Navigation:
Browse pkgsrc
(this page)| 2021-04-15 13:23:14 by Ryo ONODERA | Files touched by this commit (95) |
Log message: *: Recursive revbump from devel/nss |
| 2021-04-15 10:54:54 by Thomas Klausner | Files touched by this commit (5) |
Log message: nss: restore symbol rename patches While the link fix did fix the case of openssl calling nss code, the other way round still happens, e.g. in libreoffice (since fixed to not use nss) and konqueror. Bump PKGREVISION. |
| 2021-04-09 08:55:06 by Thomas Klausner | Files touched by this commit (95) |
Log message: *: bump PKGREVISION for nss linking fix |
2021-04-09 08:40:59 by Thomas Klausner | Files touched by this commit (11) |  |
Log message: nss: fix interoperability with openssl For a long time now (at least 15 years), the installed pkg-config file also linked against libsoftokn3, which is wrong according to upstream. This library is only intended to be loaded as a module. Having this library linked added symbols to the namespace that conflict with openssl symbols. This had caused problems before, and patches had been added to rename symbols to avoid this conflict. Instead, fix this correctly by not linking against libsoftokn3. Switch to using the pkg-config and nss-config files provided in the distfiles instead of pkgsrc-specific ones. Remove now unneeded symbol-renaming patches. Remove DragonFly patches while here. Bump PKGREVISION. |
2021-03-30 18:34:05 by Ryo ONODERA | Files touched by this commit (2) |  |
Log message: nss: Update to 3.63 Changelog: Bugs fixed in NSS 3.63: * Bug 1697380 - Make a clang-format run on top of helpful contributions. * Bug 1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * Bug 1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * Bug 1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * Bug 1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * Bug 1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * Bug 1694214 - tstclnt can't enable middlebox compat mode. * Bug 1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * Bug 1685880 - Minor fix to prevent unused variable on early return. * Bug 1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * Bug 1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * Bug 1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * Bug 1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * Bug 1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * Bug 1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * Bug 1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * Bug 1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * Bug 1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * Bug 1694291 - Tracing fixes for ECH. |
| 2021-03-09 22:59:41 by Ryo ONODERA | Files touched by this commit (1) |
Log message: nss: Remove include/nss/nss reference from buildlink3.mk |
| 2021-03-09 04:44:23 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
nss: Update to 3.62
* Change header files installation suggested by markd@.
Do not install dbm header files and install nss header files
under nss, not nss/nss.
Changelog:
Bugs fixed in NSS 3.62
Bug 1688374 - Fix parallel build NSS-3.61 with make.
Bug 1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt \
"cachedCertTable".
Bug 1690583 - Fix CH padding extension size calculation.
Bug 1690421 - Adjust 3.62 ABI report formatting for new libabigail.
Bug 1690421 - Install packaged libabigail in docker-builds image.
Bug 1689228 - Minor ECH -09 fixes for interop testing, fuzzing.
Bug 1674819 - Fixup a51fae403328, enum type may be signed.
Bug 1681585 - Add ECH support to selfserv.
Bug 1681585 - Update ECH to Draft-09.
Bug 1678398 - Add Export/Import functions for HPKE context.
Bug 1678398 - Update HPKE to draft-07.
|
| 2021-01-27 17:28:20 by Ryo ONODERA | Files touched by this commit (2) |
Log message: nss: Update to 3.61 Changelog: Bugs fixed in NSS 3.61: * Bug 1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * Bug 1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * Bug 1651411 - Improve constant-timeness in RSA operations. * Bug 1677207 - Upgrade Google Test version to latest release. * Bug 1654332 - Add aarch64-make target to nss-try. |
| 2020-12-17 10:52:27 by Ryo ONODERA | Files touched by this commit (2) | |
Log message: nss: Update to 3.60 Changelog: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bug 1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bugs 1678189, 1678166, and 1670769 for more information. Bugs fixed in NSS 3.60: * Bug 1654332 - Implement Encrypted Client Hello (draft-ietf-tls-esni-08). * Bug 1678189 - Update CA list version to 2.46. * Bug 1670769 - Remove 10 GeoTrust, thawte, and VeriSign root certs from NSS. * Bug 1678166 - Add NAVER Global Root Certification Authority root cert to NSS. * Bug 1678384 - Add a build flag to allow building nssckbi-testlib in mozilla-central. * Bug 1570539 - Remove -X alt-server-hello option from tstclnt. * Bug 1675523 - Fix incorrect pkcs11t.h value CKR_PUBLIC_KEY_INVALID. * Bug 1642174 - Fix PowerPC ABI version 1 build failure. * Bug 1674819 - Fix undefined shift in fuzzer mode. * Bug 1678990 - Fix ARM crypto extensions detection on macOS. * Bug 1679290 - Fix lock order inversion and potential deadlock with libnsspem. * Bug 1680400 - Fix memory leak in PK11_UnwrapPrivKey. |
| 2020-11-18 15:24:00 by Ryo ONODERA | Files touched by this commit (5) | |
Log message: nss: Update to 3.59 Changelog: Notable Changes in NSS 3.59 Exported two existing functions from libnss, CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData NOTE: NSS will soon require GCC 4.8 or newer. Gyp-based builds will stop supporting older GCC versions first, followed a few releases later by the make-based builds. Users of older GCC versions can continue to use the make-based build system while they upgrade to newer versions of GCC. Bugs fixed in NSS 3.59 * Bug 1607449 - Lock cert->nssCertificate to prevent a potential data race * Bug 1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * Bug 1663661 - Guard against NULL token in nssSlot_IsTokenPresent * Bug 1670835 - Support enabling and disabling signatures via Crypto Policy * Bug 1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * Bug 1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * Bug 1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord * Bug 1666891 - Support key wrap/unwrap with RSA-OAEP * Bug 1667989 - Fix gyp linking on Solaris * Bug 1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * Bug 1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * Bug 1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * Bug 1670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. |
New packages: