1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Application security development libraries
8 HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
12 SITES[main]= MOZILLA/security/nss/releases/NSS_3_46_1_RTM/src
13 DISTFILE[1]= nss-3.46.1.tar.gz:main
15 SPKGS[standard]= complete
19 OPTIONS_AVAILABLE= none
20 OPTIONS_STANDARD= none
22 BUILD_DEPENDS= libressl:single:static
23 BUILDRUN_DEPENDS= nspr:single:standard
25 USES= cpe gmake perl:build sqlite zlib
27 DISTNAME= nss-3.46.1/nss
30 LICENSE_FILE= MPL:{{WRKSRC}}/COPYING
33 CPE_PRODUCT= network_security_services
35 FPC_EQUIVALENT= security/nss
37 MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib"
38 SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
42 NSS_USE_SYSTEM_SQLITE=1
46 PLIST_SUB= CERTDIR=share/certs
51 SUB_LIST= VERSION_NSS=3.46.1
53 CFLAGS= -I{{LOCALBASE}}/include/nspr
54 LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss
55 VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1
56 MAKE_ENV=NO_MDUPDATE=1
57 VAR_ARCH[x86_64]= MAKE_ENV=USE_64=1
60 ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
61 ${WRKSRC}/lib/sysinit/nsssysinit.c
63 ${FIND} . -name "*.c" -o -name "*.h" | \
64 ${XARGS} ${GREP} -l -F '"nspr.h"' | \
65 ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
66 ${FIND} ${WRKSRC}/tests -name '*.sh' | \
67 ${XARGS} ${GREP} -l -F '/bin/bash' | \
68 ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
69 ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk
72 ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
73 < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt
76 @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
77 ${STAGEDIR}${PREFIX}/lib/nss \
78 ${STAGEDIR}${PREFIX}/share/certs
79 ${FIND} ${WRKDIR}/nss-3.46.1/dist/public/nss -type l \
80 -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
81 ${INSTALL_LIB} ${WRKDIR}/nss-3.46.1/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
82 ${STAGEDIR}${PREFIX}/lib/nss
83 ${INSTALL_DATA} ${WRKDIR}/nss-3.46.1/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
84 ${STAGEDIR}${PREFIX}/lib/nss
85 .for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
86 ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.46.1/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
87 ${STAGEDIR}${PREFIX}/bin
89 ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
90 ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
92 .for D in openssl openssl-devel libressl libressl-devel
93 ${MKDIR} ${STAGEDIR}${PREFIX}/etc/${D}
94 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
95 ${STAGEDIR}${PREFIX}/etc/${D}/cert.pem.sample
97 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
98 ${STAGEDIR}${PREFIX}/share/certs
100 [FILE:301:descriptions/desc.primary]
101 Network Security Services (NSS) is a set of libraries designed to support
102 cross-platform development of security-enabled server applications.
103 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
104 PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
108 [FILE:120:descriptions/desc.caroot]
109 Root certificates from certificate authorities included in the Mozilla
110 NSS library and thus in Firefox and Thunderbird.
114 3bf7e0ed7db98803f134c527c436cc68415ff17257d34bd75de14e9a09d13651 76417797 nss-3.46.1.tar.gz
117 [FILE:1514:manifests/plist.primary]
118 %%ONLY-LINUX%%lib/nss/libnsssysinit.so
259 [FILE:186:manifests/plist.caroot]
260 @sample etc/libressl/cert.pem.sample
261 @sample etc/libressl-devel/cert.pem.sample
262 @sample etc/openssl/cert.pem.sample
263 @sample etc/openssl-devel/cert.pem.sample
264 %%CERTDIR%%/ca-root-nss.crt
267 [FILE:449:patches/patch-bug301986]
268 --- lib/util/nssilckt.h.orig 2019-10-02 20:51:28 UTC
269 +++ lib/util/nssilckt.h
270 @@ -163,7 +163,7 @@ typedef enum {
271 ** Declare the trace record
274 - PRUint32 threadID; /* PR_GetThreadID() */
275 + pthread_t threadID; /* PR_GetThreadID() */
276 nssILockOp op; /* operation being performed */
277 nssILockType ltype; /* lock type identifier */
278 PRIntervalTime callTime; /* time spent in function */
281 [FILE:2109:patches/patch-const]
282 --- cmd/modutil/modutil.h.orig 2019-10-02 20:51:28 UTC
283 +++ cmd/modutil/modutil.h
287 Error LoadMechanismList(void);
288 -Error FipsMode(char *arg);
289 -Error ChkFipsMode(char *arg);
290 +Error FipsMode(const char *arg);
291 +Error ChkFipsMode(const char *arg);
292 Error AddModule(char *moduleName, char *libFile, char *ciphers,
293 char *mechanisms, char *modparms);
294 Error DeleteModule(char *moduleName);
295 --- cmd/modutil/pk11.c.orig 2019-10-02 20:51:28 UTC
296 +++ cmd/modutil/pk11.c
298 * disable FIPS mode on the internal module.
302 +FipsMode(const char *arg)
306 @@ -25,16 +25,18 @@ FipsMode(char *arg)
307 internal_name = PR_smprintf("%s",
308 SECMOD_GetInternalModule()->commonName);
309 if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
310 - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
311 + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
312 PR_smprintf_free(internal_name);
313 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
314 return FIPS_SWITCH_FAILED_ERR;
316 - PR_smprintf_free(internal_name);
317 if (!PK11_IsFIPS()) {
318 + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
319 + PR_smprintf_free(internal_name);
320 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
321 return FIPS_SWITCH_FAILED_ERR;
323 + PR_smprintf_free(internal_name);
324 PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
326 PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
327 @@ -75,7 +77,7 @@ FipsMode(char *arg)
328 * If arg=="false", verify FIPS mode is disabled on the internal module.
331 -ChkFipsMode(char *arg)
332 +ChkFipsMode(const char *arg)
334 if (!PORT_Strcasecmp(arg, "true")) {
338 [FILE:1383:patches/patch-coreconf_Darwin.mk]
339 --- coreconf/Darwin.mk.orig 2019-10-02 20:51:28 UTC
340 +++ coreconf/Darwin.mk
341 @@ -7,8 +7,8 @@ CC ?= gcc
345 +NSS_ENABLE_WERROR = 0
346 include $(CORE_DEPTH)/coreconf/UNIX.mk
347 -include $(CORE_DEPTH)/coreconf/Werror.mk
349 DEFAULT_COMPILER = gcc
351 @@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
355 -# The system sqlite library in the latest version of Mac OS X often becomes
356 -# newer than the sqlite library in NSS. This may result in certain Mac OS X
357 -# system libraries having unresolved sqlite symbols during the shlibsign step
358 -# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
359 -# the NSS libsqlite3.dylib is used instead of the system one. So just use the
360 -# system sqlite library on Mac, if it's sufficiently new.
362 -SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
363 -SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
364 -SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
366 -ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
367 - ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
368 - # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
370 - NSS_USE_SYSTEM_SQLITE = 1
373 +NSS_USE_SYSTEM_SQLITE = 1
376 [FILE:1313:patches/patch-coreconf_DragonFly.mk]
377 --- /dev/null 2019-10-08 15:25:52 UTC
378 +++ coreconf/DragonFly.mk
381 +# This Source Code Form is subject to the terms of the Mozilla Public
382 +# License, v. 2.0. If a copy of the MPL was not distributed with this
383 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
385 +include $(CORE_DEPTH)/coreconf/UNIX.mk
387 +DEFAULT_COMPILER = gcc
392 +CPU_ARCH = $(OS_TEST)
393 +ifeq ($(CPU_ARCH),i386)
396 +ifeq ($(CPU_ARCH),amd64)
400 +ifneq (,$(filter %64, $(OS_TEST)))
404 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
407 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
410 +# The default implementation strategy for FreeBSD is pthreads.
414 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
416 +DSO_LDOPTS += -pthread
423 +MKSHLIB = $(CC) $(DSO_LDOPTS)
425 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
427 +PROCESS_MAP_FILE = grep -v ';-' $< | \
428 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
430 +G++INCLUDES = -I/usr/include/c++
436 [FILE:1125:patches/patch-coreconf_FreeBSD.mk]
437 --- coreconf/FreeBSD.mk.orig 2019-10-02 20:51:28 UTC
438 +++ coreconf/FreeBSD.mk
441 include $(CORE_DEPTH)/coreconf/UNIX.mk
443 -DEFAULT_COMPILER = gcc
446 +DEFAULT_COMPILER = $(CC)
451 CPU_ARCH = $(OS_TEST)
452 @@ -20,6 +20,16 @@ endif
453 ifeq ($(CPU_ARCH),amd64)
456 +ifneq (,$(filter arm%, $(CPU_ARCH)))
459 +ifneq (,$(filter powerpc%, $(CPU_ARCH)))
463 +ifneq (,$(filter %64, $(OS_TEST)))
467 OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
469 @@ -46,7 +56,11 @@ else
473 -MKSHLIB = $(CC) $(DSO_LDOPTS)
474 +ifneq (,$(filter alpha ia64,$(OS_TEST)))
475 +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
477 +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
480 MKSHLIB += -Wl,--version-script,$(MAPFILE)
482 @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
484 G++INCLUDES = -I/usr/include/g++
486 -INCLUDES += -I/usr/X11R6/include
491 [FILE:1995:patches/patch-coreconf_SunOS5.mk]
492 --- coreconf/SunOS5.mk.orig 2019-10-02 20:51:28 UTC
493 +++ coreconf/SunOS5.mk
494 @@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
498 - ifeq ($(OS_TEST),i86pc)
499 + ifeq ($(OS_TEST),x86_64)
500 ARCHFLAG=-xarch=amd64
506 - ifneq ($(OS_TEST),i86pc)
507 + ifneq ($(OS_TEST),x86_64)
511 @@ -33,9 +33,9 @@ endif
512 DEFAULT_COMPILER = cc
517 OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
520 CCC += -Wall -Wno-format
521 ASFLAGS += -x assembler-with-cpp
522 OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
523 @@ -67,7 +67,7 @@ RANLIB = echo
525 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
527 -ifeq ($(OS_TEST),i86pc)
528 +ifeq ($(OS_TEST),x86_64)
532 @@ -109,15 +109,11 @@ endif
533 DSO_LDOPTS += -shared -h $(notdir $@)
536 - ifeq ($(OS_TEST),i86pc)
537 - DSO_LDOPTS +=-xarch=amd64
539 - DSO_LDOPTS +=-xarch=v9
543 DSO_LDOPTS += -G -h $(notdir $@)
545 -DSO_LDOPTS += -z combreloc -z defs -z ignore
546 +# DSO_LDOPTS += -Wl,-z,origin
548 # -KPIC generates position independent code for use in shared libraries.
549 # (Similarly for -fPIC in case of gcc.)
550 @@ -129,16 +125,4 @@ endif
552 NOSUCHFILE = /solaris-rm-f-sucks
554 -ifeq ($(BUILD_SUN_PKG), 1)
555 -# The -R '$ORIGIN' linker option instructs this library to search for its
556 -# dependencies in the same directory where it resides.
558 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
560 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
563 -RPATH = -R '$$ORIGIN'
566 -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
567 +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss
570 [FILE:286:patches/patch-coreconf_UNIX.mk]
571 --- coreconf/UNIX.mk.orig 2019-10-02 20:51:28 UTC
573 @@ -10,10 +10,8 @@ AR = ar cr $@
574 LDOPTS += -L$(SOURCE_LIB_DIR)
578 DEFINES += -UDEBUG -DNDEBUG
581 DEFINES += -DDEBUG -UNDEBUG
586 [FILE:611:patches/patch-coreconf_arch.mk]
587 --- coreconf/arch.mk.orig 2019-10-02 20:51:28 UTC
589 @@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
590 # Attempt to differentiate between sparc and x86 Solaris
593 -OS_TEST := $(shell uname -m)
594 +OS_TEST := $(shell uname -p)
595 ifeq ($(OS_TEST),i86pc)
596 OS_RELEASE := $(shell uname -r)_$(OS_TEST)
598 @@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
602 +ifeq ($(OS_ARCH),DragonFly)
603 +OS_RELEASE := @OS_RELEASE@
606 # Since all uses of OS_ARCH that follow affect only userland, we can
607 # merge other Glibc systems with Linux here.
608 ifeq ($(OS_ARCH),GNU)
611 [FILE:486:patches/patch-coreconf_command.mk]
612 --- coreconf/command.mk.orig 2019-10-02 20:51:28 UTC
613 +++ coreconf/command.mk
614 @@ -12,7 +12,7 @@ AS = $(CC)
616 CCF = $(CC) $(CFLAGS)
617 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
618 -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
619 +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
620 $(DEFINES) $(INCLUDES) $(XCFLAGS)
625 [FILE:465:patches/patch-coreconf_config.mk]
626 --- coreconf/config.mk.orig 2019-10-02 20:51:28 UTC
627 +++ coreconf/config.mk
628 @@ -31,7 +31,7 @@ endif
629 #######################################################################
631 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
632 - AIX RISCOS WINNT WIN95 Linux Android
633 + AIX RISCOS WINNT WIN95 Linux Android DragonFly
635 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
636 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
639 [FILE:248:patches/patch-coreconf_location.mk]
640 --- coreconf/location.mk.orig 2019-10-02 20:51:28 UTC
641 +++ coreconf/location.mk
642 @@ -40,7 +40,7 @@ ifdef NSPR_INCLUDE_DIR
646 - NSPR_LIB_DIR = $(DIST)/lib
647 + NSPR_LIB_DIR = $(PREFIX)/lib
650 ifdef NSS_INCLUDE_DIR
653 [FILE:308:patches/patch-coreconf_ruleset.mk]
654 --- coreconf/ruleset.mk.orig 2019-10-02 20:51:28 UTC
655 +++ coreconf/ruleset.mk
660 - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
661 + ifneq ($(DEFAULT_COMPILER), $(CC))
663 # Temporary define for the Client; to be removed when binary release is used
667 [FILE:720:patches/patch-lib_freebl_Makefile]
668 --- lib/freebl/Makefile.orig 2019-10-02 20:51:28 UTC
669 +++ lib/freebl/Makefile
670 @@ -215,7 +215,7 @@ ifeq ($(CPU_ARCH),x86)
674 -ifeq ($(OS_TARGET),Linux)
675 +ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
676 ifeq ($(CPU_ARCH),x86_64)
677 ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
678 ASFLAGS += -fPIC -Wa,--noexecstack
679 @@ -301,7 +301,7 @@ endif
680 # to bind the blapi function references in FREEBLVector vector
681 # (ldvector.c) to the blapi functions defined in the freebl
683 -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
684 +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
685 MKSHLIB += -Wl,-Bsymbolic
690 [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
691 --- lib/freebl/mpi/mpcpucache.c.orig 2019-10-02 20:51:28 UTC
692 +++ lib/freebl/mpi/mpcpucache.c
693 @@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize()
696 #if defined(__ppc64__)
698 +#if defined(__FreeBSD__)
699 +#include <sys/stddef.h>
700 +#include <sys/sysctl.h>
702 +#include <machine/cpu.h>
703 +#include <machine/md_var.h>
706 +s_mpi_getProcessorLineSize()
708 + static int cacheline_size = 0;
709 + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
712 + if (cacheline_size > 0)
713 + return cacheline_size;
715 + clen = sizeof(cacheline_size);
716 + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
717 + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
718 + return 128; /* guess */
720 + return cacheline_size;
724 * Sigh, The PPC has some really nice features to help us determine cache
725 * size, since it had lots of direct control functions to do so. The POWER
726 @@ -758,6 +784,7 @@ s_mpi_getProcessorLineSize()
732 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
736 [FILE:474:patches/patch-lib_freebl_verified_kremlib.h]
737 --- lib/freebl/verified/kremlib.h.orig 2019-10-02 20:51:28 UTC
738 +++ lib/freebl/verified/kremlib.h
739 @@ -184,7 +184,10 @@ typedef const char *Prims_string;
741 #if defined(__linux__) || defined(__CYGWIN__)
745 +#elif defined(__DragonFly__) || defined(__FreeBSD__) \
746 + || defined(__NetBSD__) || defined(__OpenBSD__)
747 +#include <sys/endian.h>
749 #elif defined(__APPLE__)
750 #include <libkern/OSByteOrder.h>
753 [FILE:600:patches/patch-lib_softoken_pkcs11.c]
754 --- lib/softoken/pkcs11.c.orig 2019-10-02 20:51:28 UTC
755 +++ lib/softoken/pkcs11.c
756 @@ -3201,8 +3201,8 @@ nsc_CommonInitialize(CK_VOID_PTR pReserv
758 int major = 0, minor = 0;
760 - long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
761 - if (rv > 0 && rv < sizeof(buf)) {
762 + long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
763 + if (sunrv > 0 && sunrv < sizeof(buf)) {
764 if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
765 /* Are we on Solaris 10 or greater ? */
766 if (major > 5 || (5 == major && minor >= 10)) {
769 [FILE:1023:patches/patch-lib_softoken_pkcs11c.c]
770 --- lib/softoken/pkcs11c.c.orig 2019-10-02 20:51:28 UTC
771 +++ lib/softoken/pkcs11c.c
772 @@ -5879,9 +5879,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
774 case NSSLOWKEYDSAKey:
776 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
779 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
782 @@ -5921,9 +5918,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
783 /* what about fortezza??? */
786 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
789 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
794 [FILE:3413:patches/patch-sysdb]
795 --- lib/softoken/legacydb/cdbhdl.h.orig 2019-10-02 20:51:28 UTC
796 +++ lib/softoken/legacydb/cdbhdl.h
801 -#include "mcom_db.h"
807 --- lib/softoken/legacydb/dbmshim.c.orig 2019-10-02 20:51:28 UTC
808 +++ lib/softoken/legacydb/dbmshim.c
811 * Berkeley DB 1.85 Shim code to handle blobs.
813 -#include "mcom_db.h"
819 --- lib/softoken/legacydb/keydb.c.orig 2019-10-02 20:51:28 UTC
820 +++ lib/softoken/legacydb/keydb.c
825 -#include "mcom_db.h"
829 --- lib/softoken/legacydb/keydbi.h.orig 2019-10-02 20:51:28 UTC
830 +++ lib/softoken/legacydb/keydbi.h
834 #include "seccomon.h"
835 -#include "mcom_db.h"
839 * Handle structure for open key databases
840 --- lib/softoken/legacydb/pcertdb.c.orig 2019-10-02 20:51:28 UTC
841 +++ lib/softoken/legacydb/pcertdb.c
844 #include "lowkeyti.h"
846 -#include "mcom_db.h"
852 --- lib/softoken/legacydb/pk11db.c.orig 2019-10-02 20:51:28 UTC
853 +++ lib/softoken/legacydb/pk11db.c
858 -#include "mcom_db.h"
862 #include "utilpars.h"
864 --- lib/ckfw/dbm/ckdbm.h.orig 2019-10-02 20:51:28 UTC
865 +++ lib/ckfw/dbm/ckdbm.h
870 -#include "mcom_db.h"
873 NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
875 --- lib/softoken/legacydb/config.mk.orig 2019-10-02 20:51:28 UTC
876 +++ lib/softoken/legacydb/config.mk
877 @@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freeb
881 - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
884 # can't do this in manifest.mn because OS_TARGET isn't defined there.
885 --- lib/certdb/xauthkid.c.orig 2019-10-02 20:51:28 UTC
886 +++ lib/certdb/xauthkid.c
891 -#include "prtypes.h"
892 +#include <prtypes.h>
893 #include "seccomon.h"
896 --- lib/certdb/xbsconst.c.orig 2019-10-02 20:51:28 UTC
897 +++ lib/certdb/xbsconst.c
899 * X.509 v3 Basic Constraints Extension
902 -#include "prtypes.h"
903 +#include <prtypes.h>
904 #include <limits.h> /* for LONG_MAX */
905 #include "seccomon.h"
907 --- lib/certdb/xconst.c.orig 2019-10-02 20:51:28 UTC
908 +++ lib/certdb/xconst.c
910 * X.509 Extension Encoding
913 -#include "prtypes.h"
914 +#include <prtypes.h>
915 #include "seccomon.h"
918 --- lib/manifest.mn.orig 2019-10-02 20:51:28 UTC
920 @@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY
928 ifndef NSS_BUILD_SOFTOKEN_ONLY
929 --- cmd/platlibs.mk.orig 2019-10-02 20:51:28 UTC
931 @@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG
932 ifdef NSS_DISABLE_DBM
935 -DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
939 ifeq ($(NSS_BUILD_UTIL_ONLY),1)
942 [FILE:6041:files/MAca-bundle.pl.in]
944 ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
946 ## Rewritten in September 2011 by Matthias Andree to heed untrust
949 ## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
950 ## All rights reserved.
952 ## Redistribution and use in source and binary forms, with or without
953 ## modification, are permitted provided that the following conditions are
956 ## * Redistributions of source code must retain the above copyright
957 ## notice, this list of conditions and the following disclaimer.
959 ## * Redistributions in binary form must reproduce the above copyright
960 ## notice, this list of conditions and the following disclaimer in the
961 ## documentation and/or other materials provided with the distribution.
963 ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
964 ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
965 ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
966 ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
967 ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
968 ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
969 ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
970 ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
971 ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
972 ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
973 ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
974 ## POSSIBILITY OF SUCH DAMAGE.
980 my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
985 ## ca-root-nss.crt -- Bundle of CA Root Certificates
987 ## This is a bundle of X.509 certificates of public Certificate
988 ## Authorities (CA). These were automatically extracted from Mozilla's
989 ## root CA list (the file `certdata.txt').
991 ## Extracted from nss-%%VERSION_NSS%%
997 if defined $ENV{'WITH_DEBUG'}
998 and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;
1003 sub printcert_plain($$)
1005 my ($label, $certdata) = @_;
1006 print "=== $label ===\n" if $label;
1008 "-----BEGIN CERTIFICATE-----\n",
1009 MIME::Base64::encode_base64($certdata),
1010 "-----END CERTIFICATE-----\n\n";
1013 sub printcert_info($$)
1015 my (undef, $certdata) = @_;
1016 return unless $certdata;
1017 open(OUT, "|openssl x509 -text -inform DER -fingerprint")
1018 || die "could not pipe to openssl x509";
1019 print OUT $certdata;
1020 close(OUT) or die "openssl x509 failed with exit code $?";
1025 printcert_info($a, $b);
1034 my (undef,@oct) = split /\\/;
1035 my @bin = map(chr(oct), @oct);
1036 $data .= join('', @bin);
1053 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1057 if (/^CKA_VALUE MULTILINE_OCTAL/) {
1058 $certdata = graboct();
1061 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1062 $serial = graboct();
1065 return ($serial, $cka_label, $certdata);
1078 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1082 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1083 $serial = graboct();
1086 if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
1088 if ($2 eq 'CKT_NSS_NOT_TRUSTED') {
1090 } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
1092 } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
1093 confess "Unknown trust setting on line $.:\n"
1095 . "Script must be updated:";
1100 if (!$maytrust && !$distrust && $debug) {
1101 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
1104 my $trust = ($maytrust and not $distrust);
1105 return ($serial, $cka_label, $trust);
1109 if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
1110 my ($serial, $label, $certdata) = grabcert();
1111 if (defined $certs{$label."\0".$serial}) {
1112 warn "Certificate $label duplicated!\n";
1114 $certs{$label."\0".$serial} = $certdata;
1115 } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
1116 my ($serial, $label, $trust) = grabtrust();
1117 if (defined $trusts{$label."\0".$serial}) {
1118 warn "Trust for $label duplicated!\n";
1120 $trusts{$label."\0".$serial} = $trust;
1121 } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1122 print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
1128 map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
1129 return wantarray ? @res : $res[0];
1132 # weed out untrusted certificates
1134 foreach my $it (keys %trusts) {
1135 if (!$trusts{$it}) {
1136 if (!exists($certs{$it})) {
1137 warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
1140 warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
1146 print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
1147 print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n";
1150 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
1151 if (!exists($trusts{$it})) {
1152 die "Found certificate without trust block,\naborting";
1154 printcert("", $certs{$it});
1157 print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
1160 if ($certcount < 25) {
1161 die "Certificate count of $certcount is implausibly low.\nAbort";
1164 print "## Number of certificates: $certcount\n";
1165 print STDERR "## Number of certificates: $certcount\n";
1166 print "## End of file.\n";
1169 [FILE:2352:files/nss-config.in]
1173 version=%%VERSION_NSS%%
1178 Usage: nss-config [OPTIONS] [LIBRARIES]
1181 [--exec-prefix[=DIR]]
1182 [--includedir[=DIR]]
1196 if test $# -eq 0; then
1205 while test $# -gt 0; do
1207 -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
1222 echo_exec_prefix=yes
1238 *.*.*) echo $version ;;
1239 *.*) echo $version.0 ;;
1240 *) echo $version.0.0 ;;
1268 # Set variables that may be dependent upon other variables
1269 if test -z "$exec_prefix"; then
1272 if test -z "$includedir"; then
1273 includedir=$prefix/include/nss
1275 if test -z "$libdir"; then
1276 libdir=$prefix/lib/nss
1279 if test "$echo_prefix" = "yes"; then
1283 if test "$echo_exec_prefix" = "yes"; then
1287 if test "$echo_includedir" = "yes"; then
1291 if test "$echo_libdir" = "yes"; then
1295 if test "$echo_cflags" = "yes"; then
1296 echo -I$includedir -I$includedir/nss
1299 if test "$echo_libs" = "yes"; then
1300 libdirs="-Wl,-R${libdir} -L$libdir"
1301 if test -n "$lib_ssl"; then
1302 libdirs="$libdirs -lssl3"
1304 if test -n "$lib_smime"; then
1305 libdirs="$libdirs -lsmime3"
1307 if test -n "$lib_nss"; then
1308 libdirs="$libdirs -lnss3"
1310 if test -n "$lib_nssutil"; then
1311 libdirs="$libdirs -lnssutil3"
1317 [FILE:315:files/nss.pc.in]
1319 exec_prefix=%%PREFIX%%
1320 libdir=%%PREFIX%%/lib/nss
1321 includedir=%%PREFIX%%/include
1324 Description: Mozilla Network Security Services
1325 Version: %%VERSION_NSS%%
1327 Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
1328 Cflags: -I${includedir}/nss -I${includedir}/nss/nss
1331 [FILE:948:files/pkg-message-caroot.in]
1332 ********************************* WARNING *********************************
1334 Ravenports do not, and can not warrant that the certification authorities
1335 whose certificates are included in this package have in any way been
1336 audited for trustworthiness or RFC 3647 compliance.
1338 Assessment and verification of trust is the complete responsibility of the
1339 system administrator.
1341 *********************************** NOTE **********************************
1343 This package installs symlinks to support root certificates discovery by
1344 default for software that uses OpenSSL.
1346 This enables SSL Certificate Verification by client software without manual
1349 If you prefer to do this manually, replace the following symlinks with
1350 either an empty file or your site-local certificate bundle.
1353 * %%PREFIX%%/etc/ssl/cert.pem
1354 * %%PREFIX%%/openssl/cert.pem
1356 ***************************************************************************