2013-06-06 01:53:30 +02:00
|
|
|
################################################################################
|
2011-07-08 15:19:16 +02:00
|
|
|
#
|
|
|
|
# libnss
|
|
|
|
#
|
2013-06-06 01:53:30 +02:00
|
|
|
################################################################################
|
2013-05-13 08:40:56 +02:00
|
|
|
|
2021-07-23 01:35:44 +02:00
|
|
|
LIBNSS_VERSION = 3.68
|
2011-07-08 15:19:16 +02:00
|
|
|
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
|
package: unification of use $(subst [._-], [._-], $(<PKG>_VERSION)) macro
Currently, there are five packages which use 'subst' macro to change their version.
* Three of them (ebtables, icu, perl) use this macro "in place" :
EBTABLES_SITE = http://downloads.sourceforge.net/project/ebtables/ebtables/ebtables-$(subst .,-,$(EBTABLES_VERSION))
ICU_SOURCE = icu4c-$(subst .,_,$(ICU_VERSION))-src.tgz
PERL_CROSS_OLD_POD = perl$(subst .,,$(PERL_CROSS_BASE_VERSION))delta.pod
PERL_CROSS_NEW_POD = perl$(subst .,,$(PERL_VERSION))delta.pod
* Two of them (boost, libnss) use an additional variable :
BOOST_FILE_VERSION = $(subst .,_,$(BOOST_VERSION))
BOOST_SOURCE = boost_$(BOOST_FILE_VERSION).tar.bz2
LIBNSS_SITE_VERSION = $(subst .,_,$(LIBNSS_VERSION))
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src
* Additionally two packages (duma, rings) doesn't use it at all :
DUMA_VERSION = 2_5_15
DUMA_SITE = http://downloads.sourceforge.net/project/duma/duma/2.5.15
RINGS_VERSION_MAJOR = 1.3.0
RINGS_SUBDIR = rings-v_1_3_0
This commit makes changes to use 'subst' macro "in place", in all of them.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-14 11:30:58 +01:00
|
|
|
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
|
libnss: security bump to version 3.16.1
Fixes:
CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.
CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.
CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.
CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-18 16:46:20 +02:00
|
|
|
LIBNSS_DISTDIR = dist
|
2011-07-08 15:19:16 +02:00
|
|
|
LIBNSS_INSTALL_STAGING = YES
|
|
|
|
LIBNSS_DEPENDENCIES = libnspr sqlite zlib
|
2017-03-30 15:43:42 +02:00
|
|
|
LIBNSS_LICENSE = MPL-2.0
|
libnss: security bump to version 3.16.1
Fixes:
CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in
the certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is embedded
in an internationalized domain name's U-label, which might allow
man-in-the-middle attackers to spoof SSL servers via a crafted
certificate.
CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4,
as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,
Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does
not properly restrict public values in Diffie-Hellman key exchanges,
which makes it easier for remote attackers to bypass cryptographic
protection mechanisms in ticket handling by leveraging use of a certain
value.
CVE-2014-1490 - Race condition in libssl in Mozilla Network Security
Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0,
Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before
2.24, and other products, allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
vectors involving a resumption handshake that triggers incorrect
replacement of a session ticket.
CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl
in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS
False Start feature is enabled, allows man-in-the-middle attackers to
spoof SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-18 16:46:20 +02:00
|
|
|
LIBNSS_LICENSE_FILES = nss/COPYING
|
2011-07-08 15:19:16 +02:00
|
|
|
|
2019-06-26 14:58:55 +02:00
|
|
|
LIBNSS_CFLAGS = $(TARGET_CFLAGS)
|
|
|
|
|
|
|
|
ifeq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_85862),y)
|
|
|
|
LIBNSS_CFLAGS += -O0
|
|
|
|
endif
|
|
|
|
|
2019-07-29 16:26:10 +02:00
|
|
|
# Need to pass down TARGET_CFLAGS and TARGET_LDFLAGS
|
|
|
|
define LIBNSS_FIXUP_LINUX_MK
|
2019-06-26 14:58:55 +02:00
|
|
|
echo 'OS_CFLAGS += $(LIBNSS_CFLAGS)' >> $(@D)/nss/coreconf/Linux.mk
|
2019-07-29 16:26:10 +02:00
|
|
|
echo 'LDFLAGS += $(TARGET_LDFLAGS)' >> $(@D)/nss/coreconf/Linux.mk
|
|
|
|
endef
|
|
|
|
|
|
|
|
LIBNSS_PRE_CONFIGURE_HOOKS += LIBNSS_FIXUP_LINUX_MK
|
|
|
|
|
2017-02-18 22:40:02 +01:00
|
|
|
# --gc-sections triggers binutils ld segfault
|
|
|
|
# https://sourceware.org/bugzilla/show_bug.cgi?id=21180
|
|
|
|
ifeq ($(BR2_microblaze),y)
|
|
|
|
define LIBNSS_DROP_GC_SECTIONS
|
|
|
|
sed -i 's:-Wl,--gc-sections::g' $(@D)/nss/coreconf/Linux.mk
|
|
|
|
endef
|
|
|
|
|
|
|
|
LIBNSS_PRE_CONFIGURE_HOOKS += LIBNSS_DROP_GC_SECTIONS
|
|
|
|
endif
|
|
|
|
|
2014-12-30 08:36:23 +01:00
|
|
|
LIBNSS_BUILD_VARS = \
|
|
|
|
MOZILLA_CLIENT=1 \
|
|
|
|
NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
|
|
|
|
NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
|
|
|
|
NS_USE_GCC=1 \
|
2015-11-20 19:47:20 +01:00
|
|
|
NSS_DISABLE_GTESTS=1 \
|
2014-12-30 08:36:23 +01:00
|
|
|
NSS_USE_SYSTEM_SQLITE=1 \
|
|
|
|
NATIVE_CC="$(HOSTCC)" \
|
|
|
|
OS_ARCH="Linux" \
|
|
|
|
OS_RELEASE="2.6" \
|
package/libnss: fix build failure on PowerPC, PowerPC64
libnss expects OS_TEST to be set to ppc, ppc64, or ppc64le instead of
the usual values defined by Buildroot, respectively powerpc, powerpc64,
or powerpc64le.
This fixes the inconsistencies where functions would be prototyped and
called, but no implementation would be provided, causing link issues.
Define all the variants (of which the existing aarch64be) in Kconfig.
The latest default uses the usual architecture names as defined by
Buildroot, BR2_ARCH.
Additionally, libnss makes use of Altivec intrinsics which are only
available starting with gcc 8, not gcc 5, so we patch it to fix that
condition.
Fixes:
http://autobuild.buildroot.org/results/579/57928e6cf69d584b430a1d9a99156c57f29b692f/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- move the arch setting to kconfig (like recently done in e3159cad71)
- add the build failure
- add pointer to upstream bug report and patch sybmission
- reformat and reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-01-01 17:58:11 +01:00
|
|
|
OS_TEST=$(BR2_PACKAGE_LIBNSS_ARCH) \
|
2019-07-29 16:26:10 +02:00
|
|
|
NSS_ENABLE_WERROR=0
|
2011-07-08 15:19:16 +02:00
|
|
|
|
2020-02-08 11:39:00 +01:00
|
|
|
ifeq ($(BR2_POWERPC_CPU_HAS_ALTIVEC),)
|
|
|
|
# Disable Altivec if not supported
|
|
|
|
LIBNSS_BUILD_VARS += NSS_DISABLE_ALTIVEC=1
|
|
|
|
endif
|
|
|
|
|
2020-03-12 19:06:29 +01:00
|
|
|
ifeq ($(BR2_ARM_CPU_HAS_NEON),)
|
2020-04-05 19:11:44 +02:00
|
|
|
# Disable arm32-neon if neon is not supported
|
|
|
|
LIBNSS_BUILD_VARS += NSS_DISABLE_ARM32_NEON=1
|
2020-03-12 19:06:29 +01:00
|
|
|
endif
|
|
|
|
|
2012-07-11 00:30:36 +02:00
|
|
|
ifeq ($(BR2_ARCH_IS_64),y)
|
2014-05-22 14:30:46 +02:00
|
|
|
# MIPS64 n32 is treated as a 32-bit architecture by libnss.
|
|
|
|
# See: https://bugzilla.mozilla.org/show_bug.cgi?id=1010730
|
|
|
|
ifeq ($(BR2_MIPS_NABI32),)
|
2012-07-11 00:30:36 +02:00
|
|
|
LIBNSS_BUILD_VARS += USE_64=1
|
|
|
|
endif
|
2014-05-22 14:30:46 +02:00
|
|
|
endif
|
2012-07-11 00:30:36 +02:00
|
|
|
|
2011-07-08 15:19:16 +02:00
|
|
|
define LIBNSS_BUILD_CMDS
|
2020-08-16 20:31:25 +02:00
|
|
|
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
|
2014-10-27 09:25:28 +01:00
|
|
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
CHECKLOC= \
|
|
|
|
$(LIBNSS_BUILD_VARS)
|
2020-08-16 20:31:25 +02:00
|
|
|
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
|
2014-10-27 09:25:28 +01:00
|
|
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
CHECKLOC= \
|
2020-01-08 18:07:44 +01:00
|
|
|
$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS) -DLINUX"
|
2011-07-08 15:19:16 +02:00
|
|
|
endef
|
|
|
|
|
|
|
|
define LIBNSS_INSTALL_STAGING_CMDS
|
|
|
|
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
|
|
|
|
$(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
|
|
|
|
$(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
|
|
|
|
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
|
2012-08-21 19:07:04 +02:00
|
|
|
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
|
|
|
|
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
|
|
|
|
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
|
|
|
|
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
|
2011-07-08 15:19:16 +02:00
|
|
|
endef
|
|
|
|
|
|
|
|
define LIBNSS_INSTALL_TARGET_CMDS
|
|
|
|
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
|
|
|
|
$(INSTALL) -m 755 -d $(TARGET_DIR)/usr/include/nss
|
|
|
|
$(INSTALL) -m 644 -t $(TARGET_DIR)/usr/include/nss \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
|
|
|
|
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
|
2012-08-21 19:07:04 +02:00
|
|
|
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
|
|
|
|
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
|
2020-09-04 13:35:01 +02:00
|
|
|
$(INSTALL) -D -m 755 $(@D)/$(LIBNSS_DISTDIR)/bin/certutil \
|
|
|
|
$(TARGET_DIR)/usr/bin/certutil
|
2012-08-21 19:07:04 +02:00
|
|
|
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
|
|
|
|
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
|
2011-07-08 15:19:16 +02:00
|
|
|
endef
|
|
|
|
|
2018-03-15 20:50:52 +01:00
|
|
|
HOST_LIBNSS_BUILD_VARS = \
|
|
|
|
MOZILLA_CLIENT=1 \
|
|
|
|
NSPR_INCLUDE_DIR=$(HOST_DIR)/include/nspr \
|
|
|
|
NSPR_LIB_DIR=$(HOST_DIR)/lib \
|
|
|
|
NS_USE_GCC=1 \
|
|
|
|
NSS_DISABLE_GTESTS=1 \
|
|
|
|
NSS_USE_SYSTEM_SQLITE=1 \
|
|
|
|
SQLITE_INCLUDE_DIR=$(HOST_DIR)/include \
|
|
|
|
ZLIB_INCLUDE_DIR=$(HOST_DIR)/include \
|
2019-07-29 16:26:10 +02:00
|
|
|
NSS_ENABLE_WERROR=0
|
2018-03-15 20:50:52 +01:00
|
|
|
|
|
|
|
HOST_LIBNSS_DEPENDENCIES = host-libnspr host-sqlite host-zlib
|
|
|
|
|
|
|
|
ifneq ($(filter %64,$(HOSTARCH)),)
|
|
|
|
HOST_LIBNSS_BUILD_VARS += USE_64=1
|
|
|
|
endif
|
|
|
|
|
|
|
|
define HOST_LIBNSS_BUILD_CMDS
|
2020-08-16 20:31:25 +02:00
|
|
|
$(HOST_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
|
2018-03-15 20:50:52 +01:00
|
|
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
CHECKLOC= \
|
|
|
|
$(HOST_LIBNSS_BUILD_VARS)
|
2020-08-16 20:31:25 +02:00
|
|
|
$(HOST_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
|
2018-03-15 20:50:52 +01:00
|
|
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
|
|
|
CHECKLOC= \
|
|
|
|
$(HOST_LIBNSS_BUILD_VARS)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define HOST_LIBNSS_INSTALL_CMDS
|
|
|
|
$(INSTALL) -m 755 -t $(HOST_DIR)/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
|
|
|
|
$(INSTALL) -m 755 -d $(HOST_DIR)/include/nss
|
|
|
|
$(INSTALL) -m 644 -t $(HOST_DIR)/include/nss \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
|
|
|
|
$(INSTALL) -m 755 -t $(HOST_DIR)/lib/ \
|
|
|
|
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
|
|
|
|
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
|
|
|
|
$(HOST_DIR)/lib/pkgconfig/nss.pc
|
|
|
|
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
|
|
|
|
$(HOST_DIR)/lib/pkgconfig/nss.pc
|
|
|
|
$(SED) '/^prefix/s,=.*,=$(HOST_DIR),g;' \
|
|
|
|
$(HOST_DIR)/lib/pkgconfig/nss.pc
|
|
|
|
endef
|
|
|
|
|
2012-07-03 00:07:32 +02:00
|
|
|
$(eval $(generic-package))
|
2018-03-15 20:50:52 +01:00
|
|
|
$(eval $(host-generic-package))
|