Changelog:
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.
Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.
New in NSS 3.15.2
New Functionality
AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
New Functions
PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types
No new types have been introduced.
New PKCS #11 Mechanisms
No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2
Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
Bug 884178 - Add PK11_CipherFinal macro
Bugs fixed in NSS 3.15.2
Bug 734007 - sizeof() used incorrectly
Bug 900971 - nssutil_ReadSecmodDB() leaks memory
Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.
A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility
NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
- Use USE_PHP_EXT_PATCHES in net/php-sockets.
- Make AI_V4MAPPED noop if platform dosen't have it.
It is poor assumption that AI_V4MAPPED is always defined and V4 mapped
address is always available.
Upstream changes:
Version 2.82 ( Tue 21 May 18:32:23 IDT 2013 )
------------------------------------------------
* Add t/style-trailing-space.t .
- Remove trailing space.
Version 2.81 ( Thu 16 May 13:31:34 IDT 2013 )
------------------------------------------------
* Add the CopySection method to copy a section.
- Thanks to James Rouzier.
Version 2.80 ( Tue 14 May 22:22:55 IDT 2013 )
------------------------------------------------
* Add the RenameSection method to rename a section.
- Thanks to James Rouzier.
Version 2.79 ( Mon 6 May 10:02:47 IDT 2013 )
------------------------------------------------
* Fix test failures with Pod-Simple-3.28:
- http://www.cpantesters.org/cpan/report/98f9d3a8-b557-11e2-9adc-3d5fc1508286
Version 2.78 ( Sun 21 Oct 13:14:39 IST 2012 )
------------------------------------------------
* Fix https://rt.cpan.org/Public/Bug/Display.html?id=80259:
- Warnings on undefined value in length in perl-5.10.x.
Update DEPENDS
Upstream changes:
1.12 2013-08-05
- Reformat Changes file to follow CPAN::Changes::Spec; no functional
changes.
1.11 2013-08-04
- Switch from the deprecated Any::Moose to Moo
1.10 2012-11-07
- Provide and API got accessing the original key that a value was set
with, in a case-preserving way. If the case of the key in a file
matters, it is now possible to determine.
- The 'name' value passed to the 'callback' parameter is now no longer
forced to lower-case, as a consequence.
Upstream changes:
2.52 - applied pod patch rt.cpan.org#79603
- fixed rt.cpan.org#80006, it tolerates now whitespaces
after the block closing >
- added -Plug parameter, which introduces plugin closures.
idea from rt.cpan.org#79694.
Currently available hooks are:
pre_open, pre_read, post_read, pre_parse_value, post_parse_value
- applied patch by Ville Skytt, spelling fixes.
- fixed rt.cpan.org#85080, more spelling fixes.
- applied patch rt.cpan.org#85132, which fixes a deprecation
warning in perl 5.18 and above. Fixes#85668 as well.
- applied patch rt.cpan.org#85538, c-style comments
are ignored inside here-docs.
- fixed rt.cpan.org#82637, don't use indirect object syntax
in pod and code.
Version 3.1.4 (2013-10-14)
--------------------------
### Fixed
Do not show the debug bar in the modal dialog (see #6302).
### Fixed
Ignore the "maxlength" setting in certain form fields (see #6283).
### Fixed
Correctly show the "toggle page status" icon (see #6282).
### Removed
Removed the TinyMCE spell checker (see #6247).
### Updated
Updated TCPDF to version 3.0.38 (see #6268).
### Fixed
Correctly render the pages breadcrumb menu for non-admin users (see #6067).
### Fixed
Correctly handle the accordion fields during the version 3.1 update (see #6229).
### Fixed
Correctly handle special characters in page aliases (see #6232).
Upstream changes:
0.24 2013-09-10
- remove 4-year-old warning about YAML::XS not being installed
- add JSON::PP to list of available JSON parsers (RT #86959)
Upstream changes:
4.47 2013-10-15
- Added dumper function to Mojo::Util.
- Improved compatibility with IO::Socket::SSL 1.955.
- Improved IIS compatibility of Mojo::Server::CGI.
4.46 2013-10-11
- Changed default name for generated applications from MyMojoliciousApp to
MyApp.
- Improved performance of route matching in Mojolicious::Routes::Pattern.
- Improved HTML Living Standard compliance of Mojo::DOM::HTML.
