1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Application security development libraries
8 HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
12 SITES[main]= MOZILLA/security/nss/releases/NSS_3_40_RTM/src
13 DISTFILE[1]= nss-3.40.tar.gz:main
15 SPKGS[standard]= complete
19 OPTIONS_AVAILABLE= ETCSYMLINK
20 OPTIONS_STANDARD= ETCSYMLINK
21 OPT_ON[all]= ETCSYMLINK
23 BUILD_DEPENDS= libressl:single:static
24 BUILDRUN_DEPENDS= nspr:single:standard
26 USES= cpe gmake perl:build sqlite zlib
28 DISTNAME= nss-3.40/nss
31 LICENSE_FILE= MPL:{{WRKSRC}}/COPYING
34 CPE_PRODUCT= network_security_services
36 FPC_EQUIVALENT= security/nss
38 MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib"
39 SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
43 NSS_USE_SYSTEM_SQLITE=1
47 PLIST_SUB= CERTDIR=share/certs
52 SUB_LIST= VERSION_NSS=3.40
54 CFLAGS= -I{{LOCALBASE}}/include/nspr
55 LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss
56 VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1
57 MAKE_ENV=NO_MDUPDATE=1
58 VAR_ARCH[x86_64]= MAKE_ENV=USE_64=1
60 [ETCSYMLINK].DESCRIPTION= Add symlink to /etc/ssl/cert.pem
63 ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
64 ${WRKSRC}/lib/sysinit/nsssysinit.c
66 ${FIND} . -name "*.c" -o -name "*.h" | \
67 ${XARGS} ${GREP} -l -F '"nspr.h"' | \
68 ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
69 ${FIND} ${WRKSRC}/tests -name '*.sh' | \
70 ${XARGS} ${GREP} -l -F '/bin/bash' | \
71 ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
72 ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk
75 ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
76 < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt
79 @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
80 ${STAGEDIR}${PREFIX}/lib/nss \
81 ${STAGEDIR}${PREFIX}/share/certs \
82 ${STAGEDIR}${PREFIX}/etc/ssl \
83 ${STAGEDIR}${PREFIX}/openssl
84 ${FIND} ${WRKDIR}/nss-3.40/dist/public/nss -type l \
85 -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
86 ${INSTALL_LIB} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
87 ${STAGEDIR}${PREFIX}/lib/nss
88 ${INSTALL_DATA} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
89 ${STAGEDIR}${PREFIX}/lib/nss
90 .for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
91 ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
92 ${STAGEDIR}${PREFIX}/bin
94 ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
95 ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
97 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
98 ${STAGEDIR}${PREFIX}/share/certs
99 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
100 ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
101 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
102 ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
104 post-install-ETCSYMLINK-ON:
105 @${MKDIR} ${STAGEDIR}/etc/ssl
106 ${LN} -sf ${PREFIX}/share/certs/ca-root-nss.crt \
107 ${STAGEDIR}/etc/ssl/cert.pem
109 [FILE:301:descriptions/desc.primary]
110 Network Security Services (NSS) is a set of libraries designed to support
111 cross-platform development of security-enabled server applications.
112 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
113 PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
117 [FILE:120:descriptions/desc.caroot]
