diff options
author | Ilya Basin | 2021-12-07 23:54:41 +0300 |
---|---|---|
committer | Ilya Basin | 2021-12-07 23:54:41 +0300 |
commit | 8ea56a3017a5b3e25bca4a3bece7fb187d90b0c7 (patch) | |
tree | f2cd9ee53cfb0baf7ac534cb16adadd036943fe2 | |
download | aur-mingw-w64-nss.tar.gz |
root
-rw-r--r-- | .SRCINFO | 41 | ||||
-rw-r--r-- | PKGBUILD | 264 | ||||
-rw-r--r-- | blank-cert8.db | bin | 0 -> 65536 bytes | |||
-rw-r--r-- | blank-key3.db | bin | 0 -> 16384 bytes | |||
-rw-r--r-- | blank-secmod.db | bin | 0 -> 16384 bytes | |||
-rw-r--r-- | manifest | 11 | ||||
-rw-r--r-- | nss-3.20.1-headers.patch | 26 | ||||
-rw-r--r-- | nss-build.patch | 253 | ||||
-rw-r--r-- | nss-config.in | 145 | ||||
-rw-r--r-- | nss.pc.in | 11 | ||||
-rw-r--r-- | ssl-renegotiate-transitional.patch | 21 |
11 files changed, 772 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..d1203d9d2e8f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,41 @@ +pkgbase = mingw-w64-nss + pkgdesc = Mozilla Network Security Services (mingw-w64) + pkgver = 3.52.1 + pkgrel = 1 + url = https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS + arch = any + license = MPL2 + makedepends = mingw-w64-gcc + makedepends = zip + makedepends = perl + depends = mingw-w64-nspr + depends = mingw-w64-sqlite3 + depends = mingw-w64-zlib + options = staticlibs + options = strip + options = !emptydirs + options = !buildflags + source = https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_52_1_RTM/src/nss-3.52.1.tar.gz + source = https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/moztools-static.zip + source = nss.pc.in + source = nss-config.in + source = ssl-renegotiate-transitional.patch + source = nss-build.patch + source = manifest + source = blank-cert8.db + source = blank-key3.db + source = blank-secmod.db + source = nss-3.20.1-headers.patch + sha256sums = bcc81ac33aeb4ecad182dc21e34d2c97bcc148fd7b9e76f85bebb892405a9278 + sha256sums = 1894bc68a0badd6e6f68f66abc4c6cd8e222791dd194f6b631ce536011ab6707 + sha256sums = b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd + sha256sums = e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9 + sha256sums = 12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97 + sha256sums = a6891594ca65fc2d5ba18e82e4b6364a96538974314942f45fbeb917b2948f57 + sha256sums = 838098b25a8044176b3139b4003594570c62a8d64f5470fbbd769f3bf44e0855 + sha256sums = e45105a21696a26c834cfaa3f664c42426c99546094e22fbe3a5e1dd3fbc1f33 + sha256sums = 6115cab6d646a05dd6b63e21c488da6bc36975f6e5ad8d6371c30a166c41cddc + sha256sums = 3790a5404f6b7edb652544eb75bfaa8f1c515f41ef14369248151d7c52cd249e + sha256sums = f9d9b858a87c49c3ba1f058279b885fe704e23d9bcaaba00f17e534f6a313822 + +pkgname = mingw-w64-nss diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..18dc613614d2 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,264 @@ +# Maintainer: Ilya Basin <basinilya at gmail dot com> +# https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-cyrus-sasl + +# Contributor: Alexey Pavlov <alexpux@gmail.com> +# Contributor: Renato Silva <br.renatosilva@gmail.com> + +_architectures='i686-w64-mingw32 x86_64-w64-mingw32' +MINGW_PACKAGE_PREFIX=mingw-w64 +_adapt_msys2() { + MINGW_CHOST=${_arch:?} + MINGW_PREFIX=/usr/${_arch:?