diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2013-10-24 08:35:23 +0000 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2013-10-24 08:35:23 +0000 |
| commit | c985a7f07154292e88304631352a62e849be4da2 (patch) | |
| tree | 644e9a28e0a6a3397bd1fba10a6dadd8981589d8 /dev-libs/nss | |
| parent | version bump (diff) | |
| download | historical-c985a7f07154292e88304631352a62e849be4da2.tar.gz historical-c985a7f07154292e88304631352a62e849be4da2.tar.bz2 historical-c985a7f07154292e88304631352a62e849be4da2.zip | |
Removed vulnerable versions (bug #486114)
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x981CA6FC
Diffstat (limited to 'dev-libs/nss')
| -rw-r--r-- | dev-libs/nss/ChangeLog | 6 | ||||
| -rw-r--r-- | dev-libs/nss/Manifest | 37 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.14.3.ebuild | 273 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.15.1-r1.ebuild | 275 |
4 files changed, 21 insertions, 570 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog index 526aa134418b..cdeb2e387fc6 100644 --- a/dev-libs/nss/ChangeLog +++ b/dev-libs/nss/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for dev-libs/nss # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.321 2013/10/09 17:10:05 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.322 2013/10/24 08:35:22 polynomial-c Exp $ + + 24 Oct 2013; Lars Wendler <polynomial-c@gentoo.org> -nss-3.14.3.ebuild, + -nss-3.15.1-r1.ebuild: + Removed vulnerable versions (bug #486114). 09 Oct 2013; Agostino Sarubbo <ago@gentoo.org> nss-3.15.2.ebuild: Stable for sparc, wrt bug #486114 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest index 4330e4ad91cf..acf90558fb2a 100644 --- a/dev-libs/nss/Manifest +++ b/dev-libs/nss/Manifest @@ -1,5 +1,5 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 +Hash: SHA256 AUX nss-3.12.6-gentoo-fixup-warnings.patch 301 SHA256 e14b227f762bd21875208e241029966b1e3873edfdf0592ca69bd9714859d329 SHA512 fcb47b120860436987858be53971f020db2d7c2f1bef1300bdca6dcf45d76a9b595c545112c1e7553ac29c412f72eafe3d29cd91ed1ab196b03146a7d8bc1870 WHIRLPOOL 1f59af79d4d7565185a3b841b3e936f7d3dddc642630d261be22c04d04cb0f8dfdd13ddacaa0fe8d69256fcffaee5fc273dfe73fc72f539abb5ed501dd1439c2 AUX nss-3.14.1-gentoo-fixups-r1.patch 6370 SHA256 68a7e9f3f05d247825abe364e12289b7924e5e6f079d309b18aa7ef0be90d002 SHA512 8ac25987f330a34dd364ba4ea1eb9378813268d0a47dc6f287ece66184d88d2eb32fb80f8c6ea46815161ef54f6dac2960c8024ef443545d8ffdba43c10405e1 WHIRLPOOL fa45342b098c62daa6b8b798f8bcfec894743b264d50bd0c025f0395b91bd3c354547f4282fa8d9afcb5dd844f9f2590014657d881ab606cc71c2d84ba9ed7ce @@ -10,31 +10,26 @@ AUX nss-3.15-gentoo-fixup-warnings.patch 177 SHA256 3bb300d8448f769beb97b110a0fe AUX nss-3.15-gentoo-fixups.patch 5255 SHA256 eba46da3424640a0f16c7b07e526c373f3739dbfe6fb1e5a2af4d7b7fb83e4e2 SHA512 a1968a1e77a34a9ec4718b48435190c698cb960fb138a23a2f136b08ca50e221b2d5a729d69210eafcc7aafe12f3e02b329c7a878c1e9e308c3e737c2e7a1b71 WHIRLPOOL 54ff1716c8b016d38b83aa82c8473bea468710ed72d237ca0ea1d6201c39e141b7f32938c8a9f870c4693421f42751ce6f6c4bafd1d80a53e3bd17170ccf5f7a AUX nss-3.15-x32.patch 1308 SHA256 485686744485824c95823d593864695f5b417c7ba2e67ec07785bd2bcae3a0c2 SHA512 417215d257cc1b588a2b310b351ece2ac89f359fc91ecee48d7a2d616443734d2c077aa0d3ac922f4b342ed520700b7beb0e43e7d5e6b17440dc959ddf5e18ec WHIRLPOOL 71510984835ba1a38825482f1043204ba3502b2c78ed87ff2be884551658a8c42125e69fe90f5b090ea26139bfcf36910b4db7cc92eaf8d6d9a58c0356e89a98 AUX