nss security update package ready for review
I have looked at updating the nss package in wheezy to cover for a new
security issue that came up. The package is ready for testing in:
https://people.debian.org/~anarcat/debian/wheezy-lts/
The diff between the upstream 2.26.2 release and the 2.26 release in
wheezy is fairly small, so I felt it was better to upload the new
version than to backport the patch. The same probably applies to wheezy.
(The backport of 2.26-1 to jessie and wheezy was a bit strange, if you
ask me: instead of just taking the package from stretch and adding a new
changelog entry, the package from wheezy was updated with the upstream
source. That seems backwards to me, because it makes it harder to import
new packages from stretch in the future: we're forced to extract the
upstream tarball and the .debian.tar.gz file on top of it...)
Here's the debdiff:
debian/changelog | 12
debian/changelog.n | 839 ----------------------
nss/.hg_archival.txt | 4
nss/external_tests/ssl_gtest/ssl_auth_unittest.cc | 69 +
nss/external_tests/ssl_gtest/tls_parser.h | 1
nss/lib/nss/nss.h | 4
nss/lib/softoken/softkver.h | 4
nss/lib/ssl/ssl3con.c | 94 +-
nss/lib/util/nssutil.h | 4
Note that I remove an odd changelog.n file that crept up in the previous
upload, no idea what that thing was.
diff -Nru nss-3.26/debian/changelog nss-3.26.2/debian/changelog
--- nss-3.26/debian/changelog 2016-11-30 15:25:52.000000000 -0500
+++ nss-3.26.2/debian/changelog 2016-11-30 15:26:39.000000000 -0500
@@ -1,3 +1,15 @@
+nss (2:3.26.2-1+debu7u1) UNRELEASED; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * New upstream release to fix CVE-2016-9074
+ * CVE-2016-9074: existing mitigation of timing side-channel attacks
+ insufficient
+ * also includes a fix for aborted client connexions with MD5 algorithm
+ selection
+ * remove weird debian/changelog.n file from previous upload
+
+ -- Antoine Beaupré <anarcat@debian.org> Wed, 30 Nov 2016 15:09:36 -0500
+
nss (2:3.26-1+debu7u1) wheezy-security; urgency=medium
* New upstream release. Closes: #583651.
diff -Nru nss-3.26/debian/changelog.n nss-3.26.2/debian/changelog.n
--- nss-3.26/debian/changelog.n 2016-11-30 15:26:06.000000000 -0500
+++ nss-3.26.2/debian/changelog.n 1969-12-31 19:00:00.000000000 -0500
@@ -1,839 +0,0 @@
-nss (2:3.26-1+debu8u1) jessie-security; urgency=medium
-
- * New upstream release. Closes: #583651.
- * Remove SPI CA certificate.
- * Remove transitional compatibility kludge for renegotiation handling.
- * Update watch file and Vcs URLs, and the symbols file from unstable.
-
- -- Florian Weimer <fw@deneb.enyo.de> Mon, 03 Oct 2016 21:17:21 +0200
-
-nss (2:3.17.2-1.1+deb8u2) jessie; urgency=medium
-
- [ Andrew Ayer ]
- * Apply upstream patch (99_prefer_stronger_cert_chains.patch) to fix
- certificate chain generation to prefer stronger/newer certificates
- over weaker/older certs. Closes: #774195.
-
- -- Christoph Egger <christoph@debian.org> Sat, 15 Aug 2015 12:40:31 +0200
-
-nss (2:3.17.2-1.1+deb8u1) jessie-security; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Add 99_CVE-2015-2721.patch patch.
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange.
- * Add 100_CVE-2015-2730.patch patch.
- CVE-2015-2730: ECDSA signature validation fails to handle some
- signatures correctly.
-
- -- Salvatore Bonaccorso <carnil@debian.org> Tue, 11 Aug 2015 19:37:12 +0200
-
-nss (2:3.17.2-1.1) unstable; urgency=medium
-
- * Non-maintainer upload.
- * Fix CVE-2014-1569. Closes: #773625.
-
- -- Matt Kraai <kraai@debian.org> Sun, 21 Dec 2014 19:46:52 -0800
-
-nss (2:3.17.2-1) unstable; urgency=medium
-
- * New upstream release.
-
- -- Mike Hommey <glandium@debian.org> Sat, 18 Oct 2014 13:22:04 +0900
-
-nss (2:3.17.1-1) unstable; urgency=high
-
- * New upstream release.
- - Fixes CVE-2014-1568.
- - Add support for ppc64el, with a non-broken patch. Closes: #745757.
- * debian/libnss3.symbols: Add NSSUTIL_3.17.1 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Wed, 24 Sep 2014 22:16:32 +0900
-
-nss (2:3.17-1) unstable; urgency=medium
-
- * New upstream release.
- * nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757.
-
- -- Mike Hommey <glandium@debian.org> Sun, 24 Aug 2014 08:41:37 +0900
-
-nss (2:3.16.3-1.1) unstable; urgency=low
-
- * Non-maintainer upload to delayed.
- * Add support for ppc64el. Closes: #745757
-
- -- Andreas Barth <aba@ayous.org> Mon, 18 Aug 2014 20:01:00 +0000
-
-nss (2:3.16.3-1) unstable; urgency=medium
-
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16.2 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Sun, 13 Jul 2014 09:24:12 +0900
-
-nss (2:3.16.1-1) unstable; urgency=medium
-
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16.1 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2014 17:24:57 +0900
-
-nss (2:3.16-1) unstable; urgency=medium
-
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16 symbol versions.
- * nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates.
-
- -- Mike Hommey <glandium@debian.org> Fri, 21 Mar 2014 08:10:24 +0900
-
-nss (2:3.15.4-2) unstable; urgency=high
-
- * Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490
- and CVE-2014-1491. Bumping urgency as such.
- * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
- Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061.
-
- -- Mike Hommey <glandium@debian.org> Wed, 05 Feb 2014 16:26:06 +0900
-
-nss (2:3.15.4-1) unstable; urgency=low
-
- * New upstream release.
- * Acknowledge NMU.
- * debian/rules: Avoid long one-liner with semi-colons.
- * debian/patches/*: Refresh patches.
- * debian/copyright: Update. Closes: #730428.
- * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
- Add shared cert and key databases. Thanks Timo Aaltonen. Closes: #537866.
- * debian/rules: Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH.
- * debian/control: Mark libnss3-dev as Multi-Arch: same. Thanks Shawn
- Landden. Closes: #682925.
- * debian/libnss3.symbols: Add NSS_3.15.4 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Mon, 13 Jan 2014 10:46:04 +0900
-
-nss (2:3.15.3.1-1.1) unstable; urgency=low
-
- * Non-Maintainer Upload
- - ship extra NSS utilities (Closes: #701141)
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 04 Jan 2014 11:34:41 -0500
-
-nss (2:3.15.3.1-1) unstable; urgency=high
-
- * New upstream release.
- - Distrusts AC DG Tresor SSL CA.
-
- -- Mike Hommey <glandium@debian.org> Sun, 15 Dec 2013 10:09:48 +0900
-
-nss (2:3.15.3-1) unstable; urgency=high
-
- * New upstream release.
- - Fixes CVE-2013-1741, CVE-2013-5605, CVE-2013-5606.
-
- -- Mike Hommey <glandium@debian.org> Sat, 16 Nov 2013 08:50:45 +0900
-
-nss (2:3.15.2-1) unstable; urgency=low
-
- * New upstream release.
- - Fixes CVE-2013-1739. Closes: #726473.
-
- -- Mike Hommey <glandium@debian.org> Mon, 21 Oct 2013 08:05:24 +0900
-
-nss (2:3.15.1-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches.
- * debian/patches/lower-dhe-priority.patch: Removed, as it was only necessary
- for Iceweasel 3.5, which is long gone.
-
- -- Mike Hommey <glandium@debian.org> Mon, 05 Aug 2013 14:41:14 +0900
-
-nss (2:3.15-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches and removed unused ones.
- * debian/rules: Adjusted to the new source layout.
- * debian/libnss3.symbols: Add NSS*_3.15 symbol versions.
- * debian/control: Bump nspr build dependency.
-
- -- Mike Hommey <glandium@debian.org> Sat, 15 Jun 2013 19:23:12 +0900
-
-nss (2:3.14.3-1) unstable; urgency=high
-
- * New upstream release.
- - Fixes TLS timing attack (luck 13). Closes: #699888.
- * debian/libnss3.symbols: Add NSS_3.14.3 symbol version.
- * debian/control: Unbump sqlite3 build dependency, 3.14.3 lifted the need
- for sqlite 3.7.15.
-
- -- Mike Hommey <glandium@debian.org> Sun, 17 Mar 2013 15:01:06 +0100
-
-nss (2:3.14.2-1) unstable; urgency=low
-
- * New upstream release.
- * debian/control: Bump sqlite3 build dependency.
- * debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two
- places.
- * debian/libnss3-1d.lintian-overrides.in: Stop preprocessing, it has nothing
- to preprocess anymore.
- * debian/libnss3.lintian-overrides.in: Fix not to contain a reference to the
- libnss3-1d package.
-
- -- Mike Hommey <glandium@debian.org> Fri, 15 Feb 2013 10:06:59 +0100
-
-nss (2:3.14.1.with.ckbi.1.93-1) unstable; urgency=low
-
- * New upstream release.
- - Explicitly distrust two intermediate CA certificates mis-issued by
- TURKTRUST.
- * debian/patches/95_add_spi+cacert_ca_certs.patch: Refreshed.
-
- -- Mike Hommey <glandium@debian.org> Fri, 04 Jan 2013 11:16:33 +0100
-
-nss (2:3.14.1-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches: Removed patches applied upstream, and refreshed
- the others.
- * debian/libnss3.symbols: Updated for new symbols.
-
- -- Mike Hommey <glandium@debian.org> Sun, 23 Dec 2012 17:40:21 +0100
-
-nss (2:3.14-2) unstable; urgency=low
-
- * debian/nss-config.in: Fix nss-config when version is in the x.y form
- instead of x.y.z.
-
- -- Mike Hommey <glandium@debian.org> Fri, 07 Dec 2012 17:07:05 +0100
-
-nss (2:3.14-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches: Removed patches applied upstream, and refreshed
- the others.
- * debian/libnss3.symbols: Updated for new symbols.
-
- -- Mike Hommey <glandium@debian.org> Thu, 01 Nov 2012 10:37:39 +0100
-
-nss (2:3.13.6-1) unstable; urgency=low
-
- * New upstream release.
- * debian/rules: Use xz compression for binary packages.
- Thanks Ansgar Burchardt. Closes: #683835.
-
- -- Mike Hommey <glandium@debian.org> Fri, 31 Aug 2012 09:56:53 +0200
-
-nss (2:3.13.5-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Mike Hommey <glandium@debian.org> Fri, 15 Jun 2012 09:40:00 +0200
-
-nss (2:3.13.4-3) unstable; urgency=low
-
- * debian/rules: Skip epoch when getting upstream version number.
-
- -- Mike Hommey <glandium@debian.org> Sun, 20 May 2012 07:36:11 +0200
-
-nss (2:3.13.4-2) unstable; urgency=low
-
- * debian/control, debian/libnss3*, debian/rules,
- mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn:
- Move to unversioned library. ABI compatibility is ensured upstream, and
- the SO version, if it needed a change at any time, would be a change in
- the library name. There is no reason to keep making compatibility more
- difficult with other distros and upstream binary releases. While previous
- versions were one-way compatible (binaries built against other distros or
- upstream nspr could work on Debian), this approach works both ways.
- * debian/control:
- - Bump Standards-Version to 3.9.3.0. No changes required.
- - Force to build against libnspr4-dev >= 2:4.9
- * Removed unapplied patches.
- * Adding an epoch to match the old libnss3 package that used to be in
- the Debian archive.
-
- -- Mike Hommey <glandium@debian.org> Thu, 17 May 2012 09:45:36 +0200
-
-nss (3.13.4-1) unstable; urgency=low
-
- * New upstream release.
- - Changed __GNUC_MINOR__ use in pkcs11n.h. Closes: #650319.
- * mozilla/security/nss/cmd/certcgi/certcgi.c,
- mozilla/security/nss/cmd/digest/digest.c,
- mozilla/security/nss/cmd/signver/pk7print.c: Import patch from Moritz
- Muehlenhoff for hardened format strings.
- * debian/make.mk, debian/rules, debian/control: Enable hardening.
- Closes: #657325.
- * debian/libnss3-1d.lintian-overrides.in, debian/rules: Use wildcards in
- lintian override. Closes: #670013.
- * debian/compat, debian/control: Bump debian/compat to 9. This has the
- effect of using build-id for debug files, thus Closes: #670015.
- * debian/libnss3-1d.symbols: Add symbols for /usr/lib/nss/ libraries.
-
- -- Mike Hommey <glandium@debian.org> Sun, 29 Apr 2012 09:48:58 +0200
-
-nss (3.13.3-1) unstable; urgency=low
-
- * New upstream release.
- * debian/libnss3-1d.symbols: Updated to fit new upstream.
-
- -- Mike Hommey <glandium@debian.org> Fri, 24 Feb 2012 09:56:10 +0100
-
-nss (3.13.2~beta1-3) experimental; urgency=low
-
- * debian/libnss3-1d.symbols: Fix symbol version for the symbol added in
- -2.
-
- -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 19:20:23 +0100
-
-nss (3.13.2~beta1-2) experimental; urgency=low
-
- * mozilla/security/nss/lib/ssl/*,
- mozilla/security/nss/cmd/tstclnt/tstclnt.c,
- mozilla/security/nss/tests/ssl/ssl.sh: Apply patches from bz#542832,
- required for Iceweasel 11.
- * debian/libnss3-1d.symbols: Add corresponding symbol.
-
- -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 17:54:03 +0100
-
-nss (3.13.2~beta1-1) experimental; urgency=low
-
- * New upstream snapshot, picked from NSS_3_13_2_BETA1 cvs tag.
- * debian/libnss3-1d.symbols: Add NSS 3.13.2 symbols.
-
- -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 16:22:05 +0100
-
-nss (3.13.1.with.ckbi.1.88-1) unstable; urgency=low
-
- * New upstream release.
- - Distrusts malaysian Digicert Sdn. Bhd CA certificate.
- - Addresses CVE-2011-3640 (Untrusted search path vulnerability).
- Closes: #647614.
- * debian/patches/*: Refreshed patches.
- * debian/libnss3-1d.symbols: Add NSS 3.13 symbols.
-
- -- Mike Hommey <glandium@debian.org> Sat, 05 Nov 2011 17:05:26 +0100
-
-nss (3.12.11-3) unstable; urgency=high
-
- * mozilla/security/nss/lib/ckfw/builtins/certdata.*:
- Explicitely distrust various DigiNotar CAs:
- - DigiNotar Root CA
- - DigiNotar Services 1024 CA
- - DigiNotar Cyber CA
- - DigiNotar Cyber CA 2nd
- - DigiNotar PKIoverheid
- - DigiNotar PKIoverheid G2
-
- -- Mike Hommey <glandium@debian.org> Sat, 03 Sep 2011 09:33:28 +0200
-
-nss (3.12.11-2) unstable; urgency=high
-
- * mozilla/security/nss/lib/ckfw/builtins/certdata.*:
- Remove DigiNotar Root CA.
-
- -- Mike Hommey <glandium@debian.org> Wed, 31 Aug 2011 08:49:00 +0200
-
-nss (3.12.11-1) unstable; urgency=low
-
- * New upstream release.
- * mozilla/security/nss/lib/ckfw/builtins/certdata.*,
- * mozilla/security/coreconf/{config,Linux}.mk: Refreshed.
- * debian/copyright: Update dbm license according to that in the source.
- Closes: #624310
-
- -- Mike Hommey <glandium@debian.org> Fri, 12 Aug 2011 12:45:08 +0200
-
-nss (3.12.10-3) unstable; urgency=low
-
- * debian/nss-config.in, debian/nss.pc.in, debian/rules: Return the multiarch
- path in nss-config and nss.pc.
-
- -- Mike Hommey <glandium@debian.org> Thu, 21 Jul 2011 18:08:48 +0200
-
-nss (3.12.10-2) unstable; urgency=low
-
- * debian/control, debian/libnss3-1d.dirs,
- debian/libnss3-1d.lintian-overrides.in, debian/libnss3-dev.dirs,
- debian/libnss3-1d.links.in, debian/libnss3-dev.links.in,
- debian/rules: Switch to multi-arch while keeping backports easy.
- Closes: #497088.
-
- -- Mike Hommey <glandium@debian.org> Mon, 04 Jul 2011 11:24:18 +0200
-
-nss (3.12.10-1) unstable; urgency=low
-
- * New upstream release.
- * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed.
- * debian/control: Build depend on libnspr4-dev >= 4.8.8.
- * debian/libnss3-1d.symbols: Add new symbol version.
-
- -- Mike Hommey <glandium@debian.org> Wed, 25 May 2011 10:20:59 +0200
-
-nss (3.12.9.with.ckbi.1.82-1) unstable; urgency=low
-
- * New upstream release.
- - Marks fraudulent Comodo certificates as untrusted.
- * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed.
-
- -- Mike Hommey <glandium@debian.org> Thu, 24 Mar 2011 16:37:46 +0100
-
-nss (3.12.9-2) unstable; urgency=low
-
- * Upload to unstable.
- * debian/rules: Fallback to DEB_BUILD_ARCH when dpkg-architecture does't
- support DEB_BUILD_ARCH_BITS.
- * debian/control: Lower build depends on dpkg-dev to (>= 1.13.19), which
- was the previous value.
- * mozilla/security/nss/lib/freebl/unix_rand.c: We don't need to prevent
- using netstat for entropy seeding. The seeding will stop before netstat
- if it could get data from /dev/urandom.
- * mozilla/security/coreconf/Linux.mk: We shouldn't need to special case
- mips64 anymore.
- * mozilla/security/nss/cmd/shlibsign/Makefile, debian/rules: Don't rely
- on patching the source to not create .chk files during build.
-
- -- Mike Hommey <glandium@debian.org> Sun, 06 Mar 2011 09:58:41 +0100
-
-nss (3.12.9-1) experimental; urgency=low
-
- * New upstream release.
-
- -- Mike Hommey <glandium@debian.org> Sat, 15 Jan 2011 11:33:35 +0100
-
-nss (3.12.9~beta2-1) experimental; urgency=low
-
- * New upstream snapshot, picked from NSS_3_12_9_BETA2 cvs tag.
- * debian/patches/*: Refresh patches.
- * debian/libnss3-1d.symbols: Add new symbol versions.
- * debian/rules: Bump shlibs.
-
- -- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2010 15:01:31 +0100
-
-nss (3.12.8-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches.
- * debian/patches/series:
- + lower-dhe-priority.patch: Upstream patch from bz#583337 to lower DHE
- priority. Closes: #592315.
-
- -- Mike Hommey <glandium@debian.org> Thu, 07 Oct 2010 08:50:48 +0200
-
-nss (3.12.8~b2-1) experimental; urgency=low
-
- * New upstream snapshot, picked from NSS_3_12_8_BETA2 cvs tag.
- * debian/patches/*: Refresh patches.
-
- -- Mike Hommey <glandium@debian.org> Mon, 23 Aug 2010 18:11:12 +0200
-
-nss (3.12.7-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches.
- * debian/control:
- - Bump Standards-Version to 3.9.1.0.
- - Build depend on libnspr4-dev >= 4.8.6.
- * debian/libnss3-1d.symbols: Simplify symbols file and add new symbols.
- * debian/rules: Bump shlibs.
-
- -- Mike Hommey <glandium@debian.org> Fri, 06 Aug 2010 13:55:14 +0200
-
-nss (3.12.6-3) unstable; urgency=low
-
- * debian/rules:
- + Sign libnssdbm3.so. Closes: #588806.
- + Test that the FIPS mode can be properly enabled during build.
- * debian/control:
- + Remove conflicts with very old packages.
- + Bump Standards-Version to 3.9.0.0.
-
- -- Mike Hommey <glandium@debian.org> Mon, 12 Jul 2010 15:12:24 +0200
-
-nss (3.12.6-2) unstable; urgency=low
-
- * debian/patches/series:
- + 00_ckbi_1.79.patch: New patch to update CKBI to 1.79.
- + 95_add_spi+cacert_ca_certs.patch: Refreshed against CKBI 1.79.
-
- -- Mike Hommey <glandium@debian.org> Fri, 09 Apr 2010 10:45:01 +0200
-
-nss (3.12.6-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches.
- * debian/libnss3-1d.symbols, debian/rules: Update symbols file with new
- symbols and bump shlibs.
- * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch,
- debian/patches/series: Enable transitional scheme for ssl renegotiation.
- Closes: #561918.
- * debian/control:
- + Bump Standards-Version to 3.8.4.0.
- + Drop libnss3-1d dependency on dpkg. The versions it didn't really like
- were between oldstable and stable.
- + Don't allow different versions of libnss3-1d, libnss3-1d-dbg and
- libnss3-tools to be installed at the same time.
- + Add ${misc:Depends} to libnss3-1d-dbg dependencies.
- * debian/rules: Revert workaround for gcc 4.4 bug on powerpc with -Os.
- * debian/rules, debian/control, debian/compat: Simplify debian/rules by
- using dh.
-
- -- Mike Hommey <glandium@debian.org> Wed, 17 Mar 2010 20:33:32 +0100
-
-nss (3.12.5-2) unstable; urgency=low
-
- * debian/control:
- + Remove build dependency on autotools-dev, we don't use it.
- + libnss3-dev depends on libnspr4-dev >= 4.6.6-1. 4.6.6-1 was the first
- version where the pkg-config file was nspr.pc instead of
- xulrunner-nspr.pc. Closes: #567134.
- * debian/patches/96_NSS_VersionCheck.patch, debian/patches/series:
- Remove runtime check of NSPR version in NSS_VersionCheck, which seems to
- be pointless. Closes: #567136.
-
- -- Mike Hommey <glandium@debian.org> Thu, 28 Jan 2010 12:12:35 +0100
-
-nss (3.12.5-1) unstable; urgency=low
-
- * New upstream release.
- * debian/copyright: Modify with new location for the embedded copy of zlib.
- * debian/patches/*:
- + Adapt patches to new upstream.
- + Switch to quilt format
- * debian/source/format: Switch to 3.0 (quilt) format.
- * debian/rules, debian/control: Stop using dpatch.
- * debian/patches/38_intel_aes_executable_stack.patch: Removed. An upstream
- change in version 3.12.4 obsoleted it.
- * debian/rules:
- + Remove DEB_{BUILD,HOST}_* variables, they are not used.
- + Use DEB_BUILD_ARCH_BITS to determine whether to build with USE_64 or not.
- + Ship more tools in libnss3-tools. Closes: #526267.
- + Work around gcc 4.4 bug on powerpc with -Os.
- + Force non parallel build. There are too many race conditions in the
- build system to support parallel builds. Closes: #536248.
- + Bump shlibs.
- * debian/control:
- + Bump Standards-Version to 3.8.3.0.
- + Build-depend on dpkg-dev (>= 1.15.4) for DEB_BUILD_ARCH_BITS.
- + Stricter dependency between libnss3-dev and libnss3-1d.
- * debian/libnss3-1d.symbols:
- + Add new symbols.
- + Remove debian revision for symbols added in 3.12.4.
- * debian/patches/38_hurd.patch: Fix FTBFS on Hurd due to PATH_MAX usage in
- unix_rand.c. Closes: #550995.
-
- -- Mike Hommey <glandium@debian.org> Fri, 18 Dec 2009 11:48:14 +0100
-
-nss (3.12.4-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/38_kbsd.dpatch:
- + Use CHECK_FORK_PTHREAD on kfreebsd and hurd. Closes: #547301.
- + Adapt to upstream changes.
- * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
- * debian/patches/81_sonames.dpatch: Adapt to upstream changes.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols.
- * debian/rules: Bumped shlibs.
-
- -- Mike Hommey <glandium@debian.org> Sun, 11 Oct 2009 01:26:14 +0200
-
-nss (3.12.3.1-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/95_add_spi+cacert_ca_certs.dpatch, Adapted to upstream
- changes.
-
- -- Mike Hommey <glandium@debian.org> Fri, 21 Aug 2009 23:47:24 +0200
-
-nss (3.12.3-1) unstable; urgency=low
-
- * New upstream release.
- * debian/watch: Updated to catch new upstream .bz2 tarballs.
- * debian/copyright: Add information about
- mozilla/security/corecond/mkdepend.
- * debian/patches/38_hurd.dpatch, debian/patches/38_kbsd.dpatch: Adapted
- to upstream changes.
- * debian/patches/85_security_load.dpatch: Load libsoftokn3.so from
- /usr/lib/nss when unable to load it from standard ld.so paths in
- shlibsign.
- * debian/rules:
- + Add debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH when running
- shlibsign during build.
- + Bumped shlibs.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols.
- * debian/control:
- + Bumped Standards-Version to 3.8.1.0. No changes needed.
- + Put the libnss3-1d-dbg package in the "debug" section.
- + Correct libnss3-1d-dbg short description.
- + Remove redundant section on libnss3-1d.
- + Build-depend on proper version of debhelper for dh_lintian.
- * debian/*.lintian-overrides, debian/rules: Install some Lintian
- overrides with dh_lintian.
- * debian/patches/38_intel_aes_executable_stack.dpatch: Indicate that
- we don't need executable stack in intel-aes.s.
- * debian/patches/00list: Updated accordingly.
-
- -- Mike Hommey <glandium@debian.org> Sat, 18 Apr 2009 09:37:31 +0200
-
-nss (3.12.2.with.ckbi.1.73-2) unstable; urgency=low
-
- * mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h:
- Apply patch from upstream to fix alignment issues on sparc and ia64.
- Closes: #509930.
-
- -- Mike Hommey <glandium@debian.org> Mon, 06 Apr 2009 20:24:01 +0200
-
-nss (3.12.2.with.ckbi.1.73-1) unstable; urgency=low
-
- * debian/patches/38_kbsd.dpatch: Brown paper bag fix for regression
- in previous release that led to FTBFS on i386 only. Closes: #513101.
- Thanks Steffen Joeris, Sebastian Andrzej Siewior and Petr Salinger.
- * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
- debian/patches/80_security_tools.dpatch: Adapted to upstream changes.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols.
- * debian/rules: Bumped shlibs.
-
- -- Mike Hommey <glandium@debian.org> Sat, 31 Jan 2009 16:41:26 +0100
-
-nss (3.12.1-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/95_add_spi+cacert_ca_certs.dpatch,
- debian/patches/38_mips64_build.dpatch,
- debian/patches/38_kbsd.dpatch: Adapted to upstream changes.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols.
- * debian/rules: Bumped shlibs.
-
- -- Mike Hommey <glandium@debian.org> Sat, 20 Dec 2008 12:11:28 +0100
-
-nss (3.12.0-5) unstable; urgency=low
-
- * debian/control:
- + Conflict with libnss3-0d >= 3.11.5, that has conflicting files in
- /usr/lib/nss. Older versions (those from etch) don't conflict.
- This makes updates from old testing smoother. Closes: #492332.
- + Build-depend on libsqlite3-dev >= 3.3.9, since API introduced in this
- version is used. Closes: #493191.
-
- -- Mike Hommey <glandium@debian.org> Sun, 03 Aug 2008 09:42:03 +0200
-
-nss (3.12.0-4) unstable; urgency=low
-
- * debian/control: Remove conflict with libnss3-0d, it was only useful when
- libnss3-0d was a transitional package. Closes: #490995.
-
- -- Mike Hommey <glandium@debian.org> Wed, 16 Jul 2008 21:29:19 +0200
-
-nss (3.12.0-3) unstable; urgency=low
-
- * debian/rules:
- + Enable ECC cypher suite. Closes: #490826.
- + Build with the same optimization level as upstream.
-
- -- Mike Hommey <glandium@debian.org> Mon, 14 Jul 2008 17:35:25 +0200
-
-nss (3.12.0-2) unstable; urgency=low
-
- * debian/patches/95_add_spi+cacert_ca_certs.dpatch:
- + Add CAcert root and class 3 certificates to nssckbi module.
- + Add SPI Inc. certificate to nssckbi module.
- Thanks to Martin F Krafft for these. Closes: #309564.
- * debian/patches/00list: Updated accordingly.
-
- -- Mike Hommey <glandium@debian.org> Sat, 12 Jul 2008 18:26:09 +0200
-
-nss (3.12.0-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/92_ocsp.dpatch: Removed, as applied upstream.
- * debian/patches/00list: Updated accordingly.
- * debian/control:
- + Bumped Standards-Version to 3.8.0.1. No changes needed.
- + Added Vcs-Browser and Vcs-Git fields.
- + libnss3-dev don't need explicit version dependency on libnss3-1d.
- + libnss3-dev depends on libnspr4-dev. Closes: #488402.
- + Make the -dbg package less a hassle for manual installations with dpkg.
- + libnss3-1d depends on version of dpkg that either don't support symbols
- files or has fix for #474079.
- * debian/patches/85_security_load.dpatch: Load files from /usr/lib/nss if
- given reference path is only a filename, which happens when freebl is
- statically linked in a binary executable, such as signtool, and the
- executable is run from $PATH. When the executable is run using a full
- path, we must replace /bin/ in the path with /lib/ to find the libraries.
- Closes: #483774.
- * debian/libnss3-1d.symbols: Re-enable symbols file.
-
- -- Mike Hommey <glandium@debian.org> Sat, 05 Jul 2008 10:19:53 +0200
-
-nss (3.12.0~rc3-3) unstable; urgency=low
-
- * debian/control: Make libnss3-0d conflict with old libnss3, which can
- still be installed on some systems, though it hasn't been in the archive
- since sarge. Closes: #485080.
-
- -- Mike Hommey <glandium@debian.org> Sun, 08 Jun 2008 14:11:13 +0200
-
-nss (3.12.0~rc3-2) unstable; urgency=low
-
- * debian/patches/92_ocsp.dpatch: Apply patches from bz433594 and bz#433386,
- which are applied in upstream RC4 (and are the only changes), to fix
- crashes under some conditions with OCSP checks.
- * debian/patches/00list: Updated accordingly.
- * debian/libnss3-dev.links, debian/libnss3-1d.links: Don't install so
- files in the -dev package but in the library package. It will allow
- external applications linked against upstream nss to work on Debian with
- system nss libraries, and will avoid all browsers to have to implement
- symlinks themselves to allow some external plugins to work properly.
- * debian/control: Make libnss3-1d conflict with older versions of
- libnss3-dev and libnss3-dev need newer libnss3-1d accordingly.
-
- -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2008 11:57:55 +0200
-
-nss (3.12.0~rc3-1) unstable; urgency=low
-
- * New upstream snapshot, picked from NSS_3_12_RC3 cvs tag.
-
- -- Mike Hommey <glandium@debian.org> Sun, 11 May 2008 16:58:17 +0200
-
-nss (3.12.0~beta3-1) unstable; urgency=low
-
- * New upstream snapshot, picked from NSS_3_12_BETA3 cvs tag.
- * debian/control: Turn Homepage indications in descriptions into a
- control field.
- * debian/patches/91_build_pwdecrypt.dpatch: Enable building and installing
- pwdecrypt. Thanks Paul Wise. Closes: #472303.
- * debian/patches/00list: Updated accordingly.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols and rename
- the file, so that it isn't used, as a workaround to #474079.
- Closes: #474007.
- * debian/rules: Bumped shlibs.
-
- -- Mike Hommey <glandium@debian.org> Tue, 08 Apr 2008 21:23:53 +0200
-
-nss (3.12.0~beta2-1) unstable; urgency=low
-
- * New upstream snapshot, picked from NSS_3_12_BETA2 cvs tag.
- * debian/patches/10_3.11.7_symbol_fix.dpatch: Removed, as applied upstream.
- * debian/patches/38_kbsd.dpatch: Adapted to upstream changes.
- * debian/patches/81_sonames.dpatch: Add SO_VERSION to libnssutil3.
- * debian/libnss3-dev.links: Add link for libnssutil3.
- * debian/libnss3-1d.symbols: Update symbols file with new symbols. Note that
- SEC_StringToOID disappeared (well, was moved to nssutil), compared to
- version 3.12.0~1.9b1, but it was a new symbol, and isn't used anywhere.
- * debian/nss.pc.in, debian/nss-config.in: Add libnssutil3 support.
- * debian/rules:
- + Bumped shlibs.
- + Don't generate libsoftokn3.so.0d.
- * debian/control:
- + Remove transitional libnss3-0d package.
- + Bumped Standards-Version to 3.7.3.0. No changes needed.
- + Build depend on libnspr4-dev >= 4.7.0 (we *do* need the RTM version, and
- not the preceding betas)
- * debian/libnss3-0d.*: Removed.
- * debian/patches/85_security_load.dpatch: Load files from $ORIGIN/nss before
- those of $ORIGIN. Closes: #469079.
- * debian/patches/38_hurd.dpatch: Fix FTBFS on Hurd because of MAXPATHLEN.
- Closes: #419529.
- * debian/patches/00list: Updated accordingly.
-
- -- Mike Hommey <glandium@debian.org> Fri, 07 Mar 2008 21:27:54 +0100
-
-nss (3.12.0~1.9b1-2) unstable; urgency=low
-
- * debian/control: libnss3-1-dbg needs to conflict with older libnss3-0d-dbg,
- as it overwrites so of its files. Closes: #455875.
- * debian/patches/90_realpath.dpatch: Use realpath() in
- loader_GetOriginalPathname, so that symlinks are properly followed when
- determining where the current library lives.
- * debian/patches/00list: Updated accordingly.
- * debian/patches/85_security_load.dpatch: When the module given by the
- caller contains a directory name, remove it so that the module can be
- properly loaded. Closes: #456296.
-
- -- Mike Hommey <glandium@debian.org> Sun, 16 Dec 2007 11:06:03 +0100
-
-nss (3.12.0~1.9b1-1) unstable; urgency=low
-
- * New upstream snapshot, picked from FIREFOX_3_0b1_RELEASE cvs tag.
- * debian/copyright: Add licensing information about the recently added
- sqlite copy in the source tree.
- * debian/control:
- + Build depend on libsqlite3-dev.
- + Rename all -0d packages to -1d, but keep a transitional -0d package,
- since all libraries are compatible (except for the removed one).
- + Make libnss3-1d conflict with older libnss3-0d.
- * debian/patches/38_kbsd.dpatch, debian/patches/81_sonames.dpatch:
- Adapted to upstream changes.
- * debian/patches/81_sonames.dpatch:
- + Remove SO version from libsoftokn3, now it is not linked against
- anymore, but dlloaded.
- + Remove the hacks to have shlibsign and the signature verification code
- handle the SO version in the file name.
- + Bump SO version to 1d.
- * debian/rules:
- + Add NSS_USE_SYSTEM_SQLITE=1 to the make options.
- + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss.
- + Run shlibsign on libsoftokn3 in /usr/lib/nss, without a SO version.
- + For some reason, build-stamp was missing in install-stamp dependencies.
- + Bumped shlibs because of new symbols, and pass -c4 to dpkg-gensymbols,
- so that it fails in all cases where the symbols file is not up to date.
- + Adapt upstream version pattern matching so that the ~1.9b1 part is
- removed.
- + Install .1d libraries in -1d packages.
- + Create a dummy libsoftokn3.so.0d library, installed in the libnss3-0d
- package.
- * debian/libnss3-0d.links:
- + Remove links in /usr/lib/xulrunner. The workaround they were
- implementing is going to be done another way.
- + Add .0d links to .1d libraries.
- * debian/libnss3-dev.links:
- + Don't put a symlink for libsoftokn3.
- + .so files now link to .1d libraries.
- * debian/patches/80_security_build.dpatch: Remove the hack to load libfreebl
- from /usr/lib/nss.
- * debian/patches/85_security_load.dpatch: Load modules from $ORIGIN/nss.
- * debian/patches/10_3.11.7_symbol_fix.dpatch: Fix a symbol version. Stolen
- from bz#325672.
- * debian/patches/00list: Updated accordingly.
- * debian/libnss3-0d.dirs: Renamed to libnss3-1d.dirs.
-
- -- Mike Hommey <glandium@debian.org> Sat, 08 Dec 2007 10:53:02 +0100
-
-nss (3.11.7-1) unstable; urgency=low
-
- * New upstream release, picked from NSS_3_11_7_RTM cvs tag.
- * debian/patches/38_kbsd.dpatch: Also add support for the Hurd.
- Closes: #419529.
- * debian/rules:
- + Don't fail on clean with unpatched ruleset. Closes: #421542.
- + Bumped shlibs because of new symbols.
- * debian/patches/81_sonames.dpatch: Adapted to upstream changes.
-
- -- Mike Hommey <glandium@debian.org> Sun, 01 Jul 2007 11:29:06 +0200
-
-nss (3.11.5-3) unstable; urgency=low
-
- * Upload to unstable.
-
- -- Mike Hommey <glandium@debian.org> Mon, 09 Apr 2007 20:37:25 +0200
-
-nss (3.11.5-2) experimental; urgency=low
-
- * debian/rules:
- + Cleaner way to set the NSPR location.
- + Install libcrmf.a files in libnss3-dev.
- + binary-indep now does nothing.
- * debian/control: Make libnss3-dev an Arch: any package.
- * debian/nss.pc.in:
- + Remove libsoftokn3 from ld libraries.
- + Improvement in directories setting.
- * debian/libnss3-dev.dirs: Create /usr/bin.
- * debian/nss-config.in, debian/rules: Install a nss-config script into
- libnss3-dev.
-
- -- Mike Hommey <glandium@debian.org> Tue, 27 Mar 2007 20:41:11 +0200
-
-nss (3.11.5-1) experimental; urgency=low
-
- * Initial release. (Closes: #416151)
-
- -- Mike Hommey <glandium@debian.org> Sun, 25 Mar 2007 23:56:17 +0200
diff -Nru nss-3.26/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc nss-3.26.2/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
--- nss-3.26/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc 2016-10-10 10:54:09.000000000 -0400
@@ -22,6 +22,38 @@
namespace nss_test {
+class TlsInspectorCertificateRequestSigAlgSetter : public TlsHandshakeFilter {
+ public:
+ TlsInspectorCertificateRequestSigAlgSetter(SSLSignatureAndHashAlg sig_alg)
+ : sig_alg_(sig_alg) {}
+
+ virtual PacketFilter::Action FilterHandshake(
+ const HandshakeHeader& header,
+ const DataBuffer& input, DataBuffer* output) {
+ if (header.handshake_type() != kTlsHandshakeCertificateRequest) {
+ return KEEP;
+ }
+
+ TlsParser parser(input);
+ *output = input;
+
+ // Skip certificate types.
+ parser.SkipVariable(1);
+
+ // Skip sig algs length.
+ parser.Skip(2);
+
+ // Write signature algorithm.
+ output->Write(parser.consumed(), sig_alg_.hashAlg, 1);
+ output->Write(parser.consumed() + 1, sig_alg_.sigAlg, 1);
+
+ return CHANGE;
+ }
+
+ private:
+ SSLSignatureAndHashAlg sig_alg_;
+};
+
TEST_P(TlsConnectGeneric, ClientAuth) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);
@@ -337,4 +369,41 @@
Receive(10);
}
+TEST_P(TlsConnectTls12, ClientAuthNoMatchingSigAlgs) {
+ Reset(TlsAgent::kServerEcdsa);
+ server_->RequestClientAuth(false);
+ client_->SetupClientAuth();
+
+ server_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+ server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
+ PR_ARRAY_SIZE(SignatureEcdsaSha256));
+
+ Connect();
+ CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+ EXPECT_TRUE(!SSL_PeerCertificate(server_->ssl_fd()));
+}
+
+TEST_P(TlsConnectTls12, CertificateRequestMd5) {
+ const SSLSignatureAndHashAlg md5_sig_alg = {ssl_hash_md5, ssl_sign_rsa};
+
+ const SSLSignatureAndHashAlg serverAlgorithms[] = {
+ {ssl_hash_sha1, ssl_sign_rsa},
+ {ssl_hash_sha256, ssl_sign_rsa}
+ };
+
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+ server_->SetPacketFilter(new TlsInspectorCertificateRequestSigAlgSetter
+ (md5_sig_alg));
+ server_->SetSignatureAlgorithms(serverAlgorithms,
+ PR_ARRAY_SIZE(serverAlgorithms));
+
+ client_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+ server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+
+ ConnectExpectFail();
+ ASSERT_EQ(SEC_ERROR_BAD_SIGNATURE, server_->error_code());
+ ASSERT_EQ(SSL_ERROR_DECRYPT_ERROR_ALERT, client_->error_code());
+}
+
}
diff -Nru nss-3.26/nss/external_tests/ssl_gtest/tls_parser.h nss-3.26.2/nss/external_tests/ssl_gtest/tls_parser.h
--- nss-3.26/nss/external_tests/ssl_gtest/tls_parser.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/external_tests/ssl_gtest/tls_parser.h 2016-10-10 10:54:09.000000000 -0400
@@ -29,6 +29,7 @@
const uint8_t kTlsHandshakeEncryptedExtensions = 8;
const uint8_t kTlsHandshakeCertificate = 11;
const uint8_t kTlsHandshakeServerKeyExchange = 12;
+const uint8_t kTlsHandshakeCertificateRequest = 13;
const uint8_t kTlsHandshakeCertificateVerify = 15;
const uint8_t kTlsHandshakeClientKeyExchange = 16;
const uint8_t kTlsHandshakeFinished = 20;
diff -Nru nss-3.26/nss/.hg_archival.txt nss-3.26.2/nss/.hg_archival.txt
--- nss-3.26/nss/.hg_archival.txt 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/.hg_archival.txt 2016-10-10 10:54:09.000000000 -0400
@@ -1,4 +1,4 @@
repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f
-node: f118cfd3948a9198bff6db23a300073897fb59c0
+node: 5bb734f18d10e207cdfb222dbdb8be56dfdd0f64
branch: NSS_3_26_BRANCH
-tag: NSS_3_26_RTM
+tag: NSS_3_26_2_RTM
diff -Nru nss-3.26/nss/lib/nss/nss.h nss-3.26.2/nss/lib/nss/nss.h
--- nss-3.26/nss/lib/nss/nss.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/nss/nss.h 2016-10-10 10:54:09.000000000 -0400
@@ -22,10 +22,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.26" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.26.2" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 26
-#define NSS_VPATCH 0
+#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
diff -Nru nss-3.26/nss/lib/softoken/softkver.h nss-3.26.2/nss/lib/softoken/softkver.h
--- nss-3.26/nss/lib/softoken/softkver.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/softoken/softkver.h 2016-10-10 10:54:09.000000000 -0400
@@ -25,10 +25,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.26" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.26.2" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 26
-#define SOFTOKEN_VPATCH 0
+#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff -Nru nss-3.26/nss/lib/ssl/ssl3con.c nss-3.26.2/nss/lib/ssl/ssl3con.c
--- nss-3.26/nss/lib/ssl/ssl3con.c 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/ssl/ssl3con.c 2016-10-10 10:54:09.000000000 -0400
@@ -7881,7 +7881,7 @@
return rv;
}
-static void
+static SECStatus
ssl3_DecideTls12CertVerifyHash(sslSocket *ss, const SECItem *algorithms);
typedef struct dnameNode {
@@ -8112,7 +8112,10 @@
}
if (ss->ssl3.hs.hashType == handshake_hash_record ||
ss->ssl3.hs.hashType == handshake_hash_single) {
- ssl3_DecideTls12CertVerifyHash(ss, algorithms);
+ rv = ssl3_DecideTls12CertVerifyHash(ss, algorithms);
+ if (rv != SECSuccess) {
+ goto send_no_certificate;
+ }
}
break; /* not an error */
@@ -10187,7 +10190,7 @@
return SECFailure;
}
-static void
+static SECStatus
ssl3_DecideTls12CertVerifyHash(sslSocket *ss, const SECItem *algorithms)
{
SECStatus rv;
@@ -10201,7 +10204,7 @@
/* Determine the key's signature algorithm and whether it prefers SHA-1. */
rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1);
if (rv != SECSuccess) {
- return;
+ return SECFailure;
}
/* Determine the server's hash support for that signature algorithm. */
@@ -10210,6 +10213,9 @@
SSLHashType hashAlg = algorithms->data[i];
SECOidTag hashOID;
PRUint32 policy;
+ if (hashAlg == ssl_hash_md5) {
+ continue; /* No MD5 signature support. */
+ }
if (hashAlg == ssl_hash_sha1 &&
ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
/* TLS 1.3 explicitly forbids using SHA-1 with certificate_verify. */
@@ -10239,6 +10245,13 @@
} else {
ss->ssl3.hs.tls12CertVerifyHash = otherHashAlg;
}
+
+ /* We didn't find a sigAlg matching the client cert's key type. */
+ if (ss->ssl3.hs.tls12CertVerifyHash == ssl_hash_none) {
+ return SECFailure;
+ }
+
+ return SECSuccess;
}
static SECStatus
@@ -12983,6 +12996,13 @@
return DUPLICATE_MSB_TO_ALL_8(c);
}
+/* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */
+static unsigned char
+ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b)
+{
+ return (mask & a) | (~mask & b);
+}
+
static SECStatus
ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
unsigned int blockSize,
@@ -13086,22 +13106,54 @@
/* scanStart contains the number of bytes that we can ignore because
* the MAC's position can only vary by 255 bytes. */
unsigned scanStart = 0;
- unsigned i, j, divSpoiler;
+ unsigned i, j;
unsigned char rotateOffset;
- if (originalLength > macSize + 255 + 1)
+ if (originalLength > macSize + 255 + 1) {
scanStart = originalLength - (macSize + 255 + 1);
+ }
- /* divSpoiler contains a multiple of macSize that is used to cause the
- * modulo operation to be constant time. Without this, the time varies
- * based on the amount of padding when running on Intel chips at least.
- *
- * The aim of right-shifting macSize is so that the compiler doesn't
- * figure out that it can remove divSpoiler as that would require it
- * to prove that macSize is always even, which I hope is beyond it. */
- divSpoiler = macSize >> 1;
- divSpoiler <<= (sizeof(divSpoiler) - 1) * 8;
- rotateOffset = (divSpoiler + macStart - scanStart) % macSize;
+ /* We want to compute
+ * rotateOffset = (macStart - scanStart) % macSize
+ * But the time to compute this varies based on the amount of padding. Thus
+ * we explicitely handle all mac sizes with (hopefully) constant time modulo
+ * using Barrett reduction:
+ * q := (rotateOffset * m) >> k
+ * rotateOffset -= q * n
+ * if (n <= rotateOffset) rotateOffset -= n
+ */
+ rotateOffset = macStart - scanStart;
+ /* rotateOffset < 255 + 1 + 48 = 304 */
+ if (macSize == 16) {
+ rotateOffset &= 15;
+ } else if (macSize == 20) {
+ /*
+ * Correctness: rotateOffset * ( 1/20 - 25/2^9 ) < 1
+ * with rotateOffset <= 853
+ */
+ unsigned q = (rotateOffset * 25) >> 9; /* m = 25, k = 9 */
+ rotateOffset -= q * 20;
+ rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 20),
+ 20, 0);
+ } else if (macSize == 32) {
+ rotateOffset &= 31;
+ } else if (macSize == 48) {
+ /*
+ * Correctness: rotateOffset * ( 1/48 - 10/2^9 ) < 1
+ * with rotateOffset < 768
+ */
+ unsigned q = (rotateOffset * 10) >> 9; /* m = 25, k = 9 */
+ rotateOffset -= q * 48;
+ rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 48),
+ 48, 0);
+ } else {
+ /*
+ * SHA384 (macSize == 48) is the largest we support. We should never
+ * get here.
+ */
+ PORT_Assert(0);
+ rotateOffset = rotateOffset % macSize;
+ }
memset(rotatedMac, 0, macSize);
for (i = scanStart; i < originalLength;) {
@@ -13117,12 +13169,16 @@
/* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line
* we could line-align |rotatedMac| and rotate in place. */
memset(out, 0, macSize);
+ rotateOffset = macSize - rotateOffset;
+ rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+ 0, rotateOffset);
for (i = 0; i < macSize; i++) {
- unsigned char offset =
- (divSpoiler + macSize - rotateOffset + i) % macSize;
for (j = 0; j < macSize; j++) {
- out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset);
+ out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, rotateOffset);
}
+ rotateOffset++;
+ rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+ 0, rotateOffset);
}
}
diff -Nru nss-3.26/nss/lib/util/nssutil.h nss-3.26.2/nss/lib/util/nssutil.h
--- nss-3.26/nss/lib/util/nssutil.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/util/nssutil.h 2016-10-10 10:54:09.000000000 -0400
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.26"
+#define NSSUTIL_VERSION "3.26.2"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 26
-#define NSSUTIL_VPATCH 0
+#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
I have yet to run the test suite, I am not sure why it's not being ran
during build. I do not expect any significant regressions considering
the change is so small, however.
A.
--
One has a moral responsibility to disobey unjust laws.
- Martin Luther King, Jr.
Reply to: