similarity index 65%
rename from package/libnss/libnss-cross.patch
rename to package/libnss/libnss-0001-cross-compile.patch
@@ -1,14 +1,15 @@
-
This patch allows us to set a value for the cross compiler via TARGETCC without
setting CC on the command line. CC is used for host tools as well as cross
compiled code so we cannot define it on the command line without breaking
the host tools build.
+[Gustavo: update for nss 3.16.1]
Signed-off-by: Will Newton <will.newton@imgtec.com>
---- libnss-3.12.9.old/mozilla/security/coreconf/Linux.mk 2011-03-01 10:31:21.517847183 +0000
-+++ libnss-3.12.9/mozilla/security/coreconf/Linux.mk 2011-03-01 10:33:42.688648237 +0000
-@@ -46,9 +46,13 @@
+diff -Nura nss-3.16.1.orig/nss/coreconf/Linux.mk nss-3.16.1/nss/coreconf/Linux.mk
+--- nss-3.16.1.orig/nss/coreconf/Linux.mk 2014-06-18 10:34:30.503996123 -0300
++++ nss-3.16.1/nss/coreconf/Linux.mk 2014-06-18 10:35:02.233068390 -0300
+@@ -16,9 +16,13 @@
IMPL_STRATEGY = _PTH
endif
similarity index 50%
rename from package/libnss/libnss-uclibc.patch
rename to package/libnss/libnss-0002-uclibc.patch
@@ -1,11 +1,12 @@
-
uCLibc does not define RTLD_NOLOAD.
+[Gustavo: update for nss 3.16.1]
Signed-off-by: Will Newton <will.newton@imgtec.com>
---- nss-3.12.9.old/mozilla/security/nss/lib/freebl/stubs.c 2011-07-08 13:32:54.964338355 +0100
-+++ nss-3.12.9/mozilla/security/nss/lib/freebl/stubs.c 2011-07-08 13:33:57.255337490 +0100
-@@ -535,6 +535,11 @@
+diff -Nura nss-3.16.1.orig/nss/lib/freebl/stubs.c nss-3.16.1/nss/lib/freebl/stubs.c
+--- nss-3.16.1.orig/nss/lib/freebl/stubs.c 2014-06-18 10:34:30.529997002 -0300
++++ nss-3.16.1/nss/lib/freebl/stubs.c 2014-06-18 10:36:25.508882650 -0300
+@@ -594,6 +594,11 @@
return SECSuccess;
}
@@ -4,15 +4,14 @@
#
################################################################################
-LIBNSS_VERSION = 3.14.5
+LIBNSS_VERSION = 3.16.1
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
-LIBNSS_SUBDIR = mozilla/security
-LIBNSS_DISTDIR = mozilla/dist
+LIBNSS_DISTDIR = dist
LIBNSS_INSTALL_STAGING = YES
LIBNSS_DEPENDENCIES = libnspr sqlite zlib
LIBNSS_LICENSE = MPLv2.0
-LIBNSS_LICENSE_FILES = mozilla/security/nss/COPYING
+LIBNSS_LICENSE_FILES = nss/COPYING
LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
@@ -39,12 +38,12 @@ endif
define LIBNSS_BUILD_CMDS
- $(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_coreconf \
+ $(MAKE1) -C $(@D)/nss coreconf \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
$(LIBNSS_BUILD_VARS)
- $(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_dbm all \
+ $(MAKE1) -C $(@D)/nss lib/dbm all \
SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
DIST=$(@D)/$(LIBNSS_DISTDIR) \
CHECKLOC= \
Fixes: CVE-2014-1492 - The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. CVE-2014-1491 - Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1490 - Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2013-1740 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- .../{libnss-cross.patch => libnss-0001-cross-compile.patch} | 9 +++++---- .../libnss/{libnss-uclibc.patch => libnss-0002-uclibc.patch} | 9 +++++---- package/libnss/libnss.mk | 11 +++++------ 3 files changed, 15 insertions(+), 14 deletions(-) rename package/libnss/{libnss-cross.patch => libnss-0001-cross-compile.patch} (65%) rename package/libnss/{libnss-uclibc.patch => libnss-0002-uclibc.patch} (50%)