#7105: nss-3.21
-------------------------+---------------------
Reporter: fo | Owner: fo
Type: enhancement | Status: closed
Priority: highest | Milestone: 7.9
Component: BOOK | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+---------------------
Changes (by fo):
* priority: normal => highest
Old description:
> No explicit security info in the release notes (which are still a
> draft). That is the reason I did not tag as high priority, but will
> modify later, even after ticket is closed (if I remember), if the final
> upstream page includes any vulnerability being fixed.
>
> [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_RTM/src/nss-3.21.tar.gz]
>
> [https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_21_RTM/src/SHA1SUMS]
>
> d4bbbd72b967443e8b65f504cdd157e3df93a84a nss-3.21.tar.gz
>
> [https://developer.mozilla.org/en-
> US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes]
>
> {{{
> NSS 3.21 release notes
>
> by 3 contributors:
>
> m_t kwilson kaie
>
> In This Article
>
> DRAFT (remove line when document is finished)
> Introduction
> Distribution Information
> New in NSS 3.21
> New Functionality
> New Functions
> New Types
> New Macros
> Notable Changes in NSS 3.21
> Bugs fixed in NSS 3.21
> Compatibility
> Feedback
>
> This article is in need of a technical review.
>
> This article is in need of an editorial review.
> DRAFT (remove line when document is finished)
> Introduction
>
> The NSS team has released Network Security Services (NSS) 3.21, which is
> a minor release.
>
> Distribution Information
>
> The HG tag is NSS_3_21_RTM. NSS 3.21 requires NSPR 4.10.10 or newer.
>
> New in NSS 3.21
>
> New Functionality
>
> • certutil now supports a --rename option to change a nickname (bug
> 1142209)
> • TLS extended master secret extension (RFC 7627) is supported (bug
> 1117022)
> • New info functions added for use during mid-handshake callbacks
> (bug 1084669)
>
> New Functions
>
> • in nss.h
> ◦ NSS_OptionSet - sets NSS global options
> ◦ NSS_OptionGet - gets the current value of NSS global options
>
> • in secmod.h
> ◦ SECMOD_CreateModuleEx - Create a new SECMODModule structure
> from module name string, module parameters string, NSS
> specific parameters string, and NSS configuration parameter
> string. The module represented by the module structure is not
> loaded. The difference with SECMOD_CreateModule is the new
> function handles NSS configuration parameter strings.
>
> • in ssl.h
> ◦ SSL_GetPreliminaryChannelInfo - obtains information about a
> TLS channel prior to the handshake being completed, for use
> with the callbacks that are invoked during the handshake
> ◦ SSL_SignaturePrefSet - configures the enabled signature and
> hash algorithms for TLS
> ◦ SSL_SignaturePrefGet - retrieves the currently configured
> signature and hash algorithms
> ◦ SSL_SignatureMaxCount - obtains the maximum number signature
> algorithms that can be configured with SSL_SignaturePrefSet
>
> • in utilpars.h
> ◦ NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks
> it into shared library string, module name string, module
> parameters string, NSS specific parameters string, and NSS
> configuration parameter strings. The returned strings must be
> freed by the caller. The difference with
> NSS_ArgParseModuleSpec is the new function handles NSS
> configuration parameter strings.
> ◦ NSSUTIL_MkModuleSpecEx - take a shared library string, module
> name string, module parameters string, NSS specific parameters
> string, and NSS configuration parameter string and returns a
> module string which the caller must free when it is done. The
> difference with NSS_MkModuleSpec is the new function handles
> NSS configuration parameter strings.
>
> New Types
>
> • in pkcs11t.h
> ◦ CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or
> pointer} for CKM_TLS12_MASTER_KEY_DERIVE
> ◦ CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
> CKM_TLS12_KEY_AND_MAC_DERIVE
> ◦ CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for
> CKM_TLS_KDF
> ◦ CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for
> CKM_TLS_MAC
>
> • in sslt.h
> ◦ SSLHashType - identifies a hash function
> ◦ SSLSignatureAndHashAlg - identifies a signature and hash
> function
> ◦ SSLPreliminaryChannelInfo - provides information about the
> session state prior to handshake completion
>
> New Macros
>
> • in nss.h
> ◦ NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and
> NSS_OptionGet to set or get the minimum RSA key size
> ◦ NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and
> NSS_OptionGet to set or get the minimum DH key size
> ◦ NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and
> NSS_OptionGet to set or get the minimum DSA key size
>
> • in pkcs11t.h
> ◦ CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
> ◦ CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and
> IV
> ◦ CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret
> for DH (and ECDH) cipher suites
> ◦ CKM_TLS12_KEY_SAFE_DERIVE - ??? unused
> ◦ CKM_TLS_MAC - computes TLS Finished MAC
> ◦ CKM_TLS_KDF - ??? unused
>
> • in secoidt.h
> ◦ NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are
> used in TLS key exchange
>
> • in sslerr.h
> ◦ SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to
> include a complete DTLS record in a UDP packet
> ◦ SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for
> when no valid signature and hash algorithm is available
> ◦ SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for
> when an unsupported signature and hash algorithm is configured
> ◦ SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when
> the extended master secret is missing after having been
> negotiated
> ◦ SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for
> receiving an extended master secret when previously not
> negotiated
>
> • in sslt.h
> ◦ SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable
> the TLS extended master secret extension (RFC 7627)
> ◦ ssl_preinfo_version - used with SSLPreliminaryChannelInfo to
> indicate that a TLS version has been selected
> ◦ ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo
> to indicate that a TLS cipher suite has been selected
> ◦ ssl_preinfo_all - used with SSLPreliminaryChannelInfo to
> indicate that all preliminary information has been set
>
> Notable Changes in NSS 3.21
>
> • NSS now builds with elliptic curve ciphers enabled by default (bug
> 1205688)
> • NSS now builds with warnings as errors (bug 1182667)
> • The following CA certificates were Removed
> ◦ CN = VeriSign Class 4 Public Primary Certification Authority -
> G3
> ◦ SHA1 Fingerprint:
> C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
> ◦ CN = UTN-USERFirst-Network Applications
> ◦ SHA1 Fingerprint:
> 5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
> ◦ CN = TC TrustCenter Universal CA III
> ◦ SHA1 Fingerprint:
> 96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87
> ◦ CN = A-Trust-nQual-03
> ◦ SHA-1 Fingerprint:
> D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2
> ◦ CN = USERTrust Legacy Secure Server CA
> ◦ SHA-1 Fingerprint:
> 7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
> ◦ Friendly Name: Digital Signature Trust Co. Global CA 1
> ◦ SHA-1 Fingerprint:
> 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
> ◦ Friendly Name: Digital Signature Trust Co. Global CA 3
> ◦ SHA-1 Fingerprint:
> AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
> ◦ CN = UTN - DATACorp SGC
> ◦ SHA-1 Fingerprint:
> 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
> ◦ O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri
> A.Ş. (c) Kasım 2005
> ◦ SHA-1 Fingerprint:
> B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
> • The following CA certificate had the Websites trust bit turned off
> ◦ OU = Equifax Secure Certificate Authority
> ◦ SHA1 Fingerprint:
> D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
> • The following CA certificates were Added
> ◦ CN = Certification Authority of WoSign G2
> ◦ SHA1 Fingerprint:
> FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
> ◦ CN = CA WoSign ECC Root
> ◦ SHA1 Fingerprint:
> D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
> ◦ CN = OISTE WISeKey Global Root GB CA
> ◦ SHA1 Fingerprint:
> 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED
>
> Bugs fixed in NSS 3.21
>
> This Bugzilla query returns all the bugs fixed in NSS 3.21
>
> https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.21
>
> Compatibility
>
> NSS 3.21 shared libraries are backward compatible with all older NSS 3.x
> shared libraries. A program linked with older NSS 3.x shared libraries
> will work with NSS 3.21 shared libraries without recompiling or
> relinking. Furthermore, applications that restrict their use of NSS APIs
> to the functions listed in NSS Public Functions will remain compatible
> with future versions of the NSS shared libraries.
> }}}
New description:
== This release includes security fix ==
'''CVE-2015-7575''' - Prevent MD5 Downgrade in TLS 1.2 Signatures.
EDIT:
''NSS 3.21 release notes'' has been updated, so I changed the priority
[https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_RTM/src/nss-3.21.tar.gz]
[https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_21_RTM/src/SHA1SUMS]
d4bbbd72b967443e8b65f504cdd157e3df93a84a nss-3.21.tar.gz
[https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes]
Modified:
{{{
NSS 3.21 release notes
In This Article
...
Security Fixes in NSS 3.21
...
2016-01-07, this page has been updated to include additional information
about the release. The sections "Security Fixes" and "Acknowledgements"
have been added.
Introduction
The NSS team has released Network Security Services (NSS) 3.21, which is
a minor release.
Distribution Information
The HG tag is NSS_3_21_RTM. NSS 3.21 requires NSPR 4.10.10 or newer.
Security Fixes in NSS 3.21
• Bug 1158489 / CVE-2015-7575 - Prevent MD5 Downgrade in TLS 1.2
Signatures.
New in NSS 3.21
New Functionality
• certutil now supports a --rename option to change a nickname (bug
1142209)
• TLS extended master secret extension (RFC 7627) is supported (bug
1117022)
• New info functions added for use during mid-handshake callbacks
(bug 1084669)
New Functions
• in nss.h
◦ NSS_OptionSet - sets NSS global options
◦ NSS_OptionGet - gets the current value of NSS global options
• in secmod.h
◦ SECMOD_CreateModuleEx - Create a new SECMODModule structure
from module name string, module parameters string, NSS
specific parameters string, and NSS configuration parameter
string. The module represented by the module structure is not
loaded. The difference with SECMOD_CreateModule is the new
function handles NSS configuration parameter strings.
• in ssl.h
◦ SSL_GetPreliminaryChannelInfo - obtains information about a
TLS channel prior to the handshake being completed, for use
with the callbacks that are invoked during the handshake
◦ SSL_SignaturePrefSet - configures the enabled signature and
hash algorithms for TLS
◦ SSL_SignaturePrefGet - retrieves the currently configured
signature and hash algorithms
◦ SSL_SignatureMaxCount - obtains the maximum number signature
algorithms that can be configured with SSL_SignaturePrefSet
• in utilpars.h
◦ NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks
it into shared library string, module name string, module
parameters string, NSS specific parameters string, and NSS
configuration parameter strings. The returned strings must be
freed by the caller. The difference with
NSS_ArgParseModuleSpec is the new function handles NSS
configuration parameter strings.
◦ NSSUTIL_MkModuleSpecEx - take a shared library string, module
name string, module parameters string, NSS specific parameters
string, and NSS configuration parameter string and returns a
module string which the caller must free when it is done. The
difference with NSS_MkModuleSpec is the new function handles
NSS configuration parameter strings.
New Types
• in pkcs11t.h
◦ CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or
pointer} for CKM_TLS12_MASTER_KEY_DERIVE
◦ CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS12_KEY_AND_MAC_DERIVE
◦ CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS_KDF
◦ CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for
CKM_TLS_MAC
• in sslt.h
◦ SSLHashType - identifies a hash function
◦ SSLSignatureAndHashAlg - identifies a signature and hash
function
◦ SSLPreliminaryChannelInfo - provides information about the
session state prior to handshake completion
New Macros
• in nss.h
◦ NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and
NSS_OptionGet to set or get the minimum RSA key size
◦ NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and
NSS_OptionGet to set or get the minimum DH key size
◦ NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and
NSS_OptionGet to set or get the minimum DSA key size
• in pkcs11t.h
◦ CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
◦ CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and
IV
◦ CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret
for DH (and ECDH) cipher suites
◦ CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for
additional PKCS#12 mechanisms for TLS 1.2 that are currently
unused in NSS.
◦ CKM_TLS_MAC - computes TLS Finished MAC
• in secoidt.h
◦ NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are
used in TLS key exchange
• in sslerr.h
◦ SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to
include a complete DTLS record in a UDP packet
◦ SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for
when no valid signature and hash algorithm is available
◦ SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for
when an unsupported signature and hash algorithm is configured
◦ SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when
the extended master secret is missing after having been
negotiated
◦ SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for
receiving an extended master secret when previously not
negotiated
• in sslt.h
◦ SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable
the TLS extended master secret extension (RFC 7627)
◦ ssl_preinfo_version - used with SSLPreliminaryChannelInfo to
indicate that a TLS version has been selected
◦ ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo
to indicate that a TLS cipher suite has been selected
◦ ssl_preinfo_all - used with SSLPreliminaryChannelInfo to
indicate that all preliminary information has been set
Notable Changes in NSS 3.21
• NSS now builds with elliptic curve ciphers enabled by default (bug
1205688)
• NSS now builds with warnings as errors (bug 1182667)
• The following CA certificates were Removed
◦ CN = VeriSign Class 4 Public Primary Certification Authority -
G3
▪ SHA1 Fingerprint:
C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
◦ CN = UTN-USERFirst-Network Applications
▪ SHA1 Fingerprint:
5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
◦ CN = TC TrustCenter Universal CA III
▪ SHA1 Fingerprint:
96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87
◦ CN = A-Trust-nQual-03
▪ SHA-1 Fingerprint:
D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2
◦ CN = USERTrust Legacy Secure Server CA
▪ SHA-1 Fingerprint:
7C:2F:91:E2:BB:96:68:A9:C6:F6:BD:10:19:2C:6B:52:5A:1B:BA:48
◦ Friendly Name: Digital Signature Trust Co. Global CA 1
▪ SHA-1 Fingerprint:
81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
◦ Friendly Name: Digital Signature Trust Co. Global CA 3
▪ SHA-1 Fingerprint:
AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
◦ CN = UTN - DATACorp SGC
▪ SHA-1 Fingerprint:
58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
◦ O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri
A.Ş. (c) Kasım 2005
▪ SHA-1 Fingerprint:
B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
• The following CA certificate had the Websites trust bit turned off
◦ OU = Equifax Secure Certificate Authority
▪ SHA1 Fingerprint:
D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
• The following CA certificates were Added
◦ CN = Certification Authority of WoSign G2
▪ SHA1 Fingerprint:
FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
◦ CN = CA WoSign ECC Root
▪ SHA1 Fingerprint:
D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
◦ CN = OISTE WISeKey Global Root GB CA
▪ SHA1 Fingerprint:
0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED
• The version number of the updated root CA list has been set to 2.6
Bugs fixed in NSS 3.21
This Bugzilla query returns all the bugs fixed in NSS 3.21:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.21
...
Compatibility
NSS 3.21 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.21 shared libraries without recompiling or
relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
}}}
--
Comment:
Fixed.
Thanks.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/7105#comment:5>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
