Ravenports generated: 30 Oct 2018 13:16

[ravenports.git] / bucket_95 / nss

# Buildsheet autogenerated by ravenadm tool -- Do not edit.

NAMEBASE=               nss
VERSION=                3.40
KEYWORDS=               security
VARIANTS=               standard
SDESC[standard]=        Application security development libraries
HOMEPAGE=               http://www.mozilla.org/projects/security/pki/nss/
CONTACT=                nobody

DOWNLOAD_GROUPS=        main
SITES[main]=            MOZILLA/security/nss/releases/NSS_3_40_RTM/src
DISTFILE[1]=            nss-3.40.tar.gz:main
DF_INDEX=               1
SPKGS[standard]=        complete
                        primary
                        caroot

OPTIONS_AVAILABLE=      ETCSYMLINK
OPTIONS_STANDARD=       ETCSYMLINK
OPT_ON[all]=            ETCSYMLINK

BUILD_DEPENDS=          libressl:single:static
BUILDRUN_DEPENDS=       nspr:single:standard

USES=                   cpe gmake perl:build sqlite zlib

DISTNAME=               nss-3.40/nss

LICENSE=                MPL:primary
LICENSE_FILE=           MPL:{{WRKSRC}}/COPYING
LICENSE_SCHEME=         solo

CPE_PRODUCT=            network_security_services
CPE_VENDOR=             mozilla
FPC_EQUIVALENT=         security/nss

MAKE_ENV=               LIBRARY_PATH="{{LOCALBASE}}/lib"
                        SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
                        FREEBL_LOWHASH=1
                        NSS_DISABLE_GTESTS=1
                        NSS_DISABLE_DBM=1
                        NSS_USE_SYSTEM_SQLITE=1
                        BUILD_OPT=1
SINGLE_JOB=             yes

PLIST_SUB=              CERTDIR=share/certs
SUB_FILES=              nss-config
                        nss.pc
                        pkg-message-caroot
                        MAca-bundle.pl
SUB_LIST=               VERSION_NSS=3.40

CFLAGS=                 -I{{LOCALBASE}}/include/nspr
LDFLAGS=                -Wl,-rpath,{{PREFIX}}/lib/nss
VAR_OPSYS[sunos]=       MAKE_ENV=NS_USE_GCC=1
                        MAKE_ENV=NO_MDUPDATE=1
VAR_ARCH[x86_64]=       MAKE_ENV=USE_64=1

[ETCSYMLINK].DESCRIPTION=               Add symlink to /etc/ssl/cert.pem

post-patch:
        ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
                ${WRKSRC}/lib/sysinit/nsssysinit.c
        (cd ${WRKSRC} && \
                ${FIND} . -name "*.c" -o -name "*.h" | \
                ${XARGS} ${GREP} -l -F '"nspr.h"' | \
                ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
        ${FIND} ${WRKSRC}/tests -name '*.sh' | \
                ${XARGS} ${GREP} -l -F '/bin/bash' | \
                ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
        ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk

post-build:
        ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
                < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt

do-install:
        @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
                ${STAGEDIR}${PREFIX}/lib/nss \
                ${STAGEDIR}${PREFIX}/share/certs \
                ${STAGEDIR}${PREFIX}/etc/ssl \
                ${STAGEDIR}${PREFIX}/openssl
        ${FIND} ${WRKDIR}/nss-3.40/dist/public/nss -type l \
                -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
        ${INSTALL_LIB} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
                ${STAGEDIR}${PREFIX}/lib/nss
        ${INSTALL_DATA} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
                ${STAGEDIR}${PREFIX}/lib/nss
.for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
        ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.40/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
                ${STAGEDIR}${PREFIX}/bin
.endfor
        ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
        ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
        # CA ROOT CERT
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
                ${STAGEDIR}${PREFIX}/share/certs
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
                ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
                ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample

post-install-ETCSYMLINK-ON:
        @${MKDIR} ${STAGEDIR}/etc/ssl
        ${LN} -sf ${PREFIX}/share/certs/ca-root-nss.crt \
                ${STAGEDIR}/etc/ssl/cert.pem

[FILE:301:descriptions/desc.primary]
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.


[FILE:120:descriptions/desc.caroot]
Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.


