pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/devel/nss



Module Name:    pkgsrc
Committed By:   ryoon
Date:           Sun Apr 17 19:27:10 UTC 2016

Modified Files:
        pkgsrc/devel/nss: Makefile distinfo
        pkgsrc/devel/nss/patches: patch-mf patch-nss_coreconf_command.mk

Log Message:
Update to 3.23

Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.

The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  (bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
  This code is not ready for production use.

New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
  anti-downgrade mechanism

Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
  (bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
  to improve compatibility of the Extended Master Secret feature
  with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
  to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
  which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes


To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.58 -r1.59 pkgsrc/devel/nss/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/nss/patches/patch-mf
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/devel/nss/patches/patch-nss_coreconf_command.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index