svn commit: r362631 - in head/security/nss: . files

Xin LI delphij at FreeBSD.org
Wed Jul 23 07:49:44 UTC 2014 

Author: delphij
Date: Wed Jul 23 07:49:43 2014
New Revision: 362631
URL: http://svnweb.freebsd.org/changeset/ports/362631
QAT: https://qat.redports.org/buildarchive/r362631/

Log:
  Apply vendor patch to fix race condition in certificate verification
  that can lead to remote code execution.
  
  Reference:	https://hg.mozilla.org/projects/nss/rev/204f22c527f8
  Security:	CVE-2014-1544
  Security:	978b0f76-122d-11e4-afe3-bc5ff4fb5e7b

Added:
  head/security/nss/files/patch-bug963150   (contents, props changed)
Modified:
  head/security/nss/Makefile

Modified: head/security/nss/Makefile
==============================================================================
--- head/security/nss/Makefile	Wed Jul 23 07:41:07 2014	(r362630)
+++ head/security/nss/Makefile	Wed Jul 23 07:49:43 2014	(r362631)
@@ -3,7 +3,7 @@
 
 PORTNAME=	nss
 PORTVERSION=	3.16.1
-PORTREVISION=	1
+PORTREVISION=	2
 #DISTVERSIONSUFFIX=	.with.ckbi.1.93
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src

Added: head/security/nss/files/patch-bug963150
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/nss/files/patch-bug963150	Wed Jul 23 07:49:43 2014	(r362631)
@@ -0,0 +1,30 @@
+diff --git lib/pk11wrap/pk11cert.c lib/pk11wrap/pk11cert.c
+--- lib/pk11wrap/pk11cert.c
++++ lib/pk11wrap/pk11cert.c
+@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
+ 	cert->istemp = PR_FALSE;
+ 	cert->isperm = PR_TRUE;
+     }
+ 
+     /* add the new instance to the cert, force an update of the
+      * CERTCertificate, and finish
+      */
+     nssPKIObject_AddInstance(&c->object, certobj);
++    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
++     * replace 'c' by a different value. So we add a reference to 'c' to
++     * prevent 'c' from being destroyed. */
++    nssCertificate_AddRef(c);
+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
++    /* XXX should we pass the original value of 'c' to
++     * STAN_ForceCERTCertificateUpdate? */
+     (void)STAN_ForceCERTCertificateUpdate(c);
++    nssCertificate_Destroy(c);
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     return SECSuccess;
+ loser:
+     CERT_MapStanError();
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ 	PORT_SetError(SEC_ERROR_ADDING_CERT);
+     }
+

More information about the svn-ports-all mailing list