| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Upgrade to newer version to resolve CVE-2022-22747.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Upgrade to 3.73.1 fixes CVE-2021-43527.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris.
Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NSS's build tries to be clever and passes for example -march=armv8-a+crypto
explicitly, instead of relying on the person doing the compilation to
set the right flags.
This conflicts with our compiler flags which typically pass the ideal
tune for the target, for example -mcpu=cortex-a55+crc+crypto.
When this happens GCC warns that the flags conflict (which was promoted
to an error, now fixed) and -march takes precedence over -mcpu.
As there's a huge number of potential tune flags to remove to avoid the
conflict, now that warnings are not fatal we can stop removing the flags
and let GCC warn as the generated code is the same.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
-Werror should be used by developers and not packagers, because new
compiler flags or GCC versions can use new warnings.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
-License-Update: Add the license of MIT.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
GCC-11 has fixed the problem [1]
[1] https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=da879e01ecd35737c18be1da3324f4560aba1961
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The patch: nss-fix-nsinstall-build.patch is embedded specific
so set it's Upstream-Status to inappropriate.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
with newer compilers we are seeing new warnings, e.g.
error: argument 1 of type 'int[1]' with mismatched bound [-Werror=array-parameter=]
8 | extern void pr_static_assert(int arg[(((long unsigned int)-1) > (long unsigned int)1) ? 1 : -1]);
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
with gcc11 and clang has its own set which triggers here as well, its
better to disable werror therefore, we still have warnings if someone
wants to fix them but they wont break the builds
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getcwd() conforms to POSIX.1-2001 which leaves the behaviour when the
buf argument is NULL, undefined. This makes gcc 10+ throw the following
warning:
argument 1 is null but the corresponding size argument 2 value is 4096
Initially, this was fixed by disabling NSS_ENABLE_WERROR. This patch
re-enables NSS_ENABLE_WERROR (by leaving it to its default value) and
takes advantage of the existing functionality in nss that wraps the
getcwd call into a function making sure that the buf argument is always
properly allocated.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Fix build with clang/ppc64le while here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bugs fixed in NSS 3.60.1:
Bug 1682863 - Fix remaining hang issues with slow third-party PKCS #11
tokens.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Refresh freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
- Drop pkix-Do-not-use-NULL-where-0-is-needed.patch
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like my "solution" also isn't working well at least for images with read-only-rootfs in IMAGE_FEATURES.
pkg_postinst_ontarget_${PN} is always forced to run on the target, which for read-only-rootfs results in:
log.do_rootfs:
...
NOTE: If an image is being built, the postinstalls for the following packages will be postponed for first boot: nss
...
ERROR: The following packages could not be configured offline and rootfs is read-only: ['nss']
and now looking at the /usr/bin/signlibs.sh and it does pretty much
the same as the postinst script when D isn't empty.
>From oe-core git history it shows that signlibs.sh was added first:
https://git.openembedded.org/openembedded-core/commit/?id=a4580f967c8064294a06d406acf5deb24aee2acc
then the offline version of postinst was added to support read-only-rootfs in:
https://git.openembedded.org/openembedded-core/commit/?id=64e87fc6e99bc1d4807034166735034b1f92bad8
and nss-native should always provide the shlibsign since:
https://git.openembedded.org/openembedded-core/commit/?id=88540c5b08dea069660d1a68e506aebdd68e6ae0
and only after
https://git.openembedded.org/openembedded-core/commit/?id=8f782f7095e718dd9452055af53363beb6bdbece
it looked like signlibs.sh was something special only for target.
So it looks to me, that we should just remove signlibs.sh script and let the same postinst be used on target and offline
(with or without D being empty).
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partially revert "nss: fix postinst script for nativesdk build"
This reverts commit 31552510b15c1c97aa6cbe180c2bb53d139efbcc.
When running in do_rootfs we need to run shlibsign provided
by nss-native, otherwise it fails when /usr/bin/shlibsign
doesn't exist on host builder:
do_rootfs: Postinstall scriptlets of ['nss'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Forward port 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are seeing warnigs with gcc-10 even on target builds e.g.
| In file included from nsinstall.c:20:
| /usr/include/unistd.h:520:14: note: in a call to function ‘getcwd’ declared with attribute ‘write_only (1, 2)’
| 520 | extern char *getcwd (char *__buf, size_t __size) __THROW __wur
| | ^~~~~~
| nsinstall.c:70:16: error: argument 1 is null but the corresponding size argument 2 value is 4096 [-Werror=nonnull]
| 70 | #define GETCWD getcwd
| | ^
| nsinstall.c:246:13: note: in expansion of macro ‘GETCWD’
| 246 | todir = GETCWD(0, PATH_MAX);
| | ^~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Found with clang-11
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's better to refer to binaries in postinst script with
full path which also works on SDK when
/opt/nativesysroot/usr/bin is not in PATH.
Fixes install of nativesdk-nss:
Configuring nativesdk-nss.
/var/lib/opkg/info/nativesdk-nss.postinst: line 14: signlibs.sh: not found
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade nss 3.51.1 -> 3.54:
* Refresh patches
* Drop riscv.patch and 0001-Enable-uint128-on-mips64.patch patches as upstream
commit [1] should implement that logic
* Use "autobuild" as do_compile make target (Makefile logic has changed
significantly, so the default target is no longer enough)
[1] https://hg.mozilla.org/projects/nss/rev/60aa7df14f119d2a21750668c5ce36fa38ef2c6c
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Some files are compiled with armv8-a+crypto and when using cortex-a55
the deduced march is armv8.2-a which then conflicts
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix below build error:
| verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h:22:1: error: 'FStar_UInt128___proj__Mkuint128__item__low' declared 'static' but never defined [-Werror=unused-function]
| 22 | FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
See full release notes:
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.51.1_release_notes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
oe-core has punted them, but they are still needed by many packages e.g.
mozjs
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
