pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q4]: pkgsrc/devel/nss Pullup ticket #6117 - requested by nia
details: https://anonhg.NetBSD.org/pkgsrc/rev/5bf3799eb5a4
branches: pkgsrc-2019Q4
changeset: 419721:5bf3799eb5a4
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sat Jan 18 22:29:04 2020 +0000
description:
Pullup ticket #6117 - requested by nia
devel/nss: dependent update (for Firefox)
Revisions pulled up:
- devel/nss/Makefile 1.175-1.177
- devel/nss/distinfo 1.103-1.105
- devel/nss/patches/patch-me 1.6
- devel/nss/patches/patch-nss_coreconf_command.mk 1.4
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Dec 28 23:04:05 UTC 2019
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
pkgsrc/devel/nss/patches: patch-nss_coreconf_command.mk
Log Message:
Update to 3.48
Changelog:
Notable Changes in NSS 3.48
* TLS 1.3 is the default maximum TLS version. See Bug 1573118 for details.
* TLS extended master secret is enabled by default, where possible. See Bug
1575411 for details.
* The master password PBE now uses 10,000 iterations by default when using
the default sql (key4.db) storage. Because using an iteration count higher
than 1 with the legacy dbm (key3.db) storage creates files that are
incompatible with previous versions of NSS, applications that wish to enable
it for key3.db are required to set environment variable
NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1. Applications may set environment
variable NSS_MIN_MP_PBE_ITERATION_COUNT to request a higher iteration count
than the library's default, or NSS_MAX_MP_PBE_ITERATION_COUNT to request a
lower iteration count for test environments. See Bug 1562671 for details.
Certificate Authority Changes
The following CA certificates were Added:
* Bug 1591178 - Entrust Root Certification Authority - G4 Cert
SHA-256 Fingerprint:
DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88
Bugs fixed in NSS 3.48
* Bug 1586176 - EncryptUpdate should use maxout not block size
(CVE-2019-11745)
-- Note that this was previously fixed in NSS 3.44.3 and 3.47.1.
* Bug 1600775 - Require NSPR 4.24 for NSS 3.48
* Bug 1593401 - Fix race condition in self-encrypt functions
* Bug 1599545 - Fix assertion and add test for early Key Update
* Bug 1597799 - Fix a crash in nssCKFWObject_GetAttributeSize
* Bug 1591178 - Add Entrust Root Certification Authority - G4 certificate to
NSS
* Bug 1590001 - Prevent negotiation of versions lower than 1.3 after
HelloRetryRequest
* Bug 1596450 - Added a simplified and unified MAC implementation for HMAC
and CMAC behind PKCS#11
* Bug 1522203 - Remove an old Pentium Pro performance workaround
* Bug 1592557 - Fix PRNG known-answer-test scripts
* Bug 1593141 - add `notBefore` or similar "beginning-of-validity-period"
parameter to mozilla::pkix::TrustDomain::CheckRevocation
* Bug 1591363 - Fix a PBKDF2 memory leak in NSC_GenerateKey if key length >
MAX_KEY_LEN (256)
* Bug 1592869 - Use ARM NEON for ctr_xor
* Bug 1566131 - Ensure SHA-1 fallback disabled in TLS 1.2
* Bug 1577803 - Mark PKCS#11 token as friendly if it implements
CKP_PUBLIC_CERTIFICATES_TOKEN
* Bug 1566126 - POWER GHASH Vector Acceleration
* Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c
* Bug 1590495 - Fix a crash in PK11_MakeCertFromHandle
* Bug 1591742 - Ensure DES IV length is valid before usage from PKCS#11
* Bug 1588567 - Enable mozilla::pkix gtests in NSS CI
* Bug 1591315 - Update NSC_Decrypt length in constant time
* Bug 1562671 - Increase NSS MP KDF default iteration count, by default for
modern key4 storage, optionally for legacy key3.db storage
* Bug 1590972 - Use -std=c99 rather than -std=gnu99
* Bug 1590676 - Fix build if ARM doesn't support NEON
* Bug 1575411 - Enable TLS extended master secret by default
* Bug 1590970 - SSL_SetTimeFunc has incomplete coverage
* Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c
* Bug 1588244 - NSS changes for Delegated Credential key strength checks
* Bug 1459141 - Add more CBC padding tests that missed NSS 3.47
* Bug 1590339 - Fix a memory leak in btoa.c
* Bug 1589810 - fix uninitialized variable warnings from certdata.perl
* Bug 1573118 - Enable TLS 1.3 by default in NSS
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Jan 10 03:43:20 UTC 2020
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
pkgsrc/devel/nss/patches: patch-me
Log Message:
nss: Update to 3.49
Changelog:
Notable Changes in NSS 3.49
* The legacy DBM database, libnssdbm, is no longer built by default when
using gyp builds. See Bug 1594933 for details.
