Navigation:
Browse pkgsrc
(this page)| 2016-11-29 13:57:09 by Ryo ONODERA | Files touched by this commit (1) |
Log message: Fix for non-ELF suffix Noticed by wiz@, thank you. |
| 2016-11-29 13:24:10 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Bump PKGREVISION. Install commandline utilities |
| 2016-10-08 12:26:12 by Ryo ONODERA | Files touched by this commit (2) |
Log message: Update to 3.27.1 Changelog: The NSS team has released Network Security Services (NSS) 3.27.1. This is a patch release to address a TLS compatibility issue that some applications experienced with NSS 3.27. Notable Changes: Availability of the TLS 1.3 (draft) implementation has been re-disabled in the default build. Previous versions of NSS made TLS 1.3 (draft) available only when compiled with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the maximum version used by default remained TLS 1.2. However, some applications query the list of protocol versions that are supported by the NSS library, and enable all supported TLS protocol versions. Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused those applications to enable TLS 1.3 (draft). This resulted in connectivity failures, as some TLS servers are version 1.3 intolerant, and failed to negotiate an earlier TLS version with NSS 3.27 clients. |
| 2016-10-03 00:53:24 by Maya Rashish | Files touched by this commit (1) |
Log message: nss: replace USE_NSS_64 with _LP64 builtin. fixes build for 32bit when passing USE_64 (which is questionable)... in pkgsrc we declare all mips64* platforms as 64bit, and use USE_64. However, netbsd/mips64 is using a 32bit ABI, so it is akin to passing USE_64=1 for 32bit. perhaps not declaring it a 64bit platform is correct, but this package is one of the only few using this logic, and it's unfeasible to have correct logic for 32bit/64bit. this package has considerably more logic for USE_64 than for USE_NSS_64, so to avoid inadvertent damage to other platforms, retain the USE_64=1 logic. feel free to object to this option in the discussion on tech-pkg. |
| 2016-09-30 13:59:12 by Ryo ONODERA | Files touched by this commit (4) |
Log message: Update to 3.27 Changelog: The NSS team has released Network Security Services (NSS) 3.27, which is a minor release. Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. New functionality: * Allow custom named group priorities for TLS key exchange handshake  (SSL_NamedGroupConfig). * Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3 New Functions: * SSL_NamedGroupConfig Notable Changes: * NPN can not be enabled anymore. * Hard limits on the maximum number of TLS records encrypted with the same  key are enforced. * Disabled renegotiation in DTLS. * The following CA certificates were Removed - CN = IGC/A, O = PM/SGDN, OU = DCSSI - CN = Juur-SK, O = AS Sertifitseerimiskeskus - CN = EBG Elektronik Sertifika Hizmet SaÄlayıcısı - CN = S-TRUST Authentication and Encryption Root CA 2005:PN - O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority - O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2 - O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority - O = Equifax, OU = Equifax Secure Certificate Authority - CN = Equifax Secure eBusiness CA-1 - CN = Equifax Secure Global eBusiness CA-1 The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes |
| 2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message: Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. |
2016-07-02 14:22:47 by Ryo ONODERA | Files touched by this commit (2) |  |
Log message: Update to 3.25 Changelog: The NSS team has released Network Security Services (NSS) 3.25, which is a minor release. Below is a short summary of the changes. Please refer to the full release notes for additional details. New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2,  NSS only supported certificate_verify messages that used the same  signature hash algorithm as used by the PRF.  This limitation has been removed. * Several functions have been added to the public API of the NSS  Cryptoki Framework. New Functions: * NSSCKFWSlot_GetSlotID * NSSCKFWSession_GetFWSlot * NSSCKFWInstance_DestroySessionHandle * NSSCKFWInstance_FindSessionHandle Notable Changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3 * Regression fix: NSS no longer reports a failure if an application attempts  to disable the SSL v2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed - CN = Sonera Class1 CA * The following CA certificates were Added - CN = Hellenic Academic and Research Institutions RootCA 2015 - CN = Hellenic Academic and Research Institutions ECC RootCA 2015 - CN = Certplus Root CA G1 - CN = Certplus Root CA G2 - CN = OpenTrust Root CA G1 - CN = OpenTrust Root CA G2 - CN = OpenTrust Root CA G3 |
| 2016-05-25 15:17:13 by Ryo ONODERA | Files touched by this commit (4) | |
