# Buildsheet autogenerated by ravenadm tool -- Do not edit. NAMEBASE= nss VERSION= 3.99 KEYWORDS= security VARIANTS= standard SDESC[standard]= Application security development libraries HOMEPAGE= https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS CONTACT= nobody DOWNLOAD_GROUPS= main SITES[main]= MOZILLA/security/nss/releases/NSS_3_99_RTM/src DISTFILE[1]= nss-3.99.tar.gz:main DF_INDEX= 1 SPKGS[standard]= complete primary caroot dev OPTIONS_AVAILABLE= none OPTIONS_STANDARD= none BUILD_DEPENDS= libressl:primary:standard nspr:dev:standard BUILDRUN_DEPENDS= nspr:primary:standard EXRUN[dev]= nspr:dev:standard USES= cpe gmake perl:build sqlite zlib ssl:build DISTNAME= nss-3.99/nss LICENSE= MPL:primary LICENSE_FILE= MPL:{{WRKSRC}}/COPYING LICENSE_SCHEME= solo CPE_PRODUCT= network_security_services CPE_VENDOR= mozilla FPC_EQUIVALENT= security/nss MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib" SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include" FREEBL_LOWHASH=1 NSS_DISABLE_GTESTS=1 NSS_USE_SYSTEM_SQLITE=1 NSS_ENABLE_WERROR=0 BUILD_OPT=1 SINGLE_JOB= yes PLIST_SUB= CERTDIR=share/certs SUB_FILES= nss-config nss.pc pkg-message-caroot MAca-bundle.pl SUB_LIST= VERSION_NSS=3.99 CFLAGS= -I{{LOCALBASE}}/include/nspr LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1 MAKE_ENV=NO_MDUPDATE=1 VAR_OPSYS[linux]= MAKE_ENV=RPATH=-Wl,-rpath,{{PREFIX}}/lib/nss VAR_ARCH[x86_64]= MAKE_ENV=USE_64=1 post-build: ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \ < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt pre-configure: ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \ ${WRKSRC}/lib/sysinit/nsssysinit.c (cd ${WRKSRC} && \ ${FIND} . -name "*.c" -o -name "*.h" | \ ${XARGS} ${GREP} -l -F '"nspr.h"' | \ ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"||') ${FIND} ${WRKSRC}/tests -name '*.sh' | \ ${XARGS} ${GREP} -l -F '/bin/bash' | \ ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|' ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk # prevent attempt to link to shared ssl libraries ${RM} ${LOCALBASE}/libressl/lib*.so do-install: @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \ ${STAGEDIR}${PREFIX}/lib/nss \ ${STAGEDIR}${PREFIX}/share/certs ${FIND} ${WRKDIR}/nss-3.99/dist/public/nss -type l \ -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \; ${INSTALL_LIB} ${WRKDIR}/nss-3.99/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \ ${STAGEDIR}${PREFIX}/lib/nss ${INSTALL_DATA} ${WRKDIR}/nss-3.99/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \ ${STAGEDIR}${PREFIX}/lib/nss .for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.99/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \ ${STAGEDIR}${PREFIX}/bin .endfor ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig # CA ROOT CERT .for D in openssl10 openssl11 openssl30 libressl libressl-devel ${MKDIR} ${STAGEDIR}${PREFIX}/etc/${D} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \ ${STAGEDIR}${PREFIX}/etc/${D}/cert.pem.sample .endfor ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \ ${STAGEDIR}${PREFIX}/share/certs [FILE:301:descriptions/desc.primary] Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. [FILE:120:descriptions/desc.caroot] Root certificates from certificate authorities included in the Mozilla NSS library and thus in Firefox and Thunderbird. [FILE:94:distinfo] 5cd5c2c8406a376686e6fa4b9c2de38aa280bea07bf927c0d521ba07c88b09bd 76753982 nss-3.99.tar.gz [FILE:438:manifests/plist.primary] %%ONLY-LINUX%%lib/nss/libnsssysinit.so