nss: update to 3.41

Bug fix only update.

    Bug 1252891 - Implemented EKU handling for IPsec IKE.
    Bug 1423043 - Enable half-closed states for TLS.
    Bug 1493215 - Enabled the following ciphersuites by default:
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_256_GCM_SHA384

    Bug 1412829, Reject empty supported_signature_algorithms in Certificate Request in TLS 1.2
    Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404)
    Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
    Bug 1493769 - Set session_id for external resumption tokens
    Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-support/nss/nss_3.40.bb b/meta/recipes-support/nss/nss_3.41.bb
similarity index 98%
rename from meta/recipes-support/nss/nss_3.40.bb
rename to meta/recipes-support/nss/nss_3.41.bb
index afc50817f10d69317eadbad19a6eb76f4302e4ae..5ab22b1226e16132ae43661c01b3294cab4e8c2d 100644 (file)
--- a/meta/recipes-support/nss/nss_3.40.bb
+++ b/meta/recipes-support/nss/nss_3.41.bb
@@ -31,8 +31,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
            file://nss-fix-SHA_HTONL-bug-for-arm-32be.patch \
            "
 
-SRC_URI[md5sum] = "f7aec858d192ae03d0e9a35a730c70fa"
-SRC_URI[sha256sum] = "0562087b8bda072bf5964f8acf851f9c0997a59c384f4887cb517b3b628b32dd"
+SRC_URI[md5sum] = "eec62a289387a7ce2fd9cca1f76600f3"
+SRC_URI[sha256sum] = "ab2e18f5d0dd0079c0005396f9beb9a41e9a1bbc7e6c1d0a99affcef0471712d"
 
 UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
 UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"