CVS commit: pkgsrc/devel/nss

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Apr 15 08:54:54 UTC 2021

Modified Files:
        pkgsrc/devel/nss: Makefile distinfo
Added Files:
        pkgsrc/devel/nss/patches: patch-nss_lib_freebl_blapi.h
            patch-nss_lib_freebl_md5.c
            patch-nss_lib_freebl_sha-fast-amd64-sun.s

Log Message:
nss: restore symbol rename patches

While the link fix did fix the case of openssl calling nss code,
the other way round still happens, e.g. in libreoffice (since fixed to
not use nss) and konqueror.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.200 -r1.201 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/devel/nss/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/nss/patches/patch-nss_lib_freebl_blapi.h \
    pkgsrc/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s
cvs rdiff -u -r0 -r1.3 pkgsrc/devel/nss/patches/patch-nss_lib_freebl_md5.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/nss/Makefile
diff -u pkgsrc/devel/nss/Makefile:1.200 pkgsrc/devel/nss/Makefile:1.201
--- pkgsrc/devel/nss/Makefile:1.200     Fri Apr  9 06:40:59 2021
+++ pkgsrc/devel/nss/Makefile   Thu Apr 15 08:54:54 2021
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.200 2021/04/09 06:40:59 wiz Exp $
+# $NetBSD: Makefile,v 1.201 2021/04/15 08:54:54 wiz Exp $
 
 DISTNAME=              nss-${NSS_RELEASE:S/.0$//}
 NSS_RELEASE=           3.63.0
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            devel security
 MASTER_SITES=          ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/}
 

Index: pkgsrc/devel/nss/distinfo
diff -u pkgsrc/devel/nss/distinfo:1.125 pkgsrc/devel/nss/distinfo:1.126
--- pkgsrc/devel/nss/distinfo:1.125     Fri Apr  9 06:40:59 2021
+++ pkgsrc/devel/nss/distinfo   Thu Apr 15 08:54:54 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.125 2021/04/09 06:40:59 wiz Exp $
+$NetBSD: distinfo,v 1.126 2021/04/15 08:54:54 wiz Exp $
 
 SHA1 (nss-3.63.tar.gz) = ecdf1352cb35d43a2bb4e276ece100c30a26a0ec
 RMD160 (nss-3.63.tar.gz) = f2c4c73360c3370276b5cb468139c748ed590b8f
@@ -14,7 +14,10 @@ SHA1 (patch-nss_coreconf_NetBSD.mk) = ed
 SHA1 (patch-nss_coreconf_OpenBSD.mk) = 1a4c3711d5d1f7f9e8d58b36145b15d7e444d754
 SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74
 SHA1 (patch-nss_lib_freebl_aes-armv8.c) = aa698f61dd3d66ba707a9b5425bc15d057244ad7
+SHA1 (patch-nss_lib_freebl_blapi.h) = 1fa1acb0a988f71cf4229faa2cc9155a105b6799
 SHA1 (patch-nss_lib_freebl_gcm-aarch64.c) = 311cfe7ca58e91285052d0ca27bd2df3f325071b
+SHA1 (patch-nss_lib_freebl_md5.c) = 7d0b88710c3bc099f3a76bce8bb95a7538ccf0bc
+SHA1 (patch-nss_lib_freebl_sha-fast-amd64-sun.s) = 11a043550811b19f4c71b67971efe69855cb1071
 SHA1 (patch-nss_lib_util_utilpars.c) = 5d3000515b01037929730a752b7d7a0f46f06deb
 SHA1 (patch-nss_tests_all.sh) = b328778b538db66f5447f962f23afd6f650f7071
 SHA1 (patch-nss_tests_merge_merge.sh) = 42a4866d226b1076740ba9a5e42c7604f2cb15a7

Added files:

Index: pkgsrc/devel/nss/patches/patch-nss_lib_freebl_blapi.h
diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_freebl_blapi.h:1.1
--- /dev/null   Thu Apr 15 08:54:54 2021
+++ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_blapi.h       Thu Apr 15 08:54:54 2021
@@ -0,0 +1,29 @@
+$NetBSD: patch-nss_lib_freebl_blapi.h,v 1.1 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/blapi.h.orig        2021-03-18 14:22:42.000000000 +0000
++++ nss/lib/freebl/blapi.h
+@@ -1122,6 +1122,8 @@ extern void MD5_DestroyContext(MD5Contex
+ */
+ extern void MD5_Begin(MD5Context *cx);
+ 
++#define MD5_Update NSS_MD5_Update
++
+ /*
+ ** Update the MD5 hash function with more data.
+ **  "cx" the context
+@@ -1287,6 +1289,8 @@ extern void SHA1_DestroyContext(SHA1Cont
+ */
+ extern void SHA1_Begin(SHA1Context *cx);
+ 
++#define SHA1_Update NSS_SHA1_Update
++
+ /*
+ ** Update the SHA-1 hash function with more data.
+ **  "cx" the context
Index: pkgsrc/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s
diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s:1.1
--- /dev/null   Thu Apr 15 08:54:54 2021
+++ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_sha-fast-amd64-sun.s  Thu Apr 15 08:54:54 2021
@@ -0,0 +1,51 @@
+$NetBSD: patch-nss_lib_freebl_sha-fast-amd64-sun.s,v 1.1 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/sha-fast-amd64-sun.s.orig   2021-03-18 14:22:42.000000000 +0000
++++ nss/lib/freebl/sha-fast-amd64-sun.s
+@@ -1680,9 +1680,9 @@ shaCompress:
+ .LFE7:
+       .size   shaCompress, .-shaCompress
+       .align 16
+-.globl SHA1_Update
+-      .type   SHA1_Update, @function
+-SHA1_Update:
++.globl NSS_SHA1_Update
++      .type   NSS_SHA1_Update, @function
++NSS_SHA1_Update:
+ .LFB5:
+       pushq   %rbp
+ .LCFI5:
+@@ -1768,7 +1768,7 @@ SHA1_Update:
+       call    shaCompress
+       jmp     .L245
+ .LFE5:
+-      .size   SHA1_Update, .-SHA1_Update
++      .size   NSS_SHA1_Update, .-NSS_SHA1_Update
+       .section        .rodata
+       .align 32
+       .type   bulk_pad.0, @object
+@@ -1870,7 +1870,7 @@ SHA1_End:
+       subl    %r8d, %edx
+       andl    $63, %edx
+       incl    %edx
+-      call    SHA1_Update@PLT
++      call    NSS_SHA1_Update@PLT
+       movq    %rbx, %rdi
+       movq    %r12, %rsi
+       shrq    $32, %rdi
+@@ -1989,7 +1989,7 @@ SHA1_HashBuf:
+       movl    %r12d, %edx
+       movq    %r13, %rsi
+       movq    %rbx, %rdi
+-      call    SHA1_Update@PLT
++      call    NSS_SHA1_Update@PLT
+       leaq    -292(%rbp), %rdx
+       movq    %r14, %rsi
+       movq    %rbx, %rdi

Index: pkgsrc/devel/nss/patches/patch-nss_lib_freebl_md5.c
diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_freebl_md5.c:1.3
--- /dev/null   Thu Apr 15 08:54:54 2021
+++ pkgsrc/devel/nss/patches/patch-nss_lib_freebl_md5.c Thu Apr 15 08:54:54 2021
@@ -0,0 +1,41 @@
+$NetBSD: patch-nss_lib_freebl_md5.c,v 1.3 2021/04/15 08:54:54 wiz Exp $
+
+Some symbols conflict with openssl.
+If nss is loaded first, it can call into openssl's code,
+which has different struct sizes. This can lead to weird
+coredumps.
+
+https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
+
+--- nss/lib/freebl/md5.c.orig  2021-03-18 14:22:42.000000000 +0000
++++ nss/lib/freebl/md5.c
+@@ -205,7 +205,7 @@ MD5_HashBuf(unsigned char *dest, const u
+     MD5Context cx;
+ 
+     MD5_Begin(&cx);
+-    MD5_Update(&cx, src, src_length);
++    NSS_MD5_Update(&cx, src, src_length);
+     MD5_End(&cx, dest, &len, MD5_HASH_LEN);
+     memset(&cx, 0, sizeof cx);
+     return SECSuccess;
+@@ -419,7 +419,7 @@ md5_compress(MD5Context *cx, const PRUin
+ }
+ 
+ void
+-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
++NSS_MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+ {
+     PRUint32 bytesToConsume;
+     PRUint32 inBufIndex = cx->lsbInput & 63;
+@@ -509,9 +509,9 @@ MD5_End(MD5Context *cx, unsigned char *d
+     lowInput <<= 3;
+ 
+     if (inBufIndex < MD5_END_BUFFER) {
+-        MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
++        NSS_MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+     } else {
+-        MD5_Update(cx, padbytes,
++        NSS_MD5_Update(cx, padbytes,
+                    MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+     }
+