---
- branch: MAIN
  date: Wed Sep  5 15:19:03 UTC 2018
  files:
  - new: '1.157'
    old: '1.156'
    path: pkgsrc/devel/nss/Makefile
    pathrev: pkgsrc/devel/nss/Makefile@1.157
    type: modified
  - new: '1.90'
    old: '1.89'
    path: pkgsrc/devel/nss/distinfo
    pathrev: pkgsrc/devel/nss/distinfo@1.90
    type: modified
  id: 20180905T151903Z.165e9d710a0c23136b0dcb5d71b920f76b5ea5d6
  log: |
    Update to 3.39

    Changelog:
    Notable bug fixes:
    * Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
      with a ServerHello that had an all-zero random (CVE-2018-12384)

    New functionality:
    * The tstclnt and selfserv utilities added support for configuring
      the enabled TLS signature schemes using the -J parameter.
    * NSS will use RSA-PSS keys to authenticate in TLS. Support for
      these keys is disabled by default but can be enabled using
      SSL_SignatureSchemePrefSet().
    * certutil added the ability to delete an orphan private key from
      an NSS key database.
    * Added the nss-policy-check utility, which can be used to check
      an NSS policy configuration for problems.
    * A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

    Notable changes:
    * The TLS 1.3 implementation uses the final version number from
      RFC 8446.
    * Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
      where the DigestInfo structure was missing the NULL parameter.
      Starting with version 3.39, NSS requires the encoding to contain
      the NULL parameter.
    * The tstclnt and selfserv test utilities no longer accept the -z
      parameter, as support for TLS compression was removed in a
      previous NSS version.
    * The CA certificates list was updated to version 2.26.
    * The following CA certificates were Added:
      - OU = GlobalSign Root CA - R6
      - CN = OISTE WISeKey Global Root GC CA
      The following CA certificate was Removed:
      - CN = ComSign
      The following CA certificates had the Websites trust bit disabled:
      - CN = Certplus Root CA G1
      - CN = Certplus Root CA G2
      - CN = OpenTrust Root CA G1
      - CN = OpenTrust Root CA G2
      - CN = OpenTrust Root CA G3
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/nss'
  unixtime: '1536160743'
  user: ryoon