Log message:
Update to 3.48

Changelog:
Notable Changes in NSS 3.48

 * TLS 1.3 is the default maximum TLS version.  See Bug 1573118 for details.

 * TLS extended master secret is enabled by default, where possible.  See Bug
1575411 for details.

 * The master password PBE now uses 10,000 iterations by default when using
the default sql (key4.db) storage. Because using an iteration count higher
than 1 with the legacy dbm (key3.db) storage creates files that are
incompatible with previous versions of NSS, applications that wish to enable
it for key3.db are required to set environment variable
NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1. Applications may set environment
variable NSS_MIN_MP_PBE_ITERATION_COUNT to request a higher iteration count
than the library's default, or NSS_MAX_MP_PBE_ITERATION_COUNT to request a
lower iteration count for test environments. See Bug 1562671 for details.

Certificate Authority Changes

The following CA certificates were Added:
 * Bug 1591178 - Entrust Root Certification Authority - G4 Cert
   SHA-256 Fingerprint:
DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88

Bugs fixed in NSS 3.48

 * Bug 1586176 - EncryptUpdate should use maxout not block size
(CVE-2019-11745)
    -- Note that this was previously fixed in NSS 3.44.3 and 3.47.1.
 * Bug 1600775 - Require NSPR 4.24 for NSS 3.48
 * Bug 1593401 - Fix race condition in self-encrypt functions
 * Bug 1599545 - Fix assertion and add test for early Key Update
 * Bug 1597799 - Fix a crash in nssCKFWObject_GetAttributeSize
 * Bug 1591178 - Add Entrust Root Certification Authority - G4 certificate to
NSS
 * Bug 1590001 - Prevent negotiation of versions lower than 1.3 after
HelloRetryRequest
 * Bug 1596450 - Added a simplified and unified MAC implementation for HMAC
and CMAC behind PKCS#11
 * Bug 1522203 - Remove an old Pentium Pro performance workaround
 * Bug 1592557 - Fix PRNG known-answer-test scripts
 * Bug 1593141 - add `notBefore` or similar "beginning-of-validity-period"
parameter to mozilla::pkix::TrustDomain::CheckRevocation
 * Bug 1591363 - Fix a PBKDF2 memory leak in NSC_GenerateKey if key length >
MAX_KEY_LEN (256)
 * Bug 1592869 - Use ARM NEON for ctr_xor
 * Bug 1566131 - Ensure SHA-1 fallback disabled in TLS 1.2
 * Bug 1577803 - Mark PKCS#11 token as friendly if it implements
CKP_PUBLIC_CERTIFICATES_TOKEN
 * Bug 1566126 - POWER GHASH Vector Acceleration
 * Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c
 * Bug 1590495 - Fix a crash in PK11_MakeCertFromHandle
 * Bug 1591742 - Ensure DES IV length is valid before usage from PKCS#11
 * Bug 1588567 - Enable mozilla::pkix gtests in NSS CI
 * Bug 1591315 - Update NSC_Decrypt length in constant time
 * Bug 1562671 - Increase NSS MP KDF default iteration count, by default for
modern key4 storage, optionally for legacy key3.db storage
 * Bug 1590972 - Use -std=c99 rather than -std=gnu99
 * Bug 1590676 - Fix build if ARM doesn't support NEON
 * Bug 1575411 - Enable TLS extended master secret by default
 * Bug 1590970 - SSL_SetTimeFunc has incomplete coverage
 * Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c
 * Bug 1588244 - NSS changes for Delegated Credential key strength checks
 * Bug 1459141 - Add more CBC padding tests that missed NSS 3.47
 * Bug 1590339 - Fix a memory leak in btoa.c
 * Bug 1589810 - fix uninitialized variable warnings from certdata.perl
 * Bug 1573118 - Enable TLS 1.3 by default in NSS

Log message:
Update to 3.47.1

Changelog:
NSS 3.47.1 includes:

* CVE-2019-11745 - EncryptUpdate should use maxout, not block size
* Bug 1590495 - Fix a crash that could be caused by client certificates during
startup
* Bug 1589810 - Fix compile-time warnings from uninitialized variables in a
perl script

NSS 3.47.1 requires NSPR 4.23 or newer. The HG tag is NSS_3_47_1_RTM.

Log message:
Update to 3.46.1

Changelog:
* 1582343 - Soft token MAC verification not constant time
* 1577953 - Remove arbitrary HKDF output limit by allocating space as needed

Log message:
nss: aarch64 build fix

From OpenBSD. Similar to PR pkg/53353 for ARM. Although different symbols
missing in that case and that's believed to be fixed already.

Log message:
Update to 3.46

Changelog:
Notable Changes:
 * The following CA certificates were Removed:
  - 1574670 - Remove expired Class 2 Primary root certificate
  - 1574670 - Remove expired UTN-USERFirst-Client root certificat
  - 1574670 - Remove expired Deutsche Telekom Root CA 2 root certificate
  - 1566569 - Remove Swisscom Root CA 2 root certificate
 * Significant improvements to AES-GCM performance on ARM

Bugs fixed in NSS 3.46:

 * 1572164 - Don't unnecessarily free session in NSC_WrapKey
 * 1574220 - Improve controls after errors in tstcln, selfserv and vfyserv
cmds
 * 1550636 - Upgrade SQLite in NSS to a 2019 version
 * 1572593 - Reset advertised extensions in ssl_ConstructExtensions
 * 1415118 - NSS build with ./build.sh --enable-libpkix fails
 * 1539788 - Add length checks for cryptographic primitives
 * 1542077 - mp_set_ulong and mp_set_int should return errors on bad values
 * 1572791 - Read out-of-bounds in DER_DecodeTimeChoice_Util from
SSLExp_DelegateCredential
 * 1560593 - Cleanup.sh script does not set error exit code for tests that
"Failed with core"
 * 1566601 - Add Wycheproof test vectors for AES-KW
 * 1571316 - curve25519_32.c:280: undefined reference to `PR_Assert' when
building NSS 3.45 on armhf-linux
 * 1516593 - Client to generate new random during renegotiation
 * 1563258 - fips.sh fails due to non-existent "resp" directories
 * 1561598 - Remove -Wmaybe-uninitialized warning in pqg.c
 * 1560806 - Increase softoken password max size to 500 characters
 * 1568776 - Output paths relative to repository in NSS coverity
 * 1453408 - modutil -changepw fails in FIPS mode if password is an empty
string
 * 1564727 - Use a PSS SPKI when possible for delegated credentials
 * 1493916 - fix ppc64 inline assembler for clang
 * 1561588 - Remove -Wmaybe-uninitialized warning in p7env.c
 * 1561548 - Remove -Wmaybe-uninitialized warning in
pkix_pl_ldapdefaultclient.c
 * 1512605 - Incorrect alert description after unencrypted Finished msg
 * 1564715 - Read /proc/cpuinfo when AT_HWCAP2 returns 0
 * 1532194 - Remove or fix -DDEBUG_$USER from make builds
 * 1565577 - Visual Studio's cl.exe -? hangs on Windows x64 when building nss
since changeset 9162c654d06915f0f15948fbf67d4103a229226f
 * 1564875 - Improve rebuilding with build.sh
 * 1565243 - Support TC_OWNER without email address in nss taskgraph
 * 1563778 - Increase maxRunTime on Mac taskcluster Tools, SSL tests
 * 1561591 - Remove -Wmaybe-uninitialized warning in tstclnt.c
 * 1561587 - Remove -Wmaybe-uninitialized warning in lgattr.c
 * 1561558 - Remove -Wmaybe-uninitialized warning in httpserv.c
 * 1561556 - Remove -Wmaybe-uninitialized warning in tls13esni.c
 * 1561332 - ec.c:28 warning: comparison of integers of different signs: 'int'
and 'unsigned long'
 * 1564714 - Print certutil commands during setup
 * 1565013 - HACL image builder times out while fetching gpg key
 * 1563786 - Update hacl-star docker image to pull specific commit
 * 1559012 - Improve GCM perfomance using PMULL2
 * 1528666 - Correct resumption validation checks
 * 1568803 - More tests for client certificate authentication
 * 1564284 - Support profile mobility across Windows and Linux
 * 1573942 - Gtest for pkcs11.txt with different breaking line formats
 * 1575968 - Add strsclnt option to enforce the use of either IPv4 or IPv6
 * 1549847 - Fix NSS builds on iOS
 * 1485533 - Enable NSS_SSL_TESTS on taskcluster

Log message:
Bump PKGREVISIONs for perl 5.30.0

Log message:
Update HOMEPAGE

Log message:
Update to 3.45

Changelog:
New Functions

    in pk11pub.h:
	PK11_FindRawCertsWithSubject - Finds all certificates on the given
slot with the given subject distinguished name and returns them as DER bytes.
If no such certificates can be found, returns SECSuccess and sets *results to
NULL. If a failure is encountered while fetching any of the matching
certificates, SECFailure is returned and *results will be NULL.

