Ravenports generated: 17 Jun 2020 17:57

[ravenports.git] / bucket_95 / nss

# Buildsheet autogenerated by ravenadm tool -- Do not edit.

NAMEBASE=               nss
VERSION=                3.53.1
KEYWORDS=               security
VARIANTS=               standard
SDESC[standard]=        Application security development libraries
HOMEPAGE=               http://www.mozilla.org/projects/security/pki/nss/
CONTACT=                nobody

DOWNLOAD_GROUPS=        main
SITES[main]=            MOZILLA/security/nss/releases/NSS_3_53_1_RTM/src
DISTFILE[1]=            nss-3.53.1.tar.gz:main
DF_INDEX=               1
SPKGS[standard]=        complete
                        primary
                        caroot

OPTIONS_AVAILABLE=      none
OPTIONS_STANDARD=       none

BUILD_DEPENDS=          libressl:single:static
BUILDRUN_DEPENDS=       nspr:single:standard

USES=                   cpe gmake perl:build sqlite zlib

DISTNAME=               nss-3.53.1/nss

LICENSE=                MPL:primary
LICENSE_FILE=           MPL:{{WRKSRC}}/COPYING
LICENSE_SCHEME=         solo

CPE_PRODUCT=            network_security_services
CPE_VENDOR=             mozilla
FPC_EQUIVALENT=         security/nss

MAKE_ENV=               LIBRARY_PATH="{{LOCALBASE}}/lib"
                        SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
                        FREEBL_LOWHASH=1
                        NSS_DISABLE_GTESTS=1
                        NSS_USE_SYSTEM_SQLITE=1
                        BUILD_OPT=1
SINGLE_JOB=             yes

PLIST_SUB=              CERTDIR=share/certs
SUB_FILES=              nss-config
                        nss.pc
                        pkg-message-caroot
                        MAca-bundle.pl
SUB_LIST=               VERSION_NSS=3.53.1

CFLAGS=                 -I{{LOCALBASE}}/include/nspr
LDFLAGS=                -Wl,-rpath,{{PREFIX}}/lib/nss
VAR_OPSYS[sunos]=       MAKE_ENV=NS_USE_GCC=1
                        MAKE_ENV=NO_MDUPDATE=1
VAR_OPSYS[linux]=       MAKE_ENV=RPATH=-Wl,-rpath,{{PREFIX}}/lib/nss
VAR_ARCH[x86_64]=       MAKE_ENV=USE_64=1

post-patch:
        ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
                ${WRKSRC}/lib/sysinit/nsssysinit.c
        (cd ${WRKSRC} && \
                ${FIND} . -name "*.c" -o -name "*.h" | \
                ${XARGS} ${GREP} -l -F '"nspr.h"' | \
                ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
        ${FIND} ${WRKSRC}/tests -name '*.sh' | \
                ${XARGS} ${GREP} -l -F '/bin/bash' | \
                ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
        ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk

post-build:
        ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
                < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt

do-install:
        @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
                ${STAGEDIR}${PREFIX}/lib/nss \
                ${STAGEDIR}${PREFIX}/share/certs
        ${FIND} ${WRKDIR}/nss-3.53.1/dist/public/nss -type l \
                -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
        ${INSTALL_LIB} ${WRKDIR}/nss-3.53.1/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
                ${STAGEDIR}${PREFIX}/lib/nss
        ${INSTALL_DATA} ${WRKDIR}/nss-3.53.1/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
                ${STAGEDIR}${PREFIX}/lib/nss
.for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
        ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.53.1/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
                ${STAGEDIR}${PREFIX}/bin
.endfor
        ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
        ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
        # CA ROOT CERT
.for D in openssl openssl-devel libressl libressl-devel
        ${MKDIR} ${STAGEDIR}${PREFIX}/etc/${D}
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
                ${STAGEDIR}${PREFIX}/etc/${D}/cert.pem.sample
.endfor
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
                ${STAGEDIR}${PREFIX}/share/certs

[FILE:301:descriptions/desc.primary]
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.


[FILE:120:descriptions/desc.caroot]
Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.


