From 7e509333accb638f4387f6e18e63b4d554f8b564 Mon Sep 17 00:00:00 2001 From: Giulio Benetti Date: Tue, 3 Sep 2019 12:12:16 +0200 Subject: [PATCH] package/libnss: security bump to version 3.46 Fixes the following security issues: (3.44.1) CVE-2019-11729: More thorough input checking CVE-2019-11719: Don't unnecessarily strip leading 0's from key material during PKCS11 import CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 Note: This version requires nspr 4.22 or newer provided by the previous patch. Signed-off-by: Giulio Benetti Signed-off-by: Thomas Petazzoni --- package/libnss/libnss.hash | 2 +- package/libnss/libnss.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash index 1d600f14ef..678f39b090 100644 --- a/package/libnss/libnss.hash +++ b/package/libnss/libnss.hash @@ -1,4 +1,4 @@ # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS -sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz +sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz # Locally calculated sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk index 34e9d41968..776f232ad5 100644 --- a/package/libnss/libnss.mk +++ b/package/libnss/libnss.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBNSS_VERSION = 3.42.1 +LIBNSS_VERSION = 3.46 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src LIBNSS_DISTDIR = dist -- 2.30.2