tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
devel/nss security update
Hi,
I would like to update devel/nss to 3.16 for CVE-2014-1492.
It seems that 3.16 is binary compaible with 3.15*.
The patches for 3.16 is here.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/devel/nss/Makefile,v
retrieving revision 1.77
diff -u -r1.77 Makefile
--- Makefile 13 Mar 2014 11:08:50 -0000 1.77
+++ Makefile 21 Mar 2014 17:06:23 -0000
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.77 2014/03/13 11:08:50 jperkin Exp $
-DISTNAME= nss-${NSS_RELEASE}
-NSS_RELEASE= 3.15.5
+DISTNAME= nss-${NSS_RELEASE:S/.0$//}
+NSS_RELEASE= 3.16.0
CATEGORIES= security
MASTER_SITES=
${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/./_/g}_RTM/src/}
@@ -77,8 +77,8 @@
set -e; \
{ ${ECHO} "Name: NSS"; \
${ECHO} "Description: Mozilla Network Security Services"; \
- ${ECHO} "Version: ${PKGVERSION_NOREV}"; \
- ${ECHO} "Requires: nspr >= 4.8.2"; \
+ ${ECHO} "Version: ${NSS_RELEASE}"; \
+ ${ECHO} "Requires: nspr >= 4.10.3"; \
${ECHO} "Cflags: -I${PREFIX}/include/nss/nss
-I${PREFIX}/include/nss"; \
${ECHO} "Libs: -L${PREFIX}/lib/nss" \
"${COMPILER_RPATH_FLAG}${PREFIX}/lib/nss" \
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/devel/nss/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- distinfo 10 Mar 2014 18:42:34 -0000 1.33
+++ distinfo 21 Mar 2014 17:06:23 -0000
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.33 2014/03/10 18:42:34 ryoon Exp $
-SHA1 (nss-3.15.5.tar.gz) = c8d34a33cf5782d35df1aa78cdb38707d7bfc5fe
-RMD160 (nss-3.15.5.tar.gz) = 65bf29ef4671d52b9d5f75068043fcc57f7f64bb
-Size (nss-3.15.5.tar.gz) = 6367893 bytes
+SHA1 (nss-3.16.tar.gz) = 981dc6ef2f1e69ec7e2b277ce27c7005e9837f95
+RMD160 (nss-3.16.tar.gz) = 4fabd056a4bf9312db82d46873d91d42c7195134
+Size (nss-3.16.tar.gz) = 6378110 bytes
SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5
SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
And this is changelog.
The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
character should not be embedded within the U-label of an
internationalized domain name. See the last bullet point in RFC 6125,
Section 7.2.
New functionality:
* Supports the Linux x32 ABI. To build for the Linux x32 target, set
the environment variable USE_X32=1 when building NSS.
New Functions:
* NSS_CMSSignerInfo_Verify
New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
cipher suites that were first defined in SSL 3.0 can now be referred
to with their official IANA names in TLS, with the TLS_ prefix.
Previously, they had to be referred to with their names in SSL 3.0,
with the SSL_ prefix.
Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
text that aren't in base64 format.
* The certutil utility has been improved to support creation of
version 1 and version 2 certificates, in addition to the existing
version 3 support.
--
Ryo ONODERA // ryo_on%yk.rim.or.jp@localhost
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3
Home |
Main Index |
Thread Index |
Old Index