Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[nss] Update to nss-3.39 and nss-pem-1.0.4, fixes jb#36180
- Loading branch information
Marko Kenttälä
committed
Jan 11, 2019
1 parent
ab6de8f
commit 26457ca
Showing
24 changed files
with
743 additions
and
433 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk | ||
--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700 | ||
+++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700 | ||
@@ -174,6 +174,12 @@ endif | ||
endif | ||
endif | ||
|
||
+# harden DSOs/executables a bit against exploits | ||
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE)))) | ||
+DSO_LDOPTS+=-Wl,-z,relro | ||
+LDFLAGS += -Wl,-z,relro | ||
+endif | ||
+ | ||
USE_SYSTEM_ZLIB = 1 | ||
ZLIB_LIBS = -lz | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk | ||
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200 | ||
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200 | ||
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME | ||
SQLITE_LIB_NAME = sqlite3 | ||
endif | ||
|
||
+# Prefer in-tree headers over system headers | ||
+ifdef IN_TREE_FREEBL_HEADERS_FIRST | ||
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss | ||
+endif | ||
+ | ||
MK_LOCATION = included |
This file was deleted.
Oops, something went wrong.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700 | ||
+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700 | ||
@@ -953,23 +953,23 @@ | ||
getBoundListenSocket(unsigned short port) | ||
{ | ||
PRFileDesc *listen_sock; | ||
int listenQueueDepth = 5 + (2 * maxThreads); | ||
PRStatus prStatus; | ||
PRNetAddr addr; | ||
PRSocketOptionData opt; | ||
|
||
- addr.inet.family = PR_AF_INET; | ||
- addr.inet.ip = PR_INADDR_ANY; | ||
- addr.inet.port = PR_htons(port); | ||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { | ||
+ errExit("PR_SetNetAddr"); | ||
+ } | ||
|
||
- listen_sock = PR_NewTCPSocket(); | ||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); | ||
if (listen_sock == NULL) { | ||
- errExit("PR_NewTCPSocket"); | ||
+ errExit("PR_OpenTCPSockett"); | ||
} | ||
|
||
opt.option = PR_SockOpt_Nonblocking; | ||
opt.value.non_blocking = PR_FALSE; | ||
prStatus = PR_SetSocketOption(listen_sock, &opt); | ||
if (prStatus < 0) { | ||
PR_Close(listen_sock); | ||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); | ||
--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700 | ||
+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700 | ||
@@ -1711,23 +1711,23 @@ | ||
getBoundListenSocket(unsigned short port) | ||
{ | ||
PRFileDesc *listen_sock; | ||
int listenQueueDepth = 5 + (2 * maxThreads); | ||
PRStatus prStatus; | ||
PRNetAddr addr; | ||
PRSocketOptionData opt; | ||
|
||
- addr.inet.family = PR_AF_INET; | ||
- addr.inet.ip = PR_INADDR_ANY; | ||
- addr.inet.port = PR_htons(port); | ||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { | ||
+ errExit("PR_SetNetAddr"); | ||
+ } | ||
|
||
- listen_sock = PR_NewTCPSocket(); | ||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); | ||
if (listen_sock == NULL) { | ||
- errExit("PR_NewTCPSocket"); | ||
+ errExit("PR_OpenTCPSocket error"); | ||
} | ||
|
||
opt.option = PR_SockOpt_Nonblocking; | ||
opt.value.non_blocking = PR_FALSE; | ||
prStatus = PR_SetSocketOption(listen_sock, &opt); | ||
if (prStatus < 0) { | ||
PR_Close(listen_sock); | ||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Add external nss header locations | ||
include_directories(../../dist/public/nss;../../dist/private/nss) | ||
# Find the external library path for linking | ||
execute_process(COMMAND find ${PROJECT_SOURCE_DIR}/../../dist -name libnssckfw.a OUTPUT_VARIABLE NSS_EXT_LIB_PATH) | ||
get_filename_component(NSS_LIB_PATH ${NSS_EXT_LIB_PATH} DIRECTORY) | ||
link_directories(${NSS_LIB_PATH}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile | ||
--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100 | ||
+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100 | ||
@@ -19,7 +19,11 @@ BLTEST_SRCDIR = | ||
ECPERF_SRCDIR = | ||
FREEBL_ECTEST_SRCDIR = | ||
FIPSTEST_SRCDIR = | ||
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1) | ||
+SHLIBSIGN_SRCDIR = shlibsign | ||
+else | ||
SHLIBSIGN_SRCDIR = | ||
+endif | ||
else | ||
BLTEST_SRCDIR = bltest | ||
ECPERF_SRCDIR = ecperf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn | ||
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200 | ||
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200 | ||
@@ -31,6 +31,5 @@ endif | ||
|
||
DIRS = \ | ||
$(LIB_SRCDIRS) \ | ||
- $(UTIL_SRCDIRS) \ | ||
$(NSS_SRCDIRS) \ | ||
$(NULL) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
prefix=%prefix% | ||
exec_prefix=%exec_prefix% | ||
libdir=%libdir% | ||
includedir=%includedir% | ||
|
||
Name: NSS-SOFTOKN | ||
Description: Network Security Services Softoken PKCS #11 Module | ||
Version: %SOFTOKEN_VERSION% | ||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% | ||
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 | ||
Cflags: -I${includedir} |
Oops, something went wrong.