Merge remote-tracking branch 'up/f38' into f38-riscv64

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

.gitignore

@@ -79,3 +79,5 @@ TestUser51.cert
 /nss-3.87.tar.gz
 /nss-3.88.1.tar.gz
 /nss-3.89.tar.gz
+/nss-3.89-with-nspr-4.35.tar.gz
+/nss-3.90-with-nspr-4.35.tar.gz

nss-3.90-DisablingASM.patch

@@ -0,0 +1,57 @@
+diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
+index 74e8e65..8995752 100644
+--- a/lib/freebl/Makefile
++++ b/lib/freebl/Makefile
+@@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc)
+             HAVE_INT128_SUPPORT = 1
+             DEFINES += -DHAVE_INT128_SUPPORT
+     else ifeq (1,$(CC_IS_GCC))
+-        SUPPORTS_VALE_CURVE25519 = 1
+         ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+             HAVE_INT128_SUPPORT = 1
+             DEFINES += -DHAVE_INT128_SUPPORT
+diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp
+index 65f9a80..23940ef 100644
+--- a/lib/freebl/freebl.gyp
++++ b/lib/freebl/freebl.gyp
+@@ -866,12 +866,6 @@
+           }],
+         ],
+       }],
+-      [ 'supports_vale_curve25519==1', {
+-        'defines': [
+-          # The Makefile does version-tests on GCC, but we're not doing that here.
+-          'HACL_CAN_COMPILE_INLINE_ASM',
+-        ],
+-      }],
+       [ 'OS=="linux" or OS=="android"', {
+         'conditions': [
+           [ 'target_arch=="x64"', {
+@@ -934,11 +928,6 @@
+   'variables': {
+     'module': 'nss',
+     'conditions': [
+-      [ 'target_arch=="x64" and cc_is_gcc==1', {
+-        'supports_vale_curve25519%': 1,
+-      }, {
+-        'supports_vale_curve25519%': 0,
+-      }],
+       [ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
+         'have_int128_support%': 1,
+       }, {
+diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi
+index d198c44..34b6b3c 100644
+--- a/lib/freebl/freebl_base.gypi
++++ b/lib/freebl/freebl_base.gypi
+@@ -151,11 +151,6 @@
+         'ecl/curve25519_32.c',
+       ],
+     }],
+-    ['supports_vale_curve25519==1', {
+-      'sources': [
+-        'verified/Hacl_Curve25519_64.c',
+-      ],
+-    }],
+     ['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', {
+       'sources': [
+         # Gyp does not support per-file cflags, so working around like this.

nss-signtool-format.patch

@@ -10,7 +10,7 @@ diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
  
          /* Recursively delete all entries in the directory */
          while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
--            sprintf(filename, "%s/%s", path, entry->name);
+-            snprintf(filename, sizeof(filename), "%s/%s", path, entry->name);
 +            if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
 +                PR_CloseDir(dir);
 +                return -1;
@@ -29,7 +29,7 @@ diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
 @@ -138,6 +138,12 @@ rm_dash_r(char *path)
          /* Recursively delete all entries in the directory */
          while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
-             sprintf(filename, "%s/%s", path, entry->name);
+             snprintf(filename, sizeof(filename), "%s/%s", path, entry->name);
 +            if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name
 +) >= sizeof(filename)) {
 +                errorCount++;

nss.spec

@@ -1,5 +1,5 @@
 %global nspr_version 4.35.0
-%global nss_version 3.89.0
+%global nss_version 3.90.0
 # NOTE: To avoid NVR clashes of nspr* packages:
 # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
 # - increment %%{nspr_version}, when updating the NSS part only
@@ -7,7 +7,7 @@
 %global nss_release %baserelease
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
 # release number between nss and nspr are different.
-%global nspr_release %[%baserelease+4]
+%global nspr_release %[%baserelease+6]
 # only need to update this as we added new
 # algorithms under nss policy control
 %global crypto_policies_version 20210118
@@ -61,6 +61,8 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
            string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
 }
 
