Fri Sep 30 11:59:12 2016 UTC ()
Update to 3.27

Changelog:
The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

New functionality:
* Allow custom named group priorities for TLS key exchange handshake
  (SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3

New Functions:
* SSL_NamedGroupConfig

Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same 
  key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes


(ryoon)
diff -r1.117 -r1.118 pkgsrc/devel/nss/Makefile
diff -r1.61 -r1.62 pkgsrc/devel/nss/distinfo
diff -r1.4 -r1.5 pkgsrc/devel/nss/patches/patch-am
diff -r1.2 -r1.3 pkgsrc/devel/nss/patches/patch-nss_coreconf_command.mk
cvs diff -r1.117 -r1.118 pkgsrc/devel/nss/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/nss/Makefile 2016/07/09 06:38:11 1.117
+++ pkgsrc/devel/nss/Makefile 2016/09/30 11:59:12 1.118
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.117 2016/07/09 06:38:11 wiz Exp $ 1# $NetBSD: Makefile,v 1.118 2016/09/30 11:59:12 ryoon Exp $
2 2
3DISTNAME= nss-${NSS_RELEASE:S/.0$//} 3DISTNAME= nss-${NSS_RELEASE:S/.0$//}
4NSS_RELEASE= 3.25.0 4NSS_RELEASE= 3.27.0
5PKGREVISION= 1 
6CATEGORIES= security 5CATEGORIES= security
7MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_MAJOR_VERSION}_${NSS_MINOR_VERSION}_RTM/src/} 6MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_MAJOR_VERSION}_${NSS_MINOR_VERSION}_RTM/src/}
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/ 9HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
11COMMENT= Libraries to support development of security-enabled applications 10COMMENT= Libraries to support development of security-enabled applications
12LICENSE= mpl-2.0 11LICENSE= mpl-2.0
13 12
14CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh 13CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/libpkix/libpkix.sh
15CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh 14CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}nss/tests/multinit/multinit.sh
16CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure 15CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}js/src/configure
17CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure 16CHECK_PORTABILITY_SKIP+=${MOZILLA_DIR}configure
18 17
cvs diff -r1.61 -r1.62 pkgsrc/devel/nss/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/nss/distinfo 2016/07/02 12:22:47 1.61
+++ pkgsrc/devel/nss/distinfo 2016/09/30 11:59:12 1.62
@@ -1,20 +1,20 @@ @@ -1,20 +1,20 @@
1$NetBSD: distinfo,v 1.61 2016/07/02 12:22:47 ryoon Exp $ 1$NetBSD: distinfo,v 1.62 2016/09/30 11:59:12 ryoon Exp $
2 2
3SHA1 (nss-3.25.tar.gz) = ffa55041a7904bb43afbc6821f479819d9802abf 3SHA1 (nss-3.27.tar.gz) = e3579204ceffb915caacf2514b24b76ee503012c
4RMD160 (nss-3.25.tar.gz) = a3a711df9516788c9f872f4946f68adabcded836 4RMD160 (nss-3.27.tar.gz) = f61867a334b7ad043ba545392d2027dbc670350e
5SHA512 (nss-3.25.tar.gz) = a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 5SHA512 (nss-3.27.tar.gz) = a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272
6Size (nss-3.25.tar.gz) = 7338238 bytes 6Size (nss-3.27.tar.gz) = 7397210 bytes
7SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5 7SHA1 (patch-am) = bab47640c0d25629f43578e7b788859418b27ecd
8SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69 8SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
9SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f 9SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
10SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65 10SHA1 (patch-me) = e785e4e12b54f2618746a550a09593c2eede5f65
11SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709 11SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709
12SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834 12SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834
13SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561 13SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561
14SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a 14SHA1 (patch-mj) = 08ca1a37afce99e0292a20348fc6855547f44e8a
15SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 15SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4
16SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c 16SHA1 (patch-nss_cmd_platlibs.mk) = 7dadcb72acf15714c61ae74b21c5baf45bc51d4c
17SHA1 (patch-nss_coreconf_OpenBSD.mk) = fccc17845c28f5b1268c96eb4e952e32dd530d1d 17SHA1 (patch-nss_coreconf_OpenBSD.mk) = fccc17845c28f5b1268c96eb4e952e32dd530d1d
18SHA1 (patch-nss_coreconf_command.mk) = 182d513f40fa9c16006601dd7a7a654bb3139828 18SHA1 (patch-nss_coreconf_command.mk) = 008f7670f164bf19555a7691f5a59fc8bf687078
19SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27 19SHA1 (patch-nss_lib_freebl_config.mk) = 1c198177da8ba7928cbfbd23e385503be99ebe27
20SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af 20SHA1 (patch-security_nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af
cvs diff -r1.4 -r1.5 pkgsrc/devel/nss/patches/Attic/patch-am (expand / switch to unified diff)