} + CARCH=${_arch%%-*} +} + +_realname=nss +pkgbase=mingw-w64-${_realname} +pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}" +pkgver=3.52.1 +_nsprver=4.25 +pkgrel=1 +pkgdesc="Mozilla Network Security Services (mingw-w64)" +arch=('any') +mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32') +url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" +license=(MPL2) +depends=("${MINGW_PACKAGE_PREFIX}-nspr" + "${MINGW_PACKAGE_PREFIX}-sqlite3" + "${MINGW_PACKAGE_PREFIX}-zlib") +makedepends=("${MINGW_PACKAGE_PREFIX}-gcc" "zip" "perl") +options=('staticlibs' 'strip' '!emptydirs' !buildflags) +source=(https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_realname}-${pkgver}.tar.gz + https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/moztools-static.zip + nss.pc.in + nss-config.in + ssl-renegotiate-transitional.patch + nss-build.patch + manifest + blank-cert8.db + blank-key3.db + blank-secmod.db + nss-3.20.1-headers.patch) +sha256sums=('bcc81ac33aeb4ecad182dc21e34d2c97bcc148fd7b9e76f85bebb892405a9278' + '1894bc68a0badd6e6f68f66abc4c6cd8e222791dd194f6b631ce536011ab6707' + 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd' + 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9' + '12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97' + 'a6891594ca65fc2d5ba18e82e4b6364a96538974314942f45fbeb917b2948f57' + '838098b25a8044176b3139b4003594570c62a8d64f5470fbbd769f3bf44e0855' + 'e45105a21696a26c834cfaa3f664c42426c99546094e22fbe3a5e1dd3fbc1f33' + '6115cab6d646a05dd6b63e21c488da6bc36975f6e5ad8d6371c30a166c41cddc' + '3790a5404f6b7edb652544eb75bfaa8f1c515f41ef14369248151d7c52cd249e' + 'f9d9b858a87c49c3ba1f058279b885fe704e23d9bcaaba00f17e534f6a313822') + +prepare() { + cd ${srcdir}/${_realname}-${pkgver} + + # Adds transitional SSL renegotiate support - patch from Debian + # patch -Np3 -i ${srcdir}/ssl-renegotiate-transitional.patch + patch -Np1 -i ${srcdir}/nss-build.patch + patch -Np1 -i ${srcdir}/nss-3.20.1-headers.patch + # Respect LDFLAGS + sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \ + -i nss/coreconf/rules.mk + + #cp ${srcdir}/moztools/bin/nsinstall.exe ${srcdir}/${_realname}-${pkgver}/ + #cp ${srcdir}/manifest ${srcdir}/${_realname}-${pkgver}/nsinstall.exe.manifest + +} + +build() { + for _arch in ${_architectures}; do + _adapt_msys2 + pushd . + + ( + . mingw-env ${_arch} + + [[ -d "${srcdir}"/build-${CARCH} ]] && rm -rf "${srcdir}"/build-${CARCH} + mkdir -p "${srcdir}"/build-${CARCH} && cd "${srcdir}"/build-${CARCH} + cp -rf ${srcdir}/${_realname}-${pkgver}/* "${srcdir}"/build-${CARCH} + + local conf64= + [[ "$CARCH" = "x86_64" ]] && { + conf64="USE_64=1" + } + +mv nss/coreconf/config.mk nss/coreconf/config.mk.save + +{ +cat <<EOFCONF + +BUILD_OPT=1 +NSS_NO_SSL2_NO_EXPORT=1 +NSS_USE_SYSTEM_SQLITE=1 +IMPORT_LIB_SUFFIX=.dll.a +NSS_DISABLE_GTESTS=1 +NSS_ENABLE_ECC=1 +NSS_DISABLE_DBM=1 +NSPR_INCLUDE_DIR = `${MINGW_PREFIX}/bin/nspr-config --includedir` +NSPR_LIB_DIR = `${MINGW_PREFIX}/bin/nspr-config --libdir` +SQLITE_LIB_DIR = ${MINGW_PREFIX}/lib +XCFLAGS = ${CFLAGS} +EXTRA_SHARED_LIBS= -lplc4 -lplds4 -lnspr4 -lz -lcrypt32 -lws2_32 -lssp + + +OS_TARGET=WINNT +OS_ARCH=WINNT +OS_RELEASE=5.0 +XP_WIN=1 +NS_USE_GCC=1 +${conf64} +NSS_USE_SYSTEM_SQLITE=1 +USE_SYSTEM_ZLIB=1 +ZLIB_LIBS=${MINGW_PREFIX}/lib/libz.dll.a +CROSS_COMPILE=1 +NATIVE_CC=gcc +NATIVE_FLAGS-D_XOPEN_SOURCE=500 + +EOFCONF + +cat <<'EOFCONF' + +ifdef CROSS_COMPILE +ifdef INTERNAL_TOOLS +CFLAGS=-D_XOPEN_SOURCE=500 +LDFLAGS= +XLDFLAGS= +EXTRA_LIBS= +OS_LIBS= +EXTRA_SHARED_LIBS= +PROG_SUFFIX= + +OS_TARGET= +OS_RELEASE= +XP_WIN= + +endif +endif + +EOFCONF + +cat nss/coreconf/config.mk.save + +cat <<EOFCONF +CC=${CC} +RC=${_arch}-windres +RANLIB=${_arch}-ranlib + +EOFCONF + +cat <<'EOFCONF' + +NSINSTALL=$(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall +EOFCONF + +} >nss/coreconf/config.mk + +{ +cat <<'EOFCONF' + +OBJDIR_NAME=_.OBJ + +ifndef CROSS_COMPILE +OS_ARCH=WINNT +endif +ifndef INTERNAL_TOOLS +OS_ARCH=WINNT +endif + +EOFCONF +} >>nss/coreconf/arch.mk + +sed -b -i 's/ifeq (,\$(filter-out OS2 WIN%,\$(OS_TARGET)))/ifeq (,$(CROSS_COMPILE)$(filter-out OS2 WIN%,$(OS_TARGET)))/' nss/coreconf/nsinstall/Makefile + + make -j1 -C nss + + ) + + popd + done +} + +package() { + for _arch in ${_architectures}; do + _adapt_msys2 + pushd . + + ( + cd "${srcdir}"/build-${CARCH} + install -d "${pkgdir}${MINGW_PREFIX}"/{bin,include/nss3,lib/{nss,pkgconfig}} + NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}') + NSS_VMINOR=$(grep '#define.*NSS_VMINOR' nss/lib/nss/nss.h | awk '{print $3}') + NSS_VPATCH=$(grep '#define.*NSS_VPATCH' nss/lib/nss/nss.h | awk '{print $3}') + + sed ../nss.pc.in \ + -e "s,%libdir%,${MINGW_PREFIX}/lib,g" \ + -e "s,%prefix%,${MINGW_PREFIX},g" \ + -e "s,%exec_prefix%,${MINGW_PREFIX}/bin,g" \ + -e "s,%includedir%,${MINGW_PREFIX}/include/nss3,g" \ + -e "s,%NSPR_VERSION%,${_nsprver},g" \ + -e "s,%NSS_VERSION%,${pkgver},g" \ + > "${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/nss.pc" + cp -f ${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/nss.pc ${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/mozilla-nss.pc + + sed ../nss-config.in \ + -e "s,@libdir@,${MINGW_PREFIX}/lib,g" \ + -e "s,@prefix@,${MINGW_PREFIX}/bin,g" \ + -e "s,@exec_prefix@,${MINGW_PREFIX}/bin,g" \ + -e "s,@includedir@,${MINGW_PREFIX}/include/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \ + -e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \ + -e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \ + > "${pkgdir}${MINGW_PREFIX}/bin/nss-config" + chmod 755 ${pkgdir}${MINGW_PREFIX}/bin/nss-config + + # Copy the binary libraries we want + for file in softokn nss nssutil ssl smime #nssdbm + do + install -m 755 dist/*.OBJ/lib/${file}3.dll ${pkgdir}${MINGW_PREFIX}/bin/ + install -m 644 dist/*.OBJ/lib/lib${file}3.dll.a ${pkgdir}${MINGW_PREFIX}/lib/lib${file}3.dll.a + done + + install -m 755 dist/*.OBJ/lib/nssckbi.dll ${pkgdir}${MINGW_PREFIX}/bin/ + install -m 755 dist/*.OBJ/lib/freebl3.dll ${pkgdir}${MINGW_PREFIX}/bin/ + + # Install the empty NSS db files + mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb + install -m 644 ${srcdir}/blank-cert8.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/cert8.db + install -m 644 ${srcdir}/blank-key3.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/key3.db + install -m 644 ${srcdir}/blank-secmod.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/secmod.db + + # Copy the development libraries we want + for file in libcrmf.dll.a libnssb.dll.a libnssckfw.dll.a libfreebl.dll.a libcryptohi.dll.a libcerthi.dll.a libcertdb.dll.a libsoftokn.dll.a libpkixutil.dll.a + do + install -m 644 dist/*.OBJ/lib/${file} ${pkgdir}${MINGW_PREFIX}/lib/ + done + + # Copy the binaries we want + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + do + install -m 755 dist/*.OBJ/bin/${file}.exe ${pkgdir}${MINGW_PREFIX}/bin/ + done + + # Copy the binaries we ship as unsupported + for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil \ + tstclnt vfyserv vfychain + do + install -m 755 dist/*.OBJ/bin/${file}.exe ${pkgdir}${MINGW_PREFIX}/lib/nss/ + done + + # Copy the include files we want + for file in dist/public/nss/*.h + do + install -m 644 ${file} ${pkgdir}${MINGW_PREFIX}/include/nss3 + done + + # License + install -Dm644 nss/COPYING ${pkgdir}${MINGW_PREFIX}/share/licenses/${_realname}/COPYING + ) + + popd + done + +} diff --git a/blank-cert8.db b/blank-cert8.db Binary files differnew file mode 100644 index 000000000000..ac40a3325724 --- /dev/null +++ b/blank-cert8.db diff --git a/blank-key3.db b/blank-key3.db Binary files differnew file mode 100644 index 000000000000..31e397566931 --- /dev/null +++ b/blank-key3.db diff --git a/blank-secmod.db b/blank-secmod.db Binary files differnew file mode 100644 index 000000000000..9a028078d61e --- /dev/null +++ b/blank-secmod.db diff --git a/manifest b/manifest new file mode 100644 index 000000000000..43c4646d224a --- /dev/null +++ b/manifest @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> + <v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3"> + <v3:security> + <v3:requestedPrivileges> + <v3:requestedExecutionLevel level="asInvoker" /> + </v3:requestedPrivileges> + </v3:security> + </v3:trustInfo> +</assembly> + diff --git a/nss-3.20.1-headers.patch b/nss-3.20.1-headers.patch new file mode 100644 index 000000000000..5f7dcba63267 --- /dev/null +++ b/nss-3.20.1-headers.patch @@ -0,0 +1,26 @@ +--- nss-3.20/nss/lib/dbm/src/mktemp.c 2015-04-20 20:15:12.000000000 +0200 ++++ nss-3.20/nss/lib/dbm/src/mktemp.c 2015-04-27 17:20:23.111705529 +0200 +@@ -29,6 +29,11 @@ + * SUCH DAMAGE. + */ + ++#ifdef _WINDOWS ++#include <process.h> ++#include "winfile.h" ++#endif ++ + #if defined(LIBC_SCCS) && !defined(lint) + static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; + #endif /* LIBC_SCCS and not lint */ +@@ -49,11 +54,6 @@ + #include <unistd.h> + #endif + +-#ifdef _WINDOWS +-#include <process.h> +-#include "winfile.h" +-#endif +- + static int _gettemp(char *path, register int *doopen, int extraFlags); + + int diff --git a/nss-build.patch b/nss-build.patch new file mode 100644 index 000000000000..7d49b637c6e3 --- /dev/null +++ b/nss-build.patch @@ -0,0 +1,253 @@ +--- nss-3.17.1/nss/cmd/crmftest/Makefile 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/cmd/crmftest/Makefile 2014-10-03 12:57:19.715776517 +0200 +@@ -58,7 +58,7 @@ + LDDIST = $(DIST)/lib + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) +-EXTRA_LIBS += $(LDDIST)/sectool.lib ++#EXTRA_LIBS += $(LDDIST)/sectool.lib + endif + + include ../platrules.mk +--- nss-3.17.1/nss/cmd/shlibsign/Makefile 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/cmd/shlibsign/Makefile 2014-10-03 12:58:03.115792965 +0200 +@@ -56,8 +56,8 @@ + endif + CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk) + +-MD_LIB_RELEASE_FILES = $(CHECKLOC) +-ALL_TRASH += $(CHECKLOC) ++MD_LIB_RELEASE_FILES = # $(CHECKLOC) ++#ALL_TRASH += $(CHECKLOC) + endif + + ####################################################################### +@@ -95,5 +95,5 @@ + endif + endif + +-libs install :: $(CHECKLOC) ++libs install :: #$(CHECKLOC) + +--- nss-3.17.1/nss/coreconf/rules.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/coreconf/rules.mk 2014-10-03 12:57:19.714776541 +0200 +@@ -366,7 +366,7 @@ + PWD := $(shell pwd) + ifeq (,$(findstring ;,$(PATH))) + ifndef USE_MSYS +-PWD := $(subst \,/,$(shell cygpath -w $(PWD))) ++#PWD := $(subst \,/,$(shell cygpath -w $(PWD))) + endif + endif + endif +--- nss-3.17.1/nss/coreconf/WIN32.mk ++++ nss-3.17.1/nss/coreconf/WIN32.mk +@@ -97,7 +97,7 @@ MAKE_OBJDIR += $(OBJDIR) + GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb + XP_DEFINE += -DXP_PC + ifdef NS_USE_GCC +-LIB_SUFFIX = a ++LIB_SUFFIX = dll.a + else + LIB_SUFFIX = lib + endif +--- nss-3.17.1/nss/coreconf/WINNT.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/coreconf/WINNT.mk 2014-10-03 12:57:19.715776517 +0200 +@@ -14,7 +14,7 @@ + # + # Win NT needs -GT so that fibers can work + # +-OS_CFLAGS += -GT ++#OS_CFLAGS += -GT + + # WINNT uses the lib prefix, Win95 doesn't + NSPR31_LIB_PREFIX = lib +--- nss-3.17.1/nss/lib/ckfw/builtins/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/ckfw/builtins/config.mk 2014-10-03 12:57:19.716776496 +0200 +@@ -15,7 +15,7 @@ + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) +- RES = $(OBJDIR)/$(LIBRARY_NAME).res ++ RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + endif + +--- nss-3.17.1/nss/lib/ckfw/capi/Makefile 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/ckfw/capi/Makefile 2014-10-03 12:57:19.716776496 +0200 +@@ -42,6 +42,9 @@ + -lplc4 \ + -lplds4 \ + -lnspr4 \ ++ -lcrypt32 \ ++ -ladvapi32 \ ++ -lrpcrt4 \ + $(NULL) + endif + +--- nss-3.17.1/nss/lib/freebl/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/freebl/config.mk 2014-10-03 12:57:19.716776496 +0200 +@@ -50,7 +50,7 @@ + # don't want the 32 in the shared library name + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res ++RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = freebl.rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/freebl/Makefile 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/freebl/Makefile 2014-10-03 12:57:19.717776476 +0200 +@@ -147,6 +147,17 @@ + endif + endif + else ++# 64-bit Windows ++ifdef NS_USE_GCC ++ # win64/gcc - use the x86 code for now, skipping optimization ++ ifdef BUILD_OPT ++ OPTIMIZER += -Os ++ endif ++ ASFILES = ++ DEFINES += -DMPI_AMD64 -DMP_USE_UINT_DIGIT ++ DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN ++else ++# MSVC + # -DMP_NO_MP_WORD + DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN + ifdef NS_USE_GCC +@@ -171,6 +182,7 @@ + endif + endif + endif ++endif + + ifeq ($(OS_TARGET),IRIX) + ifeq ($(USE_N32),1) +--- nss-3.17.1/nss/lib/freebl/mpi/mpi-priv.h 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/freebl/mpi/mpi-priv.h 2014-10-03 12:57:19.717776476 +0200 +@@ -220,7 +220,7 @@ + #define MPI_ASM_DECL + #endif + +-#ifdef MPI_AMD64 ++#if defined(MPI_AMD64) && defined(MP_ASSEMBLY_MULTIPLY) + + mp_digit MPI_ASM_DECL s_mpv_mul_set_vec64(mp_digit*, mp_digit *, mp_size, mp_digit); + mp_digit MPI_ASM_DECL s_mpv_mul_add_vec64(mp_digit*, const mp_digit*, mp_size, mp_digit); +--- nss-3.17.1/nss/lib/nss/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/nss/config.mk 2014-10-03 12:57:19.717776476 +0200 +@@ -10,7 +10,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res ++RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/smime/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/smime/config.mk 2014-10-03 12:57:19.718776454 +0200 +@@ -11,7 +11,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/smime.res ++RES = $(OBJDIR)/smime.res.o + RESNAME = smime.rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/softoken/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/softoken/config.mk 2014-10-03 12:57:19.718776454 +0200 +@@ -17,7 +17,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res ++RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/softoken/legacydb/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/softoken/legacydb/config.mk 2014-10-03 12:57:19.718776454 +0200 +@@ -18,7 +18,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res ++RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/ssl/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/ssl/config.mk 2014-10-03 12:57:19.718776454 +0200 +@@ -28,7 +28,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/ssl.res ++RES = $(OBJDIR)/ssl.res.o + RESNAME = ssl.rc + + ifdef NS_USE_GCC +--- nss-3.17.1/nss/lib/sysinit/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/sysinit/config.mk 2014-10-03 12:57:19.719776431 +0200 +@@ -15,8 +15,8 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res +-RESNAME = $(LIBRARY_NAME).rc ++#RES = $(OBJDIR)/$(LIBRARY_NAME).res ++#RESNAME = $(LIBRARY_NAME).rc + + ifdef NS_USE_GCC + EXTRA_SHARED_LIBS += \ +--- nss-3.17.1/nss/lib/util/config.mk 2014-09-23 21:09:22.000000000 +0200 ++++ nss-3.17.1/nss/lib/util/config.mk 2014-10-03 12:57:19.719776431 +0200 +@@ -10,7 +10,7 @@ + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +-RES = $(OBJDIR)/$(LIBRARY_NAME).res ++RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + + ifdef NS_USE_GCC +--- nss-3.33/nss/cmd/pk11ectest/manifest.mn 2017-11-13 09:34:13.417188600 +0300 ++++ nss-3.33/nss/cmd/pk11ectest/manifest.mn 2017-11-13 09:34:19.366799400 +0300 +@@ -13,4 +13,4 @@ + + PROGRAM = pk11ectest + +-USE_STATIC_LIBS = 1 ++#USE_STATIC_LIBS = 1 +--- nss-3.33/nss/cmd/rsaperf/manifest.mn 2017-11-13 09:41:34.539284900 +0300 ++++ nss-3.33/nss/cmd/rsaperf/manifest.mn 2017-11-13 09:41:38.458892000 +0300 +@@ -21,4 +21,4 @@ + + PROGRAM = rsaperf + +-USE_STATIC_LIBS = 1 ++#USE_STATIC_LIBS = 1 +--- nss-3.33/nss/cmd/platlibs.mk.orig 2017-11-13 10:14:28.414785800 +0300 ++++ nss-3.33/nss/cmd/platlibs.mk 2017-11-13 10:14:56.929045300 +0300 +@@ -199,6 +199,7 @@ + $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \ + $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \ + $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \ ++ $(DIST)/lib/$(IMPORT_LIB_PREFIX)softokn3$(IMPORT_LIB_SUFFIX) \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4$(IMPORT_LIB_SUFFIX) \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4$(IMPORT_LIB_SUFFIX) \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4$(IMPORT_LIB_SUFFIX) \ +--- nss-3.47/nss/lib/ckfw/builtins/testlib/config.mk.orig 2019-11-07 14:31:24.907788000 +0300 ++++ nss-3.47/nss/lib/ckfw/builtins/testlib/config.mk 2019-11-07 14:31:30.664198100 +0300 +@@ -15,7 +15,7 @@ + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) +- RES = $(OBJDIR)/$(LIBRARY_NAME).res ++ RES = $(OBJDIR)/$(LIBRARY_NAME).res.o + RESNAME = $(LIBRARY_NAME).rc + endif + diff --git a/nss-config.in b/nss-config.in new file mode 100644 index 000000000000..f8f893e71a70 --- /dev/null +++ b/nss-config.in @@ -0,0 +1,145 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <<EOF +Usage: nss-config [OPTIONS] [LIBRARIES] +Options: + [--prefix[=DIR]] + [--exec-prefix[=DIR]] + [--includedir[=DIR]] + [--libdir[=DIR]] + [--version] + [--libs] + [--cflags] +Dynamic Libraries: + nss + nssutil + ssl + smime +EOF + exit $1 +} + +if test $# -eq 0; then + usage 1 1>&2 +fi + +lib_ssl=yes +lib_smime=yes +lib_nss=yes +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + ssl) + lib_ssl=yes + ;; + smime) + lib_smime=yes + ;; + nss) + lib_nss=yes + ;; + nssutil) + lib_nssutil=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi + if test -n "$lib_smime"; then + libdirs="$libdirs -lsmime${major_version}" + fi + if test -n "$lib_nss"; then + libdirs="$libdirs -lnss${major_version}" + fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/nss.pc.in b/nss.pc.in new file mode 100644 index 000000000000..d47b9e14699f --- /dev/null +++ b/nss.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS +Description: Network Security Services +Version: %NSS_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 +Cflags: -I${includedir} diff --git a/ssl-renegotiate-transitional.patch b/ssl-renegotiate-transitional.patch new file mode 100644 index 000000000000..f457c55518cd --- /dev/null +++ b/ssl-renegotiate-transitional.patch @@ -0,0 +1,21 @@ +Enable transitional scheme for ssl renegotiation: + +(from mozilla/security/nss/lib/ssl/ssl.h) +Disallow unsafe renegotiation in server sockets only, but allow clients +to continue to renegotiate with vulnerable servers. +This value should only be used during the transition period when few +servers have been upgraded. + +diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c +index f1d1921..c074360 100644 +--- a/mozilla/security/nss/lib/ssl/sslsock.c ++++ b/mozilla/security/nss/lib/ssl/sslsock.c +@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + }; + |