---
- branch: MAIN
  date: Sat Mar 22 23:32:46 UTC 2014
  files:
  - new: '1.78'
    old: '1.77'
    path: pkgsrc/devel/nss/Makefile
    pathrev: pkgsrc/devel/nss/Makefile@1.78
    type: modified
  - new: '1.34'
    old: '1.33'
    path: pkgsrc/devel/nss/distinfo
    pathrev: pkgsrc/devel/nss/distinfo@1.34
    type: modified
  id: 20140322T233246Z.e66e37e8884249bda88e66de73e3eb226e94a0d1
  log: |
    Update to 3.16

    * Improve 3.16 like 2 number version support (firefox etc. requires 3 number
      version string)

    Changelog:
    >From https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes

    The following security-relevant bug has been resolved.
    Users are encouraged to upgrade immediately.
    * Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
      character should not be embedded within the U-label of an
      internationalized domain name. See the last bullet point in RFC 6125,
      Section 7.2.

    New functionality:
    * Supports the Linux x32 ABI. To build for the Linux x32 target, set
      the environment variable USE_X32=1 when building NSS.

    New Functions:
    * NSS_CMSSignerInfo_Verify

    New Macros
    * TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
      cipher suites that were first defined in SSL 3.0 can now be referred
      to with their official IANA names in TLS, with the TLS_ prefix.
      Previously, they had to be referred to with their names in SSL 3.0,
      with the SSL_ prefix.

    Notable Changes:
    * ECC is enabled by default. It is no longer necessary to set the
      environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
      ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
    * libpkix should not include the common name of CA as DNS names when
      evaluating name constraints.
    * AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
    * Fix a memory corruption in sec_pkcs12_new_asafe.
    * If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
      test sdb_measureAccess.
    * The built-in roots module has been updated to version 1.97, which
      adds, removes, and distrusts several certificates.
    * The atob utility has been improved to automatically ignore lines of
      text that aren't in base64 format.
    * The certutil utility has been improved to support creation of
      version 1 and version 2 certificates, in addition to the existing
      version 3 support.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/nss'
  unixtime: '1395531166'
  user: ryoon