[FILE:94:distinfo]
0562087b8bda072bf5964f8acf851f9c0997a59c384f4887cb517b3b628b32dd     23308315 nss-3.40.tar.gz


[FILE:1514:manifests/plist.primary]
%%ONLY-LINUX%%lib/nss/libnsssysinit.so
bin/
 certutil
 cmsutil
 crlutil
 derdump
 makepqg
 mangle
 modutil
 nss-config
 ocspclnt
 oidcalc
 p7content
 p7env
 p7sign
 p7verify
 pk12util
 rsaperf
 shlibsign
 signtool
 signver
 ssltap
 strsclnt
 symkeyutil
 vfychain
 vfyserv
include/nss/nss/
 base64.h
 blapit.h
 cert.h
 certdb.h
 certt.h
 ciferfam.h
 cmmf.h
 cmmft.h
 cms.h
 cmsreclist.h
 cmst.h
 crmf.h
 crmft.h
 cryptohi.h
 cryptoht.h
 eccutil.h
 ecl-exp.h
 hasht.h
 jar-ds.h
 jar.h
 jarfile.h
 key.h
 keyhi.h
 keyt.h
 keythi.h
 lowkeyi.h
 lowkeyti.h
 nss.h
 nssb64.h
 nssb64t.h
 nssbase.h
 nssbaset.h
 nssck.api
 nssckbi.h
 nssckepv.h
 nssckft.h
 nssckfw.h
 nssckfwc.h
 nssckfwt.h
 nssckg.h
 nssckmdt.h
 nssckt.h
 nssilckt.h
 nssilock.h
 nsslocks.h
 nsslowhash.h
 nssrwlk.h
 nssrwlkt.h
 nssutil.h
 ocsp.h
 ocspt.h
 p12.h
 p12plcy.h
 p12t.h
 pk11func.h
 pk11pqg.h
 pk11priv.h
 pk11pub.h
 pk11sdr.h
 pkcs11.h
 pkcs11f.h
 pkcs11n.h
 pkcs11p.h
 pkcs11t.h
 pkcs11u.h
 pkcs11uri.h
 pkcs12.h
 pkcs12t.h
 pkcs1sig.h
 pkcs7t.h
 portreg.h
 preenc.h
 secasn1.h
 secasn1t.h
 seccomon.h
 secder.h
 secdert.h
 secdig.h
 secdigt.h
 secerr.h
 sechash.h
 secitem.h
 secmime.h
 secmod.h
 secmodt.h
 secoid.h
 secoidt.h
 secpkcs5.h
 secpkcs7.h
 secport.h
 shsign.h
 smime.h
 ssl.h
 sslerr.h
 sslexp.h
 sslproto.h
 sslt.h
 utilmodt.h
 utilpars.h
 utilparst.h
 utilrename.h
lib/nss/
 libcrmf.a
 libfreebl3.so
 libfreeblpriv3.so
 libnss3.so
 libnssckbi.so
 libnssutil3.so
 libsmime3.so
 libsoftokn3.so
 libssl3.so
lib/pkgconfig/nss.pc


[FILE:127:manifests/plist.caroot]
@sample etc/ssl/cert.pem.sample
@sample openssl/cert.pem.sample
%%CERTDIR%%/ca-root-nss.crt
%%ETCSYMLINK-ON%%/etc/ssl/cert.pem


[FILE:449:patches/patch-bug301986]
--- lib/util/nssilckt.h.orig    2018-01-18 14:19:59 UTC
+++ lib/util/nssilckt.h
@@ -163,7 +163,7 @@ typedef enum {
 ** Declare the trace record
 */
 struct pzTrace_s {
-    PRUint32 threadID;       /* PR_GetThreadID() */
+    pthread_t threadID;      /* PR_GetThreadID() */
     nssILockOp op;           /* operation being performed */
     nssILockType ltype;      /* lock type identifier */
     PRIntervalTime callTime; /* time spent in function */


[FILE:2109:patches/patch-const]
--- cmd/modutil/modutil.h.orig  2018-01-18 14:19:59 UTC
+++ cmd/modutil/modutil.h
@@ -22,8 +22,8 @@
 #include "error.h"
 
 Error LoadMechanismList(void);
-Error FipsMode(char *arg);
-Error ChkFipsMode(char *arg);
+Error FipsMode(const char *arg);
+Error ChkFipsMode(const char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
                 char *mechanisms, char *modparms);
 Error DeleteModule(char *moduleName);
--- cmd/modutil/pk11.c.orig     2018-01-18 14:19:59 UTC
+++ cmd/modutil/pk11.c
@@ -16,7 +16,7 @@
  * disable FIPS mode on the internal module.
  */
 Error
-FipsMode(char *arg)
+FipsMode(const char *arg)
 {
     char *internal_name;
 
@@ -25,16 +25,18 @@ FipsMode(char *arg)
             internal_name = PR_smprintf("%s",
                                         SECMOD_GetInternalModule()->commonName);
             if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
-                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+                PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
                 PR_smprintf_free(internal_name);
                 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                 return FIPS_SWITCH_FAILED_ERR;
             }
-            PR_smprintf_free(internal_name);
             if (!PK11_IsFIPS()) {
+                PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
+                PR_smprintf_free(internal_name);
                 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                 return FIPS_SWITCH_FAILED_ERR;
             }
+            PR_smprintf_free(internal_name);
             PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
         } else {
             PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
@@ -75,7 +77,7 @@ FipsMode(char *arg)
  * If arg=="false", verify FIPS mode is disabled on the internal module.
  */
 Error
-ChkFipsMode(char *arg)
+ChkFipsMode(const char *arg)
 {
     if (!PORT_Strcasecmp(arg, "true")) {
         if (PK11_IsFIPS()) {


[FILE:1383:patches/patch-coreconf_Darwin.mk]
--- coreconf/Darwin.mk.orig     2018-06-21 09:24:45 UTC
+++ coreconf/Darwin.mk
@@ -7,8 +7,8 @@ CC     ?= gcc
 CCC    ?= g++
 RANLIB ?= ranlib
 
+NSS_ENABLE_WERROR = 0
 include $(CORE_DEPTH)/coreconf/UNIX.mk
-include $(CORE_DEPTH)/coreconf/Werror.mk
 
 DEFAULT_COMPILER = gcc
 
@@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
 USE_SYSTEM_ZLIB = 1
 ZLIB_LIBS      = -lz
 
-# The system sqlite library in the latest version of Mac OS X often becomes
-# newer than the sqlite library in NSS. This may result in certain Mac OS X
-# system libraries having unresolved sqlite symbols during the shlibsign step
-# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
-# the NSS libsqlite3.dylib is used instead of the system one. So just use the
-# system sqlite library on Mac, if it's sufficiently new.
-
-SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
-SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
-SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
-
-ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
-    ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
-        # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
-    else
-        NSS_USE_SYSTEM_SQLITE = 1
-    endif
-endif
+NSS_USE_SYSTEM_SQLITE = 1


[FILE:1313:patches/patch-coreconf_DragonFly.mk]
--- /dev/null   2018-01-19 14:58:14 UTC
+++ coreconf/DragonFly.mk
@@ -0,0 +1,54 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER       = gcc
+CC                     = gcc
+CCC                    = g++
+RANLIB                 = ranlib
+
+CPU_ARCH               = $(OS_TEST)
+ifeq ($(CPU_ARCH),i386)
+CPU_ARCH               = x86
+endif
+ifeq ($(CPU_ARCH),amd64)
+CPU_ARCH               = x86_64
+endif
+
+ifneq (,$(filter %64, $(OS_TEST)))
+USE_64                 = 1
+endif
+
+OS_CFLAGS              = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+
+DSO_CFLAGS             = -fPIC
+DSO_LDOPTS             = -shared -Wl,-soname -Wl,$(notdir $@)
+
+#
+# The default implementation strategy for FreeBSD is pthreads.
+#
+ifndef CLASSIC_NSPR
+USE_PTHREADS           = 1
+DEFINES                        += -D_THREAD_SAFE -D_REENTRANT
+OS_LIBS                        += -pthread
+DSO_LDOPTS             += -pthread
+endif
+
+ARCH                   = freebsd
+MOZ_OBJFORMAT          = elf
+DLL_SUFFIX             = so
+
+MKSHLIB                        = $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+       MKSHLIB += -Wl,--version-script,$(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+        sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
+
+G++INCLUDES            = -I/usr/include/c++
+
+USE_SYSTEM_ZLIB                = 1
+ZLIB_LIBS              = -lz


[FILE:1125:patches/patch-coreconf_FreeBSD.mk]
--- coreconf/FreeBSD.mk.orig    2018-01-18 14:19:59 UTC
+++ coreconf/FreeBSD.mk
@@ -5,9 +5,9 @@
 
 include $(CORE_DEPTH)/coreconf/UNIX.mk
 
-DEFAULT_COMPILER       = gcc
-CC                     = gcc
-CCC                    = g++
+DEFAULT_COMPILER       = $(CC)
+CC                     ?= gcc
+CCC                    = $(CXX)
 RANLIB                 = ranlib
 
 CPU_ARCH               = $(OS_TEST)
@@ -20,6 +20,16 @@ endif
 ifeq ($(CPU_ARCH),amd64)
 CPU_ARCH               = x86_64
 endif
+ifneq (,$(filter arm%, $(CPU_ARCH)))
+CPU_ARCH               = arm
+endif
+ifneq (,$(filter powerpc%, $(CPU_ARCH)))
+CPU_ARCH               = ppc
+endif
+
+ifneq (,$(filter %64, $(OS_TEST)))
+USE_64                 = 1
+endif
 
 OS_CFLAGS              = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
 
@@ -46,7 +56,11 @@ else
 DLL_SUFFIX             = so.1.0
 endif
 
-MKSHLIB                        = $(CC) $(DSO_LDOPTS)
+ifneq (,$(filter alpha ia64,$(OS_TEST)))
+MKSHLIB                        = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
+else
+MKSHLIB                        = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
+endif
 ifdef MAPFILE
        MKSHLIB += -Wl,--version-script,$(MAPFILE)
 endif
@@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
 
 G++INCLUDES            = -I/usr/include/g++
 
-INCLUDES               += -I/usr/X11R6/include
+USE_SYSTEM_ZLIB                = 1
+ZLIB_LIBS              = -lz


[FILE:1995:patches/patch-coreconf_SunOS5.mk]
--- coreconf/SunOS5.mk.orig     2018-01-18 14:19:59 UTC
+++ coreconf/SunOS5.mk
@@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
   ifdef NS_USE_GCC
       ARCHFLAG=-m64
   else
-      ifeq ($(OS_TEST),i86pc)
+      ifeq ($(OS_TEST),x86_64)
         ARCHFLAG=-xarch=amd64
       else
         ARCHFLAG=-xarch=v9
       endif
   endif
 else
-  ifneq ($(OS_TEST),i86pc)
+  ifneq ($(OS_TEST),x86_64)
     ifdef NS_USE_GCC
       ARCHFLAG=-mcpu=v9
     else
@@ -33,9 +33,9 @@ endif
 DEFAULT_COMPILER = cc
 
 ifdef NS_USE_GCC
-       CC         = gcc
+       CC         ?= gcc
        OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
-       CCC        = g++
+       CCC        ?= g++
        CCC       += -Wall -Wno-format
        ASFLAGS   += -x assembler-with-cpp
        OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
@@ -67,7 +67,7 @@ RANLIB      = echo
 CPU_ARCH    = sparc
 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
 
-ifeq ($(OS_TEST),i86pc)
+ifeq ($(OS_TEST),x86_64)
 ifeq ($(USE_64),1)
     CPU_ARCH           = x86_64
 else
@@ -109,15 +109,11 @@ endif
        DSO_LDOPTS += -shared -h $(notdir $@)
 else
 ifeq ($(USE_64), 1)
-       ifeq ($(OS_TEST),i86pc)
-           DSO_LDOPTS +=-xarch=amd64
-       else
-           DSO_LDOPTS +=-xarch=v9
-       endif
+       DSO_LDOPTS += -m64
 endif
        DSO_LDOPTS += -G -h $(notdir $@)
 endif
-DSO_LDOPTS += -z combreloc -z defs -z ignore
+# DSO_LDOPTS += -Wl,-z,origin
 
 # -KPIC generates position independent code for use in shared libraries.
 # (Similarly for -fPIC in case of gcc.)
@@ -129,16 +125,4 @@ endif
 
 NOSUCHFILE   = /solaris-rm-f-sucks
 
-ifeq ($(BUILD_SUN_PKG), 1)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-ifeq ($(USE_64), 1)
-RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
-else
-RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
-endif
-else
-RPATH = -R '$$ORIGIN'
-endif
-
-OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
+RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss


[FILE:370:patches/patch-coreconf_UNIX.mk]
--- coreconf/UNIX.mk.orig       2018-01-18 14:19:59 UTC
+++ coreconf/UNIX.mk
@@ -10,10 +10,8 @@ AR          = ar cr $@
 LDOPTS     += -L$(SOURCE_LIB_DIR)
 
 ifdef BUILD_OPT
-       OPTIMIZER  += -O
        DEFINES    += -UDEBUG -DNDEBUG
 else
-       OPTIMIZER  += -g
        USERNAME   := $(shell whoami)
        USERNAME   := $(subst -,_,$(USERNAME))
        DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)


[FILE:611:patches/patch-coreconf_arch.mk]
--- coreconf/arch.mk.orig       2018-01-18 14:19:59 UTC
+++ coreconf/arch.mk
@@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
 # Attempt to differentiate between sparc and x86 Solaris
 #
 
-OS_TEST := $(shell uname -m)
+OS_TEST := $(shell uname -p)
 ifeq ($(OS_TEST),i86pc)
     OS_RELEASE := $(shell uname -r)_$(OS_TEST)
 else
@@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
     KERNEL = Linux
 endif
 
+ifeq ($(OS_ARCH),DragonFly)
+OS_RELEASE := @OS_RELEASE@
+endif
+
 # Since all uses of OS_ARCH that follow affect only userland, we can
 # merge other Glibc systems with Linux here.
 ifeq ($(OS_ARCH),GNU)


[FILE:486:patches/patch-coreconf_command.mk]
--- coreconf/command.mk.orig    2018-01-18 14:19:59 UTC
+++ coreconf/command.mk
@@ -12,7 +12,7 @@ AS            = $(CC)
 ASFLAGS      += $(CFLAGS)
 CCF           = $(CC) $(CFLAGS)
 LINK_DLL      = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
-CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
+CFLAGS       += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
                 $(DEFINES) $(INCLUDES) $(XCFLAGS)
 PERL          = perl
 RANLIB        = echo