bin/ certutil cmsutil crlutil derdump makepqg mangle modutil nss-config ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv lib/nss/ libfreebl3.so libfreeblpriv3.so libnss3.so libnssckbi-testlib.so libnssckbi.so libnssdbm3.so libnssutil3.so libsmime3.so libsoftokn3.so libssl3.so [FILE:222:manifests/plist.caroot] @sample etc/libressl-devel/cert.pem.sample @sample etc/libressl/cert.pem.sample @sample etc/openssl10/cert.pem.sample @sample etc/openssl11/cert.pem.sample @sample etc/openssl30/cert.pem.sample %%CERTDIR%%/ca-root-nss.crt [FILE:1142:manifests/plist.dev] include/nss/nss/ base64.h blapit.h cert.h certdb.h certt.h ciferfam.h cmmf.h cmmft.h cms.h cmsreclist.h cmst.h crmf.h crmft.h cryptohi.h cryptoht.h eccutil.h ecl-exp.h hasht.h jar-ds.h jar.h jarfile.h key.h keyhi.h keyt.h keythi.h kyber.h lowkeyi.h lowkeyti.h nss.h nssb64.h nssb64t.h nssbase.h nssbaset.h nssck.api nssckbi.h nssckepv.h nssckft.h nssckfw.h nssckfwc.h nssckfwt.h nssckg.h nssckmdt.h nssckt.h nssilckt.h nssilock.h nsslocks.h nsslowhash.h nssrwlk.h nssrwlkt.h nssutil.h ocsp.h ocspt.h p12.h p12plcy.h p12t.h pk11func.h pk11hpke.h pk11pqg.h pk11priv.h pk11pub.h pk11sdr.h pkcs11.h pkcs11f.h pkcs11n.h pkcs11p.h pkcs11t.h pkcs11u.h pkcs11uri.h pkcs12.h pkcs12t.h pkcs1sig.h pkcs7t.h portreg.h preenc.h secasn1.h secasn1t.h seccomon.h secder.h secdert.h secdig.h secdigt.h secerr.h sechash.h secitem.h secmime.h secmod.h secmodt.h secoid.h secoidt.h secpkcs5.h secpkcs7.h secport.h shsign.h smime.h ssl.h sslerr.h sslexp.h sslproto.h sslt.h utilmodt.h utilpars.h utilparst.h utilrename.h lib/nss/libcrmf.a lib/pkgconfig/nss.pc [FILE:449:patches/patch-bug301986] --- lib/util/nssilckt.h.orig 2024-02-15 21:40:35 UTC +++ lib/util/nssilckt.h @@ -163,7 +163,7 @@ typedef enum { ** Declare the trace record */ struct pzTrace_s { - PRUint32 threadID; /* PR_GetThreadID() */ + pthread_t threadID; /* PR_GetThreadID() */ nssILockOp op; /* operation being performed */ nssILockType ltype; /* lock type identifier */ PRIntervalTime callTime; /* time spent in function */ [FILE:2109:patches/patch-const] --- cmd/modutil/modutil.h.orig 2024-02-15 21:40:35 UTC +++ cmd/modutil/modutil.h @@ -22,8 +22,8 @@ #include "error.h" Error LoadMechanismList(void); -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); +Error FipsMode(const char *arg); +Error ChkFipsMode(const char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, char *mechanisms, char *modparms); Error DeleteModule(char *moduleName); --- cmd/modutil/pk11.c.orig 2024-02-15 21:40:35 UTC +++ cmd/modutil/pk11.c @@ -16,7 +16,7 @@ * disable FIPS mode on the internal module. */ Error -FipsMode(char *arg) +FipsMode(const char *arg) { char *internal_name; @@ -25,16 +25,18 @@ FipsMode(char *arg) internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name); PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } - PR_smprintf_free(internal_name); if (!PK11_IsFIPS()) { + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name); + PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } + PR_smprintf_free(internal_name); PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); @@ -75,7 +77,7 @@ FipsMode(char *arg) * If arg=="false", verify FIPS mode is disabled on the internal module. */ Error -ChkFipsMode(char *arg) +ChkFipsMode(const char *arg) { if (!PORT_Strcasecmp(arg, "true")) { if (PK11_IsFIPS()) { [FILE:1383:patches/patch-coreconf_Darwin.mk] --- coreconf/Darwin.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/Darwin.mk @@ -7,8 +7,8 @@ CC ?