From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-846595-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id E10DA1384B4
for <garchives@archives.gentoo.org>; Sun, 15 Nov 2015 16:51:03 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id ED92421C0DA;
Sun, 15 Nov 2015 16:50:59 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 85B1C21C0DA
for <gentoo-commits@lists.gentoo.org>; Sun, 15 Nov 2015 16:50:59 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 30A22340712
for <gentoo-commits@lists.gentoo.org>; Sun, 15 Nov 2015 16:50:58 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id ABF8AA96
for <gentoo-commits@lists.gentoo.org>; Sun, 15 Nov 2015 16:50:53 +0000 (UTC)
From: "Jory Pratt" <anarchy@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jory Pratt" <anarchy@gentoo.org>
Message-ID: <1447606216.3fd450e7991b7ebb47e9d9a94d50da7cc2dbfdf5.anarchy@gentoo>
Subject: [gentoo-commits] proj/mozilla:master commit in: dev-libs/nss/files/, dev-libs/nss/
X-VCS-Repository: proj/mozilla
X-VCS-Files: dev-libs/nss/Manifest dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch dev-libs/nss/files/nss-3.15.4-enable-pem.patch dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch dev-libs/nss/files/nss-3.21-cacert-class3.patch dev-libs/nss/files/nss-3.21-enable-pem.patch dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch dev-libs/nss/files/nss-3.21-gentoo-fixups.patch dev-libs/nss/files/nss-3.21-pem-werror.patch dev-libs/nss/files/nss-cacert-class3.patch dev-libs/nss/nss-3.19.2.ebuild dev-libs/nss/nss-3.20.1.ebuild dev-libs/nss/nss-3.21.ebuild
X-VCS-Directories: dev-libs/nss/ dev-libs/nss/files/
X-VCS-Committer: anarchy
X-VCS-Committer-Name: Jory Pratt
X-VCS-Revision: 3fd450e7991b7ebb47e9d9a94d50da7cc2dbfdf5
X-VCS-Branch: master
Date: Sun, 15 Nov 2015 16:50:53 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: e709bb3c-3c3d-4e83-947c-659d77b8a53c
X-Archives-Hash: 104ff27ff32600c482d5e7502ac853ec
commit: 3fd450e7991b7ebb47e9d9a94d50da7cc2dbfdf5
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 15 16:50:16 2015 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Nov 15 16:50:16 2015 +0000
URL: https://gitweb.gentoo.org/proj/mozilla.git/commit/?id=3fd450e7
Version bump, rework patches so they apply cleanly
dev-libs/nss/Manifest | 5 +-
dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch | 24 --
.../nss/files/nss-3.15-gentoo-fixup-warnings.patch | 10 -
dev-libs/nss/files/nss-3.15.4-enable-pem.patch | 13 -
...t-class3.patch => nss-3.21-cacert-class3.patch} | 10 +-
dev-libs/nss/files/nss-3.21-enable-pem.patch | 12 +
.../nss/files/nss-3.21-gentoo-fixup-warnings.patch | 11 +
...o-fixups.patch => nss-3.21-gentoo-fixups.patch} | 38 +--
dev-libs/nss/files/nss-3.21-pem-werror.patch | 146 +++++++++
dev-libs/nss/nss-3.19.2.ebuild | 325 ---------------------
.../nss/{nss-3.20.1.ebuild => nss-3.21.ebuild} | 16 +-
11 files changed, 204 insertions(+), 406 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 443e5c4..1c84075 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.19.2.tar.gz 6953657 SHA256 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae SHA512 d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d WHIRLPOOL d69ab02e12f6b22f47df7be7925343c58e68a69b33833b85d6f2ca70f652d9d159accea45f2c141fa89245ab64dffff0f1289129427564203fe2faf3af1c11e3
-DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
-DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
+DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
+DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
diff --git a/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch b/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch
deleted file mode 100644
index a23725d..0000000
--- a/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- nss-3.14.2/mozilla/security/coreconf/SunOS5.mk
-+++ nss-3.14.2/mozilla/security/coreconf/SunOS5.mk
-@@ -5,6 +5,9 @@
-
- include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-+NS_USE_GCC = 1
-+GCC_USE_GNU_LD = 1
-+
- # Sun's WorkShop defines v8, v8plus and v9 architectures.