[FILE:96:distinfo]
2dccde67079b25c4e95ac3121f11b2819c37cf8c48ca263a45d8f83f7a315316     81297900 nss-3.53.1.tar.gz


[FILE:1552:manifests/plist.primary]
%%ONLY-LINUX%%lib/nss/libnsssysinit.so
bin/
 certutil
 cmsutil
 crlutil
 derdump
 makepqg
 mangle
 modutil
 nss-config
 ocspclnt
 oidcalc
 p7content
 p7env
 p7sign
 p7verify
 pk12util
 rsaperf
 shlibsign
 signtool
 signver
 ssltap
 strsclnt
 symkeyutil
 vfychain
 vfyserv
include/nss/nss/
 base64.h
 blapit.h
 cert.h
 certdb.h
 certt.h
 ciferfam.h
 cmmf.h
 cmmft.h
 cms.h
 cmsreclist.h
 cmst.h
 crmf.h
 crmft.h
 cryptohi.h
 cryptoht.h
 eccutil.h
 ecl-exp.h
 hasht.h
 jar-ds.h
 jar.h
 jarfile.h
 key.h
 keyhi.h
 keyt.h
 keythi.h
 lowkeyi.h
 lowkeyti.h
 nss.h
 nssb64.h
 nssb64t.h
 nssbase.h
 nssbaset.h
 nssck.api
 nssckbi.h
 nssckepv.h
 nssckft.h
 nssckfw.h
 nssckfwc.h
 nssckfwt.h
 nssckg.h
 nssckmdt.h
 nssckt.h
 nssilckt.h
 nssilock.h
 nsslocks.h
 nsslowhash.h
 nssrwlk.h
 nssrwlkt.h
 nssutil.h
 ocsp.h
 ocspt.h
 p12.h
 p12plcy.h
 p12t.h
 pk11func.h
 pk11pqg.h
 pk11priv.h
 pk11pub.h
 pk11sdr.h
 pkcs11.h
 pkcs11f.h
 pkcs11n.h
 pkcs11p.h
 pkcs11t.h
 pkcs11u.h
 pkcs11uri.h
 pkcs12.h
 pkcs12t.h
 pkcs1sig.h
 pkcs7t.h
 portreg.h
 preenc.h
 secasn1.h
 secasn1t.h
 seccomon.h
 secder.h
 secdert.h
 secdig.h
 secdigt.h
 secerr.h
 sechash.h
 secitem.h
 secmime.h
 secmod.h
 secmodt.h
 secoid.h
 secoidt.h
 secpkcs5.h
 secpkcs7.h
 secport.h
 shsign.h
 smime.h
 ssl.h
 sslerr.h
 sslexp.h
 sslproto.h
 sslt.h
 utilmodt.h
 utilpars.h
 utilparst.h
 utilrename.h
lib/nss/
 libcrmf.a
 libfreebl3.so
 libfreeblpriv3.so
 libnss3.so
 libnssckbi-testlib.so
 libnssckbi.so
 libnssdbm3.so
 libnssutil3.so
 libsmime3.so
 libsoftokn3.so
 libssl3.so
lib/pkgconfig/nss.pc


[FILE:186:manifests/plist.caroot]
@sample etc/libressl-devel/cert.pem.sample
@sample etc/libressl/cert.pem.sample
@sample etc/openssl-devel/cert.pem.sample
@sample etc/openssl/cert.pem.sample
%%CERTDIR%%/ca-root-nss.crt


[FILE:449:patches/patch-bug301986]
--- lib/util/nssilckt.h.orig    2020-06-16 22:50:59 UTC
+++ lib/util/nssilckt.h
@@ -163,7 +163,7 @@ typedef enum {
 ** Declare the trace record
 */
 struct pzTrace_s {
-    PRUint32 threadID;       /* PR_GetThreadID() */
+    pthread_t threadID;      /* PR_GetThreadID() */
     nssILockOp op;           /* operation being performed */
     nssILockType ltype;      /* lock type identifier */
     PRIntervalTime callTime; /* time spent in function */


