diff --git a/devel/nss/Makefile b/devel/nss/Makefile index 36b3f42e9138..598e86d726b0 100644 --- a/devel/nss/Makefile +++ b/devel/nss/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.200 2021/04/09 06:40:59 wiz Exp $ +# $NetBSD: Makefile,v 1.201 2021/04/15 08:54:54 wiz Exp $ DISTNAME= nss-${NSS_RELEASE:S/.0$//} NSS_RELEASE= 3.63.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= devel security MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/} diff --git a/devel/nss/distinfo b/devel/nss/distinfo index e10ef8378d98..d574e704d51d 100644 --- a/devel/nss/distinfo +++ b/devel/nss/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.125 2021/04/09 06:40:59 wiz Exp $ +$NetBSD: distinfo,v 1.126 2021/04/15 08:54:54 wiz Exp $ SHA1 (nss-3.63.tar.gz) = ecdf1352cb35d43a2bb4e276ece100c30a26a0ec RMD160 (nss-3.63.tar.gz) = f2c4c73360c3370276b5cb468139c748ed590b8f @@ -14,7 +14,10 @@ SHA1 (patch-nss_coreconf_NetBSD.mk) = ed95aa1c245c9f2b8fda0a1769f9599223b61dbf SHA1 (patch-nss_coreconf_OpenBSD.mk) = 1a4c3711d5d1f7f9e8d58b36145b15d7e444d754 SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74 SHA1 (patch-nss_lib_freebl_aes-armv8.c) = aa698f61dd3d66ba707a9b5425bc15d057244ad7 +SHA1 (patch-nss_lib_freebl_blapi.h) = 1fa1acb0a988f71cf4229faa2cc9155a105b6799 SHA1 (patch-nss_lib_freebl_gcm-aarch64.c) = 311cfe7ca58e91285052d0ca27bd2df3f325071b +SHA1 (patch-nss_lib_freebl_md5.c) = 7d0b88710c3bc099f3a76bce8bb95a7538ccf0bc +SHA1 (patch-nss_lib_freebl_sha-fast-amd64-sun.s) = 11a043550811b19f4c71b67971efe69855cb1071 SHA1 (patch-nss_lib_util_utilpars.c) = 5d3000515b01037929730a752b7d7a0f46f06deb SHA1 (patch-nss_tests_all.sh) = b328778b538db66f5447f962f23afd6f650f7071 SHA1 (patch-nss_tests_merge_merge.sh) = 42a4866d226b1076740ba9a5e42c7604f2cb15a7 diff --git a/devel/nss/patches/patch-nss_lib_freebl_blapi.h b/devel/nss/patches/patch-nss_lib_freebl_blapi.h new file mode 100644 index 000000000000..f7b509a2151f --- /dev/null +++ b/devel/nss/patches/patch-nss_lib_freebl_blapi.h @@ -0,0 +1,29 @@ +$NetBSD: patch-nss_lib_freebl_blapi.h,v 1.1 2021/04/15 08:54:54 wiz Exp $ + +Some symbols conflict with openssl. +If nss is loaded first, it can call into openssl's code, +which has different struct sizes. This can lead to weird +coredumps. + +https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE + +--- nss/lib/freebl/blapi.h.orig 2021-03-18 14:22:42.000000000 +0000 ++++ nss/lib/freebl/blapi.h +@@ -1122,6 +1122,8 @@ extern void MD5_DestroyContext(MD5Contex + */ + extern void MD5_Begin(MD5Context *cx); + ++#define MD5_Update NSS_MD5_Update ++ + /* + ** Update the MD5 hash function with more data. + ** "cx" the context +@@ -1287,6 +1289,8 @@ extern void SHA1_DestroyContext(SHA1Cont + */ + extern void SHA1_Begin(SHA1Context *cx); + ++#define SHA1_Update NSS_SHA1_Update ++ + /* + ** Update the SHA-1 hash function with more data. + ** "cx" the context diff --git a/devel/nss/patches/patch-nss_lib_freebl_md5.c b/devel/nss/patches/patch-nss_lib_freebl_md5.c new file mode 100644 index 000000000000..3051aa6efc87 --- /dev/null +++ b/devel/nss/patches/patch-nss_lib_freebl_md5.c @@ -0,0 +1,41 @@ +$NetBSD: patch-nss_lib_freebl_md5.c,v 1.3 2021/04/15 08:54:54 wiz Exp $ + +Some symbols conflict with openssl. +If nss is loaded first, it can call into openssl's code, +which has different struct sizes. This can lead to weird +coredumps. + +https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE + +--- nss/lib/freebl/md5.c.orig 2021-03-18 14:22:42.000000000 +0000 ++++ nss/lib/freebl/md5.c +@@ -205,7 +205,7 @@ MD5_HashBuf(unsigned char *dest, const u + MD5Context cx; + + MD5_Begin(&cx); +- MD5_Update(&cx, src, src_length); ++ NSS_MD5_Update(&cx, src, src_length); + MD5_End(&cx, dest, &len, MD5_HASH_LEN); + memset(&cx, 0, sizeof cx); + return SECSuccess; +@@ -419,7 +419,7 @@ md5_compress(MD5Context *cx, const PRUin + } + + void +-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) ++NSS_MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) + { + PRUint32 bytesToConsume; + PRUint32 inBufIndex = cx->lsbInput & 63; +@@ -509,9 +509,9 @@ MD5_End(MD5Context *cx, unsigned char *d + lowInput <<= 3; + + if (inBufIndex < MD5_END_BUFFER) { +- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex); ++ NSS_MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex); + } else { +- MD5_Update(cx, padbytes, ++ NSS_MD5_Update(cx, padbytes, + MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); + } + diff --git a/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s b/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s new file mode 100644 index 000000000000..99644922087d --- /dev/null +++ b/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s @@ -0,0 +1,51 @@ +$NetBSD: patch-nss_lib_freebl_sha-fast-amd64-sun.s,v 1.1 2021/04/15 08:54:54 wiz Exp $ + +Some symbols conflict with openssl. +If nss is loaded first, it can call into openssl's code, +which has different struct sizes. This can lead to weird +coredumps. + +https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE + +--- nss/lib/freebl/sha-fast-amd64-sun.s.orig 2021-03-18 14:22:42.000000000 +0000 ++++ nss/lib/freebl/sha-fast-amd64-sun.s +@@ -1680,9 +1680,9 @@ shaCompress: + .LFE7: + .size shaCompress, .-shaCompress + .align 16 +-.globl SHA1_Update +- .type SHA1_Update, @function +-SHA1_Update: ++.globl NSS_SHA1_Update ++ .type NSS_SHA1_Update, @function ++NSS_SHA1_Update: + .LFB5: + pushq %rbp + .LCFI5: +@@ -1768,7 +1768,7 @@ SHA1_Update: + call shaCompress + jmp .L245 + .LFE5: +- .size SHA1_Update, .-SHA1_Update ++ .size NSS_SHA1_Update, .-NSS_SHA1_Update + .section .rodata + .align 32 + .type bulk_pad.0, @object +@@ -1870,7 +1870,7 @@ SHA1_End: + subl %r8d, %edx + andl $63, %edx + incl %edx +- call SHA1_Update@PLT ++ call NSS_SHA1_Update@PLT + movq %rbx, %rdi + movq %r12, %rsi + shrq $32, %rdi +@@ -1989,7 +1989,7 @@ SHA1_HashBuf: + movl %r12d, %edx + movq %r13, %rsi + movq %rbx, %rdi +- call SHA1_Update@PLT ++ call NSS_SHA1_Update@PLT + leaq -292(%rbp), %rdx + movq %r14, %rsi + movq %rbx, %rdi