diff --git a/.nss.metadata b/.nss.metadata index 2bdb864..d94a44d 100644 --- a/.nss.metadata +++ b/.nss.metadata @@ -1,4 +1,4 @@ -e8207a278cbed4d97f443289e76b13ddce5850f6 SOURCES/PayPalEE.cert +bc5c03643bfa1a5ea8519b8e7e2d7d5e30abea30 SOURCES/PayPalEE.cert 7e2f3a4f8fe8fa8a5730aeca029696637e986f3f SOURCES/PayPalICA.cert 706c3f929a1e7eca473be12fcd92620709fdada6 SOURCES/TestOldCA.p12 d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db diff --git a/SOURCES/NameConstraints.ipaca.cert b/SOURCES/NameConstraints.ipaca.cert new file mode 100644 index 0000000..4a451f3 Binary files /dev/null and b/SOURCES/NameConstraints.ipaca.cert differ diff --git a/SOURCES/NameConstraints.ocsp1.cert b/SOURCES/NameConstraints.ocsp1.cert new file mode 100644 index 0000000..817faaf Binary files /dev/null and b/SOURCES/NameConstraints.ocsp1.cert differ diff --git a/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch b/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch new file mode 100644 index 0000000..5e452d4 --- /dev/null +++ b/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch @@ -0,0 +1,75 @@ +diff --git a/lib/pk11wrap/pk11cxt.c b/lib/pk11wrap/pk11cxt.c +--- a/lib/pk11wrap/pk11cxt.c ++++ b/lib/pk11wrap/pk11cxt.c +@@ -52,16 +52,37 @@ PK11_ExitContextMonitor(PK11Context *cx) + if ((cx->ownSession) && (cx->slot->isThreadSafe)) { + /* Should this use monitors instead? */ + PZ_Unlock(cx->sessionLock); + } else { + PK11_ExitSlotMonitor(cx->slot); + } + } + ++static void ++pk11_releaseSlotMonitor(PK11Context *cx) ++{ ++ if ((cx->ownSession) && (cx->slot->isThreadSafe)) { ++ return; ++ } else { ++ PK11_ExitSlotMonitor(cx->slot); ++ } ++} ++ ++static void ++pk11_reacquireSlotMonitor(PK11Context *cx) ++{ ++ if ((cx->ownSession) && (cx->slot->isThreadSafe)) { ++ return; ++ } else { ++ PK11_EnterSlotMonitor(cx->slot); ++ } ++} ++ ++ + /* + * Free up a Cipher Context + */ + void + PK11_DestroyContext(PK11Context *context, PRBool freeit) + { + pk11_CloseSession(context->slot, context->session, context->ownSession); + /* initialize the critical fields of the context */ +@@ -166,27 +187,33 @@ pk11_contextInitMessage(PK11Context *con + context->simulate_message = PR_FALSE; + /* check that we can do the Message interface. We need to check + * for either 1) are we using a PKCS #11 v3 interface and 2) is the + * Message flag set on the mechanism. If either is false we simulate + * the message interface for the Encrypt and Decrypt cases using the + * PKCS #11 V2 interface. + * Sign and verify do not have V2 interfaces, so we go ahead and fail + * if those cases */ ++ /* release the monitor before calling DoesMechanism */ ++ pk11_releaseSlotMonitor(context); + if ((version.major >= 3) && + PK11_DoesMechanismFlag(slot, (mech)->mechanism, flags)) { ++ /* restore it before calling the init function */ ++ pk11_reacquireSlotMonitor(context); + crv = (*initFunc)((context)->session, (mech), (key)->objectID); + if ((crv == CKR_FUNCTION_NOT_SUPPORTED) || + (crv == CKR_MECHANISM_INVALID)) { + /* we have a 3.0 interface, and the flag was set (or ignored) + * but the implementation was not there, use the V2 interface */ + crv = (scrv); + context->simulate_message = PR_TRUE; + } + } else { ++ /* restore the monitor */ ++ pk11_reacquireSlotMonitor(context); + crv = (scrv); + context->simulate_message = PR_TRUE; + } + return crv; + } + + /* + * Context initialization. Used by all flavors of CreateContext diff --git a/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch b/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch new file mode 100644 index 0000000..3902f9f --- /dev/null +++ b/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch @@ -0,0 +1,161 @@ + +# HG changeset patch +# User Daiki Ueno +# Date 1602524521 0 +# Node ID 57bbefa793232586d27cee83e74411171e128361 +# Parent 6e3bc17f05086854ffd2b06f7fae9371f7a0c174 +Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt + +This makes the server reject CCS when the client doesn't indicate the +use of the middlebox compatibility mode with a non-empty +ClientHello.legacy_session_id, or it sends multiple CCS in a row. + +original patch: +Differential Revision: https://phabricator.services.mozilla.com/D79994 + +# Modified for nss-3.53.1 by rrelyea +diff -up ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc +--- ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood 2020-06-16 15:50:59.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2021-02-18 10:54:28.170458465 -0800 +@@ -348,6 +348,85 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph + client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); + } + ++// The server rejects a ChangeCipherSpec if the client advertises an ++// empty session ID. ++TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { ++ EnsureTlsSetup(); ++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); ++ ++ StartConnect(); ++ client_->Handshake(); // Send ClientHello ++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS ++ ++ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); ++ server_->Handshake(); // Consume ClientHello and CCS ++ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++} ++ ++// The server rejects multiple ChangeCipherSpec even if the client ++// indicates compatibility mode with non-empty session ID. ++TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) { ++ EnsureTlsSetup(); ++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); ++ EnableCompatMode(); ++ ++ StartConnect(); ++ client_->Handshake(); // Send ClientHello ++ // Send CCS twice in a row ++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); ++ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); ++ ++ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); ++ server_->Handshake(); // Consume ClientHello and CCS. ++ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++} ++ ++// The client rejects a ChangeCipherSpec if it advertises an empty ++// session ID. ++TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { ++ EnsureTlsSetup(); ++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); ++ ++ // To replace Finished with a CCS below ++ auto filter = MakeTlsFilter(server_); ++ filter->SetHandshakeTypes({kTlsHandshakeFinished}); ++ filter->EnableDecryption(); ++ ++ StartConnect(); ++ client_->Handshake(); // Send ClientHello ++ server_->Handshake(); // Consume ClientHello, and ++ // send ServerHello..CertificateVerify ++ // Send CCS ++ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); ++ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); ++ client_->Handshake(); // Consume ClientHello and CCS ++ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++} ++ ++// The client rejects multiple ChangeCipherSpec in a row even if the ++// client indicates compatibility mode with non-empty session ID. ++TEST_F(Tls13CompatTest, ChangeCipherSpecAfterServerHelloTwice) { ++ EnsureTlsSetup(); ++ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); ++ EnableCompatMode(); ++ ++ // To replace Finished with a CCS below ++ auto filter = MakeTlsFilter(server_); ++ filter->SetHandshakeTypes({kTlsHandshakeFinished}); ++ filter->EnableDecryption(); ++ ++ StartConnect(); ++ client_->Handshake(); // Send ClientHello ++ server_->Handshake(); // Consume ClientHello, and ++ // send ServerHello..CertificateVerify ++ // the ServerHello is followed by CCS ++ // Send another CCS ++ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); ++ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); ++ client_->Handshake(); // Consume ClientHello and CCS ++ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++} ++ + // If we negotiate 1.2, we abort. + TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello12) { + EnsureTlsSetup(); +diff -up ./lib/ssl/ssl3con.c.tls-flood ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.tls-flood 2021-02-18 10:54:28.152458362 -0800 ++++ ./lib/ssl/ssl3con.c 2021-02-18 10:59:46.699353968 -0800 +@@ -6621,7 +6621,11 @@ ssl_CheckServerSessionIdCorrectness(sslS + + /* TLS 1.3: We sent a session ID. The server's should match. */ + if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { +- return sidMatch; ++ if (sidMatch) { ++ ss->ssl3.hs.allowCcs = PR_TRUE; ++ return PR_TRUE; ++ } ++ return PR_FALSE; + } + + /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ +@@ -8640,6 +8644,7 @@ ssl3_HandleClientHello(sslSocket *ss, PR + errCode = PORT_GetError(); + goto alert_loser; + } ++ ss->ssl3.hs.allowCcs = PR_TRUE; + } + + /* TLS 1.3 requires that compression include only null. */ +@@ -13005,8 +13010,15 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + ss->ssl3.hs.ws != idle_handshake && + cText->buf->len == 1 && + cText->buf->buf[0] == change_cipher_spec_choice) { +- /* Ignore the CCS. */ +- return SECSuccess; ++ if (ss->ssl3.hs.allowCcs) { ++ /* Ignore the first CCS. */ ++ ss->ssl3.hs.allowCcs = PR_FALSE; ++ return SECSuccess; ++ } ++ ++ /* Compatibility mode is not negotiated. */ ++ alert = unexpected_message; ++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); + } + + if (IS_DTLS(ss) || +diff -up ./lib/ssl/sslimpl.h.tls-flood ./lib/ssl/sslimpl.h +--- ./lib/ssl/sslimpl.h.tls-flood 2021-02-18 10:54:28.172458477 -0800 ++++ ./lib/ssl/sslimpl.h 2021-02-18 11:01:43.100051582 -0800 +@@ -712,6 +712,10 @@ typedef struct SSL3HandshakeStateStr { + * or received. */ + PRBool receivedCcs; /* A server received ChangeCipherSpec + * before the handshake started. */ ++ PRBool allowCcs; /* A server allows ChangeCipherSpec ++ * as the middlebox compatibility mode ++ * is explicitly indicarted by ++ * legacy_session_id in TLS 1.3 ClientHello. */ + PRBool clientCertRequested; /* True if CertificateRequest received. */ + ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def + * we use for TLS 1.3 */ diff --git a/SOURCES/nss-3.53.1-tls-flood-update.patch b/SOURCES/nss-3.53.1-tls-flood-update.patch new file mode 100644 index 0000000..3dd8f11 --- /dev/null +++ b/SOURCES/nss-3.53.1-tls-flood-update.patch @@ -0,0 +1,131 @@ +# HG changeset patch +# User Daiki Ueno +# Date 1603691171 -3600 +# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f +# Parent 6f79a76958129dc09c353c288f115fd9a51ab7d4 +Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt + +Summary: +This flips the meaning of the flag for checking excessive CCS +messages, so it only rejects multiple CCS messages while the first CCS +message is always accepted. + +Reviewers: mt + +Reviewed By: mt + +Bug #: 1672703 + +Differential Revision: https://phabricator.services.mozilla.com/D94603 +updated by rrelyea for NSS 3.53 + +diff -up ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood-update ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc +--- ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood-update 2021-02-22 09:57:04.632375045 -0800 ++++ ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2021-02-22 09:57:04.635375062 -0800 +@@ -348,8 +348,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph + client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); + } + +-// The server rejects a ChangeCipherSpec if the client advertises an +-// empty session ID. ++// The server accepts a ChangeCipherSpec even if the client advertises ++// an empty session ID. + TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { + EnsureTlsSetup(); + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); +@@ -358,9 +358,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph + client_->Handshake(); // Send ClientHello + client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS + +- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); +- server_->Handshake(); // Consume ClientHello and CCS +- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++ Handshake(); ++ CheckConnected(); + } + + // The server rejects multiple ChangeCipherSpec even if the client +@@ -381,7 +380,7 @@ TEST_F(Tls13CompatTest, ChangeCipherSpec + server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); + } + +-// The client rejects a ChangeCipherSpec if it advertises an empty ++// The client accepts a ChangeCipherSpec even if it advertises an empty + // session ID. + TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { + EnsureTlsSetup(); +@@ -398,9 +397,10 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph + // send ServerHello..CertificateVerify + // Send CCS + server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); +- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); +- client_->Handshake(); // Consume ClientHello and CCS +- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); ++ ++ // No alert is sent from the client. As Finished is dropped, we ++ // can't use Handshake() and CheckConnected(). ++ client_->Handshake(); + } + + // The client rejects multiple ChangeCipherSpec in a row even if the +diff -up ./lib/ssl/ssl3con.c.tls-flood-update ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.tls-flood-update 2021-02-22 09:57:04.633375051 -0800 ++++ ./lib/ssl/ssl3con.c 2021-02-22 10:00:18.659488889 -0800 +@@ -6621,11 +6621,7 @@ ssl_CheckServerSessionIdCorrectness(sslS + + /* TLS 1.3: We sent a session ID. The server's should match. */ + if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { +- if (sidMatch) { +- ss->ssl3.hs.allowCcs = PR_TRUE; +- return PR_TRUE; +- } +- return PR_FALSE; ++ return sidMatch; + } + + /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ +@@ -8644,7 +8640,6 @@ ssl3_HandleClientHello(sslSocket *ss, PR + errCode = PORT_GetError(); + goto alert_loser; + } +- ss->ssl3.hs.allowCcs = PR_TRUE; + } + + /* TLS 1.3 requires that compression include only null. */ +@@ -13010,15 +13005,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip + ss->ssl3.hs.ws != idle_handshake && + cText->buf->len == 1 && + cText->buf->buf[0] == change_cipher_spec_choice) { +- if (ss->ssl3.hs.allowCcs) { +- /* Ignore the first CCS. */ +- ss->ssl3.hs.allowCcs = PR_FALSE; ++ if (!ss->ssl3.hs.rejectCcs) { ++ /* Allow only the first CCS. */ ++ ss->ssl3.hs.rejectCcs = PR_TRUE; + return SECSuccess; ++ } else { ++ alert = unexpected_message; ++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); + } +- +- /* Compatibility mode is not negotiated. */ +- alert = unexpected_message; +- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); + } + + if (IS_DTLS(ss) || +diff -up ./lib/ssl/sslimpl.h.tls-flood-update ./lib/ssl/sslimpl.h +--- ./lib/ssl/sslimpl.h.tls-flood-update 2021-02-22 09:57:04.637375073 -0800 ++++ ./lib/ssl/sslimpl.h 2021-02-22 10:01:46.451003953 -0800 +@@ -712,10 +712,7 @@ typedef struct SSL3HandshakeStateStr { + * or received. */ + PRBool receivedCcs; /* A server received ChangeCipherSpec + * before the handshake started. */ +- PRBool allowCcs; /* A server allows ChangeCipherSpec +- * as the middlebox compatibility mode +- * is explicitly indicarted by +- * legacy_session_id in TLS 1.3 ClientHello. */ ++ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */ + PRBool clientCertRequested; /* True if CertificateRequest received. */ + ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def + * we use for TLS 1.3 */ diff --git a/SOURCES/nss-3.63-profile_fix.patch b/SOURCES/nss-3.63-profile_fix.patch new file mode 100644 index 0000000..64c54c2 --- /dev/null +++ b/SOURCES/nss-3.63-profile_fix.patch @@ -0,0 +1,55 @@ + +# HG changeset patch +# User Robert Relyea +# Date 1614193447 28800 +# Node ID d827295ca19058d6b73692be38d528fd6ae9ab08 +# Parent 80793a75363d262804531f064a1936bf0fbd3d82 +Bug 1694392 NSS does not work with PKCS #11 modules not supporting profiles +r=ueno,bbeurdouche + +User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 + +Steps to reproduce: + +Using NSS with PKCS #11 library that returns CKR_ATTRIBUTE_VALUE_INVALID when searching for CKA_CLASS = CKO_PROFILE. + +Actual results: + +PK11_InitToken calls pk11_ReadProfileList and passes on failures. Thus, if the profiles cannot be read the token cannot be initialized. +pk11_ReadProfileList in turn uses pk11_FindObjectsByTemplate to search for CKO_PROFILE objects. This function fails if C_FindObjectsInit fails. +However, it should be perfectly ok that C_FindObjectsInit fails if CKO_PROFILE is not known. In fact, CKR_ATTRIBUTE_VALUE_INVALID is a valid return code here since the library does not know (yet) the value CKO_PROFILE for CKA_CLASS and since the CKA_CLASS is a fixed list it the standard allows to return this error code. + +Expected results: + +PK11_InitToken should complete successfully. + +Differential Revision: https://phabricator.services.mozilla.com/D106167 + +diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c +--- a/lib/pk11wrap/pk11slot.c ++++ b/lib/pk11wrap/pk11slot.c +@@ -1364,20 +1364,19 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + if (!slot->isThreadSafe) + PK11_ExitSlotMonitor(slot); + } + + status = nssToken_Refresh(slot->nssToken); + if (status != PR_SUCCESS) + return SECFailure; + +- rv = pk11_ReadProfileList(slot); +- if (rv != SECSuccess) { +- return SECFailure; +- } ++ /* Not all tokens have profile objects or even recognize what profile ++ * objects are it's OK for pk11_ReadProfileList to fail */ ++ (void) pk11_ReadProfileList(slot); + + if (!(slot->isInternal) && (slot->hasRandom)) { + /* if this slot has a random number generater, use it to add entropy + * to the internal slot. */ + PK11SlotInfo *int_slot = PK11_GetInternalSlot(); + + if (int_slot) { + unsigned char random_bytes[32]; + diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 1fd6eb5..546ab13 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -41,7 +41,7 @@ rpm.define(string.format("nss_archive_version %s", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 3%{?dist} +Release: 7%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -103,6 +103,8 @@ Source30: PayPalRootCA.cert Source31: PayPalICA.cert Source32: nss-rhel7.config Source33: TestOldCA.p12 +Source34: NameConstraints.ocsp1.cert +Source35: NameConstraints.ipaca.cert Patch2: add-relro-linker-option.patch Patch3: renegotiate-transitional.patch @@ -168,10 +170,18 @@ Patch158: nss-sql-default-tests.patch Patch159: nss-disable-dc.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822 Patch160: nss-3.53.1-remove-timing-tests.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1884793 +# https://bugzilla.mozilla.org/show_bug.cgi?id=1662738 Patch161: nss-3.53.1-no-small-primes.patch -# Local patch: https://bugzilla.redhat.com/show_bug.cgi?id=1843417 -Patch162: nss-3.53-strict-proto-fix.patch +# No upstream bug yet. at least post NSS 3.63 +Patch162: nss-3.53.1-fix-deadlock-in-init-context.patch +# CVE-2020-25648 https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 +Patch163: nss-3.53.1-tls-flood-CVE-2020-25648.patch +# CVE-2020-25648 update https://bugzilla.mozilla.org/show_bug.cgi?id=1672703 +Patch164: nss-3.53.1-tls-flood-update.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1694392 +Patch165: nss-3.63-profile_fix.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1643528 +Patch166: nss-3.53-strict-proto-fix.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -249,6 +259,8 @@ low level services. %{__cp} %{SOURCE30} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE31} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE33} -f ./nss/tests/tools +%{__cp} %{SOURCE34} -f ./nss/tests/libpkix/certs +%{__cp} %{SOURCE35} -f ./nss/tests/libpkix/certs %patch2 -p0 -b .relro %patch3 -p0 -b .transitional @@ -285,7 +297,11 @@ pushd nss %patch159 -p1 -b .dc %patch160 -p1 -b .remove-timing-tests %patch161 -p1 -b .no-small-primes -%patch162 -p1 -b .strict-proto-fix +%patch162 -p1 -b .deadlock +%patch163 -p1 -b .tls-flood +%patch164 -p1 -b .tls-flood-update +%patch165 -p1 -b .cko-profile +%patch166 -p1 -b .strict-proto popd ######################################################### @@ -898,14 +914,19 @@ fi %changelog -* Thu Nov 5 2020 Johnny Hughes - 3.53.1-3 -- much thanks to both Tuomo Soini (foobar.fi) and Pat Riehecky (scientificlinux.org) - for finding the fix to these issues -* Fri Oct 2 2020 Tuomo Soini - 3.53.1-3 -- Fix tests by updating PayPalEE.cert to valid one -- Fix tests to expect small primes failing rhbz#1884793 -- Fix Cannot compile code with nss headers and -Werror=strict-prototypes - rhbz#1885321 +* Wed Mar 03 2021 Bob Relyea - 3.53.1-7 +- Fix HSM load failure because of CKO_Profile +- Allow builds with strict-proto + +* Mon Feb 22 2021 Bob Relyea - 3.53.1-6 +- Update to CVE 2020-256423 TLS flood DOS attack patch. + +* Thu Feb 18 2021 Bob Relyea - 3.53.1-5 +- Fix CVE 2020-256423 TLS flood DOS Attack. + +* Mon Feb 1 2021 Bob Relyea - 3.53.1-4 +- Fix deadlock issue +- Fix 3 FTBS issues, 2 expired certs, one semantic change in nss-softokn. * Sat Aug 1 2020 Daiki Ueno - 3.53.1-3 - Disable dh timing test because it's unreliable on s390 (from Bob Relyea)