./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.42, Package name: nss-3.42, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 3797c794d5ca67ca04b7701dacbfcfe73e6ac2df
RMD160: 4b288c0d772e0af863f47bbcf92dde0e16f7812c
Filesize: 22867.195 KB

Version history: (Expand)


CVS history: (Expand)


   2019-01-29 14:07:36 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.42

Changelog:
New Functionality:
 * Bug 818686 - Support XDG basedir specification

Notable changes:
 * Added support for some of the testcases from the Wycheproof project:
   - Bug 1508666 - Added AES-GCM test cases
   - Bug 1508673 - Added ChaCha20-Poly1305 test cases
   - Bug 1514999 - Added the Curve25519 test cases
   - Thanks to Jonas Allmann for adapting these tests.

Bugs fixed in NSS 3.42:
 * Bug 1490006 - Reject invalid CH.legacy_version in TLS 1.3
 * Bug 1507135 and Bug 1507174 - Add additional null checks to several CMS
   functions to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak
   for the discovery and fixes.
 * Bug 1513913 - A fix for Solaris where Firefox 60 core dumps during start when
   using profile from version 52
   2018-12-12 15:02:01 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.41

New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

Notable changes:
* The following CA certificates were added:
    CN = Certigna Root CA
    CN = GTS Root R1
    CN = GTS Root R2
    CN = GTS Root R3
    CN = GTS Root R4
    CN = UCA Global G2 Root
    CN = UCA Extended Validation Root

* The following CA certificates were removed:
    CN = AC Raíz Certicámara S.A.
    CN = Certplus Root CA G1
    CN = Certplus Root CA G2
    CN = OpenTrust Root CA G1
    CN = OpenTrust Root CA G2
    CN = OpenTrust Root CA G3

Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
  Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
  (CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3
   2018-12-09 19:52:52 by Adam Ciarcinski | Files touched by this commit (724)
Log message:
revbump after updating textproc/icu
   2018-11-12 15:40:22 by Jonathan Perkin | Files touched by this commit (19)
Log message:
*: Add CTF_SUPPORTED/CTF_FILES_SKIP where necessary.
   2018-11-04 01:33:27 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.40

Changelog:
Notable bug fixes:
* Bug 1478698 - FFDHE key exchange sometimes fails with decryption failure

New functionality:
* The draft-00 version of encrypted SNI support is implemented
* tstclnt now takes -N option to specify encrypted SNI key

Notable changes:
* The mozilla::pkix library has been ported from Mozilla PSM to NSS.
  This is a C++ library for building certification paths.
  mozilla::pkix APIs are not exposed in the libraries NSS builds.
* It is easier to build NSS on Windows in mozilla-build environments.
* The following CA certificates were Removed:
    CN = Visa eCommerce Root
   2018-09-05 17:19:03 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.39

Changelog:
Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

New functionality:
* The tstclnt and selfserv utilities added support for configuring
  the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
  these keys is disabled by default but can be enabled using
  SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
  an NSS key database.
* Added the nss-policy-check utility, which can be used to check
  an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

Notable changes:
* The TLS 1.3 implementation uses the final version number from
  RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
  where the DigestInfo structure was missing the NULL parameter.
  Starting with version 3.39, NSS requires the encoding to contain
  the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
  parameter, as support for TLS compression was removed in a
  previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
  - OU = GlobalSign Root CA - R6
  - CN = OISTE WISeKey Global Root GC CA
  The following CA certificate was Removed:
  - CN = ComSign
  The following CA certificates had the Websites trust bit disabled:
  - CN = Certplus Root CA G1
  - CN = Certplus Root CA G2
  - CN = OpenTrust Root CA G1
  - CN = OpenTrust Root CA G2
  - CN = OpenTrust Root CA G3
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-07-20 05:34:33 by Ryo ONODERA | Files touched by this commit (705)
Log message:
Recursive revbump from textproc/icu-62.1