aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/nss
AgeCommit message (Collapse)Author
2015-02-23nss: CVE-2014-1544Li Wang
the patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 https://hg.mozilla.org/projects/nss/rev/204f22c527f8 author Robert Relyea <rrelyea@redhat.com> https://bugzilla.mozilla.org/show_bug.cgi?id=963150 Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from freeing the CERTCertificate associated with the NSSCertificate. r=wtc. Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 7ef613c7f4b9e4ff153766f31dae81fc4810c0df) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss: CVE-2013-5606Li Wang
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 https://bugzilla.mozilla.org/show_bug.cgi?id=910438 http://hg.mozilla.org/projects/nss/rev/d29898e0981c The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1e153b1b21276d56144add464d592cd7b96a4ede) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss-3.15.1: fix CVE-2013-1739yzhu1
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739 Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9b43af77d112e75fa9827a9080b7e94f41f9a116) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss: CVE-2013-1740Li Wang
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 https://bugzilla.mozilla.org/show_bug.cgi?id=919877 https://bugzilla.mozilla.org/show_bug.cgi?id=713933 changeset: 10946:f28426e944ae user: Wan-Teh Chang <wtc@google.com> date: Tue Nov 26 16:44:39 2013 -0800 summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls changeset: 10945:774c7dec7565 user: Wan-Teh Chang <wtc@google.com> date: Mon Nov 25 19:16:23 2013 -0800 summary: Bug 713933: Declare the |falseStart| local variable in the smallest changeset: 10848:141fae8fb2e8 user: Wan-Teh Chang <wtc@google.com> date: Mon Sep 23 11:25:41 2013 -0700 summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org changeset: 10898:1b9c43d28713 user: Brian Smith <brian@briansmith.org> date: Thu Oct 31 15:40:42 2013 -0700 summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> (cherry picked from commit 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss: CVE-2014-1492Li Wang
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> (cherry picked from commit a83a1b26704f1f3aadaa235bf38094f03b3610fd) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss-3.15.1: fix CVE-2013-5605yanjun.zhu
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 09e8cd6f09284ad3faf0bc05d623a43e2b174866) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23nss-3.15.1: fix CVE-2013-1741yanjun.zhu
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b666d173ff0ba213bf81e2c035a605a28e5395ea) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2013-09-30nss: Fix return codes in postinstallDavid Nyström
exit 0 was done if $D != NULL, if one or more shlibsign executions fails. Signed-off-by: David Nyström <david.nystrom@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-07-26nss:fix postinst failed at rootfs timeHongxu Jia
Create checksum file at rootfs time to support read-only rootfs. [YOCTO #4879] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-12nss: fix incorrect shebang line of perl scriptHongxu Jia
Replace incorrect shebang line with `#!/usr/bin/env perl'. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-12nss: create checksum files for the nss librariesHongxu Jia
Add checksum files required for the NSS softoken to operate in FIPS 140 mode. The shlibsign is invoked to sign the libraries, and it is built for the target architecture and doesn't support cross-compiling so far. Invoke shlibsign at target's first boot time to generate checksum files. https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6 http://en.wikipedia.org/wiki/FIPS_140 https://bugzilla.mozilla.org/show_bug.cgi?id=681624 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-12nss: add version 3.15.1Hongxu Jia
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards. [YOCTO #4096] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-14 00:34:50 +0000