From 52ecd66835dcfd8b4e55c9cb6325908ccea6a4e7 Mon Sep 17 00:00:00 2001 From: Haixiao Yan Date: Thu, 18 Jul 2024 14:59:46 +0800 Subject: [PATCH] nss: fix failed test of nss. The expiration date of the "NameConstraints.*.cert" test certificate in the nss package is Sep 4 2023 and causing a test failure. This commit regenerate NameConstraints test certificates and changes the validity period of test certs generated by `make-nc` from ~10 years to ~20 years. regenerate_NameConstrain_test_certificates.tar.gz is a snapshot of certs files based on the commit which update them. It fails to apply binary commit, so create a tarball as part of SRC_URI rather than a .patch file. Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/1d565dc7e17dad6d2851b2d6ff522c5d6345ae26] Signed-off-by: Haixiao Yan Signed-off-by: Armin Kuster --- ...erate_NameConstrain_test_certificates.tar.gz | Bin 0 -> 10734 bytes meta-oe/recipes-support/nss/nss_3.74.bb | 1 + 2 files changed, 1 insertion(+) create mode 100644 meta-oe/recipes-support/nss/nss/regenerate_NameConstrain_test_certificates.tar.gz diff --git a/meta-oe/recipes-support/nss/nss/regenerate_NameConstrain_test_certificates.tar.gz b/meta-oe/recipes-support/nss/nss/regenerate_NameConstrain_test_certificates.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..568db6e7ec3fde7dfc0b778968b9d9b46f9e1c48 GIT binary patch literal 10734 zcmV0d!uet()~YqKM&8GuX%jWcRuI5KA-bGXPjMK zrI6BClnmtO2>^vfqalIdYXWU*)KnXeLj84pMi4j(gF+)Q2mphH0B{6=MnL${Ke11L z%iYxtN8;y)IPAeWOW8Vq<$ZXP>r!-RY32OC_=7Kg))@GX_+!AgFUNlgG%NmYcvrWd zFbWnNe>fV0!GPD{C;)+6j{j2V3-Na(*tqN>crD&I`1bgtQJCfVza;uf{B7~1#i7Bs z#~*_MmgB!9nm7J>I48Us(b?6Fgd;e+xk`h-@FXYv4g$^%kCvW#&%F1T3NQwYcOc}8 z@rO^no)v!t8i@q!Kj5c7J><8KKM+i24Fp5$)5yu7WMoi9fS!