security/nss: sync with upstream

Taken from: HardenedBSD

security/nss/Makefile

@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	nss
-PORTVERSION=	3.56
+PORTVERSION=	3.57
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 

security/nss/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1598022657
-SHA256 (nss-3.56.tar.gz) = f875e0e8ed3b5ce92d675be4a55aa25a8c1199789a4a01f69b5f2327e2048e9c
-SIZE (nss-3.56.tar.gz) = 81706176
+TIMESTAMP = 1600448423
+SHA256 (nss-3.57.tar.gz) = 55a86c01be860381d64bb4e5b94eb198df9b0f098a8af0e58c014df398bdc382
+SIZE (nss-3.57.tar.gz) = 81712830

security/nss/files/patch-bug1659256

@@ -1,105 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1599626828 -7200
-# Node ID b971c77c0d68d76c086a0df21841efb813b78c7b
-# Parent  e524a577761d8d61ff096121a3c00bf22f2cfa94
-Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea
-
-Summary: As described in https://access.redhat.com/solutions/19458,
-gcc version in RHEL-7 is still 4.8.x and cannot compile the newly
-added aes-armv8.c. There is a version check already for 32-bit arm,
-but not for AArch64. This also removes NS_USE_GCC check added in bug
-1652032 in favor of the automatic detection using CC_IS_* macros.
-
-Reviewers: rrelyea
-
-Reviewed By: rrelyea
-
-Subscribers: jmux, kjacobs
-
-Bug #: 1659256
-
-Differential Revision: https://phabricator.services.mozilla.com/D87174
-
-diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
---- lib/freebl/Makefile
-+++ lib/freebl/Makefile
-@@ -114,31 +114,47 @@ ifeq (,$(filter-out i386 x386 x86 x86_64
- $(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes
- $(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes
- ifneq (,$(USE_64)$(USE_X32))
-         DEFINES += -DNSS_X64
- else
-         DEFINES += -DNSS_X86
- endif
- endif
--ifdef NS_USE_GCC
- ifeq ($(CPU_ARCH),aarch64)
--    DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
--    EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
--endif
-+    ifdef CC_IS_CLANG
-+        DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+        EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+    else ifeq (1,$(CC_IS_GCC))
-+        # GCC versions older than 4.9 don't support ARM AES. The check
-+        # is done in two parts, first allows "major.minor" == "4.9",
-+        # and then rejects any major versions prior to 5. Note that
-+        # there has been no GCC 4.10, as it was renamed to GCC 5.
-+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
-+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+        endif
-+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
-+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+        endif
-+    endif
- endif
- ifeq ($(CPU_ARCH),arm)
- ifndef NSS_DISABLE_ARM32_NEON
-     EXTRA_SRCS += gcm-arm32-neon.c
- endif
-     ifdef CC_IS_CLANG
-         DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-         EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
-     else ifeq (1,$(CC_IS_GCC))
--        # Old compiler doesn't support ARM AES.
-+        # GCC versions older than 4.9 don't support ARM AES. The check
-+        # is done in two parts, first allows "major.minor" == "4.9",
-+        # and then rejects any major versions prior to 5. Note that
-+        # there has been no GCC 4.10, as it was renamed to GCC 5.
-         ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
-             DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-             EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
-         endif
-         ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
-             DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-             EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
-         endif
-@@ -723,24 +739,22 @@ USES_SOFTFLOAT_ABI := $(shell $(CC) -o -
- $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
- $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
- $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
- ifndef NSS_DISABLE_ARM32_NEON
- $(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
- endif
- endif
- 
--ifdef NS_USE_GCC
- ifeq ($(CPU_ARCH),aarch64)
- $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- endif
--endif
- 
- ifeq ($(CPU_ARCH),ppc)
- ifndef NSS_DISABLE_ALTIVEC
- $(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
- $(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
- $(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
- $(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx \
- 					-funroll-loops -fpeel-loops
-