Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/nss
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs/nss')
-rw-r--r--dev-libs/nss/ChangeLog7
-rw-r--r--dev-libs/nss/Manifest26
-rw-r--r--dev-libs/nss/nss-3.15.3.1.ebuild264
3 files changed, 281 insertions, 16 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog
index a0658437aa7b..2c12541b7525 100644
--- a/dev-libs/nss/ChangeLog
+++ b/dev-libs/nss/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for dev-libs/nss
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.331 2013/12/08 17:05:30 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.332 2013/12/12 14:49:46 anarchy Exp $
+
+*nss-3.15.3.1 (12 Dec 2013)
+
+ 12 Dec 2013; Jory A. Pratt <anarchy@gentoo.org> +nss-3.15.3.1.ebuild:
+ Security bump bug #493850, amd64 stable
08 Dec 2013; Agostino Sarubbo <ago@gentoo.org> nss-3.15.3.ebuild:
Stable for alpha, wrt bug #491234
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0f1e407e94c4..4553bdc00a3b 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,5 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
AUX nss-3.12.6-gentoo-fixup-warnings.patch 301 SHA256 e14b227f762bd21875208e241029966b1e3873edfdf0592ca69bd9714859d329 SHA512 fcb47b120860436987858be53971f020db2d7c2f1bef1300bdca6dcf45d76a9b595c545112c1e7553ac29c412f72eafe3d29cd91ed1ab196b03146a7d8bc1870 WHIRLPOOL 1f59af79d4d7565185a3b841b3e936f7d3dddc642630d261be22c04d04cb0f8dfdd13ddacaa0fe8d69256fcffaee5fc273dfe73fc72f539abb5ed501dd1439c2
AUX nss-3.14.1-gentoo-fixups-r1.patch 6370 SHA256 68a7e9f3f05d247825abe364e12289b7924e5e6f079d309b18aa7ef0be90d002 SHA512 8ac25987f330a34dd364ba4ea1eb9378813268d0a47dc6f287ece66184d88d2eb32fb80f8c6ea46815161ef54f6dac2960c8024ef443545d8ffdba43c10405e1 WHIRLPOOL fa45342b098c62daa6b8b798f8bcfec894743b264d50bd0c025f0395b91bd3c354547f4282fa8d9afcb5dd844f9f2590014657d881ab606cc71c2d84ba9ed7ce
@@ -13,25 +13,21 @@ AUX nss-3.15.1-fipstest-warnings.patch 842 SHA256 7785c70fb271ab48ba9a995bdd0ac2
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
DIST nss-3.15-pem-support-20130617.patch.xz 27800 SHA256 01885877f12b0460798760617c9b0a1f8ed05ad0130e924211bd73fc344535cc SHA512 ebf0633e1683b3b9efe340d1117e02f1ced7e8381c7e867fff77efc3c41df1a32f017b18816ae6a04b35b5006c83e557c47a13ae576f50a84f9770c321dfa34b WHIRLPOOL 88f5edc621ca7862dc2e433836e11caa60752dc8f95bc7f49bcf07cdd0b3d8f2d7642ee02b018b8429a3e358e252ecdf3de40a1b12fab1f0fa13ca360e02a53c
DIST nss-3.15.2.tar.gz 6288669 SHA256 7b2c80d18c49581edbdb509cbf7afd61d8c53658f2a38ff20e224c1909faeddc SHA512 f19889115ebd9f3214ee4faef11764d30936522c55aebe31bbed22073a39ca025559aa90ed96c973384b4f404c7179cffd212a63406e79f50213c0c991bb1c9e WHIRLPOOL 4464f0e56415871f22d89bd9c97c750088066d454d4d643f8475379e6372fa4f3a0839f49949d4024babfe1500250ef60d40358fca52e5133ee45ddc02bc2efd
+DIST nss-3.15.3.1.tar.gz 6289657 SHA256 607a913882540df81f74152e8aa492e0dd09c5d3f2c7321f18c69ee501fc6ba5 SHA512 a6b93df711a5af32afc29629132c72b3b93b880c0072916d892840088d23c0cf1c8db211a2f0ced9a97b5f80be2c9debdce9829a2a428be7bb4a7b62a91d9ab7 WHIRLPOOL 77a907ff069ff432e1aecf56ebcb37821310bde8628d949178e3f90483b16248b85a283db9dd19fe76934543b7ad48c495682cd5bcf035a7548aaa6b69489179
DIST nss-3.15.3.tar.gz 6288990 SHA256 ec5f01f7d9f42cf8ad3f95c7f8921bde583df9297c83dc9062930462e3717a18 SHA512 54ad1ab7c589a7a9f866a8e6d9ef2827321a03959f9ea28c6a931d17594f433e951cc253950f205bc19dde457562ccd91e6c412fa02fb6a96611b392341f87ba WHIRLPOOL 4d5336d8a745587f70249a06958f56787ec731dc1eab7ba6db57b177cb51eae3c2028f2094b98cecdfbd789e6e80e43ffba8f2d2c20dbbbb5066fd2636d5c6d1
EBUILD nss-3.15.2.ebuild 7514 SHA256 819d05c422fb7cdcbc67973de7bd31c8369fbaa0eea2890776d270dfe27d21b2 SHA512 1131f290f0d653f097a6074374ef03e04e1adc7df55f6e2bd3fe602c9f901f573a561148dc4fc51b24d4d233d3dfa8c7ee925ad2c5a99fc0e66926d637fb4744 WHIRLPOOL 9a17b451140b089b3c5d5c69b016fc92501f4cab67314d8edfd027d44ff0e3d12cdbee81272497a3c2e50dd74dc7e83f46bf33fda05d12486aae85cb5b1926e2
+EBUILD nss-3.15.3.1.ebuild 7527 SHA256 d2608c31ca1e91e45425f483cb410b4477212eea6a18cb3b64560c302770de41 SHA512 0e1304e11917e45212d5fa9976d42102ac57e6066028152738895006819f84d65a3400d21f62eff6a40014f973bf80efdfe0f6d8d948b0443e4fa3713e31a96a WHIRLPOOL fb1cebf74b7c05f02bd34d28fea6c7e18df3475af76e893961bfb521b94d1b0e097f51a7b0aa2f949189b8a04385cec0f38052338872f2bf315f17909a5e9283
EBUILD nss-3.15.3.ebuild 7515 SHA256 a51cc15f63d5f8d08a12b3cd17c3f26aac61031a2e68fb13289f836c6ca785f6 SHA512 5905fac978a028b2bd5a9d25e1709a3256f5b1fff83137b343aecfa8a0455d216386c2a849dd9a6ea6143276ce69f86614d96c2ea11e640fa042c9b2a68a1e6a WHIRLPOOL 0bdb9d554c15a7c43e842433eee3ad01b0b806d044d74f98fd59c23212d102c992ad5995f1016f5e53b150a2ef3a3af7ed97564b38e20741177dd2f72352a076
-MISC ChangeLog 42086 SHA256 cc26d1bf53ab19da4819ea41eefe98810d76d545d85c3504075ef5e854a2d466 SHA512 bebc25a9b4a36ba437c0b6787682aa8abb58fefd405c680760074efc927352d2ab04f21db661931526cf843512200bc0d2b5c332b45e3d7b1dc79e80ac43678a WHIRLPOOL 9c2a4cc129ca78327d36b2dd6a9db2e92547300276177c6ebc0cad8a5dcb7010d86c375b1800419d3ff2cc3b47ae1bc2a8fc024b430f6134d2afbb5616c06373
+MISC ChangeLog 42234 SHA256 7813ebb418c723f88bdd2670d2cf1fd7f488302de37a35f25bccdd77d40d833f SHA512 11ea0b6c181cc1b8201c09595847fecf67ab20eddb69429db361bc10d97a6588d0437b05e297066333bfcbc2936f2195b16078fee59b6d55354a6c4b7892aab9 WHIRLPOOL 18fe91e4a6fcaec72e6be3b3ee8226637048ad42a085050e082ff764978d58f2667d2091ac0593388aec6aca783c3ca819dd1d9927d57cbefa35e1fd192fd134
MISC metadata.xml 323 SHA256 e6fef8af50b09ae8cd84d42ca66b3716d47046ca2c643cb842a0cbc75196c1c5 SHA512 d4631c5de361b5b04d5ec36061fcb4762d47efd93b977c63e26d921109d0b2c2639f803442600b363c91937f2e5b2acd7ef0dde8b85abf801d814f8f70c20dfb WHIRLPOOL 38c7d7ccfbaf04fa026fe377b5810c187cf4da4c9c9f77ee0f80fc0d68bffd398a65eb37ec3457a351ec80405d0bd71ae09612efc6cff16e047ba01ec87ccac5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-iQIcBAEBCgAGBQJSpKXuAAoJELp701BxlEWfYaYP/2DWtBPwrDdHXn7r8pnBID0a
-whhYgXTB7VwaJSYG+gFZf3y4erNtg/gn9BQKM9i59BfNuv5f2Y1/W+Xo85xLgWdQ
-pc2/elBROE8Du74x/w2h4VSjC6yqK8VGL512KICLSGOGDG1tlThxnfdQ18uGbfGw
-sgDvRiMhLN7a1Z9f+zHlGbjy8uES78lMhdsoOdRI1RqMWucNJ71sdTUgEhgKjthj
-ujUKHz+iTE7n6H3f+PNGsjD8kjJpquWyrRNJ820PRYNLI0lM2WS8wPpRCtj/DDpJ
-t0e610zPOhsoFBJyF15DFlToEQQp23D55kDQ8O4+Z327IG/Ag9pLcm5NdJIjfFIx
-rIs42T2H3Ql2OoX6TS+qcgzYHXzJP5UhM3nJGbHVgAjHx+2ImaeRWM+tbEb3/JMA
-5GVPmbFfHfTEszFiEMYq6GPHuuJgss8fmmnzCPafuuPkw0Cg2NMedsxWhJIGpJep
-p864ERUqwl06VhW+b6sqjJHep0ipz56MgkO4HOlWPC+b0lp5MJ1b7MVK1aPcSNBd
-bTcGGtHUNf26QE1xAGjuV8xlYQOC7x2VmZCiuqhsQ3fMHSD593d64Gl86j8lsPLp
-ixkuDVGicGI7u1F9gWjtyTdIagaV5veKrzDJNxr6ZS32G7emuXyJ2cFA1cIFgixm
-Y5IIUit0ezFGmoNdjN1s
-=K2GM
+iQEcBAEBCAAGBQJSqc0NAAoJEKDMw7q00Ii0rpcIANCQ+hSjM8e9JHccz9WlpDeo
+cubFZB5dtYY7SQu9R0+V/aIkXk69oJfGpcGhjjW2URHT+4Udb3EWjHlpfcWJxdi2
+Ru1/iQfmhJDTY9CL6o+xu6+fQK+vPQFUssqvmsxwQJIWbamjLp+ePhnEYeFK/n1Q
+XTevkSD+lLiQia2fDpA0Bwxzd02mbg5zo39MJqHYx5F5C11yX0UmvgOmK9U8KYEo
+UYIEGRErSG8aUFHmhD2MoPDC+U4WqKk74n7x+MfUTZVHIi6/nJpPsW1levEEK12h
+mUXiTLDqLKBNZYbnCBYAiwM2Kiuy7RQPLUkvGLMtbDMDitwA1g/Wy7OWO3NszS0=
+=3IoP
-----END PGP SIGNATURE-----
diff --git a/dev-libs/nss/nss-3.15.3.1.ebuild b/dev-libs/nss/nss-3.15.3.1.ebuild
new file mode 100644
index 000000000000..ef91432a1c8a
--- /dev/null
+++ b/dev-libs/nss/nss-3.15.3.1.ebuild
@@ -0,0 +1,264 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.3.1.ebuild,v 1.1 2013/12/12 14:49:46 anarchy Exp $
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs
+
+NSPR_VER="4.10"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch
+ http://dev.gentoo.org/~anarchy/patches/${PN}-3.15-pem-support-20130617.patch.xz"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="utils"
+
+DEPEND="virtual/pkgconfig
+ >=dev-libs/nspr-${NSPR_VER}"
+
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}
+ >=dev-db/sqlite-3.5
+ sys-libs/zlib"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+src_setup() {
+ export LC_ALL="C"
+}
+
+src_prepare() {
+ # Custom changes for gentoo
+ epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
+ epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+ epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+ epatch "${DISTDIR}/${PN}-3.15-pem-support-20130617.patch.xz"
+ epatch "${FILESDIR}/${PN}-3.15-x32.patch"
+ epatch "${FILESDIR}/${PN}-3.15.1-fipstest-warnings.patch"
+ cd coreconf
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ "${S}"/config/Makefile
+
+ epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ "${S}"/cmd/shlibsign/sign.sh
+ fi
+
+ # dirty hack
+ cd "${S}"
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ hppa*) echo "parisc";;
+ i?86*) echo "i686";;
+ x86_64*) echo "x86_64";;
+ *) tc-arch ${t};;
+ esac
+}
+
+nssbits() {
+ local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ echo > "${T}"/test.c || die
+ ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die
+ case $(file "${T}"/test.o) in
+ *32-bit*x86-64*) echo USE_x32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+src_compile() {
+ strip-flags
+
+ tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG}
+ local makeargs=(
+ CC="${CC}"
+ AR="${AR} rc \$@"
+ RANLIB="${RANLIB}"
+ OPTIMIZER=
+ $(nssbits)
+ )
+
+ # Take care of nspr settings #436216
+ append-cppflags $(${PKG_CONFIG} nspr --cflags)
+ append-ldflags $(${PKG_CONFIG} nspr --libs-only-L)
+ unset NSPR_INCLUDE_DIR
+ export NSPR_LIB_DIR=${T}/fake-dir
+
+ # Do not let `uname` be used.
+ if use kernel_linux ; then
+ makeargs+=(
+ OS_TARGET=Linux
+ OS_RELEASE=2.6
+ OS_TEST="$(nssarch)"
+ )
+ fi
+
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export NSS_ENABLE_ECC=1
+ export XCFLAGS="${CFLAGS} ${CPPFLAGS}"
+ export FREEBL_NO_DEPEND=1
+ export ASFLAGS=""
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ emake -j1 -C coreconf \
+ CC="${BUILD_CC}" \
+ $(nssbits BUILD_) \
+ || die
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed"
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+src_install() {
+ cd "${S}"/dist
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ # We generate these after stripping the libraries, else they don't match.
+ #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.h
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils="shlibsign"
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+ symkeyutil tstclnt vfychain vfyserv"
+ fi
+ cd "${S}"/dist/*/bin/
+ for f in ${nssutils}; do
+ dobin ${f}
+ done
+
+ # Prelink breaks the CHK files. We don't have any reliable way to run
+ # shlibsign after prelink.
+ local l libs=() liblist
+ for l in ${NSS_CHK_SIGN_LIBS} ; do
+ libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+ done
+ liblist=$(printf '%s:' "${libs[@]}")
+ echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss"
+ doenvd "${T}/90nss"
+}
+
+pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+}
+
+pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+}