Commit graph

89 commits

Author SHA1 Message Date
Giulio Benetti f946eca8ff package/libnss: bump version to 3.49.2
Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49.2_release_notes

Fixes:
http://autobuild.buildroot.net/results/2687d667467a2f4209af74e6e77073801c716a3b/
http://autobuild.buildroot.net/results/0a46d17d44b69afa8576b7a09ec825319d195489/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-02 09:03:21 +01:00
Giulio Benetti efa528e1c9 package/libnss: rename patch number
At the moment there are 2 patches with the same id(0001-xxx.patch) so
let's rename one of them to 0002-xxx.patch.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-02 09:03:21 +01:00
Thomas Preston 21fdb04eb5 package/libnss: Re-add ZLIB_INCLUDE_DIR varible
The libnss patch adding ZLIB_INCLUDE_DIR is added to upstream on
2020-01-07 but the 3.49.1 release on 2020-01-13 does not contain this
patch, so we have actually prematurely removed it from Buildroot.

This only affects host-libnss when libzlib is not installed in the host
system. When building for the target, the toolchain-wrapper already
looks in the target sysroot default include path - where zlib.h is
installed.

Re-add this patch, so that we can build host-libnss 3.49.1.

Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-22 20:50:18 +01:00
Giulio Benetti 239bea89b0 package/libnss: bump to version 3.49.1
Drop 1 upstreamed patch.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-13 21:17:07 +01:00
Giulio Benetti de676e0d27 package/libnss: fix build failure on RHEL 7 using -DLINUX
NSS Makefile emits -DLINUX to OS_CFLAGS only if OS_TEST=Linux when
building for Target. But nsinstall.c is a host utility and it uses
NATIVE_FLAGS instead of OS_CFLAGS, this is why -DLINUX is not emitted.
This is necessary for the case one builds for Target OS Linux on a Host
OS that is not Linux.

After discussing upstream [*], it turned out that our current patch,
introduced with commit fe4b47a121 (package/libnss: fix build failure
on RHEL 7) to fix the bug, is wrong. The best way to fix it is to append
-DLINUX to NATIVE_FLAGS in libnss.mk.

[*] https://bugzilla.mozilla.org/show_bug.cgi?id=1603398

So let's append -DLINUX to NATIVE_FLAGS after HOST_CFLAGS to make sure
<getopt.h> is included, since in nsintall.c it is included only if LINUX
macro is defined and this caused the build failure not finding getopt
functions and macros in some build environment(i.e. RHEL 7). On other
build environments getopt.h is indirectly included by unistd.h this is
why it worked on them.

This reverts commit fe4b47a121.

Fixes:
    http://autobuild.buildroot.net/results/797/797f07ff757e7972d8c96b6a9f6abe68d17e0808/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
  - meld the two commits into one
  - update and rearrange the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-01-08 22:58:28 +01:00
Giulio Benetti f3a4a9c26c package/libnss: bump to version 3.49
Drop 2 upstreamed patches while bumping version.

Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-07 21:07:50 +01:00
Giulio Benetti 5a3435190a package/libnss: fix build failure on PowerPC, PowerPC64
libnss expects OS_TEST to be set to ppc, ppc64, or ppc64le instead of
the usual values defined by Buildroot, respectively powerpc, powerpc64,
or powerpc64le.

This fixes the inconsistencies where functions would be prototyped and
called, but no implementation would be provided, causing link issues.

Define all the variants (of which the existing aarch64be) in Kconfig.
The latest default uses the usual architecture names as defined by
Buildroot, BR2_ARCH.

Additionally, libnss makes use of Altivec intrinsics which are only
available starting with gcc 8, not gcc 5, so we patch it to fix that
condition.

Fixes:
    http://autobuild.buildroot.org/results/579/57928e6cf69d584b430a1d9a99156c57f29b692f/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
  - move the arch setting to kconfig (like recently done in e3159cad71)
  - add the build failure
  - add pointer to upstream bug report and patch sybmission
  - reformat and reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-01-01 19:24:48 +01:00
Giulio Benetti 7a8a935464 package/libnss: remove check against GCC_AT_LEAST_4_8
NSS_ENABLE_WERROR=0 is already added by default to LIBNSS_BUILD_VARS
previously, so let's remove this check and set.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-25 23:12:28 +01:00
Giulio Benetti 92625702e4 package/libnss: remove patch
Remove uClibc fix patch since its change has been upstreamed despite the
comment contained in patch.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-23 23:44:42 +01:00
Giulio Benetti a6f1453e1c package/libnss: fix build failure on powerpc without <sys/auxv.h>
Add patch to fix build failure on PowerPc without <sys/auxv.h>. The patch
inserts #if statements to include or note <sys/auxv.h> prior it exists.

Fixes:
http://autobuild.buildroot.net/results/8bf95bd8a0aec8c53889308ab1e00d0a94f53d57/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-23 23:44:34 +01:00
Giulio Benetti fe4b47a121 package/libnss: fix build failure on RHEL 7
-DLINUX flag was passed to OS_CFLAGS instead of DEFINES, but OS_CFLAGS
is only used when cross-compiling, not when native building.

Add patch to fix build failure on RHEL 7 host by substituting OS_CFLAGS
with DEFINES.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-23 23:43:04 +01:00
Giulio Benetti 467f901514 package/libnss: bump to version 3.48
NSS 3.48 requires NSPR 4.24 already bumped. It already fixed
CVE-2019-11745 but in version 3.47.1 it's already fixed. Anyway from
3.47 to 3.48 it fixes:
CVE-2019-11745: EncryptUpdate should use maxout, not block size

Remove an upstreamed patch but introduce a new one to fix building with
signal.h include.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-08 14:28:30 +01:00
Giulio Benetti f49de1c4d3 package/libnss: security bump to version 3.47.1
Fixes the following security issues:
CVE-2019-11745: EncryptUpdate should use maxout, not block size

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-25 15:14:23 +01:00
Giulio Benetti 166d6b1bce package/libnss: fix build failure with ARM without NEON extension
At the moment libnss assumes that every ARM has NEON extension but it's
not that way. So add a patch to make it aware of it and use native
functions in place of NEON optimized ones.

Fixes:
http://autobuild.buildroot.net/results/1342d305d1aeebef7af54a83afc094fda12421e2/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-29 22:42:07 +01:00
Giulio Benetti 8223904643 package/libnss: remove useless NSS_ENABLE_ECC variable
NSS_ENABLE_ECC is not supported anymore, then remove it from our
libnss.mk file.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-24 10:47:59 +02:00
Giulio Benetti 551d81c079 package/libnss: security bump to version 3.47
Fixes the following security issues:
CVE-2019-11756: Remove refcounting from sftk_FreeSession

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-21 19:14:49 +02:00
Bernd Kuhls 0d7903b227 package/libnss: bump version to 3.46.1
Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46.1_release_notes

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-07 23:01:41 +02:00
Giulio Benetti 82187f9481 package/libnss: fix build failure on aarch64_be
Fixes:
http://autobuild.buildroot.net/results/bfd29593bb6c53d3e9e2d02d2ed6bea360d99c00/

In libnss there is a bug leading to build failure due to double declared
functions. This is due to 2 different #ifdef statements treating the
same function-set.

Add patch to fix this by making the 2 #ifdef statements equal.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-15 09:15:24 +02:00
Giulio Benetti 7e509333ac package/libnss: security bump to version 3.46
Fixes the following security issues:

(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3

Note:
This version requires nspr 4.22 or newer provided by the previous patch.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-07 22:10:01 +02:00
Giulio Benetti 2716244b34 package/libnss: re-enable package on microblaze
With Microblaze Gcc version < 8.x the build hangs due to bug 85862:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85862
To avoid this, the libnss package has a !BR2_TOOLCHAIN_HAS_GCC_BUG_85862
dependency. However, gcc bug 85862 only triggers when optimization is
enabled, so we can work around the issue by passing -O0, which is what
we do in other Buildroot packages to work around this bug.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-03 12:57:45 +02:00
Giulio Benetti 5e787b0014 package/libnss: use correct CFLAGS and LDFLAGS
Currently libnss is configured with BUILD_OPT=1 and due to that that
it doesn't take into account Buildroot TARGET_CFLAGS nor
TARGET_LDFLAGS resulting in pre-chosen optimizations and debugging
symbols being used.

