| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2021-43527.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
CVE-2006-5201 affects only using an RSA key with exponent 3 on Sun Solaris.
Signed-off-by: Masaki Ambai <ambai.masaki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 44113dcb5feea5522696d43d00909db41e5e6dbc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Centos 7 has glibc 2.18 and nss-native build fails due to implicit
declaration of function putenv during build. This is because of the
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
putenv(): _XOPEN_SOURCE
|| /* Glibc since 2.19: */ _DEFAULT_SOURCE
|| /* Glibc versions <= 2.19: */ _SVID_SOURCE
and because nss coreconf/Linux.mk only defines
-D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE
So on such system with glibc 2.18, neither macro makes putenv()
available. Add -D_XOPEN_SOURCE for the Centos 7 and glibc 2.18
native build case.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Armin Kuster <akuster808@gmail.com>
Cc: Armin Kuster <akuster@mvista.com>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 30148b33b5d750702d7749ac59d8d740d8cb7024)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
-License-Update: Add the license of MIT.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a7d0d878542ec24d718972423b34c59aa5bd2498)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
GCC-11 has fixed the problem [1]
[1] https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=da879e01ecd35737c18be1da3324f4560aba1961
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5178615b4356c0043309b3f9e37d16396451a67b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The patch: nss-fix-nsinstall-build.patch is embedded specific
so set it's Upstream-Status to inappropriate.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
with newer compilers we are seeing new warnings, e.g.
error: argument 1 of type 'int[1]' with mismatched bound [-Werror=array-parameter=]
8 | extern void pr_static_assert(int arg[(((long unsigned int)-1) > (long unsigned int)1) ? 1 : -1]);
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
with gcc11 and clang has its own set which triggers here as well, its
better to disable werror therefore, we still have warnings if someone
wants to fix them but they wont break the builds
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getcwd() conforms to POSIX.1-2001 which leaves the behaviour when the
buf argument is NULL, undefined. This makes gcc 10+ throw the following
warning:
argument 1 is null but the corresponding size argument 2 value is 4096
Initially, this was fixed by disabling NSS_ENABLE_WERROR. This patch
re-enables NSS_ENABLE_WERROR (by leaving it to its default value) and
takes advantage of the existing functionality in nss that wraps the
getcwd call into a function making sure that the buf argument is always
properly allocated.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Fix build with clang/ppc64le while here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bugs fixed in NSS 3.60.1:
Bug 1682863 - Fix remaining hang issues with slow third-party PKCS #11
tokens.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Refresh freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
- Drop pkix-Do-not-use-NULL-where-0-is-needed.patch
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like my "solution" also isn't working well at least for images with read-only-rootfs in IMAGE_FEATURES.
pkg_postinst_ontarget_${PN} is always forced to run on the target, which for read-only-rootfs results in:
log.do_rootfs:
...
NOTE: If an image is being built, the postinstalls for the following packages will be postponed for first boot: nss
...
ERROR: The following packages could not be configured offline and rootfs is read-only: ['nss']
and now looking at the /usr/bin/signlibs.sh and it does pretty much
the same as the postinst script when D isn't empty.
>From oe-core git history it shows that signlibs.sh was added first:
https://git.openembedded.org/openembedded-core/commit/?id=a4580f967c8064294a06d406acf5deb24aee2acc
then the offline version of postinst was added to support read-only-rootfs in:
https://git.openembedded.org/openembedded-core/commit/?id=64e87fc6e99bc1d4807034166735034b1f92bad8
and nss-native should always provide the shlibsign since:
https://git.openembedded.org/openembedded-core/commit/?id=88540c5b08dea069660d1a68e506aebdd68e6ae0
and only after
https://git.openembedded.org/openembedded-core/commit/?id=8f782f7095e718dd9452055af53363beb6bdbece
it looked like signlibs.sh was something special only for target.
So it looks to me, that we should just remove signlibs.sh script and let the same postinst be used on target and offline
(with or without D being empty).
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partially revert "nss: fix postinst script for nativesdk build"
This reverts commit 31552510b15c1c97aa6cbe180c2bb53d139efbcc.
When running in do_rootfs we need to run shlibsign provided
by nss-native, otherwise it fails when /usr/bin/shlibsign
doesn't exist on host builder:
do_rootfs: Postinstall scriptlets of ['nss'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Forward port 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are seeing warnigs with gcc-10 even on target builds e.g.
| In file included from nsinstall.c:20:
| /usr/include/unistd.h:520:14: note: in a call to function ‘getcwd’ declared with attribute ‘write_only (1, 2)’
| 520 | extern char *getcwd (char *__buf, size_t __size) __THROW __wur
| | ^~~~~~
| nsinstall.c:70:16: error: argument 1 is null but the corresponding size argument 2 value is 4096 [-Werror=nonnull]
| 70 | #define GETCWD getcwd
| | ^
| nsinstall.c:246:13: note: in expansion of macro ‘GETCWD’
| 246 | todir = GETCWD(0, PATH_MAX);
| | ^~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Found with clang-11
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's better to refer to binaries in postinst script with
full path which also works on SDK when
/opt/nativesysroot/usr/bin is not in PATH.
Fixes install of nativesdk-nss:
Configuring nativesdk-nss.
/var/lib/opkg/info/nativesdk-nss.postinst: line 14: signlibs.sh: not found
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade nss 3.51.1 -> 3.54:
* Refresh patches
* Drop riscv.patch and 0001-Enable-uint128-on-mips64.patch patches as upstream
commit [1] should implement that logic
* Use "autobuild" as do_compile make target (Makefile logic has changed
significantly, so the default target is no longer enough)
[1] https://hg.mozilla.org/projects/nss/rev/60aa7df14f119d2a21750668c5ce36fa38ef2c6c
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Some files are compiled with armv8-a+crypto and when using cortex-a55
the deduced march is armv8.2-a which then conflicts
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix below build error:
| verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h:22:1: error: 'FStar_UInt128___proj__Mkuint128__item__low' declared 'static' but never defined [-Werror=unused-function]
| 22 | FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee);
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
See full release notes:
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.51.1_release_notes
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
oe-core has punted them, but they are still needed by many packages e.g.
mozjs
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
