Date: Wed, 23 Jul 2014 07:49:44 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362631 - in head/security/nss: . files Message-ID: <201407230749.s6N7ni6W099182@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Jul 23 07:49:43 2014 New Revision: 362631 URL: http://svnweb.freebsd.org/changeset/ports/362631 QAT: https://qat.redports.org/buildarchive/r362631/ Log: Apply vendor patch to fix race condition in certificate verification that can lead to remote code execution. Reference: https://hg.mozilla.org/projects/nss/rev/204f22c527f8 Security: CVE-2014-1544 Security: 978b0f76-122d-11e4-afe3-bc5ff4fb5e7b Added: head/security/nss/files/patch-bug963150 (contents, props changed) Modified: head/security/nss/Makefile Modified: head/security/nss/Makefile ============================================================================== --- head/security/nss/Makefile Wed Jul 23 07:41:07 2014 (r362630) +++ head/security/nss/Makefile Wed Jul 23 07:49:43 2014 (r362631) @@ -3,7 +3,7 @@ PORTNAME= nss PORTVERSION= 3.16.1 -PORTREVISION= 1 +PORTREVISION= 2 #DISTVERSIONSUFFIX= .with.ckbi.1.93 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src Added: head/security/nss/files/patch-bug963150 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/nss/files/patch-bug963150 Wed Jul 23 07:49:43 2014 (r362631) @@ -0,0 +1,30 @@ +diff --git lib/pk11wrap/pk11cert.c lib/pk11wrap/pk11cert.c +--- lib/pk11wrap/pk11cert.c ++++ lib/pk11wrap/pk11cert.c +@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT + cert->istemp = PR_FALSE; + cert->isperm = PR_TRUE; + } + + /* add the new instance to the cert, force an update of the + * CERTCertificate, and finish + */ + nssPKIObject_AddInstance(&c->object, certobj); ++ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and ++ * replace 'c' by a different value. So we add a reference to 'c' to ++ * prevent 'c' from being destroyed. */ ++ nssCertificate_AddRef(c); + nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); ++ /* XXX should we pass the original value of 'c' to ++ * STAN_ForceCERTCertificateUpdate? */ + (void)STAN_ForceCERTCertificateUpdate(c); ++ nssCertificate_Destroy(c); + SECITEM_FreeItem(keyID,PR_TRUE); + return SECSuccess; + loser: + CERT_MapStanError(); + SECITEM_FreeItem(keyID,PR_TRUE); + if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { + PORT_SetError(SEC_ERROR_ADDING_CERT); + } +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407230749.s6N7ni6W099182>