diff options
author | Gabor Kelemen <kelemeng@ubuntu.com> | 2022-07-05 20:24:32 +0200 |
---|---|---|
committer | Gabor Kelemen <kelemeng@ubuntu.com> | 2022-07-05 20:24:32 +0200 |
commit | 9bd5082707259109e766e490edf406208c808023 (patch) | |
tree | 0c90b20011f7a69b07088e41d301d536e78f455f | |
parent | c17cd7d1d94fed2679a393fb4d8dab9d77614a7c (diff) |
Revert "nss: upgrade to release 3.38"
This reverts commit 70514a85d79d0a3ae2738aa6b170aeafb5d8a258.
-rw-r--r-- | download.lst | 4 | ||||
-rw-r--r-- | external/nss/nss-no-c99.patch | 44 |
2 files changed, 46 insertions, 2 deletions
diff --git a/download.lst b/download.lst index 03778a89e941..32d64c381c21 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := cd649be8ee61fe15d64d7bef361b37ba -export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz +NSS_MD5SUM := b47a61cb90571c0b88a531037114685a +export NSS_TARBALL := nss-3.31.1-with-nspr-4.15.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/nss-no-c99.patch b/external/nss/nss-no-c99.patch index 8992ecb9aaa9..eb686145e4e9 100644 --- a/external/nss/nss-no-c99.patch +++ b/external/nss/nss-no-c99.patch @@ -1475,6 +1475,31 @@ 64, } }; +--- a/nss/nss/lib/freebl/ecl/curve25519_64.c 2017-04-06 16:14:46.000000000 +0200 ++++ b/nss/nss/lib/freebl/ecl/curve25519_64.c 2018-05-22 19:18:07.482457400 +0200 +@@ -38,17 +38,17 @@ + const int64_t *in = (const int64_t *)iin; + int64_t *out = (int64_t *)ioutput; + ++ // An arithmetic shift right of 63 places turns a positive number to 0 and a ++ // negative number to all 1's. This gives us a bitmask that lets us avoid ++ // side-channel prone branches. ++ int64_t t; ++ + out[0] = in[0] - out[0]; + out[1] = in[1] - out[1]; + out[2] = in[2] - out[2]; + out[3] = in[3] - out[3]; + out[4] = in[4] - out[4]; + +- // An arithmetic shift right of 63 places turns a positive number to 0 and a +- // negative number to all 1's. This gives us a bitmask that lets us avoid +- // side-channel prone branches. +- int64_t t; +- + #define NEGCHAIN(a, b) \ + t = out[a] >> 63; \ + out[a] += twotothe51 & t; \ --- a/nss/nss/lib/softoken/pkcs11c.c 2017-04-06 16:14:46.000000000 +0200 +++ b/nss/nss/lib/softoken/pkcs11c.c 2018-05-22 19:43:15.154079800 +0200 @@ -5105,10 +5105,11 @@ @@ -1492,3 +1517,22 @@ if (!pubValue) { crv = CKR_ARGUMENTS_BAD; goto ecgn_done; +--- a/nss/nss/lib/ssl/ssl3con.c 2017-04-06 16:14:46.000000000 +0200 ++++ b/nss/nss/lib/ssl/ssl3con.c 2018-05-22 20:19:16.542798900 +0200 +@@ -2261,6 +2261,7 @@ + { + const ssl3MACDef *mac_def; + SECStatus rv; ++ PK11Context *mac_context; + + PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen)); + PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength)); +@@ -2271,7 +2272,7 @@ + return SECSuccess; + } + +- PK11Context *mac_context = ++ mac_context = + (useServerMacKey ? spec->server.write_mac_context + : spec->client.write_mac_context); + rv = PK11_DigestBegin(mac_context); |