From 449a71f559a4a11fcc89a237bbbb857218409b3b Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Wed, 18 Jun 2014 11:46:19 -0300 Subject: [PATCH] libnspr: security bump to version 4.10.6 Fixes CVE-2014-1545 - Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- package/libnspr/libnspr-0001-nios2.patch | 15 ++-- package/libnspr/libnspr-0002-microblaze.patch | 15 ++-- package/libnspr/libnspr-0003-aarch64.patch | 74 ------------------- package/libnspr/libnspr.mk | 6 +- 4 files changed, 19 insertions(+), 91 deletions(-) delete mode 100644 package/libnspr/libnspr-0003-aarch64.patch diff --git a/package/libnspr/libnspr-0001-nios2.patch b/package/libnspr/libnspr-0001-nios2.patch index cffb2ef49..4fc6551ee 100644 --- a/package/libnspr/libnspr-0001-nios2.patch +++ b/package/libnspr/libnspr-0001-nios2.patch @@ -1,11 +1,12 @@ Add Nios-II support +[Gustavo: update for nspr 4.10.6] Signed-off-by: Ezequiel Garcia -diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.cfg ---- libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg 2013-11-10 21:15:04.556139100 -0300 -+++ libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.cfg 2013-11-10 21:15:29.332138283 -0300 -@@ -914,6 +914,51 @@ +diff -Nura nspr-4.10.6.orig/nspr/pr/include/md/_linux.cfg nspr-4.10.6/nspr/pr/include/md/_linux.cfg +--- nspr-4.10.6.orig/nspr/pr/include/md/_linux.cfg 2014-06-18 10:26:22.447502521 -0300 ++++ nspr-4.10.6/nspr/pr/include/md/_linux.cfg 2014-06-18 10:26:32.746850581 -0300 +@@ -924,6 +924,51 @@ #define PR_BYTES_PER_WORD_LOG2 2 #define PR_BYTES_PER_DWORD_LOG2 3 @@ -57,9 +58,9 @@ diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg libnspr-4. #else #error "Unknown CPU architecture" -diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.h libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.h ---- libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.h 2013-11-10 21:15:04.556139100 -0300 -+++ libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.h 2013-11-10 21:15:33.245138154 -0300 +diff -Nura nspr-4.10.6.orig/nspr/pr/include/md/_linux.h nspr-4.10.6/nspr/pr/include/md/_linux.h +--- nspr-4.10.6.orig/nspr/pr/include/md/_linux.h 2014-06-18 10:26:22.446502487 -0300 ++++ nspr-4.10.6/nspr/pr/include/md/_linux.h 2014-06-18 10:26:32.747850615 -0300 @@ -55,6 +55,8 @@ #define _PR_SI_ARCHITECTURE "avr32" #elif defined(__m32r__) diff --git a/package/libnspr/libnspr-0002-microblaze.patch b/package/libnspr/libnspr-0002-microblaze.patch index 93a0be597..30b17f376 100644 --- a/package/libnspr/libnspr-0002-microblaze.patch +++ b/package/libnspr/libnspr-0002-microblaze.patch @@ -1,11 +1,12 @@ Add Microblaze support +[Gustavo: update for nspr 4.10.6] Signed-off-by: Spenser Gilliland -diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.cfg ---- libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg 2013-11-10 21:15:04.556139100 -0300 -+++ libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.cfg 2013-11-10 21:15:29.332138283 -0300 -@@ -914,6 +914,56 @@ +diff -Nura nspr-4.10.6.nios2/nspr/pr/include/md/_linux.cfg nspr-4.10.6/nspr/pr/include/md/_linux.cfg +--- nspr-4.10.6.nios2/nspr/pr/include/md/_linux.cfg 2014-06-18 10:29:15.816361425 -0300 ++++ nspr-4.10.6/nspr/pr/include/md/_linux.cfg 2014-06-18 10:26:59.908768508 -0300 +@@ -969,6 +969,56 @@ #define PR_BYTES_PER_WORD_LOG2 2 #define PR_BYTES_PER_DWORD_LOG2 3 @@ -62,9 +63,9 @@ diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.cfg libnspr-4. #else #error "Unknown CPU architecture" -diff -Naur libnspr-4.9.6-ori/mozilla/nsprpub/pr/include/md/_linux.h libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.h ---- libnspr-4.9.6.orig/mozilla/nsprpub/pr/include/md/_linux.h 2014-01-10 14:39:20.674107805 -0600 -+++ libnspr-4.9.6/mozilla/nsprpub/pr/include/md/_linux.h 2014-01-10 14:44:04.442112985 -0600 +diff -Nura nspr-4.10.6.nios2/nspr/pr/include/md/_linux.h nspr-4.10.6/nspr/pr/include/md/_linux.h +--- nspr-4.10.6.nios2/nspr/pr/include/md/_linux.h 2014-06-18 10:29:15.817361459 -0300 ++++ nspr-4.10.6/nspr/pr/include/md/_linux.h 2014-06-18 10:26:59.909768537 -0300 @@ -55,6 +55,8 @@ #define _PR_SI_ARCHITECTURE "avr32" #elif defined(__m32r__) diff --git a/package/libnspr/libnspr-0003-aarch64.patch b/package/libnspr/libnspr-0003-aarch64.patch deleted file mode 100644 index a5e23ed38..000000000 --- a/package/libnspr/libnspr-0003-aarch64.patch +++ /dev/null @@ -1,74 +0,0 @@ -Add AArch64 support - -Signed-off-by: Alexander Khryukin - -Index: b/mozilla/nsprpub/pr/include/md/_linux.cfg -=================================================================== ---- a/mozilla/nsprpub/pr/include/md/_linux.cfg -+++ b/mozilla/nsprpub/pr/include/md/_linux.cfg -@@ -1009,6 +1009,52 @@ - #define PR_BYTES_PER_WORD_LOG2 2 - #define PR_BYTES_PER_DWORD_LOG2 3 - -+#elif defined(__aarch64__) -+ -+#define IS_LITTLE_ENDIAN 1 -+#undef IS_BIG_ENDIAN -+#define IS_64 -+ -+#define PR_BYTES_PER_BYTE 1 -+#define PR_BYTES_PER_SHORT 2 -+#define PR_BYTES_PER_INT 4 -+#define PR_BYTES_PER_INT64 8 -+#define PR_BYTES_PER_LONG 8 -+#define PR_BYTES_PER_FLOAT 4 -+#define PR_BYTES_PER_DOUBLE 8 -+#define PR_BYTES_PER_WORD 8 -+#define PR_BYTES_PER_DWORD 8 -+ -+#define PR_BITS_PER_BYTE 8 -+#define PR_BITS_PER_SHORT 16 -+#define PR_BITS_PER_INT 32 -+#define PR_BITS_PER_INT64 64 -+#define PR_BITS_PER_LONG 64 -+#define PR_BITS_PER_FLOAT 32 -+#define PR_BITS_PER_DOUBLE 64 -+#define PR_BITS_PER_WORD 64 -+ -+#define PR_BITS_PER_BYTE_LOG2 3 -+#define PR_BITS_PER_SHORT_LOG2 4 -+#define PR_BITS_PER_INT_LOG2 5 -+#define PR_BITS_PER_INT64_LOG2 6 -+#define PR_BITS_PER_LONG_LOG2 6 -+#define PR_BITS_PER_FLOAT_LOG2 5 -+#define PR_BITS_PER_DOUBLE_LOG2 6 -+#define PR_BITS_PER_WORD_LOG2 6 -+ -+#define PR_ALIGN_OF_SHORT 2 -+#define PR_ALIGN_OF_INT 4 -+#define PR_ALIGN_OF_LONG 8 -+#define PR_ALIGN_OF_INT64 8 -+#define PR_ALIGN_OF_FLOAT 4 -+#define PR_ALIGN_OF_DOUBLE 8 -+#define PR_ALIGN_OF_POINTER 8 -+#define PR_ALIGN_OF_WORD 8 -+ -+#define PR_BYTES_PER_WORD_LOG2 3 -+#define PR_BYTES_PER_DWORD_LOG2 3 -+ - #else - - #error "Unknown CPU architecture" -Index: b/mozilla/nsprpub/pr/include/md/_linux.h -=================================================================== ---- a/mozilla/nsprpub/pr/include/md/_linux.h -+++ b/mozilla/nsprpub/pr/include/md/_linux.h -@@ -59,6 +59,8 @@ - #define _PR_SI_ARCHITECTURE "microblaze" - #elif defined(nios2) - #define _PR_SI_ARCHITECTURE "nios2" -+#elif defined(__aarch64__) -+#define _PR_SI_ARCHITECTURE "aarch64" - #else - #error "Unknown CPU architecture" - #endif diff --git a/package/libnspr/libnspr.mk b/package/libnspr/libnspr.mk index 5aa9bdceb..7eedbbe6e 100644 --- a/package/libnspr/libnspr.mk +++ b/package/libnspr/libnspr.mk @@ -4,14 +4,14 @@ # ################################################################################ -LIBNSPR_VERSION = 4.9.6 +LIBNSPR_VERSION = 4.10.6 LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src/ -LIBNSPR_SUBDIR = mozilla/nsprpub +LIBNSPR_SUBDIR = nspr LIBNSPR_INSTALL_STAGING = YES LIBNSPR_CONFIG_SCRIPTS = nspr-config LIBNSPR_LICENSE = MPLv2.0 -LIBNSPR_LICENSE_FILES = mozilla/nsprpub/LICENSE +LIBNSPR_LICENSE_FILES = nspr/LICENSE # Set the host CFLAGS and LDFLAGS so NSPR does not guess wrongly LIBNSPR_CONF_ENV = HOST_CFLAGS="-g -O2" \