1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Application security development libraries
8 HOMEPAGE= https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
12 SITES[main]= MOZILLA/security/nss/releases/NSS_3_96_1_RTM/src
13 DISTFILE[1]= nss-3.96.1.tar.gz:main
15 SPKGS[standard]= complete
20 OPTIONS_AVAILABLE= none
21 OPTIONS_STANDARD= none
23 BUILD_DEPENDS= libressl:primary:standard
25 BUILDRUN_DEPENDS= nspr:primary:standard
26 EXRUN[dev]= nspr:dev:standard
28 USES= cpe gmake perl:build sqlite zlib ssl:build
30 DISTNAME= nss-3.96.1/nss
33 LICENSE_FILE= MPL:{{WRKSRC}}/COPYING
36 CPE_PRODUCT= network_security_services
38 FPC_EQUIVALENT= security/nss
40 MAKE_ENV= LIBRARY_PATH="{{LOCALBASE}}/lib"
41 SQLITE_INCLUDE_DIR="{{LOCALBASE}}/include"
44 NSS_USE_SYSTEM_SQLITE=1
49 PLIST_SUB= CERTDIR=share/certs
54 SUB_LIST= VERSION_NSS=3.96.1
56 CFLAGS= -I{{LOCALBASE}}/include/nspr
57 LDFLAGS= -Wl,-rpath,{{PREFIX}}/lib/nss
58 VAR_OPSYS[sunos]= MAKE_ENV=NS_USE_GCC=1
59 MAKE_ENV=NO_MDUPDATE=1
60 VAR_OPSYS[linux]= MAKE_ENV=RPATH=-Wl,-rpath,{{PREFIX}}/lib/nss
61 VAR_ARCH[x86_64]= MAKE_ENV=USE_64=1
64 ${SETENV} ${MAKE_ENV} ${PERL} ${WRKDIR}/MAca-bundle.pl \
65 < ${WRKSRC}/lib/ckfw/builtins/certdata.txt > ${WRKDIR}/ca-root-nss.crt
68 ${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \
69 ${WRKSRC}/lib/sysinit/nsssysinit.c
71 ${FIND} . -name "*.c" -o -name "*.h" | \
72 ${XARGS} ${GREP} -l -F '"nspr.h"' | \
73 ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|')
74 ${FIND} ${WRKSRC}/tests -name '*.sh' | \
75 ${XARGS} ${GREP} -l -F '/bin/bash' | \
76 ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|'
77 ${REINPLACE_CMD} -e 's/@OS_RELEASE@/${OSREL}/' ${WRKSRC}/coreconf/arch.mk
78 # prevent attempt to link to shared ssl libraries
79 ${RM} ${LOCALBASE}/libressl/lib*.so
82 @${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss \
83 ${STAGEDIR}${PREFIX}/lib/nss \
84 ${STAGEDIR}${PREFIX}/share/certs
85 ${FIND} ${WRKDIR}/nss-3.96.1/dist/public/nss -type l \
86 -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \;
87 ${INSTALL_LIB} ${WRKDIR}/nss-3.96.1/dist/${OPSYS}*_OPT.OBJ/lib/*.${LIBEXT} \
88 ${STAGEDIR}${PREFIX}/lib/nss
89 ${INSTALL_DATA} ${WRKDIR}/nss-3.96.1/dist/${OPSYS}*_OPT.OBJ/lib/libcrmf.a \
90 ${STAGEDIR}${PREFIX}/lib/nss
91 .for bin in certutil cmsutil crlutil derdump makepqg mangle modutil ocspclnt oidcalc p7content p7env p7sign p7verify pk12util rsaperf shlibsign signtool signver ssltap strsclnt symkeyutil vfychain vfyserv
92 ${INSTALL_PROGRAM} ${WRKDIR}/nss-3.96.1/dist/${OPSYS}*_OPT.OBJ/bin/${bin} \
93 ${STAGEDIR}${PREFIX}/bin
95 ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin
96 ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/lib/pkgconfig
98 .for D in openssl10 openssl11 openssl30 libressl libressl-devel
99 ${MKDIR} ${STAGEDIR}${PREFIX}/etc/${D}
100 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
101 ${STAGEDIR}${PREFIX}/etc/${D}/cert.pem.sample
103 ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt \
104 ${STAGEDIR}${PREFIX}/share/certs
106 [FILE:301:descriptions/desc.primary]
107 Network Security Services (NSS) is a set of libraries designed to support
108 cross-platform development of security-enabled server applications.
