From 74cabf7948b2597f5b6a67d6910c844fd1a88ff6 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 15 Dec 2018 01:42:53 +0100 Subject: Update NSS to 3.41 --- security/nss/coreconf/config.gypi | 9 ++++ security/nss/coreconf/config.mk | 4 ++ security/nss/coreconf/coreconf.dep | 1 - security/nss/coreconf/fuzz.sh | 7 ++- security/nss/coreconf/msvc.sh | 106 +++++++++++++++++++++++++++++++++++++ security/nss/coreconf/nspr.sh | 3 ++ 6 files changed, 125 insertions(+), 5 deletions(-) create mode 100644 security/nss/coreconf/msvc.sh (limited to 'security/nss/coreconf') diff --git a/security/nss/coreconf/config.gypi b/security/nss/coreconf/config.gypi index 58137872c..ba1b0c8c5 100644 --- a/security/nss/coreconf/config.gypi +++ b/security/nss/coreconf/config.gypi @@ -108,8 +108,12 @@ 'emit_llvm%': 0, 'nss_public_dist_dir%': '<(nss_dist_dir)/public', 'nss_private_dist_dir%': '<(nss_dist_dir)/private', + # This is only needed when building with --mozpkix-only and might not work + # on all machines. + 'nss_include_dir%': '/usr/include/nss', 'only_dev_random%': 1, 'disable_fips%': 1, + 'mozpkix_only%': 0, }, 'target_defaults': { # Settings specific to targets should go here. @@ -126,6 +130,11 @@ '<(nss_dist_dir)/private/<(module)', ], 'conditions': [ + [ 'mozpkix_only==1 and OS=="linux"', { + 'include_dirs': [ + '<(nss_include_dir)', + ], + }], [ 'disable_fips==1', { 'defines': [ 'NSS_FIPS_DISABLED', diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index b62f6cef4..60a08411e 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -185,6 +185,10 @@ ifdef NSS_SEED_ONLY_DEV_URANDOM DEFINES += -DSEED_ONLY_DEV_URANDOM endif +ifdef NSS_PKCS1_AllowMissingParameters +DEFINES += -DNSS_PKCS1_AllowMissingParameters +endif + # Avoid building object leak test code for optimized library ifndef BUILD_OPT ifdef PKIX_OBJECT_LEAK_TEST diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfae..5182f7555 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/coreconf/fuzz.sh b/security/nss/coreconf/fuzz.sh index 67cb7f594..c7b8844b6 100644 --- a/security/nss/coreconf/fuzz.sh +++ b/security/nss/coreconf/fuzz.sh @@ -5,8 +5,7 @@ set +e # Default to clang if CC is not set. if [ -z "$CC" ]; then - command -v clang &> /dev/null 2>&1 - if [ $? != 0 ]; then + if ! command -v clang &> /dev/null 2>&1; then echo "Fuzzing requires clang!" exit 1 fi @@ -24,8 +23,8 @@ if [ "$fuzz_oss" = 1 ]; then gyp_params+=(-Dno_zdefs=1 -Dfuzz_oss=1) else enable_sanitizer asan - # Ubsan doesn't build on 32-bit at the moment. Disable it. - if [ "$build_64" = 1 ]; then + # Ubsan only builds on x64 for the moment. + if [ "$target_arch" = "x64" ]; then enable_ubsan fi enable_sancov diff --git a/security/nss/coreconf/msvc.sh b/security/nss/coreconf/msvc.sh new file mode 100644 index 000000000..a592279c9 --- /dev/null +++ b/security/nss/coreconf/msvc.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# This configures the environment for running MSVC. It uses vswhere, the +# registry, and a little knowledge of how MSVC is laid out. + +if ! hash vswhere 2>/dev/null; then + echo "Can't find vswhere on the path, aborting" 1>&2 + exit 1 +fi + +if ! hash reg 2>/dev/null; then + echo "Can't find reg on the path, aborting" 1>&2 + exit 1 +fi + +# Turn a unix-y path into a windows one. +fixpath() { + if hash cygpath 2>/dev/null; then + cygpath --unix "$1" + else # haxx + echo "$1" | sed -e 's,\\,/,g;s,^\(.\):,/\L\1,;s,/$,,' + fi +} + +# Query the registry. This takes $1 and tags that on the end of several +# different paths, looking for a value called $2 at that location. +# e.g., +# regquery Microsoft\Microsoft SDKs\Windows\v10.0 ProductVersion +# looks for a REG_SZ value called ProductVersion at +# HKLM\SOFTWARE\Wow6432Node\Microsoft\Microsoft SDKs\Windows\v10.0 +# HKLU\SOFTWARE\Wow6432Node\Microsoft\Microsoft SDKs\Windows\v10.0 +# etc... +regquery() { + search=("HKLM\\SOFTWARE\\Wow6432Node" \ + "HKCU\\SOFTWARE\\Wow6432Node" \ + "HKLM\\SOFTWARE" \ + "HKCU\\SOFTWARE") + for i in "${search[@]}"; do + r=$(reg query "${i}\\${1}" -v "$2" | sed -e 's/ *'"$2"' *REG_SZ *//;t;d') + if [ -n "$r" ]; then + echo "$r" + return 0 + fi + done + return 1 +} + +VSCOMPONENT=Microsoft.VisualStudio.Component.VC.Tools.x86.x64 +vsinstall=$(vswhere -latest -requires "$VSCOMPONENT" -property installationPath) + +# Attempt to setup paths if vswhere returns something and VSPATH isn't set. +# Otherwise, assume that the env is setup. +if [[ -n "$vsinstall" && -z "$VSPATH" ]]; then + + case "$target_arch" in + ia32) m=x86 ;; + x64) m="$target_arch" ;; + *) + echo "No support for target '$target_arch' with MSVC." 1>&2 + exit 1 + esac + + export VSPATH=$(fixpath "$vsinstall") + export WINDOWSSDKDIR="${VSPATH}/SDK" + export VCINSTALLDIR="${VSPATH}/VC" + + CRTREG="Microsoft\\Microsoft SDKs\\Windows\\v10.0" + UniversalCRTSdkDir=$(regquery "$CRTREG" InstallationFolder) + UniversalCRTSdkDir=$(fixpath "$UniversalCRTSdkDir") + UCRTVersion=$(regquery "$CRTREG" ProductVersion) + UCRTVersion=$(cd "${UniversalCRTSdkDir}/include"; ls -d "${UCRTVersion}"* | tail -1) + + VCVER=$(cat "${VCINSTALLDIR}/Auxiliary/Build/Microsoft.VCToolsVersion.default.txt") + REDISTVER=$(cat "${VCINSTALLDIR}/Auxiliary/Build/Microsoft.VCRedistVersion.default.txt") + export WIN32_REDIST_DIR="${VCINSTALLDIR}/Redist/MSVC/${REDISTVER}/${m}/Microsoft.VC141.CRT" + export WIN_UCRT_REDIST_DIR="${UniversalCRTSdkDir}/Redist/ucrt/DLLs/${m}" + + if [ "$m" == "x86" ]; then + PATH="${PATH}:${VCINSTALLDIR}/Tools/MSVC/${VCVER}/bin/Hostx64/x64" + PATH="${PATH}:${VCINSTALLDIR}/Tools/MSVC/${VCVER}/bin/Hostx64/x86" + fi + PATH="${PATH}:${VCINSTALLDIR}/Tools/MSVC/${VCVER}/bin/Host${m}/${m}" + PATH="${PATH}:${UniversalCRTSdkDir}/bin/${UCRTVersion}/${m}" + PATH="${PATH}:${WIN32_REDIST_DIR}" + export PATH + + INCLUDE="${VCINSTALLDIR}/Tools/MSVC/${VCVER}/ATLMFC/include" + INCLUDE="${INCLUDE}:${VCINSTALLDIR}/Tools/MSVC/${VCVER}/include" + INCLUDE="${INCLUDE}:${UniversalCRTSdkDir}/include/${UCRTVersion}/ucrt" + INCLUDE="${INCLUDE}:${UniversalCRTSdkDir}/include/${UCRTVersion}/shared" + INCLUDE="${INCLUDE}:${UniversalCRTSdkDir}/include/${UCRTVersion}/um" + INCLUDE="${INCLUDE}:${UniversalCRTSdkDir}/include/${UCRTVersion}/winrt" + INCLUDE="${INCLUDE}:${UniversalCRTSdkDir}/include/${UCRTVersion}/cppwinrt" + export INCLUDE + + LIB="${VCINSTALLDIR}/lib/${m}" + LIB="${VCINSTALLDIR}/Tools/MSVC/${VCVER}/lib/${m}" + LIB="${LIB}:${UniversalCRTSdkDir}/lib/${UCRTVersion}/ucrt/${m}" + LIB="${LIB}:${UniversalCRTSdkDir}/lib/${UCRTVersion}/um/${m}" + export LIB + + export GYP_MSVS_OVERRIDE_PATH="${VSPATH}" + export GYP_MSVS_VERSION=$(vswhere -latest -requires "$VSCOMPONENT" -property catalog_productLineVersion) +else + echo Assuming env setup is already done. + echo VSPATH=$VSPATH +fi diff --git a/security/nss/coreconf/nspr.sh b/security/nss/coreconf/nspr.sh index d11cd48ed..325a188c3 100644 --- a/security/nss/coreconf/nspr.sh +++ b/security/nss/coreconf/nspr.sh @@ -32,6 +32,9 @@ nspr_build() if [ "$opt_build" = 1 ]; then extra_params+=(--disable-debug --enable-optimize) fi + if [ "$target_arch" = "x64" ]; then + extra_params+=(--enable-64bit) + fi echo "NSPR [1/3] configure ..." pushd "$nspr_dir" >/dev/null -- cgit v1.2.3