pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/devel/nss
From: Ryo ONODERA
Date: 2020-06-03 10:51:26
Message id: 20200603085126.C1ED6FB27@cvs.NetBSD.org

Log Message:
nss: Update to 3.53

Changelog:
Notable Changes in NSS 3.53

* When using the Makefiles, NSS can be built in parallel, speeding up those
builds to more similar performance as the build.sh/ninja/gyp system. (Bug
290526)

* SEED is now moved into a new freebl directory freebl/deprecated (Bug
1636389).

  - SEED will be disabled by default in a future release of NSS. At that time,
users will need to set the compile-time flag (Bug 1622033) to disable that
deprecation in order to use the algorithm.

  - Algorithms marked as deprecated will ultimately be removed.

* Several root certificates in the Mozilla program now set the
CKA_NSS_SERVER_DISTRUST_AFTER attribute, which NSS consumers can query to
further refine trust decisions. (Bug 1618404, Bug 1621159) If a builtin
certificate has a CKA_NSS_SERVER_DISTRUST_AFTER timestamp before the  SCT or
NotBefore date of a certificate that builtin issued, then clients can elect
not to trust it.
  - This attribute provides a more graceful phase-out for certificate
authorities than complete removal from the root certificate builtin store.

Bugs fixed in NSS 3.53

* Bug 1640260 - Initialize PBE params (ASAN fix)
* Bug 1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs
* Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and
SK ID root certs
* Bug 1629414 - PPC64: Correct compilation error between VMX vs. VSX vector
instructions
* Bug 1639033 - Fix various compile warnings in NSS
* Bug 1640041 - Fix a null pointer in security/nss/lib/ssl/sslencode.c:67
* Bug 1640042 - Fix a null pointer in security/nss/lib/ssl/sslsock.c:4460
* Bug 1638289 - Avoid multiple definitions of SHA{256,384,512}_* symbols when
linking libfreeblpriv3.so in Firefox on ppc64le
* Bug 1636389 - Relocate deprecated SEED algorithm
* Bug 1637083 - lib/ckfw: No such file or directory. Stop.
* Bug 1561331 - Additional modular inverse test
* Bug 1629553 - Rework and cleanup gmake builds
* Bug 1438431 - Remove mkdepend and "depend" make target
* Bug 290526 - Support parallel building of NSS when using the Makefiles
* Bug 1636206 - HACL* update after changes in libintvector.h
* Bug 1636058 - Fix building NSS on Debian s390x, mips64el, and riscv64
* Bug 1622033 - Add option to build without SEED

Files:

Revision	Action	file
1.185	modify	pkgsrc/devel/nss/Makefile
1.114	modify	pkgsrc/devel/nss/distinfo
1.2	remove	pkgsrc/devel/nss/patches/patch-mh