109 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
110 PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
114 [FILE:120:descriptions/desc.caroot]
115 Root certificates from certificate authorities included in the Mozilla
116 NSS library and thus in Firefox and Thunderbird.
120 c51e89f6fbb06163f4302e368eeb672d748b52d583948bdb15ef1b069237a496 76715092 nss-3.96.1.tar.gz
123 [FILE:438:manifests/plist.primary]
124 %%ONLY-LINUX%%lib/nss/libnsssysinit.so
154 libnssckbi-testlib.so
163 [FILE:222:manifests/plist.caroot]
164 @sample etc/libressl-devel/cert.pem.sample
165 @sample etc/libressl/cert.pem.sample
166 @sample etc/openssl10/cert.pem.sample
167 @sample etc/openssl11/cert.pem.sample
168 @sample etc/openssl30/cert.pem.sample
169 %%CERTDIR%%/ca-root-nss.crt
172 [FILE:1133:manifests/plist.dev]
280 [FILE:449:patches/patch-bug301986]
281 --- lib/util/nssilckt.h.orig 2023-12-18 17:23:08 UTC
282 +++ lib/util/nssilckt.h
283 @@ -163,7 +163,7 @@ typedef enum {
284 ** Declare the trace record
287 - PRUint32 threadID; /* PR_GetThreadID() */
288 + pthread_t threadID; /* PR_GetThreadID() */
289 nssILockOp op; /* operation being performed */
290 nssILockType ltype; /* lock type identifier */
291 PRIntervalTime callTime; /* time spent in function */
294 [FILE:2109:patches/patch-const]
295 --- cmd/modutil/modutil.h.orig 2023-12-18 17:23:08 UTC
296 +++ cmd/modutil/modutil.h
300 Error LoadMechanismList(void);
301 -Error FipsMode(char *arg);
302 -Error ChkFipsMode(char *arg);
303 +Error FipsMode(const char *arg);
304 +Error ChkFipsMode(const char *arg);
305 Error AddModule(char *moduleName, char *libFile, char *ciphers,
306 char *mechanisms, char *modparms);
307 Error DeleteModule(char *moduleName);
308 --- cmd/modutil/pk11.c.orig 2023-12-18 17:23:08 UTC
309 +++ cmd/modutil/pk11.c
311 * disable FIPS mode on the internal module.
315 +FipsMode(const char *arg)
319 @@ -25,16 +25,18 @@ FipsMode(char *arg)
320 internal_name = PR_smprintf("%s",
321 SECMOD_GetInternalModule()->commonName);
322 if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
323 - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
324 + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
325 PR_smprintf_free(internal_name);
326 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
327 return FIPS_SWITCH_FAILED_ERR;
329 - PR_smprintf_free(internal_name);
330 if (!PK11_IsFIPS()) {
331 + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
332 + PR_smprintf_free(internal_name);
333 PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
334 return FIPS_SWITCH_FAILED_ERR;
336 + PR_smprintf_free(internal_name);
337 PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
339 PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
340 @@ -75,7 +77,7 @@ FipsMode(char *arg)
341 * If arg=="false", verify FIPS mode is disabled on the internal module.
