./devel/nss, Libraries to support development of security-enabled applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.57, Package name: nss-3.57, Maintainer: pkgsrc-users

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.


Required to run:
[databases/sqlite3] [devel/nspr]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: ee150322d22ca2b449b31a9a4188eab156e0a13d
RMD160: d00996339012f73e11eb61d9e162e334921e4082
Filesize: 79797.686 KB

Version history: (Expand)


CVS history: (Expand)


   2020-09-20 01:54:14 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nss: Update to 3.57

Changelog:
Notable Changes in NSS 3.57

* NSPR dependency updated to 4.29.
* The following CA certificates were Added:
    Bug 1663049 - CN=Trustwave Global Certification Authority
        SHA-256 Fingerprint:
97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    Bug 1663049 - CN=Trustwave Global ECC P256 Certification Authority
        SHA-256 Fingerprint:
945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    Bug 1663049 - CN=Trustwave Global ECC P384 Certification Authority
        SHA-256 Fingerprint:
55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
    Bug 1651211 - CN=EE Certification Centre Root CA
        SHA-256 Fingerprint:
3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    Bug 1656077 - O=Government Root Certification Authority; C=TW
        SHA-256 Fingerprint:
7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
    Bug 1653092 - CN=OISTE WISeKey Global Root GA CA
        Websites (server authentication) trust bit removed.

Bugs fixed in NSS 3.57

* Bug 1651211 - Remove EE Certification Centre Root CA certificate.
* Bug 1653092 - Turn off Websites Trust Bit for OISTE WISeKey Global Root GA
CA.
* Bug 1656077 - Remove Taiwan Government Root Certification Authority
certificate.
* Bug 1663049 - Add SecureTrust's Trustwave Global root certificates to NSS.
* Bug 1659256 - AArch64 AES optimization shouldn't be enabled with gcc 4.8.
* Bug 1651834 - Fix Clang static analyzer warnings.
* Bug 1661378 - Fix Build failure with Clang 11.
* Bug 1659727 - Fix mpcpucache.c invalid output constraint on Linux/ARM.
* Bug 1662738 - Only run freebl_fips_RNG_PowerUpSelfTest when linked with
NSPR.
* Bug 1661810 - Fix Crash @ arm_aes_encrypt_ecb_128 when building with Clang
11.
* Bug 1659252 - Fix Make build with NSS_DISABLE_DBM=1.
* Bug 1660304 - Add POST tests for KDFs as required by FIPS.
* Bug 1663346 - Use 64-bit compilation on e2k architecture.
* Bug 1605922 - Account for negative sign in mp_radix_size.
* Bug 1653641 - Cleanup inaccurate DTLS comments, code review fixes.
* Bug 1660372 - NSS 3.57 should depend on NSPR 4.29
* Bug 1660734 - Fix Makefile typos.
* Bug 1660735 - Fix Makefile typos.
   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-08-29 19:42:00 by Tobias Nygren | Files touched by this commit (1)
Log message:
nss: fix NetBSD/aarch64 build

NS_USE_GCC and CC_IS_CLANG are not SunOS specific makeflags, they are used
to toggle if gcm-aarch64.c gets built and probably for other stuff too ...
   2020-08-23 10:31:27 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nss: Update to 3.56

CHangelog:
Notable Changes in NSS 3.56

* The known issue where Makefile builds failed to locate seccomon.h was fixed
in Bug 1653975.
* NSPR dependency updated to 4.28.

Bugs fixed in NSS 3.56

* Bug 1650702 - Support SHA-1 HW acceleration on ARMv8
* Bug 1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* Bug 1654142 - Add CPU feature detection for Intel SHA extension.
* Bug 1648822 - Add stricter validation of DH keys in FIPS mode.
* Bug 1656986 - Properly detect arm64 during GYP build architecture detection.
* Bug 1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* Bug 1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* Bug 1588941 - Send empty certificate message when scheme selection fails.
* Bug 1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* Bug 1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* Bug 1653975 - Fix 3.53 regression by setting "all" as the default \ 
makefile
target.
* Bug 1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* Bug 1659814 - Fix interop.sh failures with newer tls-interop commit and
dependencies.
* Bug 1656519 - Update NSPR dependency to 4.28.
   2020-07-31 03:24:30 by Maya Rashish | Files touched by this commit (2) | Package updated
Log message:
nss: update to 3.55

Note that this says the NSPR dependency is bumped. I didn't encounter
any problems with 2.46. It seems to be a change that their automation
was updated to the newer version.

NSS 3.55

    P384 and P521 elliptic curve implementations are replaced with verifiable \ 
implementations from Fiat-Crypto and ECCKiila. Special thanks to the Network and \ 
Information Security Group (NISEC) at Tampere University.
    PK11_FindCertInSlot is added. With this function, a given slot can be \ 
queried with a DER-Encoded certificate, providing performance and usability \ 
improvements over other mechanisms. See Bug 1649633 for more details.
    DTLS 1.3 implementation is updated to draft-38. See Bug 1647752 for details.
    NSPR dependency updated to 4.27.

NSS 3.54

    Support for TLS 1.3 external pre-shared keys (Bug 1603042).
    Use ARM Cryptography Extension for SHA256, when available. (Bug 1528113).
   2020-06-18 16:16:50 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
nss: Update to 3.53.1

Changelog:
Bugs fixed in NSS 3.53.1

- Bug 1631597 (CVE-2020-12402) - Use constant-time GCD and modular inversion
in MPI.
   2020-06-09 11:56:13 by Nia Alarie | Files touched by this commit (1)
Log message:
nss: use INSTALL_DATA for static libs
   2020-06-06 08:00:13 by Maya Rashish | Files touched by this commit (1)
Log message:
nss: add missing PLIST entry on Linux.

From Michael Forney via pkgsrc-users