Re: [oe] [dunfel 03/32] jsoncpp: upgrade 1.9.2 -> 1.9.3

2020-07-14 Thread akuster 


On 7/13/20 8:46 AM, Khem Raj wrote:
> On Mon, Jul 13, 2020 at 1:25 AM  wrote:
>> Hi,
>>
>> On Sun, Jul 12, 2020 at 11:41:58AM -0700, akuster wrote:
>>>
>>> On 7/10/20 12:37 AM, mikko.rap...@bmw.de wrote:
 Hi,

 jsoncpp seems to have messy ABI history so I would not update even minor 
 versions
 in stable branch:
>>> so are you for a revert?
>> Yes, I would prefer a revert.
> I think that's fine. Armin can you include this in your latest pull
> review bundle, please?

Sure.  I have a few more things to capture too.

-armin
>
>> -Mikko
>>
>>> -armin
 https://abi-laboratory.pro/index.php?view=timeline=jsoncpp

 Cheers,

 -Mikko
>>> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#85769): 
https://lists.openembedded.org/g/openembedded-devel/message/85769
Mute This Topic: https://lists.openembedded.org/mt/75225744/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][dunfell][PATCH 1/1] nss: Fix CVE-2020-12399

2020-07-14 Thread Ovidiu Panait 
Master (nss version 3.54) is not affected by this issue. This is a backport
from nss version 3.54.

NSS has shown timing differences when performing DSA signatures, which was
exploitable and could eventually leak private keys. This vulnerability affects
Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Upstream patch:
https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e

Signed-off-by: Ovidiu Panait 
---
 ...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++
 meta-oe/recipes-support/nss/nss_3.51.1.bb |   1 +
 2 files changed, 111 insertions(+)
 create mode 100644 
meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch

diff --git 
a/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
 
b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
new file mode 100644
index 0..517c277ae
--- /dev/null
+++ 
b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
@@ -0,0 +1,110 @@
+From 5942c26888ba12ad5e0d92fb62f23d7cde6dc159 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait 
+Date: Mon, 13 Jul 2020 06:25:56 +
+Subject: [PATCH] Bug 1631576 - Force a fixed length for DSA exponentiation
+ r=pereida,bbrumley
+
+Differential Revision: https://phabricator.services.mozilla.com/D72011
+
+Upstream-Status: Backport 
[https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e]
+
+Authored-by: Robert Relyea 
+Signed-off-by: Ovidiu Panait 
+---
+ nss/lib/freebl/dsa.c | 45 ++--
+ 1 file changed, 35 insertions(+), 10 deletions(-)
+
+diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
+index aef3539..389c9de 100644
+--- a/nss/lib/freebl/dsa.c
 b/nss/lib/freebl/dsa.c
+@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
+ 
+ static SECStatus
+ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+-   const unsigned char *kb)
++   const unsigned char *kbytes)
+ {
+ mp_int p, q, g; /* PQG parameters */
+ mp_int x, k;/* private key & pseudo-random integer */
+ mp_int r, s;/* tuple (r, s) is signature) */
+ mp_int t;   /* holding tmp values */
+ mp_int ar;  /* holding blinding values */
++mp_digit fuzz;  /* blinding multiplier for q */
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
+ unsigned int dsa_subprime_len, dsa_signature_len, offset;
+@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, 
const SECItem *digest,
+ CHECK_MPI_OK(mp_init());
+ CHECK_MPI_OK(mp_init());
+ CHECK_MPI_OK(mp_init());
++
+ /*
+ ** Convert stored PQG and private key into MPI integers.
+ */
+@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, 
const SECItem *digest,
+ SECITEM_TO_MPINT(key->params.subPrime, );
+ SECITEM_TO_MPINT(key->params.base, );
+ SECITEM_TO_MPINT(key->privateValue, );
+-OCTETS_TO_MPINT(kb, , dsa_subprime_len);
++OCTETS_TO_MPINT(kbytes, , dsa_subprime_len);
++
++/* k blinding  create a single value that has the high bit set in
++ * the mp_digit*/
++if (RNG_GenerateGlobalRandomBytes(, sizeof(mp_digit)) != SECSuccess) 
{
++PORT_SetError(SEC_ERROR_NEED_RANDOM);
++rv = SECFailure;
++goto cleanup;
++}
++fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
+ /*
+ ** FIPS 186-1, Section 5, Step 1
+ **
+ ** r = (g**k mod p) mod q
+ */
+-CHECK_MPI_OK(mp_exptmod(, , , )); /* r = g**k mod p */
+-CHECK_MPI_OK(mp_mod(, , )); /* r = r mod q*/
++CHECK_MPI_OK(mp_mul_d(, fuzz, )); /* t = q*fuzz */
++CHECK_MPI_OK(mp_add(, , )); /* t = k+q*fuzz */
++/* length of t is now fixed, bits in k have been blinded */
++CHECK_MPI_OK(mp_exptmod(, , , )); /* r = g**t mod p */
++/* r is now g**(k+q*fuzz) == g**k mod p */
++CHECK_MPI_OK(mp_mod(, , )); /* r = r mod q*/
++
+ /*
+ ** FIPS 186-1, Section 5, Step 2
+ **
+@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, 
const SECItem *digest,
+ /* Using mp_invmod on k directly would leak bits from k. */
+ CHECK_MPI_OK(mp_mul(, , ));   /* k = k * ar */
+ CHECK_MPI_OK(mp_mulmod(, , , )); /* k = k * t mod q */
+-CHECK_MPI_OK(mp_invmod(, , )); /* k = k**-1 mod q */
++/* k is now k*t*ar */
++CHECK_MPI_OK(mp_invmod(, , )); /* k = k**-1 mod q */
++/* k is now (k*t*ar)**-1 */
+ CHECK_MPI_OK(mp_mulmod(, , , )); /* k = k * t mod q */
+-SECITEM_TO_MPINT(localDigest, );   /* s = HASH(M) */
++/* k is now (k*ar)**-1 */
++SECITEM_TO_MPINT(localDigest, ); /* s = HASH(M) */
+ /* To avoid leaking secret bits here the addition is blinded. */
+-CHECK_MPI_OK(mp_mul(, , ));/* x = x * ar */
+-