118 Root certificates from certificate authorities included in the Mozilla
119 NSS library and thus in Firefox and Thunderbird.
123 0562087b8bda072bf5964f8acf851f9c0997a59c384f4887cb517b3b628b32dd 23308315 nss-3.40.tar.gz
126 [FILE:1514:manifests/plist.primary]
127 %%ONLY-LINUX%%lib/nss/libnsssysinit.so
268 [FILE:127:manifests/plist.caroot]
269 @sample etc/ssl/cert.pem.sample
270 @sample openssl/cert.pem.sample
271 %%CERTDIR%%/ca-root-nss.crt
272 %%ETCSYMLINK-ON%%/etc/ssl/cert.pem
275 [FILE:449:patches/patch-bug301986]
276 --- lib/util/nssilckt.h.orig 2018-01-18 14:19:59 UTC
277 +++ lib/util/nssilckt.h
278 @@ -163,7 +163,7 @@ typedef enum {
279 ** Declare the trace record
282 - PRUint32 threadID; /* PR_GetThreadID() */
283 + pthread_t threadID; /* PR_GetThreadID() */
284 nssILockOp op; /* operation being performed */
285 nssILockType ltype; /* lock type identifier */
286 PRIntervalTime callTime; /* time spent in function */
289 [FILE:2109:patches/patch-const]
290 --- cmd/modutil/modutil.h.orig 2018-01-18 14:19:59 UTC
291 +++ cmd/modutil/modutil.h
295 Error LoadMechanismList(void);
296 -Error FipsMode(char *arg);
297 -Error ChkFipsMode(char *arg);
298 +Error FipsMode(const char *arg);
299 +Error ChkFipsMode(const char *arg);
300 Error AddModule(char *moduleName, char *libFile, char *ciphers,
301 char *mechanisms, char *modparms);
302 Error DeleteModule(char *moduleName);
303 --- cmd/modutil/pk11.c.orig 2018-01-18 14:19:59 UTC
304 +++ cmd/modutil/pk11.c
306 * disable FIPS mode on the internal module.
310 +FipsMode(const char *arg)
314 @@ -25,16 +25,18 @@ FipsMode(char *arg)
315 internal_name = PR_smprintf("%s",
316 SECMOD_GetInternalModule()->commonName);
317 if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
318 - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
319 + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
320 PR_smprintf_free(internal_name);
321 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
322 return FIPS_SWITCH_FAILED_ERR;
324 - PR_smprintf_free(internal_name);
325 if (!PK11_IsFIPS()) {
326 + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
327 + PR_smprintf_free(internal_name);
328 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
329 return FIPS_SWITCH_FAILED_ERR;
331 + PR_smprintf_free(internal_name);
332 PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
334 PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
335 @@ -75,7 +77,7 @@ FipsMode(char *arg)
336 * If arg=="false", verify FIPS mode is disabled on the internal module.
339 -ChkFipsMode(char *arg)
340 +ChkFipsMode(const char *arg)
342 if (!PORT_Strcasecmp(arg, "true")) {
346 [FILE:1383:patches/patch-coreconf_Darwin.mk]
347 --- coreconf/Darwin.mk.orig 2018-06-21 09:24:45 UTC
348 +++ coreconf/Darwin.mk
349 @@ -7,8 +7,8 @@ CC ?= gcc
353 +NSS_ENABLE_WERROR = 0
354 include $(CORE_DEPTH)/coreconf/UNIX.mk
355 -include $(CORE_DEPTH)/coreconf/Werror.mk
357 DEFAULT_COMPILER = gcc
359 @@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
363 -# The system sqlite library in the latest version of Mac OS X often becomes
364 -# newer than the sqlite library in NSS. This may result in certain Mac OS X
365 -# system libraries having unresolved sqlite symbols during the shlibsign step
366 -# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
367 -# the NSS libsqlite3.dylib is used instead of the system one. So just use the
368 -# system sqlite library on Mac, if it's sufficiently new.
370 -SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
371 -SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
372 -SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
374 -ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
375 - ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
376 - # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
378 - NSS_USE_SYSTEM_SQLITE = 1
381 +NSS_USE_SYSTEM_SQLITE = 1
384 [FILE:1313:patches/patch-coreconf_DragonFly.mk]
385 --- /dev/null 2018-01-19 14:58:14 UTC
386 +++ coreconf/DragonFly.mk
389 +# This Source Code Form is subject to the terms of the Mozilla Public
390 +# License, v. 2.0. If a copy of the MPL was not distributed with this
391 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
393 +include $(CORE_DEPTH)/coreconf/UNIX.mk
395 +DEFAULT_COMPILER = gcc
400 +CPU_ARCH = $(OS_TEST)
401 +ifeq ($(CPU_ARCH),i386)
404 +ifeq ($(CPU_ARCH),amd64)
408 +ifneq (,$(filter %64, $(OS_TEST)))
412 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
415 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
418 +# The default implementation strategy for FreeBSD is pthreads.
