libnss: security bump to version 3.30.2

CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS. Might cause
remote arbitrary code execution
(https://access.redhat.com/errata/RHSA-2017:1100).

CVE-2017-5462 - DRBG flaw in NSS

Drop 0001-cross-compile.patch and TARGET* variables. Upstream Makefile now
allows override of CC, so use TARGET_CONFIGURE_OPTS instead.

Drop upstream 0003-it-uninitialized-fix.patch.

Renumber the remaining patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

5 files changed, 6 insertions, 82 deletions

diff --git a/package/libnss/0001-cross-compile.patch b/package/libnss/0001-cross-compile.patch
deleted file mode 100644
index 31de71bc5a..0000000000
--- a/package/libnss/0001-cross-compile.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-This patch allows us to set a value for the cross compiler via TARGETCC without
-setting CC on the command line. CC is used for host tools as well as cross
-compiled code so we cannot define it on the command line without breaking
-the host tools build.
-
-[Gustavo: update for nss 3.16.1]
-[baruch: add OPTIMIZER handling]
-Signed-off-by: Will Newton <will.newton@imgtec.com>
-
-diff -Nuar nss-3.16.1-orig/nss/coreconf/Linux.mk nss-3.16.1/nss/coreconf/Linux.mk
---- nss-3.16.1-orig/nss/coreconf/Linux.mk	2014-05-02 06:27:18.000000000 +0300
-+++ nss-3.16.1/nss/coreconf/Linux.mk	2014-07-01 02:38:18.701480512 +0300
-@@ -16,9 +16,13 @@
- 	IMPL_STRATEGY = _PTH
- endif
- 
--CC			= gcc
--CCC			= g++
--RANLIB			= ranlib
-+TARGETCC		= gcc
-+TARGETCCC		= g++
-+TARGETRANLIB		= ranlib
-+
-+CC			= $(TARGETCC)
-+CCC			= $(TARGETCCC)
-+RANLIB			= $(TARGETRANLIB)
- 
- DEFAULT_COMPILER = gcc
- 
-@@ -125,6 +129,7 @@
- endif
- endif
- 
-+OPTIMIZER = $(TARGET_OPTIMIZER)
- 
- ifeq ($(USE_PTHREADS),1)
- OS_PTHREAD = -lpthread 
-diff -Nuar nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile nss-3.16.1/nss/coreconf/nsinstall/Makefile
---- nss-3.16.1-orig/nss/coreconf/nsinstall/Makefile	2014-05-02 06:27:18.000000000 +0300
-+++ nss-3.16.1/nss/coreconf/nsinstall/Makefile	2014-07-01 02:38:48.102185011 +0300
-@@ -31,6 +31,7 @@
- 
- ifdef NATIVE_FLAGS
- OS_CFLAGS=$(NATIVE_FLAGS)
-+OPTIMIZER=
- endif
- 
- include $(DEPTH)/coreconf/rules.mk
diff --git a/package/libnss/0002-uclibc.patch b/package/libnss/0001-uclibc.patch
index b81db930be..b81db930be 100644
--- a/package/libnss/0002-uclibc.patch
+++ b/package/libnss/0001-uclibc.patch
diff --git a/package/libnss/0003-it-uninitialized-fix.patch b/package/libnss/0003-it-uninitialized-fix.patch
deleted file mode 100644
index 7736c6a939..0000000000
--- a/package/libnss/0003-it-uninitialized-fix.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-# HG changeset patch
-# User catdesk <catdesk@tuta.io>
-# Date 1477710600 -7200
-#      Sat Oct 29 05:10:00 2016 +0200
-# Node ID b9ef971b94ab110302d49255339077bc1b4aed7f
-# Parent  eb8c96563cd70aa69d48b01516085f7d2fb46178
-Bug 1313846 - Declare 'it = NULL' earlier. r=franziskus
-
-[Thomas: patch taken from upstream mercurial repository, revision
-12791.]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-diff -r eb8c96563cd7 -r b9ef971b94ab lib/jar/jarfile.c
---- a/nss/lib/jar/jarfile.c	Mon Oct 31 17:31:20 2016 +0100
-+++ b/nss/lib/jar/jarfile.c	Sat Oct 29 05:10:00 2016 +0200
-@@ -657,7 +657,7 @@
- jar_listzip(JAR *jar, JAR_FILE fp)
- {
-     ZZLink *ent;
--    JAR_Item *it;
-+    JAR_Item *it = NULL;
-     JAR_Physical *phy = NULL;
-     struct ZipLocal *Local = PORT_ZNew(struct ZipLocal);
-     struct ZipCentral *Central = PORT_ZNew(struct ZipCentral);
diff --git a/package/libnss/libnss.hash b/package/libnss/libnss.hash
index 975e52d238..7be7e48a69 100644
--- a/package/libnss/libnss.hash
+++ b/package/libnss/libnss.hash
@@ -1,2 +1,2 @@
-# From https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_2_RTM/src/SHA256SUMS
-sha256	dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524	nss-3.27.2.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_2_RTM/src/SHA256SUMS
+sha256	0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24	nss-3.30.2.tar.gz
diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
index d624cde095..1e157df1df 100644
--- a/package/libnss/libnss.mk
+++ b/package/libnss/libnss.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSS_VERSION = 3.27.2
+LIBNSS_VERSION = 3.30.2
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
 LIBNSS_DISTDIR = dist
@@ -33,9 +33,6 @@ LIBNSS_BUILD_VARS = \
 	NSS_USE_SYSTEM_SQLITE=1 \
 	NSS_ENABLE_ECC=1 \
 	NATIVE_CC="$(HOSTCC)" \
-	TARGETCC="$(TARGET_CC)" \
-	TARGETCCC="$(TARGET_CXX)" \
-	TARGETRANLIB="$(TARGET_RANLIB)" \
 	OS_ARCH="Linux" \
 	OS_RELEASE="2.6" \
 	OS_TEST="$(ARCH)"
@@ -55,17 +52,16 @@ endif
 endif
 
 define LIBNSS_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss coreconf \
+	$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss coreconf \
 		SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
 		DIST=$(@D)/$(LIBNSS_DISTDIR) \
 		CHECKLOC= \
 		$(LIBNSS_BUILD_VARS)
-	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D)/nss lib/dbm all \
+	$(TARGET_CONFIGURE_OPTS) $(MAKE1) -C $(@D)/nss lib/dbm all \
 		SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
 		DIST=$(@D)/$(LIBNSS_DISTDIR) \
 		CHECKLOC= \
-		$(LIBNSS_BUILD_VARS) TARGET_OPTIMIZER="$(TARGET_CFLAGS)" \
-		NATIVE_FLAGS="$(HOST_CFLAGS)"
+		$(LIBNSS_BUILD_VARS) NATIVE_FLAGS="$(HOST_CFLAGS)"
 endef
 
 define LIBNSS_INSTALL_STAGING_CMDS