starlingx/tools
Code Issues Proposed changes

nss: fix CVE-2021-43527

Browse Source 
nss is vulnerable to a heap overflow when handling DER-encoded
DSA or RSA-PSS signatures.  We update nss packages and nspr to
the latest centos7 versions.

*** Testing ***
To be sure we will work with existing databases, before updating,
create a database.

$ mkdir arf
$ echo "Pword22*" > arf/pass.
$ certutil -N -d arf -f arf/pass
$ certutil -G -d arf -f arf/pass   # put a key pair in the database

Save the arf directory.  Install an iso with the updated nss packages.
Import arf.  Then...

$ certutil -K -d arf -f arf/pass   # display the keyID
$ certutil -G -d arf -f arf/pass   # add a key
$ certutil -K -d arf -f arf/pass   # display both keyID's
***

Closes-bug: 1957929
Change-Id: I960e42d1e361dace4443d6a052fe06206c6675dd
Signed-off-by: Joe Slater <joe.slater@windriver.com>
This commit is contained in:
Joe Slater
2022-01-18 14:16:18 -05:00
parent d07b53efbc
commit 4840fc1bda
8 changed files with 41 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
centos-mirror-tools/config/centos/distro/rpms_centos.lst
View File

@@ -597,15 +597,15 @@ newt-0.52.15-4.el7.x86_64.rpm
newt-devel-0.52.15-4.el7.x86_64.rpm
nfs-utils-1.3.0-0.61.el7.x86_64.rpm
nmap-ncat-6.40-16.el7.x86_64.rpm
# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock
nss-devel-3.53.1-3.el7_9.x86_64.rpm
# nspr-4.32.0-1.el7_9.x86_64.rpm provided by mock
nspr-devel-4.32.0-1.el7_9.x86_64.rpm
# nss-3.67.0-4.el7_9.x86_64.rpm provided by mock
nss-devel-3.67.0-4.el7_9.x86_64.rpm
# nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock
# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
# nss-sysinit-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-tools-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-util-3.67.0-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.67.0-1.el7_9.x86_64.rpm
numactl-devel-2.0.9-7.el7.x86_64.rpm
numactl-libs-2.0.9-7.el7.x86_64.rpm
nvme-cli-1.8.1-3.el7.x86_64.rpm

8
centos-mirror-tools/config/centos/distro/rpms_centos3rdparties.lst
View File

@@ -52,10 +52,10 @@ mesa-libglapi-18.0.5-3.el7.x86_64.rpm
mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm
NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm
NetworkManager-glib-devel-1.12.0-8.el7_6.x86_64.rpm
# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.67.0-3.el7_9.x86_64.rpm
# nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.67.0-3.el7_9.x86_64.rpm
# openldap-2.4.44-20.el7.x86_64.rpm provided by mock
policycoreutils-2.5-29.el7.x86_64.rpm
policycoreutils-devel-2.5-29.el7.x86_64.rpm