[FILE:465:patches/patch-coreconf_config.mk]
--- coreconf/config.mk.orig     2018-01-18 14:19:59 UTC
+++ coreconf/config.mk
@@ -31,7 +31,7 @@ endif
 #######################################################################
 
 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
-              AIX RISCOS WINNT WIN95 Linux Android
+              AIX RISCOS WINNT WIN95 Linux Android DragonFly
 
 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk


[FILE:248:patches/patch-coreconf_location.mk]
--- coreconf/location.mk.orig   2018-01-18 14:19:59 UTC
+++ coreconf/location.mk
@@ -40,7 +40,7 @@ ifdef NSPR_INCLUDE_DIR
 endif
 
 ifndef NSPR_LIB_DIR
-    NSPR_LIB_DIR = $(DIST)/lib
+    NSPR_LIB_DIR = $(PREFIX)/lib
 endif
 
 ifdef NSS_INCLUDE_DIR


[FILE:308:patches/patch-coreconf_ruleset.mk]
--- coreconf/ruleset.mk.orig    2018-01-18 14:19:59 UTC
+++ coreconf/ruleset.mk
@@ -53,7 +53,7 @@
 #
 
 ifndef COMPILER_TAG
-    ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
+    ifneq ($(DEFAULT_COMPILER), $(CC))
 #
 # Temporary define for the Client; to be removed when binary release is used
 #


[FILE:720:patches/patch-lib_freebl_Makefile]
--- lib/freebl/Makefile.orig    2018-01-18 14:19:59 UTC
+++ lib/freebl/Makefile
@@ -215,7 +215,7 @@ ifeq ($(CPU_ARCH),x86)
 endif
 endif # Darwin
 
-ifeq ($(OS_TARGET),Linux)
+ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
 ifeq ($(CPU_ARCH),x86_64)
     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
     ASFLAGS += -fPIC -Wa,--noexecstack
@@ -298,7 +298,7 @@ endif
 # to bind the blapi function references in FREEBLVector vector
 # (ldvector.c) to the blapi functions defined in the freebl
 # shared libraries.
-ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
     MKSHLIB += -Wl,-Bsymbolic
 endif
 


[FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
--- lib/freebl/mpi/mpcpucache.c.orig    2018-01-18 14:19:59 UTC
+++ lib/freebl/mpi/mpcpucache.c
@@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize()
 #endif
 
 #if defined(__ppc64__)
+
+#if defined(__FreeBSD__)
+#include <sys/stddef.h>
+#include <sys/sysctl.h>
+
+#include <machine/cpu.h>
+#include <machine/md_var.h>
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+       static int cacheline_size = 0;
+       static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
+       int clen;
+       
+       if (cacheline_size > 0)
+               return cacheline_size;
+
+       clen = sizeof(cacheline_size);
+       if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
+           &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
+               return 128; /* guess */
+
+       return cacheline_size;
+}
+#else
 /*
  *  Sigh, The PPC has some really nice features to help us determine cache
  *  size, since it had lots of direct control functions to do so. The POWER
@@ -758,6 +784,7 @@ s_mpi_getProcessorLineSize()
     }
     return 0;
 }
+#endif
 
 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
 #endif


[FILE:474:patches/patch-lib_freebl_verified_kremlib.h]
--- lib/freebl/verified/kremlib.h.orig  2018-01-18 14:19:59 UTC
+++ lib/freebl/verified/kremlib.h
@@ -184,7 +184,10 @@ typedef const char *Prims_string;
 /* ... for Linux */
 #if defined(__linux__) || defined(__CYGWIN__)
 #include <endian.h>
-
+/* ... for BSDs */
+#elif defined(__DragonFly__) || defined(__FreeBSD__) \
+   || defined(__NetBSD__) || defined(__OpenBSD__)
+#include <sys/endian.h>
 /* ... for OSX */
 #elif defined(__APPLE__)
 #include <libkern/OSByteOrder.h>


[FILE:600:patches/patch-lib_softoken_pkcs11.c]
--- lib/softoken/pkcs11.c.orig  2018-05-04 16:40:51 UTC
+++ lib/softoken/pkcs11.c
@@ -3077,8 +3077,8 @@ nsc_CommonInitialize(CK_VOID_PTR pReserv
         char buf[200];
         int major = 0, minor = 0;
 
-        long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
-        if (rv > 0 && rv < sizeof(buf)) {
+        long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+        if (sunrv > 0 && sunrv < sizeof(buf)) {
             if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
                 /* Are we on Solaris 10 or greater ? */
                 if (major > 5 || (5 == major && minor >= 10)) {


