CVE-2009-3555 TLS: MITM attacks via session renegotiation

2009-12-08 18:47:47 +00:00 · 2009-12-08 18:47:47 +00:00 · 8ac6baa628
parent f3c535575e
commit 8ac6baa628
4 changed files with 32 additions and 5 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,2 +1,2 @@
-nss-3.12.4-stripped.tar.bz2
+nss-3.12.5-stripped.tar.bz2
 nss-pem-20090907.tar.bz2
--- a/533125-ammend.patch
+++ b/533125-ammend.patch
@ -0,0 +1,23 @@
+Index: mozilla/security/nss/lib/ssl/ssl3con.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
+retrieving revision 1.121
+diff -u -p -r1.121 ssl3con.c
+--- mozilla/security/nss/lib/ssl/ssl3con.c	12 Nov 2009 05:08:27 -0000	1.121
+++ mozilla/security/nss/lib/ssl/ssl3con.c	20 Nov 2009 19:36:30 -0000
+@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
+ 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
+ 	return SECFailure;
+     }
+    /*
+     if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
+ 	ssl_GetXmitBufLock(ss);
+ 	rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
+@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
+ 	PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+ 	return SECFailure;
+     }
+    */
+ 
+     if (sid) {
+ 	ss->sec.uncache(sid);
--- a/nss.spec
+++ b/nss.spec
@ -13,8 +13,8 @@

 Summary:          Network Security Services
 Name:             nss
-Version:          3.12.4
-Release:          3%{?dist}
+Version:          3.12.5
+Release:          1%{?dist}.3
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -42,6 +42,7 @@ Source12:         %{name}-pem-20090907.tar.bz2

 Patch2:           nss-nolocalsql.patch
 Patch6:           nss-enable-pem.patch
+Patch7:           533125-ammend.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -110,7 +111,7 @@ low level services.

 %patch2 -p0
 %patch6 -p0 -b .libpem
-
+%patch7 -p0 -b .533125

 %build

@ -471,6 +472,9 @@ done


 %changelog
+* Fri Dec 06 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1
+- Update to 3.12.5
+
 * Thu Sep 17 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-3
 - Add nssdbm3.so to nss-prelink.conf, rhbz#524075

--- a/2
+++ b/2
@ -1,2 +1,2 @@
-954834f7b173bdab366a19880c671c39  nss-3.12.4-stripped.tar.bz2
+51c5958153b6c01fada2e74cedc66835  nss-3.12.5-stripped.tar.bz2
 895ef804e11c14868e86df80c2dd9b66  nss-pem-20090907.tar.bz2