helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

nss: upgrade 3.119 -> 3.121

Browse Source 
Adapt patch 0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
to new version of the code. Remove code which not exist and adapt to
new code.

Changelog:

v3.121:
  https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html

  Bugs:
    - update vendored zlib to v1.3.2.
    - Revert the unnecessary changes to intel-gcm-wrap.gyp.
    - Use C fallback for AES-GCM on MinGW builds.
    - fix ML-KEM PCT.
    - Extend NSS Fuzzing docs.
    - avoid integer overflow in platform-independent ghash.
    - Fix errant whitespace in OISTE Server Root RSA G1 nickname.
    - fix build with glibc-2.43 assignment discards ‘const’ qualifier from pointer.
    - add gcm.gyp dependency for Solaris SPARC builds.
    - Set nssckbi version to 2.84.
    - Add e-Szigno TLS Root CA 2023 to NSS.
    - allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk.
    - Update cryptofuzz version.
    - Paranoia assert.
    - Darwin compatibility for intel-aes.S and intel-gcm.S.
    - rename intel-{aes,gcm}.s to .S.
    - rename C files for platform-specific ghash implementations.
    - simplify compilation of platform-specific GCM and GHASH.
    - FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests).
    - Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey).

v3.120:
  https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_120.html

  Bugs:
    - Fix docs generation bug.
    - CID 1678226: Dereferencing null pointer plaintext.data().
    - Run PKCS12 fuzz target with –fuzz=tls in CI.
    - Allowing RT be started several times.
    - move linux decision and build tasks to d2g worker pools.

v3.119.1:
  https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119_1.html

  Bugs:
    - restore coreconf/Darwin.mk behavior for intel archs.

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Andrej Kozemcak 2026-03-12 15:04:57 +01:00 committed by Khem Raj
parent 4dc8384995
commit 84e05a05d9
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 5 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
meta-oe/recipes-support/nss/nss/0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
View File

@ -11,14 +11,13 @@ Upstream-Status: Pending
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
nss/lib/freebl/Makefile | 3 +++
nss/lib/freebl/gcm.c | 2 ++
2 files changed, 5 insertions(+)
1 file changed, 3 insertions(+)
diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
index 0ebfc92..3ee7623 100644
--- a/nss/lib/freebl/Makefile
+++ b/nss/lib/freebl/Makefile
@@ -142,6 +142,8 @@ endif
@@ -136,6 +136,8 @@ endif
endif
endif
endif
@ -26,8 +25,8 @@ index 0ebfc92..3ee7623 100644
+ DEFINES += -DNSS_USE_ARM_HW_CRYPTO
ifeq ($(CPU_ARCH),aarch64)
ifdef CC_IS_CLANG
DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
@@ -183,6 +185,7 @@ endif
DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -DHAVE_PLATFORM_GHASH
@@ -178,6 +180,7 @@ endif
endif
endif
endif
@ -35,23 +34,3 @@ index 0ebfc92..3ee7623 100644
ifeq (,$(filter-out WINNT,$(OS_TARGET)))
ifndef USE_64
diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c
index a2f63a6..743158e 100644
--- a/nss/lib/freebl/gcm.c
+++ b/nss/lib/freebl/gcm.c
@@ -18,6 +18,7 @@
#include <limits.h>
+#ifdef NSS_USE_ARM_HW_CRYPTO
/* old gcc doesn't support some poly64x2_t intrinsic */
#if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \
(defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6)
@@ -27,6 +28,7 @@
/* We don't test on big endian platform, so disable this on big endian. */
#define USE_ARM_GCM
#endif
+#endif
#if defined(__ARM_NEON) || defined(__ARM_NEON__)
#include <arm_neon.h>

2
meta-oe/recipes-support/nss/nss_3.119.bb → meta-oe/recipes-support/nss/nss_3.121.bb
View File

@ -33,7 +33,7 @@ SRC_URI = "https://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/
file://0006-Fix-nss-multilib-build-on-openSUSE-11.x-32bit.patch \
file://0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
"
SRC_URI[sha256sum] = "e8412db6c9d6f531e8adfe8a122ec33a8fae920681ff47231a1349bdd399f0e9"
SRC_URI[sha256sum] = "cb3a8f8781bea78b7b8edd3afb7a2cb58e4881bb0160d189a39b98216ba7632e"
UPSTREAM_CHECK_URI = "https://ftp.mozilla.org/pub/security/nss/releases/"
UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>\d+(\_\d+)+)"