nss: Upgrade 3.74 -> 3.98

* Remove one backported patch and rebase two patches to the new version.

* License update:
  Copyright year updated to 2023

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch

@@ -1,64 +0,0 @@
-From 1109c1b8259ad840ac1688d533f76ca268c67b6b Mon Sep 17 00:00:00 2001
-From: "John M. Schanck" <jschanck@mozilla.com>
-Date: Sat, 5 Feb 2022 11:12:43 +0000
-Subject: [PATCH] Bug 1750624 - Pin validation date for PayPalEE test cert.
- r=nss-reviewers,bbeurdouche,rrelyea
-
-Differential Revision: https://phabricator.services.mozilla.com/D136289
-
---HG--
-extra : moz-landing-system : lando
-
-Upstream-Status: Backport
-
----
- tests/chains/chains.sh               | 6 +++++-
- tests/chains/scenarios/realcerts.cfg | 1 +
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
-index 32c7ef54c..e13ae52f9 100755
---- a/nss/tests/chains/chains.sh
-+++ b/nss/tests/chains/chains.sh
-@@ -917,7 +917,7 @@ verify_cert()
-     done
- 
-     VFY_OPTS_TNAME="${DB_OPT} ${ENGINE} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${TRUST_OPT}"
--    VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
-+    VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${VFY_TIME_OPT} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
- 
-     TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${VFY_OPTS_TNAME}"
-     echo "${SCRIPTNAME}: ${TESTNAME}"
-@@ -1118,6 +1118,7 @@ parse_config()
-             ;;
-         "verify")
-             VERIFY="${VALUE}"
-+            VFY_TIME_OPT=
-             TRUST=
-             TRUST_AND_DB=
-             POLICY=
-@@ -1126,6 +1127,9 @@ parse_config()
-             REV_OPTS=
-             USAGE_OPT=
-             ;;
-+        "at_time")
-+            VFY_TIME_OPT="-b ${VALUE}"
-+            ;;
-         "cert")
-             VERIFY="${VERIFY} ${VALUE}"
-             ;;
-diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
-index 305443fc3..f8b0fc452 100644
---- a/nss/tests/chains/scenarios/realcerts.cfg
-+++ b/nss/tests/chains/scenarios/realcerts.cfg
-@@ -22,6 +22,7 @@ verify TestUser51:x
- 
- verify PayPalEE:x
-   policy OID.2.16.840.1.114412.2.1 
-+  at_time 2201010000Z
-   result pass
- 
- verify BrAirWaysBadSig:x
--- 
-2.25.1
-

meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch

@@ -1,4 +1,4 @@
-From 9937e89c22eb2f2db9a936e7bc4442857b4192f5 Mon Sep 17 00:00:00 2001
+From 7c8f367faf8848a43a414079189e10270d6c0fcc Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 18 Dec 2019 12:29:50 +0100
 Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  2 files changed, 5 insertions(+)
 
 diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
-index b38889f..4616aac 100644
+index 7ee8736..f9b4925 100644
 --- a/nss/lib/freebl/Makefile
 +++ b/nss/lib/freebl/Makefile
-@@ -139,6 +139,8 @@ endif
+@@ -142,6 +142,8 @@ endif
          endif
      endif
  endif
@@ -27,16 +27,16 @@ index b38889f..4616aac 100644
  ifeq ($(CPU_ARCH),aarch64)
      ifdef CC_IS_CLANG
          DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-@@ -180,6 +182,7 @@ endif
+@@ -183,6 +185,7 @@ endif
          endif
      endif
  endif
 +endif
  
- ifeq ($(OS_TARGET),OSF1)
-     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
+ ifeq (OS2,$(OS_TARGET))
+     ASFILES  = mpi_x86_os2.s
 diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c
-index ac461b4..04cb180 100644
+index 2dae724..9ee7fc8 100644
 --- a/nss/lib/freebl/gcm.c
 +++ b/nss/lib/freebl/gcm.c
 @@ -18,6 +18,7 @@

meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch

@@ -1,4 +1,4 @@
-From 919fc5d674fae99fe21ba1351d98b75e466f425f Mon Sep 17 00:00:00 2001
+From 46ab1ca6e6fb8e1196e0665a54506dff370f8f2a Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 22 Feb 2017 11:36:11 +0200
 Subject: [PATCH] nss: fix support cross compiling
@@ -10,15 +10,15 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 
 ---
- nss/coreconf/arch.mk    | 2 +-
+ nss/coreconf/arch.mk    | 4 ++--
  nss/lib/freebl/Makefile | 6 ++++++
- 2 files changed, 7 insertions(+), 1 deletion(-)
+ 2 files changed, 8 insertions(+), 2 deletions(-)
 
 diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
-index 2012d18..78fca62 100644
+index 17e9fae..bc4180a 100644
 --- a/nss/coreconf/arch.mk
 +++ b/nss/coreconf/arch.mk
-@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
+@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s))
  # Attempt to differentiate between sparc and x86 Solaris
  #
  
@@ -31,9 +31,9 @@ index 2012d18..78fca62 100644
 +    OS_RELEASE ?= $(shell uname -r)
  endif
  
- #
+ 
 diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
-index 0b8c6f4..b38889f 100644
+index eeee90a..7ee8736 100644
 --- a/nss/lib/freebl/Makefile
 +++ b/nss/lib/freebl/Makefile
 @@ -36,6 +36,12 @@ ifdef USE_64

meta-oe/recipes-support/nss/nss_3.98.bb

@@ -16,7 +16,7 @@ LICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0-or-later & MIT) | (MPL-2.0 & LGP
 LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
                     file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
                     file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132 \
-                    file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=d4096c1e4421ee56e9e0f441a8161f78"
+                    file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=cc22f07b95d28d56baeb757df46ee7c8"
 
 VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
 
@@ -32,9 +32,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/$
            file://system-pkcs11.txt \
            file://nss-fix-nsinstall-build.patch \
            file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
-           file://0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch \
            "
-SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"
+SRC_URI[sha256sum] = "f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce"
 
 UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
 UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"