_CJY-|YTY4yzmI4Ae z!D#_%O7g8RN*1!MMsOBjkMNU$T4oC!EMJHR@1aRm##F45iD4IC%@#ss`4 zoEc!6x=zDFt*WoN)reou$Oz60a8F$$XJG|f{F^=*O#EspNMJPwJpu_}rd9wbI1;m+ zgC6y16VRRAotXv|3z?bVClmbE? z6afK(!pMSxAZ4Z8FH_O|^pl6pRXaFkCnvcFUOGA!zhZM4>M$(i%{W%Lk4M|k0&9JM zhPJic#kGyCTHm1k**FzOt>-nwNGD(3En(aFA}WLTcf9>xUUM(RIPQ#`9N6MoK;I{v zdF4Fk<)A?tG4s8Odk&DLL`cUgTGi&!@X#UaO7sFZWGd^EkwYQSbO4YBKXPj8kd4rg zF;yrO1|uhftN`f1$KqvyQ2^vn=p;Zp)nc6b6O?jJ0Lj58(a5*dCn$*lP-H-mk6MJ-z>e;q5`Gk4iHM|cVg!or04 zx$g)k)-pcv*~5+x2+eub_qtj`b?vS#opHI>^s6P!YeyeJgJR6C+v!#%%SVcfpBA|i zm~O=+EXdXCY4PuKYFWQr-^_n!TU*@1u>ZH_<39q4p2L468Y~Hx`M(4L`JV{>kj?O) zY##p40`9kPUkDJKCNa+xiKhk?|KFnuzk`1>k>~~@d4~Vk8Q^25`H%j)xzyeHT7Jmp zue1x-V}C3B?o_+AvhD4loj2*sk50I2AFbBtE6#9h(#Ec`H;640&mnHoIhLV^IN54H zOs#&gDFmjnum1kY1eWG)hw|QIw{Eg4JC!Cem|3t^r#UI#H|=)d>7tPqf+R*3CSC1! zyE1x$w!Kd*w@+U&RvTZ_P?{Mo8hG(5|2Rhet#bIPiAjRc`#lgQk4uT62S!o}JQ7q5Esyf-af6=-8cUdL_UlRfP8{|^71cWUtmqG((u6EbQpC2U9GpvtCQB|a24H?En@KDSgnBalk-c=XRK$mKTyfrBiPbx`rUC&B*MEgx7VpTX02ml$JWs9ErE`vw>2`MOaigWu^;8 zCz%-;vPL}da`a57Ph#2fOkQ>4))yQTLj40ZDg`I3TlD-qV?xM8H41c&-%gjU-?$`X0L-a9HGQvkG9J?hfPB(6%EI7gXYB`ft~K!k&7ILN%N0m_Tv~V-Gd; z9s>(aV{yE)F^j%!BFhFF)6U8shu)FLR&T>_>x(XS+z(lmn=j$7!6|5?s}(dv9wIHh zEx(@FEuJ$f<`HERcBql*^eJ*XHrIRV)o;hQx#6Q!pN^bFE*QYM7?HzHV9 zy2y$55&ccedrUs6OFusG-eoVlvuq9Xi~TBktW0Sfa>5cS^(Bpr$(^dN)532(^txG` zCA0ZR>?J4fgmHy;`KJ`>P&-v3+S>*DWI{dI{UT4uoQlaUMyc;5VaUm;L@;yiFxu;%Gb5@qg%L(#8=UeKNH z^xjn?%#d`MUEdr;Ji{r@cqU_Sl>Sj^}3|MK~tB@xJfd656<)BGoc zKAD>U7Wu@@d@Fzr3pRNE*-5}T6Q^!3Jyjk5Z=dsP{H}P6Yr#t1IAgyb?U5c)Qs``y z!l`}zo%SvIw<4pbpL5mN76(Ktbe0sY?-?1pU0{?kaFU$YEe;qoNUayLdK9)_Ib)*Y!S{r)bOq^Vm zkJ3IaV6}~r+0tqU&C4RUyFv#WU~2JH(H+;WY0H~ZDT-a^!q_w%zHnfh4zZ)nOSGJt zhM0P6GMN+gK%?Ul<*S3ET7PO@PrXF?BT^LTs=`L3AyP#vydjCIzk2j8>qqrN{y$=I z{C{xnf9C%qP|N&Z3W59&1o=NWQ~$I57xsTKv#bAqnoGVK`C1lf-*kq}6lHRNlPTdL z1`uztO1N;q@NAfh);;N%-O?SxV;o`^pxKND@9c^WjSSQCZLa7v6nisB*-=@q^rUv8 zA)atBdYn-v7h0}vEtBU}8DI9M|G`Afnnz5qbE5IWFV5xQbo12Z=r3PQWF*V1-Mb|e z2=v_n=@vQC$`=;=o__H*38cL}G;cptrmIkv&pAv>VBaZ^2LS4%I+q)dPe*dbDpMqw zz4s=3ZZQad zUpKVLBb<&oDjeSKc}ZO8nT;5vMT~qb`G&5>x|-(W8%9~pYAnhN?o(a()pOu?)(`O? zxj6hs0&~xQg8X0hf0jfb|Es_s@qgq0jzuOeE5JNWT-qt(ZUG0}=f^%VvyXjZK0EgL zvv;AthW)2*wG3O>nX%^nEms+Gl>EKUPOi(2&^SddiwrOh1(m0A52 zaa_TCJ*uU@upy-CjFHTZW2>`+?~XkSKs(%h3frtIgxAo#bgY9NhiVDDIk>BWR|?k^ zZ_{sHncZ~my}5@OBgLjr5<_ge?JX^{b+12m$@Hp*O=I61@cI(=H%=e>Q~{LI6ae~Q z+D}(Rk|)Ih(N8`{ch^r=SGKs>tE+EIAR?mA?DY4A?I`w#`Qgp)QKp?{Z5ixR6Qk## zs#SU57#5YRh!Mzt6}?hQR+K;QZt#$$`*4g=>WYnxXP zO-j44`CL)qYFde&BsVN!#jq0I{tCTT6nDh%hupIr5;wP?J@1W;=y+{u_2Uo@Jxl!6 zlj#4kzSsW&7SsR10H66k$YuU7i9q&Cg7tsg4F4tP@_+FT+{|`knxHOzSBQB z#0E!NkmFOJ9)6Q~rQ}mUldLkP`;yJTMG?WFqej<5-Za&GFsd~-6m=i*Is1}rlI7y= zP>P^}3XW{2`+>fON7`=kcIobkP>PI*Q+T85U+?MLZa5n0o1&(QFHtv2ly5s=N>SU? zLMOm`%!4i|piW+V;9lnk>dwntW{jr|uB7^y_8N2Mmo1*-qb(@YXZOI}>a|#3;@yl# zLfcaZ*41reUK{L?(_FA&G$NphZeKoYnU;Xzv-{R>lNDh(^w0KAIGJv@(;qz6#^oLj z4_-~;bAJ4GRh^2->BNW{G=oOoq*Yw0#noaAJk{<2d4o=IqM3j-S7~jYzhrVNai1QO z&R%r6Z#o03uV?G89>u6z$WyZH55(u4rNc&_U( z{{5!$wP_Qs5B5@RX4PADTw=1&ttw~Z#CC_{PApZ}6{2!a) zKkI+N|3T08e?aapZ5H|(_6yf}`|4Kg_vszJ<|s00!Y1O6iBKhl;Dg*>CDTIbyk2y) z4n>f&6|){DZ(tn=ReR+71iR&p3B=Nm{YJs_t^gS_JuS%}3AJZ&9{79p;kz&U?r*p^wfWUUjtYnQmt?)*Xws_QWK?RuA2DN9!zb)HNyqLk~_{Xh1uI;!gAi-V8uZfWV1l6b(QANd5NLAs()^w92H=H}W87tCoww$Q7r=u<|3R%>8NXx;O*a=LzhmP(&oFHp*H zb&5<<8C;x%*VF1Ktwjq>AtwMTi52=)JV%}q&JJC#fq9IO5FYoo_`kt-^1t9=@;?{v zU-17){?CzMpa1Fh`9Js*|Fa&S{?GTvp8ojfpD%J58#x^~(X$Yk34AbL6CcdUV;a6N zbk`|&MoPrexF*@V4Ww$<9$K|(*)FH~s)#v#=azk!@UG&VHHZ1DZQ2SMkIL?BL&)wD zR}38}JQIhf(NK5ZF0)6Eco_>e&b}+qWJ*T%b_W@qbMn&7-Zl-9CbLJu+@Q({ z?tx}}t@qlz2y!}FN>b$2xovYRk@95M4M^UWoWB9l-vIeaoomj7+M+Q5&IWskljCIa`^-XxiY55Go=_}>e3mKYu=8VqcP9BWIBASe z?^R$rxkkhZExkd+?TFgA4v)Aa7M;{DDuTZzktPY0j?Iha5`J0Z@oWPs05%r zbdFKR6l+8$zu_QA{F=o0Y1gemVm9eBm8Edoty%khc&ppK% ziZ`e~h)?n+z$#w?wHOp|IbXsSBs^XeVYkaPct2Z;-|97C^U$+v1QUEF3oeGPL}3^* zjOw=+H*}oe&0O^Hl_k3#J}w(gxkzCUko`VG`M6i_34Rpc%>Sk)R*sHFHa7NG%}ftT z|K}6R#e{OcF!_=r-HYHHwL+W>q-u&g8}h?|a! z=C?jk;fV;WEKH2V9W6}lI2>#_EbO7q9OhTPFdgSUnvTy+F3^EbD#TobAG^o;oyGXM z3mfrp2ylSsT~tq8#h;F!>DjuMk4iSlFE=uAu!o_}1Skz?0p z-8Pw;Z4E9;;n<^RWQpdi@rNMW=HDsxSG*)|j^)Et8yX3gp#Um)QG+@HiFZ&U9MI&z zH$h{LmqQX~b4`*-E2aeYF5Z@tFl@Pk0`Js zFkGTao#=QX#*USs^CbRaa2?s8)~!c@geB4eK2jU zF~>|DU-n&loFv1-uStiU9?-$yL+wuDqz17Eh)vC8sG>v>h`w^ZLqKqAnn?R3s5Ok|j+D zFuYvOPnGLeKYP^xJ8W%`C{eXDlfcZ6Tgs6c7CLVQ@ANevB$mdf5mtD{{n}p|8R5tss0Z)|H=K|Bf&oRi|+GV z=HL1MN2mWl4&2kH7CJt_*yzf4o&j=ZNuV7Rd@D47L|{{TkF7*(4xZiflwrvh0ewHU z$Bs(~SQwH-o*miuO)lMgPk(PNX%Pn5^Y=(l=dhq595TzhAE6!_Z-dO&q~a*J!)t<# z7?}bil{DPLI|Ep? z$GxWsM%7-u^++u1X;aH4QzN-2ptQU|d|rBaSl`sX=&{Gfg&8i|N5STqa2+^l=-x%o z=W^(m9#i^zhT;lOI*o?OrcY|x_oS`lVZ8v)&F03<0W)uT-qi7G2>+#=zYdjc)zs~?YSRJ5Jk3vD{lKNfYJzKB5#N1OTqnyl$sW8S- zj{A@7I(1&Z#`WkJe(v+ZY$PwEiWCOJXN?LKa99^D0(vq%2vNMg5P(N66uVV@^ND67 zKQ!K1rEG=U5KRe>TL8W@HIn#t#pn!T%?PW0djO58>qS`WEOvZdz!;7&Rnav;x+R6= z!?PhE$ylPAl=nn?+x^s&&8Md?k6u)rXNrGAaeYZAQ0Y{dPTWvt7{eoIzd@;2LzC-F zR!W4q2U@3Dtc0@Q1)Qt>xYbQA`g6uz8QL1ujItd!g07G|r_M!a&dnOP?({MS&0MX? zGUm`oU|@@JXgBrCQ2&XpU{{Jzw7w=GhzIwT_Hplm|6hEc{$pbAaP8n0;A{NPFYx94 zUtWH$llbqEfXfF^v2O#Cf75@K|J(Wx{~z_A&&~hLIKL($6-8c%AKZOuYxh`uyw_s977cXrYAgGxRoPDm^FJQP5+9$@6ho z{n^fwhHEPXuZ*v!NHue6(^R*Z8uyuyu_7k0nfO4HSLXCxENz1|>RrPysN4zQSWYbv zKTjk`0^Ekj4Bu^Yds=k9w5729h$(Oz( z3E(YQbkC1fnj7k9#za_YHQI}1=F|DfW}_rL}pS(Sk;%v5fZla+JRoSRuJBm zr}Zqt)^q2nyH#{^`C)Dhfmn%M?;0;uISUn&ZM{--@CfOn<6Etpb_*Jc!@p-zI$m)} zVNl^CKgx5-aglt??%bbdpD)J$qyGLN+$O+wDkS;>@`ASLlo1DYcx#$am<4QsV$AVW z{bKnJDjT$%fZ2kzlPU%mZn}0lVzv%zc^QpkkfeMRQ+DibTT}rgOSuUAWQGDo8>|6; zhKxggvUODe;Ee661xTuyPs|FXmtxk$8C7EQ=gpsI%+0V49ch3RVp0^VfR!JpTKX;2~7cx1(qv0@FKfgnVMNIurk-lWN%8GoDB+L{S=HD@L zUriIz|6ZxCgZbRdL*#aX@~yF^4d;G=`ABP2U9W609kgAs9YaNJrA?|gHFt}dkWTyX zb*D3zzrBX-CQ`Q6U>1jBN7d{c%AI#j->Y8(o2NvGAroG{uB*MiRvS~5RybaXcJsP| zM~NEBKo!TF6c?Jubn_}4d*c)Gg>L^0{?p`&3TyKZExk{N=EYFz@|dtwEQ&3)Kvz`Q z^aoaZBai88=Kl%S+|B3g1`Tux8_}o0? z(1Q<_1nD=7y3`&}Z$r?