Recommended update for mozilla-nspr, mozilla-nss

SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss
Announcement ID: SUSE-RU-2019:2025-2
Rating: moderate
References: #1141322
Affected Products:
  • SUSE Enterprise Storage 5

An update that has one recommended fix can now be installed.


This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.45 (bsc#1141322):

  • New function in pk11pub.h: PK11_FindRawCertsWithSubject
  • The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374)
  • Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078).
  • Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579)
  • Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262)
  • Add IPSEC IKE support to softoken (bmo#1546229)
  • Add support for the Elbrus lcc compiler (
  • Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed.
  • Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime.

mozilla-nspr was updated to version 4.21:
  • Changed prbit.h to use builtin function on aarch64.

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Enterprise Storage 5:
    zypper in -t patch SUSE-Storage-5-2019-2025=1

Package List:

  • SUSE Enterprise Storage 5 (aarch64):
    • libfreebl3-3.45-58.31.1
    • libfreebl3-debuginfo-3.45-58.31.1
    • libfreebl3-hmac-3.45-58.31.1
    • libsoftokn3-3.45-58.31.1
    • libsoftokn3-debuginfo-3.45-58.31.1
    • libsoftokn3-hmac-3.45-58.31.1
    • mozilla-nspr-4.21-19.9.1
    • mozilla-nspr-debuginfo-4.21-19.9.1
    • mozilla-nspr-debugsource-4.21-19.9.1
    • mozilla-nss-3.45-58.31.1
    • mozilla-nss-certs-3.45-58.31.1
    • mozilla-nss-certs-debuginfo-3.45-58.31.1
    • mozilla-nss-debuginfo-3.45-58.31.1
    • mozilla-nss-debugsource-3.45-58.31.1
    • mozilla-nss-sysinit-3.45-58.31.1
    • mozilla-nss-sysinit-debuginfo-3.45-58.31.1
    • mozilla-nss-tools-3.45-58.31.1
    • mozilla-nss-tools-debuginfo-3.45-58.31.1