- # gcc on Solaris defines v8 and v9 "cpus".
- # gcc's v9 is equivalent to Workshop's v8plus.
-@@ -71,11 +74,6 @@
- NOMD_OS_CFLAGS += $(DSO_CFLAGS) $(OS_DEFINES) $(SOL_CFLAGS)
-
- MKSHLIB = $(CC) $(DSO_LDOPTS) $(RPATH)
--ifdef NS_USE_GCC
--ifeq (GNU,$(findstring GNU,$(shell `$(CC) -print-prog-name=ld` -v 2>&1)))
-- GCC_USE_GNU_LD = 1
--endif
--endif
- ifdef MAPFILE
- ifdef NS_USE_GCC
- ifdef GCC_USE_GNU_LD
diff --git a/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch b/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch
deleted file mode 100644
index 3ce2c0e..0000000
--- a/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- nss-3.15/nss/coreconf/Linux.mk
-+++ nss-3.15/nss/coreconf/Linux.mk
-@@ -116,6 +116,7 @@
- OPTIMIZER += -gdwarf-2
- endif
- endif
-+OPTIMIZER += -fno-strict-aliasing
- endif
-
-
diff --git a/dev-libs/nss/files/nss-3.15.4-enable-pem.patch b/dev-libs/nss/files/nss-3.15.4-enable-pem.patch
deleted file mode 100644
index 8e61024..0000000
--- a/dev-libs/nss/files/nss-3.15.4-enable-pem.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Patches taken from http://pkgs.fedoraproject.org/cgit/nss.git/
-
---- nss/lib/ckfw/manifest.mn.libpem
-+++ nss/lib/ckfw/manifest.mn
-@@ -5,7 +5,7 @@
-
- CORE_DEPTH = ../..
-
--DIRS = builtins
-+DIRS = builtins pem
-
- PRIVATE_EXPORTS = \
- ck.h \
diff --git a/dev-libs/nss/files/nss-cacert-class3.patch b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
similarity index 97%
rename from dev-libs/nss/files/nss-cacert-class3.patch
rename to dev-libs/nss/files/nss-3.21-cacert-class3.patch
index 47f4da5..565f3e6 100644
--- a/dev-libs/nss/files/nss-cacert-class3.patch
+++ b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
@@ -1,9 +1,9 @@
diff -urN a/nss/lib/ckfw/builtins/certdata.txt b/nss/lib/ckfw/builtins/certdata.txt
---- a/nss/lib/ckfw/builtins/certdata.txt 2015-01-22 13:49:26.000000000 -0600
-+++ b/nss/lib/ckfw/builtins/certdata.txt 2015-03-21 20:24:59.913637329 -0500
-@@ -30320,3 +30320,200 @@
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
- CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+--- a/nss/lib/ckfw/builtins/certdata.txt 2015-11-15 09:25:06.142786072 -0600
++++ b/nss/lib/ckfw/builtins/certdata.txt 2015-11-15 09:36:02.976756787 -0600
+@@ -30351,3 +30351,200 @@
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
diff --git a/dev-libs/nss/files/nss-3.21-enable-pem.patch b/dev-libs/nss/files/nss-3.21-enable-pem.patch
new file mode 100644
index 0000000..c60f051
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.21-enable-pem.patch
@@ -0,0 +1,12 @@
+diff -urN a/nss/lib/ckfw/manifest.mn b/nss/lib/ckfw/manifest.mn
+--- a/nss/lib/ckfw/manifest.mn 2015-11-15 09:25:06.130786072 -0600
++++ b/nss/lib/ckfw/manifest.mn 2015-11-15 09:31:03.372770145 -0600
+@@ -5,7 +5,7 @@
+
+ CORE_DEPTH = ../..
