* [PR PATCH] nss: update to 3.59.
@ 2020-11-21 2:31 sgn
2020-11-21 5:42 ` [PR PATCH] [Merged]: " sgn
0 siblings, 1 reply; 2+ messages in thread
From: sgn @ 2020-11-21 2:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 300 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages nss-update
https://github.com/void-linux/void-packages/pull/26548
nss: update to 3.59.
A patch file from https://github.com/void-linux/void-packages/pull/26548.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-nss-update-26548.patch --]
[-- Type: text/x-diff, Size: 7689 bytes --]
From 903b3454835bbd68653c998c06d275349592dda5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Mon, 16 Nov 2020 08:35:37 +0700
Subject: [PATCH] nss: update to 3.59.
---
srcpkgs/nss/patches/fix-bug1672703.patch | 137 -----------------------
srcpkgs/nss/template | 6 +-
2 files changed, 3 insertions(+), 140 deletions(-)
delete mode 100644 srcpkgs/nss/patches/fix-bug1672703.patch
diff --git a/srcpkgs/nss/patches/fix-bug1672703.patch b/srcpkgs/nss/patches/fix-bug1672703.patch
deleted file mode 100644
index 42347c8f91a..00000000000
--- a/srcpkgs/nss/patches/fix-bug1672703.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-commit b03a4fc5b902498414b02640dcb2717dfef9682f
-Author: Daiki Ueno <dueno@redhat.com>
-Date: Mon Oct 26 06:46:11 2020 +0100
-
- Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
-
- Summary:
- This flips the meaning of the flag for checking excessive CCS
- messages, so it only rejects multiple CCS messages while the first CCS
- message is always accepted.
-
- Reviewers: mt
-
- Reviewed By: mt
-
- Bug #: 1672703
-
- Differential Revision: https://phabricator.services.mozilla.com/D94603
----
- gtests/ssl_gtest/ssl_tls13compat_unittest.cc | 18 +++++++++---------
- lib/ssl/ssl3con.c | 20 +++++++-------------
- lib/ssl/sslimpl.h | 5 +----
- 3 files changed, 17 insertions(+), 26 deletions(-)
-
-diff --git gtests/ssl_gtest/ssl_tls13compat_unittest.cc gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-index dcede798cc..645f84ff02 100644
---- nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-+++ nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-@@ -348,8 +348,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHelloTwice) {
- client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
- }
-
--// The server rejects a ChangeCipherSpec if the client advertises an
--// empty session ID.
-+// The server accepts a ChangeCipherSpec even if the client advertises
-+// an empty session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
- EnsureTlsSetup();
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-@@ -358,9 +358,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
- client_->Handshake(); // Send ClientHello
- client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
-
-- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-- server_->Handshake(); // Consume ClientHello and CCS
-- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+ Handshake();
-+ CheckConnected();
- }
-
- // The server rejects multiple ChangeCipherSpec even if the client
-@@ -381,7 +380,7 @@ TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
-
--// The client rejects a ChangeCipherSpec if it advertises an empty
-+// The client accepts a ChangeCipherSpec even if it advertises an empty
- // session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
- EnsureTlsSetup();
-@@ -398,9 +397,10 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
- // send ServerHello..CertificateVerify
- // Send CCS
- server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-- client_->Handshake(); // Consume ClientHello and CCS
-- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+
-+ // No alert is sent from the client. As Finished is dropped, we
-+ // can't use Handshake() and CheckConnected().
-+ client_->Handshake();
- }
-
- // The client rejects multiple ChangeCipherSpec in a row even if the
-diff --git lib/ssl/ssl3con.c lib/ssl/ssl3con.c
-index 767ffc30f1..b652dcea34 100644
---- nss/lib/ssl/ssl3con.c
-+++ nss/lib/ssl/ssl3con.c
-@@ -6645,11 +6645,7 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
-
- /* TLS 1.3: We sent a session ID. The server's should match. */
- if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
-- if (sidMatch) {
-- ss->ssl3.hs.allowCcs = PR_TRUE;
-- return PR_TRUE;
-- }
-- return PR_FALSE;
-+ return sidMatch;
- }
-
- /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
-@@ -8696,7 +8692,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
- errCode = PORT_GetError();
- goto alert_loser;
- }
-- ss->ssl3.hs.allowCcs = PR_TRUE;
- }
-
- /* TLS 1.3 requires that compression include only null. */
-@@ -13066,15 +13061,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
- ss->ssl3.hs.ws != idle_handshake &&
- cText->buf->len == 1 &&
- cText->buf->buf[0] == change_cipher_spec_choice) {
-- if (ss->ssl3.hs.allowCcs) {
-- /* Ignore the first CCS. */
-- ss->ssl3.hs.allowCcs = PR_FALSE;
-+ if (!ss->ssl3.hs.rejectCcs) {
-+ /* Allow only the first CCS. */
-+ ss->ssl3.hs.rejectCcs = PR_TRUE;
- return SECSuccess;
-+ } else {
-+ alert = unexpected_message;
-+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
--
-- /* Compatibility mode is not negotiated. */
-- alert = unexpected_message;
-- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
-
- if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
-diff --git lib/ssl/sslimpl.h lib/ssl/sslimpl.h
-index 44c43a0e6c..35d0c2d6bc 100644
---- nss/lib/ssl/sslimpl.h
-+++ nss/lib/ssl/sslimpl.h
-@@ -710,10 +710,7 @@ typedef struct SSL3HandshakeStateStr {
- * or received. */
- PRBool receivedCcs; /* A server received ChangeCipherSpec
- * before the handshake started. */
-- PRBool allowCcs; /* A server allows ChangeCipherSpec
-- * as the middlebox compatibility mode
-- * is explicitly indicarted by
-- * legacy_session_id in TLS 1.3 ClientHello. */
-+ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */
- PRBool clientCertRequested; /* True if CertificateRequest received. */
- PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
- ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
diff --git a/srcpkgs/nss/template b/srcpkgs/nss/template
index c755eb7fa33..635e67a610e 100644
--- a/srcpkgs/nss/template
+++ b/srcpkgs/nss/template
@@ -3,8 +3,8 @@
_nsprver=4.29
pkgname=nss
-version=3.58
-revision=2
+version=3.59
+revision=1
hostmakedepends="perl"
makedepends="nspr-devel sqlite-devel zlib-devel"
depends="nspr>=${_nsprver}"
@@ -13,7 +13,7 @@ maintainer="Đoàn Trần Công Danh <congdanhqx@gmail.com>"
license="MPL-2.0"
homepage="https://www.mozilla.org/projects/security/pki/nss"
distfiles="${MOZILLA_SITE}/security/nss/releases/NSS_${version//\./_}_RTM/src/nss-${version}.tar.gz"
-checksum=9f73cf789b5f109b978e5239551b609b0cafa88d18f0bc8ce3f976cb629353c0
+checksum=e6298174caa8527beacdc2858f77ed098d7047c1792846040e27e420fed0ce24
export NS_USE_GCC=1
export LIBRUNPATH=
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PR PATCH] [Merged]: nss: update to 3.59.
2020-11-21 2:31 [PR PATCH] nss: update to 3.59 sgn
@ 2020-11-21 5:42 ` sgn
0 siblings, 0 replies; 2+ messages in thread
From: sgn @ 2020-11-21 5:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 154 bytes --]
There's a merged pull request on the void-packages repository
nss: update to 3.59.
https://github.com/void-linux/void-packages/pull/26548
Description:
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-21 5:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-21 2:31 [PR PATCH] nss: update to 3.59 sgn
2020-11-21 5:42 ` [PR PATCH] [Merged]: " sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).