summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/nss/nss
Commit message (Collapse)AuthorAgeFilesLines
* nss: Fix SHA_HTONL bug for arm 32be.Zheng Ruoqin2019-01-081-0/+34
| | | | | | | | | | | | | | | | Rpm use nss as digest crypto library and which will cause an error as follows: error: test-manual-1.2.3-20181012.noarch.rpm: Header SHA1 digest: BAD (Expected f1deb7dc4a10742d88ccd1e967dbc62ae45095a5 !=4ad9d7dad6d70d6086eefec62612ad5d77f2fe81) => this value is wrong error: test-manual-1.2.3-20181012.noarch.rpm: not an rpm package (or package manifest) The error is caused by SHA_HTONL in nss, for there is no need to reverse the host value for arm 32be, so fix it. (From OE-Core rev: 257a1ccd16928dff64aa4d2e1553f52e910edbb2) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: fix non-determinism when create a blank certificateKai Kang2018-10-123-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | It uses certutil from nss to create a blank certificate. But the checksum of database file key4.db changes every time: $ certutil -N -d sql:. --empty-password $ md5sum * f9dac2cfcb07cc8ca6db442a9a570906 cert9.db b892c5ff7c1977d4728240b0cf628377 key4.db 7b9136cb03f07ae62eb213a5239fda71 pkcs11.txt $ rm * $ certutil -N -d sql:. --empty-password $ md5sum * f9dac2cfcb07cc8ca6db442a9a570906 cert9.db 405d55178e866a115c1aa975fccfa764 key4.db 7b9136cb03f07ae62eb213a5239fda71 pkcs11.txt Provide pre-created databases with a blank certificate to fix non-determinism issue. And these database files are from nss qemux86-64 build. (From OE-Core rev: e64a30f7af87fa960b012ace92c51b88e8abae68) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.38Armin Kuster2018-07-061-112/+0
| | | | | | | | | | | remove patch now included in release. includes: CVE-2018-0495 (From OE-Core rev: f0ad38d02da0bbcc1534dcc99d10436675932ed9) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.37.1Armin Kuster2018-06-274-41/+120
| | | | | | | | | | | | | | | | remove Fix-compilation-for-X32.patch as a solution simular is included in update. notable changes: The TLS 1.3 implementation was updated to Draft 28. The CA certificates list was updated to version 2.24. refresh patches fix 32 bit build error nss bug: https://bugzilla.mozilla.org/show_bug.cgi?format=default&id=1459739 (From OE-Core rev: 1ed072515f2a23de75ee56b86d8607c85b42605c) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.36.1Armin Kuster2018-05-292-149/+0
| | | | | | | | | | | | removed patches included in update: 0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch nss-build-hacl-poly1305-aarch64.patch (From OE-Core rev: 9755699275e6290950145685c186082dfcd28a9e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Use snprintf in sign.cKhem Raj2018-03-301-0/+119
| | | | | | | | | | | | Fies security warnings | sign.c:86:31: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=] | sprintf(fullfn, "%s/%s", tree, tempfn); (From OE-Core rev: 7171e96f3a5f54c63674cf5282aea31bcb9cd7f9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.35Armin Kuster2018-03-301-0/+30
| | | | | | | | (From OE-Core rev: d136548ad7aef23021eac6af2ffc6317f36bd1c5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: 3.30.2 -> 3.31.1Kai Kang2017-08-181-41/+0
| | | | | | | | | | | Upgrade nss from 3.30.2 to latest stable version 3.31.1. * remove 0001-Fix-warnings-found-with-gcc7.patch which is not needed now (From OE-Core rev: 86838f1c06002a62ded12a9a66d1eb82093c85a9) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Add/fix missing Upstream-Status to patchesRichard Purdie2017-06-271-0/+2
| | | | | | | | | This adds or fixes the Upstream-Status for all remaining patches missing it in OE-Core. (From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Update to 3.29.1Khem Raj2017-05-121-0/+41
| | | | | | | | | | Also fix build with gcc7 along (From OE-Core rev: 5b8c7e4cc54353014e9e023e29a6ff97aefd5179) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.28.1Alexander Kanavin2017-03-012-71/+48
| | | | | | | | | | Rebase nss-fix-support-cross-compiling.patch (From OE-Core rev: f65baebafc3d1389c5e5000c6cd921b7569123a1) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: fix for x32Christopher Larson2017-01-091-0/+31
| | | | | | | | | | | This was casting to a pointer, and the pointer sizes are 32-bit on X32, not 64-bit. Adjust as appropriate. (From OE-Core rev: d9dca61ed26af166df913f34bdce3f2830682b33) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.27.1Alexander Kanavin2016-10-281-4/+4
| | | | | | | | (From OE-Core rev: 564c93fcc09c615ebcc51b30959a9848d8c193f7) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Fix build on mips/clangKhem Raj2016-07-201-0/+23
| | | | | | | | | | | | This issue is also reported here https://trac.macports.org/ticket/51709 Patch is also from same ticket (From OE-Core rev: 119ff60101ed6fd542f1280d37a24411d8b14264) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Fix build with clangKhem Raj2016-07-202-5/+39
| | | | | | | | | | | | | | | Add a patch to disable a clang specific warning and avoid passing clang options to gcc when we have cross compiler is clang but host compiler is gcc We do not need to use target cflags when building native pieces and hence avoid the inter-mixing of compiler options (From OE-Core rev: d13640f39f8f467597daa42774102329e82d9b68) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.24Alexander Kanavin2016-07-101-27/+0
| | | | | | | | | | Drop merged 0001-Fix-build-failure-on-opensuse-13.1.patch (From OE-Core rev: 755dda7f9a054c6069ef95e3ee4fe7d604378446) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update to 3.21Alexander Kanavin2016-01-201-0/+27
| | | | | | | | | | | | Explicitly disable tests (they were previously implicitly disabled upstream), as they cause various architecture-specific build failures. Add 0001-Fix-build-failure-on-opensuse-13.1.patch that fixes compilation using gcc 4.8. (From OE-Core rev: 1cf3f0685b42ce494d7b2b327d54c9652a6de42d) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: improve the script signlibs.shJackie Huang2015-04-241-1/+1
| | | | | | | | | | | The *.chk files are installed in ${libdir} by nss, which is already known, no need to 'find' to get the file list, and 'ls' is more faster than 'find'. (From OE-Core rev: 7eba8ba126e8757d0b1d5c3a758748e42c3646ff) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update package to 3.17.3 and build fixArmin Kuster2015-01-291-0/+35
| | | | | | | | | | | | | | | | | | | | | Update includes: CVE-2014-1569 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1569 for changelog information see https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes We had a build failure on 32 bit hosts so including a patch from: http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mhatle/dora-misc Wenzong Fan (1): nss: workaround multilib build on 32bit host (From OE-Core rev: ccb86249b2b29686303ed04aac74887f0fa490df) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Upgrade to 3.17Saul Wold2014-11-065-0/+238
CVE patches removed since they have been implemented upstream Rename patch dir (files) to generic PN name (From OE-Core rev: ff3ca87477f2caf9e2228ed100f243f5ea831577) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-25 09:24:32 +0000