Bugs fixed in NSS 3.49
* Bug 1513586 - Set downgrade sentinel for client TLS versions lower than
1.2.
* Bug 1606025 - Remove -Wmaybe-uninitialized warning in sslsnce.c
* Bug 1606119 - Fix PPC HW Crypto build failure
* Bug 1605545 - Memory leak in Pk11Install_Platform_Generate
* Bug 1602288 - Fix build failure due to missing posix signal.h
* Bug 1588714 - Implement CheckARMSupport for Win64/aarch64
* Bug 1585189 - NSS database uses 3DES instead of AES to encrypt DB entries
* Bug 1603257 - Fix UBSAN issue in softoken CKM_NSS_CHACHA20_CTR
initialization
* Bug 1590001 - Additional HRR Tests (CVE-2019-17023)
* Bug 1600144 - Treat ClientHello with message_seq of 1 as a second
ClientHello
* Bug 1603027 - Test that ESNI is regenerated after HelloRetryRequest
* Bug 1593167 - Intermittent mis-reporting potential security risk
SEC_ERROR_UNKNOWN_ISSUER
* Bug 1535787 - Fix automation/release/nss-release-helper.py on MacOS
* Bug 1594933 - Disable building DBM by default
* Bug 1562548 - Improve GCM perfomance on aarch32
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jan 14 12:58:08 UTC 2020
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: Update to 3.49.1
* Bump nspr requirement
Changelog:
No new functionality is introduced in these releases. These releases fix a
performance issue:
- Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed up
repeated SDR operations, important with the increased KDF iteration counts.
diffstat:
devel/nss/Makefile | 6 +++---
devel/nss/distinfo | 14 +++++++-------
devel/nss/patches/patch-me | 10 +++++-----
devel/nss/patches/patch-nss_coreconf_command.mk | 8 ++++----
4 files changed, 19 insertions(+), 19 deletions(-)
diffs (111 lines):
diff -r bbfd5cd0a766 -r 5bf3799eb5a4 devel/nss/Makefile
--- a/devel/nss/Makefile Sat Jan 18 22:12:06 2020 +0000
+++ b/devel/nss/Makefile Sat Jan 18 22:29:04 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.174 2019/12/03 14:29:21 ryoon Exp $
+# $NetBSD: Makefile,v 1.174.4.1 2020/01/18 22:29:04 bsiegert Exp $
DISTNAME= nss-${NSS_RELEASE:S/.0$//}
-NSS_RELEASE= 3.47.1
+NSS_RELEASE= 3.49.1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/}
@@ -134,7 +134,7 @@
# For consistency of libxul.so link in www/firefox.
BUILDLINK_API_DEPENDS.sqlite3+= sqlite3>=3.8.4.2
.include "../../databases/sqlite3/buildlink3.mk"
-BUILDLINK_API_DEPENDS.nspr+= nspr>=4.23
+BUILDLINK_API_DEPENDS.nspr+= nspr>=4.24
.include "../../devel/nspr/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
diff -r bbfd5cd0a766 -r 5bf3799eb5a4 devel/nss/distinfo
--- a/devel/nss/distinfo Sat Jan 18 22:12:06 2020 +0000
+++ b/devel/nss/distinfo Sat Jan 18 22:29:04 2020 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.102 2019/12/03 14:29:21 ryoon Exp $
+$NetBSD: distinfo,v 1.102.4.1 2020/01/18 22:29:04 bsiegert Exp $
-SHA1 (nss-3.47.1.tar.gz) = 527b6a50b31eed96d4d6ad71a1002404c8aa7458
-RMD160 (nss-3.47.1.tar.gz) = cc281100c6ae0cc0c9c45918f79b518cbc61b3d5
-SHA512 (nss-3.47.1.tar.gz) = ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
-Size (nss-3.47.1.tar.gz) = 76462846 bytes
+SHA1 (nss-3.49.1.tar.gz) = aba002b9f4b720fb95f511460594cc4a19201577
+RMD160 (nss-3.49.1.tar.gz) = 5b75a436006fdaf7aecc9312f2cca4b52cd41bb8
