From fa9ce3eee8df90c17f50a26e5ddfa89b922854d1 Mon Sep 17 00:00:00 2001 From: ziggi Date: Thu, 16 Jan 2020 13:25:39 +0000 Subject: [PATCH] update nss --- crypto/libnss/Makefile | 13 +- crypto/libnss/distinfo | 6 +- crypto/libnss/files/patch-bug1335284 | 11 - crypto/libnss/files/patch-bug1575843 | 111 ++++++++++ crypto/libnss/files/patch-bug301986 | 2 +- crypto/libnss/files/patch-const | 24 ++- crypto/libnss/files/patch-coreconf_FreeBSD.mk | 17 +- crypto/libnss/files/patch-coreconf_UNIX.mk | 10 +- crypto/libnss/files/patch-coreconf_arch.mk | 6 +- crypto/libnss/files/patch-coreconf_command.mk | 4 +- crypto/libnss/files/patch-coreconf_ruleset.mk | 4 +- crypto/libnss/files/patch-lib-freebl-Makefile | 8 +- crypto/libnss/files/patch-lib_freebl_blinit.c | 27 +++ .../files/patch-lib_freebl_mpi_mpcpucache.c | 6 +- .../libnss/files/patch-lib_softoken_pkcs11c.c | 10 +- crypto/libnss/files/patch-sysdb | 197 +++++++++--------- crypto/libnss/files/patch-tests | 10 - crypto/libnss/pkg-plist | 4 +- 18 files changed, 298 insertions(+), 172 deletions(-) delete mode 100644 crypto/libnss/files/patch-bug1335284 create mode 100644 crypto/libnss/files/patch-bug1575843 create mode 100644 crypto/libnss/files/patch-lib_freebl_blinit.c delete mode 100644 crypto/libnss/files/patch-tests diff --git a/crypto/libnss/Makefile b/crypto/libnss/Makefile index da8ceab7..d317c82f 100644 --- a/crypto/libnss/Makefile +++ b/crypto/libnss/Makefile @@ -2,8 +2,7 @@ # $FreeBSD: head/security/nss/Makefile 439231 2017-04-23 16:11:22Z jbeich $ PORTNAME= nss -PORTVERSION= 3.30.2 -#DISTVERSIONSUFFIX= -with-ckbi-1.98 +PORTVERSION= 3.47.1 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src PKGNAMEPREFIX= lib @@ -27,7 +26,9 @@ MAKE_ENV+= SQLITE_INCLUDE_DIR="${LOCALBASE}/include" MAKE_ENV+= FREEBL_LOWHASH=1 MAKE_ENV+= NSS_DISABLE_GTESTS=1 MAKE_ENV+= NSS_USE_SYSTEM_SQLITE=1 -MAKE_ENV+= NSS_ENABLE_WERROR=0 +MAKE_ENV+= NSS_ENABLE_WERROR=0 +MAKE_ENV+= DEBUG=0 + #MAKE_ENV+= CC_IS_CLANG=0 CFLAGS+= -I${LOCALBASE}/include/nspr @@ -38,7 +39,7 @@ DIST= ${WRKSRC:H}/dist EXTRACT_AFTER_ARGS=--exclude */lib/zlib --exclude */lib/dbm --exclude */lib/sqlite -INSTALL_BINS+= certcgi +#INSTALL_BINS+= certcgi INSTALL_BINS+= certutil INSTALL_BINS+= cmsutil INSTALL_BINS+= crlutil @@ -92,8 +93,8 @@ post-patch: cd ${WRKSRC} && \ ${FIND} . -name "*.c" -o -name "*.h" | \ ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"||' - ${FIND} ${WRKSRC}/tests -name '*.sh' | ${XARGS} ${GREP} -l -F '/bin/bash' | \ - ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|' +# ${FIND} ${WRKSRC}/tests -name '*.sh' | ${XARGS} ${GREP} -l -F '/bin/bash' | \ +# ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|' do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss ${STAGEDIR}${PREFIX}/lib diff --git a/crypto/libnss/distinfo b/crypto/libnss/distinfo index c42643b7..63fe2dea 100644 --- a/crypto/libnss/distinfo +++ b/crypto/libnss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492698350 -SHA256 (nss-3.30.2.tar.gz) = 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 -SIZE (nss-3.30.2.tar.gz) = 9499119 +TIMESTAMP = 1579179550 +SHA256 (nss-3.47.1.tar.gz) = 