From 82b166320262b105136eef99da7552474d5a046f Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.net>
Date: Sat, 18 Nov 2017 19:26:57 +0100
Subject: [PATCH 85/90] crypt: Use NSPR header files in addition to NSS header
 files [BZ #17956]

When configuring and building GNU libc using the Mozilla NSS library
for cryptography (--enable-nss-crypt option), also include the
NSPR header files along with the Mozilla NSS library header files.

Finally, when running the check-local-headers test, ignore the
Mozilla NSPR library header files (used by the Mozilla NSS library).

(cherry picked from commit 57b4af1955e28c1623c98397b8597847d16bdd8c)

diff --git a/ChangeLog b/ChangeLog
index d67ad031bc..0693e834dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-10-04  Guido Trentalancia  <guido@trentalancia.net>
+
+	[BZ #17956]
+	* configure.ac (--enable-nss-crypt): Use NSPR include directory.
+	* configure: Regenerate.
+	* crypt/Makefile (nss-cpp-flags): New variable.
+	(CPPFLAGS-sha256-crypt.c, CPPFLAGS-sha512-crypt.c)
+	(CPPFLAGS-md5-crypt.c): Use it.
+	* scripts/check-local-headers.sh: Ignore nspr header file
+	directory.
+
 2017-10-18  Wilco Dijkstra  <wdijkstr@arm.com>
 
 	* malloc/malloc.c (malloc_state): Use int for have_fastchunks since
diff --git a/NEWS b/NEWS
index ea1c1f1c04..e7b62a8d46 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,7 @@ Security related changes:
 The following bugs are resolved with this release:
 
   [16750] ldd: Never run file directly.
+  [17956] crypt: Use NSPR header files in addition to NSS header files
   [21242] assert: Suppress pedantic warning caused by statement expression
   [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
   [21780] posix: Set p{read,write}v2 to return ENOTSUP
diff --git a/configure b/configure
index d8e1c50e11..47d8c75248 100755
--- a/configure
+++ b/configure
@@ -3547,8 +3547,12 @@ if test x$nss_crypt = xyes; then
   if test $? -ne 0; then
     as_fn_error $? "cannot find include directory with nss-config" "$LINENO" 5
   fi
+  nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
+  if test $? -ne 0; then
+    as_fn_error $? "cannot find include directory with nspr-config" "$LINENO" 5
+  fi
   old_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS $nss_includes"
+  CFLAGS="$CFLAGS $nss_includes $nspr_includes"
 
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
diff --git a/configure.ac b/configure.ac
index 77456aa8d9..e8a1ab3562 100644
--- a/configure.ac
+++ b/configure.ac
@@ -330,8 +330,12 @@ if test x$nss_crypt = xyes; then
   if test $? -ne 0; then
     AC_MSG_ERROR([cannot find include directory with nss-config])
   fi
+  nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
+  if test $? -ne 0; then
+    AC_MSG_ERROR([cannot find include directory with nspr-config])
+  fi
   old_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS $nss_includes"
+  CFLAGS="$CFLAGS $nss_includes $nspr_includes"
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([typedef int PRBool;
 #include <hasht.h>
 #include <nsslowhash.h>
diff --git a/crypt/Makefile b/crypt/Makefile
index 0280fba8a7..8bbbf2a121 100644
--- a/crypt/Makefile
+++ b/crypt/Makefile
@@ -37,9 +37,11 @@ routines += $(libcrypt-routines)
 endif
 
 ifeq ($(nss-crypt),yes)
-CPPFLAGS-sha256-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
-CPPFLAGS-sha512-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
-CPPFLAGS-md5-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
+nss-cpp-flags := -DUSE_NSS \
+  -I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
+CPPFLAGS-sha256-crypt.c = $(nss-cpp-flags)
+CPPFLAGS-sha512-crypt.c = $(nss-cpp-flags)
+CPPFLAGS-md5-crypt.c = $(nss-cpp-flags)
 LDLIBS-crypt.so = -lfreebl3
 else
 libcrypt-routines += md5 sha256 sha512
diff --git a/scripts/check-local-headers.sh b/scripts/check-local-headers.sh
index 7859f613b2..4692361686 100755
--- a/scripts/check-local-headers.sh
+++ b/scripts/check-local-headers.sh
@@ -33,7 +33,7 @@ exec ${AWK} -v includedir="$includedir" '
 BEGIN {
   status = 0
   exclude = "^" includedir \
-    "/(.*-.*-.*/|.*-.*/|)(asm[-/]|arch|linux/|selinux/|mach/|mach_debug/|device/|hurd/(((hurd|ioctl)_types|paths)\\.h|ioctls\\.defs|ihash\\.h)|cthreads\\.h|gd|nss3/|c\\+\\+/|sys/(capability|sdt(|-config))\\.h|libaudit\\.h)"
+    "/(.*-.*-.*/|.*-.*/|)(asm[-/]|arch|linux/|selinux/|mach/|mach_debug/|device/|hurd/(((hurd|ioctl)_types|paths)\\.h|ioctls\\.defs|ihash\\.h)|cthreads\\.h|gd|nss3/|nspr/|c\\+\\+/|sys/(capability|sdt(|-config))\\.h|libaudit\\.h)"
 }
 /^[^ ]/ && $1 ~ /.*:/ { obj = $1 }
 {