Update to nss 3.15.4, needed by gecko 27.

Contains a fix for (CVE-2013-1740): When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (https://bugzilla.mozilla.org/show_bug.cgi?id=919877) See https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes
2014-01-09 20:09:44 +00:00 · 2014-01-09 20:09:44 +00:00 · 559f7b8b5e
commit 559f7b8b5e
parent 4b455296ca
4 changed files with 14 additions and 14 deletions
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@ -1,13 +1,13 @@
-# $OpenBSD: Makefile,v 1.40 2013/12/10 11:17:05 landry Exp $
+# $OpenBSD: Makefile,v 1.41 2014/01/09 20:09:44 landry Exp $

 SHARED_ONLY=		Yes

 COMMENT=		libraries to support development of security-enabled apps

-VERSION=		3.15.3.1
+VERSION=		3.15.4
 DISTNAME =		nss-${VERSION}

-SO_VERSION=		33.3
+SO_VERSION=		34.0
 .for _lib in freebl3 nss3 nssckbi nssdbm3 nssutil3 smime3 softokn3 ssl3
 SHARED_LIBS+=		${_lib} ${SO_VERSION}
 .endfor
--- a/security/nss/distinfo
+++ b/security/nss/distinfo
@ -1,2 +1,2 @@
-SHA256 (nss-3.15.3.1.tar.gz) = YHqROIJUDfgfdBUuiqSS4N0JxdPyxzIfGMae5QH8a6U=
-SIZE (nss-3.15.3.1.tar.gz) = 6289657
+SHA256 (nss-3.15.4.tar.gz) = FNaaBzXFr2s8wSWR9+vyciA+iJ8JEEGCFICR0K9oLXw=
+SIZE (nss-3.15.4.tar.gz) = 6366271
--- a/security/nss/patches/patch-nss_lib_ckfw_builtins_certdata_txt
+++ b/security/nss/patches/patch-nss_lib_ckfw_builtins_certdata_txt
@ -1,9 +1,9 @@
-$OpenBSD: patch-nss_lib_ckfw_builtins_certdata_txt,v 1.2 2013/12/10 11:17:05 landry Exp $
+$OpenBSD: patch-nss_lib_ckfw_builtins_certdata_txt,v 1.3 2014/01/09 20:09:44 landry Exp $
 add CACert CA
 https://bugzilla.mozilla.org/show_bug.cgi?id=215243
--- nss/lib/ckfw/builtins/certdata.txt.orig	Thu Dec  5 11:00:51 2013
-+++ nss/lib/ckfw/builtins/certdata.txt	Tue Dec 10 12:04:39 2013
-@@ -14178,6 +14178,352 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TR
+--- nss/lib/ckfw/builtins/certdata.txt.orig	Fri Jan  3 20:59:10 2014
+++ nss/lib/ckfw/builtins/certdata.txt	Mon Jan  6 22:46:56 2014
+@@ -15473,6 +15473,352 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
@ -355,4 +355,4 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=215243
 +#
 # Certificate "ePKI Root Certification Authority"
 #
- CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+ # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
--- a/security/nss/patches/patch-nss_lib_freebl_blapi_h
+++ b/security/nss/patches/patch-nss_lib_freebl_blapi_h
@ -1,11 +1,11 @@
-$OpenBSD: patch-nss_lib_freebl_blapi_h,v 1.1 2013/06/23 18:40:01 landry Exp $
+$OpenBSD: patch-nss_lib_freebl_blapi_h,v 1.2 2014/01/09 20:09:44 landry Exp $

 From firefox in pkgsrc:
 SHA1_Update conflicts with openssl which may be dynamically loaded

--- nss/lib/freebl/blapi.h.orig	Tue May 28 23:43:24 2013
-+++ nss/lib/freebl/blapi.h	Wed Jun 12 22:02:56 2013
-@@ -1021,6 +1021,8 @@ extern void SHA1_DestroyContext(SHA1Context *cx, PRBoo
+--- nss/lib/freebl/blapi.h.orig	Fri Jan  3 20:59:10 2014
+++ nss/lib/freebl/blapi.h	Mon Jan  6 22:46:56 2014
+@@ -1189,6 +1189,8 @@ extern void SHA1_DestroyContext(SHA1Context *cx, PRBoo
 */
 extern void SHA1_Begin(SHA1Context *cx);