summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/nss/nss_3.74.bb
Commit message (Collapse)AuthorAgeFilesLines
* nss: Upgrade 3.74 -> 3.98Mingli Yu2024-03-081-290/+0
| | | | | | | | | | * Remove one backported patch and rebase two patches to the new version. * License update: Copyright year updated to 2023 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cve_check: convert CVE_CHECK_IGNORE to CVE_STATUSAndrej Valek2023-07-271-8/+4
| | | | | | | | | - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: ignore CVE-2022-3479Peter Marko2023-06-041-0/+3
| | | | | | | | | | | | | | | Investigation based on https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 leads to following: * fixed in 3.87 (https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9) * changed code was introduced in 3.77 (https://hg.mozilla.org/projects/nss/rev/be6a97823bfe10fa08e17c9584938a2d525a38da) * NVD claims fix in 3.81, but there is no evidence for it in commit history (https://hg.mozilla.org/projects/nss/graph/a7f363511333b8062945557607691002fd6e40b9) * Debian also says for old versions "nss <not-affected> (Vulnerable code not present/was introduced later)" (https://security-tracker.debian.org/tracker/CVE-2022-3479) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: fix failed test of nss.Wentao Zhang2023-04-101-0/+1
| | | | | | | | The expiration date of the "PayPalEE.cert" test certificate in the nss package is Jan 12 2022 and causing a test failure. Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: Whitelist CVEs related to libnssdbmMathieu Dubois-Briand2022-12-091-0/+4
| | | | | | | | | | | | These CVEs only affect libnssdbm, compiled when --enable-legacy-db is used. https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8 https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9 Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: Add missing CVE productMathieu Dubois-Briand2022-12-091-0/+2
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: fix SRC_URIMartin Jansa2022-11-151-1/+1
| | | | | | | | * http://ftp.mozilla.org/pub/mozilla.org now returns 404, but the SRC_URI still works without "mozilla.org" directory Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Use new CVE_CHECK_IGNORE variableKhem Raj2022-02-211-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: uprev v3.73.1 -> v3.74Sakib Sajal2022-02-031-0/+284
Upgrade to newer version to resolve CVE-2022-22747. Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-11 13:42:26 +0000