Changelog:
FIXED
Update branches that use 4.10 RTM to 4.10.2 RTM (see 935568)
FIXED
Update Mozilla to NSS 3.15.3 (new alternative NSS branch) to pick up a few fixes (see 935959)
FIXED
Some UI strings in Firefox 24.1.0 ESR l10n builds are in English (see 932310)
Changelog:
FIXED
25.0.1: New security fixes can be found here
FIXED
25.0.1: Pages sometimes wouldn't load without first moving the cursor
Fixed in Firefox 25.0.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
Changelog:
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.3. Users are encouraged to upgrade immediately.
Bug 925100 - (CVE-2013-1741) Ensure a size is <= half of the maximum PRUint32 value
Bug 934016 - (CVE-2013-5605) Handle invalid handshake packets
Bug 910438 - (CVE-2013-5606) Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used
New in NSS 3.15.3
New Functionality
No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
Bugs fixed in NSS 3.15.3
Bug 850478 - List RC4_128 cipher suites after AES_128 cipher suites
Bug 919677 - Don't advertise TLS 1.2-only ciphersuites in a TLS 1.1 ClientHello
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.3&product=NSS
Compatibility
NSS 3.15.3 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.3 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
Changelog:
NSPR 4.10.2 has the following bug fixes:
* Bug 770534: Possible pointer overflow in PL_ArenaAllocate().
Fixed by Pascal Cuoq and Kamil Dudka.
* Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by
Miloslav Trmac
* Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato.
* Bug 927687: (CVE-2013-5607) Avoid unsigned integer wrapping in
PL_ArenaAllocate.
PEP 380, syntax for delegating to a subgenerator (yield from)
PEP 393, flexible string representation (doing away with the distinction between "wide" and "narrow" Unicode builds)
A C implementation of the "decimal" module, with up to 120x speedup for decimal-heavy applications
The import system (__import__) is based on importlib by default
The new "lzma" module with LZMA/XZ support
PEP 397, a Python launcher for Windows
PEP 405, virtual environment support in core
PEP 420, namespace package support
PEP 3151, reworking the OS and IO exception hierarchy
PEP 3155, qualified name for classes and functions
PEP 409, suppressing exception context
PEP 414, explicit Unicode literals to help with porting
PEP 418, extended platform-independent clocks in the "time" module
PEP 412, a new key-sharing dictionary implementation that significantly saves memory for object-oriented code
PEP 362, the function-signature object
The new "faulthandler" module that helps diagnosing crashes
The new "unittest.mock" module
The new "ipaddress" module
The "sys.implementation" attribute
A policy framework for the email package, with a provisional (see PEP 411) policy that adds much improved unicode support for email header parsing
A "collections.ChainMap" class for linking mappings to a single unit
Wrappers for many more POSIX functions in the "os" and "signal" modules, as well as other useful functions such as "sendfile()"
Hash randomization, introduced in earlier bugfix releases, is now switched on by default
Version 0.13.6 (2013-07-04)
---------------------------
- Fixed#2535084 uint problem with Sun C 5.8
- #3308400: allow Yacc-style %{code brackets}%
- #2506253: allow C++ // comments
- Fixed inplace configuration in -e mode.
- Applied #2482572 Typos in error messages.
- Applied #2482561 Error in manual section on -r mode.
- Fixed#2478216 Wrong start_label in -c mode.
- Fixed#2186718 Unescaped backslash in file name of #line directive.
- Fixed#2102138 Duplicate case labels on EBCDIC.
- Fixed#2088583 Compile problem on AIX.
- Fixed#2038610 Ebcdic problem.
- improve dot support: make char intervals (e.g. [A-Z]) instead of one edge per char
### 0.9.5 / 20.11.2013
Author: Malcolm Blyth <trashbat@co.ck>
Date: Tue Nov 19 15:14:31 2013 +0000
* Bumped revision
* Fixed author stringname error (damn this 1 based counting)
* Updating integration test to check for comments contained within the cells.
* Checking also for multiple comments in a sheet
using the system/Pkgsrc zlib. At least on Ubuntu, the internal zlib fails to
get past configuration.
Use the standard Pkgsrc (or builtin) zlib instead.
Bump PKGREVISION to reflect the minor difference in build strategy.
Version 2.11.13 (2013-11-19)
----------------------------
### Fixed
Sort the list of available modules (see #6391).
### Fixed
Decode entities in passwords (see #6252).
### Fixed
Replace insert tags in the details view of the listing module (see #6120).
SSLScan queries SSL services, such as HTTPS, in order to determine the
ciphers that are supported. SSLScan is designed to be easy, lean and
fast. The output includes prefered ciphers of the SSL service, the
certificate and is in Text and XML formats.
