From patchwork Sun Dec 8 11:06:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Giulio Benetti X-Patchwork-Id: 1205613 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=benettiengineering.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=aruba.it header.i=@aruba.it header.b="j9VwJLcB"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47W3cQ5pzQz9sPJ for ; Sun, 8 Dec 2019 22:14:14 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 6DA128574F; Sun, 8 Dec 2019 11:14:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mEMGlu_yekM; Sun, 8 Dec 2019 11:14:09 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id E16E586407; Sun, 8 Dec 2019 11:14:04 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id AE74C1BF5AC for ; Sun, 8 Dec 2019 11:14:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8CDE586FEF for ; Sun, 8 Dec 2019 11:14:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CEesBeSBDcow for ; Sun, 8 Dec 2019 11:14:01 +0000 (UTC) X-Greylist: delayed 00:07:08 by SQLgrey-1.7.6 Received: from smtpcmd0641.aruba.it (smtpcmd0641.aruba.it [62.149.156.41]) by whitealder.osuosl.org (Postfix) with ESMTP id 4642786F92 for ; Sun, 8 Dec 2019 11:14:01 +0000 (UTC) Received: from ubuntu.localdomain ([146.241.72.127]) by smtpcmd06.ad.aruba.it with bizsmtp id bP6r210052kmWnm01P6rcY; Sun, 08 Dec 2019 12:06:51 +0100 From: Giulio Benetti To: buildroot@buildroot.org Date: Sun, 8 Dec 2019 12:06:50 +0100 Message-Id: <20191208110650.106092-1-giulio.benetti@benettiengineering.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aruba.it; s=a1; t=1575803211; bh=M2dDELgtSnMgyotDRJBck5ZvqshKmecs1OLMA9rZEgQ=; h=From:To:Subject:Date:MIME-Version; b=j9VwJLcB1mFgwz8GoBHHiS2JLCBclw13e2fAyLCRRsWQfdaPAFAUoZN79aEC4QpKe qEdahNcXzn+4KPo7iuYB5vFYUI+5Jb5/46Fxbb6zq20Hia74M1/8p1UqPRtdmS5YLM F0ljv6p7UmPevLUI4fCVE9G2yT1/ERVzC98rcWzdikQTVbW0k/SzWzFY6uMsAv9ixG W7h49nfXJuiXKjxf2ZeylDsivsF0sOXZHMVSXjuu1PR0MDodlCNPftSh56Seq+KKY6 byEymgP66ewbp4Jq27W9O52PWFva6ltZPddaM+CIyvSkG8yl5ItoFMk6ihyIC9auVw MQOIMYaCPqEDQ== Subject: [Buildroot] [PATCH] package/libnss: bump to version 3.48 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Joseph Kogut , Giulio Benetti Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" NSS 3.48 requires NSPR 4.24 already bumped. It already fixed CVE-2019-11745 but in version 3.47.1 it's already fixed. Anyway from 3.47 to 3.48 it fixes: CVE-2019-11745: EncryptUpdate should use maxout, not block size Remove an upstreamed patch but introduce a new one to fix building with signal.h include. Signed-off-by: Giulio Benetti --- Patch is pending to upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1602288 --- ...ix-build-if-arm-doesn-t-support-NEON.patch | 50 ------------------- ...build-failure-due-to-missing-posix-s.patch | 26 ++++++++++ package/libnss/libnss.hash | 4 +- package/libnss/libnss.mk | 4 +- 4 files changed, 30 insertions(+), 54 deletions(-) delete mode 100644 package/libnss/0003-Bug-1590676-Fix-build-if-arm-doesn-t-support-NEON.patch create mode 100644 package/libnss/0003-Bug-1602288-Fix-build-failure-due-to-missing-posix-s.patch diff --git a/package/libnss/0003-Bug-1590676-Fix-build-if-arm-doesn-t-support-NEON.patch b/package/libnss/0003-Bug-1590676-Fix-build-if-arm-doesn-t-support-NEON.patch deleted file mode 100644 index 467a1dc474..0000000000 --- a/package/libnss/0003-Bug-1590676-Fix-build-if-arm-doesn-t-support-NEON.patch +++ /dev/null @@ -1,50 +0,0 @@ -From c915be634cbfb90eb7880ec9efbdba9b98c6d4c1 Mon Sep 17 00:00:00 2001 -From: Giulio Benetti -Date: Wed, 23 Oct 2019 11:47:03 +0200 -Subject: [PATCH] Bug 1590676 - Fix build if arm doesn't support NEON - -At the moment NSS assumes that ARM supports NEON