Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Update to 3.34. Fixes JB#36180
Fixes CVE-2017-7805, CVE-2017-5461, CVE-2016-1938, and CVE-2015-7575
- Loading branch information
Showing
7 changed files
with
70 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
--- nss/lib/ckfw/pem/pobject.c.orig 2014-01-23 16:28:18.000000000 +0200 | ||
+++ nss/lib/ckfw/pem/pobject.c 2017-11-23 10:27:54.223998464 +0200 | ||
@@ -630,6 +630,11 @@ pem_DestroyInternalObject | ||
if (io->u.key.ivstring) | ||
free(io->u.key.ivstring); | ||
break; | ||
+ case pemAll: | ||
+ /* pemAll is not used, keep the compiler happy | ||
+ * TODO: investigate a proper solution | ||
+ */ | ||
+ return; | ||
} | ||
|
||
if (NULL != gobj) | ||
@@ -1044,7 +1049,9 @@ pem_CreateObject | ||
int nobjs = 0; | ||
int i; | ||
int objid; | ||
+#if 0 | ||
pemToken *token; | ||
+#endif | ||
int cipher; | ||
char *ivstring = NULL; | ||
pemInternalObject *listObj = NULL; | ||
@@ -1073,7 +1080,9 @@ pem_CreateObject | ||
} | ||
slotID = nssCKFWSlot_GetSlotID(fwSlot); | ||
|
||
+#if 0 | ||
token = (pemToken *) mdToken->etc; | ||
+#endif | ||
|
||
/* | ||
* only create keys and certs. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,54 +1,38 @@ | ||
diff -up ./nss/lib/sysinit/nsssysinit.c.603313 ./nss/lib/sysinit/nsssysinit.c | ||
--- ./nss/lib/sysinit/nsssysinit.c.603313 2010-10-15 13:57:42.719738316 -0700 | ||
+++ ./nss/lib/sysinit/nsssysinit.c 2010-10-15 14:07:51.704637349 -0700 | ||
@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_ | ||
--- ./nss/lib/sysinit/nsssysinit.c.603313 2017-11-14 10:01:25.000000000 +0200 | ||
+++ ./nss/lib/sysinit/nsssysinit.c 2017-11-22 16:28:56.324234787 +0200 | ||
@@ -231,6 +231,17 @@ get_list(char *filename, char *stripped_ | ||
sysdb = getSystemDB(); | ||
userdb = getUserDB(); | ||
|
||
- /* Don't open root's user DB */ | ||
+ /* return a list of databases to open. First the system database */ | ||
+ if (sysdb) { | ||
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; | ||
+ module_list[next++] = PR_smprintf( | ||
+ "library= " | ||
+ "module=\"NSS system database\" " | ||
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " | ||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"", | ||
+ module_list[next++] = PR_smprintf( | ||
+ "library= " | ||
+ "module=\"NSS system database\" " | ||
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " | ||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"", | ||
+ sysdb, readonly, nssflags); | ||
+ } | ||
+ | ||
+ /* Next the user database, but not for root. */ | ||
/* Don't open root's user DB */ | ||
if (userdb != NULL && !userIsRoot()) { | ||
- /* return a list of databases to open. First the user Database */ | ||
module_list[next++] = PR_smprintf( | ||
"library= " | ||
"module=\"NSS User database\" " | ||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " | ||
- "NSS=\"trustOrder=75 %sflags=internal%s\"", | ||
- userdb, stripped_parameters, nssflags, | ||
- isFIPS ? ",FIPS" : ""); | ||
+ "NSS=\"trustOrder=75 %sflags=internal%s\"", | ||
+ userdb, stripped_parameters, nssflags, | ||
+ isFIPS ? ",FIPS" : ""); | ||
/* return a list of databases to open. First the user Database */ | ||
@@ -252,17 +263,6 @@ get_list(char *filename, char *stripped_ | ||
userdb, stripped_parameters); | ||
} | ||
|
||
/* now open the user's defined PKCS #11 modules */ | ||
/* skip the local user DB entry */ | ||
@@ -283,17 +293,7 @@ get_list(char *filename, char *stripped_ | ||
"module=\"NSS User database\" " | ||
"parameters=\"configdir='sql:%s' %s\" " | ||
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", | ||
- userdb, stripped_parameters); | ||
- } | ||
- | ||
- /* now the system database (always read only unless it's root) */ | ||
- if (sysdb) { | ||
- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; | ||
- module_list[next++] = PR_smprintf( | ||
- "library= " | ||
- "module=\"NSS system database\" " | ||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " | ||
- "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags); | ||
+ userdb, stripped_parameters); | ||
} | ||
- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; | ||
- module_list[next++] = PR_smprintf( | ||
- "library= " | ||
- "module=\"NSS system database\" " | ||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " | ||
- "NSS=\"trustOrder=80 %sflags=internal,critical\"", | ||
- sysdb, readonly, nssflags); | ||
- } | ||
- | ||
/* that was the last module */ | ||
module_list[next] = 0; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters