| Age | Commit message (Collapse) | Author |
|---|
|
(From OE-Core rev: 564c93fcc09c615ebcc51b30959a9848d8c193f7)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: fa11e90f691e4f4eee8a231abfe179b0f4992da9)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This issue is also reported here
https://trac.macports.org/ticket/51709
Patch is also from same ticket
(From OE-Core rev: 119ff60101ed6fd542f1280d37a24411d8b14264)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a patch to disable a clang specific warning
and avoid passing clang options to gcc when we have
cross compiler is clang but host compiler is gcc
We do not need to use target cflags when building
native pieces and hence avoid the inter-mixing of
compiler options
(From OE-Core rev: d13640f39f8f467597daa42774102329e82d9b68)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop merged 0001-Fix-build-failure-on-opensuse-13.1.patch
(From OE-Core rev: 755dda7f9a054c6069ef95e3ee4fe7d604378446)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable Werror on native builds. This helps
in building nss-native on build hosts which have
gcc < 4.9 eg. ubuntu 14.04
The real issue is that we use headers from native
staging sysroot and it has the updated glibc headers
which then ends up with errors e.g.
| In function 'memset',
| inlined from 'sec_PKCS7Encrypt' at p7local.c:715:14:
| /usr/include/x86_64-linux-gnu/bits/string3.h:81:30: error: call to '__warn_memset_zero_len' declared with attribute warning: memset used with constant zero length parameter; this could be due to transposed parameters [-Werror]
| __warn_memset_zero_len ();
| ^
| cc1: all warnings being treated as errors
| make[2]: *** [Linux3.4_x86_64_glibc_PTH_64_OPT.OBJ/p7local.o] Error 1
(From OE-Core rev: e69feac4066c8c27b50c88daf9ebaa27a5c54646)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise the nss libs do not get any RPATH/RUNPATH. Consequently, the
.so dependencies of nss libs are always searched from the base lib
directories of the host (i.e. /lib/ and /usr/lib). This causes problems
with nss-native where the .so's should be searched from the base lib
directories of the sysroot instead of the host file system.
This particular problem has probably been unnoticed as most users are
likely to have nss libraries installed on their host system. In this
case everything most likely work as expected.
[YOCTO #9041]
(From OE-Core rev: f78664219503cc176ca1c10a4397ca8a2883eb71)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nss's build system assumes that cdefs.h is always available on linux
which is not the case with musl
(From OE-Core rev: c4a5a8c4a6dbdcf735024aaee9e36a7a7b56cb96)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Explicitly disable tests (they were previously implicitly disabled upstream),
as they cause various architecture-specific build failures.
Add 0001-Fix-build-failure-on-opensuse-13.1.patch that fixes compilation using gcc 4.8.
(From OE-Core rev: 1cf3f0685b42ce494d7b2b327d54c9652a6de42d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless
there's a very good reason, recipes should have a single -dev and -dbg package.
(From OE-Core rev: a3b000643898d7402b9e57c02e8d10e677cc9722)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 73e2555cc7d529a93362b3fcfea3fbc7a4c60ca1)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a bug fix release.
(From OE-Core rev: 9d8062a0953f03089f751af435c18f5174e1ce67)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Picks up fixes for CVE-2015-2721 and CVE-2015-2730. Specify previously
overlooked license file COPYING. Fold nss.inc into recipe.
(From OE-Core rev: 6a68e5d9ee6122f0ed70396569eb6cd1a3297c9d)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The *.chk files are installed in ${libdir} by nss,
which is already known, no need to 'find' to get the
file list, and 'ls' is more faster than 'find'.
(From OE-Core rev: 7eba8ba126e8757d0b1d5c3a758748e42c3646ff)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When try to build nss with x32 ABI enabled fails because
it need to be specified USE_X32 env var.
[YOCTO #7420]
(From OE-Core rev: 2898c2cf94bd690ebfc4ab5f4d220e6ea05aca82)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because the build of nss seems to ignore CFLAGS, we never
have put source code in the -dbg package. We do not address
the CFLAGS issue, but we do add -g to the definition of CC
so that we will generate debug info.
We also let package.bbclass populate the -dbg package instead
of forcing the contents locally.
(From OE-Core rev: 0ec01bbd845b61798366441b2c7e5b8738db6b32)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* remove perl runtime dependency from main package
(From OE-Core rev: c799c753d56fcb9468d32d7622817ecf7932cdf4)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update includes:
CVE-2014-1569
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1569
for changelog information see
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes
We had a build failure on 32 bit hosts so including a patch from:
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mhatle/dora-misc
Wenzong Fan (1):
nss: workaround multilib build on 32bit host
(From OE-Core rev: ccb86249b2b29686303ed04aac74887f0fa490df)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 34593e222fe1cc6f8b30d71aeaa5078b1c1724f1)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE patches removed since they have been implemented upstream
Rename patch dir (files) to generic PN name
(From OE-Core rev: ff3ca87477f2caf9e2228ed100f243f5ea831577)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM4 requires an nss-native component
(From OE-Core rev: f70efca58e9411feb251c9d00066f8631b167004)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
From reading the COPYING and various license headers, the nss
LICENSE was incorrect. It's actually MPL-2.0 (not 1.1) with a
few different Or instances.
(From OE-Core rev: ed3e7d4a584d836887d798e0f30339808d09804f)
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
(From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1c44e057c66fe20d491fcb3ae45defe0a300b256)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c
The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.
(From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mozilla Network Security Services (NSS) before 3.15.2 does
not ensure that data structures are initialized before
read operations, which allows remote attackers to cause a
denial of service or possibly have unspecified other
impact via vectors that trigger a decryption failure.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739
(From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116)
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
(From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
changeset: 11063:709d4e597979
user: Kai Engert <kaie@kuix.de>
date: Wed Mar 05 18:38:55 2014 +0100
summary: Bug 903885, address requests to clarify comments from wtc
changeset: 11046:2ffa40a3ff55
tag: tip
user: Wan-Teh Chang <wtc@google.com>
date: Tue Feb 25 18:17:08 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie
changeset: 11045:15ea62260c21
user: Christian Heimes <sites@cheimes.de>
date: Mon Feb 24 17:50:25 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling, r=kaie
(From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605
(From OE-Core rev: 09e8cd6f09284ad3faf0bc05d623a43e2b174866)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integer overflow in Mozilla Network Security Services (NSS)
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via a
large size value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741
(From OE-Core rev: b666d173ff0ba213bf81e2c035a605a28e5395ea)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 4c80c557508e088fe226bfa1834464b505404652.
We *cannot* have nss becoming machine specific, that makes no sense.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Read kernel version from ${STAGING_KERNEL_DIR}/kernel-abiversion, to avoid
to use the hardcode kernel version.
(From OE-Core rev: 4c80c557508e088fe226bfa1834464b505404652)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since shsignlibs is used
from the nss postinstall hook. It should be included in
nativesdk to make offline rootfs construction possible.
(From OE-Core rev: 42bc72d21226e76c9b013fc052f17d847dc6a97a)
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: b1252f91ef62ce62d4d55269f498b5692aba76e8)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
exit 0 was done if $D != NULL, if one or more
shlibsign executions fails.
(From OE-Core rev: 5dc3eb72c4b9b68ab13310383a90fe7779bf92a7)
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Create checksum file at rootfs time to support read-only rootfs.
[YOCTO #4879]
(From OE-Core rev: 64e87fc6e99bc1d4807034166735034b1f92bad8)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replace incorrect shebang line with `#!/usr/bin/env perl'.
(From OE-Core rev: d78ecdbd66d8d93ecf67f56cfbbf4b954dec3c7b)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.
Invoke shlibsign at target's first boot time to generate checksum files.
https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624
(From OE-Core rev: a4580f967c8064294a06d406acf5deb24aee2acc)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
[YOCTO #4096]
(From OE-Core rev: 22c146fd3e829b89c07a2019005e180e93fece5d)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Alexander Kanavin
Khem Raj
Markus Lehtonen
Ross Burton
Jussi Kukkonen
Joe Slater
Jackie Huang
Aníbal Limón
Martin Jansa
Armin Kuster
Chong Lu
Saul Wold
Elizabeth Flanagan
Li Wang
Robert P. J. Day
yzhu1
Richard Purdie
Roy Li
David Nyström
Ming Liu
Hongxu Jia