extension but this is -not true and leads to build failure on ARM without NEON extension. -Add check to assure USE_HW_AES is not defined if ARM without NEON -extension is used. - -Signed-off-by: Giulio Benetti ---- - nss/lib/freebl/aes-armv8.c | 5 +++-- - nss/lib/freebl/rijndael.c | 3 ++- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/nss/lib/freebl/aes-armv8.c b/nss/lib/freebl/aes-armv8.c -index 40d5e2d34..057d1aed3 100644 ---- a/nss/lib/freebl/aes-armv8.c -+++ b/nss/lib/freebl/aes-armv8.c -@@ -5,9 +5,10 @@ - #include "secerr.h" - #include "rijndael.h" - --#if (defined(__clang__) || \ -+#if ((defined(__clang__) || \ - (defined(__GNUC__) && defined(__GNUC_MINOR__) && \ -- (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 8)))) -+ (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 8)))) && \ -+ (defined(__ARM_NEON) || defined(__ARM_NEON__))) - - #ifndef __ARM_FEATURE_CRYPTO - #error "Compiler option is invalid" -diff --git a/nss/lib/freebl/rijndael.c b/nss/lib/freebl/rijndael.c -index 26bd58ee0..6d77d942d 100644 ---- a/nss/lib/freebl/rijndael.c -+++ b/nss/lib/freebl/rijndael.c -@@ -20,7 +20,8 @@ - #include "gcm.h" - #include "mpi.h" - --#if !defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64) -+#if (!defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)) || \ -+ (defined(__arm__) && !defined(__ARM_NEON) && !defined(__ARM_NEON__)) - // not test yet on big endian platform of arm - #undef USE_HW_AES - #endif --- -2.20.1 - diff --git a/package/libnss/0003-Bug-1602288-Fix-build-failure-due-to-missing-posix-s.patch b/package/libnss/0003-Bug-1602288-Fix-build-failure-due-to-missing-posix-s.patch new file mode 100644 index 0000000000..95e7b2bb56 --- /dev/null +++ b/package/libnss/0003-Bug-1602288-Fix-build-failure-due-to-missing-posix-s.patch @@ -0,0 +1,26 @@ +From 2e1b003600156e4adcb88998eabf18addee45be1 Mon Sep 17 00:00:00 2001 +From: Giulio Benetti +Date: Sun, 8 Dec 2019 11:57:45 +0100 +Subject: [PATCH] Bug 1602288 - Fix build failure due to missing posix signal.h + +Signed-off-by: Giulio Benetti +--- + nss/coreconf/Linux.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk +index d07f8a3c5..854d3ca96 100644 +--- a/nss/coreconf/Linux.mk ++++ b/nss/coreconf/Linux.mk +@@ -21,7 +21,7 @@ ifeq ($(USE_PTHREADS),1) + endif + + DEFAULT_COMPILER = gcc +-DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE ++DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE + + ifeq ($(OS_TARGET),Android) + ifndef ANDROID_NDK +-- +2.20.1 + diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash index 518d95d842..b53fc6d5f0 100644 --- a/package/libnss/libnss.hash +++ b/package/libnss/libnss.hash @@ -1,4 +1,4 @@ -# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_46_1_RTM/src/SHA256SUMS -sha256 1ae3d1cb1de345b258788f2ef6b10a460068034c3fd64f42427a183d8342a6fb nss-3.47.1.tar.gz +# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_48_RTM/src/SHA256SUMS +sha256 3f9c822a86a4e3e1bfe63e2ed0f922d8b7c2e0b7cafe36774b1c627970d0f8ac nss-3.48.tar.gz # Locally calculated sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk index 747612c795..45d51429ef 100644 --- a/package/libnss/libnss.mk +++ b/package/libnss/libnss.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBNSS_VERSION = 3.47.1 +LIBNSS_VERSION = 3.48 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src LIBNSS_DISTDIR = dist @@ -21,7 +21,7 @@ endif # Need to pass down TARGET_CFLAGS and TARGET_LDFLAGS define LIBNSS_FIXUP_LINUX_MK - echo 'OS_CFLAGS += $(LIBNSS_CFLAGS)' >> $(@D)/nss/coreconf/Linux.mk + echo 'OS_CFLAGS += $(LIBNSS_CFLAGS) -D__USE_POSIX' >> $(@D)/nss/coreconf/Linux.mk echo 'LDFLAGS += $(TARGET_LDFLAGS)' >> $(@D)/nss/coreconf/Linux.mk endef