summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/nss
Commit message (Collapse)AuthorAgeFilesLines
* nss: improve the script signlibs.shJackie Huang2015-04-241-1/+1
| | | | | | | | | | | The *.chk files are installed in ${libdir} by nss, which is already known, no need to 'find' to get the file list, and 'ls' is more faster than 'find'. (From OE-Core rev: 7eba8ba126e8757d0b1d5c3a758748e42c3646ff) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Fix build in x32 ABIAníbal Limón2015-04-101-0/+4
| | | | | | | | | | | | When try to build nss with x32 ABI enabled fails because it need to be specified USE_X32 env var. [YOCTO #7420] (From OE-Core rev: 2898c2cf94bd690ebfc4ab5f4d220e6ea05aca82) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: generate debug infoJoe Slater2015-04-081-6/+7
| | | | | | | | | | | | | | | Because the build of nss seems to ignore CFLAGS, we never have put source code in the -dbg package. We do not address the CFLAGS issue, but we do add -g to the definition of CC so that we will generate debug info. We also let package.bbclass populate the -dbg package instead of forcing the contents locally. (From OE-Core rev: 0ec01bbd845b61798366441b2c7e5b8738db6b32) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: move /usr/bin/smime to nss-smimeMartin Jansa2015-03-221-1/+5
| | | | | | | | | * remove perl runtime dependency from main package (From OE-Core rev: c799c753d56fcb9468d32d7622817ecf7932cdf4) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: update package to 3.17.3 and build fixArmin Kuster2015-01-294-8/+43
| | | | | | | | | | | | | | | | | | | | | Update includes: CVE-2014-1569 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1569 for changelog information see https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes We had a build failure on 32 bit hosts so including a patch from: http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mhatle/dora-misc Wenzong Fan (1): nss: workaround multilib build on 32bit host (From OE-Core rev: ccb86249b2b29686303ed04aac74887f0fa490df) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Upgrade to 3.17.2Chong Lu2014-11-122-8/+8
| | | | | | | | (From OE-Core rev: 34593e222fe1cc6f8b30d71aeaa5078b1c1724f1) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Upgrade to 3.17Saul Wold2014-11-0615-1281/+9
| | | | | | | | | | | CVE patches removed since they have been implemented upstream Rename patch dir (files) to generic PN name (From OE-Core rev: ff3ca87477f2caf9e2228ed100f243f5ea831577) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: nss.pc is not target specificSaul Wold2014-09-301-2/+4
| | | | | | | | | RPM4 requires an nss-native component (From OE-Core rev: f70efca58e9411feb251c9d00066f8631b167004) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss.inc: Fix LICENSEElizabeth Flanagan2014-09-291-1/+1
| | | | | | | | | | | | From reading the COPYING and various license headers, the nss LICENSE was incorrect. It's actually MPL-2.0 (not 1.1) with a few different Or instances. (From OE-Core rev: ed3e7d4a584d836887d798e0f30339808d09804f) Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2014-1544Li Wang2014-08-272-0/+42
| | | | | | | | | | | | | | | | | the patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544 https://hg.mozilla.org/projects/nss/rev/204f22c527f8 author Robert Relyea <rrelyea@redhat.com> https://bugzilla.mozilla.org/show_bug.cgi?id=963150 Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from freeing the CERTCertificate associated with the NSSCertificate. r=wtc. (From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss*: Replace hardcoded "/etc" with "${sysconfdir}"Robert P. J. Day2014-08-061-3/+3
| | | | | | | (From OE-Core rev: 1c44e057c66fe20d491fcb3ae45defe0a300b256) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2013-5606Li Wang2014-07-292-0/+49
| | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 https://bugzilla.mozilla.org/show_bug.cgi?id=910438 http://hg.mozilla.org/projects/nss/rev/d29898e0981c The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss-3.15.1: fix CVE-2013-1739yzhu12014-06-242-0/+82
| | | | | | | | | | | | | | | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739 (From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116) Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2013-1740Li Wang2014-05-212-0/+917
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 https://bugzilla.mozilla.org/show_bug.cgi?id=919877 https://bugzilla.mozilla.org/show_bug.cgi?id=713933 changeset: 10946:f28426e944ae user: Wan-Teh Chang <wtc@google.com> date: Tue Nov 26 16:44:39 2013 -0800 summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls changeset: 10945:774c7dec7565 user: Wan-Teh Chang <wtc@google.com> date: Mon Nov 25 19:16:23 2013 -0800 summary: Bug 713933: Declare the |falseStart| local variable in the smallest changeset: 10848:141fae8fb2e8 user: Wan-Teh Chang <wtc@google.com> date: Mon Sep 23 11:25:41 2013 -0700 summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org changeset: 10898:1b9c43d28713 user: Brian Smith <brian@briansmith.org> date: Thu Oct 31 15:40:42 2013 -0700 summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc (From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2014-1492Li Wang2014-05-212-0/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie (From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss-3.15.1: fix CVE-2013-5605yanjun.zhu2014-03-302-0/+19
| | | | | | | | | | | | | | Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605 (From OE-Core rev: 09e8cd6f09284ad3faf0bc05d623a43e2b174866) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss-3.15.1: fix CVE-2013-1741yanjun.zhu2014-03-302-0/+93
| | | | | | | | | | | | | | Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741 (From OE-Core rev: b666d173ff0ba213bf81e2c035a605a28e5395ea) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "nss: avoid to use the hardcode kernel version"Richard Purdie2014-02-131-3/+3
| | | | | | | | This reverts commit 4c80c557508e088fe226bfa1834464b505404652. We *cannot* have nss becoming machine specific, that makes no sense. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: avoid to use the hardcode kernel versionRoy Li2014-02-131-3/+3
| | | | | | | | | | Read kernel version from ${STAGING_KERNEL_DIR}/kernel-abiversion, to avoid to use the hardcode kernel version. (From OE-Core rev: 4c80c557508e088fe226bfa1834464b505404652) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Add nativesdk to BBCLASSEXTEND and bugfixDavid Nyström2014-02-021-1/+10
| | | | | | | | | | | Since shsignlibs is used from the nss postinstall hook. It should be included in nativesdk to make offline rootfs construction possible. (From OE-Core rev: 42bc72d21226e76c9b013fc052f17d847dc6a97a) Signed-off-by: David Nyström <david.nystrom@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: don't need set SRC_URI with both += and _appendMing Liu2013-10-261-1/+1
| | | | | | | | (From OE-Core rev: b1252f91ef62ce62d4d55269f498b5692aba76e8) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Fix return codes in postinstallDavid Nyström2013-09-301-0/+3
| | | | | | | | | | | exit 0 was done if $D != NULL, if one or more shlibsign executions fails. (From OE-Core rev: 5dc3eb72c4b9b68ab13310383a90fe7779bf92a7) Signed-off-by: David Nyström <david.nystrom@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss:fix postinst failed at rootfs timeHongxu Jia2013-07-291-1/+7
| | | | | | | | | | | | Create checksum file at rootfs time to support read-only rootfs. [YOCTO #4879] (From OE-Core rev: 64e87fc6e99bc1d4807034166735034b1f92bad8) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: fix incorrect shebang line of perl scriptHongxu Jia2013-07-132-0/+111
| | | | | | | | | | Replace incorrect shebang line with `#!/usr/bin/env perl'. (From OE-Core rev: d78ecdbd66d8d93ecf67f56cfbbf4b954dec3c7b) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: create checksum files for the nss librariesHongxu Jia2013-07-132-0/+36
| | | | | | | | | | | | | | | | | | Add checksum files required for the NSS softoken to operate in FIPS 140 mode. The shlibsign is invoked to sign the libraries, and it is built for the target architecture and doesn't support cross-compiling so far. Invoke shlibsign at target's first boot time to generate checksum files. https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6 http://en.wikipedia.org/wiki/FIPS_140 https://bugzilla.mozilla.org/show_bug.cgi?id=681624 (From OE-Core rev: a4580f967c8064294a06d406acf5deb24aee2acc) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: add version 3.15.1Hongxu Jia2013-07-135-0/+287
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards. [YOCTO #4096] (From OE-Core rev: 22c146fd3e829b89c07a2019005e180e93fece5d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>