= gcc CCC ?= g++ RANLIB ?= ranlib +NSS_ENABLE_WERROR = 0 include $(CORE_DEPTH)/coreconf/UNIX.mk -include $(CORE_DEPTH)/coreconf/Werror.mk DEFAULT_COMPILER = gcc @@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz -# The system sqlite library in the latest version of Mac OS X often becomes -# newer than the sqlite library in NSS. This may result in certain Mac OS X -# system libraries having unresolved sqlite symbols during the shlibsign step -# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and -# the NSS libsqlite3.dylib is used instead of the system one. So just use the -# system sqlite library on Mac, if it's sufficiently new. - -SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}') -SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }') -SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }') - -ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR)) - ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR))) - # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control - else - NSS_USE_SYSTEM_SQLITE = 1 - endif -endif +NSS_USE_SYSTEM_SQLITE = 1 [FILE:1313:patches/patch-coreconf_DragonFly.mk] --- /dev/null 2024-03-16 16:48:43 UTC +++ coreconf/DragonFly.mk @@ -0,0 +1,54 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include $(CORE_DEPTH)/coreconf/UNIX.mk + +DEFAULT_COMPILER = gcc +CC = gcc +CCC = g++ +RANLIB = ranlib + +CPU_ARCH = $(OS_TEST) +ifeq ($(CPU_ARCH),i386) +CPU_ARCH = x86 +endif +ifeq ($(CPU_ARCH),amd64) +CPU_ARCH = x86_64 +endif + +ifneq (,$(filter %64, $(OS_TEST))) +USE_64 = 1 +endif + +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK + +DSO_CFLAGS = -fPIC +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@) + +# +# The default implementation strategy for FreeBSD is pthreads. +# +ifndef CLASSIC_NSPR +USE_PTHREADS = 1 +DEFINES += -D_THREAD_SAFE -D_REENTRANT +OS_LIBS += -pthread +DSO_LDOPTS += -pthread +endif + +ARCH = freebsd +MOZ_OBJFORMAT = elf +DLL_SUFFIX = so + +MKSHLIB = $(CC) $(DSO_LDOPTS) +ifdef MAPFILE + MKSHLIB += -Wl,--version-script,$(MAPFILE) +endif +PROCESS_MAP_FILE = grep -v ';-' $< | \ + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@ + +G++INCLUDES = -I/usr/include/c++ + +USE_SYSTEM_ZLIB = 1 +ZLIB_LIBS = -lz [FILE:1125:patches/patch-coreconf_FreeBSD.mk] --- coreconf/FreeBSD.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/FreeBSD.mk @@ -5,9 +5,9 @@ include $(CORE_DEPTH)/coreconf/UNIX.mk -DEFAULT_COMPILER = gcc -CC = gcc -CCC = g++ +DEFAULT_COMPILER = $(CC) +CC ?= gcc +CCC = $(CXX) RANLIB = ranlib CPU_ARCH = $(OS_TEST) @@ -20,6 +20,16 @@ endif ifeq ($(CPU_ARCH),amd64) CPU_ARCH = x86_64 endif +ifneq (,$(filter arm%, $(CPU_ARCH))) +CPU_ARCH = arm +endif +ifneq (,$(filter powerpc%, $(CPU_ARCH))) +CPU_ARCH = ppc +endif + +ifneq (,$(filter %64, $(OS_TEST))) +USE_64 = 1 +endif OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK @@ -46,7 +56,11 @@ else DLL_SUFFIX = so.1.0 endif -MKSHLIB = $(CC) $(DSO_LDOPTS) +ifneq (,$(filter alpha ia64,$(OS_TEST))) +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS) +else +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS) +endif ifdef MAPFILE MKSHLIB += -Wl,--version-script,$(MAPFILE) endif @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \ G++INCLUDES = -I/usr/include/g++ -INCLUDES += -I/usr/X11R6/include +USE_SYSTEM_ZLIB = 1 +ZLIB_LIBS = -lz [FILE:1315:patches/patch-coreconf_MidnightBSD] --- /dev/null 2024-03-16 16:48:43 UTC +++ coreconf/MidnightBSD.mk @@ -0,0 +1,54 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include $(CORE_DEPTH)/coreconf/UNIX.mk + +DEFAULT_COMPILER = gcc +CC = gcc +CCC = g++ +RANLIB = ranlib + +CPU_ARCH = $(OS_TEST) +ifeq ($(CPU_ARCH),i386) +CPU_ARCH = x86 +endif +ifeq ($(CPU_ARCH),amd64) +CPU_ARCH = x86_64 +endif + +ifneq (,$(filter %64, $(OS_TEST))) +USE_64 = 1 +endif + +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK + +DSO_CFLAGS = -fPIC +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@) + +# +# The default implementation strategy for FreeBSD is pthreads. +# +ifndef CLASSIC_NSPR +USE_PTHREADS = 1 +DEFINES += -D_THREAD_SAFE -D_REENTRANT +OS_LIBS += -pthread +DSO_LDOPTS += -pthread +endif + +ARCH = freebsd +MOZ_OBJFORMAT = elf +DLL_SUFFIX = so + +MKSHLIB = $(CC) $(DSO_LDOPTS) +ifdef MAPFILE + MKSHLIB += -Wl,--version-script,$(MAPFILE) +endif +PROCESS_MAP_FILE = grep -v ';-' $< | \ + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@ + +G++INCLUDES = -I/usr/include/c++ + +USE_SYSTEM_ZLIB = 1 +ZLIB_LIBS = -lz [FILE:1446:patches/patch-coreconf_SunOS5.mk] --- coreconf/SunOS5.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/SunOS5.mk @@ -33,10 +33,10 @@ endif DEFAULT_COMPILER = cc ifdef NS_USE_GCC - CC = gcc + CC ?= gcc OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch OS_CFLAGS += -D__EXTENSIONS__ - CCC = g++ + CCC ?= g++ CCC += -Wall -Wno-format ASFLAGS += -x assembler-with-cpp OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG) @@ -107,15 +107,11 @@ endif DSO_LDOPTS += -shared -h $(notdir $@) else ifeq ($(USE_64), 1) - ifeq ($(OS_TEST),i86pc) - DSO_LDOPTS +=-xarch=amd64 - else - DSO_LDOPTS +=-xarch=v9 - endif + DSO_LDOPTS += -m64 endif DSO_LDOPTS += -G -h $(notdir $@) endif -DSO_LDOPTS += -z combreloc -z defs -z ignore +# DSO_LDOPTS += -Wl,-z,origin # -KPIC generates position independent code for use in shared libraries. # (Similarly for -fPIC in case of gcc.) @@ -127,16 +123,5 @@ endif NOSUCHFILE = /solaris-rm-f-sucks -ifeq ($(BUILD_SUN_PKG), 1) -# The -R '$ORIGIN' linker option instructs this library to search for its -# dependencies in the same directory where it resides. -ifeq ($(USE_64), 1) -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64' -else -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps' -endif -else -RPATH = -R '$$ORIGIN' -endif - -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc +OS_LIBS += -lrt +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss [FILE:286:patches/patch-coreconf_UNIX.mk] --- coreconf/UNIX.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/UNIX.mk @@ -10,10 +10,8 @@ AR = ar cr $@ LDOPTS += -L$(SOURCE_LIB_DIR) ifdef BUILD_OPT - OPTIMIZER += -O DEFINES += -UDEBUG -DNDEBUG else - OPTIMIZER += -g DEFINES += -DDEBUG -UNDEBUG endif [FILE:441:patches/patch-coreconf_arch.mk] --- coreconf/arch.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/arch.mk @@ -97,6 +97,14 @@ ifeq ($(OS_ARCH),Linux) include $(CORE_DEPTH)/coreconf/Linux.mk endif +ifeq ($(OS_ARCH),DragonFly) +OS_RELEASE := @OS_RELEASE@ +endif + +ifeq ($(OS_ARCH),MidnightBSD) +OS_RELEASE := @OS_RELEASE@ +endif + # Since all uses of OS_ARCH that follow affect only userland, we can # merge other Glibc systems with Linux here. ifeq ($(OS_ARCH),GNU) [FILE:496:patches/patch-coreconf_command.mk] --- coreconf/command.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/command.mk @@ -12,7 +12,7 @@ AS = $(CC) ASFLAGS += $(CFLAGS) CCF = $(CC) $(CFLAGS) LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \ $(DEFINES) $(INCLUDES) $(XCFLAGS) CSTD = -std=c99 CXXSTD = -std=c++11 [FILE:472:patches/patch-coreconf_config.mk] --- coreconf/config.