+
+-DIRS = builtins
++DIRS = builtins pem
+
+ PRIVATE_EXPORTS = \
+ ck.h \
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
new file mode 100644
index 0000000..ed8a0aa
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
@@ -0,0 +1,11 @@
+diff -urN a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
+--- a/nss/coreconf/Linux.mk 2015-11-15 09:25:06.672786048 -0600
++++ b/nss/coreconf/Linux.mk 2015-11-15 09:29:26.682774456 -0600
+@@ -130,6 +130,7 @@
+ OPTIMIZER += -gdwarf-2
+ endif
+ endif
++OPTIMIZER += -fno-strict-aliasing
+ endif
+
+ ifndef COMPILER_TAG
\ No newline at end of file
diff --git a/dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
similarity index 82%
rename from dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch
rename to dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
index 26b488a..6123320 100644
--- a/dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
@@ -1,5 +1,6 @@
---- nss-3.17.1/nss/config/Makefile
-+++ nss-3.17.1/nss/config/Makefile
+diff -urN a/nss/config/Makefile b/nss/config/Makefile
+--- a/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600
++++ b/nss/config/Makefile 2015-11-15 10:42:46.249578304 -0600
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
@@ -41,8 +42,9 @@
+
+dummy: all export libs
+
---- nss-3.17.1/nss/config/nss-config.in
-+++ nss-3.17.1/nss/config/nss-config.in
+diff -urN a/nss/config/nss-config.in b/nss/config/nss-config.in
+--- a/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600
++++ b/nss/config/nss-config.in 2015-11-15 10:42:46.250578304 -0600
@@ -0,0 +1,145 @@
+#!/bin/sh
+
@@ -189,8 +191,9 @@
+ echo $libdirs
+fi
+
---- nss-3.17.1/nss/config/nss.pc.in
-+++ nss-3.17.1/nss/config/nss.pc.in
+diff -urN a/nss/config/nss.pc.in b/nss/config/nss.pc.in
+--- a/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600
++++ b/nss/config/nss.pc.in 2015-11-15 10:42:46.251578304 -0600
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
@@ -204,9 +207,10 @@
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
+
---- nss-3.17.1/nss/Makefile
-+++ nss-3.17.1/nss/Makefile
-@@ -44,7 +44,7 @@
+diff -urN a/nss/Makefile b/nss/Makefile
+--- a/nss/Makefile 2015-11-15 09:25:06.410786060 -0600
++++ b/nss/Makefile 2015-11-15 10:42:46.252578304 -0600
+@@ -46,7 +46,7 @@
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
@@ -215,7 +219,7 @@
nss_clean_all: clobber_nspr clobber
-@@ -109,12 +109,6 @@
+@@ -115,12 +115,6 @@
--with-dist-prefix='$(NSPR_PREFIX)' \
--with-dist-includedir='$(NSPR_PREFIX)/include'
@@ -228,14 +232,12 @@
build_docs:
$(MAKE) -C $(CORE_DEPTH)/doc
---- nss-3.17.1/nss/manifest.mn
-+++ nss-3.17.1/nss/manifest.mn
-@@ -10,7 +10,7 @@
+diff -urN a/nss/manifest.mn b/nss/manifest.mn
+--- a/nss/manifest.mn 2015-11-15 09:25:06.411786060 -0600
++++ b/nss/manifest.mn 2015-11-15 10:43:15.633576994 -0600
+@@ -10,4 +10,4 @@
RELEASE = nss
--DIRS = coreconf lib cmd
-+DIRS = coreconf lib cmd config
-
- ifdef NSS_BUILD_GTESTS
- DIRS += external_tests
+-DIRS = coreconf lib cmd external_tests
++DIRS = coreconf lib cmd config external_tests
diff --git a/dev-libs/nss/files/nss-3.21-pem-werror.patch b/dev-libs/nss/files/nss-3.21-pem-werror.patch
new file mode 100644
index 0000000..392d74a
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.21-pem-werror.patch
@@ -0,0 +1,146 @@
+diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
+--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800
+@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
+ };
+ typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
+
++/* NOTE: Discrepancy with the the way callers use of the return value as a count
++ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
++ */
+ SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
+ const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
+ void pem_PopulateModulusExponent(pemInternalObject *io);
+diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
+--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800
+@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
+ char *ivstring = NULL;
+ int cipher;
+
+- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
++ /* TODO: Fix discrepancy between our usage of the return value as
++ * as an int (a count) and the declaration as a SECStatus. */
++ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs <= 0) {
+ nss_ZFreeIf(objs);
+ return CKR_GENERAL_ERROR;
+@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
+ if (keyfile) { /* add the private key */
+ SECItem **keyobjs = NULL;
+ int kobjs = 0;
++ /* TODO: Fix discrepancy between our usage of the return value as
++ * as an int and the declaration as a SECStatus. */
+ kobjs =
+- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
++ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
+ &ivstring, PR_FALSE);
+ if (kobjs < 1) {
+ error = CKR_GENERAL_ERROR;
+diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
+--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800
+@@ -630,6 +630,11 @@ pem_DestroyInternalObject
+ if (io->u.key.ivstring)
+ free(io->u.key.ivstring);
+ break;
++ case pemAll:
++ /* pemAll is not used, keep the compiler happy
++ * TODO: investigate a proper solution
++ */
++ return;
+ }
+
+ if (NULL != gobj)
+@@ -1044,7 +1049,9 @@ pem_CreateObject
+ int nobjs = 0;
+ int i;
+ int objid;
++#if 0
+ pemToken *token;
++#endif
+ int cipher;
+ char *ivstring = NULL;
+ pemInternalObject *listObj = NULL;
+@@ -1073,7 +1080,9 @@ pem_CreateObject
+ }
+ slotID = nssCKFWSlot_GetSlotID(fwSlot);
+
++#if 0
+ token = (pemToken *) mdToken->etc;
++#endif
+
+ /*
+ * only create keys and certs.
+@@ -1114,7 +1123,11 @@ pem_CreateObject
+ }
+
+ if (objClass == CKO_CERTIFICATE) {
+- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
++ /* TODO: Fix discrepancy between our usage of the return value as
++ * as an int and the declaration as a SECStatus. Typecasting as a
++ * temporary workaround.
++ */
++ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs < 1)
+ goto loser;
+
+diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
+--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800
+@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
+ return 0;
+ }
+
++/* unused functions */
++#if 0
+ static SHA1Context *SHA1_CloneContext(SHA1Context * original)
+ {
+ SHA1Context *clone = NULL;
+@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
+
+ return SECSuccess;
+ }
++#endif /* unused functions */
+
+ /*
+ * Format one block of data for public/private key encryption using
+diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
+--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800
+@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
+ return SECFailure;
+ }
+
+-int
++/* FIX: Returns a SECStatus yet callers take result as a count */
++SECStatus
+ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
+ int *cipher, char **ivstring, PRBool certsonly)
+ {
+@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
+ goto loser;
+ }
+ if ((certsonly && !key) || (!certsonly && key)) {
++ error = CKR_OK;
+ PUT_Object(der, error);
++ if (error != CKR_OK) {
++ free(der);
++ goto loser;
++ }
+ } else {
+ free(der->data);
+ free(der);
+@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
+ }
+
+ /* NOTE: This code path has never been tested. */
++ error = CKR_OK;
+ PUT_Object(der, error);
++ if (error != CKR_OK) {
++ free(der);
++ goto loser;
++ }
+ }
+
+ nss_ZFreeIf(filedata.data);
diff --git a/dev-libs/nss/nss-3.19.2.ebuild b/dev-libs/nss/nss-3.19.2.ebuild
deleted file mode 100644
index aff1a23..0000000
--- a/dev-libs/nss/nss-3.19.2.ebuild
+++ /dev/null
@@ -1,325 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-${PEM_GIT_REV}"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
- nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- # Custom changes for gentoo
- epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
- epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
- use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
- use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
- epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
- epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- local l libs=() liblist
- for l in ${NSS_CHK_SIGN_LIBS} ; do
- libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
- done
- liblist=$(printf '%s:' "${libs[@]}")
- echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
- doenvd "${T}/90nss-${ABI}"
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.21.ebuild
similarity index 94%
rename from dev-libs/nss/nss-3.20.1.ebuild
rename to dev-libs/nss/nss-3.21.ebuild
index 7153cea..aa8a960 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.21.ebuild
@@ -9,13 +9,13 @@ NSPR_VER="4.10.8"
RTM_NAME="NSS_${PV//./_}_RTM"
# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-${PEM_GIT_REV}"
+PEM_P="${PN}-pem-20140125"
DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
- nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+ nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
SLOT="0"
@@ -44,18 +44,18 @@ MULTILIB_CHOST_TOOLS=(
src_unpack() {
unpack ${A}
if use nss-pem ; then
- mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
fi
}
src_prepare() {
# Custom changes for gentoo
- epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
- epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
- use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
- epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
- epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
+ use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+ "${FILESDIR}/${PN}-3.21-pem-werror.patch"
+ epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" # 521462
pushd coreconf >/dev/null || die
# hack nspr paths