Fri Sep 26 03:25:22 2014 UTC ()
security update fixing:
- Incorrect DigestInfo validation in NSS (CVE-2014-1568)
- RSA signature verification vulnerabilities in parsing of DigestInfo
(see https://www.mozilla.org/security/announce/2014/mfsa2014-73.html)


(spz)
diff -r1.86 -r1.87 pkgsrc/devel/nss/Makefile
diff -r1.12 -r1.13 pkgsrc/devel/nss/PLIST
diff -r1.40 -r1.41 pkgsrc/devel/nss/distinfo
cvs diff -r1.86 -r1.87 pkgsrc/devel/nss/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/nss/Makefile 2014/08/12 09:43:06 1.86
+++ pkgsrc/devel/nss/Makefile 2014/09/26 03:25:22 1.87
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.86 2014/08/12 09:43:06 markd Exp $ 1# $NetBSD: Makefile,v 1.87 2014/09/26 03:25:22 spz Exp $
2 2
3DISTNAME= nss-${NSS_RELEASE:S/.0$//} 3DISTNAME= nss-${NSS_RELEASE:S/.0$//}
4NSS_RELEASE= 3.16.4 4NSS_RELEASE= 3.16.5
5CATEGORIES= security 5CATEGORIES= security
6MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/.0$//:S/./_/g}_RTM/src/} 6MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/.0$//:S/./_/g}_RTM/src/}
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/ 9HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
10COMMENT= Libraries to support development of security-enabled applications 10COMMENT= Libraries to support development of security-enabled applications
11LICENSE= mpl-2.0 11LICENSE= mpl-2.0
12 12
13CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh 13CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh
14CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh 14CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh
15CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure 15CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure
16CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure 16CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure
17 17
cvs diff -r1.12 -r1.13 pkgsrc/devel/nss/PLIST (expand / switch to unified diff)

--- pkgsrc/devel/nss/PLIST 2012/12/15 09:48:00 1.12
+++ pkgsrc/devel/nss/PLIST 2014/09/26 03:25:22 1.13
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.12 2012/12/15 09:48:00 ryoon Exp $ 1@comment $NetBSD: PLIST,v 1.13 2014/09/26 03:25:22 spz Exp $
2include/nss/dbm/cdefs.h 2include/nss/dbm/cdefs.h
3include/nss/dbm/mcom_db.h 3include/nss/dbm/mcom_db.h
4include/nss/dbm/ncompat.h 4include/nss/dbm/ncompat.h
5include/nss/dbm/winfile.h 5include/nss/dbm/winfile.h
6include/nss/nss/base64.h 6include/nss/nss/base64.h
7include/nss/nss/blapit.h 7include/nss/nss/blapit.h
8include/nss/nss/cert.h 8include/nss/nss/cert.h
9include/nss/nss/certdb.h 9include/nss/nss/certdb.h
10include/nss/nss/certt.h 10include/nss/nss/certt.h
11include/nss/nss/ciferfam.h 11include/nss/nss/ciferfam.h
12include/nss/nss/cmmf.h 12include/nss/nss/cmmf.h
13include/nss/nss/cmmft.h 13include/nss/nss/cmmft.h
14include/nss/nss/cms.h 14include/nss/nss/cms.h
@@ -56,26 +56,27 @@ include/nss/nss/p12t.h @@ -56,26 +56,27 @@ include/nss/nss/p12t.h
56include/nss/nss/pk11func.h 56include/nss/nss/pk11func.h
57include/nss/nss/pk11pqg.h 57include/nss/nss/pk11pqg.h
58include/nss/nss/pk11priv.h 58include/nss/nss/pk11priv.h
59include/nss/nss/pk11pub.h 59include/nss/nss/pk11pub.h
60include/nss/nss/pk11sdr.h 60include/nss/nss/pk11sdr.h
61include/nss/nss/pkcs11.h 61include/nss/nss/pkcs11.h
62include/nss/nss/pkcs11f.h 62include/nss/nss/pkcs11f.h
63include/nss/nss/pkcs11n.h 63include/nss/nss/pkcs11n.h
64include/nss/nss/pkcs11p.h 64include/nss/nss/pkcs11p.h
65include/nss/nss/pkcs11t.h 65include/nss/nss/pkcs11t.h
66include/nss/nss/pkcs11u.h 66include/nss/nss/pkcs11u.h
67include/nss/nss/pkcs12.h 67include/nss/nss/pkcs12.h
68include/nss/nss/pkcs12t.h 68include/nss/nss/pkcs12t.h
 69include/nss/nss/pkcs1sig.h
69include/nss/nss/pkcs7t.h 70include/nss/nss/pkcs7t.h
70include/nss/nss/portreg.h 71include/nss/nss/portreg.h
71include/nss/nss/preenc.h 72include/nss/nss/preenc.h
72include/nss/nss/secasn1.h 73include/nss/nss/secasn1.h
73include/nss/nss/secasn1t.h 74include/nss/nss/secasn1t.h
