Navigation:
Browse pkgsrc
(this page)
devel nss
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2025-02-11 22:53:28 by Thomas Klausner | Files touched by this commit (2) |  |
Log message:
nss: update to 3.108.
Changes:
- Bug 1923285 - libclang-16 -> libclang-19
- Bug 1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1.
- Bug 1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1
and BJCA Global Root CA2.
- Bug 1915902 - Remove SwissSign Silver CA – G2.
- Bug 1938245 - Add D-Trust 2023 TLS Roots to NSS
- Bug 1942301 - fix fips test failure on windows.
- Bug 1935925 - change default sensitivity of KEM keys.
- Bug 1936001 - Part 1: Introduce frida hooks and script,
- Bug 1942350 - add missing arm_neon.h include to gcm.c.
- Bug 1831552 - ci: update windows workers to win2022
r=nss-reviewers,nkulatova NSS_3_108_BETA2
- Bug 1831552 - strip trailing carriage returns in tools tests
r=nss-reviewers,nkulatova
- Bug 1880256 - work around unix/windows path translation issues in cert
test script r=nss-reviewers,nkulatova
- Bug 1831552 - ci: let the windows setup script work without $m
r=nss-reviewers,nkulatova
- Bug 1880255 - detect msys r=nss-reviewers,nkulatova
- Bug 1936680 - add a specialized CTR_Update variant for AES-GCM.
r=nss-reviewers,keeler
- Bug 1930807 NSS policy updates - cavs NSS_3_108_BETA1
- Bug 1930806 FIPS changes need to be upstreamed: FIPS 140-3 RNG
- Bug 1930806 FIPS changes need to be upstreamed: Add SafeZero
- Bug 1930806 FIPS changes need to be upstreamed - updated POST
- Bug 1933031 Segmentation fault in SECITEM_Hash during pkcs12 processing
- Bug 1929922 - Extending NSS with LoadModuleFromFunction functionality
r=keeler,nss-reviewers
- Bug 1935984 - Ensure zero-initialization of collectArgs.cert,
r=djackson,nss-reviewers
- Bug 1934526 - pkcs7 fuzz target use CERT_DestroyCertificate,
r=djackson,nss-reviewers
- Bug 1915898 - Fix actual underlying ODR violations issue,
r=djackson,nss-reviewers
- Bug 1184059 - mozilla::pkix: allow reference ID labels to begin and/or
end with hyphens r=jschanck
- Bug 1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set r=jschanck
- Bug 1934526 - Fix memory leak in pkcs7 fuzz target,
r=djackson,nss-reviewers
- Bug 1934529 - Set -O2 for ASan builds in CI, r=djackson,nss-reviewers
- Bug 1934543 - Change branch of tlsfuzzer dependency,
r=djackson,nss-reviewers
- Bug 1915898 - Run tests in CI for ASan builds with
detect_odr_violation=1, r=djackson,nss-reviewers
- Bug 1934241 - Fix coverage failure in CI, r=djackson,nss-reviewers
- Bug 1934213 - Add fuzzing for delegated credentials, DTLS short header
and Tls13BackendEch, r=djackson,nss-reviewers
- Bug 1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround, r=djackson,nss-reviewers
- Bug 1913677 - Part 3: Restructure fuzz/, r=djackson,nss-reviewers
- Bug 1931925 - Extract testcases from ssl gtests for fuzzing,
r=djackson,nss-reviewers
- Bug 1923037 - Force Cryptofuzz to use NSS in CI,
r=nss-reviewers,nkulatova
- Bug 1923037 - Fix Cryptofuzz on 32 bit in CI, r=nss-reviewers,nkulatova
- Bug 1933154 - Update Cryptofuzz repository link,
r=nss-reviewers,nkulatova
- Bug 1926256 - fix build error from 9505f79d r=jschanck
- Bug 1926256 - simplify error handling in get_token_objects_for_cache.
r=rrelyea
- Bug 1931973 - nss doc: fix a warning r=bbeurdouche
- Bug 1930797 pkcs12 fixes from RHEL need to be picked up.
|
| 2024-11-21 22:03:17 by Thomas Klausner | Files touched by this commit (2) | |
Log message: nss: update to 3.107. - Bug 1923038 - Remove MPI fuzz targets. - Bug 1925512 - Remove globals `lockStatus` and `locksEverDisabled`. - Bug 1919015 - Enable PKCS8 fuzz target. - Bug 1923037 - Integrate Cryptofuzz in CI. - Bug 1913677 - Part 2: Set tls server target socket options in config class. - Bug 1913677 - Part 1: Set tls client target socket options in config class. - Bug 1913680 - Support building with thread sanitizer. - Bug 1922392 - set nssckbi version number to 2.72. - Bug 1919913 - remove Websites Trust Bit from Entrust Root Certification \ Authority - G4. - Bug 1920641 - remove Security Communication RootCA3 root cert. - Bug 1918559 - remove SecureSign RootCA11 root cert. - Bug 1922387 - Add distrust-after for TLS to Entrust Roots. - Bug 1927096 - update expected error code in pk12util pbmac1 tests. - Bug 1929041 - Use random tstclnt args with handshake collection script. - Bug 1920466 - Remove extraneous assert in ssl3gthr.c. - Bug 1928402 - Adding missing release notes for NSS_3_105. - Bug 1874451 - Enable the disabled mlkem tests for dtls. - Bug 1874451 - NSS gtests filter cleans up the constucted buffer before the use. - Bug 1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe. - Bug 1925503 - Remove short circuit test from ssl_Init. |
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: revbump for icu downgrade |
| 2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) |
Log message: *: recursive bump for icu 76.1 shlib bump |
| 2024-10-25 09:35:36 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
nss: update to 3.106.
