1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
8 SDESC[standard]= Application security development libraries
9 HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
13 SITES[main]= MOZILLA/security/nss/releases/NSS_3_35_RTM/src
14 DISTFILE[1]= nss-3.35.tar.gz:main
16 SPKGS[standard]= complete
20 OPTIONS_AVAILABLE= ETCSYMLINK
21 OPTIONS_STANDARD= ETCSYMLINK
22 OPT_ON[all]= ETCSYMLINK
24 BUILD_DEPENDS= libressl:single:static
25 BUILDRUN_DEPENDS= nspr:single:standard
27 USES= cpe gmake perl:build sqlite zlib
29 DISTNAME= nss-3.35/nss
33 LICENSE_FILE= MPL:{{WRKSRC}}/COPYING
35 CPE_PRODUCT= network_security_services
37 FPC_EQUIVALENT= security/nss
39 MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib"
40 SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
44 NSS_USE_SYSTEM_SQLITE=1
49 PLIST_SUB= CERTDIR=share/certs
54 SUB_LIST= VERSION_NSS=3.35
56 CFLAGS= -I{{LOCALBASE}}/include/nspr
57 LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss
58 VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1
59 MAKE_ENV=NO_MDUPDATE=1
61 CONFIGURE_ENV=LINKER=gold
63 [ETCSYMLINK].DESCRIPTION= Add symlink to /etc/ssl/cert.pem
66 @${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
67 ${WRKSRC}/lib/sysinit/nsssysinit.c
69 ${FIND} . -name "*.c" -o -name "*.h" | \
70 ${XARGS} ${GREP} -l -F '"nspr.h"' | \
71 ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|'
72 ${FIND} ${WRKSRC}/tests -name '*.sh' | \
73 ${XARGS} ${GREP} -l -F '/bin/bash' | \
74 ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
75 ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk
78 ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
79 < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt
82 @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
83 ${STAGEDIR}${PREFIX}/lib/nss \
84 ${STAGEDIR}${PREFIX}/share/certs \
85 ${STAGEDIR}${PREFIX}/etc/ssl \
86 ${STAGEDIR}${PREFIX}/openssl
87 ${FIND} ${WRKDIR}/nss-3.35/dist/public/nss -type l \
88 -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
89 ${INSTALL_LIB} ${WRKDIR}/nss-3.35/dist/${OPSYS}*_OPT.OBJ/lib/*.so \
90 ${STAGEDIR}${PREFIX}/lib/nss
91 ${INSTALL_DATA} ${WRKDIR}/nss-3.35/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
92 ${STAGEDIR}${PREFIX}/lib/nss
93 .for bin in certcgi certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
94 ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.35/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
95 ${STAGEDIR}${PREFIX}/bin
97 ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
98 ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
100 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/share/certs
101 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
102 ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
103 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
104 ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
106 post-install-ETCSYMLINK-ON:
107 @${MKDIR} ${STAGEDIR}/etc/ssl
108 ${LN} -sf ../../share/certs/ca-root-nss.crt \
109 ${STAGEDIR}/etc/ssl/cert.pem
111 [FILE:301:descriptions/desc.primary]
112 Network Security Services (NSS) is a set of libraries designed to support
113 cross-platform development of security-enabled server applications.
114 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
115 PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
119 [FILE:120:descriptions/desc.caroot]
120 Root certificates from certificate authorities included in the Mozilla
121 NSS library and thus in Firefox and Thunderbird.
125 f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa 9620041 nss-3.35.tar.gz
128 [FILE:1523:manifests/plist.primary]
263 %%ONLY-LINUX%%lib/nss/libnsssysinit.so
271 [FILE:127:manifests/plist.caroot]
272 %%CERTDIR%%/ca-root-nss.crt
273 @sample etc/ssl/cert.pem.sample
274 @sample openssl/cert.pem.sample
275 %%ETCSYMLINK-ON%%/etc/ssl/cert.pem
278 [FILE:449:patches/patch-bug301986]
279 --- lib/util/nssilckt.h.orig 2018-01-18 14:19:59 UTC
280 +++ lib/util/nssilckt.h
281 @@ -163,7 +163,7 @@ typedef enum {
282 ** Declare the trace record
285 - PRUint32 threadID; /* PR_GetThreadID() */
286 + pthread_t threadID; /* PR_GetThreadID() */
287 nssILockOp op; /* operation being performed */
288 nssILockType ltype; /* lock type identifier */
289 PRIntervalTime callTime; /* time spent in function */
292 [FILE:2109:patches/patch-const]
293 --- cmd/modutil/modutil.h.orig 2018-01-18 14:19:59 UTC
294 +++ cmd/modutil/modutil.h
298 Error LoadMechanismList(void);
299 -Error FipsMode(char *arg);
300 -Error ChkFipsMode(char *arg);
301 +Error FipsMode(const char *arg);
302 +Error ChkFipsMode(const char *arg);
303 Error AddModule(char *moduleName, char *libFile, char *ciphers,
304 char *mechanisms, char *modparms);
305 Error DeleteModule(char *moduleName);
306 --- cmd/modutil/pk11.c.orig 2018-01-18 14:19:59 UTC
307 +++ cmd/modutil/pk11.c
309 * disable FIPS mode on the internal module.