[FILE:1023:patches/patch-lib_softoken_pkcs11c.c]
--- lib/softoken/pkcs11c.c.orig 2018-01-18 14:19:59 UTC
+++ lib/softoken/pkcs11c.c
@@ -5727,9 +5727,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
             break;
         case NSSLOWKEYDSAKey:
             keyType = CKK_DSA;
-            crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
-            if (crv != CKR_OK)
-                break;
             crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
                                         sizeof(keyType));
             if (crv != CKR_OK)
@@ -5769,9 +5766,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
         /* what about fortezza??? */
         case NSSLOWKEYECKey:
             keyType = CKK_EC;
-            crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
-            if (crv != CKR_OK)
-                break;
             crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
                                         sizeof(keyType));
             if (crv != CKR_OK)


[FILE:3413:patches/patch-sysdb]
--- lib/softoken/legacydb/cdbhdl.h.orig 2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/cdbhdl.h
@@ -9,7 +9,8 @@
 #define _CDBHDL_H_
 
 #include "nspr.h"
-#include "mcom_db.h"
+#include <db.h>
+#include <fcntl.h>
 #include "pcertt.h"
 #include "prtypes.h"
 
--- lib/softoken/legacydb/dbmshim.c.orig        2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/dbmshim.c
@@ -5,7 +5,8 @@
 /*
  * Berkeley DB 1.85 Shim code to handle blobs.
  */
-#include "mcom_db.h"
+#include <db.h>
+#include <fcntl.h>
 #include "secitem.h"
 #include "nssb64.h"
 #include "blapi.h"
--- lib/softoken/legacydb/keydb.c.orig  2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/keydb.c
@@ -9,7 +9,6 @@
 #include "blapi.h"
 #include "secitem.h"
 #include "pcert.h"
-#include "mcom_db.h"
 #include "secerr.h"
 
 #include "keydbi.h"
--- lib/softoken/legacydb/keydbi.h.orig 2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/keydbi.h
@@ -10,7 +10,7 @@
 
 #include "nspr.h"
 #include "seccomon.h"
-#include "mcom_db.h"
+#include <db.h>
 
 /*
  * Handle structure for open key databases
--- lib/softoken/legacydb/pcertdb.c.orig        2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/pcertdb.c
@@ -7,7 +7,8 @@
  */
 #include "lowkeyti.h"
 #include "pcert.h"
-#include "mcom_db.h"
+#include <db.h>
+#include <fcntl.h>
 #include "pcert.h"
 #include "secitem.h"
 #include "secder.h"
--- lib/softoken/legacydb/pk11db.c.orig 2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/pk11db.c
@@ -8,7 +8,8 @@
  */
 
 #include "lgdb.h"
-#include "mcom_db.h"
+#include <db.h>
+#include <fcntl.h>
 #include "secerr.h"
 #include "utilpars.h"
 
--- lib/ckfw/dbm/ckdbm.h.orig   2018-01-18 14:19:59 UTC
+++ lib/ckfw/dbm/ckdbm.h
@@ -23,7 +23,7 @@
 #include "ckt.h"
 #endif /* CKT_H */
 
-#include "mcom_db.h"
+#include <db.h>
 
 NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
 
--- lib/softoken/legacydb/config.mk.orig        2018-01-18 14:19:59 UTC
+++ lib/softoken/legacydb/config.mk
@@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freeb
 
 EXTRA_LIBS += \
        $(CRYPTOLIB) \
-       $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
        $(NULL)
 
 # can't do this in manifest.mn because OS_TARGET isn't defined there.
--- lib/certdb/xauthkid.c.orig  2018-01-18 14:19:59 UTC
+++ lib/certdb/xauthkid.c
@@ -7,7 +7,7 @@
  *
  */
 
-#include "prtypes.h"
+#include <prtypes.h>
 #include "seccomon.h"
 #include "secdert.h"
 #include "secoidt.h"
--- lib/certdb/xbsconst.c.orig  2018-01-18 14:19:59 UTC
+++ lib/certdb/xbsconst.c
@@ -6,7 +6,7 @@
  * X.509 v3 Basic Constraints Extension
  */
 
-#include "prtypes.h"
+#include <prtypes.h>
 #include <limits.h> /* for LONG_MAX */
 #include "seccomon.h"
 #include "secdert.h"
--- lib/certdb/xconst.c.orig    2018-01-18 14:19:59 UTC
+++ lib/certdb/xconst.c
@@ -6,7 +6,7 @@
  * X.509 Extension Encoding
  */
 
