diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /poky/meta/recipes-support/nss | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-support/nss')
12 files changed, 744 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch b/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch new file mode 100644 index 000000000..bc10f3385 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch @@ -0,0 +1,119 @@ +From 6f7d7be9997ba6727a5ad7c3800df9051160dc12 Mon Sep 17 00:00:00 2001 +From: Martin Thomson <martin.thomson@gmail.com> +Date: Tue, 13 Feb 2018 12:30:58 +1100 +Subject: [PATCH] Bug 1437734 - Use snprintf in sign.c, r=ttaubert + +--HG-- +extra : rebase_source : 97921ece71ff86b18d32b891591608290eed4d83 +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/0a9078b3cde97add7c825c9d13467a8401ad0c88#diff-b42512151dc137537091f823f7701804.patch] + + nss/cmd/signtool/sign.c | 58 ++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 48 insertions(+), 10 deletions(-) + +diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c +index 6e776069a..6f8e43946 100644 +--- a/nss/cmd/signtool/sign.c ++++ b/nss/cmd/signtool/sign.c +@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, + int status; + char tempfn[FNSIZE], fullfn[FNSIZE]; + int keyType = rsaKey; ++ int count; + + metafile = meta_file; + optimize = _optimize; +@@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, + } + + /* rsa/dsa to zip */ +- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" +- : "rsa")); +- sprintf(fullfn, "%s/%s", tree, tempfn); ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); ++ if (count >= sizeof(tempfn)) { ++ PR_fprintf(errorFD, "unable to write key metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); ++ if (count >= sizeof(fullfn)) { ++ PR_fprintf(errorFD, "unable to write key metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } + JzipAdd(fullfn, tempfn, zipfile, compression_level); + + /* Loop through all files & subdirectories, add to archive */ +@@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, + } + /* mf to zip */ + strcpy(tempfn, "META-INF/manifest.mf"); +- sprintf(fullfn, "%s/%s", tree, tempfn); ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); ++ if (count >= sizeof(fullfn)) { ++ PR_fprintf(errorFD, "unable to write manifest\n"); ++ errorCount++; ++ exit(ERRX); ++ } + JzipAdd(fullfn, tempfn, zipfile, compression_level); + + /* sf to zip */ +- sprintf(tempfn, "META-INF/%s.sf", base); +- sprintf(fullfn, "%s/%s", tree, tempfn); ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); ++ if (count >= sizeof(tempfn)) { ++ PR_fprintf(errorFD, "unable to write sf metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); ++ if (count >= sizeof(fullfn)) { ++ PR_fprintf(errorFD, "unable to write sf metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } + JzipAdd(fullfn, tempfn, zipfile, compression_level); + + /* Add the rsa/dsa file to the zip archive normally */ + if (!xpi_arc) { + /* rsa/dsa to zip */ +- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" +- : "rsa")); +- sprintf(fullfn, "%s/%s", tree, tempfn); ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); ++ if (count >= sizeof(tempfn)) { ++ PR_fprintf(errorFD, "unable to write key metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); ++ if (count >= sizeof(fullfn)) { ++ PR_fprintf(errorFD, "unable to write key metadata\n"); ++ errorCount++; ++ exit(ERRX); ++ } + JzipAdd(fullfn, tempfn, zipfile, compression_level); + } + +@@ -408,6 +442,7 @@ static int + manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg) + { + char fullname[FNSIZE]; ++ int count; + + if (verbosity >= 0) { + PR_fprintf(outputFD, "--> %s\n", relpath); +@@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi + if (!PL_HashTableLookup(extensions, ext)) + return 0; + } +- sprintf(fullname, "%s/%s", basedir, relpath); ++ count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); ++ if (count >= sizeof(fullname)) { ++ return 1; ++ } + JzipAdd(fullname, relpath, zipfile, compression_level); + + return 0; diff --git a/poky/meta/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/poky/meta/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch new file mode 100644 index 000000000..d5403397e --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -0,0 +1,48 @@ +From 0cf47ee432cc26a706864fcc09b2c3adc342a679 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 22 Feb 2017 11:36:11 +0200 +Subject: [PATCH] nss: fix support cross compiling + +Let some make variables be assigned from outside makefile. + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + nss/coreconf/arch.mk | 2 +- + nss/lib/freebl/Makefile | 6 ++++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk +index 06c276f..9c1eb51 100644 +--- a/nss/coreconf/arch.mk ++++ b/nss/coreconf/arch.mk +@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) + ifeq ($(OS_TEST),i86pc) + OS_RELEASE := $(shell uname -r)_$(OS_TEST) + else +- OS_RELEASE := $(shell uname -r) ++ OS_RELEASE ?