svn commit: r510302 - in head/security: ca_root_nss nss nss/files
Jan Beich
jbeich at FreeBSD.org
Sat Aug 31 00:50:48 UTC 2019
Author: jbeich
Date: Sat Aug 31 00:50:46 2019
New Revision: 510302
URL: https://svnweb.freebsd.org/changeset/ports/510302
Log:
security/nss: update to 3.46
Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_46_RTM
ABI: https://abi-laboratory.pro/tracker/timeline/nss/
Modified:
head/security/ca_root_nss/Makefile (contents, props changed)
head/security/ca_root_nss/distinfo (contents, props changed)
head/security/nss/Makefile (contents, props changed)
head/security/nss/distinfo (contents, props changed)
head/security/nss/files/patch-bug1575843 (contents, props changed)
head/security/nss/files/patch-coreconf_UNIX.mk (contents, props changed)
head/security/nss/files/patch-lib_freebl_blinit.c (contents, props changed)
Modified: head/security/ca_root_nss/Makefile
==============================================================================
--- head/security/ca_root_nss/Makefile Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/ca_root_nss/Makefile Sat Aug 31 00:50:46 2019 (r510302)
@@ -32,7 +32,7 @@ PLIST_SUB+= CERTDIR=${CERTDIR}
# !!! Please DO NOT submit patches for new version until it has !!!
# !!! been committed there first. !!!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-VERSION_NSS= 3.45
+VERSION_NSS= 3.46
#NSS_SUFFIX= -with-ckbi-1.98
CERTDATA_TXT_PATH= nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt
BUNDLE_PROCESSOR= MAca-bundle.pl
Modified: head/security/ca_root_nss/distinfo
==============================================================================
--- head/security/ca_root_nss/distinfo Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/ca_root_nss/distinfo Sat Aug 31 00:50:46 2019 (r510302)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1562342551
-SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b
-SIZE (nss-3.45.tar.gz) = 76017462
+TIMESTAMP = 1567179992
+SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef
+SIZE (nss-3.46.tar.gz) = 76417155
Modified: head/security/nss/Makefile
==============================================================================
--- head/security/nss/Makefile Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/nss/Makefile Sat Aug 31 00:50:46 2019 (r510302)
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= nss
-PORTVERSION= 3.45
-PORTREVISION= 2
+PORTVERSION= 3.46
CATEGORIES= security
MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
Modified: head/security/nss/distinfo
==============================================================================
--- head/security/nss/distinfo Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/nss/distinfo Sat Aug 31 00:50:46 2019 (r510302)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1562342551
-SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b
-SIZE (nss-3.45.tar.gz) = 76017462
+TIMESTAMP = 1567179992
+SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef
+SIZE (nss-3.46.tar.gz) = 76417155
Modified: head/security/nss/files/patch-bug1575843
==============================================================================
--- head/security/nss/files/patch-bug1575843 Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/nss/files/patch-bug1575843 Sat Aug 31 00:50:46 2019 (r510302)
@@ -2,7 +2,7 @@ Detect ARM CPU features on FreeBSD.
elf_aux_info is similar to getauxval but is nop on aarch64.
---- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC
+--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC
+++ lib/freebl/blinit.c
@@ -96,8 +96,8 @@ CheckX86CPUSupport()
#ifndef __has_include
@@ -36,15 +36,15 @@ elf_aux_info is similar to getauxval but is nop on aar
// Defines from hwcap.h in Linux kernel - ARM64
#ifndef HWCAP_AES
#define HWCAP_AES (1 << 3)
-@@ -137,6 +144,7 @@ CheckARMSupport()
- {
+@@ -138,6 +145,7 @@ CheckARMSupport()
char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON");
char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
+ char *disable_pmull = PR_GetEnvSecure("NSS_DISABLE_PMULL");
+#if defined(__linux__)
if (getauxval) {
long hwcaps = getauxval(AT_HWCAP);
arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL;
-@@ -144,6 +152,14 @@ CheckARMSupport()
+@@ -145,6 +153,14 @@ CheckARMSupport()
arm_sha1_support_ = hwcaps & HWCAP_SHA1;
arm_sha2_support_ = hwcaps & HWCAP_SHA2;
}
@@ -52,14 +52,14 @@ elf_aux_info is similar to getauxval but is nop on aar
+ uint64_t id_aa64isar0;
+ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
+ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
-+ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
+ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
+ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
+#endif /* defined(__linux__) */
/* aarch64 must support NEON. */
arm_neon_support_ = disable_arm_neon == NULL;
}
-@@ -186,7 +202,7 @@ GetNeonSupport()
+@@ -187,7 +203,7 @@ GetNeonSupport()
// If no getauxval, compiler generate NEON instruction by default,
// we should allow NOEN support.
