Index: branches/2018Q1/security/ca_root_nss/Makefile =================================================================== --- branches/2018Q1/security/ca_root_nss/Makefile (revision 463939) +++ branches/2018Q1/security/ca_root_nss/Makefile (revision 463940) @@ -1,70 +1,70 @@ # $FreeBSD$ PORTNAME= ca_root_nss PORTVERSION= ${VERSION_NSS} CATEGORIES= security MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} MAINTAINER= ports-secteam@FreeBSD.org COMMENT= Root certificate bundle from the Mozilla Project LICENSE= MPL20 OPTIONS_DEFINE= ETCSYMLINK OPTIONS_DEFAULT= ETCSYMLINK OPTIONS_SUB= yes ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem ETCSYMLINK_CONFLICTS_INSTALL= ca-roots-[0-9]* USES= perl5 ssl:build USE_PERL5= build NO_ARCH= yes NO_WRKSUBDIR= yes CERTDIR?= share/certs PLIST_SUB+= CERTDIR=${CERTDIR} # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!! These versions are intended to track security/nss. !!! # !!! Please DO NOT submit patches for new version until it has !!! # !!! been committed there first. !!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -VERSION_NSS= 3.35 +VERSION_NSS= 3.36 #NSS_SUFFIX= -with-ckbi-1.98 CERTDATA_TXT_PATH= nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl SUB_FILES= MAca-bundle.pl pkg-message SUB_LIST= VERSION_NSS=${VERSION_NSS} .include do-extract: @${MKDIR} ${WRKDIR} @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ ${CERTDATA_TXT_PATH} @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR} @${RM} -r ${WRKDIR}/nss-${VERSION_NSS} do-build: apply-slist @${SETENV} PATH=${LOCALBASE}/bin:$${PATH} \ ${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ < ${WRKDIR}/certdata.txt > \ ${WRKDIR}/ca-root-nss.crt do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/${CERTDIR} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/${CERTDIR} .if ${PORT_OPTIONS:METCSYMLINK} ${MKDIR} ${STAGEDIR}/etc/ssl ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem .endif ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample ${MKDIR} ${STAGEDIR}${PREFIX}/openssl ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample .include Index: branches/2018Q1/security/ca_root_nss/distinfo =================================================================== --- branches/2018Q1/security/ca_root_nss/distinfo (revision 463939) +++ branches/2018Q1/security/ca_root_nss/distinfo (revision 463940) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516285199 -SHA256 (nss-3.35.tar.gz) = f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa -SIZE (nss-3.35.tar.gz) = 9620041 +TIMESTAMP = 1520265512 +SHA256 (nss-3.36.tar.gz) = a33cc7b8299b5ce3acf03f617c7896932ae26927ff9fb7c71c1b69a200c30095 +SIZE (nss-3.36.tar.gz) = 23025578 Index: branches/2018Q1/security/nss/Makefile =================================================================== --- branches/2018Q1/security/nss/Makefile (revision 463939) +++ branches/2018Q1/security/nss/Makefile (revision 463940) @@ -1,107 +1,107 @@ # Created by: Maxim Sobolev # $FreeBSD$ PORTNAME= nss -PORTVERSION= 3.35 +PORTVERSION= 3.36 #DISTVERSIONSUFFIX= -with-ckbi-1.98 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src MAINTAINER= gecko@FreeBSD.org COMMENT= Libraries to support development of security-enabled applications LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/COPYING BUILD_DEPENDS= zip:archivers/zip \ nspr>=4.12:devel/nspr \ sqlite3>=3.7.15:databases/sqlite3 LIB_DEPENDS= libnspr4.so:devel/nspr \ libsqlite3.so:databases/sqlite3 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/nss MAKE_JOBS_UNSAFE= yes USE_LDCONFIG= ${PREFIX}/lib/nss USES= cpe gmake perl5 CPE_VENDOR= mozilla CPE_PRODUCT= network_security_services USE_PERL5= build MAKE_ENV= LIBRARY_PATH="${LOCALBASE}/lib" \ SQLITE_INCLUDE_DIR="${LOCALBASE}/include" \ FREEBL_LOWHASH=1 \ NSS_DISABLE_GTESTS=1 \ NSS_USE_SYSTEM_SQLITE=1 CFLAGS+= -I${LOCALBASE}/include/nspr SUB_FILES= nss-config nss.pc SUB_LIST= PORTVERSION=${PORTVERSION} DIST= ${WRKSRC:H}/dist EXTRACT_AFTER_ARGS=--exclude */lib/zlib --exclude */lib/dbm --exclude */lib/sqlite -INSTALL_BINS= certcgi certutil cmsutil crlutil derdump makepqg \ +INSTALL_BINS= certutil cmsutil crlutil derdump makepqg \ mangle modutil ocspclnt oidcalc p7content p7env p7sign \ p7verify pk12util rsaperf shlibsign signtool signver \ ssltap strsclnt symkeyutil vfychain vfyserv OPTIONS_DEFINE= DEBUG .include .if ! ${PORT_OPTIONS:MDEBUG} MAKE_ENV+= BUILD_OPT=1 BINS= ${DIST}/${OPSYS}${OSREL}_OPT.OBJ .else BINS= ${DIST}/${OPSYS}${OSREL}_DBG.OBJ .endif .if ${OPSYS} == FreeBSD && ${ARCH} == i386 && ! ${MACHINE_CPU:Msse2} USES+= compiler:c++14-lang # gcm.h .endif .if ${OPSYS} == FreeBSD && ${ARCH} == amd64 USE_BINUTILS= # intel-gcm.s CC+= -B${LOCALBASE}/bin .endif check regression-test test: cd ${WRKSRC}/tests; \ ${SETENV} PATH="${BINS}/bin:${PATH}" \ LD_LIBRARY_PATH="${BINS}/lib" \ ${MAKE_ENV} \ ./all.sh @if ${GREP} -Fh '>Failed<' \ ${WRKSRC:H}/tests_results/security/*/results.html; then \ echo "Some tests have failed. Let ${MAINTAINER} know."; \ exit 1; \ else \ echo "All tests succeeded. Good news."; \ fi post-patch: @${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \ ${WRKSRC}/lib/sysinit/nsssysinit.c @cd ${WRKSRC} && \ ${FIND} . -name "*.c" -o -name "*.h" | \ ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"||' ${FIND} ${WRKSRC}/tests -name '*.sh' | ${XARGS} ${GREP} -l -F '/bin/bash' | \ ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|' do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss ${STAGEDIR}${PREFIX}/lib/nss ${FIND} ${DIST}/public/nss -type l \ -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \; ${INSTALL_LIB} ${BINS}/lib/*.so \ ${STAGEDIR}${PREFIX}/lib/nss ${INSTALL_DATA} ${BINS}/lib/libcrmf.a \ ${STAGEDIR}${PREFIX}/lib/nss .for bin in ${INSTALL_BINS} ${INSTALL_PROGRAM} ${BINS}/bin/${bin} \ ${STAGEDIR}${PREFIX}/bin .endfor ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/libdata/pkgconfig .include Index: branches/2018Q1/security/nss/distinfo =================================================================== --- branches/2018Q1/security/nss/distinfo (revision 463939) +++ branches/2018Q1/security/nss/distinfo (revision 463940) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516285199 -SHA256 (nss-3.35.tar.gz) = f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa -SIZE (nss-3.35.tar.gz) = 9620041 +TIMESTAMP = 1520265512 +SHA256 (nss-3.36.tar.gz) = a33cc7b8299b5ce3acf03f617c7896932ae26927ff9fb7c71c1b69a200c30095 +SIZE (nss-3.36.tar.gz) = 23025578 Index: branches/2018Q1/security/nss/files/patch-bug1432455 =================================================================== --- branches/2018Q1/security/nss/files/patch-bug1432455 (revision 463939) +++ branches/2018Q1/security/nss/files/patch-bug1432455 (nonexistent) @@ -1,27 +0,0 @@ -commit 1668fafc1db4 -Author: Daiki Ueno -Date: Tue Jan 23 13:29:34 2018 +0100 - - Bug 1432455, Build Hacl_Poly1305_64.o on AArch64 even with make, r=fkiefer ---- - lib/freebl/Makefile | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git lib/freebl/Makefile lib/freebl/Makefile -index 0b3daa2756..6c8e6a2ead 100644 ---- lib/freebl/Makefile -+++ lib/freebl/Makefile -@@ -527,7 +527,12 @@ ifndef NSS_DISABLE_CHACHAPOLY - EXTRA_SRCS += chacha20_vec.c - endif - else -- EXTRA_SRCS += poly1305.c -+ ifeq ($(CPU_ARCH),aarch64) -+ EXTRA_SRCS += Hacl_Poly1305_64.c -+ else -+ EXTRA_SRCS += poly1305.c -+ endif -+ - EXTRA_SRCS += chacha20.c - VERIFIED_SRCS += Hacl_Chacha20.c - endif # x86_64 Property changes on: branches/2018Q1/security/nss/files/patch-bug1432455 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2018Q1/security/nss/files/patch-bug1443400 =================================================================== --- branches/2018Q1/security/nss/files/patch-bug1443400 (nonexistent) +++ branches/2018Q1/security/nss/files/patch-bug1443400 (revision 463940) @@ -0,0 +1,69 @@ +Don't try to use getauxval() if unsupported by platform. + +diff --git lib/freebl/blinit.c lib/freebl/blinit.c +index 4ac1c49adb..830d038374 100644 +--- lib/freebl/blinit.c ++++ lib/freebl/blinit.c +@@ -92,22 +92,33 @@ CheckX86CPUSupport() + #endif /* NSS_X86_OR_X64 */ + + #if (defined(__aarch64__) || defined(__arm__)) && !defined(__ANDROID__) +-#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) ++#ifndef __has_include ++#define __has_include(x) 0 ++#endif ++#if (__has_include() || defined(__linux__)) && defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) + #include + extern unsigned long getauxval(unsigned long type) __attribute__((weak)); + #else + static unsigned long (*getauxval)(unsigned long) = NULL; +-#define AT_HWCAP2 +-#define AT_HWCAP ++#define AT_HWCAP2 0 ++#define AT_HWCAP 0 + #endif /* defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)*/ + #endif /* (defined(__aarch64__) || defined(__arm__)) && !defined(__ANDROID__) */ + + #if defined(__aarch64__) && !defined(__ANDROID__) + // Defines from hwcap.h in Linux kernel - ARM64 ++#ifndef HWCAP_AES + #define HWCAP_AES (1 << 3) ++#endif ++#ifndef HWCAP_PMULL + #define HWCAP_PMULL (1 << 4) ++#endif ++#ifndef HWCAP_SHA1 + #define HWCAP_SHA1 (1 << 5) ++#endif ++#ifndef HWCAP_SHA2 + #define HWCAP_SHA2 (1 << 6) ++#endif + + void + CheckARMSupport() +@@ -131,15 +142,25 @@ CheckARMSupport() + /* + * HWCAP flags - for elf_hwcap (in kernel) and AT_HWCAP + */ ++#ifndef HWCAP_NEON + #define HWCAP_NEON (1 << 12) ++#endif + + /* + * HWCAP2 flags - for elf_hwcap2 (in kernel) and AT_HWCAP2 + */ ++#ifndef HWCAP2_AES + #define HWCAP2_AES (1 << 0) ++#endif ++#ifndef HWCAP2_PMULL + #define HWCAP2_PMULL (1 << 1) ++#endif ++#ifndef HWCAP2_SHA1 + #define HWCAP2_SHA1 (1 << 2) ++#endif ++#ifndef HWCAP2_SHA2 + #define HWCAP2_SHA2 (1 << 3) ++#endif + + void + CheckARMSupport() Property changes on: branches/2018Q1/security/nss/files/patch-bug1443400 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2018Q1/security/nss/pkg-plist =================================================================== --- branches/2018Q1/security/nss/pkg-plist (revision 463939) +++ branches/2018Q1/security/nss/pkg-plist (revision 463940) @@ -1,137 +1,136 @@ -bin/certcgi bin/certutil