* [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22
@ 2019-09-03 10:12 Giulio Benetti
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Giulio Benetti @ 2019-09-03 10:12 UTC (permalink / raw)
To: buildroot
Rework all 3 patches to make that applicable to 4.22 version.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
---
package/libnspr/0001-nios2.patch | 30 ++++++++++++------------
package/libnspr/0002-microblaze.patch | 32 +++++++++++++-------------
package/libnspr/0003-nds32.patch | 33 +++++++++++++--------------
package/libnspr/libnspr.hash | 2 +-
package/libnspr/libnspr.mk | 2 +-
5 files changed, 49 insertions(+), 50 deletions(-)
diff --git a/package/libnspr/0001-nios2.patch b/package/libnspr/0001-nios2.patch
index 2a967c4593..52fbbfdddd 100644
--- a/package/libnspr/0001-nios2.patch
+++ b/package/libnspr/0001-nios2.patch
@@ -1,17 +1,18 @@
-Add Nios-II support
+Bug 1578360 - Add Nios-II support
[Gustavo: update for nspr 4.10.9]
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
[Fabrice: update for nspr 4.20]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Giulio: update for nspr 4.22]
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Index: b/nspr/pr/include/md/_linux.cfg
-===================================================================
---- a/nspr/pr/include/md/_linux.cfg
-+++ b/nspr/pr/include/md/_linux.cfg
-@@ -1112,6 +1112,51 @@
- #define PR_BYTES_PER_WORD_LOG2 3
- #define PR_BYTES_PER_DWORD_LOG2 3
+diff -r 3af4891397ab -r 8487beb203e9 nspr/pr/include/md/_linux.cfg
+--- a/nspr/pr/include/md/_linux.cfg Mon Aug 19 16:17:52 2019 +0200
++++ b/nspr/pr/include/md/_linux.cfg Tue Sep 03 11:25:11 2019 +0200
+@@ -1157,6 +1157,51 @@
+ #define PR_BYTES_PER_WORD_LOG2 2
+ #define PR_BYTES_PER_DWORD_LOG2 3
+#elif defined(__nios2__)
+
@@ -61,14 +62,13 @@ Index: b/nspr/pr/include/md/_linux.cfg
#else
#error "Unknown CPU architecture"
-Index: b/nspr/pr/include/md/_linux.h
-===================================================================
---- a/nspr/pr/include/md/_linux.h
-+++ b/nspr/pr/include/md/_linux.h
-@@ -57,6 +57,8 @@
- #define _PR_SI_ARCHITECTURE "riscv32"
- #elif defined(__riscv) && (__riscv_xlen == 64)
+diff -r 3af4891397ab -r 8487beb203e9 nspr/pr/include/md/_linux.h
+--- a/nspr/pr/include/md/_linux.h Mon Aug 19 16:17:52 2019 +0200
++++ b/nspr/pr/include/md/_linux.h Tue Sep 03 11:25:11 2019 +0200
+@@ -63,6 +63,8 @@
#define _PR_SI_ARCHITECTURE "riscv64"
+ #elif defined(__arc__)
+ #define _PR_SI_ARCHITECTURE "arc"
+#elif defined(__nios2__)
+#define _PR_SI_ARCHITECTURE "nios2"
#else
diff --git a/package/libnspr/0002-microblaze.patch b/package/libnspr/0002-microblaze.patch
index 4c23259d58..6558882bd7 100644
--- a/package/libnspr/0002-microblaze.patch
+++ b/package/libnspr/0002-microblaze.patch
@@ -1,15 +1,16 @@
-Add Microblaze support
+Bug 1578363 - Add Microblaze support
[Gustavo: update for nspr 4.10.9]
Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
[Fabrice: update for nspr 4.20]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Giulio: update for nspr 4.22]
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Index: b/nspr/pr/include/md/_linux.cfg
-===================================================================
---- a/nspr/pr/include/md/_linux.cfg
-+++ b/nspr/pr/include/md/_linux.cfg
-@@ -1157,6 +1157,56 @@
+diff -r 8487beb203e9 -r ab7d5c504daf nspr/pr/include/md/_linux.cfg
+--- a/nspr/pr/include/md/_linux.cfg Tue Sep 03 11:25:11 2019 +0200
++++ b/nspr/pr/include/md/_linux.cfg Tue Sep 03 11:33:15 2019 +0200
+@@ -1202,6 +1202,56 @@
#define PR_BYTES_PER_WORD_LOG2 2
#define PR_BYTES_PER_DWORD_LOG2 3
@@ -66,16 +67,15 @@ Index: b/nspr/pr/include/md/_linux.cfg
#else
#error "Unknown CPU architecture"
-Index: b/nspr/pr/include/md/_linux.h
-===================================================================
---- a/nspr/pr/include/md/_linux.h
-+++ b/nspr/pr/include/md/_linux.h
-@@ -57,6 +57,8 @@
- #define _PR_SI_ARCHITECTURE "riscv32"
- #elif defined(__riscv) && (__riscv_xlen == 64)
- #define _PR_SI_ARCHITECTURE "riscv64"
-+#elif defined(__microblaze__)
-+#define _PR_SI_ARCHITECTURE "microblaze"
+diff -r 8487beb203e9 -r ab7d5c504daf nspr/pr/include/md/_linux.h
+--- a/nspr/pr/include/md/_linux.h Tue Sep 03 11:25:11 2019 +0200
++++ b/nspr/pr/include/md/_linux.h Tue Sep 03 11:33:15 2019 +0200
+@@ -65,6 +65,8 @@
+ #define _PR_SI_ARCHITECTURE "arc"
#elif defined(__nios2__)
#define _PR_SI_ARCHITECTURE "nios2"
++#elif defined(__microblaze__)
++#define _PR_SI_ARCHITECTURE "microblaze"
#else
+ #error "Unknown CPU architecture"
+ #endif
diff --git a/package/libnspr/0003-nds32.patch b/package/libnspr/0003-nds32.patch
index 3b67a3f787..49d0d81aca 100644
--- a/package/libnspr/0003-nds32.patch
+++ b/package/libnspr/0003-nds32.patch
@@ -1,15 +1,16 @@
-Add nds32 support
+Bug 1578364 - Add Nds32 support
-Signed-off-by:Nylon Chen <nylon7@andestech.com>
+Signed-off-by: Nylon Chen <nylon7@andestech.com>
+[Giulio: update for nspr 4.22]
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Index: b/nspr/pr/include/md/_linux.cfg
-===================================================================
---- a/nspr/pr/include/md/_linux.cfg
-+++ b/nspr/pr/include/md/_linux.cfg
-@@ -1207,6 +1207,51 @@
+diff -r ab7d5c504daf -r d212d80704a2 nspr/pr/include/md/_linux.cfg
+--- a/nspr/pr/include/md/_linux.cfg Tue Sep 03 11:33:15 2019 +0200
++++ b/nspr/pr/include/md/_linux.cfg Tue Sep 03 11:36:05 2019 +0200
+@@ -1252,6 +1252,51 @@
#define PR_BYTES_PER_WORD_LOG2 2
#define PR_BYTES_PER_DWORD_LOG2 3
-
+
+#elif defined(__nds32__)
+
+#define IS_LITTLE_ENDIAN 1
@@ -56,17 +57,15 @@ Index: b/nspr/pr/include/md/_linux.cfg
+#define PR_BYTES_PER_DWORD_LOG2 3
+
#else
-
+
#error "Unknown CPU architecture"
-
-Index: b/nspr/pr/include/md/_linux.h
-===================================================================
---- a/nspr/pr/include/md/_linux.h
-+++ b/nspr/pr/include/md/_linux.h
-@@ -65,6 +65,8 @@
- #define _PR_SI_ARCHITECTURE "microblaze"
- #elif defined(__nios2__)
+diff -r ab7d5c504daf -r d212d80704a2 nspr/pr/include/md/_linux.h
+--- a/nspr/pr/include/md/_linux.h Tue Sep 03 11:33:15 2019 +0200
++++ b/nspr/pr/include/md/_linux.h Tue Sep 03 11:36:05 2019 +0200
+@@ -67,6 +67,8 @@
#define _PR_SI_ARCHITECTURE "nios2"
+ #elif defined(__microblaze__)
+ #define _PR_SI_ARCHITECTURE "microblaze"
+#elif defined(__nds32__)
+#define _PR_SI_ARCHITECTURE "nds32"
#else
diff --git a/package/libnspr/libnspr.hash b/package/libnspr/libnspr.hash
index 33710b65a9..321b67956a 100644
--- a/package/libnspr/libnspr.hash
+++ b/package/libnspr/libnspr.hash
@@ -1,4 +1,4 @@
# From https://ftp.mozilla.org/pub/nspr/releases/v4.20/src/SHA256SUMS
-sha256 2c8964913da89ffbaf464d49ce44d79e8804e1794ef9a8c52a7bff7224d1556e nspr-4.20.tar.gz
+sha256 c9e4b6cc24856ec93202fe13704b38b38ba219f0f2aeac93090ce2b6c696d430 nspr-4.22.tar.gz
# Locally calculated
sha256 fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85 nspr/LICENSE
diff --git a/package/libnspr/libnspr.mk b/package/libnspr/libnspr.mk
index 763c5393b0..29005d526a 100644
--- a/package/libnspr/libnspr.mk
+++ b/package/libnspr/libnspr.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBNSPR_VERSION = 4.20
+LIBNSPR_VERSION = 4.22
LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz
LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src
LIBNSPR_SUBDIR = nspr
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46
2019-09-03 10:12 [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Giulio Benetti
@ 2019-09-03 10:12 ` Giulio Benetti
2019-09-03 10:14 ` Giulio Benetti
2019-09-17 20:40 ` Peter Korsgaard
2019-09-07 20:16 ` [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Thomas Petazzoni
2019-09-17 20:40 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Giulio Benetti @ 2019-09-03 10:12 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
(3.44.1)
CVE-2019-11729: More thorough input checking
CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
during PKCS11 import
CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
Note:
This version requires nspr 4.22 or newer provided by the previous patch.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
---
package/libnss/libnss.hash | 2 +-
package/libnss/libnss.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index 1d600f14ef..678f39b090 100644
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,4 +1,4 @@
# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
-sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
+sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
# Locally calculated
sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index 34e9d41968..776f232ad5 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBNSS_VERSION = 3.42.1
+LIBNSS_VERSION = 3.46
LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
LIBNSS_DISTDIR = dist
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
@ 2019-09-03 10:14 ` Giulio Benetti
2019-09-17 20:40 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Giulio Benetti @ 2019-09-03 10:14 UTC (permalink / raw)
To: buildroot
Forgot to mention:
V1->V2:
* reworded commit log with CVE and note about previous patch that bumps
nspr version to 4.22 that is required by nss 3.46
Il 03/09/2019 12:12, Giulio Benetti ha scritto:
> Fixes the following security issues:
>
> (3.44.1)
> CVE-2019-11729: More thorough input checking
> CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
> during PKCS11 import
> CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
>
> Note:
> This version requires nspr 4.22 or newer provided by the previous patch.
