kumquat-buildroot/package/libnss/libnss.mk
Peter Korsgaard 8c0bff1b4f package/libnss: security bump to version 3.42.1
Fixes the following security issues:

(3.41) CVE-2018-12404: Cache side-channel variant of the Bleichenbacher
attack

(3.42.1) CVE-2018-18508: Add additional null checks to several CMS functions
to fix a rare CMS crash.  Thanks to Hanno Böck and Damian Poddebniak for the
discovery and fixes

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-31 10:00:52 +02:00

150 lines
4.5 KiB
Makefile

################################################################################
#
# libnss
#
################################################################################
LIBNSS_VERSION = 3.42.1
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
LIBNSS_INSTALL_STAGING = YES
LIBNSS_DEPENDENCIES = libnspr sqlite zlib
LIBNSS_LICENSE = MPL-2.0
LIBNSS_LICENSE_FILES = nss/COPYING
# --gc-sections triggers binutils ld segfault
# https://sourceware.org/bugzilla/show_bug.cgi?id=21180
ifeq ($(BR2_microblaze),y)
define LIBNSS_DROP_GC_SECTIONS
sed -i 's:-Wl,--gc-sections::g' $(@D)/nss/coreconf/Linux.mk
endef
LIBNSS_PRE_CONFIGURE_HOOKS += LIBNSS_DROP_GC_SECTIONS
endif
ifeq ($(BR2_aarch64_be),y)
LIBNSS_ARCH = aarch64
else
LIBNSS_ARCH = $(ARCH)
endif
LIBNSS_BUILD_VARS = \
MOZILLA_CLIENT=1 \
NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
BUILD_OPT=1 \
NS_USE_GCC=1 \
NSS_DISABLE_GTESTS=1 \
NSS_USE_SYSTEM_SQLITE=1 \
NSS_ENABLE_ECC=1 \
NATIVE_CC="$(HOSTCC)" \
OS_ARCH="Linux" \
OS_RELEASE="2.6" \
OS_TEST="$(LIBNSS_ARCH)"
# #pragma usage needs gcc >= 4.8
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1226179
ifeq ($(BR2_TOOLCHAIN_GCC_AT_LEAST_4_8),)
LIBNSS_BUILD_VARS += NSS_ENABLE_WERROR=0
endif
ifeq ($(BR2_ARCH_IS_64),y)
# MIPS64 n32 is treated as a 32-bit architecture by libnss.
# See: https://bugzilla.mozilla.org/show_bug.cgi?id=1010730
ifeq ($(BR2_MIPS_NABI32),)
LIBNSS_BUILD_VARS += USE_64=1
endif
endif
define LIBNSS_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS)
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS)"
endef
define LIBNSS_INSTALL_STAGING_CMDS
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
$(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
$(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
endef
define LIBNSS_INSTALL_TARGET_CMDS
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
$(INSTALL) -m 755 -d $(TARGET_DIR)/usr/include/nss
$(INSTALL) -m 644 -t $(TARGET_DIR)/usr/include/nss \
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
endef
HOST_LIBNSS_BUILD_VARS = \
MOZILLA_CLIENT=1 \
NSPR_INCLUDE_DIR=$(HOST_DIR)/include/nspr \
NSPR_LIB_DIR=$(HOST_DIR)/lib \
BUILD_OPT=1 \
NS_USE_GCC=1 \
NSS_DISABLE_GTESTS=1 \
NSS_USE_SYSTEM_SQLITE=1 \
SQLITE_INCLUDE_DIR=$(HOST_DIR)/include \
ZLIB_INCLUDE_DIR=$(HOST_DIR)/include \
NSS_ENABLE_ECC=1
HOST_LIBNSS_DEPENDENCIES = host-libnspr host-sqlite host-zlib
ifneq ($(filter %64,$(HOSTARCH)),)
HOST_LIBNSS_BUILD_VARS += USE_64=1
endif
define HOST_LIBNSS_BUILD_CMDS
$(HOST_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(HOST_LIBNSS_BUILD_VARS)
$(HOST_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(HOST_LIBNSS_BUILD_VARS)
endef
define HOST_LIBNSS_INSTALL_CMDS
$(INSTALL) -m 755 -t $(HOST_DIR)/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
$(INSTALL) -m 755 -d $(HOST_DIR)/include/nss
$(INSTALL) -m 644 -t $(HOST_DIR)/include/nss \
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
$(INSTALL) -m 755 -t $(HOST_DIR)/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
$(HOST_DIR)/lib/pkgconfig/nss.pc
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
$(HOST_DIR)/lib/pkgconfig/nss.pc
$(SED) '/^prefix/s,=.*,=$(HOST_DIR),g;' \
$(HOST_DIR)/lib/pkgconfig/nss.pc
endef
$(eval $(generic-package))
$(eval $(host-generic-package))