./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.44.1, Package name: nss-3.44.1, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 75c05f0a0677f47d8fd3848c8b8daa72c7e0b58a
RMD160: ecc7be154ece25fa55fe5f4dc221a97b94337395
Filesize: 74205.413 KB

Version history: (Expand)


CVS history: (Expand)


   2019-06-22 05:54:04 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.44.1

Changelog:
3.44.1:
* 1554336 - Optimize away unneeded loop in mpi.c
* 1515342 - More thorough input checking
* 1540541 - Don't unnecessarily strip leading 0's from key material during
PKCS11 import
* 1515236 - Add a SSLKEYLOGFILE enable/disable flag at build.sh
* 1546229 - Add IPSEC IKE support to softoken
* 1473806 - Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
* 1546477 - Updates to testing for FIPS validation
* 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
* 1551041 - Unbreak build on GCC < 4.3 big-endian
   2019-05-23 21:23:24 by Roland Illig | Files touched by this commit (242)
Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
   2019-05-16 16:08:16 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 3.44

Changelog:
New Functions:

    in lib/certdb/cert.h
	CERT_GetCertificateDer - Access the DER-encoded form of a
CERTCertificate.

Notable Changes in NSS 3.44:

   * It is now possible to build NSS as a static library (Bug 1543545)
   * Initial support for building for iOS.

Bugs fixed in NSS 3.44:

   * 1501542 - Implement CheckARMSupport for Android
   * 1531244 - Use __builtin_bswap64 in crypto_primitives.h
   * 1533216 - CERT_DecodeCertPackage() crash with Netscape Certificate
Sequences
   * 1533616 - sdb_GetAttributeValueNoLock should make at most one sql query,
rather than one for each attribute
   * 1531236 - Provide accessor for CERTCertificate.derCert
   * 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine
   * 1532384 - In NSS test certificates, use @example.com (not @bogus.com)
   * 1538479 - Post-Handshake messages after async server authentication break
when using record layer separation
   * 1521578 - x25519 support in pk11pars.c
   * 1540205 - freebl build fails with -DNSS_DISABLE_CHACHAPOLY
   * 1532312 - post-handshake auth doesn't interoperate with OpenSSL
   * 1542741 - certutil -F crashes with segmentation fault
   * 1546925 - Allow preceding text in try comment
   * 1534468 - Expose ChaCha20 primitive
   * 1418944 - Quote CC/CXX variables passed to nspr
   * 1543545 - Allow to build NSS as a static library
   * 1487597 - Early data that arrives before the handshake completes can be
read afterwards
   * 1548398 - freebl_gtest not building on Linux/Mac
   * 1548722 - Fix some Coverity warnings
   * 1540652 - softoken/sdb.c: Logically dead code
   * 1549413 - Android log lib is not included in build
   * 1537927 - IPsec usage is too restrictive for existing deployments
   * 1549608 - Signature fails with dbm disabled
   * 1549848 - Allow building NSS for iOS using gyp
   * 1549847 - NSS's SQLite compilation warnings make the build fail on iOS
   * 1550041 - freebl not building on iOS simulator
   * 1542950 - MacOS cipher test timeouts
   2019-05-06 00:47:28 by Ryo ONODERA | Files touched by this commit (8) | Package updated
Log message:
Do not conflict with MD5_Update from OpenSSL

Like SHA1_Update, define another name, NSS_MD5_Update and
use via CPP macto.
This change fixes PDF export of misc/libreoffice.

And make pkglint happier.
   2019-04-03 02:33:20 by Ryo ONODERA | Files touched by this commit (748)
Log message:
Recursive revbump from textproc/icu
   2019-03-22 16:50:34 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.43

Changelog:
New Functionality:
 * in sechash.h
    HASH_GetHashOidTagByHashType - convert type HASH_HashType to type
SECOidTag

 * in sslexp.h
    SSL_SendCertificateRequest - allow server to request post-handshake client
    authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
    present, post-handshake authentication is currently not TLS 1.3 compliant
    due to Bug 1532312

Notable changes:
 * The following CA certificates were Added:
  - CN = emSign Root CA - G1
    SHA-256 Fingerprint:
40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367

  - CN = emSign ECC Root CA - G3
    SHA-256 Fingerprint:
86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B

  - CN = emSign Root CA - C1
    SHA-256 Fingerprint:
125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F

  - CN = emSign ECC Root CA - C3
    SHA-256 Fingerprint:
BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3

  - CN = Hongkong Post Root CA 3
    SHA-256 Fingerprint:
5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6

Bugs fixed in NSS 3.43
 * Bug 1528669 and Bug 1529308 - Improve Gyp build system handling

 * Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird

 * Bug 1530134 - If Docker isn't installed, try running a local clang-format
		 as a fallback

 * Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
		 is set

 * Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes

 * Bug 1513909 - Add manual for nss-policy-check

 * Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue

 * Bug 1517714 - Properly handle ESNI with HRR

 * Bug 1529813 - Expose HKDF-Expand-Label with mechanism

 * Bug 1535122 - Align TLS 1.3 HKDF trace levels

 * Bug 1530102 - Use getentropy on compatible versions of FreeBSD
   2019-01-29 14:07:36 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.42

Changelog:
New Functionality:
 * Bug 818686 - Support XDG basedir specification

Notable changes:
 * Added support for some of the testcases from the Wycheproof project:
   - Bug 1508666 - Added AES-GCM test cases
   - Bug 1508673 - Added ChaCha20-Poly1305 test cases
   - Bug 1514999 - Added the Curve25519 test cases
   - Thanks to Jonas Allmann for adapting these tests.

Bugs fixed in NSS 3.42:
 * Bug 1490006 - Reject invalid CH.legacy_version in TLS 1.3
 * Bug 1507135 and Bug 1507174 - Add additional null checks to several CMS
   functions to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak
   for the discovery and fixes.
 * Bug 1513913 - A fix for Solaris where Firefox 60 core dumps during start when
   using profile from version 52
   2018-12-12 15:02:01 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 3.41

New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

Notable changes:
* The following CA certificates were added:
    CN = Certigna Root CA
    CN = GTS Root R1
    CN = GTS Root R2
    CN = GTS Root R3
    CN = GTS Root R4
    CN = UCA Global G2 Root
    CN = UCA Extended Validation Root

* The following CA certificates were removed:
    CN = AC Raíz Certicámara S.A.
    CN = Certplus Root CA G1
    CN = Certplus Root CA G2
    CN = OpenTrust Root CA G1
    CN = OpenTrust Root CA G2
    CN = OpenTrust Root CA G3

Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
  Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
  (CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3