>
> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
> ---
> package/libnss/libnss.hash | 2 +-
> package/libnss/libnss.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
> index 1d600f14ef..678f39b090 100644
> --- a/package/libnss/libnss.hash
> +++ b/package/libnss/libnss.hash
> @@ -1,4 +1,4 @@
> # From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_42_1_RTM/src/SHA256SUMS
> -sha256 087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6 nss-3.42.1.tar.gz
> +sha256 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef nss-3.46.tar.gz
> # Locally calculated
> sha256 a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4 nss/COPYING
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> index 34e9d41968..776f232ad5 100644
> --- a/package/libnss/libnss.mk
> +++ b/package/libnss/libnss.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBNSS_VERSION = 3.42.1
> +LIBNSS_VERSION = 3.46
> LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
> LIBNSS_DISTDIR = dist
>
--
Giulio Benetti
CTO
MICRONOVA SRL
Sede: Via A. Niedda 3 - 35010 Vigonza (PD)
Tel. 049/8931563 - Fax 049/8931346
Cod.Fiscale - P.IVA 02663420285
Capitale Sociale ? 26.000 i.v.
Iscritta al Reg. Imprese di Padova N. 02663420285
Numero R.E.A. 258642
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22
2019-09-03 10:12 [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Giulio Benetti
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
@ 2019-09-07 20:16 ` Thomas Petazzoni
2019-09-17 20:40 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Petazzoni @ 2019-09-07 20:16 UTC (permalink / raw)
To: buildroot
On Tue, 3 Sep 2019 12:12:15 +0200
Giulio Benetti <giulio.benetti@micronovasrl.com> wrote:
> Rework all 3 patches to make that applicable to 4.22 version.
>
> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
> ---
> package/libnspr/0001-nios2.patch | 30 ++++++++++++------------
> package/libnspr/0002-microblaze.patch | 32 +++++++++++++-------------
> package/libnspr/0003-nds32.patch | 33 +++++++++++++--------------
> package/libnspr/libnspr.hash | 2 +-
> package/libnspr/libnspr.mk | 2 +-
> 5 files changed, 49 insertions(+), 50 deletions(-)
Both patches applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22
2019-09-03 10:12 [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Giulio Benetti
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
2019-09-07 20:16 ` [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Thomas Petazzoni
@ 2019-09-17 20:40 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-09-17 20:40 UTC (permalink / raw)
To: buildroot
>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:
> Rework all 3 patches to make that applicable to 4.22 version.
> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
> ---
Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
2019-09-03 10:14 ` Giulio Benetti
@ 2019-09-17 20:40 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2019-09-17 20:40 UTC (permalink / raw)
To: buildroot
>>>>> "Giulio" == Giulio Benetti <giulio.benetti@micronovasrl.com> writes:
> Fixes the following security issues:
> (3.44.1)
> CVE-2019-11729: More thorough input checking
> CVE-2019-11719: Don't unnecessarily strip leading 0's from key material
> during PKCS11 import
> CVE-2019-11727: Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
> Note:
> This version requires nspr 4.22 or newer provided by the previous patch.
> Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-09-17 20:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-03 10:12 [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Giulio Benetti
2019-09-03 10:12 ` [Buildroot] [PATCH v2 2/2] package/libnss: security bump to version 3.46 Giulio Benetti
2019-09-03 10:14 ` Giulio Benetti
2019-09-17 20:40 ` Peter Korsgaard
2019-09-07 20:16 ` [Buildroot] [PATCH v2 1/2] package/libnspr: bump to version 4.22 Thomas Petazzoni
2019-09-17 20:40 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.