2023189593
Changelog: The NSS team has released Network Security Services (NSS) 3.23, which is a minor release. The following security-relevant bug has been resolved in NSS 3.23. Users are encouraged to upgrade immediately. * Bug 1245528 (CVE-2016-1950): Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported (bug 917571, bug 1227905) * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. New Functions: * SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom anti-downgrade mechanism Notable Changes: * The copy of SQLite shipped with NSS has been updated to version 3.10.2 (bug 1234698) * The list of TLS extensions sent in the TLS handshake has been reordered to improve compatibility of the Extended Master Secret feature with servers (bug 1243641) * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB (Bug 1243872). * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA – G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA – G2 - CA Disig * The following CA certificates were Added - SZAFIR ROOT CA2 - Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on - Actalis Authentication Root CA The full release notes, including the SHA256 fingerprints of the changed CA certificates, are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
24 lines
869 B
Text
24 lines
869 B
Text
$NetBSD: patch-mf,v 1.5 2016/04/17 19:27:10 ryoon Exp $
|
|
|
|
Add DragonFly support.
|
|
Make sure nss libraries have a run path defined.
|
|
|
|
--- nss/coreconf/config.mk.orig 2016-02-26 20:51:11.000000000 +0000
|
|
+++ nss/coreconf/config.mk
|
|
@@ -31,7 +31,7 @@ endif
|
|
#######################################################################
|
|
|
|
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
|
|
- AIX RISCOS WINNT WIN95 Linux Android
|
|
+ AIX RISCOS WINNT WIN95 Linux Android DragonFly
|
|
|
|
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
|
|
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
|
|
@@ -187,6 +187,7 @@ endif
|
|
DEFINES += -DUSE_UTIL_DIRECTLY
|
|
USE_UTIL_DIRECTLY = 1
|
|
|
|
+EXTRA_SHARED_LIBS += -Wl,-R${PREFIX}/lib/${MOZILLA_PKG_NAME}
|
|
# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
|
|
DEFINES += -DNO_NSPR_10_SUPPORT
|
|
|