* [dunfell 0/2] dunfell patch review
@ 2020-07-17 15:20 akuster
2020-07-17 15:20 ` [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3" akuster
2020-07-17 15:20 ` [dunfell 2/2] nss: Fix CVE-2020-12399 akuster
0 siblings, 2 replies; 10+ messages in thread
From: akuster @ 2020-07-17 15:20 UTC (permalink / raw)
To: openembedded-devel
Two additional for reveiw. This include reverting the jsoncpp update that may have introduced an abi change.
The following changes since commit 3add820b373564478591e244226704371c1d34d1:
wireshark: Update to 3.2.5 (2020-07-12 19:20:59 -0700)
are available in the Git repository at:
git://git.openembedded.org/meta-openembedded-contrib stable/dunfell-nut
http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/dunfell-nut
Armin Kuster (1):
Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
Ovidiu Panait (1):
nss: Fix CVE-2020-12399
.../{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} | 2 +-
...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++++++++++++++++++
meta-oe/recipes-support/nss/nss_3.51.1.bb | 1 +
3 files changed, 112 insertions(+), 1 deletion(-)
rename meta-oe/recipes-devtools/jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} (93%)
create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
--
2.17.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 15:20 [dunfell 0/2] dunfell patch review akuster
@ 2020-07-17 15:20 ` akuster
2020-07-17 17:24 ` [oe] " Adrian Bunk
2020-07-17 15:20 ` [dunfell 2/2] nss: Fix CVE-2020-12399 akuster
1 sibling, 1 reply; 10+ messages in thread
From: akuster @ 2020-07-17 15:20 UTC (permalink / raw)
To: openembedded-devel
This reverts commit 2b384c59733c437027f9b14cc32da19251efd97b.
It appears that there was a change in soname not noted in the changelog.
https://github.com/open-source-parsers/jsoncpp/commit/8b7ea09b8055df01866a5ce4142b12ed8f9f13eb
ABI change appears to have occured.
https://abi-laboratory.pro/index.php?view=timeline&l=jsoncpp
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-oe/recipes-devtools/jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} (93%)
diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
similarity index 93%
rename from meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
rename to meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
index 97c6361ad8..a88410f2ff 100644
--- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
+++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
@@ -11,7 +11,7 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fa2a23dd1dc6c139f35105379d76df2b"
-SRCREV = "6aba23f4a8628d599a9ef7fa4811c4ff6e4070e2"
+SRCREV = "d2e6a971f4544c55b8e3b25cf96db266971b778f"
SRC_URI = "git://github.com/open-source-parsers/jsoncpp"
S = "${WORKDIR}/git"
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [dunfell 2/2] nss: Fix CVE-2020-12399
2020-07-17 15:20 [dunfell 0/2] dunfell patch review akuster
2020-07-17 15:20 ` [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3" akuster
@ 2020-07-17 15:20 ` akuster
1 sibling, 0 replies; 10+ messages in thread
From: akuster @ 2020-07-17 15:20 UTC (permalink / raw)
To: openembedded-devel
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Master (nss version 3.54) is not affected by this issue. This is a backport
from nss version 3.54.
NSS has shown timing differences when performing DSA signatures, which was
exploitable and could eventually leak private keys. This vulnerability affects
Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Upstream patch:
https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++++++++++++++++++
meta-oe/recipes-support/nss/nss_3.51.1.bb | 1 +
2 files changed, 111 insertions(+)
create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
new file mode 100644
index 0000000000..517c277ae0
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
@@ -0,0 +1,110 @@
+From 5942c26888ba12ad5e0d92fb62f23d7cde6dc159 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Mon, 13 Jul 2020 06:25:56 +0000
+Subject: [PATCH] Bug 1631576 - Force a fixed length for DSA exponentiation
+ r=pereida,bbrumley
+
+Differential Revision: https://phabricator.services.mozilla.com/D72011
+
+Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e]
+
+Authored-by: Robert Relyea <rrelyea@redhat.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ nss/lib/freebl/dsa.c | 45 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 35 insertions(+), 10 deletions(-)
+
+diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
+index aef3539..389c9de 100644
+--- a/nss/lib/freebl/dsa.c
++++ b/nss/lib/freebl/dsa.c
+@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
+
+ static SECStatus
+ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+- const unsigned char *kb)
++ const unsigned char *kbytes)
+ {
+ mp_int p, q, g; /* PQG parameters */
+ mp_int x, k; /* private key & pseudo-random integer */
+ mp_int r, s; /* tuple (r, s) is signature) */
+ mp_int t; /* holding tmp values */
+ mp_int ar; /* holding blinding values */
++ mp_digit fuzz; /* blinding multiplier for q */
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
+ unsigned int dsa_subprime_len, dsa_signature_len, offset;
+@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+ CHECK_MPI_OK(mp_init(&s));
+ CHECK_MPI_OK(mp_init(&t));
+ CHECK_MPI_OK(mp_init(&ar));
++
+ /*
+ ** Convert stored PQG and private key into MPI integers.
