From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 4/4] libnss: security bump to version 3.33
Date: Thu, 12 Oct 2017 23:17:11 +0200 [thread overview]
Message-ID: <20171012211711.17575-4-peter@korsgaard.com> (raw)
In-Reply-To: <20171012211711.17575-1-peter@korsgaard.com>
Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated. A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libnss/libnss.hash | 6 ++++--
package/libnss/libnss.mk | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index e4e24283cb..6c8ce83784 100644
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,2 +1,4 @@
-# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_31_RTM/src/SHA256SUMS
-sha256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d nss-3.31.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_33_RTM/src/SHA256SUMS
+sha256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 nss-3.33.tar.gz
+# Locally calculated
+sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 51559295ef..27d305cc34 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBNSS_VERSION = 3.31
+LIBNSS_VERSION = 3.33
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
--
2.11.0
next prev parent reply other threads:[~2017-10-12 21:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-12 21:17 [Buildroot] [PATCH 1/4] configs/qemu_aarch64_virt_defconfig: bump kernel to 4.13.6 Peter Korsgaard
2017-10-12 21:17 ` [Buildroot] [PATCH 2/4] configs/qemu_aarch64_virt_defconfig: build and use ext4 rootfs Peter Korsgaard
2017-10-12 21:17 ` [Buildroot] [PATCH 3/4] libnspr: bump version to 4.17 Peter Korsgaard
2017-10-12 21:17 ` Peter Korsgaard [this message]
2017-10-12 21:22 ` [Buildroot] [PATCH 1/4] configs/qemu_aarch64_virt_defconfig: bump kernel to 4.13.6 Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171012211711.17575-4-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox