package/libnss: security bump to version 3.46

Fixes the following security issues:

(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3

Note:
This version requires nspr 4.22 or newer provided by the previous patch.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index 1d600f14eff9b66415f82ebdbc733a1d4725b4df..678f39b0905a5cc3f6bc1d5834ab0e2548c79c81 100644 (file)
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,4 +1,4 @@
 # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
-sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6  nss-3.42.1.tar.gz
+sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef  nss-3.46.tar.gz
 # Locally calculated
 sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4  nss/COPYING

diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 34e9d4196849d31933c32ebe3db33f3fd7a4dc92..776f232ad50d8404533acd65bddf308701125579 100644 (file)
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSS_VERSION = 3.42.1
+LIBNSS_VERSION = 3.46
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
 LIBNSS_DISTDIR = dist