CVE-2009-3555 TLS: MITM attacks via session renegotiation
This commit is contained in:
parent
f3c535575e
commit
8ac6baa628
|
@ -1,2 +1,2 @@
|
|||
nss-3.12.4-stripped.tar.bz2
|
||||
nss-3.12.5-stripped.tar.bz2
|
||||
nss-pem-20090907.tar.bz2
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
Index: mozilla/security/nss/lib/ssl/ssl3con.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
|
||||
retrieving revision 1.121
|
||||
diff -u -p -r1.121 ssl3con.c
|
||||
--- mozilla/security/nss/lib/ssl/ssl3con.c 12 Nov 2009 05:08:27 -0000 1.121
|
||||
+++ mozilla/security/nss/lib/ssl/ssl3con.c 20 Nov 2009 19:36:30 -0000
|
||||
@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
|
||||
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
|
||||
return SECFailure;
|
||||
}
|
||||
+ /*
|
||||
if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
|
||||
ssl_GetXmitBufLock(ss);
|
||||
rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
|
||||
@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
|
||||
PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
|
||||
return SECFailure;
|
||||
}
|
||||
+ */
|
||||
|
||||
if (sid) {
|
||||
ss->sec.uncache(sid);
|
10
nss.spec
10
nss.spec
|
@ -13,8 +13,8 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.12.4
|
||||
Release: 3%{?dist}
|
||||
Version: 3.12.5
|
||||
Release: 1%{?dist}.3
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -42,6 +42,7 @@ Source12: %{name}-pem-20090907.tar.bz2
|
|||
|
||||
Patch2: nss-nolocalsql.patch
|
||||
Patch6: nss-enable-pem.patch
|
||||
Patch7: 533125-ammend.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -110,7 +111,7 @@ low level services.
|
|||
|
||||
%patch2 -p0
|
||||
%patch6 -p0 -b .libpem
|
||||
|
||||
%patch7 -p0 -b .533125
|
||||
|
||||
%build
|
||||
|
||||
|
@ -471,6 +472,9 @@ done
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Dec 06 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1
|
||||
- Update to 3.12.5
|
||||
|
||||
* Thu Sep 17 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-3
|
||||
- Add nssdbm3.so to nss-prelink.conf, rhbz#524075
|
||||
|
||||
|
|
Loading…
Reference in New Issue