Path to this page:
Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/emulators/suse131_mozilla-nss
From: Matthias Scheler
Date: 2014-05-05 19:16:27
Message id: 20140505171627.B32D596@cvs.netbsd.org
Log Message:
Pullup ticket #4398 - requested by obache
emulators/suse131_mozilla-nss: security update
Revisions pulled up:
- emulators/suse131_mozilla-nss/Makefile 1.2-1.3
- emulators/suse131_mozilla-nss/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Apr 4 10:08:21 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_mozilla-nss: Makefile distinfo
Log Message:
Update suse131_mozilla-nss RPM to 3.15.5-16.1 from openSUSE-SU-2014:0448-1.
Changes in mozilla-nss:
- update to 3.15.5
* required for Firefox 28
* export FREEBL_LOWHASH to get the correct default
headers (bnc#865539) New functionality
* Added support for the TLS application layer protocol
negotiation (ALPN) extension. Two SSL socket options,
SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to
control whether NPN or ALPN (or both) should be used
for application layer protocol negotiation.
* Added the TLS padding extension. The extension type
value is 35655, which may change when an official
extension type value is assigned by IANA. NSS
automatically adds the padding extension to ClientHello
when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h,
for getting the tail of a CERTCertList. Notable Changes
* bmo#950129: Improve the OCSP fetching policy when
verifying OCSP responses
* bmo#949060: Validate the iov input argument (an array
of PRIOVec structures) of ssl_WriteV (called via
PR_Writev). Applications should still take care when
converting struct iov to PRIOVec because the iov_len
members of the two structures have different types
(size_t vs. int). size_t is unsigned and may be larger
than int.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: obache
Date: Sat May 3 02:19:27 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_mozilla-nss: Makefile distinfo
Log Message:
Apply Security Update: openSUSE-SU-2014:0599-1
update for MozillaFirefox
Description:
This is also a mozilla-nss update to version 3.16:
* required for Firefox 29
* bmo#903885 - (CVE-2014-1492) In a wildcard certificate,
the wildcard character should not be embedded within
the U-label of an internationalized domain name. See
the last bullet point in RFC 6125, Section 7.2.
* Supports the Linux x32 ABI. To build for the Linux x32
target, set the environment variable USE_X32=1 when
building NSS. New Functions:
* NSS_CMSSignerInfo_Verify New Macros
* TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that
were first defined in SSL 3.0 can now be referred to
with their official IANA names in TLS, with the TLS_
prefix. Previously, they had to be referred to with
their names in SSL 3.0, with the SSL_ prefix. Notable
Changes:
* ECC is enabled by default. It is no longer necessary to
set the environment variable NSS_ENABLE_ECC=1 when
building NSS. To disable ECC, set the environment
variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS
names when evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for
invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set,
skip the runtime test sdb_measureAccess.
* The built-in roots module has been updated to version
1.97, which adds, removes, and distrusts several
certificates.
* The atob utility has been improved to automatically
ignore lines of text that aren't in base64 format.
* The certutil utility has been improved to support
creation of version 1 and version 2 certificates, in
addition to the existing version 3 support.
Bump PKGREVISION.
Files: