Security update for mozilla-nss (important)

An update that solves one vulnerability and has 6 fixes is
now available.

Description:

This update for mozilla-nss fixes the following issues:

Various FIPS 140-3 related fixes were backported from SUSE Linux
Enterprise 15 SP4:

• Makes the PBKDF known answer test compliant with NIST SP800-132.
  (bsc#1192079).
• FIPS: Add on-demand integrity tests through
  sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
• FIPS: mark algorithms as approved/non-approved according to security
  policy (bsc#1191546, bsc#1201298).
• FIPS: remove hard disabling of unapproved algorithms. This requirement
  is now fulfilled by the service level indicator (bsc#1200325).
• Run test suite at build time, and make it pass (bsc#1198486).
• FIPS: skip algorithms that are hard disabled in FIPS mode.
• Prevent expired PayPalEE cert from failing the tests.
• Allow checksumming to be disabled, but only if we entered FIPS mode due
  to NSS_FIPS being set, not if it came from /proc.
• FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
• Update FIPS validation string to version-release format.
• FIPS: remove XCBC MAC from list of FIPS approved algorithms.
• Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
• FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
• FIPS: allow testing of unapproved algorithms (bsc#1192228).
• FIPS: add version indicators. (bmo#1729550, bsc#1192086).
• FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).

Version update to NSS 3.79:

• Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
• Update mercurial in clang-format docker image.
• Use of uninitialized pointer in lg_init after alloc fail.
• selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
• Add SECMOD_LockedModuleHasRemovableSlots.
• Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
• Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat
  extension alerts.
• TLS 1.3 Server: Send protocol_version alert on unsupported
  ClientHello.legacy_version.
• Correct invalid record inner and outer content type alerts.
• NSS does not properly import or export pkcs12 files with large passwords
  and pkcs5v2 encoding.
• improve error handling after nssCKFWInstance_CreateObjectHandle.
• Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
• NSS 3.79 should depend on NSPR 4.34

Version update to NSS 3.78.1:

• Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple

Version update to NSS 3.78:

• Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length
  record/fragment handling tests.
• Reworked overlong record size checks and added TLS1.3 specific
  boundaries.
• Add ECH Grease Support to tstclnt
• Add a strict variant of moz::pkix::CheckCertHostname.
• Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
• Make SEC_PKCS12EnableCipher succeed
• Update zlib in NSS to 1.2.12.

Version update to NSS 3.77:

• Fix link to TLS page on wireshark wiki
• Add two D-TRUST 2020 root certificates.
• Add Telia Root CA v2 root certificate.
• Remove expired explicitly distrusted certificates from certdata.txt.
• support specific RSA-PSS parameters in mozilla::pkix
• Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
• Remove token member from NSSSlot struct.
• Provide secure variants of mpp_pprime and mpp_make_prime.
• Support UTF-8 library path in the module spec string.
• Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
• Update googletest to 1.11.0
• Add SetTls13GreaseEchSize to experimental API.
• TLS 1.3 Illegal legacy_version handling/alerts.
• Fix calculation of ECH HRR Transcript.
• Allow ld path to be set as environment variable.
• Ensure we don’t read uninitialized memory in ssl gtests.
• Fix DataBuffer Move Assignment.
• internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
• rework signature verification in mozilla::pkix

Version update to NSS 3.76.1

• Remove token member from NSSSlot struct.
• Hold tokensLock through nssToken_GetSlot calls in
  nssTrustDomain_GetActiveSlots.
• Check return value of PK11Slot_GetNSSToken.
• Use Wycheproof JSON for RSASSA-PSS
• Add SHA256 fingerprint comments to old certdata.txt entries.
• Avoid truncating files in nss-release-helper.py.
• Throw illegal_parameter alert for illegal extensions in handshake
  message.

Version update to NSS 3.75

• Make DottedOIDToCode.py compatible with python3.
• Avoid undefined shift in SSL_CERT_IS while fuzzing.
• Remove redundant key type check.
• Update ABI expectations to match ECH changes.
• Enable CKM_CHACHA20.
• check return on NSS_NoDB_Init and NSS_Shutdown.
• Run ECDSA test vectors from bltest as part of the CI tests.
• Add ECDSA test vectors to the bltest command line tool.
• Allow to build using clang’s integrated assembler.
• Allow to override python for the build.
• test HKDF output rather than input.
• Use ASSERT macros to end failed tests early.
• move assignment operator for DataBuffer.
• Add test cases for ECH compression and unexpected extensions in SH.
• Update tests for ECH-13.
• Tidy up error handling.
• Add tests for ECH HRR Changes.
• Server only sends GREASE HRR extension if enabled by preference.
• Update generation of the Associated Data for ECH-13.
• When ECH is accepted, reject extensions which were only advertised in
  the Outer Client Hello.
• Allow for compressed, non-contiguous, extensions.
• Scramble the PSK extension in CHOuter.
• Split custom extension handling for ECH.
• Add ECH-13 HRR Handling.
• Client side ECH padding.
• Stricter ClientHelloInner Decompression.
• Remove ECH_inner extension, use new enum format.
• Update the version number for ECH-13 and adjust the ECHConfig size.

Version update to NSS 3.74

• mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses

• Ensure clients offer consistent ciphersuites after HRR

• NSS does not properly restrict server keys based on policy

• Set nssckbi version number to 2.54

• Replace Google Trust Services LLC (GTS) R4 root certificate

• Replace Google Trust Services LLC (GTS) R3 root certificate

• Replace Google Trust Services LLC (GTS) R2 root certificate

• Replace Google Trust Services LLC (GTS) R1 root certificate

• Replace GlobalSign ECC Root CA R4

• Remove Expired Root Certificates - DST Root CA X3

• Remove Expiring Cybertrust Global Root and GlobalSign root certificates

• Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068
  root certificate

• Add iTrusChina ECC root certificate

• Add iTrusChina RSA root certificate

• Add ISRG Root X2 root certificate

• Add Chunghwa Telecom’s HiPKI Root CA - G1 root certificate

• Avoid a clang 13 unused variable warning in opt build

• Check for missing signedData field

• Ensure DER encoded signatures are within size limits

• enable key logging option (boo#1195040)

Version update to NSS 3.73.1:

• Add SHA-2 support to mozilla::pkix’s OSCP implementation

Version update to NSS 3.73

• check for missing signedData field.
• Ensure DER encoded signatures are within size limits.
• NSS needs FiPS 140-3 version indicators.
• pkix_CacheCert_Lookup doesn’t return cached certs
• sunset Coverity from NSS

Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via
DER-encoded DSA and RSA-PSS signatures

Version update to NSS 3.72

• Fix nsinstall parallel failure.
• Increase KDF cache size to mitigate perf regression in about:logins

Version update to NSS 3.71

• Set nssckbi version number to 2.52.
• Respect server requirements of
  tlsfuzzer/test-tls13-signature-algorithms.py
• Import of PKCS#12 files with Camellia encryption is not supported
• Add HARICA Client ECC Root CA 2021.
• Add HARICA Client RSA Root CA 2021.
• Add HARICA TLS ECC Root CA 2021.
• Add HARICA TLS RSA Root CA 2021.
• Add TunTrust Root CA certificate to NSS.

Version update to NSS 3.70

• Update test case to verify fix.
• Explicitly disable downgrade check in
  TlsConnectStreamTls13.EchOuterWith12Max
• Explicitly disable downgrade check in
  TlsConnectTest.DisableFalseStartOnFallback
• Avoid using a lookup table in nssb64d.
• Use HW accelerated SHA2 on AArch64 Big Endian.
• Change default value of enableHelloDowngradeCheck to true.
• Cache additional PBE entries.
• Read HPKE vectors from official JSON.

Version update to NSS 3.69.1:

• Disable DTLS 1.0 and 1.1 by default
• integrity checks in key4.db not happening on private components with
  AES_CBC

NSS 3.69:

• Disable DTLS 1.0 and 1.1 by default (backed out again)
• integrity checks in key4.db not happening on private components with
  AES_CBC (backed out again)
• SSL handling of signature algorithms ignores environmental invalid
  algorithms.
• sqlite 3.34 changed it’s open semantics, causing nss failures.
• Gtest update changed the gtest reports, losing gtest details in all.sh
  reports.
• NSS incorrectly accepting 1536 bit DH primes in FIPS mode
• SQLite calls could timeout in starvation situations.
• Coverity/cpp scanner errors found in nss 3.67
• Import the NSS documentation from MDN in nss/doc.
• NSS using a tempdir to measure sql performance not active

Version Update to 3.68.4 (bsc#1200027)

• CVE-2022-31741: Initialize pointers passed to
  NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-2595=1

• SUSE Linux Enterprise Module for Basesystem 15-SP4:

  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2595=1