422 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
424 +DSO_LDOPTS += -pthread
431 +MKSHLIB = $(CC) $(DSO_LDOPTS)
433 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
435 +PROCESS_MAP_FILE = grep -v ';-' $< | \
436 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
438 +G++INCLUDES = -I/usr/include/c++
444 [FILE:1125:patches/patch-coreconf_FreeBSD.mk]
445 --- coreconf/FreeBSD.mk.orig 2018-01-18 14:19:59 UTC
446 +++ coreconf/FreeBSD.mk
449 include $(CORE_DEPTH)/coreconf/UNIX.mk
451 -DEFAULT_COMPILER = gcc
454 +DEFAULT_COMPILER = $(CC)
459 CPU_ARCH = $(OS_TEST)
460 @@ -20,6 +20,16 @@ endif
461 ifeq ($(CPU_ARCH),amd64)
464 +ifneq (,$(filter arm%, $(CPU_ARCH)))
467 +ifneq (,$(filter powerpc%, $(CPU_ARCH)))
471 +ifneq (,$(filter %64, $(OS_TEST)))
475 OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
477 @@ -46,7 +56,11 @@ else
481 -MKSHLIB = $(CC) $(DSO_LDOPTS)
482 +ifneq (,$(filter alpha ia64,$(OS_TEST)))
483 +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
485 +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
488 MKSHLIB += -Wl,--version-script,$(MAPFILE)
490 @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
492 G++INCLUDES = -I/usr/include/g++
494 -INCLUDES += -I/usr/X11R6/include
499 [FILE:1995:patches/patch-coreconf_SunOS5.mk]
500 --- coreconf/SunOS5.mk.orig 2018-01-18 14:19:59 UTC
501 +++ coreconf/SunOS5.mk
502 @@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
506 - ifeq ($(OS_TEST),i86pc)
507 + ifeq ($(OS_TEST),x86_64)
508 ARCHFLAG=-xarch=amd64
514 - ifneq ($(OS_TEST),i86pc)
515 + ifneq ($(OS_TEST),x86_64)
519 @@ -33,9 +33,9 @@ endif
520 DEFAULT_COMPILER = cc
525 OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
528 CCC += -Wall -Wno-format
529 ASFLAGS += -x assembler-with-cpp
530 OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
531 @@ -67,7 +67,7 @@ RANLIB = echo
533 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
535 -ifeq ($(OS_TEST),i86pc)
536 +ifeq ($(OS_TEST),x86_64)
540 @@ -109,15 +109,11 @@ endif
541 DSO_LDOPTS += -shared -h $(notdir $@)
544 - ifeq ($(OS_TEST),i86pc)
545 - DSO_LDOPTS +=-xarch=amd64
547 - DSO_LDOPTS +=-xarch=v9
551 DSO_LDOPTS += -G -h $(notdir $@)
553 -DSO_LDOPTS += -z combreloc -z defs -z ignore
554 +# DSO_LDOPTS += -Wl,-z,origin
556 # -KPIC generates position independent code for use in shared libraries.
557 # (Similarly for -fPIC in case of gcc.)
558 @@ -129,16 +125,4 @@ endif
560 NOSUCHFILE = /solaris-rm-f-sucks
562 -ifeq ($(BUILD_SUN_PKG), 1)
563 -# The -R '$ORIGIN' linker option instructs this library to search for its
564 -# dependencies in the same directory where it resides.
566 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
568 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
571 -RPATH = -R '$$ORIGIN'
574 -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
575 +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss
578 [FILE:370:patches/patch-coreconf_UNIX.mk]
579 --- coreconf/UNIX.mk.orig 2018-01-18 14:19:59 UTC
581 @@ -10,10 +10,8 @@ AR = ar cr $@
582 LDOPTS += -L$(SOURCE_LIB_DIR)
586 DEFINES += -UDEBUG -DNDEBUG
589 USERNAME := $(shell whoami)
590 USERNAME := $(subst -,_,$(USERNAME))
591 DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
594 [FILE:611:patches/patch-coreconf_arch.mk]
595 --- coreconf/arch.mk.orig 2018-01-18 14:19:59 UTC
597 @@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
598 # Attempt to differentiate between sparc and x86 Solaris
601 -OS_TEST := $(shell uname -m)
602 +OS_TEST := $(shell uname -p)
603 ifeq ($(OS_TEST),i86pc)
604 OS_RELEASE := $(shell uname -r)_$(OS_TEST)
606 @@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
610 +ifeq ($(OS_ARCH),DragonFly)
611 +OS_RELEASE := @OS_RELEASE@
614 # Since all uses of OS_ARCH that follow affect only userland, we can
615 # merge other Glibc systems with Linux here.
616 ifeq ($(OS_ARCH),GNU)
619 [FILE:486:patches/patch-coreconf_command.mk]
620 --- coreconf/command.mk.orig 2018-01-18 14:19:59 UTC
621 +++ coreconf/command.mk
622 @@ -12,7 +12,7 @@ AS = $(CC)
624 CCF = $(CC) $(CFLAGS)
625 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
626 -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
627 +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
628 $(DEFINES) $(INCLUDES) $(XCFLAGS)
633 [FILE:465:patches/patch-coreconf_config.mk]
634 --- coreconf/config.mk.orig 2018-01-18 14:19:59 UTC
635 +++ coreconf/config.mk
636 @@ -31,7 +31,7 @@ endif
637 #######################################################################
639 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
640 - AIX RISCOS WINNT WIN95 Linux Android
641 + AIX RISCOS WINNT WIN95 Linux Android DragonFly
643 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
644 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
647 [FILE:248:patches/patch-coreconf_location.mk]
648 --- coreconf/location.mk.orig 2018-01-18 14:19:59 UTC
649 +++ coreconf/location.mk
650 @@ -40,7 +40,7 @@ ifdef NSPR_INCLUDE_DIR
654 - NSPR_LIB_DIR = $(DIST)/lib
655 + NSPR_LIB_DIR = $(PREFIX)/lib
658 ifdef NSS_INCLUDE_DIR
661 [FILE:308:patches/patch-coreconf_ruleset.mk]
662 --- coreconf/ruleset.mk.orig 2018-01-18 14:19:59 UTC
663 +++ coreconf/ruleset.mk
668 - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
669 + ifneq ($(DEFAULT_COMPILER), $(CC))
671 # Temporary define for the Client; to be removed when binary release is used
675 [FILE:720:patches/patch-lib_freebl_Makefile]
676 --- lib/freebl/Makefile.orig 2018-01-18 14:19:59 UTC
677 +++ lib/freebl/Makefile
678 @@ -215,7 +215,7 @@ ifeq ($(CPU_ARCH),x86)
682 -ifeq ($(OS_TARGET),Linux)
683 +ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
684 ifeq ($(CPU_ARCH),x86_64)
685 ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
686 ASFLAGS += -fPIC -Wa,--noexecstack
687 @@ -298,7 +298,7 @@ endif
688 # to bind the blapi function references in FREEBLVector vector
689 # (ldvector.c) to the blapi functions defined in the freebl
691 -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
692 +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
693 MKSHLIB += -Wl,-Bsymbolic
698 [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
699 --- lib/freebl/mpi/mpcpucache.c.orig 2018-01-18 14:19:59 UTC
700 +++ lib/freebl/mpi/mpcpucache.c
701 @@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize()
704 #if defined(__ppc64__)
706 +#if defined(__FreeBSD__)
707 +#include <sys/stddef.h>
708 +#include <sys/sysctl.h>
710 +#include <machine/cpu.h>
711 +#include <machine/md_var.h>
714 +s_mpi_getProcessorLineSize()
716 + static int cacheline_size = 0;
717 + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
720 + if (cacheline_size > 0)
721 + return cacheline_size;
723 + clen = sizeof(cacheline_size);
724 + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
725 + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
726 + return 128; /* guess */
728 + return cacheline_size;
732 * Sigh, The PPC has some really nice features to help us determine cache
733 * size, since it had lots of direct control functions to do so. The POWER
734 @@ -758,6 +784,7 @@ s_mpi_getProcessorLineSize()
740 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
744 [FILE:474:patches/patch-lib_freebl_verified_kremlib.h]
745 --- lib/freebl/verified/kremlib.h.orig 2018-01-18 14:19:59 UTC
746 +++ lib/freebl/verified/kremlib.h
747 @@ -184,7 +184,10 @@ typedef const char *Prims_string;
749 #if defined(__linux__) || defined(__CYGWIN__)
753 +#elif defined(__DragonFly__) || defined(__FreeBSD__) \
754 + || defined(__NetBSD__) || defined(__OpenBSD__)
755 +#include <sys/endian.h>
757 #elif defined(__APPLE__)
758 #include <libkern/OSByteOrder.h>
761 [FILE:600:patches/patch-lib_softoken_pkcs11.c]
762 --- lib/softoken/pkcs11.c.orig 2018-05-04 16:40:51 UTC
763 +++ lib/softoken/pkcs11.c
764 @@ -3077,8 +3077,8 @@ nsc_CommonInitialize(CK_VOID_PTR pReserv
766 int major = 0, minor = 0;
768 - long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
769 - if (rv > 0 && rv < sizeof(buf)) {
770 + long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
771 + if (sunrv > 0 && sunrv < sizeof(buf)) {
772 if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
773 /* Are we on Solaris 10 or greater ? */
774 if (major > 5 || (5 == major && minor >= 10)) {
777 [FILE:1023:patches/patch-lib_softoken_pkcs11c.c]
778 --- lib/softoken/pkcs11c.c.orig 2018-01-18 14:19:59 UTC
779 +++ lib/softoken/pkcs11c.c
780 @@ -5727,9 +5727,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
782 case NSSLOWKEYDSAKey:
784 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
787 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
790 @@ -5769,9 +5766,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
791 /* what about fortezza??? */
794 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
797 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
802 [FILE:3413:patches/patch-sysdb]
803 --- lib/softoken/legacydb/cdbhdl.h.orig 2018-01-18 14:19:59 UTC
804 +++ lib/softoken/legacydb/cdbhdl.h
809 -#include "mcom_db.h"
815 --- lib/softoken/legacydb/dbmshim.c.orig 2018-01-18 14:19:59 UTC
816 +++ lib/softoken/legacydb/dbmshim.c
819 * Berkeley DB 1.85 Shim code to handle blobs.
821 -#include "mcom_db.h"
827 --- lib/softoken/legacydb/keydb.c.orig 2018-01-18 14:19:59 UTC
828 +++ lib/softoken/legacydb/keydb.c
833 -#include "mcom_db.h"
837 --- lib/softoken/legacydb/keydbi.h.orig 2018-01-18 14:19:59 UTC
838 +++ lib/softoken/legacydb/keydbi.h
842 #include "seccomon.h"
843 -#include "mcom_db.h"
847 * Handle structure for open key databases
848 --- lib/softoken/legacydb/pcertdb.c.orig 2018-01-18 14:19:59 UTC
849 +++ lib/softoken/legacydb/pcertdb.c
852 #include "lowkeyti.h"
854 -#include "mcom_db.h"
860 --- lib/softoken/legacydb/pk11db.c.orig 2018-01-18 14:19:59 UTC
861 +++ lib/softoken/legacydb/pk11db.c
866 -#include "mcom_db.h"
870 #include "utilpars.h"
872 --- lib/ckfw/dbm/ckdbm.h.orig 2018-01-18 14:19:59 UTC
873 +++ lib/ckfw/dbm/ckdbm.h
878 -#include "mcom_db.h"
881 NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
883 --- lib/softoken/legacydb/config.mk.orig 2018-01-18 14:19:59 UTC
884 +++ lib/softoken/legacydb/config.mk
885 @@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freeb
889 - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
892 # can't do this in manifest.mn because OS_TARGET isn't defined there.
893 --- lib/certdb/xauthkid.c.orig 2018-01-18 14:19:59 UTC
894 +++ lib/certdb/xauthkid.c
899 -#include "prtypes.h"
900 +#include <prtypes.h>
901 #include "seccomon.h"
904 --- lib/certdb/xbsconst.c.orig 2018-01-18 14:19:59 UTC
905 +++ lib/certdb/xbsconst.c
907 * X.509 v3 Basic Constraints Extension
910 -#include "prtypes.h"
911 +#include <prtypes.h>
912 #include <limits.h> /* for LONG_MAX */
913 #include "seccomon.h"
915 --- lib/certdb/xconst.c.orig 2018-01-18 14:19:59 UTC
916 +++ lib/certdb/xconst.c
918 * X.509 Extension Encoding
921 -#include "prtypes.h"
922 +#include <prtypes.h>
923 #include "seccomon.h"
926 --- lib/manifest.mn.orig 2018-01-18 14:19:59 UTC
928 @@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY
936 ifndef NSS_BUILD_SOFTOKEN_ONLY
937 --- cmd/platlibs.mk.orig 2018-01-18 14:19:59 UTC
939 @@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG
940 ifdef NSS_DISABLE_DBM
943 -DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
947 ifeq ($(NSS_BUILD_UTIL_ONLY),1)
950 [FILE:6041:files/MAca-bundle.pl.in]
952 ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
954 ## Rewritten in September 2011 by Matthias Andree to heed untrust
957 ## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
958 ## All rights reserved.
960 ## Redistribution and use in source and binary forms, with or without
961 ## modification, are permitted provided that the following conditions are
964 ## * Redistributions of source code must retain the above copyright
965 ## notice, this list of conditions and the following disclaimer.
967 ## * Redistributions in binary form must reproduce the above copyright
968 ## notice, this list of conditions and the following disclaimer in the
969 ## documentation and/or other materials provided with the distribution.
971 ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
972 ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
973 ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
974 ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
975 ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
976 ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
977 ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
978 ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
979 ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
980 ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
981 ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
982 ## POSSIBILITY OF SUCH DAMAGE.
988 my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
993 ## ca-root-nss.crt -- Bundle of CA Root Certificates
995 ## This is a bundle of X.509 certificates of public Certificate
996 ## Authorities (CA). These were automatically extracted from Mozilla's
997 ## root CA list (the file `certdata.txt').
999 ## Extracted from nss-%%VERSION_NSS%%
1005 if defined $ENV{'WITH_DEBUG'}
1006 and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;
1011 sub printcert_plain($$)
1013 my ($label, $certdata) = @_;
1014 print "=== $label ===\n" if $label;
1016 "-----BEGIN CERTIFICATE-----\n",
1017 MIME::Base64::encode_base64($certdata),
1018 "-----END CERTIFICATE-----\n\n";
1021 sub printcert_info($$)
1023 my (undef, $certdata) = @_;
1024 return unless $certdata;
1025 open(OUT, "|openssl x509 -text -inform DER -fingerprint")
1026 || die "could not pipe to openssl x509";
1027 print OUT $certdata;
1028 close(OUT) or die "openssl x509 failed with exit code $?";
1033 printcert_info($a, $b);
1042 my (undef,@oct) = split /\\/;
1043 my @bin = map(chr(oct), @oct);
1044 $data .= join('', @bin);
1061 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1065 if (/^CKA_VALUE MULTILINE_OCTAL/) {
1066 $certdata = graboct();
1069 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1070 $serial = graboct();
1073 return ($serial, $cka_label, $certdata);
1086 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1090 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1091 $serial = graboct();
1094 if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
1096 if ($2 eq 'CKT_NSS_NOT_TRUSTED') {
1098 } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
1100 } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
1101 confess "Unknown trust setting on line $.:\n"
1103 . "Script must be updated:";
1108 if (!$maytrust && !$distrust && $debug) {
1109 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
1112 my $trust = ($maytrust and not $distrust);
1113 return ($serial, $cka_label, $trust);
1117 if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
1118 my ($serial, $label, $certdata) = grabcert();
1119 if (defined $certs{$label."\0".$serial}) {
1120 warn "Certificate $label duplicated!\n";
1122 $certs{$label."\0".$serial} = $certdata;
1123 } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
1124 my ($serial, $label, $trust) = grabtrust();
1125 if (defined $trusts{$label."\0".$serial}) {
1126 warn "Trust for $label duplicated!\n";
1128 $trusts{$label."\0".$serial} = $trust;
1129 } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1130 print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
1136 map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
1137 return wantarray ? @res : $res[0];
1140 # weed out untrusted certificates
1142 foreach my $it (keys %trusts) {
1143 if (!$trusts{$it}) {
1144 if (!exists($certs{$it})) {
1145 warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
1148 warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
1154 print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
1155 print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n";
1158 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
1159 if (!exists($trusts{$it})) {
1160 die "Found certificate without trust block,\naborting";
1162 printcert("", $certs{$it});
1165 print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
1168 if ($certcount < 25) {
1169 die "Certificate count of $certcount is implausibly low.\nAbort";
1172 print "## Number of certificates: $certcount\n";
1173 print STDERR "## Number of certificates: $certcount\n";
1174 print "## End of file.\n";
1177 [FILE:2352:files/nss-config.in]
1181 version=%%VERSION_NSS%%
1186 Usage: nss-config [OPTIONS] [LIBRARIES]
1189 [--exec-prefix[=DIR]]
1190 [--includedir[=DIR]]
1204 if test $# -eq 0; then
1213 while test $# -gt 0; do
1215 -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
1230 echo_exec_prefix=yes
1246 *.*.*) echo $version ;;
1247 *.*) echo $version.0 ;;
1248 *) echo $version.0.0 ;;
1276 # Set variables that may be dependent upon other variables
1277 if test -z "$exec_prefix"; then
1280 if test -z "$includedir"; then
1281 includedir=$prefix/include/nss
1283 if test -z "$libdir"; then
1284 libdir=$prefix/lib/nss
1287 if test "$echo_prefix" = "yes"; then
1291 if test "$echo_exec_prefix" = "yes"; then
1295 if test "$echo_includedir" = "yes"; then
1299 if test "$echo_libdir" = "yes"; then
1303 if test "$echo_cflags" = "yes"; then
1304 echo -I$includedir -I$includedir/nss
1307 if test "$echo_libs" = "yes"; then
1308 libdirs="-Wl,-R${libdir} -L$libdir"
1309 if test -n "$lib_ssl"; then
1310 libdirs="$libdirs -lssl3"
1312 if test -n "$lib_smime"; then
1313 libdirs="$libdirs -lsmime3"
1315 if test -n "$lib_nss"; then
1316 libdirs="$libdirs -lnss3"
1318 if test -n "$lib_nssutil"; then
1319 libdirs="$libdirs -lnssutil3"
1325 [FILE:315:files/nss.pc.in]
1327 exec_prefix=%%PREFIX%%
1328 libdir=%%PREFIX%%/lib/nss
1329 includedir=%%PREFIX%%/include
1332 Description: Mozilla Network Security Services
1333 Version: %%VERSION_NSS%%
1335 Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
1336 Cflags: -I${includedir}/nss -I${includedir}/nss/nss
1339 [FILE:948:files/pkg-message-caroot.in]
1340 ********************************* WARNING *********************************
1342 Ravenports do not, and can not warrant that the certification authorities
1343 whose certificates are included in this package have in any way been
1344 audited for trustworthiness or RFC 3647 compliance.
1346 Assessment and verification of trust is the complete responsibility of the
1347 system administrator.
1349 *********************************** NOTE **********************************
1351 This package installs symlinks to support root certificates discovery by
1352 default for software that uses OpenSSL.
1354 This enables SSL Certificate Verification by client software without manual
1357 If you prefer to do this manually, replace the following symlinks with
1358 either an empty file or your site-local certificate bundle.
1361 * %%PREFIX%%/etc/ssl/cert.pem
1362 * %%PREFIX%%/openssl/cert.pem
1364 ***************************************************************************