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/config.mk @@ -31,7 +31,7 @@ endif ####################################################################### TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin OpenBSD \ - AIX RISCOS WINNT WIN95 Linux Android + AIX RISCOS WINNT WIN95 Linux Android DragonFly MidnightBSD ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET))) include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk [FILE:248:patches/patch-coreconf_location.mk] --- coreconf/location.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/location.mk @@ -37,7 +37,7 @@ ifdef NSPR_INCLUDE_DIR endif ifndef NSPR_LIB_DIR - NSPR_LIB_DIR = $(DIST)/lib + NSPR_LIB_DIR = $(PREFIX)/lib endif ifdef NSS_INCLUDE_DIR [FILE:308:patches/patch-coreconf_ruleset.mk] --- coreconf/ruleset.mk.orig 2024-02-15 21:40:35 UTC +++ coreconf/ruleset.mk @@ -30,7 +30,7 @@ # ifndef COMPILER_TAG - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC)))) + ifneq ($(DEFAULT_COMPILER), $(CC)) # # Temporary define for the Client; to be removed when binary release is used # [FILE:780:patches/patch-lib_freebl_Makefile] --- lib/freebl/Makefile.orig 2024-02-15 21:40:35 UTC +++ lib/freebl/Makefile @@ -272,7 +272,7 @@ else ifeq ($(CPU_ARCH),x86) endif endif # Darwin -ifeq ($(OS_TARGET),Linux) +ifeq (,$(filter-out Linux DragonFly FreeBSD MidnightBSD, $(OS_TARGET))) ifeq ($(CPU_ARCH),x86_64) # Lower case s on mpi_amd64_common due to make implicit rules. ASFILES = arcfour-amd64-gas.s mpi_amd64_common.s @@ -366,7 +366,7 @@ endif # to bind the blapi function references in FREEBLVector vector # (ldvector.c) to the blapi functions defined in the freebl # shared libraries. -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET))) +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD MidnightBSD, $(OS_TARGET))) MKSHLIB += -Wl,-Bsymbolic endif [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c] --- lib/freebl/mpi/mpcpucache.c.orig 2024-02-15 21:40:35 UTC +++ lib/freebl/mpi/mpcpucache.c @@ -706,6 +706,32 @@ s_mpi_getProcessorLineSize() #endif #if defined(__ppc64__) + +#if defined(__FreeBSD__) +#include +#include + +#include +#include + +unsigned long +s_mpi_getProcessorLineSize() +{ + static int cacheline_size = 0; + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE }; + int clen; + + if (cacheline_size > 0) + return cacheline_size; + + clen = sizeof(cacheline_size); + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]), + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size) + return 128; /* guess */ + + return cacheline_size; +} +#else /* * Sigh, The PPC has some really nice features to help us determine cache * size, since it had lots of direct control functions to do so. The POWER @@ -759,6 +785,7 @@ s_mpi_getProcessorLineSize() } return 0; } +#endif #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1 #endif [FILE:566:patches/patch-lib_softoken_pkcs11.c] --- lib/softoken/pkcs11.c.orig 2024-02-15 21:40:35 UTC +++ lib/softoken/pkcs11.c @@ -3542,8 +3542,8 @@ loser: char buf[200]; int major = 0, minor = 0; - long rv = sysinfo(SI_RELEASE, buf, sizeof(buf)); - if (rv > 0 && rv < sizeof(buf)) { + long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf)); + if (sunrv > 0 && sunrv < sizeof(buf)) { if (2 == sscanf(buf, "%d.