We can't pass TARGET_CFLAGS through CFLAGS or similar otherwise other
internal libnss one will be overwritten (i.e. -fPIC), so we prefer to
append TARGET_CFLAGS at the end of Linux.mk as well as TARGET_LDFLAGS
according to internal libnss Makefile system's names. And obviously
remove BUILD_OPT=1 from BUILD_VARS.

This reveals hidden bugs when building with -Os due to bogus
uninitialized warnings from gcc turned into errors because of -Werror,
so we explicitly pass NSS_ENABLE_WERROR=0 to avoid the use of -Werror.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[Thomas: drop the libnss patches, and pass NSS_ENABLE_WERROR instead]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-01 00:48:26 +02:00
Peter Korsgaard 8c0bff1b4f package/libnss: security bump to version 3.42.1
Fixes the following security issues:

(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack

(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash.  Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 10:00:52 +02:00
Peter Korsgaard 1c32e4c298 libnss: security bump to version 3.39
Fixes the following security issue:

CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 09:16:28 +01:00
Bernd Kuhls 826981d45d package/libnss: fix aarch64_be build
libnss does not treat aarch64_be the same way as aarch64:
https://hg.mozilla.org/projects/nss/file/fb3585458ac3/lib/freebl/Makefile#l523

Add code to translate "aarch64_be" into "aarch64" to fix
http://autobuild.buildroot.net/results/4fca771980f9b049ce2690971ddd856652cd5b43/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-07-28 16:16:28 +02:00
Baruch Siach 1a9f539d97 libnss: fix build with uClibc
Add a patch defining AT_HWCAP2 locally since uClibc is missing this
macro. Once uClibc updates its elf.h copy we can remove this patch.

Fixes:

  http://autobuild.buildroot.net/results/06f/06f5ee4bc9e623fa08d77278acdcb447148ae997/
  http://autobuild.buildroot.net/results/7cd/7cd7586f5854f9447c37adeedb9c113ba37ebea4/
  http://autobuild.buildroot.net/results/335/335bee755fbec45a6d5336c2501dc2687859ec0e/

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-26 21:07:03 +02:00
Baruch Siach cf9100d3f2 libnss: drop obsolete patch
uClibc implements RTLD_NOLOAD for quite some time now. Remove the patch
adding a dummy definition of RTLD_NOLOAD.

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-26 21:06:54 +02:00
Fabrice Fontaine 902f537b14 libnss: bump to version 3.38
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-23 09:57:12 +02:00
Joseph Kogut 9a5c3d5bb4 libnss: bump to version 3.37.3
Fixes:
http://autobuild.buildroot.net/results/fd64ee3486f9045dfbd83908b8f06ef62c0d9781/
http://autobuild.buildroot.net/results/698500a92688c50e9cc71cf82c0848cb4adb81ad/
http://autobuild.buildroot.net/results/adaa2f79b202cb01ae57fa0cdb0eac9c07b22ea2/
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-12 11:09:43 +02:00
Fabrice Fontaine 46706ced35 libnss: fix build without int128
Patch retrieved from upstream, more info here:
https://bugzilla.mozilla.org/show_bug.cgi?format=default&id=1459739

Fixes:
 - http://autobuild.buildroot.net/results/093113829d7ce19d578a920e76caa10822774139

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-04 21:49:54 +02:00
Baruch Siach 800aefb182 libnss: remove upstream patch
The merge of the next branch failed to remove an upstream applied patch.

Fixes:
http://autobuild.buildroot.net/results/31f/31fe428584ada680f30d11e5d1abfbc533c0a70e/
http://autobuild.buildroot.net/results/bb2/bb25363497dfd7fd5f8a81c28110fab87d5c2dc8/
http://autobuild.buildroot.net/results/70a/70adacf85154d2a663808cf0db69849b6a490457/

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-02 22:12:37 +02:00
Peter Korsgaard 8b0fd3cb49 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-02 11:21:20 +02:00
Matt Weber bd03966d4e toolchain: GCC bug 85862
GCC < 7.x hangs while building libnss for the Microblaze Arch.

Discovered by
http://autobuild.buildroot.net/results/158e8ebb39713e1b436a5cc1a1916f46c30694df

Reported:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85862

Simlar to:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49218

[Peter: tweak ecryptfs comment, add comment/dependencies for qt5webengine]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-21 23:46:41 +02:00
Joseph Kogut f36d4be02c libnss: bump to version 3.37
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-19 23:12:47 +02:00
Thomas Petazzoni 45cf64ca0c libnss: backport upstream patch to fix build with gcc 8.x
This commit backports upstream patch
f0ce709895
to our libnss package to fix the build with gcc 8.x.

Fixes:

  http://autobuild.buildroot.net/results/1ca35171200286fa032b24606aaa50de6a2d449e/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-17 22:32:01 +02:00
Peter Korsgaard 306242a474 libnss: add upstream patch fixing build on aarch64
Fixes:
http://autobuild.buildroot.net/results/037/037c772a36762df8febd529b329743d18ffbf66a/

Build system forgets to compile a file on aarch64, breaking the build.

For details, see the upstream bugreport:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432455

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-03 17:01:16 +02:00
Gaël PORTAY f61d220772 package: add libnss host package
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-04-02 16:32:27 +02:00
Peter Korsgaard 0ccab9b0ed libnss: bump version to 3.35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-30 21:43:22 +02:00
Peter Korsgaard 746502418f libnss: security bump to version 3.33
Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated.  A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-15 15:58:44 +02:00
Baruch Siach b39e6dbed1 libnss: bump to version 3.31
Fixes build with gcc 7.

https://hg.mozilla.org/projects/nss/rev/0dca14409fef

Fixes:
http://autobuild.buildroot.net/results/b71/b71e4e003ec5753708a07cfd04e3025c93f80e67/
http://autobuild.buildroot.net/results/66d/66d31923824d34df3b20a363a1346df1c00ae222/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-15 22:05:35 +02:00
Adam Duskett 190b2b409c package/l*/Config.in: fix ordering of statements
The check-package script when ran gives warnings on ordering issues
on all of these Config files.  This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter l in the package directory.

The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-01 11:51:23 +02:00
Baruch Siach 09b8e1079e libnss: security bump to version 3.30.2
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).

CVE-2017-5462 - DRBG flaw in NSS

Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.

Drop upstream 0003-it-uninitialized-fix.patch.

Renumber the remaining patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 21:53:00 +02:00
Rahul Bedarkar f33fd75afc package: use SPDX short identifier for MPL family licenses
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/
MPL-2.0.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:27:47 +02:00
Waldemar Brodkorb fceb1afd5d libnss: workaround for microblaze ld bug
Add a workaround for a microblaze specific ld bug to avoid
segfault.

Fixes:
  http://autobuild.buildroot.net/results/638a65453879777a0d5bdb29231034cd261b41c0

[Peter: rename to LIBNSS_DROP_GC_SECTIONS for clarity]
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-19 22:23:21 +01:00
Peter Korsgaard f4a470ecad libnss: bump to version 3.27.2
Fixes a memory leak in SSL_SetTrustAnchors():
https://bugzilla.mozilla.org/show_bug.cgi?id=1318561

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-09 17:18:04 +01:00
Thomas Petazzoni 7c670327d3 libnss: add upstream patch to fix uninitialized variable warning
Fixes:

  http://autobuild.buildroot.net/results/47e611036be12844ebca093ddd8fe95c326c6056/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-06 14:41:11 +01:00
Gustavo Zacarias 4c1ba21a74 libnss: use $(TARGET_MAKE_ENV) when calling $(MAKE)
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-15 14:17:28 +02:00
Gustavo Zacarias 3ccdc270ee libnss: bump to version 3.27.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:04:33 +02:00
Gustavo Zacarias ab61031a34 nss: security bump to version 3.23
Fixes:
CVE-2016-1950 - Fixed a heap-based buffer overflow related to the
parsing of certain ASN.1 structures. An attacker could create a
specially-crafted certificate which, when parsed by NSS, would cause a
crash or execution of arbitrary code with the permissions of the user.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-03-31 03:43:58 +02:00
Gustavo Zacarias 09f0b8c353 libnss: security bump to version 3.22.2
Fixes:
CVE-2016-1950 - heap-based buffer overflow related to the parsing of
certain ASN.1 structures. An attacker could create a specially-crafted
certificate which, when parsed by NSS, would cause a crash or execution
of arbitrary code with the permissions of the user.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-09 13:14:13 +01:00
Gustavo Zacarias 6b63783daf libnss: bump to version 4.22.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-02-24 22:14:44 +01:00