+SHA512 (nss-3.49.1.tar.gz) = e463c9d71537ac30dbd2998cbdbc0cadc734768a6f3a316c57b6a6d01ad6d26ca732dff65e9c88555a834ae7d71fc857e4cbc1799438069f544a1e27f75985e8
+Size (nss-3.49.1.tar.gz) = 76489134 bytes
SHA1 (patch-am) = fea682bf03bc8b645049f93ed58554ca45f47aca
SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
SHA1 (patch-md) = 8547c9414332c02221b96719dea1e09cb741f4d1
-SHA1 (patch-me) = dd6adff2cd3ca61925b566210a8b9697348bd45e
+SHA1 (patch-me) = a0d4bf85652c0cdac7fdf95dc2fb7545d66349cd
SHA1 (patch-mf) = 534fe5f711f60dadc3432bc805a6153535f11709
SHA1 (patch-mg) = 3c878548c98bdea559a3e653e63e0ed22a2a8834
SHA1 (patch-mh) = a46d3098a85c3a4a57895a9845bc1741fc5e9561
@@ -15,7 +15,7 @@
SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4
SHA1 (patch-nss_cmd_platlibs.mk) = 01f4350de601b29c94e8a791a28daca226866bb6
SHA1 (patch-nss_coreconf_OpenBSD.mk) = 1a4c3711d5d1f7f9e8d58b36145b15d7e444d754
-SHA1 (patch-nss_coreconf_command.mk) = 008f7670f164bf19555a7691f5a59fc8bf687078
+SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74
SHA1 (patch-nss_lib_freebl_md5.c) = 5cbec40695e296f0713895fb85cd37f6df76b85b
SHA1 (patch-nss_lib_util_utilpars.c) = 5d3000515b01037929730a752b7d7a0f46f06deb
SHA1 (patch-nss_tests_all.sh) = b328778b538db66f5447f962f23afd6f650f7071
diff -r bbfd5cd0a766 -r 5bf3799eb5a4 devel/nss/patches/patch-me
--- a/devel/nss/patches/patch-me Sat Jan 18 22:12:06 2020 +0000
+++ b/devel/nss/patches/patch-me Sat Jan 18 22:29:04 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-me,v 1.5 2019/12/03 14:29:21 ryoon Exp $
+$NetBSD: patch-me,v 1.5.4.1 2020/01/18 22:29:05 bsiegert Exp $
Add DragonFly support.
Always include GCM for aarch64.
---- nss/lib/freebl/Makefile.orig 2019-11-19 19:55:30.000000000 +0000
+--- nss/lib/freebl/Makefile.orig 2020-01-03 20:27:43.000000000 +0000
+++ nss/lib/freebl/Makefile
@@ -101,6 +101,9 @@ endif
ifdef NSS_NO_INIT_SUPPORT
@@ -23,8 +23,8 @@
+ EXTRA_SRCS += aes-armv8.c
endif
ifeq ($(CPU_ARCH),arm)
- ifdef CC_IS_CLANG
-@@ -318,7 +321,7 @@ endif
+ EXTRA_SRCS += gcm-arm32-neon.c
+@@ -320,7 +323,7 @@ endif
# to bind the blapi function references in FREEBLVector vector
# (ldvector.c) to the blapi functions defined in the freebl
# shared libraries.
@@ -33,7 +33,7 @@
MKSHLIB += -Wl,-Bsymbolic
endif
-@@ -470,7 +473,11 @@ else
+@@ -472,7 +475,11 @@ else
ifdef NS_USE_GCC
LD = gcc
AS = gcc
diff -r bbfd5cd0a766 -r 5bf3799eb5a4 devel/nss/patches/patch-nss_coreconf_command.mk
--- a/devel/nss/patches/patch-nss_coreconf_command.mk Sat Jan 18 22:12:06 2020 +0000
+++ b/devel/nss/patches/patch-nss_coreconf_command.mk Sat Jan 18 22:29:04 2020 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-nss_coreconf_command.mk,v 1.3 2016/09/30 11:59:12 ryoon Exp $
+$NetBSD: patch-nss_coreconf_command.mk,v 1.3.30.1 2020/01/18 22:29:05 bsiegert Exp $
* Pass CFLAGS from pkgsrc
---- nss/coreconf/command.mk.orig 2016-09-26 06:00:51.000000000 +0000
+--- nss/coreconf/command.mk.orig 2019-12-04 00:03:31.000000000 +0000
+++ nss/coreconf/command.mk
@@ -12,7 +12,7 @@ AS = $(CC)
ASFLAGS += $(CFLAGS)
@@ -11,5 +11,5 @@
-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
+CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
$(DEFINES) $(INCLUDES) $(XCFLAGS)
- PERL = perl
- RANLIB = echo
+ CSTD = -std=c99
+ CXXSTD = -std=c++11
Home |
Main Index |
Thread Index |
Old Index