kumquat-buildroot/package/libnss/libnss.mk
Baruch Siach 09b8e1079e libnss: security bump to version 3.30.2
CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).

CVE-2017-5462 - DRBG flaw in NSS

Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.

Drop upstream 0003-it-uninitialized-fix.patch.

Renumber the remaining patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-20 21:53:00 +02:00

96 lines
3.0 KiB
Makefile

################################################################################
#
# libnss
#
################################################################################
LIBNSS_VERSION = 3.30.2
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
LIBNSS_INSTALL_STAGING = YES
LIBNSS_DEPENDENCIES = libnspr sqlite zlib
LIBNSS_LICENSE = MPL-2.0
LIBNSS_LICENSE_FILES = nss/COPYING
# --gc-sections triggers binutils ld segfault
# https://sourceware.org/bugzilla/show_bug.cgi?id=21180
ifeq ($(BR2_microblaze),y)
define LIBNSS_DROP_GC_SECTIONS
sed -i 's:-Wl,--gc-sections::g' $(@D)/nss/coreconf/Linux.mk
endef
LIBNSS_PRE_CONFIGURE_HOOKS += LIBNSS_DROP_GC_SECTIONS
endif
LIBNSS_BUILD_VARS = \
MOZILLA_CLIENT=1 \
NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
BUILD_OPT=1 \
NS_USE_GCC=1 \
NSS_DISABLE_GTESTS=1 \
NSS_USE_SYSTEM_SQLITE=1 \
NSS_ENABLE_ECC=1 \
NATIVE_CC="$(HOSTCC)" \
OS_ARCH="Linux" \
OS_RELEASE="2.6" \
OS_TEST="$(ARCH)"
# #pragma usage needs gcc >= 4.8
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1226179
ifeq ($(BR2_TOOLCHAIN_GCC_AT_LEAST_4_8),)
LIBNSS_BUILD_VARS += NSS_ENABLE_WERROR=0
endif
ifeq ($(BR2_ARCH_IS_64),y)
# MIPS64 n32 is treated as a 32-bit architecture by libnss.
# See: https://bugzilla.mozilla.org/show_bug.cgi?id=1010730
ifeq ($(BR2_MIPS_NABI32),)
LIBNSS_BUILD_VARS += USE_64=1
endif
endif
define LIBNSS_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS)
$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS)"
endef
define LIBNSS_INSTALL_STAGING_CMDS
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
$(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
$(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
$(STAGING_DIR)/usr/lib/pkgconfig/nss.pc
endef
define LIBNSS_INSTALL_TARGET_CMDS
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
$(INSTALL) -m 755 -d $(TARGET_DIR)/usr/include/nss
$(INSTALL) -m 644 -t $(TARGET_DIR)/usr/include/nss \
$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
$(INSTALL) -D -m 0644 $(TOPDIR)/package/libnss/nss.pc.in \
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
$(SED) 's/@VERSION@/$(LIBNSS_VERSION)/g;' \
$(TARGET_DIR)/usr/lib/pkgconfig/nss.pc
endef
$(eval $(generic-package))