return PR_TRUE;
@@ -68,7 +68,7 @@ elf_aux_info is similar to getauxval but is nop on aar
// Android's cpu-features.c detects features by the following logic
//
// - Call getauxval(AT_HWCAP)
-@@ -200,6 +216,10 @@ GetNeonSupport()
+@@ -201,6 +217,10 @@ GetNeonSupport()
if (getauxval) {
return (getauxval(AT_HWCAP) & HWCAP_NEON);
}
@@ -79,7 +79,7 @@ elf_aux_info is similar to getauxval but is nop on aar
#endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */
return PR_FALSE;
}
-@@ -208,6 +228,7 @@ void
+@@ -249,6 +269,7 @@ void
CheckARMSupport()
{
char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
@@ -87,10 +87,17 @@ elf_aux_info is similar to getauxval but is nop on aar
if (getauxval) {
// Android's cpu-features.c uses AT_HWCAP2 for newer features.
// AT_HWCAP2 is implemented on newer devices / kernel, so we can trust
-@@ -216,6 +237,14 @@ CheckARMSupport()
+@@ -257,13 +278,19 @@ CheckARMSupport()
// AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will
// returns 0.
long hwcaps = getauxval(AT_HWCAP2);
+-#ifdef __linux__
+ if (!hwcaps) {
+ // Some ARMv8 devices may not implement AT_HWCAP2. So we also
+ // read /proc/cpuinfo if AT_HWCAP2 is 0.
+ hwcaps = ReadCPUInfoForHWCAP2();
+ }
+-#endif
+#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO)
+ unsigned long hwcaps = 0;
+ elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps));
Modified: head/security/nss/files/patch-coreconf_UNIX.mk
==============================================================================
--- head/security/nss/files/patch-coreconf_UNIX.mk Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/nss/files/patch-coreconf_UNIX.mk Sat Aug 31 00:50:46 2019 (r510302)
@@ -8,6 +8,6 @@
DEFINES += -UDEBUG -DNDEBUG
else
- OPTIMIZER += -g
- USERNAME := $(shell whoami)
- USERNAME := $(subst -,_,$(USERNAME))
- DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
+ DEFINES += -DDEBUG -UNDEBUG
+ endif
+
Modified: head/security/nss/files/patch-lib_freebl_blinit.c
==============================================================================
--- head/security/nss/files/patch-lib_freebl_blinit.c Fri Aug 30 22:21:29 2019 (r510301)
+++ head/security/nss/files/patch-lib_freebl_blinit.c Sat Aug 31 00:50:46 2019 (r510302)
@@ -2,23 +2,23 @@ qemu:handle_cpu_signal received signal outside vCPU co
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037
---- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC
+--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC
+++ lib/freebl/blinit.c
-@@ -153,12 +153,14 @@ CheckARMSupport()
+@@ -154,12 +154,14 @@ CheckARMSupport()
arm_sha2_support_ = hwcaps & HWCAP_SHA2;
}
#elif defined(__FreeBSD__)
- uint64_t id_aa64isar0;
- id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
- arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
-- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
+- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
- arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
- arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
+ if (!PR_GetEnvSecure("QEMU_EMULATING")) {
+ uint64_t id_aa64isar0;
+ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
+ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
-+ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL;
+ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
+ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE;
+ }
More information about the svn-ports-all
mailing list