313 +FipsMode(const char *arg)
317 @@ -25,16 +25,18 @@ FipsMode(char *arg)
318 internal_name = PR_smprintf("%s",
319 SECMOD_GetInternalModule()->commonName);
320 if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
321 - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
322 + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
323 PR_smprintf_free(internal_name);
324 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
325 return FIPS_SWITCH_FAILED_ERR;
327 - PR_smprintf_free(internal_name);
328 if (!PK11_IsFIPS()) {
329 + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
330 + PR_smprintf_free(internal_name);
331 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
332 return FIPS_SWITCH_FAILED_ERR;
334 + PR_smprintf_free(internal_name);
335 PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
337 PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
338 @@ -75,7 +77,7 @@ FipsMode(char *arg)
339 * If arg=="false", verify FIPS mode is disabled on the internal module.
342 -ChkFipsMode(char *arg)
343 +ChkFipsMode(const char *arg)
345 if (!PORT_Strcasecmp(arg, "true")) {
349 [FILE:1313:patches/patch-coreconf_DragonFly.mk]
350 --- /dev/null 2018-01-19 14:58:14 UTC
351 +++ coreconf/DragonFly.mk
354 +# This Source Code Form is subject to the terms of the Mozilla Public
355 +# License, v. 2.0. If a copy of the MPL was not distributed with this
356 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
358 +include $(CORE_DEPTH)/coreconf/UNIX.mk
360 +DEFAULT_COMPILER = gcc
365 +CPU_ARCH = $(OS_TEST)
366 +ifeq ($(CPU_ARCH),i386)
369 +ifeq ($(CPU_ARCH),amd64)
373 +ifneq (,$(filter %64, $(OS_TEST)))
377 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
380 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
383 +# The default implementation strategy for FreeBSD is pthreads.
387 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
389 +DSO_LDOPTS += -pthread
396 +MKSHLIB = $(CC) $(DSO_LDOPTS)
398 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
400 +PROCESS_MAP_FILE = grep -v ';-' $< | \
401 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
403 +G++INCLUDES = -I/usr/include/c++
409 [FILE:1125:patches/patch-coreconf_FreeBSD.mk]
410 --- coreconf/FreeBSD.mk.orig 2018-01-18 14:19:59 UTC
411 +++ coreconf/FreeBSD.mk
414 include $(CORE_DEPTH)/coreconf/UNIX.mk
416 -DEFAULT_COMPILER = gcc
419 +DEFAULT_COMPILER = $(CC)
424 CPU_ARCH = $(OS_TEST)
425 @@ -20,6 +20,16 @@ endif
426 ifeq ($(CPU_ARCH),amd64)
429 +ifneq (,$(filter arm%, $(CPU_ARCH)))
432 +ifneq (,$(filter powerpc%, $(CPU_ARCH)))
436 +ifneq (,$(filter %64, $(OS_TEST)))
440 OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
442 @@ -46,7 +56,11 @@ else
446 -MKSHLIB = $(CC) $(DSO_LDOPTS)
447 +ifneq (,$(filter alpha ia64,$(OS_TEST)))
448 +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
450 +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
453 MKSHLIB += -Wl,--version-script,$(MAPFILE)
455 @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
457 G++INCLUDES = -I/usr/include/g++
459 -INCLUDES += -I/usr/X11R6/include
464 [FILE:1995:patches/patch-coreconf_SunOS5.mk]
465 --- coreconf/SunOS5.mk.orig 2018-01-18 14:19:59 UTC
466 +++ coreconf/SunOS5.mk
467 @@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
471 - ifeq ($(OS_TEST),i86pc)
472 + ifeq ($(OS_TEST),x86_64)
473 ARCHFLAG=-xarch=amd64
479 - ifneq ($(OS_TEST),i86pc)
480 + ifneq ($(OS_TEST),x86_64)
484 @@ -33,9 +33,9 @@ endif
485 DEFAULT_COMPILER = cc
490 OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
493 CCC += -Wall -Wno-format
494 ASFLAGS += -x assembler-with-cpp
495 OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
496 @@ -67,7 +67,7 @@ RANLIB = echo
498 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
500 -ifeq ($(OS_TEST),i86pc)
501 +ifeq ($(OS_TEST),x86_64)
505 @@ -109,15 +109,11 @@ endif
506 DSO_LDOPTS += -shared -h $(notdir $@)
509 - ifeq ($(OS_TEST),i86pc)
510 - DSO_LDOPTS +=-xarch=amd64
512 - DSO_LDOPTS +=-xarch=v9
516 DSO_LDOPTS += -G -h $(notdir $@)
518 -DSO_LDOPTS += -z combreloc -z defs -z ignore
519 +# DSO_LDOPTS += -Wl,-z,origin
521 # -KPIC generates position independent code for use in shared libraries.
522 # (Similarly for -fPIC in case of gcc.)
523 @@ -129,16 +125,4 @@ endif
525 NOSUCHFILE = /solaris-rm-f-sucks
527 -ifeq ($(BUILD_SUN_PKG), 1)
528 -# The -R '$ORIGIN' linker option instructs this library to search for its
529 -# dependencies in the same directory where it resides.
531 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
533 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
536 -RPATH = -R '$$ORIGIN'
539 -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
540 +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss
543 [FILE:370:patches/patch-coreconf_UNIX.mk]
544 --- coreconf/UNIX.mk.orig 2018-01-18 14:19:59 UTC
546 @@ -10,10 +10,8 @@ AR = ar cr $@
547 LDOPTS += -L$(SOURCE_LIB_DIR)
551 DEFINES += -UDEBUG -DNDEBUG
554 USERNAME := $(shell whoami)
555 USERNAME := $(subst -,_,$(USERNAME))
556 DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
559 [FILE:611:patches/patch-coreconf_arch.mk]
560 --- coreconf/arch.mk.orig 2018-01-18 14:19:59 UTC
562 @@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
563 # Attempt to differentiate between sparc and x86 Solaris
566 -OS_TEST := $(shell uname -m)
567 +OS_TEST := $(shell uname -p)
568 ifeq ($(OS_TEST),i86pc)
569 OS_RELEASE := $(shell uname -r)_$(OS_TEST)
571 @@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
575 +ifeq ($(OS_ARCH),DragonFly)
576 +OS_RELEASE := @OS_RELEASE@
579 # Since all uses of OS_ARCH that follow affect only userland, we can
580 # merge other Glibc systems with Linux here.
581 ifeq ($(OS_ARCH),GNU)
584 [FILE:486:patches/patch-coreconf_command.mk]
585 --- coreconf/command.mk.orig 2018-01-18 14:19:59 UTC
586 +++ coreconf/command.mk
587 @@ -12,7 +12,7 @@ AS = $(CC)
589 CCF = $(CC) $(CFLAGS)
590 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
591 -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
592 +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
593 $(DEFINES) $(INCLUDES) $(XCFLAGS)
598 [FILE:465:patches/patch-coreconf_config.mk]
599 --- coreconf/config.mk.orig 2018-01-18 14:19:59 UTC
600 +++ coreconf/config.mk
601 @@ -31,7 +31,7 @@ endif
602 #######################################################################
604 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
605 - AIX RISCOS WINNT WIN95 Linux Android
606 + AIX RISCOS WINNT WIN95 Linux Android DragonFly
608 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
609 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
612 [FILE:248:patches/patch-coreconf_location.mk]
613 --- coreconf/location.mk.orig 2018-01-18 14:19:59 UTC
614 +++ coreconf/location.mk
615 @@ -40,7 +40,7 @@ ifdef NSPR_INCLUDE_DIR
619 - NSPR_LIB_DIR = $(DIST)/lib
620 + NSPR_LIB_DIR = $(PREFIX)/lib
623 ifdef NSS_INCLUDE_DIR
626 [FILE:308:patches/patch-coreconf_ruleset.mk]
627 --- coreconf/ruleset.mk.orig 2018-01-18 14:19:59 UTC
628 +++ coreconf/ruleset.mk
633 - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
634 + ifneq ($(DEFAULT_COMPILER), $(CC))
636 # Temporary define for the Client; to be removed when binary release is used
640 [FILE:720:patches/patch-lib_freebl_Makefile]
641 --- lib/freebl/Makefile.orig 2018-01-18 14:19:59 UTC
642 +++ lib/freebl/Makefile
643 @@ -215,7 +215,7 @@ ifeq ($(CPU_ARCH),x86)
647 -ifeq ($(OS_TARGET),Linux)
648 +ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
649 ifeq ($(CPU_ARCH),x86_64)
650 ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
651 ASFLAGS += -fPIC -Wa,--noexecstack
652 @@ -298,7 +298,7 @@ endif
653 # to bind the blapi function references in FREEBLVector vector
654 # (ldvector.c) to the blapi functions defined in the freebl
656 -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
657 +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
658 MKSHLIB += -Wl,-Bsymbolic
663 [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
664 --- lib/freebl/mpi/mpcpucache.c.orig 2018-01-18 14:19:59 UTC
665 +++ lib/freebl/mpi/mpcpucache.c
666 @@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize()
669 #if defined(__ppc64__)
671 +#if defined(__FreeBSD__)
672 +#include <sys/stddef.h>
673 +#include <sys/sysctl.h>
675 +#include <machine/cpu.h>
676 +#include <machine/md_var.h>
679 +s_mpi_getProcessorLineSize()
681 + static int cacheline_size = 0;
682 + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
685 + if (cacheline_size > 0)
686 + return cacheline_size;
688 + clen = sizeof(cacheline_size);
689 + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
690 + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
691 + return 128; /* guess */
693 + return cacheline_size;
697 * Sigh, The PPC has some really nice features to help us determine cache
698 * size, since it had lots of direct control functions to do so. The POWER
699 @@ -758,6 +784,7 @@ s_mpi_getProcessorLineSize()
705 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
709 [FILE:474:patches/patch-lib_freebl_verified_kremlib.h]
710 --- lib/freebl/verified/kremlib.h.orig 2018-01-18 14:19:59 UTC
711 +++ lib/freebl/verified/kremlib.h
712 @@ -184,7 +184,10 @@ typedef const char *Prims_string;
714 #if defined(__linux__) || defined(__CYGWIN__)
718 +#elif defined(__DragonFly__) || defined(__FreeBSD__) \
719 + || defined(__NetBSD__) || defined(__OpenBSD__)
720 +#include <sys/endian.h>
722 #elif defined(__APPLE__)
723 #include <libkern/OSByteOrder.h>
726 [FILE:1023:patches/patch-lib_softoken_pkcs11c.c]
727 --- lib/softoken/pkcs11c.c.orig 2018-01-18 14:19:59 UTC
728 +++ lib/softoken/pkcs11c.c
729 @@ -5727,9 +5727,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
731 case NSSLOWKEYDSAKey:
733 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
736 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
739 @@ -5769,9 +5766,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
740 /* what about fortezza??? */
743 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
746 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
751 [FILE:3413:patches/patch-sysdb]
752 --- lib/softoken/legacydb/cdbhdl.h.orig 2018-01-18 14:19:59 UTC
753 +++ lib/softoken/legacydb/cdbhdl.h
758 -#include "mcom_db.h"
764 --- lib/softoken/legacydb/dbmshim.c.orig 2018-01-18 14:19:59 UTC
765 +++ lib/softoken/legacydb/dbmshim.c
768 * Berkeley DB 1.85 Shim code to handle blobs.
770 -#include "mcom_db.h"
776 --- lib/softoken/legacydb/keydb.c.orig 2018-01-18 14:19:59 UTC
777 +++ lib/softoken/legacydb/keydb.c
782 -#include "mcom_db.h"
786 --- lib/softoken/legacydb/keydbi.h.orig 2018-01-18 14:19:59 UTC
787 +++ lib/softoken/legacydb/keydbi.h
791 #include "seccomon.h"
792 -#include "mcom_db.h"
796 * Handle structure for open key databases
797 --- lib/softoken/legacydb/pcertdb.c.orig 2018-01-18 14:19:59 UTC
798 +++ lib/softoken/legacydb/pcertdb.c
801 #include "lowkeyti.h"
803 -#include "mcom_db.h"
809 --- lib/softoken/legacydb/pk11db.c.orig 2018-01-18 14:19:59 UTC
810 +++ lib/softoken/legacydb/pk11db.c
815 -#include "mcom_db.h"
819 #include "utilpars.h"
821 --- lib/ckfw/dbm/ckdbm.h.orig 2018-01-18 14:19:59 UTC
822 +++ lib/ckfw/dbm/ckdbm.h
827 -#include "mcom_db.h"
830 NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
832 --- lib/softoken/legacydb/config.mk.orig 2018-01-18 14:19:59 UTC
833 +++ lib/softoken/legacydb/config.mk
834 @@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freeb
838 - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
841 # can't do this in manifest.mn because OS_TARGET isn't defined there.
842 --- lib/certdb/xauthkid.c.orig 2018-01-18 14:19:59 UTC
843 +++ lib/certdb/xauthkid.c
848 -#include "prtypes.h"
849 +#include <prtypes.h>
850 #include "seccomon.h"
853 --- lib/certdb/xbsconst.c.orig 2018-01-18 14:19:59 UTC
854 +++ lib/certdb/xbsconst.c
856 * X.509 v3 Basic Constraints Extension
859 -#include "prtypes.h"
860 +#include <prtypes.h>
861 #include <limits.h> /* for LONG_MAX */
862 #include "seccomon.h"
864 --- lib/certdb/xconst.c.orig 2018-01-18 14:19:59 UTC
865 +++ lib/certdb/xconst.c
867 * X.509 Extension Encoding
870 -#include "prtypes.h"
871 +#include <prtypes.h>
872 #include "seccomon.h"
875 --- lib/manifest.mn.orig 2018-01-18 14:19:59 UTC
877 @@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY
885 ifndef NSS_BUILD_SOFTOKEN_ONLY
886 --- cmd/platlibs.mk.orig 2018-01-18 14:19:59 UTC
888 @@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG
889 ifdef NSS_DISABLE_DBM
892 -DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
896 ifeq ($(NSS_BUILD_UTIL_ONLY),1)
899 [FILE:484:patches/patch-tests]
900 --- tests/common/init.sh.orig 2018-01-18 14:19:59 UTC
901 +++ tests/common/init.sh
902 @@ -366,7 +366,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
903 if [ -z "${DOMSUF}" ]; then
904 DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
906 - HOST=`echo $HOST | sed -e "s/\..*//"`
907 + DOMSUF=${HOST#*.} # remove Smallest Prefix matching ``*.''
908 + HOST=${HOST%%.*} # remove Largest Suffix ``.*''. See sh(1)
914 [FILE:6041:files/MAca-bundle.pl.in]
916 ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
918 ## Rewritten in September 2011 by Matthias Andree to heed untrust
921 ## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
922 ## All rights reserved.
924 ## Redistribution and use in source and binary forms, with or without
925 ## modification, are permitted provided that the following conditions are
928 ## * Redistributions of source code must retain the above copyright
929 ## notice, this list of conditions and the following disclaimer.
931 ## * Redistributions in binary form must reproduce the above copyright
932 ## notice, this list of conditions and the following disclaimer in the
933 ## documentation and/or other materials provided with the distribution.
935 ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
936 ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
937 ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
938 ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
939 ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
940 ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
941 ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
942 ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
943 ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
944 ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
945 ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
946 ## POSSIBILITY OF SUCH DAMAGE.
952 my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
957 ## ca-root-nss.crt -- Bundle of CA Root Certificates
959 ## This is a bundle of X.509 certificates of public Certificate
960 ## Authorities (CA). These were automatically extracted from Mozilla's
961 ## root CA list (the file `certdata.txt').
963 ## Extracted from nss-%%VERSION_NSS%%
969 if defined $ENV{'WITH_DEBUG'}
970 and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;
975 sub printcert_plain($$)
977 my ($label, $certdata) = @_;
978 print "=== $label ===\n" if $label;
980 "-----BEGIN CERTIFICATE-----\n",
981 MIME::Base64::encode_base64($certdata),
982 "-----END CERTIFICATE-----\n\n";
985 sub printcert_info($$)
987 my (undef, $certdata) = @_;
988 return unless $certdata;
989 open(OUT, "|openssl x509 -text -inform DER -fingerprint")
990 || die "could not pipe to openssl x509";
992 close(OUT) or die "openssl x509 failed with exit code $?";
997 printcert_info($a, $b);
1006 my (undef,@oct) = split /\\/;
1007 my @bin = map(chr(oct), @oct);
1008 $data .= join('', @bin);
1025 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1029 if (/^CKA_VALUE MULTILINE_OCTAL/) {
1030 $certdata = graboct();
1033 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1034 $serial = graboct();
1037 return ($serial, $cka_label, $certdata);
1050 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1054 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1055 $serial = graboct();
1058 if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
1060 if ($2 eq 'CKT_NSS_NOT_TRUSTED') {
1062 } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
1064 } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
1065 confess "Unknown trust setting on line $.:\n"
1067 . "Script must be updated:";
1072 if (!$maytrust && !$distrust && $debug) {
1073 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
1076 my $trust = ($maytrust and not $distrust);
1077 return ($serial, $cka_label, $trust);
1081 if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
1082 my ($serial, $label, $certdata) = grabcert();
1083 if (defined $certs{$label."\0".$serial}) {
1084 warn "Certificate $label duplicated!\n";
1086 $certs{$label."\0".$serial} = $certdata;
1087 } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
1088 my ($serial, $label, $trust) = grabtrust();
1089 if (defined $trusts{$label."\0".$serial}) {
1090 warn "Trust for $label duplicated!\n";
1092 $trusts{$label."\0".$serial} = $trust;
1093 } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1094 print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
1100 map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
1101 return wantarray ? @res : $res[0];
1104 # weed out untrusted certificates
1106 foreach my $it (keys %trusts) {
1107 if (!$trusts{$it}) {
1108 if (!exists($certs{$it})) {
1109 warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
1112 warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
1118 print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
1119 print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n";
1122 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
1123 if (!exists($trusts{$it})) {
1124 die "Found certificate without trust block,\naborting";
1126 printcert("", $certs{$it});
1129 print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
1132 if ($certcount < 25) {
1133 die "Certificate count of $certcount is implausibly low.\nAbort";
1136 print "## Number of certificates: $certcount\n";
1137 print STDERR "## Number of certificates: $certcount\n";
1138 print "## End of file.\n";
1141 [FILE:2352:files/nss-config.in]
1145 version=%%VERSION_NSS%%
1150 Usage: nss-config [OPTIONS] [LIBRARIES]
1153 [--exec-prefix[=DIR]]
1154 [--includedir[=DIR]]
1168 if test $# -eq 0; then
1177 while test $# -gt 0; do
1179 -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
1194 echo_exec_prefix=yes
1210 *.*.*) echo $version ;;
1211 *.*) echo $version.0 ;;
1212 *) echo $version.0.0 ;;
1240 # Set variables that may be dependent upon other variables
1241 if test -z "$exec_prefix"; then
1244 if test -z "$includedir"; then
1245 includedir=$prefix/include/nss
1247 if test -z "$libdir"; then
1248 libdir=$prefix/lib/nss
1251 if test "$echo_prefix" = "yes"; then
1255 if test "$echo_exec_prefix" = "yes"; then
1259 if test "$echo_includedir" = "yes"; then
1263 if test "$echo_libdir" = "yes"; then
1267 if test "$echo_cflags" = "yes"; then
1268 echo -I$includedir -I$includedir/nss
1271 if test "$echo_libs" = "yes"; then
1272 libdirs="-Wl,-R${libdir} -L$libdir"
1273 if test -n "$lib_ssl"; then
1274 libdirs="$libdirs -lssl3"
1276 if test -n "$lib_smime"; then
1277 libdirs="$libdirs -lsmime3"
1279 if test -n "$lib_nss"; then
1280 libdirs="$libdirs -lnss3"
1282 if test -n "$lib_nssutil"; then
1283 libdirs="$libdirs -lnssutil3"
1289 [FILE:315:files/nss.pc.in]
1291 exec_prefix=%%PREFIX%%
1292 libdir=%%PREFIX%%/lib/nss
1293 includedir=%%PREFIX%%/include
1296 Description: Mozilla Network Security Services
1297 Version: %%VERSION_NSS%%
1299 Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
1300 Cflags: -I${includedir}/nss -I${includedir}/nss/nss
1303 [FILE:948:files/pkg-message-caroot.in]
1304 ********************************* WARNING *********************************
1306 Ravenports do not, and can not warrant that the certification authorities
1307 whose certificates are included in this package have in any way been
1308 audited for trustworthiness or RFC 3647 compliance.
1310 Assessment and verification of trust is the complete responsibility of the
1311 system administrator.
1313 *********************************** NOTE **********************************
1315 This package installs symlinks to support root certificates discovery by
1316 default for software that uses OpenSSL.
1318 This enables SSL Certificate Verification by client software without manual
1321 If you prefer to do this manually, replace the following symlinks with
1322 either an empty file or your site-local certificate bundle.
1325 * %%PREFIX%%/etc/ssl/cert.pem
1326 * %%PREFIX%%/openssl/cert.pem
1328 ***************************************************************************