From fdf98562b3bf75fb04105895d7c26a6d3e99fbca Mon Sep 17 00:00:00 2001 From: wiz Date: Sun, 16 May 2021 17:42:31 +0000 Subject: [PATCH] nss: update to 3.65. Bugs fixed in NSS 3.65: * Bug 1709654 - Update for NetBSD configuration. * Bug 1709750 - Disable HPKE test when fuzzing. * Bug 1566124 - Optimize AES-GCM for ppc64le. * Bug 1699021 - Add AES-256-GCM to HPKE. * Bug 1698419 - ECH -10 updates. * Bug 1692930 - Update HPKE to final version. * Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. * Bug 1703936 - New coverity/cpp scanner errors. * Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. --- devel/nss/Makefile | 7 +- devel/nss/distinfo | 11 ++- .../nss/patches/patch-nss_coreconf_NetBSD.mk | 83 ------------------- 3 files changed, 8 insertions(+), 93 deletions(-) delete mode 100644 devel/nss/patches/patch-nss_coreconf_NetBSD.mk diff --git a/devel/nss/Makefile b/devel/nss/Makefile index 95b9216a15b8..0a2180369500 100644 --- a/devel/nss/Makefile +++ b/devel/nss/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.205 2021/05/01 21:52:02 wiz Exp $ +# $NetBSD: Makefile,v 1.206 2021/05/16 17:42:31 wiz Exp $ DISTNAME= nss-${NSS_RELEASE:S/.0$//} -NSS_RELEASE= 3.64.0 -PKGREVISION= 3 +NSS_RELEASE= 3.65.0 CATEGORIES= devel security MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/} @@ -95,7 +94,7 @@ MOD_MINOR_VERSION= ${NSS_RELEASE:S/3.//:C/\.[0-9]*//} MOD_PATCH_VERSION= ${NSS_RELEASE:C/[0-9.]*\.//} NSS_DIST_DIR_VERSION= ${MOD_MAJOR_VERSION}_${MOD_MINOR_VERSION}_${MOD_PATCH_VERSION} -NSPR_MINIMUM_VERSION= 4.29 +NSPR_MINIMUM_VERSION= 4.30 PKGCONFIG_OVERRIDE= nss.pc diff --git a/devel/nss/distinfo b/devel/nss/distinfo index f7436021aa52..b304df6c1fcf 100644 --- a/devel/nss/distinfo +++ b/devel/nss/distinfo @@ -1,16 +1,15 @@ -$NetBSD: distinfo,v 1.130 2021/05/05 16:54:02 wiz Exp $ +$NetBSD: distinfo,v 1.131 2021/05/16 17:42:31 wiz Exp $ -SHA1 (nss-3.64.tar.gz) = e8f7dd8ab325a57a46b1d717c86bdae1be66e911 -RMD160 (nss-3.64.tar.gz) = bad3022ebac60e794d999dd7c74092c6b80c39d0 -SHA512 (nss-3.64.tar.gz) = 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04 -Size (nss-3.64.tar.gz) = 82173054 bytes +SHA1 (nss-3.65.tar.gz) = a7ec3874d091c4783a8cb78f064bceafba875c1f +RMD160 (nss-3.65.tar.gz) = d0b6da2d2ab3c4faea885413651dfaf3b4237615 +SHA512 (nss-3.65.tar.gz) = 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825 +Size (nss-3.65.tar.gz) = 82386222 bytes SHA1 (patch-md) = 8547c9414332c02221b96719dea1e09cb741f4d1 SHA1 (patch-me) = ffb5f119764c158c0bd789bd18fc77c61f2e9d2b SHA1 (patch-mf) = 40e58385fb6f944f463bf00b9aad72bc4ea229d0 SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 SHA1 (patch-nss_cmd_platlibs.mk) = 01f4350de601b29c94e8a791a28daca226866bb6 SHA1 (patch-nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af -SHA1 (patch-nss_coreconf_NetBSD.mk) = 176663074ce42719fed33dcaac69a930e3ede301 SHA1 (patch-nss_coreconf_OpenBSD.mk) = 944f71fcaaa7d5b2b3ed008341b1392a65480f2b SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74 SHA1 (patch-nss_lib_freebl_aes-armv8.c) = aa698f61dd3d66ba707a9b5425bc15d057244ad7 diff --git a/devel/nss/patches/patch-nss_coreconf_NetBSD.mk b/devel/nss/patches/patch-nss_coreconf_NetBSD.mk deleted file mode 100644 index a5d93462e601..000000000000 --- a/devel/nss/patches/patch-nss_coreconf_NetBSD.mk +++ /dev/null @@ -1,83 +0,0 @@ -$NetBSD: patch-nss_coreconf_NetBSD.mk,v 1.4 2021/05/05 16:54:03 wiz Exp $ - -Match more closely to OpenBSD.mk, and in particular, hide symbols (MAPFILE). - -- fix wrong value of CPU_ARCH on NetBSD/evbarm-earmv7f -- s/aarch64eb/aarch64/ - -https://bugzilla.mozilla.org/show_bug.cgi?id=1709654 - ---- nss/coreconf/NetBSD.mk.orig 2021-04-15 16:17:44.000000000 +0000 -+++ nss/coreconf/NetBSD.mk -@@ -5,9 +5,10 @@ - - include $(CORE_DEPTH)/coreconf/UNIX.mk - --DEFAULT_COMPILER = gcc --CC = gcc --CCC = g++ -+CC ?= gcc -+CXX ?= g++ -+DEFAULT_COMPILER = ${CC} -+CCC = ${CXX} - RANLIB = ranlib - - CPU_ARCH := $(shell uname -p) -@@ -15,16 +16,14 @@ ifeq ($(CPU_ARCH),i386) - OS_REL_CFLAGS = -Di386 - CPU_ARCH = x86 - endif -- --ifndef OBJECT_FMT --OBJECT_FMT := $(shell if echo __ELF__ | $${CC:-cc} -E - | grep -q __ELF__ ; then echo a.out ; else echo ELF ; fi) -+ifeq (,$(filter-out earm%,$(CPU_ARCH))) -+CPU_ARCH = arm -+endif -+ifeq ($(CPU_ARCH),aarch64eb) -+CPU_ARCH = aarch64 - endif - --ifeq ($(OBJECT_FMT),ELF) - DLL_SUFFIX = so --else --DLL_SUFFIX = so.1.0 --endif - - OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DNETBSD -Dunix -DHAVE_STRERROR -DHAVE_BSD_FLOCK - -@@ -33,9 +32,16 @@ OS_LIBS = -lcompat - ARCH = netbsd - - DSO_CFLAGS = -fPIC -DPIC --DSO_LDOPTS = -shared --ifeq ($(OBJECT_FMT),ELF) --DSO_LDOPTS += -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) -+DSO_LDOPTS = -shared -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) -+ -+# -+# The default implementation strategy for NetBSD is pthreads. -+# -+ifndef CLASSIC_NSPR -+USE_PTHREADS = 1 -+DEFINES += -D_THREAD_SAFE -D_REENTRANT -+OS_LIBS += -pthread -+DSO_LDOPTS += -pthread - endif - - ifdef LIBRUNPATH -@@ -44,12 +50,8 @@ endif - - MKSHLIB = $(CC) $(DSO_LDOPTS) - ifdef MAPFILE --# Add LD options to restrict exported symbols to those in the map file -+ MKSHLIB += -Wl,--version-script,$(MAPFILE) - endif --# Change PROCESS to put the mapfile in the correct format for this platform --PROCESS_MAP_FILE = cp $< $@ -- -- --G++INCLUDES = -I/usr/include/g++ -+PROCESS_MAP_FILE = grep -v ';-' $< | \ -+ sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@ - --INCLUDES += -I/usr/X11R6/include