summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/nss
Commit message (Collapse)AuthorAgeFilesLines
* nss: backport fix for native build failure due to dangling pointer with gcc13Jack Mitchell2023-05-162-0/+76
| | | | | | | | Upstream-Status: Backport Link: https://github.com/nss-dev/nss/commit/cbf5a2bce75ca2c2fd3e247796b9892f5298584e Signed-off-by: Jack Mitchell <ml@embed.me.uk> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: backport fix for native build failure due to implicit casting with gcc13Jack Mitchell2023-05-162-0/+47
| | | | | | | | Upstream-Status: Backport Link: https://github.com/nss-dev/nss/commit/4e7e332b25a2794f381323518e52d8d95273b69e Signed-off-by: Jack Mitchell <ml@embed.me.uk> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE CVE-2023-0767Virendra Thakur2023-04-062-0/+125
| | | | | | | | Add CVE-2023-0767.patch to fix CVE-2023-0767 Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2020-25648Mathieu Dubois-Briand2023-02-222-0/+164
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Whitelist CVEs related to libnssdbmMathieu Dubois-Briand2023-02-221-0/+4
| | | | | | | | | | | | These CVEs only affect libnssdbm, compiled when --enable-legacy-db is used. https://bugzilla.mozilla.org/show_bug.cgi?id=1360782#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360778#c8 https://bugzilla.mozilla.org/show_bug.cgi?id=1360900#c6 https://bugzilla.mozilla.org/show_bug.cgi?id=1360779#c9 Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Add missing CVE productMathieu Dubois-Briand2023-02-221-0/+2
| | | | | Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Add fix for CVE-2022-22747Ranjitsinh Rathod2022-02-132-0/+64
| | | | | | | | Add a patch to fix CVE-2022-22747 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2021-43527sana kazi2021-12-182-0/+284
| | | | | | | | Add patch to fix CVE-2021-43527 which causes heap overflow in nss. Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2020-12403Ranjitsinh Rathod2021-11-173-0/+147
| | | | | | | | | | | | Add patch for CVE-2020-12403 Link: https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Two Security fixes CVE-2020-6829 and 12400Armin Kuster2021-09-052-0/+19790
| | | | | | | | | | | | | | Source: https://hg.mozilla.org/projects/nss MR: 106863 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c and 3f022d5eca5d3cd0e366a825a5681953d76299d0 ChangeID: f7f16ca20fbb2436071fde063fe56aa8b319ce41 Description: Affects NSS < 3.55 This address both VE-2020-6829 and CVE-2020-12400 Signed-off-by: Armin Kuster <akuster@mvista.com>
* nss: add CVE-2006-5201 to allowlistMasaki Ambai2021-07-101-0/+3
| | | | | | | | | | | | CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris. Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit ace5cd9a8bb6ba0058caf8a148437820a9336b9c) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix build on Centos 7Marek Vasut2021-06-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Centos 7 has glibc 2.18 and nss-native build fails due to implicit declaration of function putenv during build. This is because of the Feature Test Macro Requirements for glibc (see feature_test_macros(7)): putenv(): _XOPEN_SOURCE || /* Glibc since 2.19: */ _DEFAULT_SOURCE || /* Glibc versions <= 2.19: */ _SVID_SOURCE and because nss coreconf/Linux.mk only defines -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE So on such system with glibc 2.18, neither macro makes putenv() available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18 native build case. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Armin Kuster <akuster808@gmail.com> Cc: Armin Kuster <akuster@mvista.com> Cc: Khem Raj <raj.khem@gmail.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix warnings generated by getcwdAndrei Gherzan2021-03-161-1/+5
| | | | | | | | | | | | | | | | | getcwd() conforms to POSIX.1-2001 which leaves the behaviour when the buf argument is NULL, undefined. This makes gcc 10+ throw the following warning: argument 1 is null but the corresponding size argument 2 value is 4096 Initially, this was fixed by disabling NSS_ENABLE_WERROR. This patch re-enables NSS_ENABLE_WERROR (by leaving it to its default value) and takes advantage of the existing functionality in nss that wraps the getcwd call into a function making sure that the buf argument is always properly allocated. Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Security fix CVE-2020-12401Armin Kuster2021-01-122-0/+53
| | | | | | | | | | | | | | Source: Mozilla.org MR: 106876 Type: Security Fix Disposition: Backport from https://hg.mozilla.org/projects/nss/raw-rev/aeb2e583ee957a699d949009c7ba37af76515c20 ChangeID: a61d4926f8ab5afc54c23e58cd86b4a7609c9708 Description: Fixes CVE-2020-12401 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Fix CVE-2020-12399Ovidiu Panait2020-07-142-0/+111
| | | | | | | | | | | | | | | Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Upstream patch: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: Remove mcpu to avoid march conflictsKhem Raj2020-07-121-0/+4
| | | | | | | | Some files are compiled with armv8-a+crypto and when using cortex-a55 the deduced march is armv8.2-a which then conflicts Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nss: enable uint128 support on mips64Mingli Yu2020-05-032-0/+49
| | | | | | | | | Fix below build error: | verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h:22:1: error: 'FStar_UInt128___proj__Mkuint128__item__low' declared 'static' but never defined [-Werror=unused-function] | 22 | FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee); Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: Fix build on riscv64Khem Raj2020-04-252-0/+37
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: upgrade 3.51 -> 3.51.1Pierre-Jean Texier2020-04-131-2/+2
| | | | | | | | | See full release notes: - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.51.1_release_notes Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: upgrade 3.50 -> 3.51Wang Mingyu2020-03-181-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss,nspr: Add recipesKhem Raj2020-03-0813-0/+637
oe-core has punted them, but they are still needed by many packages e.g. mozjs Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-08 10:58:52 +0000