Update to 3.27 Changelog: The NSS team has released Network Security Services (NSS) 3.27, which is a minor release. Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. New functionality: * Allow custom named group priorities for TLS key exchange handshake (SSL_NamedGroupConfig). * Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3 New Functions: * SSL_NamedGroupConfig Notable Changes: * NPN can not be enabled anymore. * Hard limits on the maximum number of TLS records encrypted with the same key are enforced. * Disabled renegotiation in DTLS. * The following CA certificates were Removed - CN = IGC/A, O = PM/SGDN, OU = DCSSI - CN = Juur-SK, O = AS Sertifitseerimiskeskus - CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı - CN = S-TRUST Authentication and Encryption Root CA 2005:PN - O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority - O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2 - O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority - O = Equifax, OU = Equifax Secure Certificate Authority - CN = Equifax Secure eBusiness CA-1 - CN = Equifax Secure Global eBusiness CA-1 The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notesdiff -r1.117 -r1.118 pkgsrc/devel/nss/Makefile
(ryoon)
@@ -1,18 +1,17 @@ | @@ -1,18 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.117 2016/07/09 06:38:11 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.118 2016/09/30 11:59:12 ryoon Exp $ | |
2 | 2 | |||
3 | DISTNAME= nss-${NSS_RELEASE:S/.0$//} | 3 | DISTNAME= nss-${NSS_RELEASE:S/.0$//} | |
4 | NSS_RELEASE= 3.25.0 | 4 | NSS_RELEASE= 3.27.0 | |
5 | PKGREVISION= 1 | |||
6 | CATEGORIES= security | 5 | CATEGORIES= security | |
7 | MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_MAJOR_VERSION}_${NSS_MINOR_VERSION}_RTM/src/} | 6 | MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_MAJOR_VERSION}_${NSS_MINOR_VERSION}_RTM/src/} | |
8 | 7 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/ | 9 | HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/ | |
11 | COMMENT= Libraries to support development of security-enabled applications | 10 | COMMENT= Libraries to support development of security-enabled applications | |
12 | LICENSE= mpl-2.0 | 11 | LICENSE= mpl-2.0 | |
13 | 12 | |||
14 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh | 13 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh | |
15 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh | 14 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh | |
16 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure | 15 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure | |
17 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure | 16 | CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure | |
18 | 17 |
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | $NetBSD: distinfo,v 1.61 2016/07/02 12:22:47 ryoon Exp $ | 1 | $NetBSD: distinfo,v 1.62 2016/09/30 11:59:12 ryoon Exp $ | |
2 | 2 | |||
3 | SHA1 (nss-3.25.tar.gz) = ffa55041a7904bb43afbc6821f479819d9802abf | 3 | SHA1 (nss-3.27.tar.gz) = e3579204ceffb915caacf2514b24b76ee503012c | |
4 | RMD160 (nss-3.25.tar.gz) = a3a711df9516788c9f872f4946f68adabcded836 | 4 | RMD160 (nss-3.27.tar.gz) = f61867a334b7ad043ba545392d2027dbc670350e | |
5 | SHA512 (nss-3.25.tar.gz) = a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 | 5 | SHA512 (nss-3.27.tar.gz) = a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272 | |
6 | Size (nss-3.25.tar.gz) = 7338238 bytes | 6 | Size (nss-3.27.tar.gz) = 7397210 bytes | |
7 | SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5 | 7 | SHA1 (patch-am) = bab47640c0d25629f43578e7b788859418b27ecd | |
8 | SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 | 8 | SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 | |
9 | SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f | 9 | SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f | |
10 | SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65 | 10 | SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65 | |
