main/nss: security upgrade to 3.19.2.3 (CVE-2016-1950, CVE-2016-1979). Fixes # 5323

2 files changed, 5 insertions, 30 deletions

diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index c1e91fffb0..36d0e01cab 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -1,9 +1,9 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=nss
-pkgver=3.19.2.1
+pkgver=3.19.2.3
 _ver=${pkgver//./_}
-pkgrel=1
+pkgrel=0
 pkgdesc="Mozilla Network Security Services"
 url="http://www.mozilla.org/projects/security/pki/nss/"
 arch="all"
@@ -17,7 +17,6 @@ source="http://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/sr
 	add_spi+cacert_ca_certs.patch
 	ssl-renegotiate-transitional.patch
 	fix-cdefs_h.patch
-	CVE-2015-7575-minimal.patch
 	CVE-2016-1938.patch
 	"
 depends_dev="nspr-dev"
@@ -142,27 +141,24 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="f7b1c00899b16cd05076b406595b1af2  nss-3.19.2.1.tar.gz
+md5sums="c6d2b02a004adb71e44035fa21714b17  nss-3.19.2.3.tar.gz
 c547b030c57fe1ed8b77c73bf52b3ded  nss.pc.in
 46bee81908f1e5b26d6a7a2e14c64d9f  nss-config.in
 981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch
 2412ff2e97b3ec452cb016f2506a0e08  ssl-renegotiate-transitional.patch
 1f83bc41ffe34190bcc27d146c479772  fix-cdefs_h.patch
-90333c6a61b54c5420600c8a81239c07  CVE-2015-7575-minimal.patch
 07bd1b0124bc01cf79c1f33e61dbb8bd  CVE-2016-1938.patch"
-sha256sums="ab7eaf3d6b26e6b238d80a613314adf2d97789ada7eec4c971c93b925f22285e  nss-3.19.2.1.tar.gz
+sha256sums="646912924ab48fec2b32eecd2344052d4f987341d40fc4c6d8ce11b2fcf5104a  nss-3.19.2.3.tar.gz
 b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd  nss.pc.in
 e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9  nss-config.in
 592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch
 1a49be9d7f835be737825252f50e4ee2869228eb303a087dde7fb81794b92ebd  ssl-renegotiate-transitional.patch
 41866089e3d085f05bc4a7e337f2f5740da4eef9021366a450a8fd111f24975c  fix-cdefs_h.patch
-cf6b6ffc90940c1c49e1b1e783e58284c8e2a0c0933d7fde3a88ea3ca01ff477  CVE-2015-7575-minimal.patch
 2b2d6aa5f498ba90a671fbaf90f6cc220c21fc9b38ce5c792d40417f919c2e03  CVE-2016-1938.patch"
-sha512sums="92b57fe1986b39076c6062c77710beedecf36cc2a7aaba832c11533096ba9ccaa9acb7f389e69cee209f2459674d589811733b55023dca00fc823a6637a8c496  nss-3.19.2.1.tar.gz
+sha512sums="e8f2f2b47cc002ff692a7d4eb10b37569536d437599f2850b402b014c60ab55a7ddd07366ac613f26e1245444a90d8ff37183f8de5b2bcd27eceb4a47d765d70  nss-3.19.2.3.tar.gz
 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
 6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch
 c21a82247d87d74cb27575efc517a6771476320ce412cd444e83d0782e29f82552676247da093518b07d3eb7dc67c53cd1901ee8d6f59b342d02e47784c39192  ssl-renegotiate-transitional.patch
 54080ed5e66185bfb9fae6518b8f898213a00a2803900ee13a958664a7e60aee60b51f0c27176344ebf49e9c671f1f62f56280ab9e8c7f206c5df143c3a7d24c  fix-cdefs_h.patch
-1b5fdcee47c74e796fef8cdb922d89e2cc73ba989fdb1a9209c2e8271659bbf6ead86aa6569d586e7136e18ae530bf69e9e8b3763ebb14f7d7976a6e60dace44  CVE-2015-7575-minimal.patch
 7490d57757dcab0e885fc4336632085df5f0677eb3c98017fc3f53d22e239d7b17cda812630d7b920d5e85832312ff360056e4273c55c26f98253ee4d1a7dbb8  CVE-2016-1938.patch"
diff --git a/main/nss/CVE-2015-7575-minimal.patch b/main/nss/CVE-2015-7575-minimal.patch
deleted file mode 100644
index 36050a8f36..0000000000
--- a/main/nss/CVE-2015-7575-minimal.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/nss/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c
-+++ b/nss/lib/ssl/ssl3con.c
-@@ -4345,17 +4345,16 @@ ssl3_ConsumeHandshakeVariable(sslSocket 
- }
- 
- /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
-  * SECOidTag used internally by NSS. */
- static const struct {
-     int tlsHash;
-     SECOidTag oid;
- } tlsHashOIDMap[] = {
--    { tls_hash_md5, SEC_OID_MD5 },
-     { tls_hash_sha1, SEC_OID_SHA1 },
-     { tls_hash_sha224, SEC_OID_SHA224 },
-     { tls_hash_sha256, SEC_OID_SHA256 },
-     { tls_hash_sha384, SEC_OID_SHA384 },
-     { tls_hash_sha512, SEC_OID_SHA512 }
- };
- 
- /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.