Tue Jun 23 13:16:47 2015 UTC ()

Update to 3.19.2

* Approved by wiz@.

Changelog:
Network Security Services (NSS) is a patch release for NSS 3.19.

No new functionality is introduced in this release. This release addresses
a backwards compatibility issue with the NSS 3.19.1 release.

Notable Changes:
* In NSS 3.19.1, the minimum key sizes that the freebl cryptographic
implementation (part of the softoken cryptographic module used by default
by NSS) was willing to generate or use was increased - for RSA keys, to
512 bits, and for DH keys, 1023 bits. This was done as part of a security
fix for Bug 1138554 / CVE-2015-4000. Applications that requested or
attempted to use keys smaller then the minimum size would fail. However,
this change in behaviour unintentionally broke existing NSS applications
that need to generate or use such keys, via APIs such as
SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.

In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix
for Bug 1138554 has been moved to libssl, and will now only affect the
minimum keystrengths used in SSL/TLS.


(ryoon)

diff -r1.98 -r1.99 pkgsrc/devel/nss/Makefile
diff -r1.48 -r1.49 pkgsrc/devel/nss/distinfo

--- pkgsrc/devel/nss/Makefile 2015/06/12 10:48:52 1.98
+++ pkgsrc/devel/nss/Makefile 2015/06/23 13:16:47 1.99

 @@ -1,18 +1,17 @@
-# $NetBSD: Makefile,v 1.98 2015/06/12 10:48:52 wiz Exp $
+# $NetBSD: Makefile,v 1.99 2015/06/23 13:16:47 ryoon Exp $
 DISTNAME=		nss-${NSS_RELEASE:S/.0$//}
-NSS_RELEASE=		3.19.1
+NSS_RELEASE=		3.19.2
 PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/.0$//:S/./_/g}_RTM/src/}
 MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.mozilla.org/projects/security/pki/nss/
 COMMENT=		Libraries to support development of security-enabled applications
 LICENSE=		mpl-2.0
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure
 CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure

--- pkgsrc/devel/nss/distinfo 2015/05/29 14:19:25 1.48
+++ pkgsrc/devel/nss/distinfo 2015/06/23 13:16:47 1.49

 @@ -1,18 +1,18 @@
-$NetBSD: distinfo,v 1.48 2015/05/29 14:19:25 ryoon Exp $
+$NetBSD: distinfo,v 1.49 2015/06/23 13:16:47 ryoon Exp $
-SHA1 (nss-3.19.1.tar.gz) = 9e20dee2137265e61ce8a70daaf44fe0315fdb81
+SHA1 (nss-3.19.2.tar.gz) = 1f04052688b23e7d2c2ce05ee25fd29d180d4a43
-RMD160 (nss-3.19.1.tar.gz) = aeef3cd93419dcc9e50c9fa648c6ac113ca4547d
+RMD160 (nss-3.19.2.tar.gz) = d32ca88b7e0ecbfa43f273b351ddb037a67c7013
-Size (nss-3.19.1.tar.gz) = 6953537 bytes
+Size (nss-3.19.2.tar.gz) = 6953657 bytes
 SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5
 SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
 SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
 SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65
 SHA1 (patch-mf) = 64d3b2cc09ffbc9c4e8ffdb68cb2fa89b6897e8c
 SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834
 SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561
 SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a
 SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4
 SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c
 SHA1 (patch-nss_coreconf_OpenBSD.mk) = fa545c993038e99bf9f59b59ec1d0bd1f6c192a9
 SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27
 SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af