11 | SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709 | 11 | SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709 | |
12 | SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834 | 12 | SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834 | |
13 | SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 | 13 | SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 | |
14 | SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a | 14 | SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a | |
15 | SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 | 15 | SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 | |
16 | SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c | 16 | SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c | |
17 | SHA1 (patch-nss_coreconf_OpenBSD.mk) = fccc17845c28f5b1268c96eb4e952e32dd530d1d | 17 | SHA1 (patch-nss_coreconf_OpenBSD.mk) = fccc17845c28f5b1268c96eb4e952e32dd530d1d | |
18 | SHA1 (patch-nss_coreconf_command.mk) = 182d513f40fa9c16006601dd7a7a654bb3139828 | 18 | SHA1 (patch-nss_coreconf_command.mk) = 008f7670f164bf19555a7691f5a59fc8bf687078 | |
19 | SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 | 19 | SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 | |
20 | SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af | 20 | SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: patch-am,v 1.4 2013/07/20 09:28:11 ryoon Exp $ | 1 | $NetBSD: patch-am,v 1.5 2016/09/30 11:59:12 ryoon Exp $ | |
2 | 2 | |||
3 | SHA1_Update conflicts with openssl which may be dynamically loaded | 3 | SHA1_Update conflicts with openssl which may be dynamically loaded | |
4 | at runtime via libcups or libgssapi so causing a crash due to using | 4 | at runtime via libcups or libgssapi so causing a crash due to using | |
5 | the wrong binding. So rename here to avoid conflict. | 5 | the wrong binding. So rename here to avoid conflict. | |
6 | 6 | |||
7 | --- nss/lib/freebl/blapi.h.orig 2009-06-29 18:15:13.000000000 +0200 | 7 | --- nss/lib/freebl/blapi.h.orig 2016-09-26 06:00:51.000000000 +0000 | |
8 | +++ nss/lib/freebl/blapi.h | 8 | +++ nss/lib/freebl/blapi.h | |
9 | @@ -925,6 +925,8 @@ extern void SHA1_DestroyContext(SHA1Cont | 9 | @@ -1212,6 +1212,8 @@ extern void SHA1_DestroyContext(SHA1Cont | |
10 | */ | 10 | */ | |
11 | extern void SHA1_Begin(SHA1Context *cx); | 11 | extern void SHA1_Begin(SHA1Context *cx); | |
12 | 12 | |||
13 | +#define SHA1_Update NSS_SHA1_Update | 13 | +#define SHA1_Update NSS_SHA1_Update | |
14 | + | 14 | + | |
15 | /* | 15 | /* | |
16 | ** Update the SHA-1 hash function with more data. | 16 | ** Update the SHA-1 hash function with more data. | |
17 | ** "cx" the context | 17 | ** "cx" the context |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-nss_coreconf_command.mk,v 1.2 2016/04/17 19:27:10 ryoon Exp $ | 1 | $NetBSD: patch-nss_coreconf_command.mk,v 1.3 2016/09/30 11:59:12 ryoon Exp $ | |
2 | 2 | |||
3 | * Pass CFLAGS from pkgsrc | 3 | * Pass CFLAGS from pkgsrc | |
4 | 4 | |||
5 | --- nss/coreconf/command.mk.orig 2016-02-26 20:51:11.000000000 +0000 | 5 | --- nss/coreconf/command.mk.orig 2016-09-26 06:00:51.000000000 +0000 | |
6 | +++ nss/coreconf/command.mk | 6 | +++ nss/coreconf/command.mk | |
7 | @@ -12,7 +12,7 @@ AS = $(CC) | 7 | @@ -12,7 +12,7 @@ AS = $(CC) | |
8 | ASFLAGS += $(CFLAGS) | 8 | ASFLAGS += $(CFLAGS) | |
9 | CCF = $(CC) $(CFLAGS) | 9 | CCF = $(CC) $(CFLAGS) | |
10 | LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) | 10 | LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) | |
11 | -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ | 11 | -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ | |
12 | +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ | 12 | +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ | |
13 | $(DEFINES) $(INCLUDES) $(XCFLAGS) | 13 | $(DEFINES) $(INCLUDES) $(XCFLAGS) | |
14 | PERL = perl | 14 | PERL = perl | |
15 | RANLIB = echo | 15 | RANLIB = echo |