+ */
+@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+ SECITEM_TO_MPINT(key->params.subPrime, &q);
+ SECITEM_TO_MPINT(key->params.base, &g);
+ SECITEM_TO_MPINT(key->privateValue, &x);
+- OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
++ OCTETS_TO_MPINT(kbytes, &k, dsa_subprime_len);
++
++ /* k blinding create a single value that has the high bit set in
++ * the mp_digit*/
++ if (RNG_GenerateGlobalRandomBytes(&fuzz, sizeof(mp_digit)) != SECSuccess) {
++ PORT_SetError(SEC_ERROR_NEED_RANDOM);
++ rv = SECFailure;
++ goto cleanup;
++ }
++ fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
+ /*
+ ** FIPS 186-1, Section 5, Step 1
+ **
+ ** r = (g**k mod p) mod q
+ */
+- CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
+- CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
++ CHECK_MPI_OK(mp_mul_d(&q, fuzz, &t)); /* t = q*fuzz */
++ CHECK_MPI_OK(mp_add(&k, &t, &t)); /* t = k+q*fuzz */
++ /* length of t is now fixed, bits in k have been blinded */
++ CHECK_MPI_OK(mp_exptmod(&g, &t, &p, &r)); /* r = g**t mod p */
++ /* r is now g**(k+q*fuzz) == g**k mod p */
++ CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
++
+ /*
+ ** FIPS 186-1, Section 5, Step 2
+ **
+@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+ /* Using mp_invmod on k directly would leak bits from k. */
+ CHECK_MPI_OK(mp_mul(&k, &ar, &k)); /* k = k * ar */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+- CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
++ /* k is now k*t*ar */
++ CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
++ /* k is now (k*t*ar)**-1 */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+- SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
++ /* k is now (k*ar)**-1 */
++ SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
+ /* To avoid leaking secret bits here the addition is blinded. */
+- CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
+- CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
++ CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
++ /* x is now x*ar */
++ CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
++ /* x is now x*r*ar */
+ CHECK_MPI_OK(mp_mulmod(&s, &ar, &q, &t)); /* t = s * ar mod q */
+- CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
+- CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
++ /* t is now hash(M)*ar */
++ CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
++ /* s is now (HASH(M)+x*r)*ar */
++ CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
++ /* s is now (HASH(M)+x*r)*ar*(k*ar)**-1 = (k**-1)*(HASH(M)+x*r) */
++
+ /*
+ ** verify r != 0 and s != 0
+ ** mentioned as optional in FIPS 186-1.
+--
+2.18.1
+
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index 36e6cd8fc5..c00bd34cb2 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
file://riscv.patch \
file://0001-Enable-uint128-on-mips64.patch \
+ file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
"
SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 15:20 ` [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3" akuster
@ 2020-07-17 17:24 ` Adrian Bunk
2020-07-17 19:16 ` akuster
2020-07-20 7:33 ` Mikko Rapeli
0 siblings, 2 replies; 10+ messages in thread
From: Adrian Bunk @ 2020-07-17 17:24 UTC (permalink / raw)
To: akuster; +Cc: openembedded-devel
On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>...
> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>...
This would make the version going backwards, please add
PV = "1.9.3+really1.9.2"
cu
Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 17:24 ` [oe] " Adrian Bunk
@ 2020-07-17 19:16 ` akuster
2020-07-17 19:53 ` Adrian Bunk
2020-07-20 7:33 ` Mikko Rapeli
1 sibling, 1 reply; 10+ messages in thread
From: akuster @ 2020-07-17 19:16 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-devel
On 7/17/20 10:24 AM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>> ...
>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>> ...
> This would make the version going backwards, please add
> PV = "1.9.3+really1.9.2"
right. Wouldn't EP = "1" do the same?
>
> cu
> Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 19:16 ` akuster
@ 2020-07-17 19:53 ` Adrian Bunk
2020-07-17 20:57 ` akuster
0 siblings, 1 reply; 10+ messages in thread
From: Adrian Bunk @ 2020-07-17 19:53 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-devel
On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
>
>
> On 7/17/20 10:24 AM, Adrian Bunk wrote:
> > On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >> ...
> >> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> >> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >> ...
> > This would make the version going backwards, please add
> > PV = "1.9.3+really1.9.2"
>
> right. Wouldn't EP = "1" do the same?
PE (not EP) would also solve this.
The problem with an epoch is that it is permanent while
a +really version will go away with 1.9.4.
cu
Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 19:53 ` Adrian Bunk
@ 2020-07-17 20:57 ` akuster
2020-07-18 6:15 ` Adrian Bunk
0 siblings, 1 reply; 10+ messages in thread
From: akuster @ 2020-07-17 20:57 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-devel
On 7/17/20 12:53 PM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
>>
>> On 7/17/20 10:24 AM, Adrian Bunk wrote:
>>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>>>> ...
>>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>>>> ...
>>> This would make the version going backwards, please add
>>> PV = "1.9.3+really1.9.2"
>> right. Wouldn't EP = "1" do the same?
> PE (not EP) would also solve this.
right.
>
> The problem with an epoch is that it is permanent while
> a +really version will go away with 1.9.4.
I don't expect to every update to 1.9.4 as .3 may have introduced ABI
changes otherwise I would not have reverted this to begin with.
-armin
>
> cu
> Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 20:57 ` akuster
@ 2020-07-18 6:15 ` Adrian Bunk
2020-07-18 14:28 ` akuster
0 siblings, 1 reply; 10+ messages in thread
From: Adrian Bunk @ 2020-07-18 6:15 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-devel
On Fri, Jul 17, 2020 at 01:57:24PM -0700, akuster808 wrote:
>
>
> On 7/17/20 12:53 PM, Adrian Bunk wrote:
> > On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
> >>
> >> On 7/17/20 10:24 AM, Adrian Bunk wrote:
> >>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >>>> ...
> >>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> >>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >>>> ...
> >>> This would make the version going backwards, please add
> >>> PV = "1.9.3+really1.9.2"
> >> right. Wouldn't EP = "1" do the same?
> > PE (not EP) would also solve this.
> right.
> >
> > The problem with an epoch is that it is permanent while
> > a +really version will go away with 1.9.4.
> I don't expect to every update to 1.9.4 as .3 may have introduced ABI
> changes otherwise I would not have reverted this to begin with.
Not in dunfell.
PE would have to stay forever in master.
cu
Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-18 6:15 ` Adrian Bunk
@ 2020-07-18 14:28 ` akuster
0 siblings, 0 replies; 10+ messages in thread
From: akuster @ 2020-07-18 14:28 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-devel
On 7/17/20 11:15 PM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 01:57:24PM -0700, akuster808 wrote:
>>
>> On 7/17/20 12:53 PM, Adrian Bunk wrote:
>>> On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
>>>> On 7/17/20 10:24 AM, Adrian Bunk wrote:
>>>>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>>>>>> ...
>>>>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>>>>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>>>>>> ...
>>>>> This would make the version going backwards, please add
>>>>> PV = "1.9.3+really1.9.2"
>>>> right. Wouldn't EP = "1" do the same?
>>> PE (not EP) would also solve this.
>> right.
>>> The problem with an epoch is that it is permanent while
>>> a +really version will go away with 1.9.4.
>> I don't expect to every update to 1.9.4 as .3 may have introduced ABI
>> changes otherwise I would not have reverted this to begin with.
> Not in dunfell.
>
> PE would have to stay forever in master.
Master did not change. Dunfell changed.
>
> cu
> Adrian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"
2020-07-17 17:24 ` [oe] " Adrian Bunk
2020-07-17 19:16 ` akuster
@ 2020-07-20 7:33 ` Mikko Rapeli
1 sibling, 0 replies; 10+ messages in thread
From: Mikko Rapeli @ 2020-07-20 7:33 UTC (permalink / raw)
To: bunk; +Cc: akuster808, openembedded-devel
Hi,
On Fri, Jul 17, 2020 at 08:24:58PM +0300, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >...
> > --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> > +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >...
>
> This would make the version going backwards, please add
> PV = "1.9.3+really1.9.2"
This will break CVE version checks unless CVE_VERSION is set to 1.9.2.
Please increment PE instead.
Cheers,
-Mikko
> cu
> Adrian
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-07-20 7:33 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-17 15:20 [dunfell 0/2] dunfell patch review akuster
2020-07-17 15:20 ` [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3" akuster
2020-07-17 17:24 ` [oe] " Adrian Bunk
2020-07-17 19:16 ` akuster
2020-07-17 19:53 ` Adrian Bunk
2020-07-17 20:57 ` akuster
2020-07-18 6:15 ` Adrian Bunk
2020-07-18 14:28 ` akuster
2020-07-20 7:33 ` Mikko Rapeli
2020-07-17 15:20 ` [dunfell 2/2] nss: Fix CVE-2020-12399 akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.