jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-29 06:06:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

libnss: security bump to version 3.16.1

Browse Source 
Fixes:

CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.

CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.

CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.

CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2014-06-18 11:46:20 -03:00 committed by Peter Korsgaard
parent 449a71f559
commit 286cbaf328
3 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
package/libnss/libnss-cross.patch → package/libnss/libnss-0001-cross-compile.patch
View File

@ -1,14 +1,15 @@
This patch allows us to set a value for the cross compiler via TARGETCC without This patch allows us to set a value for the cross compiler via TARGETCC without
setting CC on the command line. CC is used for host tools as well as cross setting CC on the command line. CC is used for host tools as well as cross
compiled code so we cannot define it on the command line without breaking compiled code so we cannot define it on the command line without breaking
the host tools build. the host tools build.
[Gustavo: update for nss 3.16.1]
Signed-off-by: Will Newton <will.newton@imgtec.com> Signed-off-by: Will Newton <will.newton@imgtec.com>
--- libnss-3.12.9.old/mozilla/security/coreconf/Linux.mk 2011-03-01 10:31:21.517847183 +0000 diff -Nura nss-3.16.1.orig/nss/coreconf/Linux.mk nss-3.16.1/nss/coreconf/Linux.mk
+++ libnss-3.12.9/mozilla/security/coreconf/Linux.mk 2011-03-01 10:33:42.688648237 +0000 --- nss-3.16.1.orig/nss/coreconf/Linux.mk 2014-06-18 10:34:30.503996123 -0300
@@ -46,9 +46,13 @@ +++ nss-3.16.1/nss/coreconf/Linux.mk 2014-06-18 10:35:02.233068390 -0300
@@ -16,9 +16,13 @@
IMPL_STRATEGY = _PTH IMPL_STRATEGY = _PTH
endif endif

9
package/libnss/libnss-uclibc.patch → package/libnss/libnss-0002-uclibc.patch
View File

@ -1,11 +1,12 @@
uCLibc does not define RTLD_NOLOAD. uCLibc does not define RTLD_NOLOAD.
[Gustavo: update for nss 3.16.1]
Signed-off-by: Will Newton <will.newton@imgtec.com> Signed-off-by: Will Newton <will.newton@imgtec.com>
--- nss-3.12.9.old/mozilla/security/nss/lib/freebl/stubs.c 2011-07-08 13:32:54.964338355 +0100 diff -Nura nss-3.16.1.orig/nss/lib/freebl/stubs.c nss-3.16.1/nss/lib/freebl/stubs.c
+++ nss-3.12.9/mozilla/security/nss/lib/freebl/stubs.c 2011-07-08 13:33:57.255337490 +0100 --- nss-3.16.1.orig/nss/lib/freebl/stubs.c 2014-06-18 10:34:30.529997002 -0300
@@ -535,6 +535,11 @@ +++ nss-3.16.1/nss/lib/freebl/stubs.c 2014-06-18 10:36:25.508882650 -0300
@@ -594,6 +594,11 @@
return SECSuccess; return SECSuccess;
} }

11
package/libnss/libnss.mk
View File

@ -4,15 +4,14 @@
# #
################################################################################ ################################################################################
LIBNSS_VERSION = 3.14.5 LIBNSS_VERSION = 3.16.1
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_SUBDIR = mozilla/security LIBNSS_DISTDIR = dist
LIBNSS_DISTDIR = mozilla/dist
LIBNSS_INSTALL_STAGING = YES LIBNSS_INSTALL_STAGING = YES
LIBNSS_DEPENDENCIES = libnspr sqlite zlib LIBNSS_DEPENDENCIES = libnspr sqlite zlib
LIBNSS_LICENSE = MPLv2.0 LIBNSS_LICENSE = MPLv2.0
LIBNSS_LICENSE_FILES = mozilla/security/nss/COPYING LIBNSS_LICENSE_FILES = nss/COPYING
LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \ LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \ NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
@ -39,12 +38,12 @@ endif
define LIBNSS_BUILD_CMDS define LIBNSS_BUILD_CMDS
$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_coreconf \ $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \ SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \ DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \ CHECKLOC= \
$(LIBNSS_BUILD_VARS) $(LIBNSS_BUILD_VARS)
$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_dbm all \ $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \ SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \ DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \ CHECKLOC= \