Notable Changes in NSS 3.45

    Bug 1540403 - Implement Delegated Credentials (draft-ietf-tls-subcerts)
	This adds a new experimental function: SSL_DelegateCredential
	Note: In 3.45, selfserv does not yet support delegated credentials.
See Bug 1548360.
	Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming
change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated
credential for better policy enforcement. See Bug 1563078.
    Bug 1550579 - Replace ARM32 Curve25519 implementation with one from
fiat-crypto
    Bug 1551129 - Support static linking on Windows
    Bug 1552262 - Expose a function PK11_FindRawCertsWithSubject for finding
certificates with a given subject on a given slot
    Bug 1546229 - Add IPSEC IKE support to softoken
    Bug 1554616 - Add support for the Elbrus lcc compiler (<=1.23)
    Bug 1543874 - Expose an external clock for SSL
	This adds new experimental functions: SSL_SetTimeFunc,
SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and
SSL_ReleaseAntiReplayContext.
	The experimental function SSL_InitAntiReplay is removed.
    Bug 1546477 - Various changes in response to the ongoing FIPS review
	Note: The source package size has increased substantially due to the
new FIPS test vectors. This will likely prompt follow-on work, but please
accept our apologies in the meantime.

Certificate Authority Changes

    The following CA certificates were Removed:
	Bug 1552374 - CN = Certinomis - Root CA
	    SHA-256 Fingerprint:
2A99F5BC1174B73CBB1D620884E01C34E51CCB3978DA125F0E33268883BF4158

Bugs fixed in NSS 3.45

    Bug 1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
    Bug 1515342 - More thorough input checking (CVE-2019-11729)
    Bug 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
(CVE-2019-11727)
    Bug 1227090 - Fix a potential divide-by-zero in makePfromQandSeed from
lib/freebl/pqg.c (static analysis)
    Bug 1227096 - Fix a potential divide-by-zero in PQG_VerifyParams from
lib/freebl/pqg.c  (static analysis)
    Bug 1509432 - De-duplicate code between mp_set_long and mp_set_ulong
    Bug 1515011 - Fix a mistake with ChaCha20-Poly1305 test code where tags
could be faked. Only relevant for clients that might have copied the unit test
code verbatim
    Bug 1550022 - Ensure nssutil3 gets built on Android
    Bug 1528174 - ChaCha20Poly1305 should no longer modify output length on
failure
    Bug 1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() returns
error
    Bug 1551041 - Fix builds using GCC < 4.3 on big-endian architectures
    Bug 1554659 - Add versioning to OpenBSD builds to fix link time errors
using NSS
    Bug 1553443 - Send session ticket only after handshake is marked as
finished
    Bug 1550708 - Fix gyp scripts on Solaris SPARC so that
libfreebl_64fpu_3.so builds
    Bug 1554336 - Optimize away unneeded loop in mpi.c
    Bug 1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
    Bug 1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
    Bug 1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
    Bug 1556591 - Eliminate races in uses of PK11_SetWrapKey
    Bug 1558681 - Stop using a global for anti-replay of TLS 1.3 early data
    Bug 1561510 - Fix a bug where removing -arch XXX args from CC didn't work
    Bug 1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION

Log message:
Update to 3.44.1

Changelog:
3.44.1:
* 1554336 - Optimize away unneeded loop in mpi.c
* 1515342 - More thorough input checking
* 1540541 - Don't unnecessarily strip leading 0's from key material during
PKCS11 import
* 1515236 - Add a SSLKEYLOGFILE enable/disable flag at build.sh
* 1546229 - Add IPSEC IKE support to softoken
* 1473806 - Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
* 1546477 - Updates to testing for FIPS validation
* 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
* 1551041 - Unbreak build on GCC < 4.3 big-endian

Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.