--- pkgsrc/devel/nss/patches/Attic/patch-am 2013/07/20 09:28:11 1.4
+++ pkgsrc/devel/nss/patches/Attic/patch-am 2016/09/30 11:59:12 1.5
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1$NetBSD: patch-am,v 1.4 2013/07/20 09:28:11 ryoon Exp $ 1$NetBSD: patch-am,v 1.5 2016/09/30 11:59:12 ryoon Exp $
2 2
3SHA1_Update conflicts with openssl which may be dynamically loaded 3SHA1_Update conflicts with openssl which may be dynamically loaded
4at runtime via libcups or libgssapi so causing a crash due to using 4at runtime via libcups or libgssapi so causing a crash due to using
5the wrong binding. So rename here to avoid conflict. 5the wrong binding. So rename here to avoid conflict.
6 6
7--- nss/lib/freebl/blapi.h.orig 2009-06-29 18:15:13.000000000 +0200 7--- nss/lib/freebl/blapi.h.orig 2016-09-26 06:00:51.000000000 +0000
8+++ nss/lib/freebl/blapi.h 8+++ nss/lib/freebl/blapi.h
9@@ -925,6 +925,8 @@ extern void SHA1_DestroyContext(SHA1Cont 9@@ -1212,6 +1212,8 @@ extern void SHA1_DestroyContext(SHA1Cont
10 */ 10 */
11 extern void SHA1_Begin(SHA1Context *cx); 11 extern void SHA1_Begin(SHA1Context *cx);
12  12
13+#define SHA1_Update NSS_SHA1_Update 13+#define SHA1_Update NSS_SHA1_Update
14+ 14+
15 /* 15 /*
16 ** Update the SHA-1 hash function with more data. 16 ** Update the SHA-1 hash function with more data.
17 ** "cx" the context 17 ** "cx" the context
cvs diff -r1.2 -r1.3 pkgsrc/devel/nss/patches/patch-nss_coreconf_command.mk (expand / switch to unified diff)

--- pkgsrc/devel/nss/patches/patch-nss_coreconf_command.mk 2016/04/17 19:27:10 1.2
+++ pkgsrc/devel/nss/patches/patch-nss_coreconf_command.mk 2016/09/30 11:59:12 1.3
@@ -1,15 +1,15 @@ @@ -1,15 +1,15 @@
1$NetBSD: patch-nss_coreconf_command.mk,v 1.2 2016/04/17 19:27:10 ryoon Exp $ 1$NetBSD: patch-nss_coreconf_command.mk,v 1.3 2016/09/30 11:59:12 ryoon Exp $
2 2
3* Pass CFLAGS from pkgsrc 3* Pass CFLAGS from pkgsrc
4 4
5--- nss/coreconf/command.mk.orig 2016-02-26 20:51:11.000000000 +0000 5--- nss/coreconf/command.mk.orig 2016-09-26 06:00:51.000000000 +0000
6+++ nss/coreconf/command.mk 6+++ nss/coreconf/command.mk
7@@ -12,7 +12,7 @@ AS = $(CC) 7@@ -12,7 +12,7 @@ AS = $(CC)
8 ASFLAGS += $(CFLAGS) 8 ASFLAGS += $(CFLAGS)
9 CCF = $(CC) $(CFLAGS) 9 CCF = $(CC) $(CFLAGS)
10 LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) 10 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
11-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ 11-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
12+CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ 12+CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
13 $(DEFINES) $(INCLUDES) $(XCFLAGS) 13 $(DEFINES) $(INCLUDES) $(XCFLAGS)
14 PERL = perl 14 PERL = perl
15 RANLIB = echo 15 RANLIB = echo