CVS commit: pkgsrc/devel/nss

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Feb 11 21:53:28 UTC 2025

Modified Files:
        pkgsrc/devel/nss: Makefile distinfo

Log Message:
nss: update to 3.108.

Changes:

   - Bug 1923285 - libclang-16 -> libclang-19
   - Bug 1939086 - Turn off Secure Email Trust Bit for Security
     Communication ECC RootCA1.
   - Bug 1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1
     and BJCA Global Root CA2.
   - Bug 1915902 - Remove SwissSign Silver CA – G2.
   - Bug 1938245 - Add D-Trust 2023 TLS Roots to NSS
   - Bug 1942301 - fix fips test failure on windows.
   - Bug 1935925 - change default sensitivity of KEM keys.
   - Bug 1936001 - Part 1: Introduce frida hooks and script,
   - Bug 1942350 - add missing arm_neon.h include to gcm.c.
   - Bug 1831552 - ci: update windows workers to win2022
     r=nss-reviewers,nkulatova NSS_3_108_BETA2
   - Bug 1831552 - strip trailing carriage returns in tools tests
     r=nss-reviewers,nkulatova
   - Bug 1880256 - work around unix/windows path translation issues in cert
     test script r=nss-reviewers,nkulatova
   - Bug 1831552 - ci: let the windows setup script work without $m
     r=nss-reviewers,nkulatova
   - Bug 1880255 - detect msys r=nss-reviewers,nkulatova
   - Bug 1936680 - add a specialized CTR_Update variant for AES-GCM.
     r=nss-reviewers,keeler
   - Bug 1930807 NSS policy updates - cavs NSS_3_108_BETA1
   - Bug 1930806 FIPS changes need to be upstreamed: FIPS 140-3 RNG
   - Bug 1930806 FIPS changes need to be upstreamed: Add SafeZero
   - Bug 1930806 FIPS changes need to be upstreamed - updated POST
   - Bug 1933031 Segmentation fault in SECITEM_Hash during pkcs12 processing
   - Bug 1929922 - Extending NSS with LoadModuleFromFunction functionality
     r=keeler,nss-reviewers
   - Bug 1935984 - Ensure zero-initialization of collectArgs.cert,
     r=djackson,nss-reviewers
   - Bug 1934526 - pkcs7 fuzz target use CERT_DestroyCertificate,
     r=djackson,nss-reviewers
   - Bug 1915898 - Fix actual underlying ODR violations issue,
     r=djackson,nss-reviewers
   - Bug 1184059 - mozilla::pkix: allow reference ID labels to begin and/or
     end with hyphens r=jschanck
   - Bug 1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
     NSS_DISABLE_DBM is set r=jschanck
   - Bug 1934526 - Fix memory leak in pkcs7 fuzz target,
     r=djackson,nss-reviewers
   - Bug 1934529 - Set -O2 for ASan builds in CI, r=djackson,nss-reviewers
   - Bug 1934543 - Change branch of tlsfuzzer dependency,
     r=djackson,nss-reviewers
   - Bug 1915898 - Run tests in CI for ASan builds with
     detect_odr_violation=1, r=djackson,nss-reviewers
   - Bug 1934241 - Fix coverage failure in CI, r=djackson,nss-reviewers
   - Bug 1934213 - Add fuzzing for delegated credentials, DTLS short header
     and Tls13BackendEch, r=djackson,nss-reviewers
   - Bug 1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
     SSL_SetDtls13VersionWorkaround, r=djackson,nss-reviewers
   - Bug 1913677 - Part 3: Restructure fuzz/, r=djackson,nss-reviewers
   - Bug 1931925 - Extract testcases from ssl gtests for fuzzing,
     r=djackson,nss-reviewers
   - Bug 1923037 - Force Cryptofuzz to use NSS in CI,
     r=nss-reviewers,nkulatova
   - Bug 1923037 - Fix Cryptofuzz on 32 bit in CI, r=nss-reviewers,nkulatova
   - Bug 1933154 - Update Cryptofuzz repository link,
     r=nss-reviewers,nkulatova
   - Bug 1926256 - fix build error from 9505f79d r=jschanck
   - Bug 1926256 - simplify error handling in get_token_objects_for_cache.
     r=rrelyea
   - Bug 1931973 - nss doc: fix a warning r=bbeurdouche
   - Bug 1930797 pkcs12 fixes from RHEL need to be picked up.


To generate a diff of this commit:
cvs rdiff -u -r1.272 -r1.273 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.188 -r1.189 pkgsrc/devel/nss/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/nss/Makefile
diff -u pkgsrc/devel/nss/Makefile:1.272 pkgsrc/devel/nss/Makefile:1.273
--- pkgsrc/devel/nss/Makefile:1.272     Thu Nov 21 21:03:17 2024
+++ pkgsrc/devel/nss/Makefile   Tue Feb 11 21:53:28 2025
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.272 2024/11/21 21:03:17 wiz Exp $
+# $NetBSD: Makefile,v 1.273 2025/02/11 21:53:28 wiz Exp $
 #
 # release notes
 # https://firefox-source-docs.mozilla.org/security/nss/releases/index.html
 
 DISTNAME=              nss-${NSS_RELEASE:S/.0$//}
-NSS_RELEASE=           3.107.0
+NSS_RELEASE=           3.108.0
 CATEGORIES=            devel security
 MASTER_SITES=          ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/}
 

Index: pkgsrc/devel/nss/distinfo
diff -u pkgsrc/devel/nss/distinfo:1.188 pkgsrc/devel/nss/distinfo:1.189
--- pkgsrc/devel/nss/distinfo:1.188     Thu Nov 21 21:03:17 2024
+++ pkgsrc/devel/nss/distinfo   Tue Feb 11 21:53:28 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.188 2024/11/21 21:03:17 wiz Exp $
+$NetBSD: distinfo,v 1.189 2025/02/11 21:53:28 wiz Exp $
 
-BLAKE2s (nss-3.107.tar.gz) = 122a02177f36f5ca39cc1758cb0e75a80ce18650611411b15fc77c6742813d8e
-SHA512 (nss-3.107.tar.gz) = a710459a46f5ca084fc5eb96047aeeece5010ebbffff3691a8487b667e9c520bd22d810cacca7b7b63b76d85a04c920748d169d0abb845b89b7b9804f9c38918
-Size (nss-3.107.tar.gz) = 76617725 bytes
+BLAKE2s (nss-3.108.tar.gz) = d11ee5aff35616f3ac3ff36ff32c6fd56c40be26f1486118d9027281a9caff0f
+SHA512 (nss-3.108.tar.gz) = 8a9545ec201f610abfae40d29e989c6a140b066755c02a36225a95fb9abfe47834352f3eae168e1cfb16382dfd12820c63bb9ad37361a624907cc45faa7bd34b
+Size (nss-3.108.tar.gz) = 76630022 bytes
 SHA1 (patch-md) = 8547c9414332c02221b96719dea1e09cb741f4d1
 SHA1 (patch-me) = ffb5f119764c158c0bd789bd18fc77c61f2e9d2b
 SHA1 (patch-mf) = 40e58385fb6f944f463bf00b9aad72bc4ea229d0