1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Application security development libraries
8 HOMEPAGE= http://www.mozilla.org/projects/security/pki/nss/
12 SITES[main]= MOZILLA/security/nss/releases/NSS_3_51_1_RTM/src
13 DISTFILE[1]= nss-3.51.1.tar.gz:main
15 SPKGS[standard]= complete
19 OPTIONS_AVAILABLE= none
20 OPTIONS_STANDARD= none
22 BUILD_DEPENDS= libressl:single:static
23 BUILDRUN_DEPENDS= nspr:single:standard
25 USES= cpe gmake perl:build sqlite zlib
27 DISTNAME= nss-3.51.1/nss
30 LICENSE_FILE= MPL:{{WRKSRC}}/COPYING
33 CPE_PRODUCT= network_security_services
35 FPC_EQUIVALENT= security/nss
37 MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib"
38 SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
42 NSS_USE_SYSTEM_SQLITE=1
46 PLIST_SUB= CERTDIR=share/certs
51 SUB_LIST= VERSION_NSS=3.51.1
53 CFLAGS= -I{{LOCALBASE}}/include/nspr
54 LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss
55 VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1
56 MAKE_ENV=NO_MDUPDATE=1
57 CFLAGS=-D__EXTENSIONS__
58 VAR_ARCH[x86_64]= MAKE_ENV=USE_64=1
61 ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
62 ${WRKSRC}/lib/sysinit/nsssysinit.c
64 ${FIND} . -name "*.c" -o -name "*.h" | \
65 ${XARGS} ${GREP} -l -F '"nspr.h"' | \
66 ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
67 ${FIND} ${WRKSRC}/tests -name '*.sh' | \
68 ${XARGS} ${GREP} -l -F '/bin/bash' | \
69 ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
70 ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk
73 ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
74 < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt
77 @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
78 ${STAGEDIR}${PREFIX}/lib/nss \
79 ${STAGEDIR}${PREFIX}/share/certs
80 ${FIND} ${WRKDIR}/nss-3.51.1/dist/public/nss -type l \
81 -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
82 ${INSTALL_LIB} ${WRKDIR}/nss-3.51.1/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
83 ${STAGEDIR}${PREFIX}/lib/nss
84 ${INSTALL_DATA} ${WRKDIR}/nss-3.51.1/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
85 ${STAGEDIR}${PREFIX}/lib/nss
86 .for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
87 ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.51.1/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
88 ${STAGEDIR}${PREFIX}/bin
90 ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
91 ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
93 .for D in openssl openssl-devel libressl libressl-devel
94 ${MKDIR} ${STAGEDIR}${PREFIX}/etc/${D}
95 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
96 ${STAGEDIR}${PREFIX}/etc/${D}/cert.pem.sample
98 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
99 ${STAGEDIR}${PREFIX}/share/certs
101 [FILE:301:descriptions/desc.primary]
102 Network Security Services (NSS) is a set of libraries designed to support
103 cross-platform development of security-enabled server applications.
104 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
105 PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
109 [FILE:120:descriptions/desc.caroot]
