3 files changed, 2 insertions, 153 deletions
diff --git a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch b/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
deleted file mode 100644
index bc10f3385d..0000000000
--- a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 6f7d7be9997ba6727a5ad7c3800df9051160dc12 Mon Sep 17 00:00:00 2001
-From: Martin Thomson <martin.thomson@gmail.com>
-Date: Tue, 13 Feb 2018 12:30:58 +1100
-Subject: [PATCH] Bug 1437734 - Use snprintf in sign.c, r=ttaubert
--HG--
-extra : rebase_source : 97921ece71ff86b18d32b891591608290eed4d83
---
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/0a9078b3cde97add7c825c9d13467a8401ad0c88#diff-b42512151dc137537091f823f7701804.patch]
- nss/cmd/signtool/sign.c | 58 ++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 48 insertions(+), 10 deletions(-)
-diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c
-index 6e776069a..6f8e43946 100644
--- a/nss/cmd/signtool/sign.c
-+++ b/nss/cmd/signtool/sign.c
-@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-     int status;
-     char tempfn[FNSIZE], fullfn[FNSIZE];
-     int keyType = rsaKey;
-+    int count;
- 
-     metafile = meta_file;
-     optimize = _optimize;
-@@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-         }
- 
-         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-                                                                   : "rsa"));
-        sprintf(fullfn, "%s/%s", tree, tempfn);
-+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+        if (count >= sizeof(tempfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+        if (count >= sizeof(fullfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-         JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-         /* Loop through all files & subdirectories, add to archive */
-@@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
-     }
-     /* mf to zip */
-     strcpy(tempfn, "META-INF/manifest.mf");
-    sprintf(fullfn, "%s/%s", tree, tempfn);
-+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+    if (count >= sizeof(fullfn)) {
-+        PR_fprintf(errorFD, "unable to write manifest\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-     JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-     /* sf to zip */
-    sprintf(tempfn, "META-INF/%s.sf", base);
-    sprintf(fullfn, "%s/%s", tree, tempfn);
-+    count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base);
-+    if (count >= sizeof(tempfn)) {
-+        PR_fprintf(errorFD, "unable to write sf metadata\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+    if (count >= sizeof(fullfn)) {
-+        PR_fprintf(errorFD, "unable to write sf metadata\n");
-+        errorCount++;
-+        exit(ERRX);
-+    }
-     JzipAdd(fullfn, tempfn, zipfile, compression_level);
- 
-     /* Add the rsa/dsa file to the zip archive normally */
-     if (!xpi_arc) {
-         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-                                                                   : "rsa"));
-        sprintf(fullfn, "%s/%s", tree, tempfn);
-+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+        if (count >= sizeof(tempfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+        if (count >= sizeof(fullfn)) {
-+            PR_fprintf(errorFD, "unable to write key metadata\n");
-+            errorCount++;
-+            exit(ERRX);
-+        }
-         JzipAdd(fullfn, tempfn, zipfile, compression_level);
-     }
- 
-@@ -408,6 +442,7 @@ static int
- manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
- {
-     char fullname[FNSIZE];
-+    int count;
- 
-     if (verbosity >= 0) {
-         PR_fprintf(outputFD, "--> %s\n", relpath);
-@@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi
-         if (!PL_HashTableLookup(extensions, ext))
-             return 0;
-     }
-    sprintf(fullname, "%s/%s", basedir, relpath);
-+    count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath);
-+    if (count >= sizeof(fullname)) {
-+        return 1;
-+    }
-     JzipAdd(fullname, relpath, zipfile, compression_level);
- 
-     return 0;
diff --git a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch b/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
deleted file mode 100644
index 8276f89e8b..0000000000
--- a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1516710574 -3600
-#      Tue Jan 23 13:29:34 2018 +0100
-# Node ID 27f27ce21c2c6ff5a47fa9e17c438b000366c9c9
-# Parent  be1dca5ac80541d3b81a8da9d42854d8b1cceefb
-Build Hacl_Poly1305_64.o on aarch64 even with make
-Upstream-Status: Backport
-https://bug1432455.bmoattachments.org/attachment.cgi?id=8944691
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-Index: nss-3.35/nss/lib/freebl/Makefile
-===================================================================
--- nss-3.35.orig/nss/lib/freebl/Makefile
-+++ nss-3.35/nss/lib/freebl/Makefile
-@@ -533,7 +533,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
-             EXTRA_SRCS += chacha20_vec.c
-         endif
-     else
-        EXTRA_SRCS += poly1305.c
-+        ifeq ($(CPU_ARCH),aarch64)
-+            EXTRA_SRCS += Hacl_Poly1305_64.c
-+        else
-+            EXTRA_SRCS += poly1305.c
-+        endif
-+
-         EXTRA_SRCS += chacha20.c
-         VERIFIED_SRCS += Hacl_Chacha20.c
-     endif # x86_64
diff --git a/meta/recipes-support/nss/nss_3.35.bb b/meta/recipes-support/nss/nss_3.36.1.bb
index 84f1916f30..f8555389ff 100644
--- a/meta/recipes-support/nss/nss_3.35.bb
+++ b/meta/recipes-support/nss/nss_3.36.1.bb
@@ -26,12 +26,10 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
           file://disable-Wvarargs-with-clang.patch \
           file://pqg.c-ULL_addend.patch \
           file://Fix-compilation-for-X32.patch \
-           file://nss-build-hacl-poly1305-aarch64.patch \
-           file://0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch \
           "
-SRC_URI[md5sum] = "9467ec9e65c5aeb3254a50250490f5f7"
+SRC_URI[md5sum] = "814d8fe3ec89006cf62078e2a56cf2f9"
-SRC_URI[sha256sum] = "f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa"
+SRC_URI[sha256sum] = "6025441d528ff6a7f1a4b673b6ee7d3540731ada3f78d5acd5c3b3736b222bff"
 UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
 UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"

diff --git a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch b/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch deleted file mode 100644 index bc10f3385d..0000000000 --- a/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch +++ /dev/null
@@ -1,119 +0,0 @@
1	From 6f7d7be9997ba6727a5ad7c3800df9051160dc12 Mon Sep 17 00:00:00 2001
2	From: Martin Thomson <martin.thomson@gmail.com>
3	Date: Tue, 13 Feb 2018 12:30:58 +1100
4	Subject: [PATCH] Bug 1437734 - Use snprintf in sign.c, r=ttaubert
5
6	--HG--
7	extra : rebase_source : 97921ece71ff86b18d32b891591608290eed4d83
8	---
9	Signed-off-by: Khem Raj <raj.khem@gmail.com>
10	Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/0a9078b3cde97add7c825c9d13467a8401ad0c88#diff-b42512151dc137537091f823f7701804.patch]
11
12	nss/cmd/signtool/sign.c \| 58 ++++++++++++++++++++++++++++++++++++++++---------
13	1 file changed, 48 insertions(+), 10 deletions(-)
14
15	diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c
16	index 6e776069a..6f8e43946 100644
17	--- a/nss/cmd/signtool/sign.c
18	+++ b/nss/cmd/signtool/sign.c
19	@@ -43,6 +43,7 @@ SignArchive(char tree, char keyName, char *zip_file, int javascript,
20	int status;
21	char tempfn[FNSIZE], fullfn[FNSIZE];
22	int keyType = rsaKey;
23	+ int count;
24
25	metafile = meta_file;
26	optimize = _optimize;
27	@@ -81,9 +82,18 @@ SignArchive(char tree, char keyName, char *zip_file, int javascript,
28	}
29
30	/* rsa/dsa to zip */
31	- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
32	- : "rsa"));
33	- sprintf(fullfn, "%s/%s", tree, tempfn);
34	+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
35	+ if (count >= sizeof(tempfn)) {
36	+ PR_fprintf(errorFD, "unable to write key metadata\n");
37	+ errorCount++;
38	+ exit(ERRX);
39	+ }
40	+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
41	+ if (count >= sizeof(fullfn)) {
42	+ PR_fprintf(errorFD, "unable to write key metadata\n");
43	+ errorCount++;
44	+ exit(ERRX);
45	+ }
46	JzipAdd(fullfn, tempfn, zipfile, compression_level);
47
48	/* Loop through all files & subdirectories, add to archive */
49	@@ -93,20 +103,44 @@ SignArchive(char tree, char keyName, char *zip_file, int javascript,
50	}
51	/* mf to zip */
52	strcpy(tempfn, "META-INF/manifest.mf");
53	- sprintf(fullfn, "%s/%s", tree, tempfn);
54	+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
55	+ if (count >= sizeof(fullfn)) {
56	+ PR_fprintf(errorFD, "unable to write manifest\n");
57	+ errorCount++;
58	+ exit(ERRX);
59	+ }
60	JzipAdd(fullfn, tempfn, zipfile, compression_level);
61
62	/* sf to zip */
63	- sprintf(tempfn, "META-INF/%s.sf", base);
64	- sprintf(fullfn, "%s/%s", tree, tempfn);
65	+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base);
66	+ if (count >= sizeof(tempfn)) {
67	+ PR_fprintf(errorFD, "unable to write sf metadata\n");
68	+ errorCount++;
69	+ exit(ERRX);
70	+ }
71	+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
72	+ if (count >= sizeof(fullfn)) {
73	+ PR_fprintf(errorFD, "unable to write sf metadata\n");
74	+ errorCount++;
75	+ exit(ERRX);
76	+ }
77	JzipAdd(fullfn, tempfn, zipfile, compression_level);
78
79	/* Add the rsa/dsa file to the zip archive normally */
80	if (!xpi_arc) {
81	/* rsa/dsa to zip */
82	- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
83	- : "rsa"));
84	- sprintf(fullfn, "%s/%s", tree, tempfn);
85	+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
86	+ if (count >= sizeof(tempfn)) {
87	+ PR_fprintf(errorFD, "unable to write key metadata\n");
88	+ errorCount++;
89	+ exit(ERRX);
90	+ }
91	+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
92	+ if (count >= sizeof(fullfn)) {
93	+ PR_fprintf(errorFD, "unable to write key metadata\n");
94	+ errorCount++;
95	+ exit(ERRX);
96	+ }
97	JzipAdd(fullfn, tempfn, zipfile, compression_level);
98	}
99
100	@@ -408,6 +442,7 @@ static int
101	manifesto_xpi_fn(char relpath, char basedir, char reldir, char filename, void *arg)
102	{
103	char fullname[FNSIZE];
104	+ int count;
105
106	if (verbosity >= 0) {
107	PR_fprintf(outputFD, "--> %s\n", relpath);
108	@@ -421,7 +456,10 @@ manifesto_xpi_fn(char relpath, char basedir, char reldir, char filename, voi
109	if (!PL_HashTableLookup(extensions, ext))
110	return 0;
111	}
112	- sprintf(fullname, "%s/%s", basedir, relpath);
113	+ count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath);
114	+ if (count >= sizeof(fullname)) {
115	+ return 1;
116	+ }
117	JzipAdd(fullname, relpath, zipfile, compression_level);
118
119	return 0;


diff --git a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch b/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch deleted file mode 100644 index 8276f89e8b..0000000000 --- a/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch +++ /dev/null
@@ -1,30 +0,0 @@
1	# HG changeset patch
2	# User Daiki Ueno <dueno@redhat.com>
3	# Date 1516710574 -3600
4	# Tue Jan 23 13:29:34 2018 +0100
5	# Node ID 27f27ce21c2c6ff5a47fa9e17c438b000366c9c9
6	# Parent be1dca5ac80541d3b81a8da9d42854d8b1cceefb
7	Build Hacl_Poly1305_64.o on aarch64 even with make
8
9	Upstream-Status: Backport
10	https://bug1432455.bmoattachments.org/attachment.cgi?id=8944691
11	Signed-off-by: Armin Kuster <akuster@mvista.com>
12
13	Index: nss-3.35/nss/lib/freebl/Makefile
14	===================================================================
15	--- nss-3.35.orig/nss/lib/freebl/Makefile
16	+++ nss-3.35/nss/lib/freebl/Makefile
17	@@ -533,7 +533,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
18	EXTRA_SRCS += chacha20_vec.c
19	endif
20	else
21	- EXTRA_SRCS += poly1305.c
22	+ ifeq ($(CPU_ARCH),aarch64)
23	+ EXTRA_SRCS += Hacl_Poly1305_64.c
24	+ else
25	+ EXTRA_SRCS += poly1305.c
26	+ endif
27	+
28	EXTRA_SRCS += chacha20.c
29	VERIFIED_SRCS += Hacl_Chacha20.c
30	endif # x86_64


diff --git a/meta/recipes-support/nss/nss_3.35.bb b/meta/recipes-support/nss/nss_3.36.1.bb index 84f1916f30..f8555389ff 100644 --- a/meta/recipes-support/nss/nss_3.35.bb +++ b/meta/recipes-support/nss/nss_3.36.1.bb
@@ -26,12 +26,10 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
26	file://disable-Wvarargs-with-clang.patch \	26	file://disable-Wvarargs-with-clang.patch \
27	file://pqg.c-ULL_addend.patch \	27	file://pqg.c-ULL_addend.patch \
28	file://Fix-compilation-for-X32.patch \	28	file://Fix-compilation-for-X32.patch \
29	file://nss-build-hacl-poly1305-aarch64.patch \
30	file://0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch \
31	"	29	"
32		30
33	SRC_URI[md5sum] = "9467ec9e65c5aeb3254a50250490f5f7"	31	SRC_URI[md5sum] = "814d8fe3ec89006cf62078e2a56cf2f9"
34	SRC_URI[sha256sum] = "f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa"	32	SRC_URI[sha256sum] = "6025441d528ff6a7f1a4b673b6ee7d3540731ada3f78d5acd5c3b3736b222bff"
35		33
36	UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"	34	UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
37	UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"	35	UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"