linux/poky.git/meta/recipes-support/nss/nss.inc, branch daisyMirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=daisy2014-10-10T14:06:05+00:00nss: CVE-2014-15442014-10-10T14:06:05+00:00Li Wangli.wang@windriver.com2014-08-26T08:33:24+00:00urn:sha1:65ed47e597609be3c740e383ca6c5a740fa7760a
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
(From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
(From OE-Core rev: 7e4f3f167c40c09bf2c32f5e366a8fad3c66b74b)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss: CVE-2013-56062014-09-29T11:02:39+00:00Li Wangli.wang@windriver.com2014-07-28T06:50:42+00:00urn:sha1:1d04721fe8ea1f51e77548fb8d328112ca10eba2
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c
The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.
(From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede)
(From OE-Core rev: e2c81356f68eb0b77408e73f01df5bc5c9f2adb3)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/nss/nss.inc
nss: CVE-2013-17402014-05-29T12:43:29+00:00Li Wangli.wang@windriver.com2014-05-19T05:42:53+00:00urn:sha1:d44881fecc81a8bed37b82d315b4a7602b4df893
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
(From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666)
(From OE-Core rev: 9f5402d5e40b82213fdfc09fcfc71d22f8bf5a0e)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss: CVE-2014-14922014-05-29T12:43:29+00:00Li Wangli.wang@windriver.com2014-05-19T05:42:52+00:00urn:sha1:948b8461e895b8be84402acf541b981d41e12ad5
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
changeset: 11063:709d4e597979
user: Kai Engert <kaie@kuix.de>
date: Wed Mar 05 18:38:55 2014 +0100
summary: Bug 903885, address requests to clarify comments from wtc
changeset: 11046:2ffa40a3ff55
tag: tip
user: Wan-Teh Chang <wtc@google.com>
date: Tue Feb 25 18:17:08 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie
changeset: 11045:15ea62260c21
user: Christian Heimes <sites@cheimes.de>
date: Mon Feb 24 17:50:25 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling, r=kaie
(From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd)
(From OE-Core rev: 65ebe470a8d69073d0ebce3111abdb0c2e2ebe3c)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss-3.15.1: fix CVE-2013-56052014-03-30T09:10:32+00:00yanjun.zhuyanjun.zhu@windriver.com2014-03-28T09:43:38+00:00urn:sha1:6196e18bfee5b36417d795ea826a1086d27cbce3
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605
(From OE-Core rev: 09e8cd6f09284ad3faf0bc05d623a43e2b174866)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss-3.15.1: fix CVE-2013-17412014-03-30T09:10:32+00:00yanjun.zhuyanjun.zhu@windriver.com2014-03-28T09:43:37+00:00urn:sha1:6a3cadea0ce3f26306389f19121876378cf8925b
Integer overflow in Mozilla Network Security Services (NSS)
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via a
large size value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741
(From OE-Core rev: b666d173ff0ba213bf81e2c035a605a28e5395ea)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Revert "nss: avoid to use the hardcode kernel version"2014-02-13T12:06:01+00:00Richard Purdierichard.purdie@linuxfoundation.org2014-02-13T12:04:51+00:00urn:sha1:abf22bed20870e6283853674a51a39f44af93936
This reverts commit 4c80c557508e088fe226bfa1834464b505404652.
We *cannot* have nss becoming machine specific, that makes no sense.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss: avoid to use the hardcode kernel version2014-02-13T11:41:22+00:00Roy Lirongqing.li@windriver.com2014-02-13T03:48:58+00:00urn:sha1:01268c339f066381de1e129b0cb25a8199e9cc5c
Read kernel version from ${STAGING_KERNEL_DIR}/kernel-abiversion, to avoid
to use the hardcode kernel version.
(From OE-Core rev: 4c80c557508e088fe226bfa1834464b505404652)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss: Add nativesdk to BBCLASSEXTEND and bugfix2014-02-02T22:37:40+00:00David Nyströmdavid.c.nystrom@gmail.com2014-01-31T09:30:03+00:00urn:sha1:a42f84682fb0522beacfb445ccfd482fe536d629
Since shsignlibs is used
from the nss postinstall hook. It should be included in
nativesdk to make offline rootfs construction possible.
(From OE-Core rev: 42bc72d21226e76c9b013fc052f17d847dc6a97a)
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nss: don't need set SRC_URI with both += and _append2013-10-26T14:59:17+00:00Ming Liuming.liu@windriver.com2013-10-20T10:48:32+00:00urn:sha1:d531a566d4912d055abf8b41b1f910e4819c7b10
(From OE-Core rev: b1252f91ef62ce62d4d55269f498b5692aba76e8)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>