From owner-svn-ports-all@FreeBSD.ORG Wed Jul 23 07:49:44 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C180F39D; Wed, 23 Jul 2014 07:49:44 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 94D942C4D; Wed, 23 Jul 2014 07:49:44 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6N7niYe099184; Wed, 23 Jul 2014 07:49:44 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6N7ni6W099182; Wed, 23 Jul 2014 07:49:44 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201407230749.s6N7ni6W099182@svn.freebsd.org> From: Xin LI Date: Wed, 23 Jul 2014 07:49:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362631 - in head/security/nss: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2014 07:49:44 -0000 Author: delphij Date: Wed Jul 23 07:49:43 2014 New Revision: 362631 URL: http://svnweb.freebsd.org/changeset/ports/362631 QAT: https://qat.redports.org/buildarchive/r362631/ Log: Apply vendor patch to fix race condition in certificate verification that can lead to remote code execution. Reference: https://hg.mozilla.org/projects/nss/rev/204f22c527f8 Security: CVE-2014-1544 Security: 978b0f76-122d-11e4-afe3-bc5ff4fb5e7b Added: head/security/nss/files/patch-bug963150 (contents, props changed) Modified: head/security/nss/Makefile Modified: head/security/nss/Makefile ============================================================================== --- head/security/nss/Makefile Wed Jul 23 07:41:07 2014 (r362630) +++ head/security/nss/Makefile Wed Jul 23 07:49:43 2014 (r362631) @@ -3,7 +3,7 @@ PORTNAME= nss PORTVERSION= 3.16.1 -PORTREVISION= 1 +PORTREVISION= 2 #DISTVERSIONSUFFIX= .with.ckbi.1.93 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src Added: head/security/nss/files/patch-bug963150 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/nss/files/patch-bug963150 Wed Jul 23 07:49:43 2014 (r362631) @@ -0,0 +1,30 @@ +diff --git lib/pk11wrap/pk11cert.c lib/pk11wrap/pk11cert.c +--- lib/pk11wrap/pk11cert.c ++++ lib/pk11wrap/pk11cert.c +@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT + cert->istemp = PR_FALSE; + cert->isperm = PR_TRUE; + } + + /* add the new instance to the cert, force an update of the + * CERTCertificate, and finish + */ + nssPKIObject_AddInstance(&c->object, certobj); ++ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and ++ * replace 'c' by a different value. So we add a reference to 'c' to ++ * prevent 'c' from being destroyed. */ ++ nssCertificate_AddRef(c); + nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); ++ /* XXX should we pass the original value of 'c' to ++ * STAN_ForceCERTCertificateUpdate? */ + (void)STAN_ForceCERTCertificateUpdate(c); ++ nssCertificate_Destroy(c); + SECITEM_FreeItem(keyID,PR_TRUE); + return SECSuccess; + loser: + CERT_MapStanError(); + SECITEM_FreeItem(keyID,PR_TRUE); + if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { + PORT_SetError(SEC_ERROR_ADDING_CERT); + } +