Log message: Update to 3.24 * Require nspr 4.12 or later, from he@. Thank you. Changelog: The NSS team has released Network Security Services (NSS) 3.24, which is a minor release. Below is a short summary of the changes. Please refer to the full release notes for additional details. New functionality: * NSS softoken has been updated with the latest NIST guidance (as of 2015) * NSS softoken has also been updated to allow NSS to run in FIPS level-1 (no password). * SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. This method should be used in preference to SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. * Added PORTCheapArena for temporary arenas allocated on the stack. New Functions: * SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate, private key and other information. * PORT_InitCheapArena - This initializes an arena that was created on the stack. See PORTCheapArenaPool. * PORT_DestroyCheapArena - This destroys an arena that was created on the stack. See PORTCheapArenaPool. New Types * SSLExtraServerCertData - This struct is optionally passed as an argument to SSL_ConfigServerCert. It contains supplementary information about a certificate, such as the intended type of the certificate, stapled OCSP responses, or signed certificate timestamps (used for certificate transparency). * PORTCheapArenaPool - A stack-allocated arena pool, to be used for temporary arena allocations. New Macros * CKM_TLS12_MAC * SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only used for session resumption in TLS 1.3. Notable Changes: * The following functions have been deprecated (applications should use the new SSL_ConfigServerCert function instead): * SSL_SetStapledOCSPResponses * SSL_SetSignedCertTimestamps * SSL_ConfigSecureServer * SSL_ConfigSecureServerWithCertChain * Function NSS_FindCertKEAType is now deprecated, as it reports a misleading value for certificates that might be used for signing rather than key exchange. * SSLAuthType has been updated to define a larger number of authentication key types. * The member attribute authAlgorithm of type SSLCipherSuiteInfo has been deprecated. Instead, applications should use the newly added attribute authType. * ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt. * On Linux platforms that define FREEBL_LOWHASH, a shared library has been added: libfreeblpriv3 * Most code related to the SSL v2 has been removed, including the ability to actively send a SSL v2 compatible client hello. However, the server side implementation of the SSL/TLS protocol continues to support processing of received v2 compatible client hello messages. * NSS supports a mechanism to log SSL/TLS key material to a logfile if the environment variable named SSLKEYLOGFILE is set. NSS has been changed to disable this functionality in optimized builds by default. In order to enable the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE must be defined when building NSS. * NSS has been updated to be protected against the Cachebleed attack. * Support for DTLS compression has been disabled. * Support for TLS 1.3 has been improved. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and is not suitable for production use. |
| 2016-05-20 13:53:18 by Thomas Klausner | Files touched by this commit (4) |
Log message: Add nss-config script to match most Linux distributions. Create nss.pc file earlier, not during installation. Bump PKGREVISION. |
| 2016-04-17 21:27:10 by Ryo ONODERA | Files touched by this commit (4) | |
Log message: Update to 3.23 Changelog: The NSS team has released Network Security Services (NSS) 3.23, which is a minor release. The following security-relevant bug has been resolved in NSS 3.23. Users are encouraged to upgrade immediately. * Bug 1245528 (CVE-2016-1950): Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported (bug 917571, bug 1227905) * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. New Functions: * SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom anti-downgrade mechanism Notable Changes: * The copy of SQLite shipped with NSS has been updated to version 3.10.2 (bug 1234698) * The list of TLS extensions sent in the TLS handshake has been reordered to improve compatibility of the Extended Master Secret feature with servers (bug 1243641) * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB (Bug 1243872). * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA â G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA â G2 - CA Disig * The following CA certificates were Added - SZAFIR ROOT CA2 - Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on - Actalis Authentication Root CA The full release notes, including the SHA256 fingerprints of the changed CA certificates, are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes |
New packages: