From ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 14 Aug 2018 07:52:35 +0200 Subject: Update NSS to 3.38 - Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code. --- security/nss/coreconf/Werror.mk | 6 ++++-- security/nss/coreconf/config.mk | 4 ++++ security/nss/coreconf/coreconf.dep | 1 + security/nss/coreconf/nsinstall/pathsub.c | 2 +- security/nss/coreconf/werror.py | 2 +- 5 files changed, 11 insertions(+), 4 deletions(-) (limited to 'security/nss/coreconf') diff --git a/security/nss/coreconf/Werror.mk b/security/nss/coreconf/Werror.mk index 69155eb14..a569a497c 100644 --- a/security/nss/coreconf/Werror.mk +++ b/security/nss/coreconf/Werror.mk @@ -48,9 +48,11 @@ ifndef WARNING_CFLAGS else # This tests to see if enabling the warning is possible before # setting an option to disable it. - disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1)) + set_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -W$(2)$(1)) + enable_warning = $(call set_warning,$(1),) + disable_warning = $(call set_warning,$(1),no-) - WARNING_CFLAGS = -Wall + WARNING_CFLAGS = -Wall $(call enable_warning,shadow) ifdef CC_IS_CLANG # -Qunused-arguments : clang objects to arguments that it doesn't understand # and fixing this would require rearchitecture diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index 55d95c30e..b62f6cef4 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -181,6 +181,10 @@ ifndef NSS_FORCE_FIPS DEFINES += -DNSS_NO_INIT_SUPPORT endif +ifdef NSS_SEED_ONLY_DEV_URANDOM +DEFINES += -DSEED_ONLY_DEV_URANDOM +endif + # Avoid building object leak test code for optimized library ifndef BUILD_OPT ifdef PKIX_OBJECT_LEAK_TEST diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f7555..590d1bfae 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/coreconf/nsinstall/pathsub.c b/security/nss/coreconf/nsinstall/pathsub.c index a42a9f30a..c31a946f0 100644 --- a/security/nss/coreconf/nsinstall/pathsub.c +++ b/security/nss/coreconf/nsinstall/pathsub.c @@ -212,7 +212,7 @@ reversepath(char *inpath, char *name, int len, char *outpath) xchdir(".."); } else { cp -= 3; - strncpy(cp, "../", 3); + memcpy(cp, "../", 3); xchdir(buf); } } diff --git a/security/nss/coreconf/werror.py b/security/nss/coreconf/werror.py index c469c4002..0e2d41c63 100644 --- a/security/nss/coreconf/werror.py +++ b/security/nss/coreconf/werror.py @@ -54,7 +54,7 @@ def main(): set_warning(w, 'no-') print('-Qunused-arguments') - # set_warning('shadow') # Bug 1309068 + set_warning('shadow') if __name__ == '__main__': main() -- cgit v1.2.3