Skip to content

Commit

Permalink
Update to 3.15.2
Browse files Browse the repository at this point in the history 
Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.

    Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.

New in NSS 3.15.2
New Functionality

    AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256

New Functions

PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types

No new types have been introduced.
New PKCS #11 Mechanisms

No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2

    Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
    Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
    Bug 884178 - Add PK11_CipherFinal macro

Bugs fixed in NSS 3.15.2

    Bug 734007 - sizeof() used incorrectly
    Bug 900971 - nssutil_ReadSecmodDB() leaks memory
    Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
    Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.

A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility

NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
  • Loading branch information
ryoon committed Oct 15, 2013
1 parent 5b90b2a commit fb39f18
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions devel/nss/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.69 2013/07/20 09:28:11 ryoon Exp $
# $NetBSD: Makefile,v 1.70 2013/10/15 16:10:33 ryoon Exp $

DISTNAME= nss-${NSS_RELEASE}
NSS_RELEASE= 3.15.1
NSS_RELEASE= 3.15.2
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_RELEASE:S/./_/g}_RTM/src/}

Expand Down
8 changes: 4 additions & 4 deletions devel/nss/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.28 2013/07/20 09:28:11 ryoon Exp $
$NetBSD: distinfo,v 1.29 2013/10/15 16:10:33 ryoon Exp $

SHA1 (nss-3.15.1.tar.gz) = 1aa7c0ff8af7fb2c8b6e4886ae2291f4bfe0d5c0
RMD160 (nss-3.15.1.tar.gz) = b55be619393acf4f176797025838334d06287891
Size (nss-3.15.1.tar.gz) = 6286561 bytes
SHA1 (nss-3.15.2.tar.gz) = 2d900c296bf11deabbf833ebd6ecdea549c97a5f
RMD160 (nss-3.15.2.tar.gz) = 4e427758808394bd70bd9b060e888bb337bf7f85
Size (nss-3.15.2.tar.gz) = 6288669 bytes
SHA1 (patch-am) = ee4c4beeb120397852fc4b06b7dd54534d0d5ac5
SHA1 (patch-an) = 4ab22f2a575676b5b640bc9a760b83eb05c75e69
SHA1 (patch-md) = 0a09fd2abb8674a2d301f1b6a5331af5db94178f
Expand Down

0 comments on commit fb39f18

Please sign in to comment.