meta-openembedded: subtree update:08c0280b7c..4fe1065655
Alexander Kanavin (1):
libmicrohttpd: remove the recipe
Andreas Müller (4):
jack: upgrade 1.19.17 -> 1.19.18
xfce4-settings: upgrade 4.16.0 -> 4.16.1
zsh: reduce priority slightly to avoid conflict with bash
mutter/wayland: replace xserver-xorg-xwayland by xwayland in rdep
Andrej Kozemcak (1):
proftpd: Update to 1.3.7a release
Armin Kuster (3):
wireguard: update to v1.0.20210219 +1
nostromo: remove recipe
packagegroup-meta-webserver: remove nostromo from pkg grp
Chen Qi (3):
tigervnc: upgrade to 1.11.0
python3-django: upgrade to 2.2.20
tigervnc: fix do_package error when enabling user merge
Gianfranco (1):
vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
Hongxu Jia (1):
debootstrap: explicitly add virtual/fakeroot-native to depends
Joe Hershberger (1):
strongswan: Make PACKAGECONFIG a default value
Justin Standring (1):
tslib: add PACKAGECONFIG for evthres, one-wire-ts-input
Kai Kang (1):
freeradius: check existence of openssl's commands in bootstrap
Khem Raj (36):
nss: Re-enable -Werror
gimp: Disable vector icon generation on mips/glibc too
iwd: Upgade to 1.13
python3-icu: Upgrade to 2.7.2
nodejs: Update to 14.16.1
nodejs: Fix build with icu-69
nodejs: Use qemu usermode to run target binaries during build
nodejs: Fix build on mips
nodejs: Fix build with clang for x86 target
tbb: Re-introduce PE
bearssl: Update to tip of master
gimp: Disable vector icons on musl/x86
gd: Replace deprecated types from tiff
nodejs: Enable snapshot
python3-docutils: Delete
libchamplain: Require opengl distro feature
aom: Match the name for AOM-Patent-License-1.0
libdevmapper,lvm2: Do not inherit license
gnome-disk-utility: Require polkit in distro features
README: Make git send-email example work
sysprof: Enable sysprofd/libsysprof only when polkit in DISTRO_FEATURES
packagegroup-gnome-apps: Add gnome-disk-utility only if polkit is in DISTRO_FEATURES
python3-jinja2_2.%.bbappend: Delete
python3-pyyaml: Do not check for meta-python
python3-pyyaml: Delete
python3-markupsafe: Delete bbappend
snort,proftpd,net-snmp: Deal with -ffile-prefix-map as well
apache2: Deal with -ffile-prefix-map
vk-gl-cts: Fix build with GCC 11
gegl: Update to 0.4.30
python3-m2crypto: Upgrade to 0.37.1
libupnp: Upgrade to 1.14.6
ctags: Switch to universal ctags
dibbler: Add libpthread to linker flags
libowfat: Replace __pure__ with pure and remove using __deprecated__
emacs: Do not use SIGSTKSZ
Leon Anavi (21):
python3-bitarray: Upgrade 1.9.2 -> 2.0.0
python3-xxhash: Upgrade 2.0.0 -> 2.0.2
python3-xlsxwriter: Upgrade 1.3.8 -> 1.3.9
python3-docutils: Upgrade 0.17 -> 0.17.1
python3-portion: Upgrade 2.1.5 -> 2.1.6
python3-huey: Upgrade 2.3.1 -> 2.3.2
python3-pysonos: Upgrade 0.0.42 -> 0.0.43
python3-asttokens: Upgrade 2.0.4 -> 2.0.5
python3-hyperframe: Upgrade 6.0.0 -> 6.0.1
python3-argcomplete: Upgrade 1.12.2 -> 1.12.3
python3-python-vlc: Upgrade 3.0.12117 -> 3.0.12118
