This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch geckoview-99.0.1-11.0-1 in repository tor-browser.
commit b6f3a4ba95c52b0d969db13ce7742eb917093a01 Author: John Schanck jschanck@mozilla.com AuthorDate: Mon Mar 28 16:55:14 2022 +0000
Bug 1761497 - land NSS NSS_3_76_1_RTM UPGRADE_NSS_RELEASE, r=djackson a=dmeehan
2022-03-25 John M. Schanck jschanck@mozilla.com
* doc/rst/releases/nss_3_76_1.rst: Release notes for NSS 3.76.1 [0e6c67470eed] [NSS_3_76_1_RTM] <NSS_3_76_1_BRANCH>
2022-03-23 John M. Schanck jschanck@mozilla.com
* lib/dev/dev.h, lib/dev/devslot.c, lib/dev/devt.h, lib/dev/devtoken.c, lib/pk11wrap/dev3hack.c: Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea
[41966ff1253b] <NSS_3_76_1_BRANCH>
2022-03-25 John M. Schanck jschanck@mozilla.com
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.76.1 final [48ff4cd9bada] <NSS_3_76_1_BRANCH>
2022-03-03 Dennis Jackson djackson@mozilla.com
* .hgtags: Added tag NSS_3_76_RTM for changeset b5b9832a3898 [c0f05af06d3c] <NSS_3_76_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D142226 --- security/nss/TAG-INFO | 2 +- security/nss/coreconf/coreconf.dep | 1 + security/nss/doc/rst/releases/nss_3_76_1.rst | 68 ++++++++++++++++++++++++++ security/nss/lib/dev/dev.h | 5 -- security/nss/lib/dev/devslot.c | 73 +++++++++++++++------------- security/nss/lib/dev/devt.h | 1 - security/nss/lib/dev/devtoken.c | 7 --- security/nss/lib/nss/nss.h | 4 +- security/nss/lib/pk11wrap/dev3hack.c | 19 -------- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/util/nssutil.h | 4 +- 11 files changed, 116 insertions(+), 72 deletions(-)
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 90ac9f28043f1..2e161b0a8c6cb 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_76_RTM \ No newline at end of file +NSS_3_76_1_RTM \ No newline at end of file diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552c81..590d1bfaeee3f 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */
#error "Do not include this header file." + diff --git a/security/nss/doc/rst/releases/nss_3_76_1.rst b/security/nss/doc/rst/releases/nss_3_76_1.rst new file mode 100644 index 0000000000000..2aee3ef12e9d8 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_76_1.rst @@ -0,0 +1,68 @@ +.. _mozilla_projects_nss_nss_3_76_1_release_notes: + +NSS 3.76.1 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.76.1 was released on **28 March 2022**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_76_1_RTM. NSS 3.76.1 requires NSPR 4.32 or newer. + + NSS 3.76.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_1_RTM... + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.76.1: + +`Changes in NSS 3.76.1 <#changes_in_nss_3.76.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1756271 - Remove token member from NSSSlot struct. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.76.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This release improves the stability of NSS when used in a multi-threaded + environment. In particular, it fixes memory safety violations that can occur + when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume + that with enough effort these memory safety violations are exploitable. + diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index 26ac8957e9102..6430511442796 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -146,7 +146,6 @@ nssModule_GetCertOrder( * nssSlot_Destroy * nssSlot_AddRef * nssSlot_GetName - * nssSlot_GetTokenName * nssSlot_IsTokenPresent * nssSlot_IsPermanent * nssSlot_IsFriendly @@ -176,10 +175,6 @@ NSS_EXTERN NSSUTF8 * nssSlot_GetName( NSSSlot *slot);
-NSS_EXTERN NSSUTF8 * -nssSlot_GetTokenName( - NSSSlot *slot); - NSS_EXTERN NSSModule * nssSlot_GetModule( NSSSlot *slot); diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c index 5021408bf06f2..ccd90ac9729d6 100644 --- a/security/nss/lib/dev/devslot.c +++ b/security/nss/lib/dev/devslot.c @@ -12,7 +12,9 @@ #include "ckhelper.h" #endif /* CKHELPER_H */
-#include "pk11pub.h" +#include "pkim.h" +#include "dev3hack.h" +#include "pk11func.h"
/* measured in seconds */ #define NSSSLOT_TOKEN_DELAY_TIME 1 @@ -79,13 +81,6 @@ nssSlot_GetName( return slot->base.name; }
-NSS_IMPLEMENT NSSUTF8 * -nssSlot_GetTokenName( - NSSSlot *slot) -{ - return nssToken_GetName(slot->token); -} - NSS_IMPLEMENT void nssSlot_ResetDelay( NSSSlot *slot) @@ -123,11 +118,13 @@ nssSlot_IsTokenPresent( { CK_RV ckrv; PRStatus nssrv; + NSSToken *nssToken = NULL; /* XXX */ nssSession *session; CK_SLOT_INFO slotInfo; void *epv; PRBool isPresent = PR_FALSE; + PRBool doUpdateCachedCerts = PR_FALSE;
/* permanent slots are always present unless they're disabled */ if (nssSlot_IsPermanent(slot)) { @@ -169,23 +166,24 @@ nssSlot_IsTokenPresent(
PZ_Unlock(slot->isPresentLock);
+ nssToken = PK11Slot_GetNSSToken(slot->pk11slot); + if (!nssToken) { + isPresent = PR_FALSE; + goto done; + } + nssSlot_EnterMonitor(slot); ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo); nssSlot_ExitMonitor(slot); if (ckrv != CKR_OK) { - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ isPresent = PR_FALSE; goto done; } slot->ckFlags = slotInfo.flags; /* check for the presence of the token */ if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) { - if (!slot->token) { - /* token was never present */ - isPresent = PR_FALSE; - goto done; - } - session = nssToken_GetDefaultSession(slot->token); + session = nssToken_GetDefaultSession(nssToken); if (session) { nssSession_EnterMonitor(session); /* token is not present */ @@ -197,21 +195,21 @@ nssSlot_IsTokenPresent( } nssSession_ExitMonitor(session); } - if (slot->token->base.name[0] != 0) { + if (nssToken->base.name[0] != 0) { /* notify the high-level cache that the token is removed */ - slot->token->base.name[0] = 0; /* XXX */ - nssToken_NotifyCertsNotVisible(slot->token); + nssToken->base.name[0] = 0; /* XXX */ + nssToken_NotifyCertsNotVisible(nssToken); } - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ /* clear the token cache */ - nssToken_Remove(slot->token); + nssToken_Remove(nssToken); isPresent = PR_FALSE; goto done; } /* token is present, use the session info to determine if the card * has been removed and reinserted. */ - session = nssToken_GetDefaultSession(slot->token); + session = nssToken_GetDefaultSession(nssToken); if (session) { PRBool tokenRemoved; nssSession_EnterMonitor(session); @@ -237,17 +235,31 @@ nssSlot_IsTokenPresent( * a token it doesn't recognize. invalidate all the old * information we had on this token, if we can't refresh, clear * the present flag */ - nssToken_NotifyCertsNotVisible(slot->token); - nssToken_Remove(slot->token); - /* token has been removed, need to refresh with new session */ - nssrv = nssSlot_Refresh(slot); - isPresent = PR_TRUE; + nssToken_NotifyCertsNotVisible(nssToken); + nssToken_Remove(nssToken); + if (nssToken->base.name[0] == 0) { + doUpdateCachedCerts = PR_TRUE; + } + if (PK11_InitToken(slot->pk11slot, PR_FALSE) != SECSuccess) { + isPresent = PR_FALSE; + goto done; + } + if (doUpdateCachedCerts) { + nssTrustDomain_UpdateCachedTokenCerts(nssToken->trustDomain, + nssToken); + } + nssrv = nssToken_Refresh(nssToken); if (nssrv != PR_SUCCESS) { - slot->token->base.name[0] = 0; /* XXX */ + nssToken->base.name[0] = 0; /* XXX */ slot->ckFlags &= ~CKF_TOKEN_PRESENT; isPresent = PR_FALSE; + goto done; } + isPresent = PR_TRUE; done: + if (nssToken) { + (void)nssToken_Destroy(nssToken); + } /* Once we've set up the condition variable, * Before returning, it's necessary to: * 1) Set the lastTokenPingTime so that any other threads waiting on this @@ -283,12 +295,7 @@ nssSlot_GetToken( NSSToken *rvToken = NULL;
if (nssSlot_IsTokenPresent(slot)) { - /* Even if a token should be present, check `slot->token` too as it - * might be gone already. This would happen mostly on shutdown. */ - nssSlot_EnterMonitor(slot); - if (slot->token) - rvToken = nssToken_AddRef(slot->token); - nssSlot_ExitMonitor(slot); + rvToken = PK11Slot_GetNSSToken(slot->pk11slot); }
return rvToken; diff --git a/security/nss/lib/dev/devt.h b/security/nss/lib/dev/devt.h index 06a57ad05b19b..19af26f08177e 100644 --- a/security/nss/lib/dev/devt.h +++ b/security/nss/lib/dev/devt.h @@ -81,7 +81,6 @@ typedef enum { struct NSSSlotStr { struct nssDeviceBaseStr base; NSSModule *module; /* Parent */ - NSSToken *token; /* Peer */ CK_SLOT_ID slotID; CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */ struct nssSlotAuthInfoStr authInfo; diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index a7dbffc1a41f2..5e65dfdb1b555 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -32,13 +32,6 @@ nssToken_Destroy( PK11_FreeSlot(tok->pk11slot); PZ_DestroyLock(tok->base.lock); nssTokenObjectCache_Destroy(tok->cache); - - /* We're going away, let the nssSlot know in case it's held - * alive by someone else. Usually we should hold the last ref. */ - nssSlot_EnterMonitor(tok->slot); - tok->slot->token = NULL; - nssSlot_ExitMonitor(tok->slot); - (void)nssSlot_Destroy(tok->slot); return nssArena_Destroy(tok->base.arena); } diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index e15929fb951d9..374e8578faae2 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -22,10 +22,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define NSS_VERSION "3.76" _NSS_CUSTOMIZED +#define NSS_VERSION "3.76.1" _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 76 -#define NSS_VPATCH 0 +#define NSS_VPATCH 1 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE
diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c index 4877f945053a0..2d41a34d85282 100644 --- a/security/nss/lib/pk11wrap/dev3hack.c +++ b/security/nss/lib/pk11wrap/dev3hack.c @@ -179,7 +179,6 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) if (!rvToken->slot) { goto loser; } - rvToken->slot->token = rvToken; if (rvToken->defaultSession) rvToken->defaultSession->slot = rvToken->slot; return rvToken; @@ -227,24 +226,6 @@ nssToken_Refresh(NSSToken *token) return token->defaultSession ? PR_SUCCESS : PR_FAILURE; }
-NSS_IMPLEMENT PRStatus -nssSlot_Refresh(NSSSlot *slot) -{ - PK11SlotInfo *nss3slot = slot->pk11slot; - PRBool doit = PR_FALSE; - if (slot->token && slot->token->base.name[0] == 0) { - doit = PR_TRUE; - } - if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) { - return PR_FAILURE; - } - if (doit) { - nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, - slot->token); - } - return nssToken_Refresh(slot->token); -} - NSS_IMPLEMENT PRStatus nssToken_GetTrustOrder(NSSToken *tok) { diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index d0c907bd0a29e..bcc3948584c91 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -17,10 +17,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define SOFTOKEN_VERSION "3.76" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.76.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 76 -#define SOFTOKEN_VPATCH 0 +#define SOFTOKEN_VPATCH 1 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 7cdb319881970..d73435270257b 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]" */ -#define NSSUTIL_VERSION "3.76" +#define NSSUTIL_VERSION "3.76.1" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 76 -#define NSSUTIL_VPATCH 0 +#define NSSUTIL_VPATCH 1 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE