Thu Nov 21 15:23:47 2013 UTC ()

Update to 3.15.3

Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.3. Users are encouraged to upgrade immediately.

    Bug 925100 - (CVE-2013-1741) Ensure a size is <= half of the maximum PRUint32 value
    Bug 934016 - (CVE-2013-5605) Handle invalid handshake packets
    Bug 910438 - (CVE-2013-5606) Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used

New in NSS 3.15.3
New Functionality

No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
Bugs fixed in NSS 3.15.3

    Bug 850478 - List RC4_128 cipher suites after AES_128 cipher suites
    Bug 919677 - Don't advertise TLS 1.2-only ciphersuites in a TLS 1.1 ClientHello

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.3&product=NSS

Compatibility

NSS 3.15.3 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.3 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.


(ryoon)

diff -r1.71 -r1.72 pkgsrc/devel/nss/Makefile
diff -r1.29 -r1.30 pkgsrc/devel/nss/distinfo

--- pkgsrc/devel/nss/Makefile 2013/10/19 09:07:03 1.71
+++ pkgsrc/devel/nss/Makefile 2013/11/21 15:23:47 1.72

 @@ -1,18 +1,17 @@
-# $NetBSD: Makefile,v 1.71 2013/10/19 09:07:03 adam Exp $
+# $NetBSD: Makefile,v 1.72 2013/11/21 15:23:47 ryoon Exp $
 DISTNAME=		nss-${NSS_RELEASE}
-NSS_RELEASE=		3.15.2
+NSS_RELEASE=		3.15.3
 PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/./_/g}_RTM/src/}
 MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.mozilla.org/projects/security/pki/nss/
 COMMENT=		Libraries to support development of security-enabled applications
 LICENSE=		mpl-2.0
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure

--- pkgsrc/devel/nss/distinfo 2013/10/15 16:10:33 1.29
+++ pkgsrc/devel/nss/distinfo 2013/11/21 15:23:47 1.30

 @@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.29 2013/10/15 16:10:33 ryoon Exp $
+$NetBSD: distinfo,v 1.30 2013/11/21 15:23:47 ryoon Exp $
-SHA1 (nss-3.15.2.tar.gz) = 2d900c296bf11deabbf833ebd6ecdea549c97a5f
+SHA1 (nss-3.15.3.tar.gz) = 1d0f6707eda35f6c7be92fe2b0537dc090a8f203
-RMD160 (nss-3.15.2.tar.gz) = 4e427758808394bd70bd9b060e888bb337bf7f85
+RMD160 (nss-3.15.3.tar.gz) = bfa730d805ebe00333547cf1ca60064c9aaae630
-Size (nss-3.15.2.tar.gz) = 6288669 bytes
+Size (nss-3.15.3.tar.gz) = 6288990 bytes
 SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5
 SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
 SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
 SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65
 SHA1 (patch-mf) = 64d3b2cc09ffbc9c4e8ffdb68cb2fa89b6897e8c
 SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834
 SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561
 SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a
 SHA1 (patch-mn) = ab5820ecca7e1a3aef7785763115d38fa55109b4
 SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af