[FILE:2109:patches/patch-const]
--- cmd/modutil/modutil.h.orig  2020-06-16 22:50:59 UTC
+++ cmd/modutil/modutil.h
@@ -22,8 +22,8 @@
 #include "error.h"
 
 Error LoadMechanismList(void);
-Error FipsMode(char *arg);
-Error ChkFipsMode(char *arg);
+Error FipsMode(const char *arg);
+Error ChkFipsMode(const char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
                 char *mechanisms, char *modparms);
 Error DeleteModule(char *moduleName);
--- cmd/modutil/pk11.c.orig     2020-06-16 22:50:59 UTC
+++ cmd/modutil/pk11.c
@@ -16,7 +16,7 @@
  * disable FIPS mode on the internal module.
  */
 Error
-FipsMode(char *arg)
+FipsMode(const char *arg)
 {
     char *internal_name;
 
@@ -25,16 +25,18 @@ FipsMode(char *arg)
             internal_name = PR_smprintf("%s",
                                         SECMOD_GetInternalModule()->commonName);
             if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
-                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+                PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
                 PR_smprintf_free(internal_name);
                 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                 return FIPS_SWITCH_FAILED_ERR;
             }
-            PR_smprintf_free(internal_name);
             if (!PK11_IsFIPS()) {
+                PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
+                PR_smprintf_free(internal_name);
                 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                 return FIPS_SWITCH_FAILED_ERR;
             }
+            PR_smprintf_free(internal_name);
             PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
         } else {
             PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
@@ -75,7 +77,7 @@ FipsMode(char *arg)
  * If arg=="false", verify FIPS mode is disabled on the internal module.
  */
 Error
-ChkFipsMode(char *arg)
+ChkFipsMode(const char *arg)
 {
     if (!PORT_Strcasecmp(arg, "true")) {
         if (PK11_IsFIPS()) {


[FILE:1383:patches/patch-coreconf_Darwin.mk]
--- coreconf/Darwin.mk.orig     2020-06-16 22:50:59 UTC
+++ coreconf/Darwin.mk
@@ -7,8 +7,8 @@ CC     ?= gcc
 CCC    ?= g++
 RANLIB ?= ranlib
 
+NSS_ENABLE_WERROR = 0
 include $(CORE_DEPTH)/coreconf/UNIX.mk
-include $(CORE_DEPTH)/coreconf/Werror.mk
 
 DEFAULT_COMPILER = gcc
 
@@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
 USE_SYSTEM_ZLIB = 1
 ZLIB_LIBS      = -lz
 
-# The system sqlite library in the latest version of Mac OS X often becomes
-# newer than the sqlite library in NSS. This may result in certain Mac OS X
-# system libraries having unresolved sqlite symbols during the shlibsign step
-# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
-# the NSS libsqlite3.dylib is used instead of the system one. So just use the
-# system sqlite library on Mac, if it's sufficiently new.
-
-SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
-SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
-SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
-
-ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
-    ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
-        # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
-    else
-        NSS_USE_SYSTEM_SQLITE = 1
-    endif
-endif
+NSS_USE_SYSTEM_SQLITE = 1


[FILE:1313:patches/patch-coreconf_DragonFly.mk]
--- /dev/null   2020-06-17 17:51:18 UTC
+++ coreconf/DragonFly.mk
@@ -0,0 +1,54 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER       = gcc
+CC                     = gcc
+CCC                    = g++
+RANLIB                 = ranlib
+
+CPU_ARCH               = $(OS_TEST)
+ifeq ($(CPU_ARCH),i386)
+CPU_ARCH               = x86
+endif
+ifeq ($(CPU_ARCH),amd64)
+CPU_ARCH               = x86_64
+endif
+
+ifneq (,$(filter %64, $(OS_TEST)))
+USE_64                 = 1
+endif
+
+OS_CFLAGS              = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+
+DSO_CFLAGS             = -fPIC
+DSO_LDOPTS             = -shared -Wl,-soname -Wl,$(notdir $@)
+
+#
+# The default implementation strategy for FreeBSD is pthreads.
+#
+ifndef CLASSIC_NSPR
+USE_PTHREADS           = 1
+DEFINES                        += -D_THREAD_SAFE -D_REENTRANT
+OS_LIBS                        += -pthread
+DSO_LDOPTS             += -pthread
+endif
+
+ARCH                   = freebsd
+MOZ_OBJFORMAT          = elf
+DLL_SUFFIX             = so
+
+MKSHLIB                        = $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+       MKSHLIB += -Wl,--version-script,$(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+        sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
+
+G++INCLUDES            = -I/usr/include/c++
+
+USE_SYSTEM_ZLIB                = 1
+ZLIB_LIBS              = -lz


[FILE:1125:patches/patch-coreconf_FreeBSD.mk]
--- coreconf/FreeBSD.mk.orig    2020-06-16 22:50:59 UTC
+++ coreconf/FreeBSD.mk
@@ -5,9 +5,9 @@
 
 include $(CORE_DEPTH)/coreconf/UNIX.mk
 
-DEFAULT_COMPILER       = gcc
-CC                     = gcc
-CCC                    = g++
+DEFAULT_COMPILER       = $(CC)
+CC                     ?= gcc
+CCC                    = $(CXX)
 RANLIB                 = ranlib
 
 CPU_ARCH               = $(OS_TEST)
@@ -20,6 +20,16 @@ endif
 ifeq ($(CPU_ARCH),amd64)
 CPU_ARCH               = x86_64
 endif
+ifneq (,$(filter arm%, $(CPU_ARCH)))
+CPU_ARCH               = arm
+endif
+ifneq (,$(filter powerpc%, $(CPU_ARCH)))
+CPU_ARCH               = ppc
+endif
+
+ifneq (,$(filter %64, $(OS_TEST)))
+USE_64                 = 1
+endif
 
 OS_CFLAGS              = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
 
@@ -46,7 +56,11 @@ else
 DLL_SUFFIX             = so.1.0
 endif
 
-MKSHLIB                        = $(CC) $(DSO_LDOPTS)
+ifneq (,$(filter alpha ia64,$(OS_TEST)))
+MKSHLIB                        = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
+else
+MKSHLIB                        = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
+endif
 ifdef MAPFILE
        MKSHLIB += -Wl,--version-script,$(MAPFILE)
 endif
@@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
 
 G++INCLUDES            = -I/usr/include/g++
 
-INCLUDES               += -I/usr/X11R6/include
+USE_SYSTEM_ZLIB                = 1
+ZLIB_LIBS              = -lz


[FILE:2044:patches/patch-coreconf_SunOS5.mk]
--- coreconf/SunOS5.mk.orig     2020-06-16 22:50:59 UTC
+++ coreconf/SunOS5.mk
@@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
   ifdef NS_USE_GCC
       ARCHFLAG=-m64
   else
-      ifeq ($(OS_TEST),i86pc)
+      ifeq ($(OS_TEST),x86_64)
         ARCHFLAG=-xarch=amd64
       else
         ARCHFLAG=-xarch=v9
       endif
   endif
 else
-  ifneq ($(OS_TEST),i86pc)
+  ifneq ($(OS_TEST),x86_64)
     ifdef NS_USE_GCC
       ARCHFLAG=-mcpu=v9
     else
@@ -33,10 +33,10 @@ endif
 DEFAULT_COMPILER = cc
 
 ifdef NS_USE_GCC
-       CC         = gcc
+       CC        ?= gcc
        OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
        OS_CFLAGS += -D__EXTENSIONS__
-       CCC        = g++
+       CCC       ?= g++
        CCC       += -Wall -Wno-format
        ASFLAGS   += -x assembler-with-cpp
        OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
@@ -65,7 +65,7 @@ RANLIB      = echo
 CPU_ARCH    = sparc
 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
 
-ifeq ($(OS_TEST),i86pc)
+ifeq ($(OS_TEST),x86_64)
 ifeq ($(USE_64),1)
     CPU_ARCH           = x86_64
 else
@@ -107,15 +107,11 @@ endif
        DSO_LDOPTS += -shared -h $(notdir $@)
 else
 ifeq ($(USE_64), 1)
-       ifeq ($(OS_TEST),i86pc)
-           DSO_LDOPTS +=-xarch=amd64
-       else
-           DSO_LDOPTS +=-xarch=v9
-       endif
+       DSO_LDOPTS += -m64
 endif
        DSO_LDOPTS += -G -h $(notdir $@)
 endif
-DSO_LDOPTS += -z combreloc -z defs -z ignore
+# DSO_LDOPTS += -Wl,-z,origin
 
 # -KPIC generates position independent code for use in shared libraries.
 # (Similarly for -fPIC in case of gcc.)
@@ -127,16 +123,5 @@ endif
 
 NOSUCHFILE   = /solaris-rm-f-sucks
 
-ifeq ($(BUILD_SUN_PKG), 1)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-ifeq ($(USE_64), 1)
-RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
-else
-RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
-endif
-else
-RPATH = -R '$$ORIGIN'
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
+OS_LIBS += -lrt
+RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss


[FILE:286:patches/patch-coreconf_UNIX.mk]
--- coreconf/UNIX.mk.orig       2020-06-16 22:50:59 UTC
+++ coreconf/UNIX.mk
@@ -10,10 +10,8 @@ AR          = ar cr $@
 LDOPTS     += -L$(SOURCE_LIB_DIR)
 
 ifdef BUILD_OPT
-       OPTIMIZER  += -O
        DEFINES    += -UDEBUG -DNDEBUG
 else
-       OPTIMIZER  += -g
        DEFINES    += -DDEBUG -UNDEBUG
 endif
 


[FILE:611:patches/patch-coreconf_arch.mk]
--- coreconf/arch.mk.orig       2020-06-16 22:50:59 UTC
+++ coreconf/arch.mk
@@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
 # Attempt to differentiate between sparc and x86 Solaris
 #
 
-OS_TEST := $(shell uname -m)
+OS_TEST := $(shell uname -p)
 ifeq ($(OS_TEST),i86pc)
     OS_RELEASE := $(shell uname -r)_$(OS_TEST)
 else
@@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
     KERNEL = Linux
 endif
 
+ifeq ($(OS_ARCH),DragonFly)
+OS_RELEASE := @OS_RELEASE@
+endif
+
 # Since all uses of OS_ARCH that follow affect only userland, we can
 # merge other Glibc systems with Linux here.
 ifeq ($(OS_ARCH),GNU)


[FILE:496:patches/patch-coreconf_command.mk]
--- coreconf/command.mk.orig    2020-06-16 22:50:59 UTC
+++ coreconf/command.mk
@@ -12,7 +12,7 @@ AS            = $(CC)
 ASFLAGS      += $(CFLAGS)
 CCF           = $(CC) $(CFLAGS)
 LINK_DLL      = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
-CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
+CFLAGS       += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
                 $(DEFINES) $(INCLUDES) $(XCFLAGS)
 CSTD          = -std=c99
 CXXSTD        = -std=c++11


[FILE:465:patches/patch-coreconf_config.mk]
--- coreconf/config.mk.orig     2020-06-16 22:50:59 UTC
+++ coreconf/config.mk
@@ -31,7 +31,7 @@ endif
 #######################################################################
 
 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
-              AIX RISCOS WINNT WIN95 Linux Android
+              AIX RISCOS WINNT WIN95 Linux Android DragonFly
 
 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk


[FILE:248:patches/patch-coreconf_location.mk]
--- coreconf/location.mk.orig   2020-06-16 22:50:59 UTC
+++ coreconf/location.mk
@@ -37,7 +37,7 @@ ifdef NSPR_INCLUDE_DIR
 endif
 
 ifndef NSPR_LIB_DIR
-    NSPR_LIB_DIR = $(DIST)/lib
+    NSPR_LIB_DIR = $(PREFIX)/lib
 endif
 
 ifdef NSS_INCLUDE_DIR


[FILE:308:patches/patch-coreconf_ruleset.mk]
--- coreconf/ruleset.mk.orig    2020-06-16 22:50:59 UTC
+++ coreconf/ruleset.mk
@@ -30,7 +30,7 @@
 #
 
 ifndef COMPILER_TAG
-    ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
+    ifneq ($(DEFAULT_COMPILER), $(CC))
 #
 # Temporary define for the Client; to be removed when binary release is used
 #


[FILE:720:patches/patch-lib_freebl_Makefile]
--- lib/freebl/Makefile.orig    2020-06-16 22:50:59 UTC
+++ lib/freebl/Makefile
@@ -238,7 +238,7 @@ ifeq ($(CPU_ARCH),x86)
 endif
 endif # Darwin
 
-ifeq ($(OS_TARGET),Linux)
+ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
 ifeq ($(CPU_ARCH),x86_64)
     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
     ASFLAGS += -fPIC -Wa,--noexecstack
@@ -323,7 +323,7 @@ endif
 # to bind the blapi function references in FREEBLVector vector
 # (ldvector.c) to the blapi functions defined in the freebl
 # shared libraries.
-ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
     MKSHLIB += -Wl,-Bsymbolic
 endif
 


[FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
--- lib/freebl/mpi/mpcpucache.c.orig    2020-06-16 22:50:59 UTC
+++ lib/freebl/mpi/mpcpucache.c
@@ -706,6 +706,32 @@ s_mpi_getProcessorLineSize()
 #endif
 
 #if defined(__ppc64__)
+
+#if defined(__FreeBSD__)
+#include <sys/stddef.h>
+#include <sys/sysctl.h>
+
+#include <machine/cpu.h>
+#include <machine/md_var.h>
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+       static int cacheline_size = 0;
+       static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
+       int clen;
+       
+       if (cacheline_size > 0)
+               return cacheline_size;
+
+       clen = sizeof(cacheline_size);
+       if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
+           &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
+               return 128; /* guess */
+
+       return cacheline_size;
+}
+#else
 /*
  *  Sigh, The PPC has some really nice features to help us determine cache
  *  size, since it had lots of direct control functions to do so. The POWER
@@ -759,6 +785,7 @@ s_mpi_getProcessorLineSize()
     }
     return 0;
 }
+#endif
 
 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
 #endif


[FILE:600:patches/patch-lib_softoken_pkcs11.c]
--- lib/softoken/pkcs11.c.orig  2020-06-16 22:50:59 UTC
+++ lib/softoken/pkcs11.c
@@ -3345,8 +3345,8 @@ nsc_CommonInitialize(CK_VOID_PTR pReserv
         char buf[200];
         int major = 0, minor = 0;
 
-        long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
-        if (rv > 0 && rv < sizeof(buf)) {
+        long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+        if (sunrv > 0 && sunrv < sizeof(buf)) {
             if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
                 /* Are we on Solaris 10 or greater ? */
                 if (major > 5 || (5 == major && minor >= 10)) {


[FILE:1013:patches/patch-lib_softoken_pkcs11c.c]
--- lib/softoken/pkcs11c.c.orig 2020-06-16 22:50:59 UTC
+++ lib/softoken/pkcs11c.c
@@ -6113,9 +6113,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
             break;
         case NSSLOWKEYDSAKey:
             keyType = CKK_DSA;
-            crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
-            if (crv != CKR_OK)
-                break;
             crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
                                         sizeof(keyType));
             if (crv != CKR_OK)
@@ -6155,9 +6152,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
         /* what about fortezza??? */
         case NSSLOWKEYECKey:
             keyType = CKK_EC;
-            crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
-            if (crv != CKR_OK)
-                break;
             crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
                                         sizeof(keyType));
             if (crv != CKR_OK)


[FILE:6041:files/MAca-bundle.pl.in]
##
##  MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
##
##  Rewritten in September 2011 by Matthias Andree to heed untrust
##

##  Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
##  All rights reserved.
##
##  Redistribution and use in source and binary forms, with or without
##  modification, are permitted provided that the following conditions are
##  met:
##
##  * Redistributions of source code must retain the above copyright
##  notice, this list of conditions and the following disclaimer.
##
##  * Redistributions in binary form must reproduce the above copyright
##  notice, this list of conditions and the following disclaimer in the
##  documentation and/or other materials provided with the distribution.
##
##  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
##  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
##  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
##  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
##  COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
##  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
##  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
##  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
##  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
##  ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
##  POSSIBILITY OF SUCH DAMAGE.

use strict;
use Carp;
use MIME::Base64;

my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';

#   configuration
print <<EOH;
##
##  ca-root-nss.crt -- Bundle of CA Root Certificates
##
##  This is a bundle of X.509 certificates of public Certificate
##  Authorities (CA). These were automatically extracted from Mozilla's
##  root CA list (the file `certdata.txt').
##
##  Extracted from nss-%%VERSION_NSS%%
##  with $VERSION
##
EOH
my $debug = 0;
$debug++
    if defined $ENV{'WITH_DEBUG'}
        and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;

my %certs;
my %trusts;

sub printcert_plain($$)
{
    my ($label, $certdata) = @_;
    print "=== $label ===\n" if $label;
    print
        "-----BEGIN CERTIFICATE-----\n",
        MIME::Base64::encode_base64($certdata),
        "-----END CERTIFICATE-----\n\n";
}

sub printcert_info($$)
{
    my (undef, $certdata) = @_;
    return unless $certdata;
    open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    print OUT $certdata;
    close(OUT) or die "openssl x509 failed with exit code $?";
}

sub printcert($$) {
    my ($a, $b) = @_;
    printcert_info($a, $b);
}

sub graboct()
{
    my $data;

    while (<>) {
        last if /^END/;
        my (undef,@oct) = split /\\/;
        my @bin = map(chr(oct), @oct);
        $data .= join('', @bin);
    }

    return $data;
}


sub grabcert()
{
    my $certdata;
    my $cka_label;
    my $serial;

    while (<>) {
        chomp;
        last if ($_ eq '');

        if (/^CKA_LABEL UTF8 "([^"]+)"/) {
            $cka_label = $1;
        }

        if (/^CKA_VALUE MULTILINE_OCTAL/) {
            $certdata = graboct();
        }

        if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
            $serial = graboct();
        }
    }
    return ($serial, $cka_label, $certdata);
}

sub grabtrust() {
    my $cka_label;
    my $serial;
    my $maytrust = 0;
    my $distrust = 0;

    while (<>) {
        chomp;
        last if ($_ eq '');

        if (/^CKA_LABEL UTF8 "([^"]+)"/) {
            $cka_label = $1;
        }

        if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
            $serial = graboct();
        }

        if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
        {
            if ($2 eq      'CKT_NSS_NOT_TRUSTED') {
                $distrust = 1;
            } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
                $maytrust = 1;
            } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
                confess "Unknown trust setting on line $.:\n"
                . "$_\n"
                . "Script must be updated:";
            }
        }
    }

    if (!$maytrust && !$distrust && $debug) {
        print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
    }

    my $trust = ($maytrust and not $distrust);
    return ($serial, $cka_label, $trust);
}

while (<>) {
    if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
        my ($serial, $label, $certdata) = grabcert();
        if (defined $certs{$label."\0".$serial}) {
            warn "Certificate $label duplicated!\n";
        }
        $certs{$label."\0".$serial} = $certdata;
    } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
        my ($serial, $label, $trust) = grabtrust();
        if (defined $trusts{$label."\0".$serial}) {
            warn "Trust for $label duplicated!\n";
        }
        $trusts{$label."\0".$serial} = $trust;
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "##  Source: \"certdata.txt\" CVS revision $1\n##\n\n";
    }
}

sub printlabel(@) {
    my @res = @_;
    map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
    return wantarray ? @res : $res[0];
}

# weed out untrusted certificates
my $untrusted = 0;
foreach my $it (keys %trusts) {
    if (!$trusts{$it}) {
        if (!exists($certs{$it})) {
            warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
        } else {
            delete $certs{$it};
            warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
            $untrusted++;
        }
    }
}

print           "##  Untrusted certificates omitted from this bundle: $untrusted\n\n";
print STDERR    "##  Untrusted certificates omitted from this bundle: $untrusted\n";

my $certcount = 0;
foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
    if (!exists($trusts{$it})) {
        die "Found certificate without trust block,\naborting";
    }
    printcert("", $certs{$it});
    print "\n\n\n";
    $certcount++;
    print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
}

if ($certcount < 25) {
    die "Certificate count of $certcount is implausibly low.\nAbort";
}

print           "##  Number of certificates: $certcount\n";
print STDERR    "##  Number of certificates: $certcount\n";
print "##  End of file.\n";


[FILE:2352:files/nss-config.in]
#!/bin/sh

prefix=%%PREFIX%%
version=%%VERSION_NSS%%

usage()
{
        cat <<EOF
Usage: nss-config [OPTIONS] [LIBRARIES]
Options:
        [--prefix[=DIR]]
        [--exec-prefix[=DIR]]
        [--includedir[=DIR]]
        [--libdir[=DIR]]
        [--version]
        [--libs]
        [--cflags]
Dynamic Libraries:
        nss
        nssutil
        ssl
        smime
EOF
        exit $1
}

if test $# -eq 0; then
        usage 1 1>&2
fi

lib_ssl=yes
lib_smime=yes
lib_nss=yes
lib_nssutil=yes

while test $# -gt 0; do
  case "$1" in
  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
  *) optarg= ;;
  esac

  case $1 in
    --prefix=*)
      prefix=$optarg
      ;;
    --prefix)
      echo_prefix=yes
      ;;
    --exec-prefix=*)
      exec_prefix=$optarg
      ;;
    --exec-prefix)
      echo_exec_prefix=yes
      ;;
    --includedir=*)
      includedir=$optarg
      ;;
    --includedir)
      echo_includedir=yes
      ;;
    --libdir=*)
      libdir=$optarg
      ;;
    --libdir)
      echo_libdir=yes
      ;;
    --version)
      case $version in
      *.*.*) echo $version ;;
      *.*) echo $version.0 ;;
      *) echo $version.0.0 ;;
      esac
      ;;
    --cflags)
      echo_cflags=yes
      ;;
    --libs)
      echo_libs=yes
      ;;
    ssl)
      lib_ssl=yes
      ;;
    smime)
      lib_smime=yes
      ;;
    nss)
      lib_nss=yes
      ;;
    nssutil)
      lib_nssutil=yes
      ;;
    *)
      usage 1 1>&2
      ;;
  esac
  shift
done

# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
    exec_prefix=$prefix
fi
if test -z "$includedir"; then
    includedir=$prefix/include/nss
fi
if test -z "$libdir"; then
    libdir=$prefix/lib/nss
fi

if test "$echo_prefix" = "yes"; then
    echo $prefix
fi

if test "$echo_exec_prefix" = "yes"; then
    echo $exec_prefix
fi

if test "$echo_includedir" = "yes"; then
    echo $includedir
fi

if test "$echo_libdir" = "yes"; then
    echo $libdir
fi

if test "$echo_cflags" = "yes"; then
    echo -I$includedir -I$includedir/nss
fi

if test "$echo_libs" = "yes"; then
      libdirs="-Wl,-R${libdir} -L$libdir"
      if test -n "$lib_ssl"; then
        libdirs="$libdirs -lssl3"
      fi
      if test -n "$lib_smime"; then
        libdirs="$libdirs -lsmime3"
      fi
      if test -n "$lib_nss"; then
        libdirs="$libdirs -lnss3"
      fi
      if test -n "$lib_nssutil"; then
        libdirs="$libdirs -lnssutil3"
      fi
      echo $libdirs
fi      


[FILE:315:files/nss.pc.in]
prefix=%%PREFIX%%
exec_prefix=%%PREFIX%%
libdir=%%PREFIX%%/lib/nss
includedir=%%PREFIX%%/include

Name: NSS
Description: Mozilla Network Security Services
Version: %%VERSION_NSS%%
Requires: nspr
Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
Cflags: -I${includedir}/nss -I${includedir}/nss/nss


[FILE:948:files/pkg-message-caroot.in]
********************************* WARNING *********************************

Ravenports do not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * %%PREFIX%%/etc/ssl/cert.pem
  * %%PREFIX%%/openssl/cert.pem

***************************************************************************