Update to NSS 3.57

.gitignore

@@ -53,3 +53,4 @@ TestUser51.cert
 /nss-3.54.tar.gz
 /nss-3.55.tar.gz
 /nss-3.56.tar.gz
+/nss-3.57.tar.gz

nss-3.53-strict-proto-fix.patch

@@ -1,12 +0,0 @@
-diff -up ./lib/pk11wrap/pk11pub.h.strict_proto_fix ./lib/pk11wrap/pk11pub.h
---- ./lib/pk11wrap/pk11pub.h.strict_proto_fix	2020-06-04 16:48:54.721954514 -0700
-+++ ./lib/pk11wrap/pk11pub.h	2020-06-04 16:49:17.074066050 -0700
-@@ -948,7 +948,7 @@ PRBool SECMOD_HasRootCerts(void);
-  *  the system state independent of the database state and can be called
-  *  before NSS initializes.
-  */
--int SECMOD_GetSystemFIPSEnabled();
-+int SECMOD_GetSystemFIPSEnabled(void);
- 
- SEC_END_PROTOS
- 

nss-aarch64-gcc.patch

@@ -1,73 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1599294537 -7200
-#      Sat Sep 05 10:28:57 2020 +0200
-# Node ID c2a28193fcf8771dc1f739bf5f41adf3f68b1d7d
-# Parent  e03296e73ba666329bd9c1257038353bc9074466
-Bug 1659256, add gcc version check on AArch64 optimization, r?rrelyea
-
-Reviewers: rrelyea
-
-Bug #: 1659256
-
-Differential Revision: https://phabricator.services.mozilla.com/D87174
-
-diff -r e03296e73ba6 -r c2a28193fcf8 lib/freebl/Makefile
---- a/lib/freebl/Makefile	Sat Sep 05 08:53:40 2020 +0200
-+++ b/lib/freebl/Makefile	Sat Sep 05 10:28:57 2020 +0200
-@@ -119,11 +119,24 @@
-         DEFINES += -DNSS_X86
- endif
- endif
--ifdef NS_USE_GCC
- ifeq ($(CPU_ARCH),aarch64)
--    DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
--    EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
--endif
-+    ifdef CC_IS_CLANG
-+        DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+        EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+    else ifeq (1,$(CC_IS_GCC))
-+        # GCC versions older than 4.9 don't support ARM AES. The check
-+        # is done in two parts, first allows "major.minor" == "4.9",
-+        # and then rejects any major versions prior to 5. Note that
-+        # there has been no GCC 4.10, as it is renamed to GCC 5.
-+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
-+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+        endif
-+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
-+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-+        endif
-+    endif
- endif
- ifeq ($(CPU_ARCH),arm)
- ifndef NSS_DISABLE_ARM32_NEON
-@@ -133,7 +146,10 @@
-         DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-         EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
-     else ifeq (1,$(CC_IS_GCC))
--        # Old compiler doesn't support ARM AES.
-+        # GCC versions older than 4.9 don't support ARM AES. The check
-+        # is done in two parts, first allows "major.minor" == "4.9",
-+        # and then rejects any major versions prior to 5. Note that
-+        # there has been no GCC 4.10, as it is renamed to GCC 5.
-         ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
-             DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-             EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
-@@ -728,14 +744,12 @@
- endif
- endif
- 
--ifdef NS_USE_GCC
- ifeq ($(CPU_ARCH),aarch64)
- $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
- endif
--endif
- 
- ifeq ($(CPU_ARCH),ppc)
- ifndef NSS_DISABLE_ALTIVEC

nss.spec

@@ -1,5 +1,5 @@
-%global nspr_version 4.28.0
-%global nss_version 3.56.0
+%global nspr_version 4.29.0
+%global nss_version 3.57.0
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 %global dracutlibdir %{_prefix}/lib/dracut
@@ -111,10 +111,6 @@ Patch4:           iquote.patch
 Patch11:          nss-disable-legacydb.patch
 %endif
 Patch12:          nss-signtool-format.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1659256
-# Also fixes the regression in bug 1652032:
-# https://phabricator.services.mozilla.com/D87174#2817994
-Patch13:          nss-aarch64-gcc.patch
 %if 0%{?fedora} < 34
 %if 0%{?rhel} < 9
 Patch20:          nss-gcm-param-default-pkcs11v2.patch
@@ -909,6 +905,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Sat Sep 19 2020 Daiki Ueno <dueno@redhat.com> - 3.57.0-1
+- Update to NSS 3.57
+
 * Mon Aug 24 2020 Daiki Ueno <dueno@redhat.com> - 3.56.0-1
 - Update to NSS 3.56
 

sources

@@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nss-3.56.tar.gz) = f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
+SHA512 (nss-3.57.tar.gz) = 7e312d7539a26f57b968548935a7715cfa895aa61da21d0542ae45b71cb16f63167728534cdfd15f8eca68c75753a0df3d05e87b4c5acaabbda63c736e552ea2