Changelog:
The NSS team has released Network Security Services (NSS) 3.14, which is a minor release with the following new features:
Support for TLS 1.1 (RFC 4346)
Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764)
Support for AES-CTR, AES-CTS, and AES-GCM
Support for Keying Material Exporters for TLS (RFC 5705)
In addition to the above new features, the following major changes have been introduced:
Support for certificate signatures using the MD5 hash algorithm is now disabled by default.
The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explantation on GPL/LGPL compatibility, see security/nss/COPYING in the source code.
Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default.
- reach over to xulrunner, track the stable gecko release
- use external sqlite3
- cleanup
- take maintainership
This is the second part of PR pkg/42277.
match *_OPT.OBJ so use that for the install target and simplyfy things quite
a bit. This should also fix build problems noted on solaris/x86. Also
dynamically add the libfreebl part to the PLIST. This should make things
more robust as the exact set of libfreebl*.so libs depends on the OS and
hardward platform.
The following bugs have been fixed in NSS 3.11.4.
* Bug 115951: freebl dynamic library is never unloaded by
libsoftoken or libssl. Also tiny one-time leak in freebl's
loader.c.
* Bug 127960: SSL force handshake function should take a timeout.
* Bug 335454: Unable to find library 'libsoftokn3.sl' on HP-UX 64 bit.
* Bug 350200: Implement DHMAC based POP (ProofOfPossession).
* Bug 351482: audit_log_user_message doesn't exist in all
versions of libaudit.so.0. (the "paranoia patch")
* Bug 352041: oom [@ CERT_DecodeDERCrlWithFlags] "extended"
tracked as NULL was dereferenced.
* Bug 353422: Klocwork bugs in nss/lib/crmf.
* Bug 353475: Cannot run cmd tools compiled with VC++ 2005.
* Bug 353572: leak in sftk_OpenCertDB.
* Bug 353608: NSS_RegisterShutdown may fail, and appData argument
to callbacks is always NULL.
* Bug 353749: PowerUpSelf tests update for DSA and ECDSA KAT.
* Bug 353896: Building tip with NSS_ECC_MORE_THAN_SUITE_B causes
crashes in all.sh.
* Bug 353910: memory leak in RNG_RNGInit.
* Bug 354313: STAN_GetCERTCertificateName leaks "instance" struct.
* Bug 354384: vfyserv shutdown failure when client auth requested.
* Bug 354900: Audit modifications, accesses, deletions, and
additions of cryptographic keys.
* Bug 355297: Improve the very first RNG_RandomUpdate call.
* Bug 356073: C_GetTokenInfo should return CKR_CRYPTOKI_NOT_INITIALIZED
if not initialized.
* Bug 356309: CertVerifyLog in CERT_VerifyCertificate terminates
early on expired certs.
* Bug 357197: OCSP response code fails to match CERTIds. (hot fix only)
* Bug 359484: FireFox 2 tries to negotiate ECC cipher suites
using ssl2 client hello. (hot fix only)
* Bug 360818: No RPATH set for signtool and signver.
- when building with gcc, the solaris /usr/ccs/bin/as assembler is still
used in a couple of places but the correct flags aren't set.
- The object directory has a different name when building with gcc instead
of the sun studio compilers.
- There are a couple of libs which are installed that aren't part of the install
for other systems (freebl).
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
standards.