+%global nss_nspr_archive nss-%{nss_archive_version}-with-nspr-%{nspr_archive_version}
+
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
@@ -86,7 +88,7 @@ BuildRequires:    psmisc
 BuildRequires:    perl-interpreter
 BuildRequires:    gcc-c++
 
-Source0:          https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
+Source0:          https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{nss_nspr_archive}.tar.gz
 Source1:          nss-util.pc.in
 Source2:          nss-util-config.in
 Source3:          nss-softokn.pc.in
@@ -116,7 +118,6 @@ Source27:         secmod.db.xml
 %endif
 Source28:         nss-p11-kit.config
 
-Source100:        nspr-%{nspr_archive_version}.tar.gz
 Source101:        nspr-config.xml
 
 # This patch uses the GCC -iquote option documented at
@@ -138,6 +139,10 @@ Patch40:          nss-no-dbm-man-page.patch
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1774659
 Patch51:	nss-3.79-dbtool.patch
 
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1836781
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
+Patch60:          nss-3.90-DisablingASM.patch
+
 Patch100:         nspr-config-pc.patch
 Patch101:         nspr-gcc-atomics.patch
 
@@ -151,7 +156,7 @@ v3 certificates, and other security standards.
 
 %package tools
 Summary:          Tools for the Network Security Services
-Requires:         %{name}%{?_isa} = %{version}-%{release}
+Requires:         %{name}%{?_isa} = %{nss_version}-%{release}
 
 %description tools
 Network Security Services (NSS) is a set of libraries designed to
@@ -168,7 +173,7 @@ Summary:          System NSS Initialization
 # providing nss-system-init without version so that it can
 # be replaced by a better one, e.g. supplied by the os vendor
 Provides:         nss-system-init
-Requires:         nss%{?_isa} = %{version}-%{release}
+Requires:         nss%{?_isa} = %{nss_version}-%{release}
 Requires(post):   coreutils, sed
 
 %description sysinit
@@ -179,8 +184,8 @@ any system or user configured modules.
 
 %package devel
 Summary:          Development libraries for Network Security Services
-Provides:         nss-static = %{version}-%{release}
-Requires:         nss%{?_isa} = %{version}-%{release}
+Provides:         nss-static = %{nss_version}-%{release}
+Requires:         nss%{?_isa} = %{nss_version}-%{release}
 Requires:         nss-util-devel
 Requires:         nss-softokn-devel
 Requires:         nspr-devel >= %{nspr_version}
@@ -193,9 +198,9 @@ Header and Library files for doing development with Network Security Services.
 
 %package pkcs11-devel
 Summary:          Development libraries for PKCS #11 (Cryptoki) using NSS
-Provides:         nss-pkcs11-devel-static = %{version}-%{release}
-Requires:         nss-devel = %{version}-%{release}
-Requires:         nss-softokn-freebl-devel = %{version}-%{release}
+Provides:         nss-pkcs11-devel-static = %{nss_version}-%{release}
+Requires:         nss-devel = %{nss_version}-%{release}
+Requires:         nss-softokn-freebl-devel = %{nss_version}-%{release}
 
 %description pkcs11-devel
 Library files for developing PKCS #11 modules using basic NSS
@@ -211,7 +216,7 @@ Utilities for Network Security Services and the Softoken module
 
 %package util-devel
 Summary:          Development libraries for Network Security Services Utilities
-Requires:         nss-util%{?_isa} = %{version}-%{release}
+Requires:         nss-util%{?_isa} = %{nss_version}-%{release}
 Requires:         nspr-devel >= %{nspr_version}
 Requires:         pkgconfig
 
@@ -222,8 +227,8 @@ Header and library files for doing development with Network Security Services.
 %package softokn
 Summary:          Network Security Services Softoken Module
 Requires:         nspr >= %{nspr_version}
-Requires:         nss-util >= %{version}-%{release}
-Requires:         nss-softokn-freebl%{_isa} >= %{version}-%{release}
+Requires:         nss-util >= %{nss_version}-%{release}
+Requires:         nss-softokn-freebl%{_isa} >= %{nss_version}-%{release}
 
 %description softokn
 Network Security Services Softoken Cryptographic Module
@@ -244,8 +249,8 @@ Install the nss-softokn-freebl package if you need the freebl library.
 
 %package softokn-freebl-devel
 Summary:          Header and Library files for doing development with the Freebl library for NSS
-Provides:         nss-softokn-freebl-static = %{version}-%{release}
-Requires:         nss-softokn-freebl%{?_isa} = %{version}-%{release}
+Provides:         nss-softokn-freebl-static = %{nss_version}-%{release}
+Requires:         nss-softokn-freebl%{?_isa} = %{nss_version}-%{release}
 
 %description softokn-freebl-devel
 NSS Softoken Cryptographic Module Freebl Library Development Tools
@@ -256,10 +261,10 @@ Developers should rely only on the officially supported NSS public API.
 
 %package softokn-devel
 Summary:          Development libraries for Network Security Services
-Requires:         nss-softokn%{?_isa} = %{version}-%{release}
-Requires:         nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
+Requires:         nss-softokn%{?_isa} = %{nss_version}-%{release}
+Requires:         nss-softokn-freebl-devel%{?_isa} = %{nss_version}-%{release}
 Requires:         nspr-devel >= %{nspr_version}
-Requires:         nss-util-devel >= %{version}-%{release}
+Requires:         nss-util-devel >= %{nss_version}-%{release}
 Requires:         pkgconfig
 
 %description softokn-devel
@@ -292,17 +297,13 @@ Conflicts:      filesystem < 3
 %description -n nspr-devel
 Header files for doing development with the Netscape Portable Runtime.
 
-
 %prep
-%setup -q -T -b 100 -n nspr-%{nspr_archive_version}
-
 %setup -q -T -b 0 -n %{name}-%{nss_archive_version}
-mv ../nspr-%{nspr_archive_version}/nspr .
 cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
 
-%patch100 -p0 -b .flags
+%patch 100 -p0 -b .flags
 pushd nspr
-%patch101 -p1 -b .gcc-atomics
+%patch 101 -p1 -b .gcc-atomics
 popd
 
 pushd nss
@@ -1095,9 +1096,25 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
-* Mon Apr 24 2023 David Abdurachmanov <davidlt@rivosinc.com> - 3.89.0-1.0.riscv64
+* Sun Jun 25 2023 David Abdurachmanov <davidlt@rivosinc.com> - 3.90.0-1.0.riscv64
 - Disable tests on riscv64
 
+* Tue Jun 6 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
+- Add patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 &
+                https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
+
+* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
+- Update %patch syntax
+
+* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.90.0-1
+- Update NSS to 3.90.0
+
+* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
+- combine nss and nspr source togeather
+
+* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
+- replace %{version} with %{nss_version} as it version can be overiden.
+
 * Fri Mar 10 2023 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.89.0-1
 - Update NSS to 3.89.0
 

sources

@@ -1,4 +1,3 @@
 SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
-SHA512 (nspr-4.35.tar.gz) = 502815833116e25f79ddf71d1526484908aa92fbc55f8a892729cb404a4daafcc0470a89854cd080d2d20299fdb7d9662507c5362c7ae661cbacf308ac56ef7f
-SHA512 (nss-3.89.tar.gz) = 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
+SHA512 (nss-3.90-with-nspr-4.35.tar.gz) = cbc75af3d3e1bf084011d435f0957d134cb3d3d66dcee45f9712ed22b470035ba1e808fc6457e8dc0d8d8e168d77d1117a4373d42905130f76ea58217ff88e30