-#include "prtypes.h"
+#include <prtypes.h>
 #include "seccomon.h"
 #include "secdert.h"
 #include "secoidt.h"
--- lib/manifest.mn.orig        2018-01-18 14:19:59 UTC
+++ lib/manifest.mn
@@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY
 SOFTOKEN_SRCDIRS = \
        $(FREEBL_SRCDIR) \
        $(SQLITE_SRCDIR) \
-       $(DBM_SRCDIR) \
+       $(NULL) \
        $(SOFTOKEN_SRCDIR) \
        $(NULL)
 ifndef NSS_BUILD_SOFTOKEN_ONLY
--- cmd/platlibs.mk.orig        2018-01-18 14:19:59 UTC
+++ cmd/platlibs.mk
@@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG
 ifdef NSS_DISABLE_DBM
 DBMLIB = $(NULL)
 else
-DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
+DBMLIB = $(NULL)
 endif
 
 ifeq ($(NSS_BUILD_UTIL_ONLY),1)


[FILE:6041:files/MAca-bundle.pl.in]
##
##  MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
##
##  Rewritten in September 2011 by Matthias Andree to heed untrust
##

##  Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
##  All rights reserved.
##
##  Redistribution and use in source and binary forms, with or without
##  modification, are permitted provided that the following conditions are
##  met:
##
##  * Redistributions of source code must retain the above copyright
##  notice, this list of conditions and the following disclaimer.
##
##  * Redistributions in binary form must reproduce the above copyright
##  notice, this list of conditions and the following disclaimer in the
##  documentation and/or other materials provided with the distribution.
##
##  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
##  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
##  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
##  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
##  COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
##  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
##  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
##  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
##  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
##  ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
##  POSSIBILITY OF SUCH DAMAGE.

use strict;
use Carp;
use MIME::Base64;

my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';

#   configuration
print <<EOH;
##
##  ca-root-nss.crt -- Bundle of CA Root Certificates
##
##  This is a bundle of X.509 certificates of public Certificate
##  Authorities (CA). These were automatically extracted from Mozilla's
##  root CA list (the file `certdata.txt').
##
##  Extracted from nss-%%VERSION_NSS%%
##  with $VERSION
##
EOH
my $debug = 0;
$debug++
    if defined $ENV{'WITH_DEBUG'}
        and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;

my %certs;
my %trusts;

sub printcert_plain($$)
{
    my ($label, $certdata) = @_;
    print "=== $label ===\n" if $label;
    print
        "-----BEGIN CERTIFICATE-----\n",
        MIME::Base64::encode_base64($certdata),
        "-----END CERTIFICATE-----\n\n";
}

sub printcert_info($$)
{
    my (undef, $certdata) = @_;
    return unless $certdata;
    open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    print OUT $certdata;
    close(OUT) or die "openssl x509 failed with exit code $?";
}

sub printcert($$) {
    my ($a, $b) = @_;
    printcert_info($a, $b);
}

sub graboct()
{
    my $data;

    while (<>) {
        last if /^END/;
        my (undef,@oct) = split /\\/;
        my @bin = map(chr(oct), @oct);
        $data .= join('', @bin);
    }

    return $data;
}


sub grabcert()
{
    my $certdata;
    my $cka_label;
    my $serial;

    while (<>) {
        chomp;
        last if ($_ eq '');

        if (/^CKA_LABEL UTF8 "([^"]+)"/) {
            $cka_label = $1;
        }

        if (/^CKA_VALUE MULTILINE_OCTAL/) {
            $certdata = graboct();
        }

        if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
            $serial = graboct();
        }
    }
    return ($serial, $cka_label, $certdata);
}

sub grabtrust() {
    my $cka_label;
    my $serial;
    my $maytrust = 0;
    my $distrust = 0;

    while (<>) {
        chomp;
        last if ($_ eq '');

        if (/^CKA_LABEL UTF8 "([^"]+)"/) {
            $cka_label = $1;
        }

        if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
            $serial = graboct();
        }

        if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
        {
            if ($2 eq      'CKT_NSS_NOT_TRUSTED') {
                $distrust = 1;
            } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
                $maytrust = 1;
            } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
                confess "Unknown trust setting on line $.:\n"
                . "$_\n"
                . "Script must be updated:";
            }
        }
    }

    if (!$maytrust && !$distrust && $debug) {
        print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
    }

    my $trust = ($maytrust and not $distrust);
    return ($serial, $cka_label, $trust);
}

while (<>) {
    if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
        my ($serial, $label, $certdata) = grabcert();
        if (defined $certs{$label."\0".$serial}) {
            warn "Certificate $label duplicated!\n";
        }
        $certs{$label."\0".$serial} = $certdata;
    } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
        my ($serial, $label, $trust) = grabtrust();
        if (defined $trusts{$label."\0".$serial}) {
            warn "Trust for $label duplicated!\n";
        }
        $trusts{$label."\0".$serial} = $trust;
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "##  Source: \"certdata.txt\" CVS revision $1\n##\n\n";
    }
}

sub printlabel(@) {
    my @res = @_;
    map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
    return wantarray ? @res : $res[0];
}

# weed out untrusted certificates
my $untrusted = 0;
foreach my $it (keys %trusts) {
    if (!$trusts{$it}) {
        if (!exists($certs{$it})) {
            warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
        } else {
            delete $certs{$it};
            warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
            $untrusted++;
        }
    }
}

print           "##  Untrusted certificates omitted from this bundle: $untrusted\n\n";
print STDERR    "##  Untrusted certificates omitted from this bundle: $untrusted\n";

my $certcount = 0;
foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
    if (!exists($trusts{$it})) {
        die "Found certificate without trust block,\naborting";
    }
    printcert("", $certs{$it});
    print "\n\n\n";
    $certcount++;
    print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
}

if ($certcount < 25) {
    die "Certificate count of $certcount is implausibly low.\nAbort";
}

print           "##  Number of certificates: $certcount\n";
print STDERR    "##  Number of certificates: $certcount\n";
print "##  End of file.\n";


[FILE:2352:files/nss-config.in]
#!/bin/sh

prefix=%%PREFIX%%
version=%%VERSION_NSS%%

usage()
{
        cat <<EOF
Usage: nss-config [OPTIONS] [LIBRARIES]
Options:
        [--prefix[=DIR]]
        [--exec-prefix[=DIR]]
        [--includedir[=DIR]]
        [--libdir[=DIR]]
        [--version]
        [--libs]
        [--cflags]
Dynamic Libraries:
        nss
        nssutil
        ssl
        smime
EOF
        exit $1
}

if test $# -eq 0; then
        usage 1 1>&2
fi

lib_ssl=yes
lib_smime=yes
lib_nss=yes
lib_nssutil=yes

while test $# -gt 0; do
  case "$1" in
  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
  *) optarg= ;;
  esac

  case $1 in
    --prefix=*)
      prefix=$optarg
      ;;
    --prefix)
      echo_prefix=yes
      ;;
    --exec-prefix=*)
      exec_prefix=$optarg
      ;;
    --exec-prefix)
      echo_exec_prefix=yes
      ;;
    --includedir=*)
      includedir=$optarg
      ;;
    --includedir)
      echo_includedir=yes
      ;;
    --libdir=*)
      libdir=$optarg
      ;;
    --libdir)
      echo_libdir=yes
      ;;
    --version)
      case $version in
      *.*.*) echo $version ;;
      *.*) echo $version.0 ;;
      *) echo $version.0.0 ;;
      esac
      ;;
    --cflags)
      echo_cflags=yes
      ;;
    --libs)
      echo_libs=yes
      ;;
    ssl)
      lib_ssl=yes
      ;;
    smime)
      lib_smime=yes
      ;;
    nss)
      lib_nss=yes
      ;;
    nssutil)
      lib_nssutil=yes
      ;;
    *)
      usage 1 1>&2
      ;;
  esac
  shift
done

# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
    exec_prefix=$prefix
fi
if test -z "$includedir"; then
    includedir=$prefix/include/nss
fi
if test -z "$libdir"; then
    libdir=$prefix/lib/nss
fi

if test "$echo_prefix" = "yes"; then
    echo $prefix
fi

if test "$echo_exec_prefix" = "yes"; then
    echo $exec_prefix
fi

if test "$echo_includedir" = "yes"; then
    echo $includedir
fi

if test "$echo_libdir" = "yes"; then
    echo $libdir
fi

if test "$echo_cflags" = "yes"; then
    echo -I$includedir -I$includedir/nss
fi

if test "$echo_libs" = "yes"; then
      libdirs="-Wl,-R${libdir} -L$libdir"
      if test -n "$lib_ssl"; then
        libdirs="$libdirs -lssl3"
      fi
      if test -n "$lib_smime"; then
        libdirs="$libdirs -lsmime3"
      fi
      if test -n "$lib_nss"; then
        libdirs="$libdirs -lnss3"
      fi
      if test -n "$lib_nssutil"; then
        libdirs="$libdirs -lnssutil3"
      fi
      echo $libdirs
fi      


[FILE:315:files/nss.pc.in]
prefix=%%PREFIX%%
exec_prefix=%%PREFIX%%
libdir=%%PREFIX%%/lib/nss
includedir=%%PREFIX%%/include

Name: NSS
Description: Mozilla Network Security Services
Version: %%VERSION_NSS%%
Requires: nspr
Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
Cflags: -I${includedir}/nss -I${includedir}/nss/nss


[FILE:948:files/pkg-message-caroot.in]
********************************* WARNING *********************************

Ravenports do not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * %%PREFIX%%/etc/ssl/cert.pem
  * %%PREFIX%%/openssl/cert.pem

***************************************************************************