nss: restore symbol rename patches

While the link fix did fix the case of openssl calling nss code, the other way round still happens, e.g. in libreoffice (since fixed to not use nss) and konqueror. Bump PKGREVISION.
2021-04-15 08:54:54 +00:00 · 2021-04-15 08:54:54 +00:00 · 4666547503
commit 4666547503
parent d81b360922
5 changed files with 127 additions and 3 deletions
--- a/devel/nss/Makefile
+++ b/devel/nss/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.200 2021/04/09 06:40:59 wiz Exp $
+# $NetBSD: Makefile,v 1.201 2021/04/15 08:54:54 wiz Exp $

 DISTNAME=		nss-${NSS_RELEASE:S/.0$//}
 NSS_RELEASE=		3.63.0
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		devel security
 MASTER_SITES=		${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/}

--- a/devel/nss/distinfo
+++ b/devel/nss/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.125 2021/04/09 06:40:59 wiz Exp $
+$NetBSD: distinfo,v 1.126 2021/04/15 08:54:54 wiz Exp $

 SHA1 (nss-3.63.tar.gz) = ecdf1352cb35d43a2bb4e276ece100c30a26a0ec
 RMD160 (nss-3.63.tar.gz) = f2c4c73360c3370276b5cb468139c748ed590b8f
@ -14,7 +14,10 @@ SHA1 (patch-nss_coreconf_NetBSD.mk) = ed95aa1c245c9f2b8fda0a1769f9599223b61dbf
 SHA1 (patch-nss_coreconf_OpenBSD.mk) = 1a4c3711d5d1f7f9e8d58b36145b15d7e444d754
 SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74
 SHA1 (patch-nss_lib_freebl_aes-armv8.c) = aa698f61dd3d66ba707a9b5425bc15d057244ad7
+SHA1 (patch-nss_lib_freebl_blapi.h) = 1fa1acb0a988f71cf4229faa2cc9155a105b6799
 SHA1 (patch-nss_lib_freebl_gcm-aarch64.c) = 311cfe7ca58e91285052d0ca27bd2df3f325071b
+SHA1 (patch-nss_lib_freebl_md5.c) = 7d0b88710c3bc099f3a76bce8bb95a7538ccf0bc
+SHA1 (patch-nss_lib_freebl_sha-fast-amd64-sun.s) = 11a043550811b19f4c71b67971efe69855cb1071
 SHA1 (patch-nss_lib_util_utilpars.c) = 5d3000515b01037929730a752b7d7a0f46f06deb
 SHA1 (patch-nss_tests_all.sh) = b328778b538db66f5447f962f23afd6f650f7071
 SHA1 (patch-nss_tests_merge_merge.sh) = 42a4866d226b1076740ba9a5e42c7604f2cb15a7
--- a/devel/nss/patches/patch-nss_lib_freebl_blapi.h
+++ b/devel/nss/patches/patch-nss_lib_freebl_blapi.h
@ -0,0 +1,29 @@
+$NetBSD: patch-nss_lib_freebl_blapi.h,v 1.1 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/blapi.h.orig	2021-03-18 14:22:42.000000000 +0000
+++ nss/lib/freebl/blapi.h
+@@ -1122,6 +1122,8 @@ extern void MD5_DestroyContext(MD5Contex
+ */
+ extern void MD5_Begin(MD5Context *cx);
+ 
+#define MD5_Update NSS_MD5_Update
+
+ /*
+ ** Update the MD5 hash function with more data.
+ **  "cx" the context
+@@ -1287,6 +1289,8 @@ extern void SHA1_DestroyContext(SHA1Cont
+ */
+ extern void SHA1_Begin(SHA1Context *cx);
+ 
+#define SHA1_Update NSS_SHA1_Update
+
+ /*
+ ** Update the SHA-1 hash function with more data.
+ **  "cx" the context
--- a/devel/nss/patches/patch-nss_lib_freebl_md5.c
+++ b/devel/nss/patches/patch-nss_lib_freebl_md5.c
@ -0,0 +1,41 @@
+$NetBSD: patch-nss_lib_freebl_md5.c,v 1.3 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/md5.c.orig	2021-03-18 14:22:42.000000000 +0000
+++ nss/lib/freebl/md5.c
+@@ -205,7 +205,7 @@ MD5_HashBuf(unsigned char *dest, const u
+     MD5Context cx;
+ 
+     MD5_Begin(&cx);
+-    MD5_Update(&cx, src, src_length);
+    NSS_MD5_Update(&cx, src, src_length);
+     MD5_End(&cx, dest, &len, MD5_HASH_LEN);
+     memset(&cx, 0, sizeof cx);
+     return SECSuccess;
+@@ -419,7 +419,7 @@ md5_compress(MD5Context *cx, const PRUin
+ }
+ 
+ void
+-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+NSS_MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+ {
+     PRUint32 bytesToConsume;
+     PRUint32 inBufIndex = cx->lsbInput & 63;
+@@ -509,9 +509,9 @@ MD5_End(MD5Context *cx, unsigned char *d
+     lowInput <<= 3;
+ 
+     if (inBufIndex < MD5_END_BUFFER) {
+-        MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+        NSS_MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+     } else {
+-        MD5_Update(cx, padbytes,
+        NSS_MD5_Update(cx, padbytes,
+                    MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+     }
+ 
--- a/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s
+++ b/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s
@ -0,0 +1,51 @@
+$NetBSD: patch-nss_lib_freebl_sha-fast-amd64-sun.s,v 1.1 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/sha-fast-amd64-sun.s.orig	2021-03-18 14:22:42.000000000 +0000
+++ nss/lib/freebl/sha-fast-amd64-sun.s
+@@ -1680,9 +1680,9 @@ shaCompress:
+ .LFE7:
+ 	.size	shaCompress, .-shaCompress
+ 	.align 16
+-.globl SHA1_Update
+-	.type	SHA1_Update, @function
+-SHA1_Update:
+.globl NSS_SHA1_Update
+	.type	NSS_SHA1_Update, @function
+NSS_SHA1_Update:
+ .LFB5:
+ 	pushq	%rbp
+ .LCFI5:
+@@ -1768,7 +1768,7 @@ SHA1_Update:
+ 	call	shaCompress
+ 	jmp	.L245
+ .LFE5:
+-	.size	SHA1_Update, .-SHA1_Update
+	.size	NSS_SHA1_Update, .-NSS_SHA1_Update
+ 	.section	.rodata
+ 	.align 32
+ 	.type	bulk_pad.0, @object
+@@ -1870,7 +1870,7 @@ SHA1_End:
+ 	subl	%r8d, %edx
+ 	andl	$63, %edx
+ 	incl	%edx
+-	call	SHA1_Update@PLT
+	call	NSS_SHA1_Update@PLT
+ 	movq	%rbx, %rdi
+ 	movq	%r12, %rsi
+ 	shrq	$32, %rdi
+@@ -1989,7 +1989,7 @@ SHA1_HashBuf:
+ 	movl	%r12d, %edx
+ 	movq	%r13, %rsi
+ 	movq	%rbx, %rdi
+-	call	SHA1_Update@PLT
+	call	NSS_SHA1_Update@PLT
+ 	leaq	-292(%rbp), %rdx
+ 	movq	%r14, %rsi
+ 	movq	%rbx, %rdi