./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.33nb1, Package name: nss-3.33nb1, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 85d25795b01be3f4459707ce04e9bbed9e549865
RMD160: fe4d2fb56f15db3531e0efbdff8eda4aced41a03
Filesize: 9353.548 KB

Version history: (Expand)


CVS history: (Expand)


   2017-10-19 17:28:45 by Jonathan Perkin | Files touched by this commit (2)
Log message:
nss: Support SunOS byteswap macros.
   2017-10-02 22:45:11 by Leonardo Taccari | Files touched by this commit (1)
Log message:
nss: needs c99

Noticed by Riccardo Mottola via netbsd-users@:

 <http://mail-index.netbsd.org/netbsd-users/2017/09/29/msg020182.html>

Thanks!
   2017-09-26 12:59:40 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 3.33

Changelog:
Notable Changes in NSS 3.33

    TLS compression is no longer supported. API calls that attempt to enable \ 
compression are accepted without failure. However, TLS compression will remain \ 
disabled.
    This version of NSS uses a formally verified implementation of Curve25519 on \ 
64-bit systems.
    The compile time flag DISABLE_ECC has been removed.
    When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not \ 
performed anymore.
    Various minor improvements and correctness fixes.
   2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676)
Log message:
revbump for requiring ICU 59.x
   2017-08-01 14:15:15 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.32

Changelog:
Notable Changes:
================
* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
  certificates:
  - CN = AddTrust Class 1 CA Root
  - CN = Swisscom Root CA 2
* The following CA certificates were Removed:
  - CN = AddTrust Public CA Root
  - CN = AddTrust Qualified CA Root
  - CN = China Internet Network Information Center EV Certificates Root
  - CN = CNNIC ROOT
  - CN = ComSign Secured CA
  - CN = GeoTrust Global CA 2
  - CN = Secure Certificate Services
  - CN = Swisscom Root CA 1
  - CN = Swisscom Root EV CA 2
  - CN = Trusted Certificate Services
  - CN = UTN-USERFirst-Hardware
  - CN = UTN-USERFirst-Object
   2017-07-10 07:13:47 by Thomas Klausner | Files touched by this commit (1)
Log message:
Honor LDFLAGS. Fix a pkglint warning for better ccache support.
   2017-06-14 13:18:55 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 3.31

Changelog:
New functionality:
==================
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
  status in a thread safe way.

New Functions:
==============
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
  certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
  certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
  URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
  information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.

New Macros:
===========
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
  in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
  in RFC7512.

Notable Changes:
================
* The APIs that set a TLS version range have been changed to trim the requested
  range to the overlap with a systemwide crypto policy, if configured.
  SSL_VersionRangeGetSupported can be used to query the overlap between the
  library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
  failure if the requested version range wasn't fully allowed by the systemwide
  crypto policy. They have been changed to return success, if at least one TLS
  version overlaps between the requested range and the systemwide policy. An
  application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
  query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
  certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
  /dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
  time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.

The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.
   2017-04-27 03:47:21 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.30.2

Changelog:
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)