1ae3d1cb1de345b258788f2ef6b10a460068034c3fd64f42427a183d8342a6fb +SIZE (nss-3.47.1.tar.gz) = 76462846 diff --git a/crypto/libnss/files/patch-bug1335284 b/crypto/libnss/files/patch-bug1335284 deleted file mode 100644 index 034864ad..00000000 --- a/crypto/libnss/files/patch-bug1335284 +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/softoken/softoken.h.orig 2017-01-30 01:06:08 UTC -+++ lib/softoken/softoken.h -@@ -183,7 +183,7 @@ extern PRBool sftk_fatalError; - - #define CHECK_FORK_MIXED - --#elif defined(LINUX) || defined(__GLIBC__) -+#elif defined(LINUX) || defined(__GLIBC__) || defined(FREEBSD) || defined(OPENBSD) - - #define CHECK_FORK_PTHREAD - diff --git a/crypto/libnss/files/patch-bug1575843 b/crypto/libnss/files/patch-bug1575843 new file mode 100644 index 00000000..b9ba15c0 --- /dev/null +++ b/crypto/libnss/files/patch-bug1575843 @@ -0,0 +1,111 @@ +Detect ARM CPU features on FreeBSD. + +elf_aux_info is similar to getauxval but is nop on aarch64. + +--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC ++++ lib/freebl/blinit.c +@@ -96,8 +96,8 @@ CheckX86CPUSupport() + #ifndef __has_include + #define __has_include(x) 0 + #endif +-#if (__has_include() || defined(__linux__)) && \ +- defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) ++#if defined(__linux__) ++#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) + /* This might be conflict with host compiler */ + #if !defined(__ANDROID__) + #include +@@ -106,6 +106,10 @@ extern unsigned long getauxval(unsigned long type) __a + #else + static unsigned long (*getauxval)(unsigned long) = NULL; + #endif /* defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)*/ ++#elif defined(__FreeBSD__) && __has_include() ++#include ++#define HAVE_ELF_AUX_INFO ++#endif /* defined(__linux__) */ + + #ifndef AT_HWCAP2 + #define AT_HWCAP2 26 +@@ -118,6 +122,9 @@ static unsigned long (*getauxval)(unsigned long) = NUL + /* clang-format on */ + + #if defined(__aarch64__) ++#if defined(__FreeBSD__) ++#include ++#endif + // Defines from hwcap.h in Linux kernel - ARM64 + #ifndef HWCAP_AES + #define HWCAP_AES (1 << 3) +@@ -138,6 +145,7 @@ CheckARMSupport() + char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON"); + char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); + char *disable_pmull = PR_GetEnvSecure("NSS_DISABLE_PMULL"); ++#if defined(__linux__) + if (getauxval) { + long hwcaps = getauxval(AT_HWCAP); + arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL; +@@ -145,6 +153,14 @@ CheckARMSupport() + arm_sha1_support_ = hwcaps & HWCAP_SHA1; + arm_sha2_support_ = hwcaps & HWCAP_SHA2; + } ++#elif defined(__FreeBSD__) ++ uint64_t id_aa64isar0; ++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); ++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; ++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; ++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; ++#endif /* defined(__linux__) */ + /* aarch64 must support NEON. */ + arm_neon_support_ = disable_arm_neon == NULL; + } +@@ -187,7 +203,7 @@ GetNeonSupport() + // If no getauxval, compiler generate NEON instruction by default, + // we should allow NOEN support. + return PR_TRUE; +-#elif !defined(__ANDROID__) ++#elif defined(__linux__) && !defined(__ANDROID__) + // Android's cpu-features.c detects features by the following logic + // + // - Call getauxval(AT_HWCAP) +@@ -201,6 +217,10 @@ GetNeonSupport() + if (getauxval) { + return (getauxval(AT_HWCAP) & HWCAP_NEON); + } ++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO) ++ unsigned long hwcap = 0; ++ elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)); ++ return (hwcap & HWCAP_NEON); + #endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */ + return PR_FALSE; + } +@@ -249,6 +269,7 @@ void + CheckARMSupport() + { + char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); ++#if defined(__linux__) + if (getauxval) { + // Android's cpu-features.c uses AT_HWCAP2 for newer features. + // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust +@@ -257,13 +278,19 @@ CheckARMSupport() + // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will + // returns 0. + long hwcaps = getauxval(AT_HWCAP2); +-#ifdef __linux__ + if (!hwcaps) { + // Some ARMv8 devices may not implement AT_HWCAP2. So we also + // read /proc/cpuinfo if AT_HWCAP2 is 0. + hwcaps = ReadCPUInfoForHWCAP2(); + } +-#endif ++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO) ++ unsigned long hwcaps = 0; ++ elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps)); ++ { ++#else ++ if (0) { ++ unsigned long hwcaps = 0; ++#endif /* defined(__linux__) */ + arm_aes_support_ = hwcaps & HWCAP2_AES && disable_hw_aes == NULL; + arm_pmull_support_ = hwcaps & HWCAP2_PMULL; + arm_sha1_support_ = hwcaps & HWCAP2_SHA1; diff --git a/crypto/libnss/files/patch-bug301986 b/crypto/libnss/files/patch-bug301986 index 9ae42321..ca5795e0 100644 --- a/crypto/libnss/files/patch-bug301986 +++ b/crypto/libnss/files/patch-bug301986 @@ -1,4 +1,4 @@ ---- lib/util/nssilckt.h~ +--- lib/util/nssilckt.h.orig 2018-08-31 12:55:53 UTC +++ lib/util/nssilckt.h @@ -163,7 +163,7 @@ typedef enum { ** Declare the trace record diff --git a/crypto/libnss/files/patch-const b/crypto/libnss/files/patch-const index ccefa75c..8c04e31b 100644 --- a/crypto/libnss/files/patch-const +++ b/crypto/libnss/files/patch-const @@ -1,23 +1,27 @@ ---- cmd/modutil/modutil.h Sun Apr 25 11:02:47 2004 -+++ cmd/modutil/modutil.h Fri Jul 22 17:35:20 2005 -@@ -53,6 +53,6 @@ +--- cmd/modutil/modutil.h.orig 2018-08-31 12:55:53 UTC ++++ cmd/modutil/modutil.h +@@ -22,8 +22,8 @@ #include "error.h" + Error LoadMechanismList(void); -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); +Error FipsMode(const char *arg); +Error ChkFipsMode(const char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, - char *mechanisms, char* modparms); ---- cmd/modutil/pk11.c Sun Apr 25 11:02:47 2004 -+++ cmd/modutil/pk11.c Fri Jul 22 17:36:48 2005 -@@ -53,5 +53,5 @@ + char *mechanisms, char *modparms); + Error DeleteModule(char *moduleName); +--- cmd/modutil/pk11.c.orig 2018-08-31 12:55:53 UTC ++++ cmd/modutil/pk11.c +@@ -16,7 +16,7 @@ + * disable FIPS mode on the internal module. */ Error -FipsMode(char *arg) +FipsMode(const char *arg) { char *internal_name; + @@ -25,16 +25,18 @@ FipsMode(char *arg) internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); @@ -39,10 +43,12 @@ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); -@@ -112,5 +114,5 @@ +@@ -75,7 +77,7 @@ FipsMode(char *arg) + * If arg=="false", verify FIPS mode is disabled on the internal module. */ Error -ChkFipsMode(char *arg) +ChkFipsMode(const char *arg) { - if(!PORT_Strcasecmp(arg, "true")) { + if (!PORT_Strcasecmp(arg, "true")) { + if (PK11_IsFIPS()) { diff --git a/crypto/libnss/files/patch-coreconf_FreeBSD.mk b/crypto/libnss/files/patch-coreconf_FreeBSD.mk index 2cbc8d92..16badb8b 100644 --- a/crypto/libnss/files/patch-coreconf_FreeBSD.mk +++ b/crypto/libnss/files/patch-coreconf_FreeBSD.mk @@ -1,6 +1,6 @@ ---- coreconf/FreeBSD.mk.orig 2009-08-22 07:33:09.000000000 +0200 -+++ coreconf/FreeBSD.mk 2010-03-28 23:01:33.000000000 +0200 -@@ -37,9 +37,9 @@ +--- coreconf/FreeBSD.mk.orig 2018-08-31 12:55:53 UTC ++++ coreconf/FreeBSD.mk +@@ -5,9 +5,9 @@ include $(CORE_DEPTH)/coreconf/UNIX.mk @@ -13,7 +13,7 @@ RANLIB = ranlib CPU_ARCH = $(OS_TEST) -@@ -52,6 +52,16 @@ endif +@@ -20,7 +20,17 @@ endif ifeq ($(CPU_ARCH),amd64) CPU_ARCH = x86_64 endif @@ -23,13 +23,14 @@ +ifneq (,$(filter powerpc%, $(CPU_ARCH))) +CPU_ARCH = ppc +endif -+ + +ifneq (,$(filter %64, $(OS_TEST))) +USE_64 = 1 +endif ++ + OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK - OS_CFLAGS = $(DSO_CFLAGS) -ansi -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK - + DSO_CFLAGS = -fPIC @@ -46,7 +56,11 @@ else DLL_SUFFIX = so.1.0 endif @@ -43,7 +44,7 @@ ifdef MAPFILE MKSHLIB += -Wl,--version-script,$(MAPFILE) endif -@@ -87,4 +100,5 @@ +@@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \ G++INCLUDES = -I/usr/include/g++ diff --git a/crypto/libnss/files/patch-coreconf_UNIX.mk b/crypto/libnss/files/patch-coreconf_UNIX.mk index 6a020fa1..2cfeb3f2 100644 --- a/crypto/libnss/files/patch-coreconf_UNIX.mk +++ b/crypto/libnss/files/patch-coreconf_UNIX.mk @@ -1,6 +1,6 @@ ---- coreconf/UNIX.mk~ +--- coreconf/UNIX.mk.orig 2018-08-31 12:55:53 UTC +++ coreconf/UNIX.mk -@@ -42,10 +42,8 @@ AR = ar cr $@ +@@ -10,10 +10,8 @@ AR = ar cr $@ LDOPTS += -L$(SOURCE_LIB_DIR) ifdef BUILD_OPT @@ -8,6 +8,6 @@ DEFINES += -UDEBUG -DNDEBUG else - OPTIMIZER += -g - USERNAME := $(shell whoami) - USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG + endif + diff --git a/crypto/libnss/files/patch-coreconf_arch.mk b/crypto/libnss/files/patch-coreconf_arch.mk index 5a95a494..3f5c76ab 100644 --- a/crypto/libnss/files/patch-coreconf_arch.mk +++ b/crypto/libnss/files/patch-coreconf_arch.mk @@ -1,6 +1,6 @@ ---- coreconf/arch.mk.orig 2011-03-03 18:13:52.000000000 +0100 -+++ coreconf/arch.mk 2011-03-03 18:14:09.000000000 +0100 -@@ -66,7 +66,7 @@ +--- coreconf/arch.mk.orig 2018-08-31 12:55:53 UTC ++++ coreconf/arch.mk +@@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)) # Attempt to differentiate between sparc and x86 Solaris # diff --git a/crypto/libnss/files/patch-coreconf_command.mk b/crypto/libnss/files/patch-coreconf_command.mk index 43d432b0..1d7e801b 100644 --- a/crypto/libnss/files/patch-coreconf_command.mk +++ b/crypto/libnss/files/patch-coreconf_command.mk @@ -1,5 +1,5 @@ ---- coreconf/command.mk Mon Oct 10 19:46:12 2005 -+++ coreconf/command.mk Wed Jan 18 17:23:28 2006 +--- coreconf/command.mk.orig 2018-08-31 12:55:53 UTC ++++ coreconf/command.mk @@ -12,7 +12,7 @@ AS = $(CC) ASFLAGS += $(CFLAGS) CCF = $(CC) $(CFLAGS) diff --git a/crypto/libnss/files/patch-coreconf_ruleset.mk b/crypto/libnss/files/patch-coreconf_ruleset.mk index 44c8b8f0..40b16c35 100644 --- a/crypto/libnss/files/patch-coreconf_ruleset.mk +++ b/crypto/libnss/files/patch-coreconf_ruleset.mk @@ -1,6 +1,6 @@ ---- coreconf/ruleset.mk~ +--- coreconf/ruleset.mk.orig 2018-08-31 12:55:53 UTC +++ coreconf/ruleset.mk -@@ -85,7 +85,7 @@ +@@ -53,7 +53,7 @@ # ifndef COMPILER_TAG diff --git a/crypto/libnss/files/patch-lib-freebl-Makefile b/crypto/libnss/files/patch-lib-freebl-Makefile index ff51b6c4..b4217429 100644 --- a/crypto/libnss/files/patch-lib-freebl-Makefile +++ b/crypto/libnss/files/patch-lib-freebl-Makefile @@ -1,11 +1,11 @@ ---- lib/freebl/Makefile~ +--- lib/freebl/Makefile.orig 2018-08-31 12:55:53 UTC +++ lib/freebl/Makefile -@@ -201,7 +201,7 @@ ifeq ($(USE_N32),1) - endif +@@ -215,7 +215,7 @@ ifeq ($(CPU_ARCH),x86) endif + endif # Darwin -ifeq ($(OS_TARGET),Linux) +ifeq (,$(filter-out Linux FreeBSD, $(OS_TARGET))) ifeq ($(CPU_ARCH),x86_64) ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s - ASFLAGS += -march=opteron -m64 -fPIC -Wa,--noexecstack + ASFLAGS += -fPIC -Wa,--noexecstack diff --git a/crypto/libnss/files/patch-lib_freebl_blinit.c b/crypto/libnss/files/patch-lib_freebl_blinit.c new file mode 100644 index 00000000..861765a1 --- /dev/null +++ b/crypto/libnss/files/patch-lib_freebl_blinit.c @@ -0,0 +1,27 @@ +qemu:handle_cpu_signal received signal outside vCPU context + +https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037 + +--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC ++++ lib/freebl/blinit.c +@@ -154,12 +154,14 @@ CheckARMSupport() + arm_sha2_support_ = hwcaps & HWCAP_SHA2; + } + #elif defined(__FreeBSD__) +- uint64_t id_aa64isar0; +- id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); +- arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; +- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; +- arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; +- arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; ++ if (!PR_GetEnvSecure("QEMU_EMULATING")) { ++ uint64_t id_aa64isar0; ++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); ++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; ++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; ++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; ++ } + #endif /* defined(__linux__) */ + /* aarch64 must support NEON. */ + arm_neon_support_ = disable_arm_neon == NULL; diff --git a/crypto/libnss/files/patch-lib_freebl_mpi_mpcpucache.c b/crypto/libnss/files/patch-lib_freebl_mpi_mpcpucache.c index e8acd48c..9e55c243 100644 --- a/crypto/libnss/files/patch-lib_freebl_mpi_mpcpucache.c +++ b/crypto/libnss/files/patch-lib_freebl_mpi_mpcpucache.c @@ -1,5 +1,5 @@ ---- lib/freebl/mpi/mpcpucache.c.orig 2010-06-11 22:39:33.000000000 +0200 -+++ lib/freebl/mpi/mpcpucache.c 2010-06-11 22:40:20.000000000 +0200 +--- lib/freebl/mpi/mpcpucache.c.orig 2018-08-31 12:55:53 UTC ++++ lib/freebl/mpi/mpcpucache.c @@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize() #endif @@ -17,7 +17,7 @@ +{ + static int cacheline_size = 0; + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE }; -+ int clen; ++ size_t clen; + + if (cacheline_size > 0) + return cacheline_size; diff --git a/crypto/libnss/files/patch-lib_softoken_pkcs11c.c b/crypto/libnss/files/patch-lib_softoken_pkcs11c.c index 7bb450ba..939bd87d 100644 --- a/crypto/libnss/files/patch-lib_softoken_pkcs11c.c +++ b/crypto/libnss/files/patch-lib_softoken_pkcs11c.c @@ -1,6 +1,6 @@ ---- lib/softoken/pkcs11c.c.orig 2010-05-05 14:36:05.000000000 +0000 -+++ lib/softoken/pkcs11c.c 2010-05-05 14:37:25.000000000 +0000 -@@ -5679,9 +5679,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S +--- lib/softoken/pkcs11c.c.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/pkcs11c.c +@@ -5772,9 +5772,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) break; case NSSLOWKEYDSAKey: keyType = CKK_DSA; @@ -10,8 +10,8 @@ crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if (crv != CKR_OK) -@@ -5722,9 +5719,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S - #ifndef NSS_DISABLE_ECC +@@ -5814,9 +5811,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) + /* what about fortezza??? */ case NSSLOWKEYECKey: keyType = CKK_EC; - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT; diff --git a/crypto/libnss/files/patch-sysdb b/crypto/libnss/files/patch-sysdb index bbef0a77..cdc0aaa9 100644 --- a/crypto/libnss/files/patch-sysdb +++ b/crypto/libnss/files/patch-sysdb @@ -1,6 +1,72 @@ ---- lib/softoken/legacydb/cdbhdl.h.orig 2009-08-31 12:33:12.000000000 +0200 -+++ lib/softoken/legacydb/cdbhdl.h 2009-08-31 12:33:36.000000000 +0200 -@@ -43,7 +43,8 @@ +--- cmd/platlibs.mk.orig 2018-08-31 12:55:53 UTC ++++ cmd/platlibs.mk +@@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG + ifdef NSS_DISABLE_DBM + DBMLIB = $(NULL) + else +-DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) ++DBMLIB = $(NULL) + endif + + ifeq ($(NSS_BUILD_UTIL_ONLY),1) +--- lib/certdb/xauthkid.c.orig 2018-08-31 12:55:53 UTC ++++ lib/certdb/xauthkid.c +@@ -7,7 +7,7 @@ + * + */ + +-#include "prtypes.h" ++#include + #include "seccomon.h" + #include "secdert.h" + #include "secoidt.h" +--- lib/certdb/xbsconst.c.orig 2018-08-31 12:55:53 UTC ++++ lib/certdb/xbsconst.c +@@ -6,7 +6,7 @@ + * X.509 v3 Basic Constraints Extension + */ + +-#include "prtypes.h" ++#include + #include /* for LONG_MAX */ + #include "seccomon.h" + #include "secdert.h" +--- lib/certdb/xconst.c.orig 2018-08-31 12:55:53 UTC ++++ lib/certdb/xconst.c +@@ -6,7 +6,7 @@ + * X.509 Extension Encoding + */ + +-#include "prtypes.h" ++#include + #include "seccomon.h" + #include "secdert.h" + #include "secoidt.h" +--- lib/ckfw/dbm/ckdbm.h.orig 2018-08-31 12:55:53 UTC ++++ lib/ckfw/dbm/ckdbm.h +@@ -23,7 +23,7 @@ + #include "ckt.h" + #endif /* CKT_H */ + +-#include "mcom_db.h" ++#include + + NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; + +--- lib/manifest.mn.orig 2018-08-31 12:55:53 UTC ++++ lib/manifest.mn +@@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY + SOFTOKEN_SRCDIRS = \ + $(FREEBL_SRCDIR) \ + $(SQLITE_SRCDIR) \ +- $(DBM_SRCDIR) \ ++ $(NULL) \ + $(SOFTOKEN_SRCDIR) \ + $(NULL) + ifndef NSS_BUILD_SOFTOKEN_ONLY +--- lib/softoken/legacydb/cdbhdl.h.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/cdbhdl.h +@@ -9,7 +9,8 @@ #define _CDBHDL_H_ #include "nspr.h" @@ -10,12 +76,21 @@ #include "pcertt.h" #include "prtypes.h" - ---- lib/softoken/legacydb/dbmshim.c.orig 2009-08-31 10:40:23.000000000 +0200 -+++ lib/softoken/legacydb/dbmshim.c 2009-08-31 10:40:35.000000000 +0200 -@@ -39,7 +39,8 @@ - * - * $Id: dbmshim.c,v 1.2 2007/06/13 00:24:57 rrelyea%redhat.com Exp $ +--- lib/softoken/legacydb/config.mk.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/config.mk +@@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX + + EXTRA_LIBS += \ + $(CRYPTOLIB) \ +- $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \ + $(NULL) + + # can't do this in manifest.mn because OS_TARGET isn't defined there. +--- lib/softoken/legacydb/dbmshim.c.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/dbmshim.c +@@ -5,7 +5,8 @@ + /* + * Berkeley DB 1.85 Shim code to handle blobs. */ -#include "mcom_db.h" +#include @@ -23,9 +98,9 @@ #include "secitem.h" #include "nssb64.h" #include "blapi.h" ---- lib/softoken/legacydb/keydb.c.orig 2009-08-31 10:40:04.000000000 +0200 -+++ lib/softoken/legacydb/keydb.c 2009-08-31 10:40:08.000000000 +0200 -@@ -43,7 +43,6 @@ +--- lib/softoken/legacydb/keydb.c.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/keydb.c +@@ -9,7 +9,6 @@ #include "blapi.h" #include "secitem.h" #include "pcert.h" @@ -33,9 +108,9 @@ #include "secerr.h" #include "keydbi.h" ---- lib/softoken/legacydb/keydbi.h.orig 2009-08-31 12:33:17.000000000 +0200 -+++ lib/softoken/legacydb/keydbi.h 2009-08-31 12:34:13.000000000 +0200 -@@ -43,5 +43,5 @@ +--- lib/softoken/legacydb/keydbi.h.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/keydbi.h +@@ -10,7 +10,7 @@ #include "nspr.h" #include "seccomon.h" @@ -44,9 +119,9 @@ /* * Handle structure for open key databases ---- lib/softoken/legacydb/pcertdb.c.orig 2009-08-31 10:40:52.000000000 +0200 -+++ lib/softoken/legacydb/pcertdb.c 2009-08-31 10:41:26.000000000 +0200 -@@ -41,7 +41,8 @@ +--- lib/softoken/legacydb/pcertdb.c.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/pcertdb.c +@@ -7,7 +7,8 @@ */ #include "lowkeyti.h" #include "pcert.h" @@ -56,91 +131,15 @@ #include "pcert.h" #include "secitem.h" #include "secder.h" ---- lib/softoken/legacydb/pk11db.c.orig 2009-08-31 10:40:57.000000000 +0200 -+++ lib/softoken/legacydb/pk11db.c 2009-08-31 10:41:55.000000000 +0200 -@@ -41,7 +41,8 @@ +--- lib/softoken/legacydb/pk11db.c.orig 2018-08-31 12:55:53 UTC ++++ lib/softoken/legacydb/pk11db.c +@@ -8,7 +8,8 @@ + */ - #include "pk11pars.h" #include "lgdb.h" -#include "mcom_db.h" +#include +#include #include "secerr.h" + #include "utilpars.h" - #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } ---- lib/ckfw/dbm/ckdbm.h.orig 2009-08-31 10:46:00.000000000 +0200 -+++ lib/ckfw/dbm/ckdbm.h 2009-08-31 10:46:22.000000000 +0200 -@@ -59,7 +59,7 @@ - #include "ckt.h" - #endif /* CKT_H */ - --#include "mcom_db.h" -+#include - - NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; - ---- lib/softoken/legacydb/config.mk.orig 2009-08-31 12:39:49.000000000 +0200 -+++ lib/softoken/legacydb/config.mk 2009-08-31 12:40:03.000000000 +0200 -@@ -40,7 +40,6 @@ - - EXTRA_LIBS += \ - $(CRYPTOLIB) \ -- $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \ - $(NULL) - - # can't do this in manifest.mn because OS_TARGET isn't defined there. ---- lib/certdb/xauthkid.c.orig 2009-08-31 12:43:13.000000000 +0200 -+++ lib/certdb/xauthkid.c 2009-08-31 12:44:21.000000000 +0200 -@@ -39,7 +39,7 @@ - * - */ - --#include "prtypes.h" -+#include - #include "seccomon.h" - #include "secdert.h" - #include "secoidt.h" ---- lib/certdb/xbsconst.c.orig 2009-08-31 12:43:22.000000000 +0200 -+++ lib/certdb/xbsconst.c 2009-08-31 12:44:41.000000000 +0200 -@@ -38,7 +38,7 @@ - * X.509 v3 Basic Constraints Extension - */ - --#include "prtypes.h" -+#include - #include /* for LONG_MAX */ - #include "seccomon.h" - #include "secdert.h" ---- lib/certdb/xconst.c.orig 2009-08-31 12:43:46.000000000 +0200 -+++ lib/certdb/xconst.c 2009-08-31 12:44:50.000000000 +0200 -@@ -38,7 +38,7 @@ - * X.509 Extension Encoding - */ - --#include "prtypes.h" -+#include - #include "seccomon.h" - #include "secdert.h" - #include "secoidt.h" ---- lib/manifest.mn~ -+++ lib/manifest.mn -@@ -20,7 +20,7 @@ DIRS = \ - $(UTIL_SRCDIR) \ - $(FREEBL_SRCDIR) \ - $(SQLITE_SRCDIR) \ -- $(DBM_SRCDIR) \ -+ $(NULL) \ - $(SOFTOKEN_SRCDIR) \ - base dev pki \ - libpkix \ ---- cmd/platlibs.mk.orig 2009-08-31 12:57:13.000000000 +0200 -+++ cmd/platlibs.mk 2009-08-31 12:57:29.000000000 +0200 -@@ -85,7 +85,7 @@ - ifdef NSS_DISABLE_DBM - DBMLIB = $(NULL) - else --DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) -+DBMLIB = $(NULL) - endif - - ifdef USE_STATIC_LIBS diff --git a/crypto/libnss/files/patch-tests b/crypto/libnss/files/patch-tests deleted file mode 100644 index 2ff07f35..00000000 --- a/crypto/libnss/files/patch-tests +++ /dev/null @@ -1,10 +0,0 @@ ---- tests/common/init.sh Mon Apr 11 22:24:17 2005 -+++ tests/common/init.sh Fri Jul 22 16:55:36 2005 -@@ -197,5 +197,6 @@ - case $HOST in - *\.*) -- HOST=`echo $HOST | sed -e "s/\..*//"` -+ DOMSUF=${HOST#*.} # remove Smallest Prefix matching ``*.'' -+ HOST=${HOST%%.*} # remove Largest Suffix ``.*''. See sh(1) - ;; - ?*) diff --git a/crypto/libnss/pkg-plist b/crypto/libnss/pkg-plist index 2f13c30a..ac556e05 100644 --- a/crypto/libnss/pkg-plist +++ b/crypto/libnss/pkg-plist @@ -1,4 +1,3 @@ -bin/certcgi bin/certutil bin/cmsutil bin/crlutil @@ -88,6 +87,7 @@ include/nss/nss/pkcs11n.h include/nss/nss/pkcs11p.h include/nss/nss/pkcs11t.h include/nss/nss/pkcs11u.h +include/nss/nss/pkcs11uri.h include/nss/nss/pkcs12.h include/nss/nss/pkcs12t.h include/nss/nss/pkcs1sig.h @@ -116,6 +116,7 @@ include/nss/nss/shsign.h include/nss/nss/smime.h include/nss/nss/ssl.h include/nss/nss/sslerr.h +include/nss/nss/sslexp.h include/nss/nss/sslproto.h include/nss/nss/sslt.h include/nss/nss/utilmodt.h @@ -126,6 +127,7 @@ lib/libcrmf.a lib/libfreebl3.so lib/libfreeblpriv3.so lib/libnss3.so +lib/libnssckbi-testlib.so lib/libnssckbi.so lib/libnssdbm3.so lib/libnssutil3.so