diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-21 04:09:04 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-21 21:27:59 +0100 |
| commit | 1a9b272c0946ff1d30bba0effb949d5e16dcf5c4 (patch) | |
| tree | 70cd40e392489457e919cb922cd5ef1f2dd813c4 /pkgs/development/libraries/nss | |
| parent | 1bb80801eb8c504575c45a2f44f41d3548b76c5a (diff) | |
| download | nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar.gz nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar.bz2 nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar.lz nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar.xz nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.tar.zst nixpkgs-1a9b272c0946ff1d30bba0effb949d5e16dcf5c4.zip | |
nss: 3.22.2 -> 3.23 (security)
Fixes CVE-2016-1950. See: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Diffstat (limited to 'pkgs/development/libraries/nss')
| -rw-r--r-- | pkgs/development/libraries/nss/85_security_load.patch | 47 | ||||
| -rw-r--r-- | pkgs/development/libraries/nss/default.nix | 6 |
2 files changed, 28 insertions, 25 deletions
diff --git a/pkgs/development/libraries/nss/85_security_load.patch b/pkgs/development/libraries/nss/85_security_load.patch index 3e51e290887..632cc418425 100644 --- a/pkgs/development/libraries/nss/85_security_load.patch +++ b/pkgs/development/libraries/nss/85_security_load.patch @@ -1,7 +1,8 @@ -diff -ru nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c nss-3.16/nss/cmd/shlibsign/shlibsign.c ---- nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c 2014-03-14 21:31:59.000000000 +0100 -+++ nss-3.16/nss/cmd/shlibsign/shlibsign.c 2014-04-22 14:50:31.340743655 +0200 -@@ -852,6 +852,8 @@ +diff --git a/nss/cmd/shlibsign/shlibsign.c b/nss/cmd/shlibsign/shlibsign.c +index 63a4836..a128c1d 100644 +--- a/nss/cmd/shlibsign/shlibsign.c ++++ b/nss/cmd/shlibsign/shlibsign.c +@@ -862,6 +862,8 @@ int main(int argc, char **argv) libname = PR_GetLibraryName(NULL, "softokn3"); assert(libname != NULL); lib = PR_LoadLibrary(libname); @@ -10,21 +11,22 @@ diff -ru nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c nss-3.16/nss/cmd/shlibsign/ assert(lib != NULL); PR_FreeLibraryName(libname); -Only in nss-3.16/nss/cmd/shlibsign: shlibsign.c.orig -diff -ru nss-3.16-orig/nss/coreconf/config.mk nss-3.16/nss/coreconf/config.mk ---- nss-3.16-orig/nss/coreconf/config.mk 2014-03-14 21:31:59.000000000 +0100 -+++ nss-3.16/nss/coreconf/config.mk 2014-04-22 14:50:51.302731097 +0200 -@@ -188,3 +188,6 @@ - - # Hide old, deprecated, TLS cipher suite names when building NSS - DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES +diff --git a/nss/coreconf/config.mk b/nss/coreconf/config.mk +index 61d757b..b58a98b 100644 +--- a/nss/coreconf/config.mk ++++ b/nss/coreconf/config.mk +@@ -205,3 +205,6 @@ $(error Setting NSS_ENABLE_TLS_1_3 and NSS_DISABLE_ECC isn't a good idea.) + endif + DEFINES += -DNSS_ENABLE_TLS_1_3 + endif + +# Nix specific stuff. +DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" -diff -ru nss-3.16-orig/nss/lib/pk11wrap/pk11load.c nss-3.16/nss/lib/pk11wrap/pk11load.c ---- nss-3.16-orig/nss/lib/pk11wrap/pk11load.c 2014-03-14 21:31:59.000000000 +0100 -+++ nss-3.16/nss/lib/pk11wrap/pk11load.c 2014-04-22 14:50:22.164749330 +0200 -@@ -406,6 +406,13 @@ +diff --git a/nss/lib/pk11wrap/pk11load.c b/nss/lib/pk11wrap/pk11load.c +index 5c5d2ca..026e528 100644 +--- a/nss/lib/pk11wrap/pk11load.c ++++ b/nss/lib/pk11wrap/pk11load.c +@@ -429,6 +429,13 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { * unload the library if anything goes wrong from here on out... */ library = PR_LoadLibrary(mod->dllName); @@ -38,10 +40,11 @@ diff -ru nss-3.16-orig/nss/lib/pk11wrap/pk11load.c nss-3.16/nss/lib/pk11wrap/pk1 mod->library = (void *)library; if (library == NULL) { -diff -ru nss-3.16-orig/nss/lib/util/secload.c nss-3.16/nss/lib/util/secload.c ---- nss-3.16-orig/nss/lib/util/secload.c 2014-03-14 21:31:59.000000000 +0100 -+++ nss-3.16/nss/lib/util/secload.c 2014-04-22 14:50:31.342743654 +0200 -@@ -69,9 +69,14 @@ +diff --git a/nss/lib/util/secload.c b/nss/lib/util/secload.c +index eb8a9ec..f94f67d 100644 +--- a/nss/lib/util/secload.c ++++ b/nss/lib/util/secload.c +@@ -69,9 +69,14 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name) /* Remove the trailing filename from referencePath and add the new one */ c = strrchr(referencePath, PR_GetDirectorySeparator()); @@ -57,7 +60,7 @@ diff -ru nss-3.16-orig/nss/lib/util/secload.c nss-3.16/nss/lib/util/secload.c if (fullName) { memcpy(fullName, referencePath, referencePathSize); strcpy(fullName + referencePathSize, name); -@@ -81,6 +86,11 @@ +@@ -81,6 +86,11 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name) #endif libSpec.type = PR_LibSpec_Pathname; libSpec.value.pathname = fullName; @@ -69,7 +72,7 @@ diff -ru nss-3.16-orig/nss/lib/util/secload.c nss-3.16/nss/lib/util/secload.c dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL #ifdef PR_LD_ALT_SEARCH_PATH /* allow library's dependencies to be found in the same directory -@@ -88,6 +98,10 @@ +@@ -88,6 +98,10 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name) | PR_LD_ALT_SEARCH_PATH #endif ); diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 060aa20967f..e8be7299952 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -11,11 +11,11 @@ let in stdenv.mkDerivation rec { name = "nss-${version}"; - version = "3.22.2"; + version = "3.23"; src = fetchurl { - url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_2_RTM/src/${name}.tar.gz"; - sha256 = "0l1n5mwgqkcwfh10hizdv0vfj6gg9i4zip021wh33b17qn3r5m07"; + url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_23_RTM/src/${name}.tar.gz"; + sha256 = "1kqidv91icq96m9m8zx50n7px08km2l88458rkgyjwcn3kiq7cwl"; }; buildInputs = [ nspr perl zlib sqlite ]; |