./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.39, Package name: nss-3.39, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 351e0e9607ead50174efe5f5107e2dc97e7358f2
RMD160: 84a0a74fc8666cbfba370c7ce5fa69e27863a04e
Filesize: 22508.36 KB

Version history: (Expand)


CVS history: (Expand)


   2018-09-05 17:19:03 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.39

Changelog:
Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

New functionality:
* The tstclnt and selfserv utilities added support for configuring
  the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
  these keys is disabled by default but can be enabled using
  SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
  an NSS key database.
* Added the nss-policy-check utility, which can be used to check
  an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

Notable changes:
* The TLS 1.3 implementation uses the final version number from
  RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
  where the DigestInfo structure was missing the NULL parameter.
  Starting with version 3.39, NSS requires the encoding to contain
  the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
  parameter, as support for TLS compression was removed in a
  previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
  - OU = GlobalSign Root CA - R6
  - CN = OISTE WISeKey Global Root GC CA
  The following CA certificate was Removed:
  - CN = ComSign
  The following CA certificates had the Websites trust bit disabled:
  - CN = Certplus Root CA G1
  - CN = Certplus Root CA G2
  - CN = OpenTrust Root CA G1
  - CN = OpenTrust Root CA G2
  - CN = OpenTrust Root CA G3
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-07-20 05:34:33 by Ryo ONODERA | Files touched by this commit (705)
Log message:
Recursive revbump from textproc/icu-62.1
   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2018-06-07 21:04:59 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.37.3

Changelog:
No new functionality is introduced in these releases.

The following compatibility fixes are included. Users are encouraged to upgrade.

* Bug 1462303 - Connecting to a server that was recently upgraded to
  TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
   2018-06-01 14:18:03 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.37.1

Changelog:
No new functionality is introduced in these releases.

The following compatibility fixes are included. Users are encouraged
to upgrade.

* Bug 1462303 - Connecting to a server that was recently upgraded to TLS 1.3
  would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
   2018-05-10 22:20:41 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.37

Changelog:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
  select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
  getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
  following CA certificates:
  - CN = S-TRUST Universal Root CA
  - CN = TC TrustCenter Class 3 CA II
  - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
   2018-04-14 09:34:46 by Adam Ciarcinski | Files touched by this commit (681) | Package updated
Log message:
revbump after icu update