Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 31 Aug 2019 00:50:47 +0000 (UTC)
From:      Jan Beich <jbeich@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r510302 - in head/security: ca_root_nss nss nss/files
Message-ID:  <201908310050.x7V0olvM042151@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jbeich
Date: Sat Aug 31 00:50:46 2019
New Revision: 510302
URL: https://svnweb.freebsd.org/changeset/ports/510302

Log:
  security/nss: update to 3.46
  
  Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
  Changes:	https://hg.mozilla.org/projects/nss/shortlog/NSS_3_46_RTM
  ABI:		https://abi-laboratory.pro/tracker/timeline/nss/

Modified:
  head/security/ca_root_nss/Makefile   (contents, props changed)
  head/security/ca_root_nss/distinfo   (contents, props changed)
  head/security/nss/Makefile   (contents, props changed)
  head/security/nss/distinfo   (contents, props changed)
  head/security/nss/files/patch-bug1575843   (contents, props changed)
  head/security/nss/files/patch-coreconf_UNIX.mk   (contents, props changed)
  head/security/nss/files/patch-lib_freebl_blinit.c   (contents, props changed)

Modified: head/security/ca_root_nss/Makefile
==============================================================================
--- head/security/ca_root_nss/Makefile	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/ca_root_nss/Makefile	Sat Aug 31 00:50:46 2019	(r510302)
@@ -32,7 +32,7 @@ PLIST_SUB+=	CERTDIR=${CERTDIR}
 # !!!  Please DO NOT submit patches for new version until it has !!!
 # !!!  been committed there first.                               !!!
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-VERSION_NSS=	3.45
+VERSION_NSS=	3.46
 #NSS_SUFFIX=	-with-ckbi-1.98
 CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt
 BUNDLE_PROCESSOR=	MAca-bundle.pl

Modified: head/security/ca_root_nss/distinfo
==============================================================================
--- head/security/ca_root_nss/distinfo	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/ca_root_nss/distinfo	Sat Aug 31 00:50:46 2019	(r510302)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1562342551
-SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b
-SIZE (nss-3.45.tar.gz) = 76017462
+TIMESTAMP = 1567179992
+SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef
+SIZE (nss-3.46.tar.gz) = 76417155

Modified: head/security/nss/Makefile
==============================================================================
--- head/security/nss/Makefile	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/nss/Makefile	Sat Aug 31 00:50:46 2019	(r510302)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	nss
-PORTVERSION=	3.45
-PORTREVISION=	2
+PORTVERSION=	3.46
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 

Modified: head/security/nss/distinfo
==============================================================================
--- head/security/nss/distinfo	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/nss/distinfo	Sat Aug 31 00:50:46 2019	(r510302)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1562342551
-SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b
-SIZE (nss-3.45.tar.gz) = 76017462
+TIMESTAMP = 1567179992
+SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef
+SIZE (nss-3.46.tar.gz) = 76417155

Modified: head/security/nss/files/patch-bug1575843
==============================================================================
--- head/security/nss/files/patch-bug1575843	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/nss/files/patch-bug1575843	Sat Aug 31 00:50:46 2019	(r510302)
@@ -2,7 +2,7 @@ Detect ARM CPU features on FreeBSD.
 
 elf_aux_info is similar to getauxval but is nop on aarch64.
 
