commit 2e5b94de00fa9735d6fe8d4892c8bee113f7a726 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nss_latest: remove curve25519 support

Was enabled unconditionally, but causes SIGILL on machines that do not
support the Intel ADX instruction extensions.

Martin Weinelt 2 years ago 2e5b94de 871fd1b2

+73

2 changed files

expand all

unified split

pkgs

development

libraries

nss

generic.nix

remove-c25519-support.patch

pkgs/development/libraries/nss/generic.nix

··· 52 52 # https://bugzilla.mozilla.org/show_bug.cgi?id=1771273 53 53 # https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a 54 54 ./gcc-13-esr.patch 55 + ] ++ lib.optionals (lib.versionAtLeast version "3.90") [ 56 + # https://bugzilla.mozilla.org/show_bug.cgi?id=1836925 57 + # https://phabricator.services.mozilla.com/D180068 58 + ./remove-c25519-support.patch 55 59 ]; 56 60 57 61 patchFlags = [ "-p0" ];

+69

pkgs/development/libraries/nss/remove-c25519-support.patch

··· 1 + diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile 2 + index 74e8e65..aa9dd95 100644 3 + --- nss/lib/freebl/Makefile 4 + +++ nss/lib/freebl/Makefile 5 + @@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc) 6 + HAVE_INT128_SUPPORT = 1 7 + DEFINES += -DHAVE_INT128_SUPPORT 8 + else ifeq (1,$(CC_IS_GCC)) 9 + - SUPPORTS_VALE_CURVE25519 = 1 10 + ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) 11 + HAVE_INT128_SUPPORT = 1 12 + DEFINES += -DHAVE_INT128_SUPPORT 13 + @@ -593,11 +592,6 @@ ifndef HAVE_INT128_SUPPORT 14 + DEFINES += -DKRML_VERIFIED_UINT128 15 + endif 16 + 17 + -ifdef SUPPORTS_VALE_CURVE25519 18 + - VERIFIED_SRCS += Hacl_Curve25519_64.c 19 + - DEFINES += -DHACL_CAN_COMPILE_INLINE_ASM 20 + -endif 21 + - 22 + ifndef NSS_DISABLE_CHACHAPOLY 23 + ifeq ($(CPU_ARCH),x86_64) 24 + ifndef NSS_DISABLE_AVX2 25 + diff --git a/nss/lib/freebl/freebl.gyp b/nss/lib/freebl/freebl.gyp 26 + index 65f9a80..23940ef 100644 27 + --- nss/lib/freebl/freebl.gyp 28 + +++ nss/lib/freebl/freebl.gyp 29 + @@ -866,12 +866,6 @@ 30 + }], 31 + ], 32 + }], 33 + - [ 'supports_vale_curve25519==1', { 34 + - 'defines': [ 35 + - # The Makefile does version-tests on GCC, but we're not doing that here. 36 + - 'HACL_CAN_COMPILE_INLINE_ASM', 37 + - ], 38 + - }], 39 + [ 'OS=="linux" or OS=="android"', { 40 + 'conditions': [ 41 + [ 'target_arch=="x64"', { 42 + @@ -934,11 +928,6 @@ 43 + 'variables': { 44 + 'module': 'nss', 45 + 'conditions': [ 46 + - [ 'target_arch=="x64" and cc_is_gcc==1', { 47 + - 'supports_vale_curve25519%': 1, 48 + - }, { 49 + - 'supports_vale_curve25519%': 0, 50 + - }], 51 + [ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', { 52 + 'have_int128_support%': 1, 53 + }, { 54 + diff --git a/nss/lib/freebl/freebl_base.gypi b/nss/lib/freebl/freebl_base.gypi 55 + index d198c44..34b6b3c 100644 56 + --- nss/lib/freebl/freebl_base.gypi 57 + +++ nss/lib/freebl/freebl_base.gypi 58 + @@ -151,11 +151,6 @@ 59 + 'ecl/curve25519_32.c', 60 + ], 61 + }], 62 + - ['supports_vale_curve25519==1', { 63 + - 'sources': [ 64 + - 'verified/Hacl_Curve25519_64.c', 65 + - ], 66 + - }], 67 + ['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', { 68 + 'sources': [ 69 + # Gyp does not support per-file cflags, so working around like this.