bin/cmsutil bin/crlutil bin/derdump bin/makepqg bin/mangle bin/modutil bin/nss-config bin/ocspclnt bin/oidcalc bin/p7content bin/p7env bin/p7sign bin/p7verify bin/pk12util bin/rsaperf bin/shlibsign bin/signtool bin/signver bin/ssltap bin/strsclnt bin/symkeyutil bin/vfychain bin/vfyserv include/nss/nss/sslexp.h include/nss/nss/base64.h include/nss/nss/blapit.h include/nss/nss/cert.h include/nss/nss/certdb.h include/nss/nss/certt.h include/nss/nss/ciferfam.h include/nss/nss/cmmf.h include/nss/nss/cmmft.h include/nss/nss/cms.h include/nss/nss/cmsreclist.h include/nss/nss/cmst.h include/nss/nss/crmf.h include/nss/nss/crmft.h include/nss/nss/cryptohi.h include/nss/nss/cryptoht.h include/nss/nss/eccutil.h include/nss/nss/ecl-exp.h include/nss/nss/hasht.h include/nss/nss/jar-ds.h include/nss/nss/jar.h include/nss/nss/jarfile.h include/nss/nss/key.h include/nss/nss/keyhi.h include/nss/nss/keyt.h include/nss/nss/keythi.h include/nss/nss/lowkeyi.h include/nss/nss/lowkeyti.h include/nss/nss/nss.h include/nss/nss/nssb64.h include/nss/nss/nssb64t.h include/nss/nss/nssbase.h include/nss/nss/nssbaset.h include/nss/nss/nssck.api include/nss/nss/nssckbi.h include/nss/nss/nssckepv.h include/nss/nss/nssckft.h include/nss/nss/nssckfw.h include/nss/nss/nssckfwc.h include/nss/nss/nssckfwt.h include/nss/nss/nssckg.h include/nss/nss/nssckmdt.h include/nss/nss/nssckt.h include/nss/nss/nssilckt.h include/nss/nss/nssilock.h include/nss/nss/nsslocks.h include/nss/nss/nsslowhash.h include/nss/nss/nssrwlk.h include/nss/nss/nssrwlkt.h include/nss/nss/nssutil.h include/nss/nss/ocsp.h include/nss/nss/ocspt.h include/nss/nss/p12.h include/nss/nss/p12plcy.h include/nss/nss/p12t.h include/nss/nss/pk11func.h include/nss/nss/pk11pqg.h include/nss/nss/pk11priv.h include/nss/nss/pk11pub.h include/nss/nss/pk11sdr.h include/nss/nss/pkcs11.h include/nss/nss/pkcs1sig.h include/nss/nss/pkcs11f.h include/nss/nss/pkcs11n.h include/nss/nss/pkcs11p.h include/nss/nss/pkcs11t.h include/nss/nss/pkcs11u.h include/nss/nss/pkcs11uri.h include/nss/nss/pkcs12.h include/nss/nss/pkcs12t.h include/nss/nss/pkcs7t.h include/nss/nss/portreg.h include/nss/nss/preenc.h include/nss/nss/secasn1.h include/nss/nss/secasn1t.h include/nss/nss/seccomon.h include/nss/nss/secder.h include/nss/nss/secdert.h include/nss/nss/secdig.h include/nss/nss/secdigt.h include/nss/nss/secerr.h include/nss/nss/sechash.h include/nss/nss/secitem.h include/nss/nss/secmime.h include/nss/nss/secmod.h include/nss/nss/secmodt.h include/nss/nss/secoid.h include/nss/nss/secoidt.h include/nss/nss/secpkcs5.h include/nss/nss/secpkcs7.h include/nss/nss/secport.h include/nss/nss/shsign.h include/nss/nss/smime.h include/nss/nss/ssl.h include/nss/nss/sslerr.h include/nss/nss/sslproto.h include/nss/nss/sslt.h include/nss/nss/utilmodt.h include/nss/nss/utilpars.h include/nss/nss/utilparst.h include/nss/nss/utilrename.h lib/nss/libcrmf.a lib/nss/libfreebl3.so lib/nss/libfreeblpriv3.so lib/nss/libnss3.so lib/nss/libnssckbi.so lib/nss/libnssdbm3.so lib/nss/libnssutil3.so lib/nss/libsmime3.so lib/nss/libsoftokn3.so lib/nss/libssl3.so libdata/pkgconfig/nss.pc Index: branches/2018Q1 =================================================================== --- branches/2018Q1 (revision 463939) +++ branches/2018Q1 (revision 463940) Property changes on: branches/2018Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r463696