nss-3.15.1-fipstest-warnings.patch 842 SHA256 7785c70fb271ab48ba9a995bdd0ac206170cb9305821873d60c66f4e8fba19e2 SHA512 1f0f43e69766d810a7bd033abc3919913f6c8d59015b0f3cea4647fb7ba74883fea61376baa45f5011c03a78f00494d0834e4c82f0d0627c4b4b15740a66de83 WHIRLPOOL 7182afe6f2100a6c41e387c79fe0bb282debd3bfcad3a6f0994bed74b703d8dda87e6c58d1578a9074c79dc7f46863156c36b1a7bef24a6e71d81d4320fe742f -DIST nss-3.13.3_pem.support 191571 SHA256 cb6cf7955203514b3c1210c9b32504b0d2f1c158fa9b5d2509ef0bb34b68374c SHA512 223026adbacf2f325f808210cc050f95cb65cb0fe8c6022109a42bd991fd576e2e96beb5ec8e185dbbd649f4bd4516bc0f7fc10401f47eda806ab2d63f0c23a3 WHIRLPOOL 78345665e54fe67f57bc09311567ad525f9a8dae7d17e600a9639fac820fcf9c64e9f4bacc5df3f90b90a224e374ac44e938962c5248189fe76dad7143bf3476 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 -DIST nss-3.14.3.tar.gz 6189790 SHA256 d9d366be94d33395597ebf82363fcdedfa693a6d627cf7f6bec025f609d54cc0 SHA512 4e8d8517ffb6d03da274afe9a7c50e2f0a15ffdd83e63f29a445e7aee829a8b7e2fbc772695322bd6acee81c052811735b542978044996156cb52dd7e4c001ec WHIRLPOOL 1c1c341303c8c1a13a10b732ac27d5ac8f3245b220436848bdf3877fb1487dba71654908f58810d49869e5af2a86842c4638415b283114bae0f4fbfaee3c4b29 DIST nss-3.15-pem-support-20130617.patch.xz 27800 SHA256 01885877f12b0460798760617c9b0a1f8ed05ad0130e924211bd73fc344535cc SHA512 ebf0633e1683b3b9efe340d1117e02f1ced7e8381c7e867fff77efc3c41df1a32f017b18816ae6a04b35b5006c83e557c47a13ae576f50a84f9770c321dfa34b WHIRLPOOL 88f5edc621ca7862dc2e433836e11caa60752dc8f95bc7f49bcf07cdd0b3d8f2d7642ee02b018b8429a3e358e252ecdf3de40a1b12fab1f0fa13ca360e02a53c -DIST nss-3.15.1.tar.gz 6286561 SHA256 f994106a33d1f3210f4151bbb3419a1c28fd1cb545caa7dc9afdebd6da626284 SHA512 173bd80771c9a64307750733a6aa2f716e61d4b060cc61d11ec741b0b214a33b188d3e23924c062f28587785077902266f3d30e60d2c141dc54d2679736f88ec WHIRLPOOL cc5d797d1b8a1d0ad2ce4c01bede5b3c81c9607a647b9be77136d96a76caa04d163db745868fe51f7fde44d5184edb5968c9175c546e31d7c3c3c0c41d6774be DIST nss-3.15.2.tar.gz 6288669 SHA256 7b2c80d18c49581edbdb509cbf7afd61d8c53658f2a38ff20e224c1909faeddc SHA512 f19889115ebd9f3214ee4faef11764d30936522c55aebe31bbed22073a39ca025559aa90ed96c973384b4f404c7179cffd212a63406e79f50213c0c991bb1c9e WHIRLPOOL 4464f0e56415871f22d89bd9c97c750088066d454d4d643f8475379e6372fa4f3a0839f49949d4024babfe1500250ef60d40358fca52e5133ee45ddc02bc2efd -EBUILD nss-3.14.3.ebuild 8182 SHA256 07fd9b1be24b86907d60f4728971f2bf709a4de1bd4aa684b725f5c11122431c SHA512 9640c3483abe8cfd3001fa3f27987ff204b7b9b5129460669ce4393e5bbab1647bb1d2f60c36c4b2455efe21ad3505a927f47a665d80b35293da6beee99764d3 WHIRLPOOL 4ee6382780a9fd521c9afaaa903b92044694ecf93623d40b40ad1e5e87cb9948af8ad45e119e5ae0e3301c03d014aef4923bce955c12898689b44b2e9e03adb3 -EBUILD nss-3.15.1-r1.ebuild 7815 SHA256 303418e66e23756d4e75354b4386694b071f0922c00badb9cc0417e2d38e4b96 SHA512 5d2cff329cc98e4acfb442321b315eef9a1fdd75bb4a044346f3e7f84d536cc20038cc9dae1917387a7b573797cd5585d586c247c2242df3035228e31b0d1566 WHIRLPOOL 18b2579e1485b266a78f433bf53f5178e724652e553c09f7429925968809c71783d9cbe3bed2ce57537498e6c746fe6ab55dbbad5b31dc3a3b2ffa15e6dd4e6b EBUILD nss-3.15.2.ebuild 7514 SHA256 819d05c422fb7cdcbc67973de7bd31c8369fbaa0eea2890776d270dfe27d21b2 SHA512 1131f290f0d653f097a6074374ef03e04e1adc7df55f6e2bd3fe602c9f901f573a561148dc4fc51b24d4d233d3dfa8c7ee925ad2c5a99fc0e66926d637fb4744 WHIRLPOOL 9a17b451140b089b3c5d5c69b016fc92501f4cab67314d8edfd027d44ff0e3d12cdbee81272497a3c2e50dd74dc7e83f46bf33fda05d12486aae85cb5b1926e2 -MISC ChangeLog 40979 SHA256 8c185802f28722ea9ff799dbc4ec6ab0a3971394f2a48910b102a790fab39a46 SHA512 ebbafd3cbddfb257ee785adce84cdaff944e670d148a42792a66c5795c85499caeac938e51fff4cce473405cf90b0e566c871391d6d37e006dd148a38fc57c5d WHIRLPOOL a845216ede9922d71358023825d09f183dfe05451c2920e1b3021d52d2df4da941b45ece71aba308b5ac24bf36635f8cc90c39d4ac70da5e52cbd26cb012595f +MISC ChangeLog 41133 SHA256 b90fc532d8750842b884f4bb02598f2cf10f503a92da8db43126f76baae79341 SHA512 9952e954fc3b5d6bababa03d29c513fdac61e143736e29c95f863d69d573ded9a6016ec11fffc00c87b7898c06b220d5ff801827f1e369cff7d9456cd3e2c91b WHIRLPOOL 16a7e9dd73a5bff9b3feb37f6166becdf6e32279673c73fc2130152f8ca065b7af77a2bd7032bf8fdff29e27ce777d731c8993b1a6c0ccbfe1c7618e26e62e44 MISC metadata.xml 323 SHA256 e6fef8af50b09ae8cd84d42ca66b3716d47046ca2c643cb842a0cbc75196c1c5 SHA512 d4631c5de361b5b04d5ec36061fcb4762d47efd93b977c63e26d921109d0b2c2639f803442600b363c91937f2e5b2acd7ef0dde8b85abf801d814f8f70c20dfb WHIRLPOOL 38c7d7ccfbaf04fa026fe377b5810c187cf4da4c9c9f77ee0f80fc0d68bffd398a65eb37ec3457a351ec80405d0bd71ae09612efc6cff16e047ba01ec87ccac5 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.20 (GNU/Linux) +Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCgAGBQJSVY0XAAoJELp701BxlEWfhv4P/1XSlLsaVbTTYaM0l4alDO2L -y9ceMwZWilB+hrDcZNSmJYk8lDgjaKX6/qOugPH25D+puGwygeGF/l1ws7DTf6s4 -iUkNnyYD/O6GV9fuAFKHSaA0Moyh4/tDsLkiL27WhfDZZVToQjvSc4QT0XDtz6Ab -VQG3fZl3Iv0mj+pYq1wPNbBKVkRYUNi7E0DVYHOBZsWovBGK7kNIczPs9Tl0gqip -rnn1eU+fm0qfxRepXmoTC1Rg8Th3Z/dIyX7+dXQ4Iqc3Ut7zkhK6SwjFE1FUeAcl -UtfTEMoAdQTsZG7OTyoKDrCYo47OeoFo+heb9ZYtfE/okxpYxBaC3722VFH8BBMu -Bmy874gaRwjVDDaJrgw7U9oURPP5uwVkZbBpnm+bu5+PHWi/NAZcNklkTXo+tv9S -/0uLP7HcPUmhRxtJSvdAhc+OaopImYnXW94s8r+xmCab9oAuW0lPwm44IlRWQWIZ -Npr3gXmyM+Ph+ZuntuNZNl03Z3BU/JyLeTZCmQ2OHt5PVitsPWysGON01xiaeUML -ftsYKDXQG5dtZBxfIBG6Sd2yASOcUz3sCq3ABxWXM74wPbx4DO8M0fyLXWDX6ehn -cwOj7/0huJZzcRl6a3eFsi+E0Ue6N08CWbH9cG6ZV3X3snwQrMBexBpCUFnReq29 -eCm9xooRrA+Ph0wT94dh -=k0Q4 +iQIcBAEBCAAGBQJSaNvLAAoJEPiazRVxLXTFLMQP/jydwii57OL5cUZ9BzO204rH +gYCz+EcBMaHJvbwWydSFDoFW8r5AvtaAwnMy8xDH5qHbn6bSavjsZ3rXCYWJf8rB +ZK6wfLBkaEKzaD2iL3fRVTHqx6N6ahoRvJBbL9HpDavudpsgHscfTeD8hwBfNqak +esMBdwNYhKIH6SZO0zFbfSkaWu2izdT/b9a8cRVH6o0P8tlkmE72p1tArVkauKPD +vZwjiVRJCKqe/0gXFTFlFFHUBvtPjyJZllggr5LSNjs5BnTay2Lk8NXOnB4H8wMB +/jxNzSsOQUzLkwM7dezUKeZZ6peAHQnyiJY870hMPPe4jtlM7NuYFbu/LgUktv8H +FxPkuWK17uWjc+jX7jb+kOWHoozqNXQPgc4FUQE8/mSxWQNdHPxjggRtNh9eP8J4 +rTWPgBTYUw7ausS1dqUwag7xB3mKf4Gefd+Fe/+FTehM36MVWd44rx9yB2Io9eh4 +dtZK5YF76m8+vmtnBish0T+VseCgZZ29Eu1e/xMFdDZKH4/bL5u0DK5H2euv9Y69 +0RqXyKI+qP1w/x/40Wfd/Ox51Ybn9nT2soEB9bTIiYJzIEATXKLMumbXXuMF+pn0 +c+4Gdj/lWqxPtBQ9P6l2Qm9jy+7GlG9NvvzyLaaNin19jda5Pg4/eA/hnNLMYc+X +g3+h4PmrFjuZMFT98Y9b +=ogj4 -----END PGP SIGNATURE----- diff --git a/dev-libs/nss/nss-3.14.3.ebuild b/dev-libs/nss/nss-3.14.3.ebuild deleted file mode 100644 index 3ab1652b0efb..000000000000 --- a/dev-libs/nss/nss-3.14.3.ebuild +++ /dev/null @@ -1,273 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.14.3.ebuild,v 1.14 2013/06/20 02:18:11 patrick Exp $ - -EAPI=3 -inherit eutils flag-o-matic multilib toolchain-funcs - -NSPR_VER="4.9.5" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch - http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.3_pem.support" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="utils" - -DEPEND="virtual/pkgconfig - >=dev-libs/nspr-${NSPR_VER}" - -RDEPEND=">=dev-libs/nspr-${NSPR_VER} - >=dev-db/sqlite-3.5 - sys-libs/zlib" - -src_setup() { - export LC_ALL="C" -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.14.1-gentoo-fixups-r1.patch" - epatch "${FILESDIR}/${PN}-3.12.6-gentoo-fixup-warnings.patch" - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${DISTDIR}/${PN}-3.13.3_pem.support" - epatch "${FILESDIR}/${PN}-3.14.2-x32.patch" - epatch "${FILESDIR}/${PN}-3.14.3_sync_with_upstream_softokn_changes.patch" - - cd "${S}"/mozilla/security/coreconf || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die - - # Ensure we stay multilib aware - sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/mozilla/security/nss/config/Makefile || die "Failed to fix for multilib" - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - "${S}"/mozilla/security/nss/config/Makefile || die - - epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - "${S}"/mozilla/security/nss/cmd/shlibsign/sign.sh || die - fi - - # dirty hack - cd "${S}"/mozilla/security/nss || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - echo > "${T}"/test.c || die - ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die - case $(file "${T}"/test.o) in - *32-bit*x86-64*) echo USE_x32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -src_compile() { - strip-flags - - tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} - local makeargs=( - CC="${CC}" - AR="${AR} rc \$@" - RANLIB="${RANLIB}" - OPTIMIZER= - $(nssbits) - ) - - # Take care of nspr settings #436216 - append-cppflags $(${PKG_CONFIG} nspr --cflags) - append-ldflags $(${PKG_CONFIG} nspr --libs-only-L) - unset NSPR_INCLUDE_DIR - export NSPR_LIB_DIR=${T}/fake-dir - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export XCFLAGS="${CFLAGS} ${CPPFLAGS}" - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - emake -j1 -C mozilla/security/coreconf \ - CC="${BUILD_CC}" \ - $(nssbits BUILD_) \ - || die - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in dbm nss ; do - emake -j1 "${makeargs[@]}" -C mozilla/security/${d} || die "${d} make failed" - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -src_install() { - MINOR_VERSION=12 - cd "${S}"/mozilla/security/dist || die - - dodir /usr/$(get_libdir) || die - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - # We generate these after stripping the libraries, else they don't match. - #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin || die - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig || die - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h || die - cd "${ED}"/usr/$(get_libdir) || die - local n file - for file in *$(get_libname); do - n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION}) - mv ${file} ${n} || die - ln -s ${n} ${file} || die - if [[ ${CHOST} == *-darwin* ]]; then - install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die - fi - done - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - fi - cd "${S}"/mozilla/security/dist/*/bin/ || die - for f in ${nssutils}; do - dobin ${f} || die - done - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - local l libs=() - for l in ${NSS_CHK_SIGN_LIBS} ; do - libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") - done - OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}" - echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss" || die - unset libs liblist - doenvd "${T}/90nss" || die -} - -pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) -} - -pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) -} diff --git