---- lib/freebl/blinit.c.orig	2019-07-05 16:02:31 UTC
+--- lib/freebl/blinit.c.orig	2019-08-30 15:46:32 UTC
 +++ lib/freebl/blinit.c
 @@ -96,8 +96,8 @@ CheckX86CPUSupport()
  #ifndef __has_include
@@ -36,15 +36,15 @@ elf_aux_info is similar to getauxval but is nop on aar
  // Defines from hwcap.h in Linux kernel - ARM64
  #ifndef HWCAP_AES
  #define HWCAP_AES (1 << 3)
-@@ -137,6 +144,7 @@ CheckARMSupport()
- {
+@@ -138,6 +145,7 @@ CheckARMSupport()
      char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON");
      char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
+     char *disable_pmull = PR_GetEnvSecure("NSS_DISABLE_PMULL");
 +#if defined(__linux__)
      if (getauxval) {
          long hwcaps = getauxval(AT_HWCAP);
          arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL;
-@@ -144,6 +152,14 @@ CheckARMSupport()
+@@ -145,6 +153,14 @@ CheckARMSupport()
          arm_sha1_support_ = hwcaps & HWCAP_SHA1;
          arm_sha2_support_ = hwcaps & HWCAP_SHA2;
      }
@@ -52,14 +52,14 @@ elf_aux_info is similar to getauxval but is nop on aar
 +    uint64_t id_aa64isar0;
 +    id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
 +    arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
-+    arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++    arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
 +    arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
 +    arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
 +#endif /* defined(__linux__) */
      /* aarch64 must support NEON. */
      arm_neon_support_ = disable_arm_neon == NULL;
  }
-@@ -186,7 +202,7 @@ GetNeonSupport()
+@@ -187,7 +203,7 @@ GetNeonSupport()
      // If no getauxval, compiler generate NEON instruction by default,
      // we should allow NOEN support.
      return PR_TRUE;
@@ -68,7 +68,7 @@ elf_aux_info is similar to getauxval but is nop on aar
      // Android's cpu-features.c detects features by the following logic
      //
      // - Call getauxval(AT_HWCAP)
-@@ -200,6 +216,10 @@ GetNeonSupport()
+@@ -201,6 +217,10 @@ GetNeonSupport()
      if (getauxval) {
          return (getauxval(AT_HWCAP) & HWCAP_NEON);
      }
@@ -79,7 +79,7 @@ elf_aux_info is similar to getauxval but is nop on aar
  #endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */
      return PR_FALSE;
  }
-@@ -208,6 +228,7 @@ void
+@@ -249,6 +269,7 @@ void
  CheckARMSupport()
  {
      char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
@@ -87,10 +87,17 @@ elf_aux_info is similar to getauxval but is nop on aar
      if (getauxval) {
          // Android's cpu-features.c uses AT_HWCAP2 for newer features.
          // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust
-@@ -216,6 +237,14 @@ CheckARMSupport()
+@@ -257,13 +278,19 @@ CheckARMSupport()
          // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will
          // returns 0.
          long hwcaps = getauxval(AT_HWCAP2);
+-#ifdef __linux__
+         if (!hwcaps) {
+             // Some ARMv8 devices may not implement AT_HWCAP2. So we also
+             // read /proc/cpuinfo if AT_HWCAP2 is 0.
+             hwcaps = ReadCPUInfoForHWCAP2();
+         }
+-#endif
 +#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO)
 +    unsigned long hwcaps = 0;
 +    elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps));

Modified: head/security/nss/files/patch-coreconf_UNIX.mk
==============================================================================
--- head/security/nss/files/patch-coreconf_UNIX.mk	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/nss/files/patch-coreconf_UNIX.mk	Sat Aug 31 00:50:46 2019	(r510302)
@@ -8,6 +8,6 @@
  	DEFINES    += -UDEBUG -DNDEBUG
  else
 -	OPTIMIZER  += -g
- 	USERNAME   := $(shell whoami)
- 	USERNAME   := $(subst -,_,$(USERNAME))
- 	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
+ 	DEFINES    += -DDEBUG -UNDEBUG
+ endif
+ 

Modified: head/security/nss/files/patch-lib_freebl_blinit.c
==============================================================================
--- head/security/nss/files/patch-lib_freebl_blinit.c	Fri Aug 30 22:21:29 2019	(r510301)
+++ head/security/nss/files/patch-lib_freebl_blinit.c	Sat Aug 31 00:50:46 2019	(r510302)
@@ -2,23 +2,23 @@ qemu:handle_cpu_signal received signal outside vCPU co
 
 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037
 
---- lib/freebl/blinit.c.orig	2019-07-05 16:02:31 UTC
+--- lib/freebl/blinit.c.orig	2019-08-30 15:46:32 UTC
 +++ lib/freebl/blinit.c
-@@ -153,12 +153,14 @@ CheckARMSupport()
+@@ -154,12 +154,14 @@ CheckARMSupport()
          arm_sha2_support_ = hwcaps & HWCAP_SHA2;
      }
  #elif defined(__FreeBSD__)
 -    uint64_t id_aa64isar0;
 -    id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
 -    arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
--    arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
+-    arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
 -    arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
 -    arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
 +    if (!PR_GetEnvSecure("QEMU_EMULATING")) {
 +        uint64_t id_aa64isar0;
 +        id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
 +        arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
-+        arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++        arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
 +        arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
 +        arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
 +    }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908310050.x7V0olvM042151>