python3-bitarray: Upgrade 2.0.0 -> 2.0.1
python3-sqlalchemy: Upgrade 1.4.7 -> 1.4.11
python3-watchdog: Upgrade 2.0.2 -> 2.0.3
python3-pytest-asyncio: Upgrade 0.14.0 -> 0.15.1
python3-xlsxwriter: Upgrade 1.3.9 -> 1.4.0
python3-astroid: Upgrade 2.5.3 -> 2.5.6
python3-arpeggio: Upgrade 1.10.1 -> 1.10.2
python3-cachetools: Upgrade 4.2.1 -> 4.2.2
python3-pymisp: Upgrade 2.4.141.1 -> 2.4.142
python3-et-xmlfile: Upgrade 1.0.1 -> 1.1.0
Mingli Yu (4):
python3-cryptography: Upgrade to 3.3.2
onig: add oniguruma to PROVIDES
php: Upgrade to 7.4.16
tk: adapt to potential pseudo changes
Persian Prince (1):
libdvdnav 6.1.1
Peter Kjellerstedt (1):
syslog-ng: Merge .bb and .inc
Ramon Fried (1):
bitwise: Upgrade 0.41 -> 0.42
Reto Schneider (1):
nng: Upgrade 1.2.5 -> 1.4.0
Saul Wold (2):
tbb: Disable PPC as COMPATIBLE_MACHINE
packagegroup-meta-oe: conditional remove tbb for powerpc
Silcet (2):
ufw: fix python shebang
ufw: bump version to 0.36 and add services
Sinan Kaya (1):
zram: add support for mem_limit
Stefan Ghinea (1):
python3-django: fix CVE-2021-28658
Ulrich Ölmann (1):
v4l-utils: fix reproducibility
Yi Fan Yu (3):
syslog-ng: upgrade 3.24.1 -> 3.31.2
syslog-ng: remove CONFIG_TLS override for arm DEBUG_BUILD
syslog-ng: Drop an obsolete patch to add --enable-libnet
Yi Zhao (1):
gvfs: rdepend on gsettings-desktop-schemas
zangrc (19):
fuse3: upgrade 3.10.2 -> 3.10.3
cifs-utils: upgrade 6.12 -> 6.13
dnsmasq: upgrade 2.84 -> 2.85
nbdkit: upgrade 1.25.5 -> 1.25.6
wolfssl: upgrade 4.7.0 -> 4.7.1
networkmanager: upgrade 1.30.2 -> 1.30.4
libdvdread: upgrade 6.1.1 -> 6.1.2
libwebsockets: upgrade 4.1.6 -> 4.2.0
ostree: upgrade 2021.1 -> 2021.2
redis: upgrade 6.2.1 -> 6.2.2
tinyproxy: upgrade 1.10.0 -> 1.11.0
nss: upgrade 3.63 -> 3.64
babeld: upgrade 1.9.2 -> 1.10
fetchmail: upgrade 6.4.18 -> 6.4.19
openvpn: upgrade 2.5.1 -> 2.5.2
wireshark: upgrade 3.4.4 -> 3.4.5
debootstrap: upgrade 1.0.123 -> 1.0.124
mailcap: upgrade 2.1.52 -> 2.1.53
rsyslog: upgrade 8.2102.0 -> 8.2104.0
zhengruoqin (7):
irssi: upgrade 1.2.2 -> 1.2.3
librsync: upgrade 2.3.1 -> 2.3.2
hiawatha: upgrade 10.11 -> 10.12
python3-supervisor: upgrade 4.2.1 -> 4.2.2
python3-zopeinterface: upgrade 5.3.0 -> 5.4.0
sdparm: upgrade 1.11 -> 1.12
tcsh: upgrade 6.22.03 -> 6.22.04
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Iaeb2fe4ee0a49cf44ea60bc3c1aef83528d92f55
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.64.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.64.bb
new file mode 100644
index 0000000..1863db1
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.64.bb
@@ -0,0 +1,282 @@
+SUMMARY = "Mozilla's SSL and TLS implementation"
+DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
+designed to support cross-platform development of \
+security-enabled client and server applications. \
+Applications built with NSS can support SSL v2 and v3, \
+TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
+v3 certificates, and other security standards."
+HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
+SECTION = "libs"
+
+DEPENDS = "sqlite3 nspr zlib nss-native"
+DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
+
+LICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0+ & MIT) | (MPL-2.0 & LGPL-2.1+ & MIT)"
+
+LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
+ file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
+ file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132 \
+ file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=d4096c1e4421ee56e9e0f441a8161f78"
+
+VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
+
+SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
+ file://nss.pc.in \
+ file://0001-nss-fix-support-cross-compiling.patch \
+ file://nss-no-rpath-for-cross-compiling.patch \
+ file://nss-fix-incorrect-shebang-of-perl.patch \
+ file://disable-Wvarargs-with-clang.patch \
+ file://pqg.c-ULL_addend.patch \
+ file://blank-cert9.db \
+ file://blank-key4.db \
+ file://system-pkcs11.txt \
+ file://nss-fix-nsinstall-build.patch \
+ file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
+ "
+SRC_URI[sha256sum] = "d3175427172e9c3a6f1ebc74452cb791590f28191c6a1a443dbc0d87c9df1126"
+
+UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
+UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
+
+inherit siteinfo
+
+TD = "${S}/tentative-dist"
+TDS = "${S}/tentative-dist-staging"
+
+# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a
+# which caused -march conflicts in gcc
+TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto"
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+do_configure_prepend_libc-musl () {
+ sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
+}
+
+do_configure_prepend_powerpc64le_toolchain-clang () {
+ sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
+}
+
+do_configure_prepend_powerpc64_toolchain-clang () {
+ sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
+}
+
+do_compile_prepend_class-native() {
+ export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr
+ export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
+}
+
+do_compile_prepend_class-nativesdk() {
+ export LDFLAGS=""
+}
+
+do_compile_prepend_class-native() {
+ # Need to set RPATH so that chrpath will do its job correctly
+ RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
+}
+
+do_compile() {
+ export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
+
+ export CROSS_COMPILE=1
+ export NATIVE_CC="${BUILD_CC}"
+ # Additional defines needed on Centos 7
+ export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux"
+ export BUILD_OPT=1
+
+ # POSIX.1-2001 states that the behaviour of getcwd() when passing a null
+ # pointer as the buf argument, is unspecified.
+ export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC"
+
+ export FREEBL_NO_DEPEND=1
+ export FREEBL_LOWHASH=1
+
+ export LIBDIR=${libdir}
+ export MOZILLA_CLIENT=1
+ export NS_USE_GCC=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSS_ENABLE_ECC=1
+
+ ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)}
+
+ export OS_RELEASE=3.4
+ export OS_TARGET=Linux
+ export OS_ARCH=Linux
+
+ if [ "${TARGET_ARCH}" = "powerpc" ]; then
+ OS_TEST=ppc
+ elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
+ OS_TEST=ppc64
+ elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
+ OS_TEST=mips
+ elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
+ OS_TEST="aarch64"
+ else
+ OS_TEST="${TARGET_ARCH}"
+ fi
+
+ if [ "${SITEINFO_BITS}" = "64" ]; then
+ export USE_64=1
+ elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
+ export USE_X32=1
+ fi
+
+ export NSS_DISABLE_GTESTS=1
+ # We can modify CC in the environment, but if we set it via an
+ # argument to make, nsinstall, a host program, will also build with it!
+ #
+ # nss pretty much does its own thing with CFLAGS, so we put them into CC.
+ # Optimization will get clobbered, but most of the stuff will survive.
+ # The motivation for this is to point to the correct place for debug
+ # source files and CFLAGS does that. Nothing uses CCC.