344 -ChkFipsMode(char *arg)
345 +ChkFipsMode(const char *arg)
347 if (!PORT_Strcasecmp(arg, "true")) {
351 [FILE:1383:patches/patch-coreconf_Darwin.mk]
352 --- coreconf/Darwin.mk.orig 2023-12-18 17:23:08 UTC
353 +++ coreconf/Darwin.mk
354 @@ -7,8 +7,8 @@ CC ?= gcc
358 +NSS_ENABLE_WERROR = 0
359 include $(CORE_DEPTH)/coreconf/UNIX.mk
360 -include $(CORE_DEPTH)/coreconf/Werror.mk
362 DEFAULT_COMPILER = gcc
364 @@ -127,21 +127,4 @@ PROCESS_MAP_FILE = grep -v ';+' $< | gre
368 -# The system sqlite library in the latest version of Mac OS X often becomes
369 -# newer than the sqlite library in NSS. This may result in certain Mac OS X
370 -# system libraries having unresolved sqlite symbols during the shlibsign step
371 -# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
372 -# the NSS libsqlite3.dylib is used instead of the system one. So just use the
373 -# system sqlite library on Mac, if it's sufficiently new.
375 -SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
376 -SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
377 -SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
379 -ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
380 - ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
381 - # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
383 - NSS_USE_SYSTEM_SQLITE = 1
386 +NSS_USE_SYSTEM_SQLITE = 1
389 [FILE:1313:patches/patch-coreconf_DragonFly.mk]
390 --- /dev/null 2023-12-20 00:54:08 UTC
391 +++ coreconf/DragonFly.mk
394 +# This Source Code Form is subject to the terms of the Mozilla Public
395 +# License, v. 2.0. If a copy of the MPL was not distributed with this
396 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
398 +include $(CORE_DEPTH)/coreconf/UNIX.mk
400 +DEFAULT_COMPILER = gcc
405 +CPU_ARCH = $(OS_TEST)
406 +ifeq ($(CPU_ARCH),i386)
409 +ifeq ($(CPU_ARCH),amd64)
413 +ifneq (,$(filter %64, $(OS_TEST)))
417 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
420 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
423 +# The default implementation strategy for FreeBSD is pthreads.
427 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
429 +DSO_LDOPTS += -pthread
436 +MKSHLIB = $(CC) $(DSO_LDOPTS)
438 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
440 +PROCESS_MAP_FILE = grep -v ';-' $< | \
441 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
443 +G++INCLUDES = -I/usr/include/c++
449 [FILE:1125:patches/patch-coreconf_FreeBSD.mk]
450 --- coreconf/FreeBSD.mk.orig 2023-12-18 17:23:08 UTC
451 +++ coreconf/FreeBSD.mk
454 include $(CORE_DEPTH)/coreconf/UNIX.mk
456 -DEFAULT_COMPILER = gcc
459 +DEFAULT_COMPILER = $(CC)
464 CPU_ARCH = $(OS_TEST)
465 @@ -20,6 +20,16 @@ endif
466 ifeq ($(CPU_ARCH),amd64)
469 +ifneq (,$(filter arm%, $(CPU_ARCH)))
472 +ifneq (,$(filter powerpc%, $(CPU_ARCH)))
476 +ifneq (,$(filter %64, $(OS_TEST)))
480 OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
482 @@ -46,7 +56,11 @@ else
486 -MKSHLIB = $(CC) $(DSO_LDOPTS)
487 +ifneq (,$(filter alpha ia64,$(OS_TEST)))
488 +MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
490 +MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
493 MKSHLIB += -Wl,--version-script,$(MAPFILE)
495 @@ -55,4 +69,5 @@ PROCESS_MAP_FILE = grep -v ';-' $< | \
497 G++INCLUDES = -I/usr/include/g++
499 -INCLUDES += -I/usr/X11R6/include
504 [FILE:1315:patches/patch-coreconf_MidnightBSD]
505 --- /dev/null 2023-12-20 00:54:08 UTC
506 +++ coreconf/MidnightBSD.mk
509 +# This Source Code Form is subject to the terms of the Mozilla Public
510 +# License, v. 2.0. If a copy of the MPL was not distributed with this
511 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
513 +include $(CORE_DEPTH)/coreconf/UNIX.mk
515 +DEFAULT_COMPILER = gcc
520 +CPU_ARCH = $(OS_TEST)
521 +ifeq ($(CPU_ARCH),i386)
524 +ifeq ($(CPU_ARCH),amd64)
528 +ifneq (,$(filter %64, $(OS_TEST)))
532 +OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
535 +DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@)
538 +# The default implementation strategy for FreeBSD is pthreads.
542 +DEFINES += -D_THREAD_SAFE -D_REENTRANT
544 +DSO_LDOPTS += -pthread
551 +MKSHLIB = $(CC) $(DSO_LDOPTS)
553 + MKSHLIB += -Wl,--version-script,$(MAPFILE)
555 +PROCESS_MAP_FILE = grep -v ';-' $< | \
556 + sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
558 +G++INCLUDES = -I/usr/include/c++
564 [FILE:1446:patches/patch-coreconf_SunOS5.mk]
565 --- coreconf/SunOS5.mk.orig 2023-12-18 17:23:08 UTC
566 +++ coreconf/SunOS5.mk
567 @@ -33,10 +33,10 @@ endif
568 DEFAULT_COMPILER = cc
573 OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
574 OS_CFLAGS += -D__EXTENSIONS__
577 CCC += -Wall -Wno-format
578 ASFLAGS += -x assembler-with-cpp
579 OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
580 @@ -107,15 +107,11 @@ endif
581 DSO_LDOPTS += -shared -h $(notdir $@)
584 - ifeq ($(OS_TEST),i86pc)
585 - DSO_LDOPTS +=-xarch=amd64
587 - DSO_LDOPTS +=-xarch=v9
591 DSO_LDOPTS += -G -h $(notdir $@)
593 -DSO_LDOPTS += -z combreloc -z defs -z ignore
594 +# DSO_LDOPTS += -Wl,-z,origin
596 # -KPIC generates position independent code for use in shared libraries.
597 # (Similarly for -fPIC in case of gcc.)
598 @@ -127,16 +123,5 @@ endif
600 NOSUCHFILE = /solaris-rm-f-sucks
602 -ifeq ($(BUILD_SUN_PKG), 1)
603 -# The -R '$ORIGIN' linker option instructs this library to search for its
604 -# dependencies in the same directory where it resides.
606 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
608 -RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
611 -RPATH = -R '$$ORIGIN'
614 -OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
616 +RPATH = $(LDFLAGS) #-Wl,-rpath,$(PREFIX)/lib/nss
619 [FILE:286:patches/patch-coreconf_UNIX.mk]
620 --- coreconf/UNIX.mk.orig 2023-12-18 17:23:08 UTC
622 @@ -10,10 +10,8 @@ AR = ar cr $@
623 LDOPTS += -L$(SOURCE_LIB_DIR)
627 DEFINES += -UDEBUG -DNDEBUG
630 DEFINES += -DDEBUG -UNDEBUG
635 [FILE:441:patches/patch-coreconf_arch.mk]
636 --- coreconf/arch.mk.orig 2023-12-18 17:23:08 UTC
638 @@ -97,6 +97,14 @@ ifeq ($(OS_ARCH),Linux)
639 include $(CORE_DEPTH)/coreconf/Linux.mk
642 +ifeq ($(OS_ARCH),DragonFly)
643 +OS_RELEASE := @OS_RELEASE@
646 +ifeq ($(OS_ARCH),MidnightBSD)
647 +OS_RELEASE := @OS_RELEASE@
650 # Since all uses of OS_ARCH that follow affect only userland, we can
651 # merge other Glibc systems with Linux here.
652 ifeq ($(OS_ARCH),GNU)
655 [FILE:496:patches/patch-coreconf_command.mk]
656 --- coreconf/command.mk.orig 2023-12-18 17:23:08 UTC
657 +++ coreconf/command.mk
658 @@ -12,7 +12,7 @@ AS = $(CC)
660 CCF = $(CC) $(CFLAGS)
661 LINK_DLL = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
662 -CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
663 +CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
664 $(DEFINES) $(INCLUDES) $(XCFLAGS)
669 [FILE:472:patches/patch-coreconf_config.mk]
670 --- coreconf/config.mk.orig 2023-12-18 17:23:08 UTC
671 +++ coreconf/config.mk
672 @@ -31,7 +31,7 @@ endif
673 #######################################################################
675 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin OpenBSD \
676 - AIX RISCOS WINNT WIN95 Linux Android
677 + AIX RISCOS WINNT WIN95 Linux Android DragonFly MidnightBSD
679 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
680 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
683 [FILE:248:patches/patch-coreconf_location.mk]
684 --- coreconf/location.mk.orig 2023-12-18 17:23:08 UTC
685 +++ coreconf/location.mk
686 @@ -37,7 +37,7 @@ ifdef NSPR_INCLUDE_DIR
690 - NSPR_LIB_DIR = $(DIST)/lib
691 + NSPR_LIB_DIR = $(PREFIX)/lib
694 ifdef NSS_INCLUDE_DIR
697 [FILE:308:patches/patch-coreconf_ruleset.mk]
698 --- coreconf/ruleset.mk.orig 2023-12-18 17:23:08 UTC
699 +++ coreconf/ruleset.mk
704 - ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
705 + ifneq ($(DEFAULT_COMPILER), $(CC))
707 # Temporary define for the Client; to be removed when binary release is used
711 [FILE:780:patches/patch-lib_freebl_Makefile]
712 --- lib/freebl/Makefile.orig 2023-12-18 17:23:08 UTC
713 +++ lib/freebl/Makefile
714 @@ -272,7 +272,7 @@ else ifeq ($(CPU_ARCH),x86)
718 -ifeq ($(OS_TARGET),Linux)
719 +ifeq (,$(filter-out Linux DragonFly FreeBSD MidnightBSD, $(OS_TARGET)))
720 ifeq ($(CPU_ARCH),x86_64)
721 # Lower case s on mpi_amd64_common due to make implicit rules.
722 ASFILES = arcfour-amd64-gas.s mpi_amd64_common.s
723 @@ -366,7 +366,7 @@ endif
724 # to bind the blapi function references in FREEBLVector vector
725 # (ldvector.c) to the blapi functions defined in the freebl
727 -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
728 +ifeq (,$(filter-out BSD_OS DragonFly FreeBSD Linux NetBSD OpenBSD MidnightBSD, $(OS_TARGET)))
729 MKSHLIB += -Wl,-Bsymbolic
734 [FILE:1041:patches/patch-lib_freebl_mpi_mpcpucache.c]
735 --- lib/freebl/mpi/mpcpucache.c.orig 2023-12-18 17:23:08 UTC
736 +++ lib/freebl/mpi/mpcpucache.c
737 @@ -706,6 +706,32 @@ s_mpi_getProcessorLineSize()
740 #if defined(__ppc64__)
742 +#if defined(__FreeBSD__)
743 +#include <sys/stddef.h>
744 +#include <sys/sysctl.h>
746 +#include <machine/cpu.h>
747 +#include <machine/md_var.h>
750 +s_mpi_getProcessorLineSize()
752 + static int cacheline_size = 0;
753 + static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
756 + if (cacheline_size > 0)
757 + return cacheline_size;
759 + clen = sizeof(cacheline_size);
760 + if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
761 + &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
762 + return 128; /* guess */
764 + return cacheline_size;
768 * Sigh, The PPC has some really nice features to help us determine cache
769 * size, since it had lots of direct control functions to do so. The POWER
770 @@ -759,6 +785,7 @@ s_mpi_getProcessorLineSize()
776 #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
780 [FILE:566:patches/patch-lib_softoken_pkcs11.c]
781 --- lib/softoken/pkcs11.c.orig 2023-12-18 17:23:08 UTC
782 +++ lib/softoken/pkcs11.c
783 @@ -3506,8 +3506,8 @@ loser:
785 int major = 0, minor = 0;
787 - long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
788 - if (rv > 0 && rv < sizeof(buf)) {
789 + long sunrv = sysinfo(SI_RELEASE, buf, sizeof(buf));
790 + if (sunrv > 0 && sunrv < sizeof(buf)) {
791 if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
792 /* Are we on Solaris 10 or greater ? */
793 if (major > 5 || (5 == major && minor >= 10)) {
796 [FILE:1013:patches/patch-lib_softoken_pkcs11c.c]
797 --- lib/softoken/pkcs11c.c.orig 2023-12-18 17:23:08 UTC
798 +++ lib/softoken/pkcs11c.c
799 @@ -6312,9 +6312,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
801 case NSSLOWKEYDSAKey:
803 - crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
806 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
809 @@ -6354,9 +6351,6 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
810 /* what about fortezza??? */
813 - crv = (sftk_hasAttribute(key, CKA_NSS_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
816 crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
821 [FILE:6041:files/MAca-bundle.pl.in]
823 ## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
825 ## Rewritten in September 2011 by Matthias Andree to heed untrust
828 ## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org>
829 ## All rights reserved.
831 ## Redistribution and use in source and binary forms, with or without
832 ## modification, are permitted provided that the following conditions are
835 ## * Redistributions of source code must retain the above copyright
836 ## notice, this list of conditions and the following disclaimer.
838 ## * Redistributions in binary form must reproduce the above copyright
839 ## notice, this list of conditions and the following disclaimer in the
840 ## documentation and/or other materials provided with the distribution.
842 ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
843 ## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
844 ## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
845 ## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
846 ## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
847 ## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
848 ## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
849 ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
850 ## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
851 ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
852 ## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
853 ## POSSIBILITY OF SUCH DAMAGE.
859 my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
864 ## ca-root-nss.crt -- Bundle of CA Root Certificates
866 ## This is a bundle of X.509 certificates of public Certificate
867 ## Authorities (CA). These were automatically extracted from Mozilla's
868 ## root CA list (the file `certdata.txt').
870 ## Extracted from nss-%%VERSION_NSS%%
876 if defined $ENV{'WITH_DEBUG'}
877 and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/;
882 sub printcert_plain($$)
884 my ($label, $certdata) = @_;
885 print "=== $label ===\n" if $label;
887 "-----BEGIN CERTIFICATE-----\n",
888 MIME::Base64::encode_base64($certdata),
889 "-----END CERTIFICATE-----\n\n";
892 sub printcert_info($$)
894 my (undef, $certdata) = @_;
895 return unless $certdata;
896 open(OUT, "|openssl x509 -text -inform DER -fingerprint")
897 || die "could not pipe to openssl x509";
899 close(OUT) or die "openssl x509 failed with exit code $?";
904 printcert_info($a, $b);
913 my (undef,@oct) = split /\\/;
914 my @bin = map(chr(oct), @oct);
915 $data .= join('', @bin);
932 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
936 if (/^CKA_VALUE MULTILINE_OCTAL/) {
937 $certdata = graboct();
940 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
944 return ($serial, $cka_label, $certdata);
957 if (/^CKA_LABEL UTF8 "([^"]+)"/) {
961 if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
965 if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
967 if ($2 eq 'CKT_NSS_NOT_TRUSTED') {
969 } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
971 } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
972 confess "Unknown trust setting on line $.:\n"
974 . "Script must be updated:";
979 if (!$maytrust && !$distrust && $debug) {
980 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
983 my $trust = ($maytrust and not $distrust);
984 return ($serial, $cka_label, $trust);
988 if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
989 my ($serial, $label, $certdata) = grabcert();
990 if (defined $certs{$label."\0".$serial}) {
991 warn "Certificate $label duplicated!\n";
993 $certs{$label."\0".$serial} = $certdata;
994 } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
995 my ($serial, $label, $trust) = grabtrust();
996 if (defined $trusts{$label."\0".$serial}) {
997 warn "Trust for $label duplicated!\n";
999 $trusts{$label."\0".$serial} = $trust;
1000 } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1001 print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
1007 map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res;
1008 return wantarray ? @res : $res[0];
1011 # weed out untrusted certificates
1013 foreach my $it (keys %trusts) {
1014 if (!$trusts{$it}) {
1015 if (!exists($certs{$it})) {
1016 warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug;
1019 warn "Skipping untrusted ".printlabel($it)."\n" if $debug;
1025 print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
1026 print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n";
1029 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
1030 if (!exists($trusts{$it})) {
1031 die "Found certificate without trust block,\naborting";
1033 printcert("", $certs{$it});
1036 print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
1039 if ($certcount < 25) {
1040 die "Certificate count of $certcount is implausibly low.\nAbort";
1043 print "## Number of certificates: $certcount\n";
1044 print STDERR "## Number of certificates: $certcount\n";
1045 print "## End of file.\n";
1048 [FILE:2352:files/nss-config.in]
1052 version=%%VERSION_NSS%%
1057 Usage: nss-config [OPTIONS] [LIBRARIES]
1060 [--exec-prefix[=DIR]]
1061 [--includedir[=DIR]]
1075 if test $# -eq 0; then
1084 while test $# -gt 0; do
1086 -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
1101 echo_exec_prefix=yes
1117 *.*.*) echo $version ;;
1118 *.*) echo $version.0 ;;
1119 *) echo $version.0.0 ;;
1147 # Set variables that may be dependent upon other variables
1148 if test -z "$exec_prefix"; then
1151 if test -z "$includedir"; then
1152 includedir=$prefix/include/nss
1154 if test -z "$libdir"; then
1155 libdir=$prefix/lib/nss
1158 if test "$echo_prefix" = "yes"; then
1162 if test "$echo_exec_prefix" = "yes"; then
1166 if test "$echo_includedir" = "yes"; then
1170 if test "$echo_libdir" = "yes"; then
1174 if test "$echo_cflags" = "yes"; then
1175 echo -I$includedir -I$includedir/nss
1178 if test "$echo_libs" = "yes"; then
1179 libdirs="-Wl,-R${libdir} -L$libdir"
1180 if test -n "$lib_ssl"; then
1181 libdirs="$libdirs -lssl3"
1183 if test -n "$lib_smime"; then
1184 libdirs="$libdirs -lsmime3"
1186 if test -n "$lib_nss"; then
1187 libdirs="$libdirs -lnss3"
1189 if test -n "$lib_nssutil"; then
1190 libdirs="$libdirs -lnssutil3"
1196 [FILE:315:files/nss.pc.in]
1198 exec_prefix=%%PREFIX%%
1199 libdir=%%PREFIX%%/lib/nss
1200 includedir=%%PREFIX%%/include
1203 Description: Mozilla Network Security Services
1204 Version: %%VERSION_NSS%%
1206 Libs: -Wl,-R${libdir} -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
1207 Cflags: -I${includedir}/nss -I${includedir}/nss/nss
1210 [FILE:948:files/pkg-message-caroot.in]
1211 ********************************* WARNING *********************************
1213 Ravenports do not, and can not warrant that the certification authorities
1214 whose certificates are included in this package have in any way been
1215 audited for trustworthiness or RFC 3647 compliance.
1217 Assessment and verification of trust is the complete responsibility of the
1218 system administrator.
1220 *********************************** NOTE **********************************
1222 This package installs symlinks to support root certificates discovery by
1223 default for software that uses OpenSSL.
1225 This enables SSL Certificate Verification by client software without manual
1228 If you prefer to do this manually, replace the following symlinks with
1229 either an empty file or your site-local certificate bundle.
1232 * %%PREFIX%%/etc/ssl/cert.pem
1233 * %%PREFIX%%/openssl/cert.pem
1235 ***************************************************************************