.45-3.19.1
    • libsoftokn3-3.45-3.19.1
    • mozilla-nss-sysinit-3.45-3.19.1
    • mozilla-nspr-debugsource-4.21-3.6.1
    • libsoftokn3-debuginfo-3.45-3.19.1
    • mozilla-nspr-devel-4.21-3.6.1
    • mozilla-nss-certs-3.45-3.19.1
    • libfreebl3-debuginfo-3.45-3.19.1
  • Basesystem Module 15-SP1 (x86_64)
    • libfreebl3-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-certs-32bit-debuginfo-3.45-3.19.1
    • mozilla-nss-certs-32bit-3.45-3.19.1
    • libsoftokn3-32bit-3.45-3.19.1
    • mozilla-nss-32bit-3.45-3.19.1
    • libfreebl3-32bit-3.45-3.19.1
    • libsoftokn3-32bit-debuginfo-3.45-3.19.1
    • mozilla-nspr-32bit-4.21-3.6.1
    • mozilla-nspr-32bit-debuginfo-4.21-3.6.1
  • Server Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • libfreebl3-hmac-3.45-3.19.1
    • libsoftokn3-hmac-3.45-3.19.1
    • mozilla-nss-debugsource-3.45-3.19.1
    • mozilla-nss-debuginfo-3.45-3.19.1

References: