libnss: security bump to version 3.30.2
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause remote arbitrary code execution (https://access.redhat.com/errata/RHSA-2017:1100). CVE-2017-5462 - DRBG flaw in NSS Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now allows override of CC, so use TARGET_CONFIGURE_OPTS instead. Drop upstream 0003-it-uninitialized-fix.patch. Renumber the remaining patch. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
parent
7e1f3171ac
commit
09b8e1079e
@ -1,48 +0,0 @@
|
|||||||
This patch allows us to set a value for the cross compiler via TARGETCC without
|
|
||||||
setting CC on the command line. CC is used for host tools as well as cross
|
|
||||||
compiled code so we cannot define it on the command line without breaking
|
|
||||||
the host tools build.
|
|
||||||
|
|
||||||
[Gustavo: update for nss 3.16.1]
|
|
||||||
[baruch: add OPTIMIZER handling]
|
|
||||||
Signed-off-by: Will Newton <will.newton@imgtec.com>
|
|
||||||
|
|
||||||
diff -Nuar nss-3.16.1-orig/nss/coreconf/Linux.mk nss-3.16.1/nss/coreconf/Linux.mk
|
|
||||||
--- nss-3.16.1-orig/nss/coreconf/Linux.mk 2014-05-02 06:27:18.000000000 +0300
|
|
||||||
+++ nss-3.16.1/nss/coreconf/Linux.mk 2014-07-01 02:38:18.701480512 +0300
|
|
||||||
@@ -16,9 +16,13 @@
|
|
||||||
IMPL_STRATEGY = _PTH
|
|
||||||
endif
|
|
||||||
|
|
||||||
-CC = gcc
|
|
||||||
-CCC = g++
|
|
||||||
-RANLIB = ranlib
|
|
||||||
+TARGETCC = gcc
|
|
||||||
+TARGETCCC = g++
|
|
||||||
+TARGETRANLIB = ranlib
|
|
||||||
+
|
|
||||||
+CC = $(TARGETCC)
|
|
||||||
+CCC = $(TARGETCCC)
|
|
||||||
+RANLIB = $(TARGETRANLIB)
|
|
||||||
|
|
||||||
DEFAULT_COMPILER = gcc
|
|
||||||
|
|
||||||
@@ -125,6 +129,7 @@
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
+OPTIMIZER = $(TARGET_OPTIMIZER)
|
|
||||||
|
|
||||||
ifeq ($(USE_PTHREADS),1)
|
|
||||||
OS_PTHREAD = -lpthread
|
|
||||||
diff -Nuar nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile nss-3.16.1/nss/coreconf/nsinstall/Makefile
|
|
||||||
--- nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile 2014-05-02 06:27:18.000000000 +0300
|
|
||||||
+++ nss-3.16.1/nss/coreconf/nsinstall/Makefile 2014-07-01 02:38:48.102185011 +0300
|
|
||||||
@@ -31,6 +31,7 @@
|
|
||||||
|
|
||||||
ifdef NATIVE_FLAGS
|
|
||||||
OS_CFLAGS=$(NATIVE_FLAGS)
|
|
||||||
+OPTIMIZER=
|
|
||||||
endif
|
|
||||||
|
|
||||||
include $(DEPTH)/coreconf/rules.mk
|
|
@ -1,24 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User catdesk <catdesk@tuta.io>
|
|
||||||
# Date 1477710600 -7200
|
|
||||||
# Sat Oct 29 05:10:00 2016 +0200
|
|
||||||
# Node ID b9ef971b94ab110302d49255339077bc1b4aed7f
|
|
||||||
# Parent eb8c96563cd70aa69d48b01516085f7d2fb46178
|
|
||||||
Bug 1313846 - Declare 'it = NULL' earlier. r=franziskus
|
|
||||||
|
|
||||||
[Thomas: patch taken from upstream mercurial repository, revision
|
|
||||||
12791.]
|
|
||||||
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
||||||
|
|
||||||
diff -r eb8c96563cd7 -r b9ef971b94ab lib/jar/jarfile.c
|
|
||||||
--- a/nss/lib/jar/jarfile.c Mon Oct 31 17:31:20 2016 +0100
|
|
||||||
+++ b/nss/lib/jar/jarfile.c Sat Oct 29 05:10:00 2016 +0200
|
|
||||||
@@ -657,7 +657,7 @@
|
|
||||||
jar_listzip(JAR *jar, JAR_FILE fp)
|
|
||||||
{
|
|
||||||
ZZLink *ent;
|
|
||||||
- JAR_Item *it;
|
|
||||||
+ JAR_Item *it = NULL;
|
|
||||||
JAR_Physical *phy = NULL;
|
|
||||||
struct ZipLocal *Local = PORT_ZNew(struct ZipLocal);
|
|
||||||
struct ZipCentral *Central = PORT_ZNew(struct ZipCentral);
|
|
@ -1,2 +1,2 @@
|
|||||||
# From https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_2_RTM/src/SHA256SUMS
|
# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_2_RTM/src/SHA256SUMS
|
||||||
sha256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 nss-3.27.2.tar.gz
|
sha256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 nss-3.30.2.tar.gz
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
LIBNSS_VERSION = 3.27.2
|
LIBNSS_VERSION = 3.30.2
|
||||||
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
|
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
|
||||||
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
|
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
|
||||||
LIBNSS_DISTDIR = dist
|
LIBNSS_DISTDIR = dist
|
||||||
@ -33,9 +33,6 @@ LIBNSS_BUILD_VARS = \
|
|||||||
NSS_USE_SYSTEM_SQLITE=1 \
|
NSS_USE_SYSTEM_SQLITE=1 \
|
||||||
NSS_ENABLE_ECC=1 \
|
NSS_ENABLE_ECC=1 \
|
||||||
NATIVE_CC="$(HOSTCC)" \
|
NATIVE_CC="$(HOSTCC)" \
|
||||||
TARGETCC="$(TARGET_CC)" \
|
|
||||||
TARGETCCC="$(TARGET_CXX)" \
|
|
||||||
TARGETRANLIB="$(TARGET_RANLIB)" \
|
|
||||||
OS_ARCH="Linux" \
|
OS_ARCH="Linux" \
|
||||||
OS_RELEASE="2.6" \
|
OS_RELEASE="2.6" \
|
||||||
OS_TEST="$(ARCH)"
|
OS_TEST="$(ARCH)"
|
||||||
@ -55,17 +52,16 @@ endif
|
|||||||
endif
|
endif
|
||||||
|
|
||||||
define LIBNSS_BUILD_CMDS
|
define LIBNSS_BUILD_CMDS
|
||||||
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss coreconf \
|
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
|
||||||
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
||||||
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
||||||
CHECKLOC= \
|
CHECKLOC= \
|
||||||
$(LIBNSS_BUILD_VARS)
|
$(LIBNSS_BUILD_VARS)
|
||||||
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss lib/dbm all \
|
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
|
||||||
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
|
||||||
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
DIST=$(@D)/$(LIBNSS_DISTDIR) \
|
||||||
CHECKLOC= \
|
CHECKLOC= \
|
||||||
$(LIBNSS_BUILD_VARS) TARGET_OPTIMIZER="$(TARGET_CFLAGS)" \
|
$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS)"
|
||||||
NATIVE_FLAGS="$(HOST_CFLAGS)"
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define LIBNSS_INSTALL_STAGING_CMDS
|
define LIBNSS_INSTALL_STAGING_CMDS
|
||||||
|
Loading…
Reference in New Issue
Block a user