./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.98, Package name: nss-3.98, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 74888.159 KB

Version history: (Expand)


CVS history: (Expand)


   2024-02-15 23:46:50 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.98.

Changes:

   - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA
     decryption in TLS.
   - Bug 1879513 - Certificate Compression: enabling the check
     that the compression was advertised.
   - Bug 1831552 - Move Windows workers to
     nss-1/b-win2022-alpha.
   - Bug 1879945 - Remove Email trust bit from OISTE WISeKey
     Global Root GC CA.
   - Bug 1877344 - Replace `distutils.spawn.find_executable`
     with `shutil.which` within `mach` in `nss`.
   - Bug 1548723 - Certificate Compression: Updating
     nss_bogo_shim to support Certificate compression.
   - Bug 1548723 - TLS Certificate Compression (RFC 8879)
     Implementation.
   - Bug 1875356 - Add valgrind annotations to freebl kyber
     operations for constant-time execution tests.
   - Bug 1870673 - Set nssckbi version number to 2.66.
   - Bug 1874017 - Add Telekom Security roots.
   - Bug 1873095 - Add D-Trust 2022 S/MIME roots.
   - Bug 1865450 - Remove expired Security Communication RootCA1
     root.
   - Bug 1876179 - move keys to a slot that supports
     concatenation in PK11_ConcatSymKeys.
   - Bug 1876800 - remove unmaintained tls-interop tests.
   - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id
     shim flags.
   - Bug 1874937 - bogo: add support for the -curves shim flag
     and update Kyber expectations.
   - Bug 1874937 - bogo: adjust expectation for a key usage bit
     test.
   - Bug 1757758 - mozpkix: add option to ignore invalid subject
     alternative names.
   - Bug 1841029 - Fix selfserv not stripping `publicname:` from
     -X value.
   - Bug 1876390 - take ownership of ecckilla shims.
   - Bug 1874458 - add valgrind annotations to freebl/ec.c.
   - Bug  864039 - PR_INADDR_ANY needs PR_htonl before
     assignment to inet.ip.
   - Bug 1875965 - Update zlib to 1.3.1.
   2024-01-23 01:42:19 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
nss: update to 3.97.

Changes:
  - Bug 1875506 - make Xyber768d00 opt-in by policy.
  - Bug 1871631 - add libssl support for xyber768d00.
  - Bug 1871630 - add PK11_ConcatSymKeys.
  - Bug 1775046 - add Kyber and a PKCS#11 KEM interface to softoken.
  - Bug 1871152 - add a FreeBL API for Kyber.
  - Bug 1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff.
  - Bug 1826451 - part 1: add a script for vendoring kyber from pq-crystals repo.
  - Bug 1835828 - Removing the calls to RSA Blind from loader.*
  - Bug 1874111 - fix worker type for level3 mac tasks.
  - Bug 1835828 - RSA Blind implementation.
  - Bug 1869642 - Remove DSA selftests.
  - Bug 1873296 - read KWP testvectors from JSON.
  - Bug 1822450 - Backed out changeset dcb174139e4f
  - Bug 1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation.
  - Bug 1871219 - Wrap CC shell commands in gyp expansions.
   2023-12-18 20:20:13 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.96.1.

There was no 3.96.0 release.

Changes:
Bug 1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh \ 
<https://hg.mozilla.org/projects/nss/rev/16ccde14ea6714ee0e6a602379194141578859a8>
Bug 1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups). \ 
<https://hg.mozilla.org/projects/nss/rev/425660da5f297d7583783eb27f877865289efc29>
Bug 1867408 - add a defensive check for large ssl_DefSend return values. \ 
<https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493bf>
Bug 1869378 - Add dependency to the taskcluster script for Darwin \ 
<https://hg.mozilla.org/projects/nss/rev/e934c6d1d4366d152e3307cb76af4c02667c9147>
Bug 1869378 - Upgrade version of the MacOS worker for the CI \ 
<https://hg.mozilla.org/projects/nss/rev/5463f2a14bd430fc793e29a07854dc647f61eae8>
   2023-12-01 17:50:47 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.95

Changelog:
Changes:

 - Bug 1842932 - Bump builtins version number.
 - Bug 1851044: Remove Email trust bit from Autoridad de Certificacion
Firmaprofesional CIF A62634068 root cert.
 - Bug 1855318: Remove 4 DigiCert (Symantec/Verisign) Root Certificates
from NSS.
 - Bug 1851049: Remove 3 TrustCor Root Certificates from NSS.
 - Bug 1850982 - Remove Camerfirma root certificates from NSS.
 - Bug 1842935 - Remove old Autoridad de Certificacion Firmaprofesional
Certificate.
 - Bug 1860670 - Add four Commscope root certificates to NSS.
 - Bug 1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
 - Bug 1863605 - Include P-384 and P-521 Scalar Validation from HACL*
 - Bug 1861728 - Include P-256 Scalar Validation from HACL*.
 - Bug 1861265 After the HACL 256 ECC patch, NSS incorrectly encodes 256
ECC without DER wrapping at the softoken level
 - Bug 1837987:Add means to provide library parameters to C_Initialize
 - Bug 1573097 - clang format
 - Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
 - Bug 1858241 - Typo in ssl3_AppendHandshakeNumber
 - Bug 1858241 - Introducing input check of ssl3_AppendHandshakeNumber
 - Bug 1573097 - Fix Invalid casts in instance.c
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-10-04 13:49:22 by Jonathan Perkin | Files touched by this commit (2)
Log message:
nss: Fix build on SunOS.
   2023-10-03 09:59:25 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.94.

Changes:

 - Bug 1853737 - Updated code and commit ID for HACL*.
 - Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS.
 - Bug 1827303 - Softoken C_ calls should use system FIPS setting
   to select NSC_ or FC_ variants.
 - Bug 1774659 - NSS needs a database tool that can dump the low
   level representation of the database.
 - Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.
 - Bug 1852179 - avoid implicit conversion for ByteString.
 - Bug 1818766 - update rust version for acvp docker.
 - Bug 1852011 - Moving the init function of the mpi_ints before
   clean-up in ec.c
 - Bug 1615555 - P-256 ECDH and ECDSA from HACL*.
 - Bug 1840510 - Add ACVP test vectors to the repository
 - Bug 1849077 - Stop relying on std::basic_string<uint8_t>.
 - Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.
   2023-08-31 00:25:20 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.93.

- Bug 1849471 - Update zlib in NSS to 1.3.
- Bug 1848183 - softoken: iterate hashUpdate calls for long inputs.
- Bug 1813401 - regenerate NameConstraints test certificates.