%d", &major, &minor)) { /* Are we on Solaris 10 or greater ? */ if (major > 5 || (5 == major && minor >= 10)) { [FILE:1013:patches/patch-lib_softoken_pkcs11c.c] --- lib/softoken/pkcs11c.c.orig 2024-02-15 21:40:35 UTC +++ lib/softoken/pkcs11c.c @@ -6369,9 +6369,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S break; case NSSLOWKEYDSAKey: keyType = CKK_DSA; - crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT; - if (crv != CKR_OK) - break; crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if (crv != CKR_OK) @@ -6411,9 +6408,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S /* what about fortezza??? */ case NSSLOWKEYECKey: keyType = CKK_EC; - crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT; - if (crv != CKR_OK) - break; crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, sizeof(keyType)); if (crv != CKR_OK) [FILE:6041:files/MAca-bundle.pl.in] ## ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt ## ## Rewritten in September 2011 by Matthias Andree to heed untrust ## ## Copyright (c) 2011, 2013 Matthias Andree ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions are ## met: ## ## * Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## ## * Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. use strict; use Carp; use MIME::Base64; my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $'; # configuration print <) { last if /^END/; my (undef,@oct) = split /\\/; my @bin = map(chr(oct), @oct); $data .= join('', @bin); } return $data; } sub grabcert() { my $certdata; my $cka_label; my $serial; while (<>) { chomp; last if ($_ eq ''); if (/^CKA_LABEL UTF8 "([^"]+)"/) { $cka_label = $1; } if (/^CKA_VALUE MULTILINE_OCTAL/) { $certdata = graboct(); } if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { $serial = graboct(); } } return ($serial, $cka_label, $certdata); } sub grabtrust() { my $cka_label; my $serial; my $maytrust = 0; my $distrust = 0; while (<>) { chomp; last if ($_ eq ''); if (/^CKA_LABEL UTF8 "([^"]+)"/) { $cka_label = $1; } if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { $serial = graboct(); } if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/) { if ($2 eq 'CKT_NSS_NOT_TRUSTED') { $distrust = 1; } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') { $maytrust = 1; } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') { confess "Unknown trust setting on line $.:\n" . "$_\n" . "Script must be updated:"; } } } if (!$maytrust && !$distrust && $debug) { print STDERR "line $.: no explicit trust/distrust found for $cka_label\n"; } my $trust = ($maytrust and not $distrust); return ($serial, $cka_label, $trust); } while (<>) { if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { my ($serial, $label, $certdata) = grabcert(); if (defined $certs{$label."\0".$serial}) { warn "Certificate $label duplicated!\n"; } $certs{$label."\0".$serial} = $certdata; } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) { my ($serial, $label, $trust) = grabtrust(); if (defined $trusts{$label."\0".$serial}) { warn "Trust for $label duplicated!\n"; } $trusts{$label."\0".$serial} = $trust; } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n"; } } sub printlabel(@) { my @res = @_; map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res; return wantarray ? @res : $res[0]; } # weed out untrusted certificates my $untrusted = 0; foreach my $it (keys %trusts) { if (!$trusts{$it}) { if (!exists($certs{$it})) { warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug; } else { delete $certs{$it}; warn "Skipping untrusted ".printlabel($it)."\n" if $debug; $untrusted++; } } } print "## Untrusted certificates omitted from this bundle: $untrusted\n\n"; print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n"; my $certcount = 0; foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) { if (!exists($trusts{$it})) { die "Found certificate without trust block,\naborting"; } printcert("", $certs{$it}); print "\n\n\n"; $certcount++; print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug; } if ($certcount < 25) { die "Certificate count of $certcount is implausibly low.\nAbort"; } print "## Number of certificates: $certcount\n"; print STDERR "## Number of certificates: $certcount\n"; print "## End of file.\n"; [FILE:2352:files/nss-config.in] #!/bin/sh prefix=%%PREFIX%% version=%%VERSION_NSS%% usage() { cat <&2 fi lib_ssl=yes lib_smime=yes lib_nss=yes lib_nssutil=yes while test $# -gt 0; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case $1 in --prefix=*) prefix=$optarg ;; --prefix) echo_prefix=yes ;; --exec-prefix=*) exec_prefix=$optarg ;; --exec-prefix) echo_exec_prefix=yes ;; --includedir=*) includedir=$optarg ;; --includedir) echo_includedir=yes ;; --libdir=*) libdir=$optarg ;; --libdir) echo_libdir=yes ;; --version) case $version in *.*.*) echo $version ;; *.*) echo $version.0 ;; *) echo $version.0.0 ;; esac ;; --cflags) echo_cflags=yes ;; --libs) echo_libs=yes ;; ssl) lib_ssl=yes ;; smime) lib_smime=yes ;; nss) lib_nss=yes ;; nssutil) lib_nssutil=yes ;; *) usage 1 1>&2 ;; esac shift done # Set variables that may be dependent upon other variables if test -z "$exec_prefix"; then exec_prefix=$prefix fi if test -z "$includedir"; then includedir=$prefix/include/nss fi if test -z "$libdir"; then libdir=$prefix/lib/nss fi if test "$echo_prefix" = "yes"; then echo $prefix fi if test "$echo_exec_prefix" = "yes"; then echo $exec_prefix fi if test "$echo_includedir" = "yes"; then echo $includedir fi if test "$echo_libdir" = "yes"; then echo $libdir fi if test "$echo_cflags" = "yes"; then echo -I$includedir -I$includedir/nss fi if test "$echo_libs" = "yes"; then libdirs="-Wl,-R${libdir} -L$libdir" if test -n "$lib_ssl"; then libdirs="$libdirs -lssl3" fi if test -n "$lib_smime"; then libdirs="$libdirs -lsmime3" fi if test -n "$lib_nss"; then libdirs="$libdirs -lnss3" fi if test -n "$lib_nssutil"; then libdirs="$libdirs -lnssutil3" fi echo $libdirs fi [FILE:315:files/nss.pc.in] prefix=%%PREFIX%% exec_prefix=%%PREFIX%% libdir=%%PREFIX%%/lib/nss includedir=%%PREFIX%%/include Name: NSS Description: Mozilla Network Security Services Version: %%VERSION_NSS%% Requires: nspr Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3 Cflags: -I${includedir}/nss -I${includedir}/nss/nss [FILE:948:files/pkg-message-caroot.in] ********************************* WARNING ********************************* Ravenports do not, and can not warrant that the certification authorities whose certificates are included in this package have in any way been audited for trustworthiness or RFC 3647 compliance. Assessment and verification of trust is the complete responsibility of the system administrator. *********************************** NOTE ********************************** This package installs symlinks to support root certificates discovery by default for software that uses OpenSSL. This enables SSL Certificate Verification by client software without manual intervention. If you prefer to do this manually, replace the following symlinks with either an empty file or your site-local certificate bundle. * /etc/ssl/cert.pem * %%PREFIX%%/etc/ssl/cert.pem * %%PREFIX%%/openssl/cert.pem ***************************************************************************