Navigation:
Browse pkgsrc
(this page)| 2017-09-26 12:59:40 by Ryo ONODERA | Files touched by this commit (4) |
Log message:
Update to 3.33
Changelog:
Notable Changes in NSS 3.33
TLS compression is no longer supported. API calls that attempt to enable \
compression are accepted without failure. However, TLS compression will remain \
disabled.
This version of NSS uses a formally verified implementation of Curve25519 on \
64-bit systems.
The compile time flag DISABLE_ECC has been removed.
When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not \
performed anymore.
Various minor improvements and correctness fixes.
|
| 2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676) |
Log message: revbump for requiring ICU 59.x |
| 2017-08-01 14:15:15 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Update to 3.32 Changelog: Notable Changes: ================ * Various minor improvements and correctness fixes. * The Code Signing trust bit was turned off for all included root certificates. * The Websites (TLS/SSL) trust bit was turned off for the following root certificates: - CN = AddTrust Class 1 CA Root - CN = Swisscom Root CA 2 * The following CA certificates were Removed: - CN = AddTrust Public CA Root - CN = AddTrust Qualified CA Root - CN = China Internet Network Information Center EV Certificates Root - CN = CNNIC ROOT - CN = ComSign Secured CA - CN = GeoTrust Global CA 2 - CN = Secure Certificate Services - CN = Swisscom Root CA 1 - CN = Swisscom Root EV CA 2 - CN = Trusted Certificate Services - CN = UTN-USERFirst-Hardware - CN = UTN-USERFirst-Object |
| 2017-07-10 07:13:47 by Thomas Klausner | Files touched by this commit (1) |
Log message: Honor LDFLAGS. Fix a pkglint warning for better ccache support. |
| 2017-06-14 13:18:55 by Ryo ONODERA | Files touched by this commit (3) |
Log message: Update to 3.31 Changelog: New functionality: ================== * Allow certificates to be specified by RFC7512 PKCS#11 URIs. * Allow querying a certificate object for its temporary or permanent storage  status in a thread safe way. New Functions: ============== * CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a  certificate in a thread safe way. * CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a  certificate in a thread safe way. * PK11_FindCertFromURI - find a certificate identified by the given URI. * PK11_FindCertsFromURI - find a list of certificates identified by the given  URI. * PK11_GetModuleURI - retrieve the URI of the given module. * PK11_GetTokenURI - retrieve the URI of a token based on the given slot  information. * PK11URI_CreateURI - create a new PK11URI object from a set of attributes. * PK11URI_DestroyURI - destroy a PK11URI object. * PK11URI_FormatURI - format a PK11URI object to a string. * PK11URI_GetPathAttribute - retrieve a path attribute with the given name. * PK11URI_GetQueryAttribute - retrieve a query attribute with the given name. * PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object. New Macros: =========== * Several new macros that start with PK11URI_PATTR_ for path attributes defined  in RFC7512. * Several new macros that start with PK11URI_QATTR_ for query attributes defined  in RFC7512. Notable Changes: ================ * The APIs that set a TLS version range have been changed to trim the requested  range to the overlap with a systemwide crypto policy, if configured.  SSL_VersionRangeGetSupported can be used to query the overlap between the  library's supported range of TLS versions and the systemwide policy. * Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a  failure if the requested version range wasn't fully allowed by the systemwide  crypto policy. They have been changed to return success, if at least one TLS  version overlaps between the requested range and the systemwide policy. An  application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to  query the TLS version range that was effectively activated. * Corrected the encoding of Domain Name Constraints extensions created by  certutil. * NSS supports a clean seeding mechanism for *NIX systems now using only  /dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile  time. * CERT_AsciiToName can handle OIDs in dotted decimal form now. The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer. |
2017-04-27 03:47:21 by Ryo ONODERA | Files touched by this commit (2) |  |
Log message: Update to 3.30.2 Changelog: The NSS team has released Network Security Services (NSS) 3.30.2, which is a patch release to update the list of root CA certificates. Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. Notable Changes: * The following CA certificates were Removed - O = Japanese Government, OU = ApplicationCA - CN = WellsSecure Public Root Certificate Authority - CN = TÃRKTRUST Elektronik Sertifika Hizmet SaÄlayıcısı H6 - CN = Microsec e-Szigno Root * The following CA certificates were Added - CN = D-TRUST Root CA 3 2013 - CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 * The version number of the updated root CA list has been set to 2.14 (Bug 1350859) * Domain name constraints for one of the new CAs have been added to the NSS code (Bug 1349705) |
| 2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | |
Log message: Revbump after icu update |
| 2017-04-13 05:21:05 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Update to 3.30.1 Changelog: Not available. |
| 2017-04-01 01:39:52 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Update to 3.30 Changelog: New in NSS 3.30: ================ * In the PKCS#11 root CA module (nssckbi), CAs with positive trust are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to true. Applications that need to distinguish them from other other root CAs may use the exported function PK11_HasAttributeSet. * Support for callback functions that can be used to monitor SSL/TLS alerts that are sent or received. Notable Changes: ================ * The TLS server code has been enhanced to support session tickets when no RSA certificate is configured. * RSA-PSS signatures produced by key pairs with a modulus bit length that is not a multiple of 8 are now supported. * The pk12util tool now supports importing and exporting data encrypted in the AES based schemes defined in PKCS#5 v2.1. |
| 2017-03-07 21:53:22 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Update to 3.29.3 Changelog: The NSS team has released Network Security Services (NSS) 3.29.3 No new functionality is introduced in this release. This is a patch release to fix a rare crash when initializing an SSL socket fails. The NSS team has released Network Security Services (NSS) 3.29.2 No new functionality is introduced in this release. This is a patch release to fix an issue with TLS session tickets. |
New packages: