nss 3.26.2 in jessie?
Hi,
We (the LTS team, but mainly me and buxy) are working on an update to
the NSS package for wheezy, and we just packaged the upstream 3.26.2
release since it was a minimal diff that was easy to review.
We can't really update with a 3.26.2 version without making sure jessie
follows suite as well.
Can I upload that package to 3.26.2? For now it looks like this:
https://people.debian.org/~hertzog/packages/nss_3.26.2-1+deb7u1.dsc
I'm making sure it will build in arm right now, and that the test suite
(and bundled autopkgtests) will pass as well.
Here's the debdiff between jessie and buxy's packages:
diff -Nru nss-3.26/debian/changelog nss-3.26.2/debian/changelog
--- nss-3.26/debian/changelog 2016-10-03 15:17:46.000000000 -0400
+++ nss-3.26.2/debian/changelog 2016-11-30 15:09:36.000000000 -0500
@@ -1,161 +1,153 @@
-nss (2:3.26-1+debu8u1) jessie-security; urgency=medium
+nss (2:3.26.2-1+deb7u1) UNRELEASED; urgency=high
- * New upstream release. Closes: #583651.
- * Remove SPI CA certificate.
- * Remove transitional compatibility kludge for renegotiation handling.
- * Update watch file and Vcs URLs, and the symbols file from unstable.
-
- -- Florian Weimer <fw@deneb.enyo.de> Mon, 03 Oct 2016 21:17:21 +0200
-
-nss (2:3.17.2-1.1+deb8u2) jessie; urgency=medium
+ [ Antoine Beaupré ]
+ * Non-maintainer upload by the LTS Security Team.
+ * New upstream release to fix CVE-2016-9074
+ * CVE-2016-9074: existing mitigation of timing side-channel attacks
+ insufficient
+ * also includes a fix for aborted client connexions with MD5 algorithm
+ selection
+ * remove weird debian/changelog.n file from previous upload
+
+ [ Raphaël Hertzog ]
+ * Run upstream test suite (cf #806639).
+ * Add autopkgtest (cf #806207).
+ * Force use of gcc-4.7 and g++-4.7 to fix FTBFS on arm*.
+ * Update nss/tests/libpkix/certs/PayPal*.cert to work-around
+ the fact that the former certificates have expired. Also
+ update the expected OID through
+ debian/patches/replace_expired_paypal_cert.patch.
- [ Andrew Ayer ]
- * Apply upstream patch (99_prefer_stronger_cert_chains.patch) to fix
- certificate chain generation to prefer stronger/newer certificates
- over weaker/older certs. Closes: #774195.
+ -- Antoine Beaupré <anarcat@debian.org> Wed, 30 Nov 2016 15:09:36 -0500
- -- Christoph Egger <christoph@debian.org> Sat, 15 Aug 2015 12:40:31 +0200
+nss (2:3.26-1+debu7u1) wheezy-security; urgency=medium
-nss (2:3.17.2-1.1+deb8u1) jessie-security; urgency=high
-
- * Non-maintainer upload by the Security Team.
- * Add 99_CVE-2015-2721.patch patch.
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange.
- * Add 100_CVE-2015-2730.patch patch.
- CVE-2015-2730: ECDSA signature validation fails to handle some
- signatures correctly.
+ * New upstream release. Closes: #583651.
+ * This is a backport of the release made for jessie-security including
+ but not limited to:
+ - Watch file update
+ - Control file improvements.
+ - Build dependency on nspr 4.12 (important part to solve #583651).
+ - Patch modifications to work with new upstream source.
+ - Patch removals (as they are already incorporated upstream).
+ - debian/rules updates to work with new upstream release.
- -- Salvatore Bonaccorso <carnil@debian.org> Tue, 11 Aug 2015 19:37:12 +0200
+ -- Ola Lundqvist <opal@debian.org> Thu, 20 Oct 2016 21:49:31 +0200
-nss (2:3.17.2-1.1) unstable; urgency=medium
+nss (2:3.14.5-1+deb7u8) wheezy-security; urgency=medium
* Non-maintainer upload.
- * Fix CVE-2014-1569. Closes: #773625.
+ * debian/patches/CVE-2016-2834-1.patch
+ debian/patches/CVE-2016-2834-2.patch
+ debian/patches/CVE-2016-2834-3.patch
+ debian/patches/CVE-2016-2834-4.patch
+ + Backport patches from upstream, addresses four moderate rated
+ networking security issues (MFSA2016-61 / CVE-2016-2834).
- -- Matt Kraai <kraai@debian.org> Sun, 21 Dec 2014 19:46:52 -0800
+ -- Emilio Pozuelo Monfort <pochu@debian.org> Sat, 25 Jun 2016 16:48:23 +0200
-nss (2:3.17.2-1) unstable; urgency=medium
+nss (2:3.14.5-1+deb7u7) wheezy-security; urgency=high
- * New upstream release.
-
- -- Mike Hommey <glandium@debian.org> Sat, 18 Oct 2014 13:22:04 +0900
+ * Non-maintainer upload by the Long Term Security Team.
+ * Add CVE-2015-4000.patch patch.
+ CVE-2015-4000: NSS patch increasing limit to 1023 bits.
-nss (2:3.17.1-1) unstable; urgency=high
+ -- Ola Lundqvist <opal@debian.org> Fri, 03 Jun 2016 10:05:19 +0000
- * New upstream release.
- - Fixes CVE-2014-1568.
- - Add support for ppc64el, with a non-broken patch. Closes: #745757.
- * debian/libnss3.symbols: Add NSSUTIL_3.17.1 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Wed, 24 Sep 2014 22:16:32 +0900
-
-nss (2:3.17-1) unstable; urgency=medium
-
- * New upstream release.
- * nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757.
-
- -- Mike Hommey <glandium@debian.org> Sun, 24 Aug 2014 08:41:37 +0900
-
-nss (2:3.16.3-1.1) unstable; urgency=low
-
- * Non-maintainer upload to delayed.
- * Add support for ppc64el. Closes: #745757
-
- -- Andreas Barth <aba@ayous.org> Mon, 18 Aug 2014 20:01:00 +0000
-
-nss (2:3.16.3-1) unstable; urgency=medium
-
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16.2 symbol versions.
+nss (2:3.14.5-1+deb7u6) wheezy-security; urgency=high
- -- Mike Hommey <glandium@debian.org> Sun, 13 Jul 2014 09:24:12 +0900
-
-nss (2:3.16.1-1) unstable; urgency=medium
+ [ Guido Günther ]
+ * Non-maintainer upload by the Security Team.
+ * Add CVE-2015-7182.patch:
+ CVE-2015-7182: Heap-based buffer overflow in the ASN.1 decoder
+ * Add CVE-2015-7181.patch:
+ CVE-2015-7181: The sec_asn1d_parse_leaf function improperly restricts
+ access to an unspecified data structure
+ * Add autopkgtest for certificate generation/signing and library linking
+
+ [ Antoine Beaupré ]
+ * Add CVE-2016-1938.patch, ported from squeeze:
+ CVE-2016-1938: The s_mp_div function in lib/freebl/mpi/mpi.c in
+ improperly divides numbers, which might make it easier for remote
+ attackers to defeat cryptographic protection mechanisms
+ * Add CVE-2016-1950.patch:
+ CVE-2016-1950: Heap-based buffer overflow allows remote attackers to
+ execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
+ * Add CVE-2016-1978.patch:
+ CVE-2016-1978: Use-after-free vulnerability in the
+ ssl3_HandleECDHServerKeyExchange function allows remote attackers to
+ cause a denial of service or possibly have unspecified other impact by
+ making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory
+ consumption.
+ * Add CVE-2016-1979.patch:
+ CVE-2016-1979: Use-after-free vulnerability in the
+ PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote
+ attackers to cause a denial of service or possibly have unspecified
+ other impact via crafted key data with DER encoding.
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16.1 symbol versions.
+ -- Antoine Beaupré <anarcat@debian.org> Tue, 29 Mar 2016 11:57:06 -0400
- -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2014 17:24:57 +0900
+nss (2:3.14.5-1+deb7u5) wheezy-security; urgency=high
-nss (2:3.16-1) unstable; urgency=medium
+ * Non-maintainer upload by the Security Team.
+ * Add CVE-2015-2721.patch patch.
+ CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange.
+ * Add CVE-2015-2730.patch patch.
+ CVE-2015-2730: ECDSA signature validation fails to handle some
+ signatures correctly.
- * New upstream release.
- * debian/libnss3.symbols: Add NSS_3.16 symbol versions.
- * nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates.
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 11 Aug 2015 17:44:07 +0200
- -- Mike Hommey <glandium@debian.org> Fri, 21 Mar 2014 08:10:24 +0900
+nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high
-nss (2:3.15.4-2) unstable; urgency=high
+ * Non-maintainer upload by the Security Team.
+ * Add CVE-2014-1569.patch.
+ CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing
+ undetected smuggling of arbitrary data. (Closes: #773625)
- * Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490
- and CVE-2014-1491. Bumping urgency as such.
- * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
- Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061.
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 29 Dec 2014 16:11:33 +0100
- -- Mike Hommey <glandium@debian.org> Wed, 05 Feb 2014 16:26:06 +0900
+nss (2:3.14.5-1+deb7u3) wheezy-security; urgency=medium
-nss (2:3.15.4-1) unstable; urgency=low
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2014-1544: improper removal of an NSSCertificate structure
+ from a trust domain.
- * New upstream release.
- * Acknowledge NMU.
- * debian/rules: Avoid long one-liner with semi-colons.
- * debian/patches/*: Refresh patches.
- * debian/copyright: Update. Closes: #730428.
- * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules:
- Add shared cert and key databases. Thanks Timo Aaltonen. Closes: #537866.
- * debian/rules: Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH.
- * debian/control: Mark libnss3-dev as Multi-Arch: same. Thanks Shawn
- Landden. Closes: #682925.
- * debian/libnss3.symbols: Add NSS_3.15.4 symbol versions.
-
- -- Mike Hommey <glandium@debian.org> Mon, 13 Jan 2014 10:46:04 +0900
+ -- Sebastien Delafond <seb@debian.org> Mon, 10 Nov 2014 14:29:23 +0100
-nss (2:3.15.3.1-1.1) unstable; urgency=low
+nss (2:3.14.5-1+deb7u2) wheezy-security; urgency=high
- * Non-Maintainer Upload
- - ship extra NSS utilities (Closes: #701141)
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2014-1568: RSA signature verification bypass.
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 04 Jan 2014 11:34:41 -0500
+ -- Yves-Alexis Perez <corsac@debian.org> Wed, 24 Sep 2014 16:46:09 +0200
-nss (2:3.15.3.1-1) unstable; urgency=high
+nss (2:3.14.5-1+deb7u1) wheezy-security; urgency=high
- * New upstream release.
- - Distrusts AC DG Tresor SSL CA.
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2014-1492: Incorrect IDNA domain name matching for wildcard
+ certificates.
+ * Fix CVE-2014-1491: Do not allow p-1 as a public DH value.
+ * Fix CVE-2013-5606: Properly return a certificate validation error when
+ using the verifylog mode.
+ * Fix CVE-2013-1741: Runaway memset in certificate parsing on 64-bit
+ computers leading to a crash by attempting to write 4Gb of nulls.
- -- Mike Hommey <glandium@debian.org> Sun, 15 Dec 2013 10:09:48 +0900
+ -- Raphael Geissert <geissert@debian.org> Tue, 29 Jul 2014 11:01:52 +0200
-nss (2:3.15.3-1) unstable; urgency=high
+nss (2:3.14.5-1) stable-security; urgency=low
* New upstream release.
- - Fixes CVE-2013-1741, CVE-2013-5605, CVE-2013-5606.
+ - Fixes CVE-2013-5605.
- -- Mike Hommey <glandium@debian.org> Sat, 16 Nov 2013 08:50:45 +0900
+ -- Mike Hommey <glandium@debian.org> Sat, 16 Nov 2013 08:23:54 +0900
-nss (2:3.15.2-1) unstable; urgency=low
+nss (2:3.14.4-1) stable-security; urgency=low
* New upstream release.
- Fixes CVE-2013-1739. Closes: #726473.
- -- Mike Hommey <glandium@debian.org> Mon, 21 Oct 2013 08:05:24 +0900
-
-nss (2:3.15.1-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches.
- * debian/patches/lower-dhe-priority.patch: Removed, as it was only necessary
- for Iceweasel 3.5, which is long gone.
-
- -- Mike Hommey <glandium@debian.org> Mon, 05 Aug 2013 14:41:14 +0900
-
-nss (2:3.15-1) unstable; urgency=low
-
- * New upstream release.
- * debian/patches/*: Refresh patches and removed unused ones.
- * debian/rules: Adjusted to the new source layout.
- * debian/libnss3.symbols: Add NSS*_3.15 symbol versions.
- * debian/control: Bump nspr build dependency.
-
- -- Mike Hommey <glandium@debian.org> Sat, 15 Jun 2013 19:23:12 +0900
+ -- Mike Hommey <glandium@debian.org> Thu, 31 Oct 2013 13:51:57 +0900
nss (2:3.14.3-1) unstable; urgency=high
diff -Nru nss-3.26/debian/control nss-3.26.2/debian/control
--- nss-3.26/debian/control 2016-10-03 15:18:55.000000000 -0400
+++ nss-3.26.2/debian/control 2016-11-30 15:09:36.000000000 -0500
@@ -7,7 +7,8 @@
dpkg-dev (>= 1.16.1.1~),
libnspr4-dev (>= 2:4.12),
zlib1g-dev,
- libsqlite3-dev (>= 3.3.9)
+ libsqlite3-dev (>= 3.3.9),
+ gcc-4.7
Standards-Version: 3.9.3.0
Homepage: http://www.mozilla.org/projects/security/pki/nss/
Vcs-Git: https://anonscm.debian.org/git/pkg-mozilla/nss.git
diff -Nru nss-3.26/debian/patches/replace_expired_paypal_cert.patch nss-3.26.2/debian/patches/replace_expired_paypal_cert.patch
--- nss-3.26/debian/patches/replace_expired_paypal_cert.patch 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/patches/replace_expired_paypal_cert.patch 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,29 @@
+Description: Two tests are failing due to PayPalEE.cert having expired
+ $ nss-pp -t c -i tests/libpkix/certs/PayPalEE.cert|grep After
+ Not After : Fri Dec 16 12:00:00 2016
+ We update the associated meta-data and will replace the binary
+ certificates separately through debian/source/include-binaries.
+ .
+ This problem is the same than two years ago:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1151037
+Author: Raphaël Hertzog <hertzog@debian.org>
+
+--- a/nss/tests/chains/scenarios/realcerts.cfg
++++ b/nss/tests/chains/scenarios/realcerts.cfg
+@@ -21,7 +21,7 @@ verify TestUser51:x
+ result pass
+
+ verify PayPalEE:x
+- policy OID.2.16.840.1.114412.1.1
++ policy OID.2.16.840.1.113733.1.7.23.6
+ result pass
+
+ verify BrAirWaysBadSig:x
+--- a/nss/tests/libpkix/vfychain_test.lst
++++ b/nss/tests/libpkix/vfychain_test.lst
+@@ -1,4 +1,4 @@
+ # Status | Leaf Cert | Policies | Others(undef)
+ 0 TestUser50 undef
+ 0 TestUser51 undef
+-0 PayPalEE OID.2.16.840.1.114412.1.1
++0 PayPalEE OID.2.16.840.1.113733.1.7.23.6
diff -Nru nss-3.26/debian/patches/series nss-3.26.2/debian/patches/series
--- nss-3.26/debian/patches/series 2016-10-03 15:27:18.000000000 -0400
+++ nss-3.26.2/debian/patches/series 2016-11-30 15:09:36.000000000 -0500
@@ -2,3 +2,4 @@
38_kbsd.patch
80_security_tools.patch
85_security_load.patch
+replace_expired_paypal_cert.patch
diff -Nru nss-3.26/debian/rules nss-3.26.2/debian/rules
--- nss-3.26/debian/rules 2016-10-03 15:42:41.000000000 -0400
+++ nss-3.26.2/debian/rules 2016-11-30 15:09:36.000000000 -0500
@@ -6,6 +6,9 @@
$(call lazy,CPPFLAGS,$$(shell dpkg-buildflags --get CPPFLAGS))
$(call lazy,LDFLAGS,$$(shell dpkg-buildflags --get LDFLAGS))
+export CC=gcc-4-7
+export CXX=g++-4.7
+
PREPROCESS_FILES := $(wildcard debian/*.in)
$(PREPROCESS_FILES:.in=): %: %.in
@@ -50,7 +53,6 @@
SOURCE_MD_DIR=$(DISTDIR) \
DIST=$(DISTDIR) \
BUILD_OPT=1 \
- NS_USE_GCC=1 \
OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \
LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \
DSO_LDOPTS='-shared $$(LDFLAGS)' \
@@ -155,6 +157,20 @@
dh_gencontrol -- -Vmisc:Multi-Arch=same
endif
+override_dh_auto_test:
+ # Create .chk files for FIPS mode tests
+ $(foreach lib,libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnssdbm3.so, \
+ $(call cmd,cd $(DISTDIR)/lib; LD_LIBRARY_PATH=$(DISTDIR)/lib $(DISTDIR)/bin/shlibsign -v -i $(lib)))
+ # Run tests
+ export DIST=$(CURDIR) &&\
+ export OBJDIR=dist &&\
+ export IP_ADDRESS=127.0.0.1 &&\
+ export USE_IP=TRUE &&\
+ export NSS_CYCLES=standard &&\
+ cd $(CURDIR)/nss/tests && ./all.sh
+ # Cleanup
+ rm -f dist/lib/*.chk
+
override_dh_builddeb:
dh_builddeb -- -Zxz
diff -Nru nss-3.26/debian/source/include-binaries nss-3.26.2/debian/source/include-binaries
--- nss-3.26/debian/source/include-binaries 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/source/include-binaries 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,3 @@
+nss/tests/libpkix/certs/PayPalEE.cert
+nss/tests/libpkix/certs/PayPalICA.cert
+nss/tests/libpkix/certs/PayPalRootCA.cert
diff -Nru nss-3.26/debian/tests/control nss-3.26.2/debian/tests/control
--- nss-3.26/debian/tests/control 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/tests/control 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,5 @@
+Tests: test-cert.sh test-fips.sh
+Depends: libnss3-tools
+
+Tests: test-link.make
+Depends: libnss3-dev, pkg-config, g++
diff -Nru nss-3.26/debian/tests/test-cert.sh nss-3.26.2/debian/tests/test-cert.sh
--- nss-3.26/debian/tests/test-cert.sh 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/tests/test-cert.sh 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+# Check some basic CA operations
+
+set -e
+
+cleanup() {
+ [ -z "$DIR" ] || rm -rf "$DIR"
+}
+
+
+run_certutil() {
+ CMD="certutil -z $DIR/random -f $DIR/passwd -d sql:$DIR $@"
+ echo "Running: $CMD"
+ $CMD
+}
+
+DIR=`mktemp -p . -d`
+trap cleanup EXIT ERR
+
+dd bs=20 count=1 if=/dev/urandom of=$DIR/random 2>/dev/null
+echo "password" > $DIR/passwd
+
+# Create the database
+run_certutil -N
+# Create a self signed certificate
+run_certutil -S -k rsa -n test-ca -s CN=testca -t c -x 2>/dev/null
+# Create a certificate request
+run_certutil -R -k rsa -g 2048 -n test-cert -s "CN=testcert" -o $DIR/cert.req -a 2>/dev/null
+# Sign with ca
+run_certutil -C -m 10000 -c test-ca -i $DIR/cert.req -o $DIR/cert.cer -a
+run_certutil -A -n test-cert -i $DIR/cert.cer -t c -a
+
+echo -n "Checking if ca is present..."
+run_certutil -L -n test-ca >/dev/null
+echo "OK."
+
+echo -n "Checking if cert present..."
+run_certutil -L -n test-cert >/dev/null
+echo "OK."
+
+exit 0
diff -Nru nss-3.26/debian/tests/test-fips.sh nss-3.26.2/debian/tests/test-fips.sh
--- nss-3.26/debian/tests/test-fips.sh 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/tests/test-fips.sh 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# Enable fips mode
+
+set -e
+
+cleanup() {
+ [ -z "$DIR" ] || rm -rf "$DIR"
+}
+
+
+run_certutil() {
+ CMD="certutil -z $DIR/random -f $DIR/passwd -d sql:$DIR $@"
+ echo "Running: $CMD"
+ $CMD
+}
+
+DIR=`mktemp -p . -d`
+trap cleanup EXIT ERR
+
+modutil -create -dbdir $DIR < /dev/null
+modutil -fips true -dbdir $DIR < /dev/null
diff -Nru nss-3.26/debian/tests/test-link.cpp nss-3.26.2/debian/tests/test-link.cpp
--- nss-3.26/debian/tests/test-link.cpp 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/tests/test-link.cpp 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,25 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <nss.h>
+
+int main()
+{
+ int ret = 0;
+ SECStatus s;
+ char *t = strdup("/tmp/nss.XXXXXX");
+ char *tmpdir = mkdtemp(t);
+
+ if (tmpdir == NULL)
+ fprintf(stderr, "Failed to create temp directory: %s", strerror(errno));
+
+ s = NSS_InitReadWrite(tmpdir);
+ if (s != SECSuccess)
+ ret = 2;
+
+ NSS_Shutdown();
+ free(t);
+
+ return ret;
+}
diff -Nru nss-3.26/debian/tests/test-link.make nss-3.26.2/debian/tests/test-link.make
--- nss-3.26/debian/tests/test-link.make 1969-12-31 19:00:00.000000000 -0500
+++ nss-3.26.2/debian/tests/test-link.make 2016-11-30 15:09:36.000000000 -0500
@@ -0,0 +1,10 @@
+#!/usr/bin/make -f
+
+all: a.out
+ ./a.out
+ rm -f a.out
+
+a.out: debian/tests/test-link.cpp
+ g++ -Wall -Werror $< $(shell pkg-config --cflags nss) $(shell pkg-config --libs nss)
+
+.PHONY: all
diff -Nru nss-3.26/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc nss-3.26.2/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
--- nss-3.26/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc 2016-10-10 10:54:09.000000000 -0400
@@ -22,6 +22,38 @@
namespace nss_test {
+class TlsInspectorCertificateRequestSigAlgSetter : public TlsHandshakeFilter {
+ public:
+ TlsInspectorCertificateRequestSigAlgSetter(SSLSignatureAndHashAlg sig_alg)
+ : sig_alg_(sig_alg) {}
+
+ virtual PacketFilter::Action FilterHandshake(
+ const HandshakeHeader& header,
+ const DataBuffer& input, DataBuffer* output) {
+ if (header.handshake_type() != kTlsHandshakeCertificateRequest) {
+ return KEEP;
+ }
+
+ TlsParser parser(input);
+ *output = input;
+
+ // Skip certificate types.
+ parser.SkipVariable(1);
+
+ // Skip sig algs length.
+ parser.Skip(2);
+
+ // Write signature algorithm.
+ output->Write(parser.consumed(), sig_alg_.hashAlg, 1);
+ output->Write(parser.consumed() + 1, sig_alg_.sigAlg, 1);
+
+ return CHANGE;
+ }
+
+ private:
+ SSLSignatureAndHashAlg sig_alg_;
+};
+
TEST_P(TlsConnectGeneric, ClientAuth) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);
@@ -337,4 +369,41 @@
Receive(10);
}
+TEST_P(TlsConnectTls12, ClientAuthNoMatchingSigAlgs) {
+ Reset(TlsAgent::kServerEcdsa);
+ server_->RequestClientAuth(false);
+ client_->SetupClientAuth();
+
+ server_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+ server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
+ PR_ARRAY_SIZE(SignatureEcdsaSha256));
+
+ Connect();
+ CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+ EXPECT_TRUE(!SSL_PeerCertificate(server_->ssl_fd()));
+}
+
+TEST_P(TlsConnectTls12, CertificateRequestMd5) {
+ const SSLSignatureAndHashAlg md5_sig_alg = {ssl_hash_md5, ssl_sign_rsa};
+
+ const SSLSignatureAndHashAlg serverAlgorithms[] = {
+ {ssl_hash_sha1, ssl_sign_rsa},
+ {ssl_hash_sha256, ssl_sign_rsa}
+ };
+
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+ server_->SetPacketFilter(new TlsInspectorCertificateRequestSigAlgSetter
+ (md5_sig_alg));
+ server_->SetSignatureAlgorithms(serverAlgorithms,
+ PR_ARRAY_SIZE(serverAlgorithms));
+
+ client_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+ server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+
+ ConnectExpectFail();
+ ASSERT_EQ(SEC_ERROR_BAD_SIGNATURE, server_->error_code());
+ ASSERT_EQ(SSL_ERROR_DECRYPT_ERROR_ALERT, client_->error_code());
+}
+
}
diff -Nru nss-3.26/nss/external_tests/ssl_gtest/tls_parser.h nss-3.26.2/nss/external_tests/ssl_gtest/tls_parser.h
--- nss-3.26/nss/external_tests/ssl_gtest/tls_parser.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/external_tests/ssl_gtest/tls_parser.h 2016-10-10 10:54:09.000000000 -0400
@@ -29,6 +29,7 @@
const uint8_t kTlsHandshakeEncryptedExtensions = 8;
const uint8_t kTlsHandshakeCertificate = 11;
const uint8_t kTlsHandshakeServerKeyExchange = 12;
+const uint8_t kTlsHandshakeCertificateRequest = 13;
const uint8_t kTlsHandshakeCertificateVerify = 15;
const uint8_t kTlsHandshakeClientKeyExchange = 16;
const uint8_t kTlsHandshakeFinished = 20;
diff -Nru nss-3.26/nss/.hg_archival.txt nss-3.26.2/nss/.hg_archival.txt
--- nss-3.26/nss/.hg_archival.txt 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/.hg_archival.txt 2016-10-10 10:54:09.000000000 -0400
@@ -1,4 +1,4 @@
repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f
-node: f118cfd3948a9198bff6db23a300073897fb59c0
+node: 5bb734f18d10e207cdfb222dbdb8be56dfdd0f64
branch: NSS_3_26_BRANCH
-tag: NSS_3_26_RTM
+tag: NSS_3_26_2_RTM
diff -Nru nss-3.26/nss/lib/nss/nss.h nss-3.26.2/nss/lib/nss/nss.h
--- nss-3.26/nss/lib/nss/nss.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/nss/nss.h 2016-10-10 10:54:09.000000000 -0400
@@ -22,10 +22,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.26" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.26.2" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 26
-#define NSS_VPATCH 0
+#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
diff -Nru nss-3.26/nss/lib/softoken/softkver.h nss-3.26.2/nss/lib/softoken/softkver.h
--- nss-3.26/nss/lib/softoken/softkver.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/softoken/softkver.h 2016-10-10 10:54:09.000000000 -0400
@@ -25,10 +25,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.26" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.26.2" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 26
-#define SOFTOKEN_VPATCH 0
+#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff -Nru nss-3.26/nss/lib/ssl/ssl3con.c nss-3.26.2/nss/lib/ssl/ssl3con.c
--- nss-3.26/nss/lib/ssl/ssl3con.c 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/ssl/ssl3con.c 2016-10-10 10:54:09.000000000 -0400
@@ -7881,7 +7881,7 @@
return rv;
}
-static void
+static SECStatus
ssl3_DecideTls12CertVerifyHash(sslSocket *ss, const SECItem *algorithms);
typedef struct dnameNode {
@@ -8112,7 +8112,10 @@
}
if (ss->ssl3.hs.hashType == handshake_hash_record ||
ss->ssl3.hs.hashType == handshake_hash_single) {
- ssl3_DecideTls12CertVerifyHash(ss, algorithms);
+ rv = ssl3_DecideTls12CertVerifyHash(ss, algorithms);
+ if (rv != SECSuccess) {
+ goto send_no_certificate;
+ }
}
break; /* not an error */
@@ -10187,7 +10190,7 @@
return SECFailure;
}
-static void
+static SECStatus
ssl3_DecideTls12CertVerifyHash(sslSocket *ss, const SECItem *algorithms)
{
SECStatus rv;
@@ -10201,7 +10204,7 @@
/* Determine the key's signature algorithm and whether it prefers SHA-1. */
rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1);
if (rv != SECSuccess) {
- return;
+ return SECFailure;
}
/* Determine the server's hash support for that signature algorithm. */
@@ -10210,6 +10213,9 @@
SSLHashType hashAlg = algorithms->data[i];
SECOidTag hashOID;
PRUint32 policy;
+ if (hashAlg == ssl_hash_md5) {
+ continue; /* No MD5 signature support. */
+ }
if (hashAlg == ssl_hash_sha1 &&
ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
/* TLS 1.3 explicitly forbids using SHA-1 with certificate_verify. */
@@ -10239,6 +10245,13 @@
} else {
ss->ssl3.hs.tls12CertVerifyHash = otherHashAlg;
}
+
+ /* We didn't find a sigAlg matching the client cert's key type. */
+ if (ss->ssl3.hs.tls12CertVerifyHash == ssl_hash_none) {
+ return SECFailure;
+ }
+
+ return SECSuccess;
}
static SECStatus
@@ -12983,6 +12996,13 @@
return DUPLICATE_MSB_TO_ALL_8(c);
}
+/* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */
+static unsigned char
+ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b)
+{
+ return (mask & a) | (~mask & b);
+}
+
static SECStatus
ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
unsigned int blockSize,
@@ -13086,22 +13106,54 @@
/* scanStart contains the number of bytes that we can ignore because
* the MAC's position can only vary by 255 bytes. */
unsigned scanStart = 0;
- unsigned i, j, divSpoiler;
+ unsigned i, j;
unsigned char rotateOffset;
- if (originalLength > macSize + 255 + 1)
+ if (originalLength > macSize + 255 + 1) {
scanStart = originalLength - (macSize + 255 + 1);
+ }
- /* divSpoiler contains a multiple of macSize that is used to cause the
- * modulo operation to be constant time. Without this, the time varies
- * based on the amount of padding when running on Intel chips at least.
- *
- * The aim of right-shifting macSize is so that the compiler doesn't
- * figure out that it can remove divSpoiler as that would require it
- * to prove that macSize is always even, which I hope is beyond it. */
- divSpoiler = macSize >> 1;
- divSpoiler <<= (sizeof(divSpoiler) - 1) * 8;
- rotateOffset = (divSpoiler + macStart - scanStart) % macSize;
+ /* We want to compute
+ * rotateOffset = (macStart - scanStart) % macSize
+ * But the time to compute this varies based on the amount of padding. Thus
+ * we explicitely handle all mac sizes with (hopefully) constant time modulo
+ * using Barrett reduction:
+ * q := (rotateOffset * m) >> k
+ * rotateOffset -= q * n
+ * if (n <= rotateOffset) rotateOffset -= n
+ */
+ rotateOffset = macStart - scanStart;
+ /* rotateOffset < 255 + 1 + 48 = 304 */
+ if (macSize == 16) {
+ rotateOffset &= 15;
+ } else if (macSize == 20) {
+ /*
+ * Correctness: rotateOffset * ( 1/20 - 25/2^9 ) < 1
+ * with rotateOffset <= 853
+ */
+ unsigned q = (rotateOffset * 25) >> 9; /* m = 25, k = 9 */
+ rotateOffset -= q * 20;
+ rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 20),
+ 20, 0);
+ } else if (macSize == 32) {
+ rotateOffset &= 31;
+ } else if (macSize == 48) {
+ /*
+ * Correctness: rotateOffset * ( 1/48 - 10/2^9 ) < 1
+ * with rotateOffset < 768
+ */
+ unsigned q = (rotateOffset * 10) >> 9; /* m = 25, k = 9 */
+ rotateOffset -= q * 48;
+ rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 48),
+ 48, 0);
+ } else {
+ /*
+ * SHA384 (macSize == 48) is the largest we support. We should never
+ * get here.
+ */
+ PORT_Assert(0);
+ rotateOffset = rotateOffset % macSize;
+ }
memset(rotatedMac, 0, macSize);
for (i = scanStart; i < originalLength;) {
@@ -13117,12 +13169,16 @@
/* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line
* we could line-align |rotatedMac| and rotate in place. */
memset(out, 0, macSize);
+ rotateOffset = macSize - rotateOffset;
+ rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+ 0, rotateOffset);
for (i = 0; i < macSize; i++) {
- unsigned char offset =
- (divSpoiler + macSize - rotateOffset + i) % macSize;
for (j = 0; j < macSize; j++) {
- out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset);
+ out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, rotateOffset);
}
+ rotateOffset++;
+ rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+ 0, rotateOffset);
}
}
diff -Nru nss-3.26/nss/lib/util/nssutil.h nss-3.26.2/nss/lib/util/nssutil.h
--- nss-3.26/nss/lib/util/nssutil.h 2016-08-05 11:43:39.000000000 -0400
+++ nss-3.26.2/nss/lib/util/nssutil.h 2016-10-10 10:54:09.000000000 -0400
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.26"
+#define NSSUTIL_VERSION "3.26.2"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 26
-#define NSSUTIL_VPATCH 0
+#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
Les fichiers binaires /tmp/riF21ubUVz/nss-3.26/nss/tests/libpkix/certs/PayPalEE.cert et /tmp/K_WoURCaGC/nss-3.26.2/nss/tests/libpkix/certs/PayPalEE.cert sont différents
Les fichiers binaires /tmp/riF21ubUVz/nss-3.26/nss/tests/libpkix/certs/PayPalICA.cert et /tmp/K_WoURCaGC/nss-3.26.2/nss/tests/libpkix/certs/PayPalICA.cert sont différents
Les fichiers binaires /tmp/riF21ubUVz/nss-3.26/nss/tests/libpkix/certs/PayPalRootCA.cert et /tmp/K_WoURCaGC/nss-3.26.2/nss/tests/libpkix/certs/PayPalRootCA.cert sont différents
The diffstat:
debian/changelog | 230 ++++++++++------------
debian/control | 3
debian/patches/replace_expired_paypal_cert.patch | 29 ++
debian/patches/series | 1
debian/rules | 18 +
debian/source/include-binaries | 3
debian/tests/control | 5
debian/tests/test-cert.sh | 42 ++++
debian/tests/test-fips.sh | 22 ++
debian/tests/test-link.cpp | 25 ++
debian/tests/test-link.make | 10
nss/.hg_archival.txt | 4
nss/external_tests/ssl_gtest/ssl_auth_unittest.cc | 69 ++++++
nss/external_tests/ssl_gtest/tls_parser.h | 1
nss/lib/nss/nss.h | 4
nss/lib/softoken/softkver.h | 4
nss/lib/ssl/ssl3con.c | 94 +++++++-
nss/lib/util/nssutil.h | 4
18 files changed, 420 insertions(+), 148 deletions(-)
Ignore the nasty changelog for now - I will sync up with jessie's
changelog soon.
Can I get a go from you guys?
Thanks,
A.
--
Dans vos mensonges de pierre
Vous gaspillez le soleil
- Gilles Vigneault
Reply to: