From owner-svn-ports-all@freebsd.org Sat Aug 31 00:50:48 2019 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEA8DDC9C4; Sat, 31 Aug 2019 00:50:48 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46KySm4CYvz3Fw2; Sat, 31 Aug 2019 00:50:48 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 728F18A01; Sat, 31 Aug 2019 00:50:48 +0000 (UTC) (envelope-from jbeich@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x7V0omqE042158; Sat, 31 Aug 2019 00:50:48 GMT (envelope-from jbeich@FreeBSD.org) Received: (from jbeich@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x7V0olvM042151; Sat, 31 Aug 2019 00:50:47 GMT (envelope-from jbeich@FreeBSD.org) Message-Id: <201908310050.x7V0olvM042151@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jbeich set sender to jbeich@FreeBSD.org using -f From: Jan Beich Date: Sat, 31 Aug 2019 00:50:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510302 - in head/security: ca_root_nss nss nss/files X-SVN-Group: ports-head X-SVN-Commit-Author: jbeich X-SVN-Commit-Paths: in head/security: ca_root_nss nss nss/files X-SVN-Commit-Revision: 510302 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Aug 2019 00:50:48 -0000 Author: jbeich Date: Sat Aug 31 00:50:46 2019 New Revision: 510302 URL: https://svnweb.freebsd.org/changeset/ports/510302 Log: security/nss: update to 3.46 Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_46_RTM ABI: https://abi-laboratory.pro/tracker/timeline/nss/ Modified: head/security/ca_root_nss/Makefile (contents, props changed) head/security/ca_root_nss/distinfo (contents, props changed) head/security/nss/Makefile (contents, props changed) head/security/nss/distinfo (contents, props changed) head/security/nss/files/patch-bug1575843 (contents, props changed) head/security/nss/files/patch-coreconf_UNIX.mk (contents, props changed) head/security/nss/files/patch-lib_freebl_blinit.c (contents, props changed) Modified: head/security/ca_root_nss/Makefile ============================================================================== --- head/security/ca_root_nss/Makefile Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/ca_root_nss/Makefile Sat Aug 31 00:50:46 2019 (r510302) @@ -32,7 +32,7 @@ PLIST_SUB+= CERTDIR=${CERTDIR} # !!! Please DO NOT submit patches for new version until it has !!! # !!! been committed there first. !!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -VERSION_NSS= 3.45 +VERSION_NSS= 3.46 #NSS_SUFFIX= -with-ckbi-1.98 CERTDATA_TXT_PATH= nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl Modified: head/security/ca_root_nss/distinfo ============================================================================== --- head/security/ca_root_nss/distinfo Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/ca_root_nss/distinfo Sat Aug 31 00:50:46 2019 (r510302) @@ -1,3 +1,3 @@ -TIMESTAMP = 1562342551 -SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b -SIZE (nss-3.45.tar.gz) = 76017462 +TIMESTAMP = 1567179992 +SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef +SIZE (nss-3.46.tar.gz) = 76417155 Modified: head/security/nss/Makefile ============================================================================== --- head/security/nss/Makefile Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/nss/Makefile Sat Aug 31 00:50:46 2019 (r510302) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= nss -PORTVERSION= 3.45 -PORTREVISION= 2 +PORTVERSION= 3.46 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src Modified: head/security/nss/distinfo ============================================================================== --- head/security/nss/distinfo Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/nss/distinfo Sat Aug 31 00:50:46 2019 (r510302) @@ -1,3 +1,3 @@ -TIMESTAMP = 1562342551 -SHA256 (nss-3.45.tar.gz) = 112f05223d1fde902c170966bfc6f011b24a838be16969b110ecf2bb7bc24e8b -SIZE (nss-3.45.tar.gz) = 76017462 +TIMESTAMP = 1567179992 +SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef +SIZE (nss-3.46.tar.gz) = 76417155 Modified: head/security/nss/files/patch-bug1575843 ============================================================================== --- head/security/nss/files/patch-bug1575843 Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/nss/files/patch-bug1575843 Sat Aug 31 00:50:46 2019 (r510302) @@ -2,7 +2,7 @@ Detect ARM CPU features on FreeBSD. elf_aux_info is similar to getauxval but is nop on aarch64. ---- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC +--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC +++ lib/freebl/blinit.c @@ -96,8 +96,8 @@ CheckX86CPUSupport() #ifndef __has_include @@ -36,15 +36,15 @@ elf_aux_info is similar to getauxval but is nop on aar // Defines from hwcap.h in Linux kernel - ARM64 #ifndef HWCAP_AES #define HWCAP_AES (1 << 3) -@@ -137,6 +144,7 @@ CheckARMSupport() - { +@@ -138,6 +145,7 @@ CheckARMSupport() char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON"); char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); + char *disable_pmull = PR_GetEnvSecure("NSS_DISABLE_PMULL"); +#if defined(__linux__) if (getauxval) { long hwcaps = getauxval(AT_HWCAP); arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL; -@@ -144,6 +152,14 @@ CheckARMSupport() +@@ -145,6 +153,14 @@ CheckARMSupport() arm_sha1_support_ = hwcaps & HWCAP_SHA1; arm_sha2_support_ = hwcaps & HWCAP_SHA2; } @@ -52,14 +52,14 @@ elf_aux_info is similar to getauxval but is nop on aar + uint64_t id_aa64isar0; + id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); + arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; -+ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; + arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; + arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; +#endif /* defined(__linux__) */ /* aarch64 must support NEON. */ arm_neon_support_ = disable_arm_neon == NULL; } -@@ -186,7 +202,7 @@ GetNeonSupport() +@@ -187,7 +203,7 @@ GetNeonSupport() // If no getauxval, compiler generate NEON instruction by default, // we should allow NOEN support. return PR_TRUE; @@ -68,7 +68,7 @@ elf_aux_info is similar to getauxval but is nop on aar // Android's cpu-features.c detects features by the following logic // // - Call getauxval(AT_HWCAP) -@@ -200,6 +216,10 @@ GetNeonSupport() +@@ -201,6 +217,10 @@ GetNeonSupport() if (getauxval) { return (getauxval(AT_HWCAP) & HWCAP_NEON); } @@ -79,7 +79,7 @@ elf_aux_info is similar to getauxval but is nop on aar #endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */ return PR_FALSE; } -@@ -208,6 +228,7 @@ void +@@ -249,6 +269,7 @@ void CheckARMSupport() { char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); @@ -87,10 +87,17 @@ elf_aux_info is similar to getauxval but is nop on aar if (getauxval) { // Android's cpu-features.c uses AT_HWCAP2 for newer features. // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust -@@ -216,6 +237,14 @@ CheckARMSupport() +@@ -257,13 +278,19 @@ CheckARMSupport() // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will // returns 0. long hwcaps = getauxval(AT_HWCAP2); +-#ifdef __linux__ + if (!hwcaps) { + // Some ARMv8 devices may not implement AT_HWCAP2. So we also + // read /proc/cpuinfo if AT_HWCAP2 is 0. + hwcaps = ReadCPUInfoForHWCAP2(); + } +-#endif +#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO) + unsigned long hwcaps = 0; + elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps)); Modified: head/security/nss/files/patch-coreconf_UNIX.mk ============================================================================== --- head/security/nss/files/patch-coreconf_UNIX.mk Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/nss/files/patch-coreconf_UNIX.mk Sat Aug 31 00:50:46 2019 (r510302) @@ -8,6 +8,6 @@ DEFINES += -UDEBUG -DNDEBUG else - OPTIMIZER += -g - USERNAME := $(shell whoami) - USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG + endif + Modified: head/security/nss/files/patch-lib_freebl_blinit.c ============================================================================== --- head/security/nss/files/patch-lib_freebl_blinit.c Fri Aug 30 22:21:29 2019 (r510301) +++ head/security/nss/files/patch-lib_freebl_blinit.c Sat Aug 31 00:50:46 2019 (r510302) @@ -2,23 +2,23 @@ qemu:handle_cpu_signal received signal outside vCPU co https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037 ---- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC +--- lib/freebl/blinit.c.orig 2019-08-30 15:46:32 UTC +++ lib/freebl/blinit.c -@@ -153,12 +153,14 @@ CheckARMSupport() +@@ -154,12 +154,14 @@ CheckARMSupport() arm_sha2_support_ = hwcaps & HWCAP_SHA2; } #elif defined(__FreeBSD__) - uint64_t id_aa64isar0; - id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); - arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; -- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; +- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; - arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; - arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; + if (!PR_GetEnvSecure("QEMU_EMULATING")) { + uint64_t id_aa64isar0; + id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); + arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; -+ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL && disable_pmull == NULL; + arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; + arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE; + }