diff options
author | ryoon <ryoon@pkgsrc.org> | 2016-05-25 13:17:13 +0000 |
---|---|---|
committer | ryoon <ryoon@pkgsrc.org> | 2016-05-25 13:17:13 +0000 |
commit | e4f9d50d3e3ae93cc2daec231a438ed6d5556453 (patch) | |
tree | 00d5c58e72d35830b8b59df607fd82074c945715 /devel/nss | |
parent | 1411214bf73a3dc906f94d5b8634b0c43255313f (diff) | |
download | pkgsrc-e4f9d50d3e3ae93cc2daec231a438ed6d5556453.tar.gz |
Update to 3.24
* Require nspr 4.12 or later, from he@. Thank you.
Changelog:
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.
Below is a short summary of the changes.
Please refer to the full release notes for additional details.
New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1
(no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS
server sockets with a certificate and private key. This method should be
used in preference to SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.
New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate,
private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on
the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on
the stack. See PORTCheapArenaPool.
New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument
to SSL_ConfigServerCert. It contains supplementary information about a
certificate, such as the intended type of the certificate, stapled OCSP
responses, or signed certificate timestamps (used for certificate
transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for
temporary arena allocations.
New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only
used for session resumption in TLS 1.3.
Notable Changes:
* The following functions have been deprecated (applications should use the
new SSL_ConfigServerCert function instead):
* SSL_SetStapledOCSPResponses
* SSL_SetSignedCertTimestamps
* SSL_ConfigSecureServer
* SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
value for certificates that might be used for signing rather than key
exchange.
* SSLAuthType has been updated to define a larger number of authentication
key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
deprecated. Instead, applications should use the newly added attribute
authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been
added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to
actively send a SSL v2 compatible client hello.
However, the server side implementation of the SSL/TLS protocol continues to
support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the
environment variable named SSLKEYLOGFILE is set. NSS has been changed to
disable this functionality in optimized builds by default. In order to enable
the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE
must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved. This includes support for DTLS 1.3.
Note that TLS 1.3 support is experimental and is not suitable for production
use.
Diffstat (limited to 'devel/nss')
-rw-r--r-- | devel/nss/Makefile | 8 | ||||
-rw-r--r-- | devel/nss/PLIST | 4 | ||||
-rw-r--r-- | devel/nss/distinfo | 12 | ||||
-rw-r--r-- | devel/nss/patches/patch-nss_coreconf_OpenBSD.mk | 6 |
4 files changed, 16 insertions, 14 deletions
diff --git a/devel/nss/Makefile b/devel/nss/Makefile index 81a1ad6a00e..88a7596fe57 100644 --- a/devel/nss/Makefile +++ b/devel/nss/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.114 2016/05/20 11:53:18 wiz Exp $ +# $NetBSD: Makefile,v 1.115 2016/05/25 13:17:13 ryoon Exp $ DISTNAME= nss-${NSS_RELEASE:S/.0$//} -PKGREVISION= 1 -NSS_RELEASE= 3.23.0 +NSS_RELEASE= 3.24.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_MAJOR_VERSION}_${NSS_MINOR_VERSION}_RTM/src/} @@ -107,8 +106,9 @@ do-install: ${INSTALL_SCRIPT} ${WRKSRC}/nss-config ${DESTDIR}${PREFIX}/bin/nss-config # For consistency of libxul.so link in www/firefox. -BUILDLINK_API_DEPENDS.sqlite3+= sqlite3>=3.8.4.2 +BUILDLINK_API_DEPENDS.sqlite3+= sqlite3>=3.8.4.2 .include "../../databases/sqlite3/buildlink3.mk" +BUILDLINK_API_DEPENDS.nspr+= nspr>=4.12 .include "../../devel/nspr/buildlink3.mk" .include "../../devel/zlib/buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" diff --git a/devel/nss/PLIST b/devel/nss/PLIST index 5d6042a23b1..760945fde8d 100644 --- a/devel/nss/PLIST +++ b/devel/nss/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.16 2016/05/20 11:53:18 wiz Exp $ +@comment $NetBSD: PLIST,v 1.17 2016/05/25 13:17:13 ryoon Exp $ bin/nss-config include/nss/dbm/mcom_db.h include/nss/dbm/ncompat.h @@ -27,6 +27,8 @@ include/nss/nss/key.h include/nss/nss/keyhi.h include/nss/nss/keyt.h include/nss/nss/keythi.h +include/nss/nss/lowkeyi.h +include/nss/nss/lowkeyti.h include/nss/nss/nss.h include/nss/nss/nssb64.h include/nss/nss/nssb64t.h diff --git a/devel/nss/distinfo b/devel/nss/distinfo index 11c6a7b7f29..271ab77ccdb 100644 --- a/devel/nss/distinfo +++ b/devel/nss/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.59 2016/04/17 19:27:10 ryoon Exp $ +$NetBSD: distinfo,v 1.60 2016/05/25 13:17:13 ryoon Exp $ -SHA1 (nss-3.23.tar.gz) = 5cb30a18d601d5f2bb635df6213ae3e93f754fe8 -RMD160 (nss-3.23.tar.gz) = 2cb9a448ec60a00edd7cf5a08321dd6583d03cb9 -SHA512 (nss-3.23.tar.gz) = f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 -Size (nss-3.23.tar.gz) = 7467001 bytes +SHA1 (nss-3.24.tar.gz) = e232ed7046891d1e47959636c86172f6274c7bec +RMD160 (nss-3.24.tar.gz) = dcdf069def140b65ea93163613d2c258128dd69b +SHA512 (nss-3.24.tar.gz) = 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e +Size (nss-3.24.tar.gz) = 7307782 bytes SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5 SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f @@ -14,7 +14,7 @@ SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c -SHA1 (patch-nss_coreconf_OpenBSD.mk) = fa545c993038e99bf9f59b59ec1d0bd1f6c192a9 +SHA1 (patch-nss_coreconf_OpenBSD.mk) = fccc17845c28f5b1268c96eb4e952e32dd530d1d SHA1 (patch-nss_coreconf_command.mk) = 182d513f40fa9c16006601dd7a7a654bb3139828 SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af diff --git a/devel/nss/patches/patch-nss_coreconf_OpenBSD.mk b/devel/nss/patches/patch-nss_coreconf_OpenBSD.mk index 8bad8a43b8b..5b6d002b39d 100644 --- a/devel/nss/patches/patch-nss_coreconf_OpenBSD.mk +++ b/devel/nss/patches/patch-nss_coreconf_OpenBSD.mk @@ -1,6 +1,6 @@ -$NetBSD: patch-nss_coreconf_OpenBSD.mk,v 1.1 2014/05/16 12:38:01 ryoon Exp $ +$NetBSD: patch-nss_coreconf_OpenBSD.mk,v 1.2 2016/05/25 13:17:13 ryoon Exp $ ---- nss/coreconf/OpenBSD.mk.orig 2014-03-14 20:31:59.000000000 +0000 +--- nss/coreconf/OpenBSD.mk.orig 2016-05-17 07:58:45.000000000 +0000 +++ nss/coreconf/OpenBSD.mk @@ -24,7 +24,7 @@ OS_LIBS += -pthread DSO_LDOPTS += -pthread @@ -9,5 +9,5 @@ $NetBSD: patch-nss_coreconf_OpenBSD.mk,v 1.1 2014/05/16 12:38:01 ryoon Exp $ -DLL_SUFFIX = so.1.0 +DLL_SUFFIX = so - OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -Wno-switch -pipe -DOPENBSD + OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DOPENBSD |