SUSE-CU-2024:3334-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Aug 1 07:14:11 UTC 2024
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3334-1
Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-25.20
Container Release : 25.20
Severity : important
Type : security
References : 1214980 1218640 1222804 1222807 1222811 1222813 1222814 1222821
1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113
1224115 1224116 1224118 1227298 1227918 1228046 1228047 1228048
1228051 1228052 1228322 916845 CVE-2013-4235 CVE-2023-5388 CVE-2024-21131
CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:2296-1
Released: Thu Jul 4 06:29:20 2024
Summary: Feature update for jakarta-inject
Type: feature
Severity: moderate
References:
This update for jakarta-inject fixes the following issues:
- New pacakge implementation at version 2.0.1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2628-1
Released: Tue Jul 30 09:09:07 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.12+7 (July 2024 CPU):
- CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
- CVE-2024-21138: Fixed an infinite loop due to excessive symbol
length (bsc#1228047).
- CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check
Elimination (bsc#1228048).
- CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
(bsc#1228052).
- CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
(bsc#1228051).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2642-1
Released: Tue Jul 30 10:03:52 2024
Summary: Recommended update for Java
Type: recommended
Severity: moderate
References:
This update for Java fixes the following issues:
maven-shared-utils was updated to version 3.4.2:
- Changes in version 3.4.2:
* New features and improvements:
+ Made Commandline.addSystemEnvironment public and deprecated
+ Deprecated IsEmpty/IsNotEmpty methods
+ Deprecated newXmlWriter
+ Deprecated redundant isEmptyString method
+ Deprecated join methods now available in Java 8 String class
+ FileUtils: avoid getCanonicalPath()
+ Added build() method and document toString() method
+ Optionally inherit system environment variables by Commandline
+ Dropped plexus container default
* Bugs Fixed:
+ Removed trim parameter
+ Fixed blocking in StreamFeeder
+ Ignore MessageUtilsTest methods on unsupported platforms
+ Make copyFile succeed with source file having lastModified() = 0
+ XmlWriterUtil platform independent and consistent
+ Poll data from input stream
plexus-io was updated to version 3.2.0 to 3.4.2:
- New features and improvements:
* Drop legacy and make components pure JSR330
* Restore speed improvements
* Plexus IO build is now reproducible
* Various speed improvements
* Plexus IO now requires Java 8
- Dependency updates:
* Update sisu.inject to 0.9.0.M2
* Bumped guice from 5.1.0 to 6.0.0
* Bumped commons-io:commons-io from 2.11.0 to 2.15.1
* Bumped plexus-utils from 3.5.0 to 4.0.0
* Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0
- Bugs fixed:
* Fix symbolic link are being resolved into absolute path
* Fix symbolic links to directories are not recognized as
directories
* Fix issue related to symbolic link tests issue
plexus-interpolation was updated to version 1.27.0:
- New features and improvements:
* Added support for PPC64LE
* Added dependabot and release drafter configuration
* Moved to Junit5
- Dependency updates:
* Bumped plexus from 7 to 16
* Bumped maven-bundle-plugin from 3.0.1 to 5.1.9
plexus-cli was updated to version 1.7:
- Changes:
* Bumped plexus-components from 6.5 to 10.0
* Bumped checkstyle from 9.2 to 9.2.1
* Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1
* Bumped checkstyle from 9.2.1 to 9.3
* Bumped commons-cli from 1.0 to 1.5.0
* Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0
* Bumped maven-shared-resources from 4 to 5
* Bumped apache/maven-gh-actions-shared from 1 to 3
* Updated to Parent pom 15
* Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0
* Reuse plexus-pom action for CI
* Bumped org.codehaus.plexus:plexus from 15 to 16
* Replace plexus-container-default with Sisu Plexus
* Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0
plexus-cipher was updated to version 2.1.0:
- Changes:
* Switched to java.util.Base64
* Moved code to Java 8
* Fixed insecure cryptography in PBECipher.java
* Enabled missed decryption test and adjust to new algorithm
plexus-archiver was updated to version 4.9.2:
- New features and improvements:
* Allow copy all files without timestamp checking by DirectoryArchiver
* Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet
* Various dependencies were upgraded
plexus-interactivity was updated to version 1.3:
- New features and improvements:
+ Ensure prompter does not double colon
+ Java 8 as mininum
+ Moved off plexus
- Other changes:
* The class previously in plexus-interactivity-jdom artifact is
folded into the main plexus-interactivity-api.
maven-shared-incremental:
- `sisu-plexus` is now used instead of the old `plexus-component-api`
- Removed unnecessary dependency on xmvn tools and parent pom
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2647-1
Released: Tue Jul 30 10:44:44 2024
Summary: Recommended update for Java
Type: recommended
Severity: moderate
References:
This update for Java fixes the following issues:
antinject was updated to version 1.0.5:
- Don't distribute as jakarta.inject:jakarta-inject-api artifact
to prevent conflicts with the version 2.x that actually has
classes in jakarta.inject namespace and thus is incompatible
- Switched to sources in https://github.com/jakartaee/inject/
- Changes in version 1.0.5:
* This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module.
This is a multi-release jar
- Changes in version 1.0.4:
* This is a 1.0.4 service release with a multi-release jar that adds the module-info class to
META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the
javax.inject module.
- Changes in version 1.0.3:
* This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.*
packages.
* It adds the Automatic-Module-Name=java.inject to the api jar manifest.
- Changes in version 1.0.2:
* Set Automatic-Module-Name to java.inject
* Added OSGi bundle headers
- Changes in version 1.0.1:
* Added Automatic-Module-Name of jakarta.inject
- Changes in version 1.0:
* First Injection API release for Jakarta EE
cdi-api:
- Use the javax.inject artifact
google-guice was updated to version 6.0.0:
- Changes in version 6.0.0:
* JEE Jakarta Transition:
+ Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec
(after the javax -> jakarta JEE transition).
Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support
the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0
that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject
or com.google.inject Providers.
+ The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces
respectively.
+ Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing
javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is
passed to bind(..).toProvider.
* Guice Core:
+ Adds jakarta.inject support.
+ Support Java 21 (via updating ASM to 9.5 and other changes).
+ Improve AOP support on JVMs such as Azul.
+ Fix a deadlock or crash associated with recursively loading just-in-time bindings.
+ Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources.
+ Fix an endloop loop (that can OOM) in singleton lock cycle detection.
+ Fix tests to pass on Windows, despite the different line separator.
+ Improvements to OSGi metadata.
+ Mark the JSR305 dependency as optional (since it's not required at runtime).
+ Fix Binder.requestInjection(TypeLiteral<T>, T) to use the TypeLiteral.
+ Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation
+ Add a way to tell if a class is 'enhanced' by Guice, and retrieve the original class.
+ Ensure the order of bind(...) statements does not matter when referring to JIT bindings.
+ Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass
isn't required.
+ Mark the error_prone_annotations dependency as optional.
* Servlet:
+ Fix an NPE if contextPath is null
* Persist:
+ Persist had a number of changes, some of which are backwards incompatible.
Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks).
Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets
setAutoBeginWorkOnEntityManagerCreation to true.
+ EntityManager provisioning no longer automatically starts an unit of work.
+ Ignore multiple start/stop calls, rather than throwing an exception.
+ Support manually initiated rollbacks.
+ Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions.
gradle-bootstrap:
- Package rebuilt to account for the new jakarta-inject dependency
gradle:
- Fixed build with jakarta-inject, which was introduced as a new google-guice dependency
maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire:
- Use plexus-metadata-generator executable directly to simplify build classpath
maven-javadoc-plugin:
- Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there
is no plexus @Component annotation any more
modello:
- Added dependency on jakarta-inject, needed by google-guice 6.0.0
plexus-component-metadata and plexus-containers were updated to version 2.2.0:
- Added dependency on plexus-xml where relevant
* This will be needed for smooth upgrade to plexus-utils 4.0.0
- Changes in version 2.2.0:
* Improved documentation to switch to Sisu
* Cleaned up poms after parent upgrade
* Improved plexus-component metadata - removed dependency to
plexus-container-default
* Added deprecation information to Plexus components
* Require Java 8
* Dropped plexus-container-default artefact
* Require Maven 3.6.3+
* Switched to Junit5
* Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2
- Changes in version 2.1.1:
* Last version before deprecation
* Requires Java 7 and Maven 3.2.5+
* Upgraded ASM to 9.2
* Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1
plexus-utils was updated to version 4.0.0:
- Changes in version 4.0.0:
* Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have
been extracted to a separate plexus-xml: if you need them, just use this new artifact\
* Other changes:
+ Fixed false difference detected with
CachingOutputStream/CachingWriter when streams are flushed
+ Dependency updates
+ Switched to Junit 5
plexus-xml was update to version 3.0.1:
- Changes in version 3.0.1:
* Bugs fixed:
+ Allow nulls for write elements in MXSerializer
+ Removed special chars from xml output
* Dependency updates:
+ Bumped org.codehaus.plexus:plexus from 17 to 18
+ Bumped release-drafter/release-drafter from 5 to 6
+ Bumped parent to 17 and updates
* Maintenance:
+ Switched to Junit 5
+ Switched to shared gh actions setup from master branch
sbt:
- Require the new plexus-xml package to fix build
sisu was updated to version 0.9.0.M3:
- Provide plexus-containers-container-default for easier update
- Add dependency on plexus-xml where relevant
- Changes of sisu version 0.9.0.M3:
* Annotated new method
* Updated workflow to run on Java 21
* Build with final Java 21 on GitHub
* Switched to JUnit5
* Disabled annotation processor by default
* Do not silently fail in case of class scanning exceptions
* Updated to ASM 9.7
* Updated CONTRIBUTING.md
* Aligned Plexus ASM version
* Renamed release profile
* Fixed Jacoco coverage repots in Sonar
* Added a method to allow LifecycleManager to free keys
* Licence change: From EPL1 to EPL2
* Updated documentation for exposed core extensions, fix anchors
* Trigger Sonarcloud analysis from GHA
- Changes of sisu version 0.9.0.M2:
* Fixed SpaceScanner to use latest ASM API version
* 3.7 is not an officially supported version therefore specify3.8 instead
* Provide script to help upgrade embedded copy of ASM
* ASM_9_4
* Require Java 8
* Sisu specific PreConstruct/PreDestroy annotations
* Updated build plugins
* ASM 9.5
* Aligned to latest Maven plugins
* Moved release elements from oss-parent to local project
* Create a 'no_asm' jar at release time which doesn't embed ASM
- Changes of sisu.inject version 9.0.M1:
* Fixed CDI related issues
* Build with Eclipse/Tycho 2.5.0 and Java 11
* Raise problem reporting logs to DEBUG, fixes #36
* Upgraded internal copy of ASM to 9.2
* Implemented PathTypeConverter
* Added JUnit 5 annotations to InjectedTest setUp/tearDown
* Fixed static parameters binding lookup
* Run injection tests against multiple versions of Guice
* Support using @priority on Providers
* Use read lock when subscribing to publishers…
* Cache binding lookups for single bean providers
* Use AtomicReferenceFieldUpdater as it works better for large numbers of instances
* Enabled Java CI workflow
* Enabled CodeQL analysis
* Replaced potentially-expensive regex with simple tokenizer
* Allow Main to boot with extra bindings
* Re-enabled various resource-related unit tests
* Reworked globber pattern strategy to avoid use of regex
* Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering
- Changes of sisu.plexus version 0.9.0.M2:
* Make build work with Java17
* Aligned to latest Maven plugins
* Moved release elements from oss-parent to local project
- Changes of sisu.plexus version 0.9.0.M1:
* Aligned logback with sisu.inject
* Build with Eclipse/Tycho 2.5.0 and Java 11
* Support configuration of collections with complex generic types
* Enabled Java CI workflow
* Enabled CodeQL analysis
sisu-mojos:
- Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the
same upstream project
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2658-1
Released: Tue Jul 30 15:37:26 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2667-1
Released: Tue Jul 30 16:14:01 2024
Summary: Recommended update for libxkbcommon
Type: recommended
Severity: moderate
References: 1218640,1228322
This update of libxkbcommon fixes the following issue:
- ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2679-1
Released: Wed Jul 31 09:47:44 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
Added a fips-certified pattern matching the exact certified FIPS
versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss
and libgcrypt.
Note that applying this pattern might cause downgrade of various packages
and so deinstall security and bugfix updates released after the certified
binaries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2684-1
Released: Wed Jul 31 20:04:41 2024
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
The following package changes have been done:
- login_defs-4.8.1-150400.10.18.1 updated
- patterns-base-fips-20200124-150400.20.10.1 updated
- shadow-4.8.1-150400.10.18.1 updated
- libfreebl3-3.101.2-150400.3.48.1 updated
- libxcb1-1.13-150000.3.11.1 updated
- mozilla-nss-certs-3.101.2-150400.3.48.1 updated
- mozilla-nss-3.101.2-150400.3.48.1 updated
- libsoftokn3-3.101.2-150400.3.48.1 updated
- java-17-openjdk-headless-17.0.12.0-150400.3.45.1 updated
- java-17-openjdk-17.0.12.0-150400.3.45.1 updated
- atinject-1+20211017gitd06ce18-150200.3.13.1 updated
- jakarta-inject-2.0.1-150200.5.3.3 added
- java-17-openjdk-devel-17.0.12.0-150400.3.45.1 updated
- maven-resolver-api-1.9.20-150200.3.23.2 updated
- plexus-containers-component-annotations-2.2.0-150200.3.9.2 updated
- plexus-interpolation-1.27.0-150200.3.7.2 updated
- plexus-utils-4.0.1-150200.3.11.2 updated
- plexus-xml-3.0.1-150200.5.8.2 updated
- sisu-inject-0.9.0.M3-150200.3.9.2 updated
- plexus-cipher-2.1.0-150200.3.7.1 updated
- maven-resolver-util-1.9.20-150200.3.23.2 updated
- maven-resolver-spi-1.9.20-150200.3.23.2 updated
- sisu-plexus-0.9.0.M3-150200.3.9.2 updated
- maven-shared-utils-3.4.2-150200.3.10.1 updated
- maven-resolver-named-locks-1.9.20-150200.3.23.2 updated
- google-guice-6.0.0-150200.3.10.4 updated
- maven-resolver-transport-file-1.9.20-150200.3.23.2 updated
- maven-resolver-connector-basic-1.9.20-150200.3.23.2 updated
- maven-resolver-transport-wagon-1.9.20-150200.3.23.2 updated
- maven-resolver-impl-1.9.20-150200.3.23.2 updated
- maven-resolver-transport-http-1.9.20-150200.3.23.2 updated
- maven-lib-3.9.8-150200.4.27.2 updated
- maven-3.9.8-150200.4.27.2 updated
- container:bci-openjdk-17-15.5.17-26.8 updated
- apache-commons-lang3-3.12.0-150200.3.6.4 removed
- cdi-api-2.0.2-150200.3.6.4 removed
- jboss-interceptors-1.2-api-1.0.0-150200.3.4.4 removed
More information about the sle-container-updates
mailing list