a/dev-libs/nss/nss-3.15.1-r1.ebuild b/dev-libs/nss/nss-3.15.1-r1.ebuild deleted file mode 100644 index b4b017521451..000000000000 --- a/dev-libs/nss/nss-3.15.1-r1.ebuild +++ /dev/null @@ -1,275 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.1-r1.ebuild,v 1.7 2013/09/01 14:26:55 axs Exp $ - -EAPI=5 -inherit eutils flag-o-matic multilib toolchain-funcs - -NSPR_VER="4.10" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch - http://dev.gentoo.org/~anarchy/patches/${PN}-3.15-pem-support-20130617.patch.xz" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha amd64 arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="utils" - -DEPEND="virtual/pkgconfig - >=dev-libs/nspr-${NSPR_VER}" - -RDEPEND=">=dev-libs/nspr-${NSPR_VER} - >=dev-db/sqlite-3.5 - sys-libs/zlib" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -src_setup() { - export LC_ALL="C" -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch" - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch" - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${DISTDIR}/${PN}-3.15-pem-support-20130617.patch.xz" - epatch "${FILESDIR}/${PN}-3.15-x32.patch" - cd coreconf - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - "${S}"/config/Makefile - - epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - "${S}"/cmd/shlibsign/sign.sh - fi - - # dirty hack - cd "${S}" - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - echo > "${T}"/test.c || die - ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die - case $(file "${T}"/test.o) in - *32-bit*x86-64*) echo USE_x32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -src_compile() { - strip-flags - - tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} - local makeargs=( - CC="${CC}" - AR="${AR} rc \$@" - RANLIB="${RANLIB}" - OPTIMIZER= - $(nssbits) - ) - - # Take care of nspr settings #436216 - append-cppflags $(${PKG_CONFIG} nspr --cflags) - append-ldflags $(${PKG_CONFIG} nspr --libs-only-L) - unset NSPR_INCLUDE_DIR - export NSPR_LIB_DIR=${T}/fake-dir - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export XCFLAGS="${CFLAGS} ${CPPFLAGS}" - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - emake -j1 -C coreconf \ - CC="${BUILD_CC}" \ - $(nssbits BUILD_) \ - || die - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed" - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -src_install() { - MINOR_VERSION=12 - cd "${S}"/dist - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - # We generate these after stripping the libraries, else they don't match. - #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - cd "${ED}"/usr/$(get_libdir) - local n file - for file in *$(get_libname); do - n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION}) - mv ${file} ${n} - ln -s ${n} ${file} - if [[ ${CHOST} == *-darwin* ]]; then - install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die - fi - done - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - fi - cd "${S}"/dist/*/bin/ - for f in ${nssutils}; do - dobin ${f} - done - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - local l libs=() - for l in ${NSS_CHK_SIGN_LIBS} ; do - libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") - done - OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}" - echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss" - unset libs liblist - doenvd "${T}/90nss" -} - -pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) -} - -pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) -} |