Changes:
- Bug 1925975 - NSS 3.106 should be distributed with NSPR 4.36.
- Bug 1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
- Bug 1899402 - Correctly destroy bulkkey in error scenario.
- Bug 1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
- Bug 1923002 - Extract certificates with handshake collection script.
- Bug 1923006 - Specify len_control for fuzz targets.
- Bug 1923280 - Fix memory leak in dumpCertificatePEM.
- Bug 1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
- Bug 1921528 - add new error codes to mozilla::pkix for Firefox to use.
- Bug 1921768 - allow null phKey in NSC_DeriveKey.
- Bug 1921801 - Only create seed corpus zip from existing corpus.
- Bug 1826035 - Use explicit allowlist for for KDF PRFS.
- Bug 1920138 - Increase optimization level for fuzz builds.
- Bug 1920470 - Remove incorrect assert.
- Bug 1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
- Bug 1920945 - Polish corpus collection for automation.
- Bug 1917572 - Detect new and unfuzzed SSL options.
- Bug 1804646 - PKCS12 fuzzing target.
|
2024-09-26 23:00:23 by Thomas Klausner | Files touched by this commit (15) |  |
Log message: nss: update to 3.105. Bug 1915792 - Allow importing PKCS#8 private EC keys missing public key Bug 1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c Bug 1919577 - set KRML_MUSTINLINE=inline in makefile builds Bug 1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys Bug 1918767 - override default definition of KRML_MUSTINLINE Bug 1916525 - libssl support for mlkem768x25519 Bug 1916524 - support for ML-KEM-768 in softoken and pk11wrap Bug 1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL Bug 1911912 - Avoid misuse of ctype(3) functions Bug 1917311 - part 2: run clang-format Bug 1917311 - part 1: upgrade to clang-format 13 Bug 1916953 - clang-format fuzz Bug 1910370 - DTLS client message buffer may not empty be on retransmit Bug 1916413 - Optionally print config for TLS client and server fuzz target Bug 1916059 - Fix some simple documentation issues in NSS. Bug 1915439 - improve performance of NSC_FindObjectsInit when template has \ CKA_TOKEN attr Bug 1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN |
| 2024-08-30 18:34:27 by Ryo ONODERA | Files touched by this commit (2) |
Log message: devel/nss: Update to 3.104 Changelog: 3.104: Changes: - Bug 1910071 - Copy original corpus to heap-allocated buffer - Bug 1910079 - Fix min ssl version for DTLS client fuzzer - Bug 1908990 - Remove OS2 support just like we did on NSPR - Bug 1910605 - clang-format NSS improvements - Bug 1902078 - Adding basicutil.h to use HexString2SECItem function - Bug 1908990 - removing dirent.c from build - Bug 1902078 - Allow handing in keymaterial to shlibsign to make the output \ reproducible ( - Bug 1908990 - remove nec4.3, sunos4, riscos and SNI references - Bug 1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, \ unixware or reliantUnix - Bug 1908990 - remove mentions of WIN95 - Bug 1908990 - remove mentions of WIN16 - Bug 1913750 - More explicit directory naming - Bug 1913755 - Add more options to TLS server fuzz target - Bug 1913675 - Add more options to TLS client fuzz target - Bug 1835240 - Use OSS-Fuzz corpus in NSS CI - Bug 1908012 - set nssckbi version number to 2.70. - Bug 1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. - Bug 1908009 - Remove Email Trust bit from certSIGN ROOT CA. - Bug 1908006 - Add Cybertrust Japan Roots to NSS. - Bug 1908004 - Add Taiwan CA Roots to NSS. - Bug 1911354 - remove search by decoded serial in \ nssToken_FindCertificateByIssuerAndSerialNumber. - Bug 1913132 - Fix tstclnt CI build failure - Bug 1913047 - vfyserv: ensure peer cert chain is in db for \ CERT_VerifyCertificateNow. - Bug 1912427 - Enable all supported protocol versions for UDP - Bug 1910361 - Actually use random PSK hash type - Bug 1911576: Initialize NSS DB once - Bug 1910361 - Additional ECH cipher suites and PSK hash types - Bug 1903604: Automate corpus file generation for TLS client Fuzzer - Bug 1910364 - Fix crash with UNSAFE_FUZZER_MODE - Bug 1910605 - clang-format shlibsign.c NSS 3.104 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries. |
New packages: