diff options
| author | ryoon <ryoon@pkgsrc.org> | 2016-04-17 19:27:10 +0000 |
|---|---|---|
| committer | ryoon <ryoon@pkgsrc.org> | 2016-04-17 19:27:10 +0000 |
| commit | 20b3cd99ef6b691abe3027a799a2c74570c84a87 (patch) | |
| tree | 7d67bd8bfe1cf0654fc2cf3024ac7385a2183194 /devel/nss | |
| parent | f8b1569c858cec6bb522b9ea7ed394860292e03d (diff) | |
| download | pkgsrc-20b3cd99ef6b691abe3027a799a2c74570c84a87.tar.gz | |
Update to 3.23
Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.
The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.
* Bug 1245528 (CVE-2016-1950):
Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
structures. An attacker could create a specially-crafted certificate which,
when parsed by NSS, would cause a crash or execution of arbitrary code with
the permissions of the user.
New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
(bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
This code is not ready for production use.
New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
anti-downgrade mechanism
Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
(bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
to improve compatibility of the Extended Master Secret feature
with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA
The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Diffstat (limited to 'devel/nss')
| -rw-r--r-- | devel/nss/Makefile | 5 | ||||
| -rw-r--r-- | devel/nss/distinfo | 14 | ||||
| -rw-r--r-- | devel/nss/patches/patch-mf | 7 | ||||
| -rw-r--r-- | devel/nss/patches/patch-nss_coreconf_command.mk | 10 |
4 files changed, 18 insertions, 18 deletions
diff --git a/devel/nss/Makefile b/devel/nss/Makefile index b1e73396605..7fd9bf195dd 100644 --- a/devel/nss/Makefile +++ b/devel/nss/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.112 2016/04/11 19:01:48 ryoon Exp $ +# $NetBSD: Makefile,v 1.113 2016/04/17 19:27:10 ryoon Exp $ DISTNAME= nss-${NSS_RELEASE:S/.0$//} -NSS_RELEASE= 3.22.3 -PKGREVISION= 1 +NSS_RELEASE= 3.23.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/.0$//:S/./_/g}_RTM/src/} diff --git a/devel/nss/distinfo b/devel/nss/distinfo index c6ca8362e20..11c6a7b7f29 100644 --- a/devel/nss/distinfo +++ b/devel/nss/distinfo @@ -1,20 +1,20 @@ -$NetBSD: distinfo,v 1.58 2016/03/15 03:12:06 ryoon Exp $ +$NetBSD: distinfo,v 1.59 2016/04/17 19:27:10 ryoon Exp $ -SHA1 (nss-3.22.3.tar.gz) = ae1310106a91fa24aa2e5a718ff7be20fcc852d5 -RMD160 (nss-3.22.3.tar.gz) = 469f667d671738cf789bdb6a7a29a300cbe987f9 -SHA512 (nss-3.22.3.tar.gz) = eaffe0061f2d99d8cd69db267acfad443ce2123862d612b26d3b641c982b6e80b18d4e9e6c97d4115f030040390fff7579af35c73f225c278b84c17e3ac1853d -Size (nss-3.22.3.tar.gz) = 6981457 bytes +SHA1 (nss-3.23.tar.gz) = 5cb30a18d601d5f2bb635df6213ae3e93f754fe8 +RMD160 (nss-3.23.tar.gz) = 2cb9a448ec60a00edd7cf5a08321dd6583d03cb9 +SHA512 (nss-3.23.tar.gz) = f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 +Size (nss-3.23.tar.gz) = 7467001 bytes SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5 SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65 -SHA1 (patch-mf) = 64d3b2cc09ffbc9c4e8ffdb68cb2fa89b6897e8c +SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709 SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834 SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c SHA1 (patch-nss_coreconf_OpenBSD.mk) = fa545c993038e99bf9f59b59ec1d0bd1f6c192a9 -SHA1 (patch-nss_coreconf_command.mk) = 007b7adb79d300ae73ee4cd71b7314c665172e31 +SHA1 (patch-nss_coreconf_command.mk) = 182d513f40fa9c16006601dd7a7a654bb3139828 SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af diff --git a/devel/nss/patches/patch-mf b/devel/nss/patches/patch-mf index 22f08b9631f..6bd718d5425 100644 --- a/devel/nss/patches/patch-mf +++ b/devel/nss/patches/patch-mf @@ -1,9 +1,9 @@ -$NetBSD: patch-mf,v 1.4 2013/07/20 09:28:12 ryoon Exp $ +$NetBSD: patch-mf,v 1.5 2016/04/17 19:27:10 ryoon Exp $ Add DragonFly support. Make sure nss libraries have a run path defined. ---- nss/coreconf/config.mk.orig 2013-06-27 17:58:08.000000000 +0000 +--- nss/coreconf/config.mk.orig 2016-02-26 20:51:11.000000000 +0000 +++ nss/coreconf/config.mk @@ -31,7 +31,7 @@ endif ####################################################################### @@ -14,10 +14,11 @@ Make sure nss libraries have a run path defined. ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET))) include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk -@@ -179,5 +179,6 @@ endif +@@ -187,6 +187,7 @@ endif DEFINES += -DUSE_UTIL_DIRECTLY USE_UTIL_DIRECTLY = 1 +EXTRA_SHARED_LIBS += -Wl,-R${PREFIX}/lib/${MOZILLA_PKG_NAME} # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features DEFINES += -DNO_NSPR_10_SUPPORT + diff --git a/devel/nss/patches/patch-nss_coreconf_command.mk b/devel/nss/patches/patch-nss_coreconf_command.mk index 8f966c7fb14..783a4f21bf0 100644 --- a/devel/nss/patches/patch-nss_coreconf_command.mk +++ b/devel/nss/patches/patch-nss_coreconf_command.mk @@ -1,15 +1,15 @@ -$NetBSD: patch-nss_coreconf_command.mk,v 1.1 2015/12/17 13:39:59 ryoon Exp $ +$NetBSD: patch-nss_coreconf_command.mk,v 1.2 2016/04/17 19:27:10 ryoon Exp $ * Pass CFLAGS from pkgsrc ---- nss/coreconf/command.mk.orig 2015-11-09 05:12:59.000000000 +0000 +--- nss/coreconf/command.mk.orig 2016-02-26 20:51:11.000000000 +0000 +++ nss/coreconf/command.mk @@ -12,7 +12,7 @@ AS = $(CC) ASFLAGS += $(CFLAGS) CCF = $(CC) $(CFLAGS) LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) --CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ -+CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ - $(XCFLAGS) +-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ ++CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ + $(DEFINES) $(INCLUDES) $(XCFLAGS) PERL = perl RANLIB = echo |