= $(shell uname -r) + endif + + # +diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile +index 0ce1425..ebeb411 100644 +--- a/nss/lib/freebl/Makefile ++++ b/nss/lib/freebl/Makefile +@@ -36,6 +36,12 @@ ifdef USE_64 + DEFINES += -DNSS_USE_64 + endif + ++ifeq ($(OS_TEST),mips) ++ifndef USE_64 ++ DEFINES += -DNS_PTR_LE_32 ++endif ++endif ++ + ifdef USE_ABI32_FPU + DEFINES += -DNSS_USE_ABI32_FPU + endif +-- +2.11.0 + diff --git a/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch b/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch new file mode 100644 index 000000000..80b86908e --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch @@ -0,0 +1,33 @@ +From c8eadfcdfbc1d5a4799e9a264b0f859cb5954c05 Mon Sep 17 00:00:00 2001 +From: Christopher Larson <chris_larson@mentor.com> +Date: Tue, 13 Dec 2016 11:40:47 -0700 +Subject: [PATCH 7/7] Fix compilation for X32 + +X32 uses 32-bit pointers, not 64-bit. + +Signed-off-by: Christopher Larson <chris_larson@mentor.com> + +Upstream-Status: Pending +--- + nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c +index 2a3301e..d4ade41 100644 +--- a/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c ++++ b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c +@@ -87,7 +87,11 @@ static poly1305_state_internal INLINE + * + poly1305_aligned_state(poly1305_state *state) + { ++#ifdef __ILP32__ ++ return (poly1305_state_internal *)(((uint32_t)state + 63) & ~63); ++#else + return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); ++#endif + } + + /* copy 0-63 bytes */ +-- +2.8.0 + diff --git a/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch b/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch new file mode 100644 index 000000000..86b1b6055 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch @@ -0,0 +1,33 @@ +clang 3.9 add this warning to rightly flag undefined +behavior, we relegate this to be just a warning instead +of error and keep the behavior as it was. Right fix would +be to not pass enum to the function with variadic arguments +as last named argument + +Fixes errors like +ocsp.c:2220:22: error: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Werror,-Wvarargs] + va_start(ap, responseType0); + ^ +ocsp.c:2200:43: note: parameter of type 'SECOidTag' is declared here + SECOidTag responseType0, ...) + +see +https://www.securecoding.cert.org/confluence/display/cplusplus/EXP58-CPP.+Pass+an+object+of+the+correct+type+to+va_start +for more details + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending + +Index: nss-3.24/nss/coreconf/Werror.mk +=================================================================== +--- nss-3.24.orig/nss/coreconf/Werror.mk ++++ nss-3.24/nss/coreconf/Werror.mk +@@ -54,7 +54,7 @@ ifndef WARNING_CFLAGS + ifdef CC_IS_CLANG + # -Qunused-arguments : clang objects to arguments that it doesn't understand + # and fixing this would require rearchitecture +- WARNING_CFLAGS += -Qunused-arguments ++ WARNING_CFLAGS += -Qunused-arguments -Wno-error=varargs + # -Wno-parentheses-equality : because clang warns about macro expansions + WARNING_CFLAGS += $(call disable_warning,parentheses-equality) + ifdef BUILD_OPT diff --git a/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch b/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch new file mode 100644 index 000000000..8276f89e8 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch @@ -0,0 +1,30 @@ +# HG changeset patch +# User Daiki Ueno <dueno@redhat.com> +# Date 1516710574 -3600 +# Tue Jan 23 13:29:34 2018 +0100 +# Node ID 27f27ce21c2c6ff5a47fa9e17c438b000366c9c9 +# Parent be1dca5ac80541d3b81a8da9d42854d8b1cceefb +Build Hacl_Poly1305_64.o on aarch64 even with make + +Upstream-Status: Backport +https://bug1432455.bmoattachments.org/attachment.cgi?id=8944691 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nss-3.35/nss/lib/freebl/Makefile +=================================================================== +--- nss-3.35.orig/nss/lib/freebl/Makefile ++++ nss-3.35/nss/lib/freebl/Makefile +@@ -533,7 +533,12 @@ ifndef NSS_DISABLE_CHACHAPOLY + EXTRA_SRCS += chacha20_vec.c + endif + else +- EXTRA_SRCS += poly1305.c ++ ifeq ($(CPU_ARCH),aarch64) ++ EXTRA_SRCS += Hacl_Poly1305_64.c ++ else ++ EXTRA_SRCS += poly1305.c ++ endif ++ + EXTRA_SRCS += chacha20.c + VERIFIED_SRCS += Hacl_Chacha20.c + endif # x86_64 diff --git a/poky/meta/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch b/poky/meta/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch new file mode 100644 index 000000000..547594d5b --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch @@ -0,0 +1,110 @@ +nss: fix incorrect shebang of perl + +Replace incorrect shebang of perl with `#!/usr/bin/env perl'. + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Upstream-Status: Pending +--- + nss/cmd/smimetools/smime | 2 +- + nss/coreconf/cpdist.pl | 2 +- + nss/coreconf/import.pl | 2 +- + nss/coreconf/jniregen.pl | 2 +- + nss/coreconf/outofdate.pl | 2 +- + nss/coreconf/release.pl | 2 +- + nss/coreconf/version.pl | 2 +- + nss/tests/clean_tbx | 2 +- + nss/tests/path_uniq | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime +--- a/nss/cmd/smimetools/smime ++++ b/nss/cmd/smimetools/smime +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl +index 800edfb..652187f 100755 +--- a/nss/coreconf/cpdist.pl ++++ b/nss/coreconf/cpdist.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl +index dd2d177..428eaa5 100755 +--- a/nss/coreconf/import.pl ++++ b/nss/coreconf/import.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl +index 2039180..5f4f69c 100755 +--- a/nss/coreconf/jniregen.pl ++++ b/nss/coreconf/jniregen.pl +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl +index 33d80bb..01fc097 100755 +--- a/nss/coreconf/outofdate.pl ++++ b/nss/coreconf/outofdate.pl +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl +index 7cde19d..b5df2f6 100755 +--- a/nss/coreconf/release.pl ++++ b/nss/coreconf/release.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl +index d2a4942..79359fe 100644 +--- a/nss/coreconf/version.pl ++++ b/nss/coreconf/version.pl +@@ -1,4 +1,4 @@ +-#!/usr/sbin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx +index 4de9555..a7def9f 100755 +--- a/nss/tests/clean_tbx ++++ b/nss/tests/clean_tbx +@@ -1,4 +1,4 @@ +-#! /bin/perl ++#!/usr/bin/env perl + + ####################################################################### + # +diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq +index f29f60a..08fbffa 100755 +--- a/nss/tests/path_uniq ++++ b/nss/tests/path_uniq +@@ -1,4 +1,4 @@ +-#! /bin/perl ++#!/usr/bin/env perl + + ######################################################################## + # +-- +1.8.1.2 + diff --git a/poky/meta/recipes-support/nss/nss/nss-fix-nsinstall-build.patch b/poky/meta/recipes-support/nss/nss/nss-fix-nsinstall-build.patch new file mode 100644 index 000000000..181c69adb --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/nss-fix-nsinstall-build.patch @@ -0,0 +1,36 @@ +Fix nss multilib build on openSUSE 11.x 32bit + +While building lib64-nss on openSUSE 11.x 32bit, the nsinstall will +fail with error: + +* nsinstall.c:1:0: sorry, unimplemented: 64-bit mode not compiled + +It caused by the '-m64' option which passed to host gcc. + +The nsinstall was built first while nss starting to build, it only runs +on host to install built files, it doesn't need any cross-compling or +multilib build options. Just clean the ARCHFLAG and LDFLAGS to fix this +error. + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +=================================================== +Index: nss-3.24/nss/coreconf/nsinstall/Makefile +=================================================================== +--- nss-3.24.orig/nss/coreconf/nsinstall/Makefile ++++ nss-3.24/nss/coreconf/nsinstall/Makefile +@@ -18,6 +18,13 @@ INTERNAL_TOOLS = 1 + + include $(DEPTH)/coreconf/config.mk + ++# nsinstall is unfit for cross-compiling/multilib-build since it was ++# always run on local host to install built files. This change intends ++# to clean the '-m64' from ARCHFLAG and LDFLAGS. ++ARCHFLAG = ++LDFLAGS = ++CFLAGS = ++ + ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET))) + PROGRAM = + else diff --git a/poky/meta/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch b/poky/meta/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch new file mode 100644 index 000000000..7661dc93a --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch @@ -0,0 +1,26 @@ +nss:no rpath for cross compiling + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Upstream-Status: Inappropriate [configuration] +--- + nss/cmd/platlibs.mk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk +--- a/nss/cmd/platlibs.mk ++++ b/nss/cmd/platlibs.mk +@@ -18,9 +18,9 @@ endif + + ifeq ($(OS_ARCH), Linux) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' + else +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' + endif + endif + +-- +1.8.1.2 + diff --git a/poky/meta/recipes-support/nss/nss/nss.pc.in b/poky/meta/recipes-support/nss/nss/nss.pc.in new file mode 100644 index 000000000..200f635c6 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/nss.pc.in @@ -0,0 +1,11 @@ +prefix=OEPREFIX +exec_prefix=OEEXECPREFIX +libdir=OELIBDIR +includedir=OEINCDIR + +Name: NSS +Description: Network Security Services +Version: %NSS_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3 +Cflags: -IOEINCDIR diff --git a/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch b/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch new file mode 100644 index 000000000..9942bf192 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch @@ -0,0 +1,23 @@ +nss does not build on mips with clang because wrong types are used? + +pqg.c:339:16: error: comparison of constant 18446744073709551615 with expression of type 'unsigned long' is always true [-Werror,-Wtautological-constant-out-of-range-compare] + if (addend < MP_DIGIT_MAX) { + ~~~~~~ ^ ~~~~~~~~~~~~ + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending +Index: nss-3.24/nss/lib/freebl/pqg.c +=================================================================== +--- nss-3.24.orig/nss/lib/freebl/pqg.c ++++ nss-3.24/nss/lib/freebl/pqg.c +@@ -322,8 +322,8 @@ generate_h_candidate(SECItem *hit, mp_in + + static SECStatus + addToSeed(const SECItem *seed, +- unsigned long addend, +- int seedlen, /* g in 186-1 */ ++ unsigned long long addend, ++ int seedlen, /* g in 186-1 */ + SECItem *seedout) + { + mp_int s, sum, modulus, tmp; diff --git a/poky/meta/recipes-support/nss/nss/signlibs.sh b/poky/meta/recipes-support/nss/nss/signlibs.sh new file mode 100644 index 000000000..a74e499f8 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss/signlibs.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# signlibs.sh +# +# (c)2010 Wind River Systems, Inc. +# +# regenerates the .chk files for the NSS libraries that require it +# since the ones that are built have incorrect checksums that were +# calculated on the host where they really need to be done on the +# target + +CHK_FILES=`ls /lib*/*.chk /usr/lib*/*.chk 2>/dev/null` +SIGN_BINARY=`which shlibsign` +for I in $CHK_FILES +do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + $SIGN_BINARY -i $FN +done diff --git a/poky/meta/recipes-support/nss/nss_3.35.bb b/poky/meta/recipes-support/nss/nss_3.35.bb new file mode 100644 index 000000000..84f1916f3 --- /dev/null +++ b/poky/meta/recipes-support/nss/nss_3.35.bb @@ -0,0 +1,255 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://signlibs.sh \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://nss-fix-nsinstall-build.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://Fix-compilation-for-X32.patch \ + file://nss-build-hacl-poly1305-aarch64.patch \ + file://0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch \ + " + +SRC_URI[md5sum] = "9467ec9e65c5aeb3254a50250490f5f7" +SRC_URI[sha256sum] = "f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes" + +inherit siteinfo + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" +RDEPENDS_${PN}-smime = "perl" + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} + export NSS_ENABLE_WERROR=0 +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export NATIVE_FLAGS="${BUILD_CFLAGS}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" +} +do_compile[vardepsexclude] += "SITEINFO_BITS" + + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # Create a blank certificate + mkdir -p ${D}${sysconfdir}/pki/nssdb/ + touch ./empty_password + certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password + chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db + rm ./empty_password +} + +PACKAGE_WRITE_DEPS += "nss-native" +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + exit 1 + fi + done + else + signlibs.sh + fi +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +BBCLASSEXTEND = "native nativesdk" + |