-jqz{lWfBdsLa_ASoa^ov zW2w|=iM^PPp{-Zr6Vk1bAjf?hx2|t(jrS3|K=aGPEAMI03wSvPh}L3Aa1Re2LL`>q zcb5$pUs;(f)F*xo1_9>DV-PZJAt)YDi*|SqPgqMV>Ys zO$JqZ?>McAeOT13@cD z4k4-BQfo?^T>yvgd9?y+9v1u{dLuJ-$R$;>jw>dIXAVN>`x7d>k#g}gqV5t`ORBnz zOG~^MtRa5H%WhcLVp(gxakC{Ak_vQP-*ik$Yk8#Kj#{+fD{2qKEod0wm5e0v zu59GT#gxZ5?iGK6-{X7r|8IE!{;T}Y{iXiHdzR-!|34D!^S|^y{}+7XfA-_c{}elL zPoH0HceHXcJCLY9(lq6OHv~=p04*!_WbzuN^j^M>Stk3yrqUsUy@+4|A$F`(Ko1*l z&&6HEd;km32wgGeCvc#>W$KuS)1&8zP&Eo=f0<=Q79~xB#coQ zD~`wy;wW~rk(BQ)^DXh1fd<_Y6QU0=edV8IFNSxhDsN-{Z|7d68@i}z-Z>{7!eqDM z%U21el>GTe|8)7U$!I;ZR{GB+h05$)O*P0LD@yNm+O+Qc%S_F z85sfPw3zu-5mJucvFenb%nl zbei{dD*oh~3O6=tSiNuWzatu{HGMAM=J>fjEvuh1H+QbkPEDNorp`Nj z`}M}rTOtQBAhZ0ppz8T=W|-}N^U?WVx&UDLZvZU+XX0xA({KETob@}T?D##ibN6Hy z{v?&+9dlK0n|=Spr?Kb%#Yg9>79@RAI(0<&@MgBIm1_47tUAc?`(N+x7dkgzHwP?P z#_*=!)Bl7in==2_-P@Sec6F%#Zp~h_?rw3-&$gQX!Ag?(4Grq;!Ye&uIJ2XgbGFo1 z8;AuNo>XG@S<_Up=-`o5k-VV(lS01!*Qr;YPoCx^e_isC>h%rI{SK8vdj$WH#EyHcZ?DvTcPba4{&FSz!AMg8oig@09V zhzJE$>Ym1D5~Oq2<5cz?J_FMB9W| z)$fs?2b#NeOwIsWg}3zIonn0O0MpM6v!spE?DzV`b!kS1e*aVbia~L$TT}n~8cq$@ zpyn5=zQ52a6?)U;8vP;d!qGCG>gg8+)8&aK{^n7MAJ0uS%^Ou^;yb1qqbTWhkwY`?JSneNY=pJ#rWylX4|enWcR4x6|bA=i)-yj$(QZch1fZgS7jPR44R zpRKEys(r*xM69WH`Pye9+-bMi_QhhawABhJI|n+&j)GAz3P!;w7zLwX6pVsVFbYP& gC>RB!U=)mkQ7{Td!6+C7qks?q01QDXP5{UN00#iITL1t6 literal 0 HcmV?d00001 diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb index 4777f79379..cffeee5ecb 100644 --- a/meta-oe/recipes-support/nss/nss_3.74.bb +++ b/meta-oe/recipes-support/nss/nss_3.74.bb @@ -36,6 +36,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://0001-Bug-1867408-add-a-defensive-check-for-large-ssl_DefS.patch;patchdir=nss \ file://CVE-2023-0767.patch \ file://0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch \ + file://regenerate_NameConstrain_test_certificates.tar.gz \ " SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"