110 Root certificates from certificate authorities included in the Mozilla
111 NSS library and thus in Firefox and Thunderbird.
115 085c5eaceef040eddea639e2e068e70f0e368f840327a678ef74ae3d6c15ca78 78310874 nss-3.51.1.tar.gz
118 [FILE:1537:manifests/plist.primary]
119 %%ONLY-LINUX%%lib/nss/libnsssysinit.so
252 libnssckbi-testlib.so
261 [FILE:186:manifests/plist.caroot]
262 @sample etc/libressl-devel/cert.pem.sample
263 @sample etc/libressl/cert.pem.sample
264 @sample etc/openssl-devel/cert.pem.sample
265 @sample etc/openssl/cert.pem.sample
266 %%CERTDIR%%/ca-root-nss.crt
269 [FILE:449:patches/patch-bug301986]
270 --- lib/util/nssilckt.h.orig 2020-04-03 21:21:37 UTC
271 +++ lib/util/nssilckt.h
272 @@ -163,7 +163,7 @@ typedef enum {
273 ** Declare the trace record
276 - PRUint32 threadID; /* PR_GetThreadID() */
277 + pthread_t threadID; /* PR_GetThreadID() */
278 nssILockOp op; /* operation being performed */
279 nssILockType ltype; /* lock type identifier */
280 PRIntervalTime callTime; /* time spent in function */
283 [FILE:2109:patches/patch-const]
284 --- cmd/modutil/modutil.h.orig 2020-04-03 21:21:37 UTC
285 +++ cmd/modutil/modutil.h
289 Error LoadMechanismList(void);
290 -Error FipsMode(char *arg);
291 -Error ChkFipsMode(char *arg);
292 +Error FipsMode(const char *arg);
293 +Error ChkFipsMode(const char *arg);
294 Error AddModule(char *moduleName, char *libFile, char *ciphers,
295 char *mechanisms, char *modparms);
296 Error DeleteModule(char *moduleName);
297 --- cmd/modutil/pk11.c.orig 2020-04-03 21:21:37 UTC
298 +++ cmd/modutil/pk11.c
300 * disable FIPS mode on the internal module.
304 +FipsMode(const char *arg)
308 @@ -25,16 +25,18 @@ FipsMode(char *arg)
309 internal_name = PR_smprintf("%s",
310 SECMOD_GetInternalModule()->commonName);
311 if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
312 - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
313 + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
314 PR_smprintf_free(internal_name);
315 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
316 return FIPS_SWITCH_FAILED_ERR;
318 - PR_smprintf_free(internal_name);
319 if (!PK11_IsFIPS()) {
320 + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
321 + PR_smprintf_free(internal_name);
322 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
323 return FIPS_SWITCH_FAILED_ERR;
325 + PR_smprintf_free(internal_name);
326 PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
328 PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
329 @@ -75,7 +77,7 @@ FipsMode(char *arg)
330 * If arg=="false", verify FIPS mode is disabled on the internal module.
333 -ChkFipsMode(char *arg)
334 +ChkFipsMode(const char *arg)
336 if (!PORT_Strcasecmp(arg, "true")) {
340 [FILE:1383:patches/patch-coreconf_Darwin.mk]
341 --- coreconf/Darwin.mk.orig 2020-04-03 21:21:37 UTC
342 +++ coreconf/Darwin.mk
343 @@ -7,8 +7,8 @@ CC ?= gcc
347 +NSS_ENABLE_WERROR = 0
348 include $(CORE_DEPTH)/coreconf/UNIX.mk
349 -include $(CORE_DEPTH)/coreconf/Werror.mk
351 DEFAULT_COMPILER = gcc
353 @@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
357 -# The system sqlite library in the latest version of Mac OS X often becomes
358 -# newer than the sqlite library in NSS. This may result in certain Mac OS X
359 -# system libraries having unresolved sqlite symbols during the shlibsign step
360 -# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
361 -# the NSS libsqlite3.dylib is used instead of the system one. So just use the
362 -# system sqlite library on Mac, if it's sufficiently new.
364 -SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
365 -SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
366 -SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
368 -ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
369 - ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
370 - # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
372 - NSS_USE_SYSTEM_SQLITE = 1
375 +NSS_USE_SYSTEM_SQLITE = 1
378 [FILE:1313:patches/patch-coreconf_DragonFly.mk]
379 --- /dev/null 2020-04-09 16:48:20 UTC
380 +++ coreconf/DragonFly.mk
383 +# This Source Code Form is subject to the terms of the Mozilla Public
384 +# License, v. 2.0. If a copy of the MPL was not distributed with this
385 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
387 +include $(CORE_DEPTH)/coreconf/UNIX.mk
389 +DEFAULT_COMPILER = gcc
394 +CPU_ARCH = $(OS_TEST)
395 +ifeq ($(CPU_ARCH),i386)
398 +ifeq ($(CPU_ARCH),amd64)
402 +ifneq (,$(filter %64, $(OS_TEST)))
406 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
409 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
412 +# The default implementation strategy for FreeBSD is pthreads.
416 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
418 +DSO_LDOPTS += -pthread
425 +MKSHLIB = $(CC) $(DSO_LDOPTS)
427 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
429 +PROCESS_MAP_FILE = grep -v ';-' $< | \
430 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
432 +G++INCLUDES = -I/usr/include/c++
438 [FILE:1125:patches/patch-coreconf_FreeBSD.mk]
439 --- coreconf/FreeBSD.mk.orig 2020-04-03 21:21:37 UTC
440 +++ coreconf/FreeBSD.mk
443 include $(CORE_DEPTH)/coreconf/UNIX.mk
445 -DEFAULT_COMPILER = gcc
448 +DEFAULT_COMPILER = $(CC)
453 CPU_ARCH = $(OS_TEST)
454 @@ -20,6 +20,16 @@ endif
455 ifeq ($(CPU_ARCH),amd64)
458 +ifneq (,$(filter arm%, $(CPU_ARCH)))
461 +ifneq (,$(filter powerpc%, $(CPU_ARCH)))
465 +ifneq (,$(filter %64, $(OS_TEST)))
469 OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
471 @@ -46,7 +56,11 @@ else
475 -MKSHLIB = $(CC) $(DSO_LDOPTS)
476 +ifneq (,$(filter alpha ia64,$(OS_TEST)))
477 +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
479 +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
482 MKSHLIB += -Wl,--version-script,$(MAPFILE)
484 @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
486 G++INCLUDES = -I/usr/include/g++
488 -INCLUDES += -I/usr/X11R6/include
493 [FILE:2012:patches/patch-coreconf_SunOS5.mk]
494 --- coreconf/SunOS5.mk.orig 2020-04-03 21:21:37 UTC
495 +++ coreconf/SunOS5.mk
496 @@ -14,14 +14,14 @@ ifeq ($(USE_64), 1)
500 - ifeq ($(OS_TEST),i86pc)
501 + ifeq ($(OS_TEST),x86_64)
502 ARCHFLAG=-xarch=amd64
508 - ifneq ($(OS_TEST),i86pc)
509 + ifneq ($(OS_TEST),x86_64)
513 @@ -33,9 +33,9 @@ endif
514 DEFAULT_COMPILER = cc
519 OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
522 CCC += -Wall -Wno-format
523 ASFLAGS += -x assembler-with-cpp
524 OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
525 @@ -67,7 +67,7 @@ RANLIB = echo
527 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
529 -ifeq ($(OS_TEST),i86pc)
530 +ifeq ($(OS_TEST),x86_64)
534 @@ -109,15 +109,11 @@ endif
535 DSO_LDOPTS += -shared -h $(notdir $@)
538 - ifeq ($(OS_TEST),i86pc)
539 - DSO_LDOPTS +=-xarch=amd64
541 - DSO_LDOPTS +=-xarch=v9
545 DSO_LDOPTS += -G -h $(notdir $@)
547 -DSO_LDOPTS += -z combreloc -z defs -z ignore
548 +# DSO_LDOPTS += -Wl,-z,origin
550 # -KPIC generates position independent code for use in shared libraries.
551 # (Similarly for -fPIC in case of gcc.)
552 @@ -129,16 +125,5 @@ endif
554 NOSUCHFILE = /solaris-rm-f-sucks
556 -ifeq ($(BUILD_SUN_PKG), 1)
557 -# The -R '$ORIGIN' linker option instructs this library to search for its
558 -# dependencies in the same directory where it resides.
560 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
562 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
565 -RPATH = -R '$$ORIGIN'
568 -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
570 +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss
573 [FILE:286:patches/patch-coreconf_UNIX.mk]
574 --- coreconf/UNIX.mk.orig 2020-04-03 21:21:37 UTC
576 @@ -10,10 +10,8 @@ AR = ar cr $@
577 LDOPTS += -L$(SOURCE_LIB_DIR)
581 DEFINES += -UDEBUG -DNDEBUG
584 DEFINES += -DDEBUG -UNDEBUG
589 [FILE:611:patches/patch-coreconf_arch.mk]
590 --- coreconf/arch.mk.orig 2020-04-03 21:21:37 UTC
592 @@ -26,7 +26,7 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
593 # Attempt to differentiate between sparc and x86 Solaris
596 -OS_TEST := $(shell uname -m)
597 +OS_TEST := $(shell uname -p)
598 ifeq ($(OS_TEST),i86pc)
599 OS_RELEASE := $(shell uname -r)_$(OS_TEST)
601 @@ -118,6 +118,10 @@ ifeq ($(OS_ARCH),Linux)
605 +ifeq ($(OS_ARCH),DragonFly)
606 +OS_RELEASE := @OS_RELEASE@
609 # Since all uses of OS_ARCH that follow affect only userland, we can
610 # merge other Glibc systems with Linux here.
611 ifeq ($(OS_ARCH),GNU)
614 [FILE:496:patches/patch-coreconf_command.mk]
615 --- coreconf/command.mk.orig 2020-04-03 21:21:37 UTC
616 +++ coreconf/command.mk
617 @@ -12,7 +12,7 @@ AS = $(CC)
619 CCF = $(CC) $(CFLAGS)
620 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
621 -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
622 +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
623 $(DEFINES) $(INCLUDES) $(XCFLAGS)
628 [FILE:465:patches/patch-coreconf_config.mk]
629 --- coreconf/config.mk.orig 2020-04-03 21:21:37 UTC
630 +++ coreconf/config.mk
631 @@ -31,7 +31,7 @@ endif
632 #######################################################################
634 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
635 - AIX RISCOS WINNT WIN95 Linux Android
636 + AIX RISCOS WINNT WIN95 Linux Android DragonFly
638 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
639 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
642 [FILE:248:patches/patch-coreconf_location.mk]
643 --- coreconf/location.mk.orig 2020-04-03 21:21:37 UTC
644 +++ coreconf/location.mk
645 @@ -40,7 +40,7 @@ ifdef NSPR_INCLUDE_DIR
649 - NSPR_LIB_DIR = $(DIST)/lib
650 + NSPR_LIB_DIR = $(PREFIX)/lib
653 ifdef NSS_INCLUDE_DIR
656 [FILE:308:patches/patch-coreconf_ruleset.mk]
657 --- coreconf/ruleset.mk.orig 2020-04-03 21:21:37 UTC
658 +++ coreconf/ruleset.mk
663 - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
664 + ifneq ($(DEFAULT_COMPILER), $(CC))
666 # Temporary define for the Client; to be removed when binary release is used
670 [FILE:720:patches/patch-lib_freebl_Makefile]
671 --- lib/freebl/Makefile.orig 2020-04-03 21:21:37 UTC
672 +++ lib/freebl/Makefile
673 @@ -236,7 +236,7 @@ ifeq ($(CPU_ARCH),x86)
677 -ifeq ($(OS_TARGET),Linux)
678 +ifeq (,$(filter-out Linux DragonFly FreeBSD, $(OS_TARGET)))
679 ifeq ($(CPU_ARCH),x86_64)
680 ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
681 ASFLAGS += -fPIC -Wa,--noexecstack
682 @@ -320,7 +320,7 @@ endif
683 # to bind the blapi function references in FREEBLVector vector
684 # (ldvector.c) to the blapi functions defined in the freebl
686 -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
687 +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
688 MKSHLIB += -Wl,-Bsymbolic
693 [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
694 --- lib/freebl/mpi/mpcpucache.c.orig 2020-04-03 21:21:37 UTC
695 +++ lib/freebl/mpi/mpcpucache.c
696 @@ -705,6 +705,32 @@ s_mpi_getProcessorLineSize()
699 #if defined(__ppc64__)
701 +#if defined(__FreeBSD__)
702 +#include <sys/stddef.h>
703 +#include <sys/sysctl.h>
705 +#include <machine/cpu.h>
706 +#include <machine/md_var.h>
709 +s_mpi_getProcessorLineSize()
711 + static int cacheline_size = 0;
712 + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
715 + if (cacheline_size > 0)
716 + return cacheline_size;
718 + clen = sizeof(cacheline_size);
719 + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
720 + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
721 + return 128; /* guess */
723 + return cacheline_size;
727 * Sigh, The PPC has some really nice features to help us determine cache
728 * size, since it had lots of direct control functions to do so. The POWER
729 @@ -758,6 +784,7 @@ s_mpi_getProcessorLineSize()
735 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
739 [FILE:600:patches/patch-lib_softoken_pkcs11.c]
740 --- lib/softoken/pkcs11.c.orig 2020-04-03 21:21:37 UTC
741 +++ lib/softoken/pkcs11.c
742 @@ -3225,8 +3225,8 @@ nsc_CommonInitialize(CK_VOID_PTR pReserv
744 int major = 0, minor = 0;
746 - long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
747 - if (rv > 0 && rv < sizeof(buf)) {
748 + long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
749 + if (sunrv > 0 && sunrv < sizeof(buf)) {
750 if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
751 /* Are we on Solaris 10 or greater ? */
752 if (major > 5 || (5 == major && minor >= 10)) {
755 [FILE:1023:patches/patch-lib_softoken_pkcs11c.c]
756 --- lib/softoken/pkcs11c.c.orig 2020-04-03 21:21:37 UTC
757 +++ lib/softoken/pkcs11c.c
758 @@ -5932,9 +5932,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
760 case NSSLOWKEYDSAKey:
762 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
765 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
768 @@ -5974,9 +5971,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
769 /* what about fortezza??? */
772 - crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
775 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
780 [FILE:3413:patches/patch-sysdb]
781 --- lib/softoken/legacydb/cdbhdl.h.orig 2020-04-03 21:21:37 UTC
782 +++ lib/softoken/legacydb/cdbhdl.h
787 -#include "mcom_db.h"
793 --- lib/softoken/legacydb/dbmshim.c.orig 2020-04-03 21:21:37 UTC
794 +++ lib/softoken/legacydb/dbmshim.c
797 * Berkeley DB 1.85 Shim code to handle blobs.
799 -#include "mcom_db.h"
805 --- lib/softoken/legacydb/keydb.c.orig 2020-04-03 21:21:37 UTC
806 +++ lib/softoken/legacydb/keydb.c
811 -#include "mcom_db.h"
815 --- lib/softoken/legacydb/keydbi.h.orig 2020-04-03 21:21:37 UTC
816 +++ lib/softoken/legacydb/keydbi.h
820 #include "seccomon.h"
821 -#include "mcom_db.h"
825 * Handle structure for open key databases
826 --- lib/softoken/legacydb/pcertdb.c.orig 2020-04-03 21:21:37 UTC
827 +++ lib/softoken/legacydb/pcertdb.c
830 #include "lowkeyti.h"
832 -#include "mcom_db.h"
838 --- lib/softoken/legacydb/pk11db.c.orig 2020-04-03 21:21:37 UTC
839 +++ lib/softoken/legacydb/pk11db.c
844 -#include "mcom_db.h"
848 #include "utilpars.h"
850 --- lib/ckfw/dbm/ckdbm.h.orig 2020-04-03 21:21:37 UTC
851 +++ lib/ckfw/dbm/ckdbm.h
856 -#include "mcom_db.h"
859 NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
861 --- lib/softoken/legacydb/config.mk.orig 2020-04-03 21:21:37 UTC
862 +++ lib/softoken/legacydb/config.mk
863 @@ -8,7 +8,6 @@ CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freeb
867 - $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
870 # can't do this in manifest.mn because OS_TARGET isn't defined there.
871 --- lib/certdb/xauthkid.c.orig 2020-04-03 21:21:37 UTC
872 +++ lib/certdb/xauthkid.c
877 -#include "prtypes.h"
878 +#include <prtypes.h>
879 #include "seccomon.h"
882 --- lib/certdb/xbsconst.c.orig 2020-04-03 21:21:37 UTC
883 +++ lib/certdb/xbsconst.c
885 * X.509 v3 Basic Constraints Extension
888 -#include "prtypes.h"
889 +#include <prtypes.h>
890 #include <limits.h> /* for LONG_MAX */
891 #include "seccomon.h"
893 --- lib/certdb/xconst.c.orig 2020-04-03 21:21:37 UTC
894 +++ lib/certdb/xconst.c
896 * X.509 Extension Encoding
899 -#include "prtypes.h"
900 +#include <prtypes.h>
901 #include "seccomon.h"
904 --- lib/manifest.mn.orig 2020-04-03 21:21:37 UTC
906 @@ -20,7 +20,7 @@ ifndef NSS_BUILD_UTIL_ONLY
914 ifndef NSS_BUILD_SOFTOKEN_ONLY
915 --- cmd/platlibs.mk.orig 2020-04-03 21:21:37 UTC
917 @@ -29,7 +29,7 @@ endif # BUILD_SUN_PKG
918 ifdef NSS_DISABLE_DBM
921 -DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
925 ifeq ($(NSS_BUILD_UTIL_ONLY),1)
928 [FILE:6041:files/MAca-bundle.pl.in]
930 ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
932 ## Rewritten in September 2011 by Matthias Andree to heed untrust
935 ## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
936 ## All rights reserved.
938 ## Redistribution and use in source and binary forms, with or without
939 ## modification, are permitted provided that the following conditions are
942 ## * Redistributions of source code must retain the above copyright
943 ## notice, this list of conditions and the following disclaimer.
945 ## * Redistributions in binary form must reproduce the above copyright
946 ## notice, this list of conditions and the following disclaimer in the
947 ## documentation and/or other materials provided with the distribution.
949 ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
950 ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
951 ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
952 ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
953 ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
954 ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
955 ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
956 ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
957 ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
958 ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
959 ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
960 ## POSSIBILITY OF SUCH DAMAGE.
966 my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
971 ## ca-root-nss.crt -- Bundle of CA Root Certificates
973 ## This is a bundle of X.509 certificates of public Certificate
974 ## Authorities (CA). These were automatically extracted from Mozilla's
975 ## root CA list (the file `certdata.txt').
977 ## Extracted from nss-%%VERSION_NSS%%
983 if defined $ENV{'WITH_DEBUG'}
984 and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;
989 sub printcert_plain($$)
991 my ($label, $certdata) = @_;
992 print "=== $label ===\n" if $label;
994 "-----BEGIN CERTIFICATE-----\n",
995 MIME::Base64::encode_base64($certdata),
996 "-----END CERTIFICATE-----\n\n";
999 sub printcert_info($$)
1001 my (undef, $certdata) = @_;
1002 return unless $certdata;
1003 open(OUT, "|openssl x509 -text -inform DER -fingerprint")
1004 || die "could not pipe to openssl x509";
1005 print OUT $certdata;
1006 close(OUT) or die "openssl x509 failed with exit code $?";
1011 printcert_info($a, $b);
1020 my (undef,@oct) = split /\\/;
1021 my @bin = map(chr(oct), @oct);
1022 $data .= join('', @bin);
1039 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1043 if (/^CKA_VALUE MULTILINE_OCTAL/) {
1044 $certdata = graboct();
1047 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1048 $serial = graboct();
1051 return ($serial, $cka_label, $certdata);
1064 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
1068 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
1069 $serial = graboct();
1072 if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
1074 if ($2 eq 'CKT_NSS_NOT_TRUSTED') {
1076 } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
1078 } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
1079 confess "Unknown trust setting on line $.:\n"
1081 . "Script must be updated:";
1086 if (!$maytrust && !$distrust && $debug) {
1087 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
1090 my $trust = ($maytrust and not $distrust);
1091 return ($serial, $cka_label, $trust);
1095 if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
1096 my ($serial, $label, $certdata) = grabcert();
1097 if (defined $certs{$label."\0".$serial}) {
1098 warn "Certificate $label duplicated!\n";
1100 $certs{$label."\0".$serial} = $certdata;
1101 } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
1102 my ($serial, $label, $trust) = grabtrust();
1103 if (defined $trusts{$label."\0".$serial}) {
1104 warn "Trust for $label duplicated!\n";
1106 $trusts{$label."\0".$serial} = $trust;
1107 } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1108 print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
1114 map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
1115 return wantarray ? @res : $res[0];
1118 # weed out untrusted certificates
1120 foreach my $it (keys %trusts) {
1121 if (!$trusts{$it}) {
1122 if (!exists($certs{$it})) {
1123 warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
1126 warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
1132 print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
1133 print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n";
1136 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
1137 if (!exists($trusts{$it})) {
1138 die "Found certificate without trust block,\naborting";
1140 printcert("", $certs{$it});
1143 print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
1146 if ($certcount < 25) {
1147 die "Certificate count of $certcount is implausibly low.\nAbort";
1150 print "## Number of certificates: $certcount\n";
1151 print STDERR "## Number of certificates: $certcount\n";
1152 print "## End of file.\n";
1155 [FILE:2352:files/nss-config.in]
1159 version=%%VERSION_NSS%%
1164 Usage: nss-config [OPTIONS] [LIBRARIES]
1167 [--exec-prefix[=DIR]]
1168 [--includedir[=DIR]]
1182 if test $# -eq 0; then
1191 while test $# -gt 0; do
1193 -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
1208 echo_exec_prefix=yes
1224 *.*.*) echo $version ;;
1225 *.*) echo $version.0 ;;
1226 *) echo $version.0.0 ;;
1254 # Set variables that may be dependent upon other variables
1255 if test -z "$exec_prefix"; then
1258 if test -z "$includedir"; then
1259 includedir=$prefix/include/nss
1261 if test -z "$libdir"; then
1262 libdir=$prefix/lib/nss
1265 if test "$echo_prefix" = "yes"; then
1269 if test "$echo_exec_prefix" = "yes"; then
1273 if test "$echo_includedir" = "yes"; then
1277 if test "$echo_libdir" = "yes"; then
1281 if test "$echo_cflags" = "yes"; then
1282 echo -I$includedir -I$includedir/nss
1285 if test "$echo_libs" = "yes"; then
1286 libdirs="-Wl,-R${libdir} -L$libdir"
1287 if test -n "$lib_ssl"; then
1288 libdirs="$libdirs -lssl3"
1290 if test -n "$lib_smime"; then
1291 libdirs="$libdirs -lsmime3"
1293 if test -n "$lib_nss"; then
1294 libdirs="$libdirs -lnss3"
1296 if test -n "$lib_nssutil"; then
1297 libdirs="$libdirs -lnssutil3"
1303 [FILE:315:files/nss.pc.in]
1305 exec_prefix=%%PREFIX%%
1306 libdir=%%PREFIX%%/lib/nss
1307 includedir=%%PREFIX%%/include
1310 Description: Mozilla Network Security Services
1311 Version: %%VERSION_NSS%%
1313 Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
1314 Cflags: -I${includedir}/nss -I${includedir}/nss/nss
1317 [FILE:948:files/pkg-message-caroot.in]
1318 ********************************* WARNING *********************************
1320 Ravenports do not, and can not warrant that the certification authorities
1321 whose certificates are included in this package have in any way been
1322 audited for trustworthiness or RFC 3647 compliance.
1324 Assessment and verification of trust is the complete responsibility of the
1325 system administrator.
1327 *********************************** NOTE **********************************
1329 This package installs symlinks to support root certificates discovery by
1330 default for software that uses OpenSSL.
1332 This enables SSL Certificate Verification by client software without manual
1335 If you prefer to do this manually, replace the following symlinks with
1336 either an empty file or your site-local certificate bundle.
1339 * %%PREFIX%%/etc/ssl/cert.pem
1340 * %%PREFIX%%/openssl/cert.pem
1342 ***************************************************************************