From a654feb0e296a232cd9b9ec6a3725fd4d4d0e0bd Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 22 Sep 2020 15:58:33 +0200 Subject: [PATCH] security/nss: sync with upstream Taken from: HardenedBSD --- security/nss/Makefile | 2 +- security/nss/distinfo | 6 +- security/nss/files/patch-bug1659256 | 105 ---------------------------- 3 files changed, 4 insertions(+), 109 deletions(-) delete mode 100644 security/nss/files/patch-bug1659256 diff --git a/security/nss/Makefile b/security/nss/Makefile index 5286a52c6c0..af66670cc68 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= nss -PORTVERSION= 3.56 +PORTVERSION= 3.57 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index ac49db508ae..7d3c1a6817b 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1598022657 -SHA256 (nss-3.56.tar.gz) = f875e0e8ed3b5ce92d675be4a55aa25a8c1199789a4a01f69b5f2327e2048e9c -SIZE (nss-3.56.tar.gz) = 81706176 +TIMESTAMP = 1600448423 +SHA256 (nss-3.57.tar.gz) = 55a86c01be860381d64bb4e5b94eb198df9b0f098a8af0e58c014df398bdc382 +SIZE (nss-3.57.tar.gz) = 81712830 diff --git a/security/nss/files/patch-bug1659256 b/security/nss/files/patch-bug1659256 deleted file mode 100644 index 94bba1f084a..00000000000 --- a/security/nss/files/patch-bug1659256 +++ /dev/null @@ -1,105 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1599626828 -7200 -# Node ID b971c77c0d68d76c086a0df21841efb813b78c7b -# Parent e524a577761d8d61ff096121a3c00bf22f2cfa94 -Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea - -Summary: As described in https://access.redhat.com/solutions/19458, -gcc version in RHEL-7 is still 4.8.x and cannot compile the newly -added aes-armv8.c. There is a version check already for 32-bit arm, -but not for AArch64. This also removes NS_USE_GCC check added in bug -1652032 in favor of the automatic detection using CC_IS_* macros. - -Reviewers: rrelyea - -Reviewed By: rrelyea - -Subscribers: jmux, kjacobs - -Bug #: 1659256 - -Differential Revision: https://phabricator.services.mozilla.com/D87174 - -diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile ---- lib/freebl/Makefile -+++ lib/freebl/Makefile -@@ -114,31 +114,47 @@ ifeq (,$(filter-out i386 x386 x86 x86_64 - $(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes - $(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes - ifneq (,$(USE_64)$(USE_X32)) - DEFINES += -DNSS_X64 - else - DEFINES += -DNSS_X86 - endif - endif --ifdef NS_USE_GCC - ifeq ($(CPU_ARCH),aarch64) -- DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -- EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c --endif -+ ifdef CC_IS_CLANG -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c -+ else ifeq (1,$(CC_IS_GCC)) -+ # GCC versions older than 4.9 don't support ARM AES. The check -+ # is done in two parts, first allows "major.minor" == "4.9", -+ # and then rejects any major versions prior to 5. Note that -+ # there has been no GCC 4.10, as it was renamed to GCC 5. -+ ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c -+ endif -+ ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c -+ endif -+ endif - endif - ifeq ($(CPU_ARCH),arm) - ifndef NSS_DISABLE_ARM32_NEON - EXTRA_SRCS += gcm-arm32-neon.c - endif - ifdef CC_IS_CLANG - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c - else ifeq (1,$(CC_IS_GCC)) -- # Old compiler doesn't support ARM AES. -+ # GCC versions older than 4.9 don't support ARM AES. The check -+ # is done in two parts, first allows "major.minor" == "4.9", -+ # and then rejects any major versions prior to 5. Note that -+ # there has been no GCC 4.10, as it was renamed to GCC 5. - ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c - endif - ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c - endif -@@ -723,24 +739,22 @@ USES_SOFTFLOAT_ABI := $(shell $(CC) -o - - $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) - $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) - $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) - ifndef NSS_DISABLE_ARM32_NEON - $(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) - endif - endif - --ifdef NS_USE_GCC - ifeq ($(CPU_ARCH),aarch64) - $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto - $(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto - $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto - $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto - endif --endif - - ifeq ($(CPU_ARCH),ppc) - ifndef NSS_DISABLE_ALTIVEC - $(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx - $(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx - $(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx - $(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx \ - -funroll-loops -fpeel-loops -