+ #
+ export CC="${CC} ${CFLAGS}"
+ make -C ./nss CCC="${CXX} -g" \
+ OS_TEST=${OS_TEST} \
+ RPATH="${RPATH}" \
+ autobuild
+}
+
+do_compile[vardepsexclude] += "SITEINFO_BITS"
+
+do_install_prepend_class-nativesdk() {
+ export LDFLAGS=""
+}
+
+do_install() {
+ export CROSS_COMPILE=1
+ export NATIVE_CC="${BUILD_CC}"
+ export BUILD_OPT=1
+
+ export FREEBL_NO_DEPEND=1
+
+ export LIBDIR=${libdir}
+ export MOZILLA_CLIENT=1
+ export NS_USE_GCC=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSS_ENABLE_ECC=1
+
+ export OS_RELEASE=3.4
+ export OS_TARGET=Linux
+ export OS_ARCH=Linux
+
+ if [ "${TARGET_ARCH}" = "powerpc" ]; then
+ OS_TEST=ppc
+ elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
+ OS_TEST=ppc64
+ elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
+ OS_TEST=mips
+ elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
+ CPU_ARCH=aarch64
+ OS_TEST="aarch64"
+ else
+ OS_TEST="${TARGET_ARCH}"
+ fi
+ if [ "${SITEINFO_BITS}" = "64" ]; then
+ export USE_64=1
+ elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
+ export USE_X32=1
+ fi
+
+ export NSS_DISABLE_GTESTS=1
+
+ make -C ./nss \
+ CCC="${CXX}" \
+ OS_TEST=${OS_TEST} \
+ SOURCE_LIB_DIR="${TD}/${libdir}" \
+ SOURCE_BIN_DIR="${TD}/${bindir}" \
+ install
+
+ install -d ${D}/${libdir}/
+ for file in ${S}/dist/*.OBJ/lib/*.so; do
+ echo "Installing `basename $file`..."
+ cp $file ${D}/${libdir}/
+ done
+
+ for shared_lib in ${TD}/${libdir}/*.so.*; do
+ if [ -f $shared_lib ]; then
+ cp $shared_lib ${D}/${libdir}
+ ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
+ fi
+ done
+ for shared_lib in ${TD}/${libdir}/*.so; do
+ if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
+ cp $shared_lib ${D}/${libdir}
+ fi
+ done
+
+ install -d ${D}/${includedir}/nss3
+ install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
+
+ install -d ${D}/${bindir}
+ for binary in ${TD}/${bindir}/*; do
+ install -m 755 -t ${D}/${bindir} $binary
+ done
+}
+
+do_install[vardepsexclude] += "SITEINFO_BITS"
+
+do_install_append() {
+ # Create empty .chk files for the NSS libraries at build time. They could
+ # be regenerated at target's boot time.
+ for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
+ touch ${D}/${libdir}/$file
+ chmod 755 ${D}/${libdir}/$file
+ done
+
+ install -d ${D}${libdir}/pkgconfig/
+ sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
+ sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
+ sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
+ sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
+ sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
+}
+
+do_install_append_class-target() {
+ # It used to call certutil to create a blank certificate with empty password at
+ # build time, but the checksum of key4.db changes every time when certutil is called.
+ # It causes non-determinism issue, so provide databases with a blank certificate
+ # which are originally from output of nss in qemux86-64 build. You can get these
+ # databases by:
+ # certutil -N -d sql:/database/path/ --empty-password
+ install -d ${D}${sysconfdir}/pki/nssdb/
+ install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
+ install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
+ install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
+}
+
+PACKAGE_WRITE_DEPS += "nss-native"
+
+pkg_postinst_${PN} () {
+ for I in $D${libdir}/lib*.chk; do
+ DN=`dirname $I`
+ BN=`basename $I .chk`
+ FN=$DN/$BN.so
+ shlibsign -i $FN
+ if [ $? -ne 0 ]; then
+ echo "shlibsign -i $FN failed"
+ fi
+ done
+}
+
+PACKAGES =+ "${PN}-smime"
+FILES_${PN}-smime = "\
+ ${bindir}/smime \
+"
+
+FILES_${PN} = "\
+ ${sysconfdir} \
+ ${bindir} \
+ ${libdir}/lib*.chk \
+ ${libdir}/lib*.so \
+ "
+
+FILES_${PN}-dev = "\
+ ${libdir}/nss \
+ ${libdir}/pkgconfig/* \
+ ${includedir}/* \
+ "
+
+RDEPENDS_${PN}-smime = "perl"
+
+BBCLASSEXTEND = "native nativesdk"