Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/emulators/suse131_mozilla-nss
From: Matthias Scheler
Date: 2014-05-05 19:16:27
Message id: 20140505171627.B32D596@cvs.netbsd.org

Log Message:
Pullup ticket #4398 - requested by obache
emulators/suse131_mozilla-nss: security update

Revisions pulled up:
- emulators/suse131_mozilla-nss/Makefile                        1.2-1.3
- emulators/suse131_mozilla-nss/distinfo                        1.2-1.3

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Fri Apr  4 10:08:21 UTC 2014

   Modified Files:
   	pkgsrc/emulators/suse131_mozilla-nss: Makefile distinfo

   Log Message:
   Update suse131_mozilla-nss RPM to 3.15.5-16.1 from openSUSE-SU-2014:0448-1.

      Changes in mozilla-nss:
      - update to 3.15.5
      * required for Firefox 28
      * export FREEBL_LOWHASH to get the correct default
      headers (bnc#865539) New functionality
      * Added support for the TLS application layer protocol
      negotiation (ALPN) extension. Two SSL socket options,
      SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to
      control whether NPN or ALPN (or both) should be used
      for application layer protocol negotiation.
      * Added the TLS padding extension. The extension type
      value is 35655, which may change when an official
      extension type value is assigned by IANA. NSS
      automatically adds the padding extension to ClientHello
      when necessary.
      * Added a new macro CERT_LIST_TAIL, defined in certt.h,
      for getting the tail of a CERTCertList. Notable Changes
      * bmo#950129: Improve the OCSP fetching policy when
      verifying OCSP responses
      * bmo#949060: Validate the iov input argument (an array
      of PRIOVec structures) of ssl_WriteV (called via
      PR_Writev). Applications should still take care when
      converting struct iov to PRIOVec because the iov_len
      members of the two structures have different types
      (size_t vs. int). size_t is unsigned and may be larger
      than int.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Sat May  3 02:19:27 UTC 2014

   Modified Files:
   	pkgsrc/emulators/suse131_mozilla-nss: Makefile distinfo

   Log Message:
   Apply Security Update: openSUSE-SU-2014:0599-1
   update for MozillaFirefox

   Description:

      This is also a mozilla-nss update to version 3.16:
      * required for Firefox 29
      * bmo#903885 - (CVE-2014-1492) In a wildcard certificate,
      the wildcard character should not be embedded within
      the U-label of an internationalized domain name. See
      the last bullet point in RFC 6125, Section 7.2.
      * Supports the Linux x32 ABI. To build for the Linux x32
      target, set the environment variable USE_X32=1 when
      building NSS. New Functions:
      * NSS_CMSSignerInfo_Verify New Macros
      * TLS_RSA_WITH_RC4_128_SHA,
      TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that
      were first defined in SSL 3.0 can now be referred to
      with their official IANA names in TLS, with the TLS_
      prefix. Previously, they had to be referred to with
      their names in SSL 3.0, with the SSL_ prefix. Notable
      Changes:
      * ECC is enabled by default. It is no longer necessary to
      set the environment variable NSS_ENABLE_ECC=1 when
      building NSS. To disable ECC, set the environment
      variable NSS_DISABLE_ECC=1 when building NSS.
      * libpkix should not include the common name of CA as DNS
      names when evaluating name constraints.
      * AESKeyWrap_Decrypt should not return SECSuccess for
      invalid keys.
      * Fix a memory corruption in sec_pkcs12_new_asafe.
      * If the NSS_SDB_USE_CACHE environment variable is set,
      skip the runtime test sdb_measureAccess.
      * The built-in roots module has been updated to version
      1.97, which adds, removes, and distrusts several
      certificates.
      * The atob utility has been improved to automatically
      ignore lines of text that aren't in base64 format.
      * The certutil utility has been improved to support
      creation of version 1 and version 2 certificates, in
      addition to the existing version 3 support.

   Bump PKGREVISION.

Files:
RevisionActionfile
1.1.4.1modifypkgsrc/emulators/suse131_mozilla-nss/Makefile
1.1.4.1modifypkgsrc/emulators/suse131_mozilla-nss/distinfo