74include/nss/nss/seccomon.h 75include/nss/nss/seccomon.h
75include/nss/nss/secder.h 76include/nss/nss/secder.h
76include/nss/nss/secdert.h 77include/nss/nss/secdert.h
77include/nss/nss/secdig.h 78include/nss/nss/secdig.h
78include/nss/nss/secdigt.h 79include/nss/nss/secdigt.h
79include/nss/nss/secerr.h 80include/nss/nss/secerr.h
80include/nss/nss/sechash.h 81include/nss/nss/sechash.h
81include/nss/nss/secitem.h 82include/nss/nss/secitem.h
@@ -88,22 +89,22 @@ include/nss/nss/secpkcs5.h @@ -88,22 +89,22 @@ include/nss/nss/secpkcs5.h
88include/nss/nss/secpkcs7.h 89include/nss/nss/secpkcs7.h
89include/nss/nss/secport.h 90include/nss/nss/secport.h
90include/nss/nss/shsign.h 91include/nss/nss/shsign.h
91include/nss/nss/smime.h 92include/nss/nss/smime.h
92include/nss/nss/ssl.h 93include/nss/nss/ssl.h
93include/nss/nss/sslerr.h 94include/nss/nss/sslerr.h
94include/nss/nss/sslproto.h 95include/nss/nss/sslproto.h
95include/nss/nss/sslt.h 96include/nss/nss/sslt.h
96include/nss/nss/utilmodt.h 97include/nss/nss/utilmodt.h
97include/nss/nss/utilpars.h 98include/nss/nss/utilpars.h
98include/nss/nss/utilparst.h 99include/nss/nss/utilparst.h
99include/nss/nss/utilrename.h 100include/nss/nss/utilrename.h
100lib/nss/libcrmf.a 101lib/nss/libcrmf.a
101lib/nss/libfreebl3.${SO_SUFFIX} 102lib/nss/libfreebl3.so
102lib/nss/libnss3.${SO_SUFFIX} 103lib/nss/libnss3.so
103lib/nss/libnssckbi.${SO_SUFFIX} 104lib/nss/libnssckbi.so
104lib/nss/libnssdbm3.${SO_SUFFIX} 105lib/nss/libnssdbm3.so
105lib/nss/libnssutil3.${SO_SUFFIX} 106lib/nss/libnssutil3.so
106lib/nss/libsmime3.${SO_SUFFIX} 107lib/nss/libsmime3.so
107lib/nss/libsoftokn3.${SO_SUFFIX} 108lib/nss/libsoftokn3.so
108lib/nss/libssl3.${SO_SUFFIX} 109lib/nss/libssl3.so
109lib/pkgconfig/nss.pc 110lib/pkgconfig/nss.pc
cvs diff -r1.40 -r1.41 pkgsrc/devel/nss/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/nss/distinfo 2014/08/12 09:43:06 1.40
+++ pkgsrc/devel/nss/distinfo 2014/09/26 03:25:22 1.41
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1$NetBSD: distinfo,v 1.40 2014/08/12 09:43:06 markd Exp $ 1$NetBSD: distinfo,v 1.41 2014/09/26 03:25:22 spz Exp $
2 2
3SHA1 (nss-3.16.4.tar.gz) = ee2c8601041b938ecfcba520280dc3059b6cbffd 3SHA1 (nss-3.16.5.tar.gz) = bec488835954698e7b19149a15205db299cd13de
4RMD160 (nss-3.16.4.tar.gz) = 958e1ed8fa110f1adeb149c164338cf42f281ce3 4RMD160 (nss-3.16.5.tar.gz) = 19630a0815d69ee5959b562d7849d35d677c6329
5Size (nss-3.16.4.tar.gz) = 6428795 bytes 5Size (nss-3.16.5.tar.gz) = 6429830 bytes
6SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5 6SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5
7SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 7SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
8SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f 8SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
9SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65 9SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65
10SHA1 (patch-mf) = 64d3b2cc09ffbc9c4e8ffdb68cb2fa89b6897e8c 10SHA1 (patch-mf) = 64d3b2cc09ffbc9c4e8ffdb68cb2fa89b6897e8c
11SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834 11SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834
12SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 12SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561
13SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a 13SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a
14SHA1 (patch-mn) = ab5820ecca7e1a3aef7785763115d38fa55109b4 14SHA1 (patch-mn) = ab5820ecca7e1a3aef7785763115d38fa55109b4
15SHA1 (patch-nss_coreconf_OpenBSD.mk) = fa545c993038e99bf9f59b59ec1d0bd1f6c192a9 15SHA1 (patch-nss_coreconf_OpenBSD.mk) = fa545c993038e99bf9f59b59ec1d0bd1f6c192a9
16SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 16SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27
17SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af 17SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af