* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
@ 2019-08-31 20:40 Giulio Benetti
2019-08-31 20:49 ` Giulio Benetti
0 siblings, 1 reply; 7+ messages in thread
From: Giulio Benetti @ 2019-08-31 20:40 UTC (permalink / raw)
To: buildroot
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
---
package/libnss/libnss.hash | 2 +-
package/libnss/libnss.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index 1d600f14ef..678f39b090 100644
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,4 +1,4 @@
# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
-sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
+sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
# Locally calculated
sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 34e9d41968..776f232ad5 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBNSS_VERSION = 3.42.1
+LIBNSS_VERSION = 3.46
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-08-31 20:40 [Buildroot] [PATCH] package/libnss: security bump to version 3.46 Giulio Benetti
@ 2019-08-31 20:49 ` Giulio Benetti
2019-09-01 3:51 ` Baruch Siach
0 siblings, 1 reply; 7+ messages in thread
From: Giulio Benetti @ 2019-08-31 20:49 UTC (permalink / raw)
To: buildroot
Subject should be: "package/libnss: bump to version 3.46" without
'security'.
Il 31/08/2019 22:40, Giulio Benetti ha scritto:
> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
> ---
> package/libnss/libnss.hash | 2 +-
> package/libnss/libnss.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
> index 1d600f14ef..678f39b090 100644
> --- a/package/libnss/libnss.hash
> +++ b/package/libnss/libnss.hash
> @@ -1,4 +1,4 @@
> # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
> -sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
> +sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
> # Locally calculated
> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> index 34e9d41968..776f232ad5 100644
> --- a/package/libnss/libnss.mk
> +++ b/package/libnss/libnss.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBNSS_VERSION = 3.42.1
> +LIBNSS_VERSION = 3.46
> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
> LIBNSS_DISTDIR = dist
>
--
Giulio Benetti
CTO
MICRONOVA SRL
Sede: Via A. Niedda 3 - 35010 Vigonza (PD)
Tel. 049/8931563 - Fax 049/8931346
Cod.Fiscale - P.IVA 02663420285
Capitale Sociale ? 26.000 i.v.
Iscritta al Reg. Imprese di Padova N. 02663420285
Numero R.E.A. 258642
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-08-31 20:49 ` Giulio Benetti
@ 2019-09-01 3:51 ` Baruch Siach
2019-09-01 9:03 ` Peter Korsgaard
2019-09-02 11:16 ` Giulio Benetti
0 siblings, 2 replies; 7+ messages in thread
From: Baruch Siach @ 2019-09-01 3:51 UTC (permalink / raw)
To: buildroot
Hi Giulio,
On Sat, Aug 31 2019, Giulio Benetti wrote:
> Subject should be: "package/libnss: bump to version 3.46" without
> 'security'.
This bump fixes CVE-2019-11727 and CVE-2019-11719. The commit log should
mention that though.
baruch
> Il 31/08/2019 22:40, Giulio Benetti ha scritto:
>> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
>> ---
>> package/libnss/libnss.hash | 2 +-
>> package/libnss/libnss.mk | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
>> index 1d600f14ef..678f39b090 100644
>> --- a/package/libnss/libnss.hash
>> +++ b/package/libnss/libnss.hash
>> @@ -1,4 +1,4 @@
>> # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
>> -sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
>> +sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
>> # Locally calculated
>> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
>> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
>> index 34e9d41968..776f232ad5 100644
>> --- a/package/libnss/libnss.mk
>> +++ b/package/libnss/libnss.mk
>> @@ -4,7 +4,7 @@
>> #
>> ################################################################################
>>
>> -LIBNSS_VERSION = 3.42.1
>> +LIBNSS_VERSION = 3.46
>> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
>> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
>> LIBNSS_DISTDIR = dist
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-09-01 3:51 ` Baruch Siach
@ 2019-09-01 9:03 ` Peter Korsgaard
2019-09-02 11:16 ` Giulio Benetti
1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2019-09-01 9:03 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Hi Giulio,
> On Sat, Aug 31 2019, Giulio Benetti wrote:
>> Subject should be: "package/libnss: bump to version 3.46" without
>> 'security'.
> This bump fixes CVE-2019-11727 and CVE-2019-11719. The commit log should
> mention that though.
Judging from the release notes, you also need to bump libnspr:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
NSS 3.46 requires NSPR 4.22 or newer.
Given that I plan on releasing 2019.08 tonight, this will most likely
have to wait for 2019.08.1.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-09-01 3:51 ` Baruch Siach
2019-09-01 9:03 ` Peter Korsgaard
@ 2019-09-02 11:16 ` Giulio Benetti
2019-09-02 14:11 ` Peter Korsgaard
1 sibling, 1 reply; 7+ messages in thread
From: Giulio Benetti @ 2019-09-02 11:16 UTC (permalink / raw)
To: buildroot
Hi Baruch,
Il 01/09/2019 05:51, Baruch Siach ha scritto:
> Hi Giulio,
>
> On Sat, Aug 31 2019, Giulio Benetti wrote:
>> Subject should be: "package/libnss: bump to version 3.46" without
>> 'security'.
>
> This bump fixes CVE-2019-11727 and CVE-2019-11719. The commit log should
> mention that though.
Sorry for my ignorance, where can I find the list of all CVE fixed by
nss? I've tried to check all around but can't find it.
Thanks in advance
--
Giulio Benetti
CTO
MICRONOVA SRL
Sede: Via A. Niedda 3 - 35010 Vigonza (PD)
Tel. 049/8931563 - Fax 049/8931346
Cod.Fiscale - P.IVA 02663420285
Capitale Sociale ? 26.000 i.v.
Iscritta al Reg. Imprese di Padova N. 02663420285
Numero R.E.A. 258642
>> Il 31/08/2019 22:40, Giulio Benetti ha scritto:
>>> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
>>> ---
>>> package/libnss/libnss.hash | 2 +-
>>> package/libnss/libnss.mk | 2 +-
>>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
>>> index 1d600f14ef..678f39b090 100644
>>> --- a/package/libnss/libnss.hash
>>> +++ b/package/libnss/libnss.hash
>>> @@ -1,4 +1,4 @@
>>> # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
>>> -sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
>>> +sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
>>> # Locally calculated
>>> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
>>> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
>>> index 34e9d41968..776f232ad5 100644
>>> --- a/package/libnss/libnss.mk
>>> +++ b/package/libnss/libnss.mk
>>> @@ -4,7 +4,7 @@
>>> #
>>> ################################################################################
>>>
>>> -LIBNSS_VERSION = 3.42.1
>>> +LIBNSS_VERSION = 3.46
>>> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
>>> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
>>> LIBNSS_DISTDIR = dist
>
> --
> http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
> - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-09-02 11:16 ` Giulio Benetti
@ 2019-09-02 14:11 ` Peter Korsgaard
2019-09-03 10:13 ` Giulio Benetti
0 siblings, 1 reply; 7+ messages in thread
From: Peter Korsgaard @ 2019-09-02 14:11 UTC (permalink / raw)
To: buildroot
>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:
> Hi Baruch,
> Il 01/09/2019 05:51, Baruch Siach ha scritto:
>> Hi Giulio,
>>
>> On Sat, Aug 31 2019, Giulio Benetti wrote:
>>> Subject should be: "package/libnss: bump to version 3.46" without
>>> 'security'.
>>
>> This bump fixes CVE-2019-11727 and CVE-2019-11719. The commit log should
>> mention that though.
> Sorry for my ignorance, where can I find the list of all CVE fixed by
> nss? I've tried to check all around but can't find it.
From the release notes:
CVE-2019-11719 and CVE-2019-11727 were fixed in 3.45:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.45_release_notes
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH] package/libnss: security bump to version 3.46
2019-09-02 14:11 ` Peter Korsgaard
@ 2019-09-03 10:13 ` Giulio Benetti
0 siblings, 0 replies; 7+ messages in thread
From: Giulio Benetti @ 2019-09-03 10:13 UTC (permalink / raw)
To: buildroot
Il 02/09/2019 16:11, Peter Korsgaard ha scritto:
>>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:
>
> > Hi Baruch,
> > Il 01/09/2019 05:51, Baruch Siach ha scritto:
> >> Hi Giulio,
> >>
> >> On Sat, Aug 31 2019, Giulio Benetti wrote:
> >>> Subject should be: "package/libnss: bump to version 3.46" without
> >>> 'security'.
> >>
> >> This bump fixes CVE-2019-11727 and CVE-2019-11719. The commit log should
> >> mention that though.
>
> > Sorry for my ignorance, where can I find the list of all CVE fixed by
> > nss? I've tried to check all around but can't find it.
>
> From the release notes:
>
> CVE-2019-11719 and CVE-2019-11727 were fixed in 3.45:
>
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.45_release_notes
>
Thank you, just sent v2 with reworded commit log and a previous patch
for bumping nspr version.
Best regards
--
Giulio Benetti
CTO
MICRONOVA SRL
Sede: Via A. Niedda 3 - 35010 Vigonza (PD)
Tel. 049/8931563 - Fax 049/8931346
Cod.Fiscale - P.IVA 02663420285
Capitale Sociale ? 26.000 i.v.
Iscritta al Reg. Imprese di Padova N. 02663420285
Numero R.E.A. 258642
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-09-03 10:13 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-08-31 20:40 [Buildroot] [PATCH] package/libnss: security bump to version 3.46 Giulio Benetti
2019-08-31 20:49 ` Giulio Benetti
2019-09-01 3:51 ` Baruch Siach
2019-09-01 9:03 ` Peter Korsgaard
2019-09-02 11:16 ` Giulio Benetti
2019-09-02 14:11 ` Peter Korsgaard
2019-09-03 10:13 ` Giulio Benetti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox