diff options
Diffstat (limited to 'meta-oe/recipes-support/nss')
-rw-r--r-- | meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch | 14 | ||||
-rw-r--r-- | meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch | 19 | ||||
-rw-r--r-- | meta-oe/recipes-support/nss/nss_3.98.bb (renamed from meta-oe/recipes-support/nss/nss_3.73.1.bb) | 25 |
3 files changed, 34 insertions, 24 deletions
diff --git a/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch index 72ee1ee009..b7f1b01a14 100644 --- a/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +++ b/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch @@ -1,4 +1,4 @@ -From 9937e89c22eb2f2db9a936e7bc4442857b4192f5 Mon Sep 17 00:00:00 2001 +From 7c8f367faf8848a43a414079189e10270d6c0fcc Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 18 Dec 2019 12:29:50 +0100 Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto @@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 2 files changed, 5 insertions(+) diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile -index b38889f..4616aac 100644 +index 7ee8736..f9b4925 100644 --- a/nss/lib/freebl/Makefile +++ b/nss/lib/freebl/Makefile -@@ -139,6 +139,8 @@ endif +@@ -142,6 +142,8 @@ endif endif endif endif @@ -27,16 +27,16 @@ index b38889f..4616aac 100644 ifeq ($(CPU_ARCH),aarch64) ifdef CC_IS_CLANG DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -@@ -180,6 +182,7 @@ endif +@@ -183,6 +185,7 @@ endif endif endif endif +endif - ifeq ($(OS_TARGET),OSF1) - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD + ifeq (OS2,$(OS_TARGET)) + ASFILES = mpi_x86_os2.s diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c -index ac461b4..04cb180 100644 +index 2dae724..9ee7fc8 100644 --- a/nss/lib/freebl/gcm.c +++ b/nss/lib/freebl/gcm.c @@ -18,6 +18,7 @@ diff --git a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch index eb6174a7b0..2385fd3b9d 100644 --- a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch +++ b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -1,4 +1,4 @@ -From 919fc5d674fae99fe21ba1351d98b75e466f425f Mon Sep 17 00:00:00 2001 +From 46ab1ca6e6fb8e1196e0665a54506dff370f8f2a Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 22 Feb 2017 11:36:11 +0200 Subject: [PATCH] nss: fix support cross compiling @@ -10,15 +10,20 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> --- - nss/coreconf/arch.mk | 2 +- + nss/coreconf/arch.mk | 4 ++-- nss/lib/freebl/Makefile | 6 ++++++ - 2 files changed, 7 insertions(+), 1 deletion(-) + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk -index 2012d18..78fca62 100644 +index 17e9fae..bc4180a 100644 --- a/nss/coreconf/arch.mk +++ b/nss/coreconf/arch.mk -@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) +@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)) + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) ifeq ($(OS_TEST),i86pc) OS_RELEASE := $(shell uname -r)_$(OS_TEST) else @@ -26,9 +31,9 @@ index 2012d18..78fca62 100644 + OS_RELEASE ?= $(shell uname -r) endif - # + diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile -index 0b8c6f4..b38889f 100644 +index eeee90a..7ee8736 100644 --- a/nss/lib/freebl/Makefile +++ b/nss/lib/freebl/Makefile @@ -36,6 +36,12 @@ ifdef USE_64 diff --git a/meta-oe/recipes-support/nss/nss_3.73.1.bb b/meta-oe/recipes-support/nss/nss_3.98.bb index 274e85d1f9..0ceefb5e3e 100644 --- a/meta-oe/recipes-support/nss/nss_3.73.1.bb +++ b/meta-oe/recipes-support/nss/nss_3.98.bb @@ -11,16 +11,16 @@ SECTION = "libs" DEPENDS = "sqlite3 nspr zlib nss-native" DEPENDS:class-native = "sqlite3-native nspr-native zlib-native" -LICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0+ & MIT) | (MPL-2.0 & LGPL-2.1+ & MIT)" +LICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0-or-later & MIT) | (MPL-2.0 & LGPL-2.1-or-later & MIT)" LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132 \ - file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=d4096c1e4421ee56e9e0f441a8161f78" + file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=cc22f07b95d28d56baeb757df46ee7c8" VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ +SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ file://nss.pc.in \ file://0001-nss-fix-support-cross-compiling.patch \ file://nss-no-rpath-for-cross-compiling.patch \ @@ -33,7 +33,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://nss-fix-nsinstall-build.patch \ file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ " -SRC_URI[sha256sum] = "c768f9fe3129e8bcc2e9679456d7edd9453a225784a8fc7dc4501806f1fe9abe" +SRC_URI[sha256sum] = "f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce" UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes" @@ -224,7 +224,7 @@ do_install:append() { done install -d ${D}${libdir}/pkgconfig/ - sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed 's/%NSS_VERSION%/${PV}/' ${UNPACKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc @@ -239,9 +239,9 @@ do_install:append:class-target() { # databases by: # certutil -N -d sql:/database/path/ --empty-password install -d ${D}${sysconfdir}/pki/nssdb/ - install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db - install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db - install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt + install -m 0644 ${UNPACKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${UNPACKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${UNPACKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt } PACKAGE_WRITE_DEPS += "nss-native" @@ -280,5 +280,10 @@ RDEPENDS:${PN}-smime = "perl" BBCLASSEXTEND = "native nativesdk" -# CVE-2006-5201 affects only Sun Solaris -CVE_CHECK_WHITELIST += "CVE-2006-5201" +CVE_PRODUCT += "network_security_services" + +CVE_STATUS_GROUPS += "CVE_STATUS_NSS" +CVE_STATUS_NSS[status] = "not-applicable-config: This only affect the legacy db (libnssdbm), only compiled with --enable-legacy-db" +CVE_STATUS_NSS = "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698" + +CVE_STATUS[CVE-2022-3479] = "not-applicable-config: vulnerability was introduced in 3.77 and fixed in 3.87" |