diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2014-01-27 11:16:17 +0000 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2014-01-27 11:16:17 +0000 |
| commit | bd72f7347448a6ca2812258dd3ed7cc261766479 (patch) | |
| tree | fa6a949ce666ef5a41f8c6dfba3994f1819ab540 /dev-libs | |
| parent | Stable for amd64 wrt bug #499186 (diff) | |
| download | gentoo-2-bd72f7347448a6ca2812258dd3ed7cc261766479.tar.gz gentoo-2-bd72f7347448a6ca2812258dd3ed7cc261766479.tar.bz2 gentoo-2-bd72f7347448a6ca2812258dd3ed7cc261766479.zip | |
Removed old
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/nss/ChangeLog | 10 | ||||
| -rw-r--r-- | dev-libs/nss/files/nss-3.12.6-gentoo-fixup-warnings.patch | 10 | ||||
| -rw-r--r-- | dev-libs/nss/files/nss-3.14.1-gentoo-fixups-r1.patch | 243 | ||||
| -rw-r--r-- | dev-libs/nss/files/nss-3.14.2-x32.patch | 66 | ||||
| -rw-r--r-- | dev-libs/nss/files/nss-3.14.3_sync_with_upstream_softokn_changes.patch | 407 | ||||
| -rw-r--r-- | dev-libs/nss/files/nss-3.15.1-fipstest-warnings.patch | 26 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.15.2.ebuild | 264 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.15.3.1.ebuild | 264 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.15.3.ebuild | 264 |
9 files changed, 9 insertions, 1545 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog index 8188419c316f..d10db2ea7c36 100644 --- a/dev-libs/nss/ChangeLog +++ b/dev-libs/nss/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for dev-libs/nss # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.346 2014/01/26 12:00:07 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.347 2014/01/27 11:16:17 polynomial-c Exp $ + + 27 Jan 2014; Lars Wendler <polynomial-c@gentoo.org> -nss-3.15.2.ebuild, + -nss-3.15.3.ebuild, -nss-3.15.3.1.ebuild, + -files/nss-3.12.6-gentoo-fixup-warnings.patch, + -files/nss-3.14.1-gentoo-fixups-r1.patch, -files/nss-3.14.2-x32.patch, + -files/nss-3.14.3_sync_with_upstream_softokn_changes.patch, + -files/nss-3.15.1-fipstest-warnings.patch: + Removed old... 26 Jan 2014; Agostino Sarubbo <ago@gentoo.org> nss-3.15.4.ebuild: Stable for sparc, wrt bug #498172 diff --git a/dev-libs/nss/files/nss-3.12.6-gentoo-fixup-warnings.patch b/dev-libs/nss/files/nss-3.12.6-gentoo-fixup-warnings.patch deleted file mode 100644 index bf2a86583080..000000000000 --- a/dev-libs/nss/files/nss-3.12.6-gentoo-fixup-warnings.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- nss-3.12.6b/mozilla/security/coreconf/Linux.mk-old 2010-02-11 12:43:26.000000000 -0600 -+++ nss-3.12.6b/mozilla/security/coreconf/Linux.mk 2010-02-14 09:13:53.962449644 -0600 -@@ -120,6 +120,7 @@ - ifdef MOZ_DEBUG_SYMBOLS - OPTIMIZER += -gstabs+ - endif -+OPTIMIZER += -fno-strict-aliasing - endif - - diff --git a/dev-libs/nss/files/nss-3.14.1-gentoo-fixups-r1.patch b/dev-libs/nss/files/nss-3.14.1-gentoo-fixups-r1.patch deleted file mode 100644 index bc3a98ec1438..000000000000 --- a/dev-libs/nss/files/nss-3.14.1-gentoo-fixups-r1.patch +++ /dev/null @@ -1,243 +0,0 @@ -diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/Makefile ---- a/mozilla/security/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600 -+++ b/mozilla/security/nss/config/Makefile 2012-12-15 07:27:20.650148987 -0600 -@@ -0,0 +1,40 @@ -+CORE_DEPTH = ../.. -+DEPTH = ../.. -+ -+include $(CORE_DEPTH)/coreconf/config.mk -+ -+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` -+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` -+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` -+PREFIX = /usr -+ -+all: export libs -+ -+export: -+ # Create the nss.pc file -+ mkdir -p $(DIST)/lib/pkgconfig -+ sed -e "s,@prefix@,$(PREFIX)," \ -+ -e "s,@exec_prefix@,\$${prefix}," \ -+ -e "s,@libdir@,\$${prefix}/gentoo/nss," \ -+ -e "s,@includedir@,\$${prefix}/include/nss," \ -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ -+ nss.pc.in > nss.pc -+ chmod 0644 nss.pc -+ ln -sf ../../../../../security/nss/config/nss.pc $(DIST)/lib/pkgconfig -+ -+ # Create the nss-config script -+ mkdir -p $(DIST)/bin -+ sed -e "s,@prefix@,$(PREFIX)," \ -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ -+ nss-config.in > nss-config -+ chmod 0755 nss-config -+ ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin -+ -+libs: -+ -+dummy: all export libs -+ -diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/config/nss-config.in ---- a/mozilla/security/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600 -+++ b/mozilla/security/nss/config/nss-config.in 2012-12-15 07:27:20.651148959 -0600 -@@ -0,0 +1,145 @@ -+#!/bin/sh -+ -+prefix=@prefix@ -+ -+major_version=@NSS_MAJOR_VERSION@ -+minor_version=@NSS_MINOR_VERSION@ -+patch_version=@NSS_PATCH_VERSION@ -+ -+usage() -+{ -+ cat <<EOF -+Usage: nss-config [OPTIONS] [LIBRARIES] -+Options: -+ [--prefix[=DIR]] -+ [--exec-prefix[=DIR]] -+ [--includedir[=DIR]] -+ [--libdir[=DIR]] -+ [--version] -+ [--libs] -+ [--cflags] -+Dynamic Libraries: -+ nss -+ ssl -+ smime -+ nssutil -+EOF -+ exit $1 -+} -+ -+if test $# -eq 0; then -+ usage 1 1>&2 -+fi -+ -+lib_ssl=yes -+lib_smime=yes -+lib_nss=yes -+lib_nssutil=yes -+ -+while test $# -gt 0; do -+ case "$1" in -+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; -+ *) optarg= ;; -+ esac -+ -+ case $1 in -+ --prefix=*) -+ prefix=$optarg -+ ;; -+ --prefix) -+ echo_prefix=yes -+ ;; -+ --exec-prefix=*) -+ exec_prefix=$optarg -+ ;; -+ --exec-prefix) -+ echo_exec_prefix=yes -+ ;; -+ --includedir=*) -+ includedir=$optarg -+ ;; -+ --includedir) -+ echo_includedir=yes -+ ;; -+ --libdir=*) -+ libdir=$optarg -+ ;; -+ --libdir) -+ echo_libdir=yes -+ ;; -+ --version) -+ echo ${major_version}.${minor_version}.${patch_version} -+ ;; -+ --cflags) -+ echo_cflags=yes -+ ;; -+ --libs) -+ echo_libs=yes -+ ;; -+ ssl) -+ lib_ssl=yes -+ ;; -+ smime) -+ lib_smime=yes -+ ;; -+ nss) -+ lib_nss=yes -+ ;; -+ nssutil) -+ lib_nssutil=yes -+ ;; -+ *) -+ usage 1 1>&2 -+ ;; -+ esac -+ shift -+done -+ -+# Set variables that may be dependent upon other variables -+if test -z "$exec_prefix"; then -+ exec_prefix=`pkg-config --variable=exec_prefix nss` -+fi -+if test -z "$includedir"; then -+ includedir=`pkg-config --variable=includedir nss` -+fi -+if test -z "$libdir"; then -+ libdir=`pkg-config --variable=libdir nss` -+fi -+ -+if test "$echo_prefix" = "yes"; then -+ echo $prefix -+fi -+ -+if test "$echo_exec_prefix" = "yes"; then -+ echo $exec_prefix -+fi -+ -+if test "$echo_includedir" = "yes"; then -+ echo $includedir -+fi -+ -+if test "$echo_libdir" = "yes"; then -+ echo $libdir -+fi -+ -+if test "$echo_cflags" = "yes"; then -+ echo -I$includedir -+fi -+ -+if test "$echo_libs" = "yes"; then -+ libdirs="" -+ if test -n "$lib_ssl"; then -+ libdirs="$libdirs -lssl${major_version}" -+ fi -+ if test -n "$lib_smime"; then -+ libdirs="$libdirs -lsmime${major_version}" -+ fi -+ if test -n "$lib_nss"; then -+ libdirs="$libdirs -lnss${major_version}" -+ fi -+ if test -n "$lib_nssutil"; then -+ libdirs="$libdirs -lnssutil${major_version}" -+ fi -+ echo $libdirs -+fi -+ -diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/nss.pc.in ---- a/mozilla/security/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600 -+++ b/mozilla/security/nss/config/nss.pc.in 2012-12-15 07:27:20.651148959 -0600 -@@ -0,0 +1,12 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+Name: NSS -+Description: Network Security Services -+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ -+Requires: nspr >= 4.8 -+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 -+Cflags: -I${includedir} -+ -diff -urN a/mozilla/security/nss/Makefile b/mozilla/security/nss/Makefile ---- a/mozilla/security/nss/Makefile 2012-11-13 19:14:07.000000000 -0600 -+++ b/mozilla/security/nss/Makefile 2012-12-15 07:27:57.235162137 -0600 -@@ -44,7 +44,7 @@ - # (7) Execute "local" rules. (OPTIONAL). # - ####################################################################### - --nss_build_all: build_coreconf build_nspr build_dbm all -+nss_build_all: build_coreconf build_dbm all - - nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber - -@@ -106,12 +106,6 @@ - --with-dist-prefix='$(NSPR_PREFIX)' \ - --with-dist-includedir='$(NSPR_PREFIX)/include' - --build_nspr: $(NSPR_CONFIG_STATUS) -- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) -- --clobber_nspr: $(NSPR_CONFIG_STATUS) -- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber -- - build_dbm: - ifdef NSS_DISABLE_DBM - @echo "skipping the build of DBM" -diff -urN a/mozilla/security/nss/manifest.mn b/mozilla/security/nss/manifest.mn ---- a/mozilla/security/nss/manifest.mn 2012-03-20 09:46:49.000000000 -0500 -+++ b/mozilla/security/nss/manifest.mn 2012-12-15 07:27:20.652148933 -0600 -@@ -10,6 +10,6 @@ - - RELEASE = nss - --DIRS = lib cmd -+DIRS = lib cmd config diff --git a/dev-libs/nss/files/nss-3.14.2-x32.patch b/dev-libs/nss/files/nss-3.14.2-x32.patch deleted file mode 100644 index 08c1d19ebaa7..000000000000 --- a/dev-libs/nss/files/nss-3.14.2-x32.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- nss-3.14.2/mozilla/security/coreconf/Linux.mk -+++ nss-3.14.2/mozilla/security/coreconf/Linux.mk -@@ -50,21 +50,28 @@ - else - ifeq ($(OS_TEST),alpha) - OS_REL_CFLAGS = -D_ALPHA_ - CPU_ARCH = alpha - else - ifeq ($(OS_TEST),x86_64) - ifeq ($(USE_64),1) - CPU_ARCH = x86_64 -+ ARCHFLAG = -m64 -+else -+ifeq ($(USE_x32),1) -+ OS_REL_CFLAGS = -Di386 -+ CPU_ARCH = x86 -+ ARCHFLAG = -mx32 - else - OS_REL_CFLAGS = -Di386 - CPU_ARCH = x86 - ARCHFLAG = -m32 - endif -+endif - else - ifeq ($(OS_TEST),sparc64) - CPU_ARCH = sparc - else - ifeq (,$(filter-out arm% sa110,$(OS_TEST))) - CPU_ARCH = arm - else - ifeq (,$(filter-out parisc%,$(OS_TEST))) ---- nss-3.14.2/mozilla/security/nss/lib/freebl/Makefile -+++ nss-3.14.2/mozilla/security/nss/lib/freebl/Makefile -@@ -188,22 +188,26 @@ - # comment the next two lines to turn off intel HW accelleration - DEFINES += -DUSE_HW_AES - ASFILES += intel-aes.s intel-gcm.s - EXTRA_SRCS += intel-gcm-wrap.c - INTEL_GCM = 1 - MPI_SRCS += mpi_amd64.c mp_comba.c - endif - ifeq ($(CPU_ARCH),x86) -- ASFILES = mpi_x86.s -- DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -- DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -- DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN -- # The floating point ECC code doesn't work on Linux x86 (bug 311432). -- #ECL_USE_FP = 1 -+ ifeq ($(USE_x32),1) -+ DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN -+ else -+ ASFILES = mpi_x86.s -+ DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -+ DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -+ DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN -+ # The floating point ECC code doesn't work on Linux x86 (bug 311432). -+ #ECL_USE_FP = 1 -+ endif - endif - ifeq ($(CPU_ARCH),arm) - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE - DEFINES += -DMP_USE_UINT_DIGIT - DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 - MPI_SRCS += mpi_arm.c - endif - endif # Linux diff --git a/dev-libs/nss/files/nss-3.14.3_sync_with_upstream_softokn_changes.patch b/dev-libs/nss/files/nss-3.14.3_sync_with_upstream_softokn_changes.patch deleted file mode 100644 index 9611c13e99c0..000000000000 --- a/dev-libs/nss/files/nss-3.14.3_sync_with_upstream_softokn_changes.patch +++ /dev/null @@ -1,407 +0,0 @@ -From d6dbecfea317a468be12423595e584f43d84d8ec Mon Sep 17 00:00:00 2001 -From: Elio Maldonado <emaldona@redhat.com> -Date: Sat, 9 Feb 2013 17:11:00 -0500 -Subject: [PATCH] Sync up with upstream softokn changes - -- Disable RSA OEP case in FormatBlock, RSA_OAEP support is experimental and in a state of flux -- Numerous change upstream due to the work for TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169 -- It now compiles with the NSS_3_14_3_BETA1 source ---- - mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 338 +++++++------------------- - 1 files changed, 82 insertions(+), 256 deletions(-) - -diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c -index 5ac4f39..3780d30 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c -+++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c -@@ -46,6 +46,7 @@ - #include "sechash.h" - #include "base.h" - -+#include "lowkeyi.h" - #include "secerr.h" - - #define RSA_BLOCK_MIN_PAD_LEN 8 -@@ -54,9 +55,8 @@ - #define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff - #define RSA_BLOCK_AFTER_PAD_OCTET 0x00 - --#define OAEP_SALT_LEN 8 --#define OAEP_PAD_LEN 8 --#define OAEP_PAD_OCTET 0x00 -+/* Needed for RSA-PSS functions */ -+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - - #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ - -@@ -78,127 +78,39 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) - return 0; - } - --static SHA1Context *SHA1_CloneContext(SHA1Context * original) --{ -- SHA1Context *clone = NULL; -- unsigned char *pBuf; -- int sha1ContextSize = SHA1_FlattenSize(original); -- SECStatus frv; -- unsigned char buf[FLAT_BUFSIZE]; -- -- PORT_Assert(sizeof buf >= sha1ContextSize); -- if (sizeof buf >= sha1ContextSize) { -- pBuf = buf; -- } else { -- pBuf = nss_ZAlloc(NULL, sha1ContextSize); -- if (!pBuf) -- goto done; -- } -- -- frv = SHA1_Flatten(original, pBuf); -- if (frv == SECSuccess) { -- clone = SHA1_Resurrect(pBuf, NULL); -- memset(pBuf, 0, sha1ContextSize); -- } -- done: -- if (pBuf != buf) -- nss_ZFreeIf(pBuf); -- return clone; -+/* Constant time comparison of a single byte. -+ * Returns 1 iff a == b, otherwise returns 0. -+ * Note: For ranges of bytes, use constantTimeCompare. -+ */ -+static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) { -+ unsigned char c = ~(a - b | b - a); -+ c >>= 7; -+ return c; - } - --/* -- * Modify data by XORing it with a special hash of salt. -+/* Constant time comparison of a range of bytes. -+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise -+ * returns 0. - */ --static SECStatus --oaep_xor_with_h1(unsigned char *data, unsigned int datalen, -- unsigned char *salt, unsigned int saltlen) --{ -- SHA1Context *sha1cx; -- unsigned char *dp, *dataend; -- unsigned char end_octet; -- -- sha1cx = SHA1_NewContext(); -- if (sha1cx == NULL) { -- return SECFailure; -- } -- -- /* -- * Get a hash of salt started; we will use it several times, -- * adding in a different end octet (x00, x01, x02, ...). -- */ -- SHA1_Begin(sha1cx); -- SHA1_Update(sha1cx, salt, saltlen); -- end_octet = 0; -- -- dp = data; -- dataend = data + datalen; -- -- while (dp < dataend) { -- SHA1Context *sha1cx_h1; -- unsigned int sha1len, sha1off; -- unsigned char sha1[SHA1_LENGTH]; -- -- /* -- * Create hash of (salt || end_octet) -- */ -- sha1cx_h1 = SHA1_CloneContext(sha1cx); -- SHA1_Update(sha1cx_h1, &end_octet, 1); -- SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1)); -- SHA1_DestroyContext(sha1cx_h1, PR_TRUE); -- PORT_Assert(sha1len == SHA1_LENGTH); -- -- /* -- * XOR that hash with the data. -- * When we have fewer than SHA1_LENGTH octets of data -- * left to xor, use just the low-order ones of the hash. -- */ -- sha1off = 0; -- if ((dataend - dp) < SHA1_LENGTH) -- sha1off = SHA1_LENGTH - (dataend - dp); -- while (sha1off < SHA1_LENGTH) -- *dp++ ^= sha1[sha1off++]; -- -- /* -- * Bump for next hash chunk. -- */ -- end_octet++; -- } -- -- SHA1_DestroyContext(sha1cx, PR_TRUE); -- return SECSuccess; -+static unsigned char constantTimeCompare(const unsigned char *a, -+ const unsigned char *b, -+ unsigned int len) { -+ unsigned char tmp = 0; -+ unsigned int i; -+ for (i = 0; i < len; ++i, ++a, ++b) -+ tmp |= *a ^ *b; -+ return constantTimeEQ8(0x00, tmp); - } - --/* -- * Modify salt by XORing it with a special hash of data. -+/* Constant time conditional. -+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is -+ * not 0 or 1. - */ --static SECStatus --oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, -- unsigned char *data, unsigned int datalen) -+static unsigned int constantTimeCondition(unsigned int c, -+ unsigned int a, -+ unsigned int b) - { -- unsigned char sha1[SHA1_LENGTH]; -- unsigned char *psalt, *psha1, *saltend; -- SECStatus rv; -- -- /* -- * Create a hash of data. -- */ -- rv = SHA1_HashBuf(sha1, data, datalen); -- if (rv != SECSuccess) { -- return rv; -- } -- -- /* -- * XOR the low-order octets of that hash with salt. -- */ -- PORT_Assert(saltlen <= SHA1_LENGTH); -- saltend = salt + saltlen; -- psalt = salt; -- psha1 = sha1 + SHA1_LENGTH - saltlen; -- while (psalt < saltend) { -- *psalt++ ^= *psha1++; -- } -- -- return SECSuccess; -+ return (~(c - 1) & a) | ((c - 1) & b); - } - - /* -@@ -212,7 +124,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, - unsigned char *block; - unsigned char *bp; - int padLen; -- int i; -+ int i, j; - SECStatus rv; - - block = (unsigned char *) nss_ZAlloc(NULL, modulusLen); -@@ -260,124 +172,58 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, - */ - case RSA_BlockPublic: - -- /* -- * 0x00 || BT || Pad || 0x00 || ActualData -- * 1 1 padLen 1 data->len -- * Pad is all non-zero random bytes. -- */ -- padLen = modulusLen - data->len - 3; -- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN); -- if (padLen < RSA_BLOCK_MIN_PAD_LEN) { -- nss_ZFreeIf(block); -- return NULL; -- } -- for (i = 0; i < padLen; i++) { -- /* Pad with non-zero random data. */ -- do { -- rv = RNG_GenerateGlobalRandomBytes(bp + i, 1); -- } while (rv == SECSuccess -- && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- } -- bp += padLen; -- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; -- nsslibc_memcpy(bp, data->data, data->len); -- -- break; -- -- /* -- * Blocks intended for public-key operation, using -- * Optimal Asymmetric Encryption Padding (OAEP). -- */ -- case RSA_BlockOAEP: -- /* -- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData) -- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N] -- * -- * where: -- * PaddedData is "Pad1 || ActualData [|| Pad2]" -- * Salt is random data. -- * Pad1 is all zeros. -- * Pad2, if present, is random data. -- * (The "modified" fields are all the same length as the original -- * unmodified values; they are just xor'd with other values.) -- * -- * Modified1 is an XOR of PaddedData with a special octet -- * string constructed of iterated hashing of Salt (see below). -- * Modified2 is an XOR of Salt with the low-order octets of -- * the hash of Modified1 (see farther below ;-). -- * -- * Whew! -- */ -- -- -- /* -- * Salt -- */ -- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- bp += OAEP_SALT_LEN; -- -- /* -- * Pad1 -- */ -- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN); -- bp += OAEP_PAD_LEN; -- -- /* -- * Data -- */ -- nsslibc_memcpy(bp, data->data, data->len); -- bp += data->len; -- -- /* -- * Pad2 -- */ -- if (bp < (block + modulusLen)) { -- rv = RNG_GenerateGlobalRandomBytes(bp, -- block - bp + modulusLen); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- } -- -- /* -- * Now we have the following: -- * 0x00 || BT || Salt || PaddedData -- * (From this point on, "Pad1 || Data [|| Pad2]" is treated -- * as the one entity PaddedData.) -- * -- * We need to turn PaddedData into Modified1. -- */ -- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN, -- modulusLen - 2 - OAEP_SALT_LEN, -- block + 2, OAEP_SALT_LEN) != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- -- /* -- * Now we have: -- * 0x00 || BT || Salt || Modified1(PaddedData) -- * -- * The remaining task is to turn Salt into Modified2. -- */ -- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN, -- block + 2 + OAEP_SALT_LEN, -- modulusLen - 2 - OAEP_SALT_LEN) != -- SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- -- break; -+ /* -+ * 0x00 || BT || Pad || 0x00 || ActualData -+ * 1 1 padLen 1 data->len -+ * Pad is all non-zero random bytes. -+ * -+ * Build the block left to right. -+ * Fill the entire block from Pad to the end with random bytes. -+ * Use the bytes after Pad as a supply of extra random bytes from -+ * which to find replacements for the zero bytes in Pad. -+ * If we need more than that, refill the bytes after Pad with -+ * new random bytes as necessary. -+ */ -+ padLen = modulusLen - (data->len + 3); -+ PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN); -+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) { -+ nss_ZFreeIf (block); -+ return NULL; -+ } -+ j = modulusLen - 2; -+ rv = RNG_GenerateGlobalRandomBytes(bp, j); -+ if (rv == SECSuccess) { -+ for (i = 0; i < padLen; ) { -+ unsigned char repl; -+ /* Pad with non-zero random data. */ -+ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) { -+ ++i; -+ continue; -+ } -+ if (j <= padLen) { -+ rv = RNG_GenerateGlobalRandomBytes(bp + padLen, -+ modulusLen - (2 + padLen)); -+ if (rv != SECSuccess) -+ break; -+ j = modulusLen - 2; -+ } -+ do { -+ repl = bp[--j]; -+ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen); -+ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) { -+ bp[i++] = repl; -+ } -+ } -+ } -+ if (rv != SECSuccess) { -+ /*sftk_fatalError = PR_TRUE;*/ -+ nss_ZFreeIf (block); -+ return NULL; -+ } -+ bp += padLen; -+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; -+ nsslibc_memcpy(bp, data->data, data->len); -+ break; - - default: - PORT_Assert(0); -@@ -427,26 +273,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, - - break; - -- case RSA_BlockOAEP: -- /* -- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2]) -- * -- * The "2" below is the first octet + the second octet. -- * (The other fields do not contain the clear values, but are -- * the same length as the clear values.) -- */ -- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN -- + OAEP_PAD_LEN))); -- -- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); -- if (result->data == NULL) { -- result->len = 0; -- return SECFailure; -- } -- result->len = modulusLen; -- -- break; -- - case RSA_BlockRaw: - /* - * Pad || ActualData --- -1.7.1 - - diff --git a/dev-libs/nss/files/nss-3.15.1-fipstest-warnings.patch b/dev-libs/nss/files/nss-3.15.1-fipstest-warnings.patch deleted file mode 100644 index cf2fd8652a9d..000000000000 --- a/dev-libs/nss/files/nss-3.15.1-fipstest-warnings.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://bugzilla.mozilla.org/show_bug.cgi?id=920899 - -diff -r 279078670022 security/nss/cmd/fipstest/fipstest.c ---- a/security/nss/cmd/fipstest/fipstest.c Wed Mar 27 17:03:34 2013 -0400 -+++ b/security/nss/cmd/fipstest/fipstest.c Thu Sep 26 00:58:04 2013 -0400 -@@ -3616,10 +3616,10 @@ void hmac_test(char *reqfn) - goto loser; - } - msg = PORT_ZAlloc(msgLen); -- memset(msg, 0, msgLen); - if (msg == NULL) { - goto loser; - } -+ memset(msg, 0, msgLen); - - req = fopen(reqfn, "r"); - resp = stdout; -@@ -3677,7 +3677,7 @@ void hmac_test(char *reqfn) - keyLen = 0; - TLen = 0; - memset(key, 0, sizeof key); -- memset(msg, 0, sizeof msg); -+ memset(msg, 0, msgLen); - memset(HMAC, 0, sizeof HMAC); - continue; - } diff --git a/dev-libs/nss/nss-3.15.2.ebuild b/dev-libs/nss/nss-3.15.2.ebuild deleted file mode 100644 index 94d00c888571..000000000000 --- a/dev-libs/nss/nss-3.15.2.ebuild +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.2.ebuild,v 1.10 2013/10/09 17:10:05 ago Exp $ - -EAPI=5 -inherit eutils flag-o-matic multilib toolchain-funcs - -NSPR_VER="4.10" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch - http://dev.gentoo.org/~anarchy/patches/${PN}-3.15-pem-support-20130617.patch.xz" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="utils" - -DEPEND="virtual/pkgconfig - >=dev-libs/nspr-${NSPR_VER}" - -RDEPEND=">=dev-libs/nspr-${NSPR_VER} - >=dev-db/sqlite-3.5 - sys-libs/zlib" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -src_setup() { - export LC_ALL="C" -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch" - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch" - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${DISTDIR}/${PN}-3.15-pem-support-20130617.patch.xz" - epatch "${FILESDIR}/${PN}-3.15-x32.patch" - epatch "${FILESDIR}/${PN}-3.15.1-fipstest-warnings.patch" - cd coreconf - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - "${S}"/config/Makefile - - epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - "${S}"/cmd/shlibsign/sign.sh - fi - - # dirty hack - cd "${S}" - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - echo > "${T}"/test.c || die - ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die - case $(file "${T}"/test.o) in - *32-bit*x86-64*) echo USE_x32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -src_compile() { - strip-flags - - tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} - local makeargs=( - CC="${CC}" - AR="${AR} rc \$@" - RANLIB="${RANLIB}" - OPTIMIZER= - $(nssbits) - ) - - # Take care of nspr settings #436216 - append-cppflags $(${PKG_CONFIG} nspr --cflags) - append-ldflags $(${PKG_CONFIG} nspr --libs-only-L) - unset NSPR_INCLUDE_DIR - export NSPR_LIB_DIR=${T}/fake-dir - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export XCFLAGS="${CFLAGS} ${CPPFLAGS}" - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - emake -j1 -C coreconf \ - CC="${BUILD_CC}" \ - $(nssbits BUILD_) \ - || die - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed" - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -src_install() { - cd "${S}"/dist - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - # We generate these after stripping the libraries, else they don't match. - #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - fi - cd "${S}"/dist/*/bin/ - for f in ${nssutils}; do - dobin ${f} - done - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - local l libs=() liblist - for l in ${NSS_CHK_SIGN_LIBS} ; do - libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") - done - liblist=$(printf '%s:' "${libs[@]}") - echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss" - doenvd "${T}/90nss" -} - -pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) -} - -pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) -} diff --git a/dev-libs/nss/nss-3.15.3.1.ebuild b/dev-libs/nss/nss-3.15.3.1.ebuild deleted file mode 100644 index b438bb07e4b3..000000000000 --- a/dev-libs/nss/nss-3.15.3.1.ebuild +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.3.1.ebuild,v 1.2 2013/12/13 14:11:07 jer Exp $ - -EAPI=5 -inherit eutils flag-o-matic multilib toolchain-funcs - -NSPR_VER="4.10" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch - http://dev.gentoo.org/~anarchy/patches/${PN}-3.15-pem-support-20130617.patch.xz" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="utils" - -DEPEND="virtual/pkgconfig - >=dev-libs/nspr-${NSPR_VER}" - -RDEPEND=">=dev-libs/nspr-${NSPR_VER} - >=dev-db/sqlite-3.5 - sys-libs/zlib" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -src_setup() { - export LC_ALL="C" -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch" - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch" - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${DISTDIR}/${PN}-3.15-pem-support-20130617.patch.xz" - epatch "${FILESDIR}/${PN}-3.15-x32.patch" - epatch "${FILESDIR}/${PN}-3.15.1-fipstest-warnings.patch" - cd coreconf - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - "${S}"/config/Makefile - - epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - "${S}"/cmd/shlibsign/sign.sh - fi - - # dirty hack - cd "${S}" - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - echo > "${T}"/test.c || die - ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die - case $(file "${T}"/test.o) in - *32-bit*x86-64*) echo USE_x32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -src_compile() { - strip-flags - - tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} - local makeargs=( - CC="${CC}" - AR="${AR} rc \$@" - RANLIB="${RANLIB}" - OPTIMIZER= - $(nssbits) - ) - - # Take care of nspr settings #436216 - append-cppflags $(${PKG_CONFIG} nspr --cflags) - append-ldflags $(${PKG_CONFIG} nspr --libs-only-L) - unset NSPR_INCLUDE_DIR - export NSPR_LIB_DIR=${T}/fake-dir - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export XCFLAGS="${CFLAGS} ${CPPFLAGS}" - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - emake -j1 -C coreconf \ - CC="${BUILD_CC}" \ - $(nssbits BUILD_) \ - || die - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed" - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -src_install() { - cd "${S}"/dist - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - # We generate these after stripping the libraries, else they don't match. - #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - fi - cd "${S}"/dist/*/bin/ - for f in ${nssutils}; do - dobin ${f} - done - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - local l libs=() liblist - for l in ${NSS_CHK_SIGN_LIBS} ; do - libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") - done - liblist=$(printf '%s:' "${libs[@]}") - echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss" - doenvd "${T}/90nss" -} - -pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) -} - -pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) -} diff --git a/dev-libs/nss/nss-3.15.3.ebuild b/dev-libs/nss/nss-3.15.3.ebuild deleted file mode 100644 index 275c2339be2e..000000000000 --- a/dev-libs/nss/nss-3.15.3.ebuild +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.3.ebuild,v 1.9 2013/12/15 19:27:41 ago Exp $ - -EAPI=5 -inherit eutils flag-o-matic multilib toolchain-funcs - -NSPR_VER="4.10" -RTM_NAME="NSS_${PV//./_}_RTM" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch - http://dev.gentoo.org/~anarchy/patches/${PN}-3.15-pem-support-20130617.patch.xz" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="utils" - -DEPEND="virtual/pkgconfig - >=dev-libs/nspr-${NSPR_VER}" - -RDEPEND=">=dev-libs/nspr-${NSPR_VER} - >=dev-db/sqlite-3.5 - sys-libs/zlib" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -src_setup() { - export LC_ALL="C" -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch" - epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch" - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${DISTDIR}/${PN}-3.15-pem-support-20130617.patch.xz" - epatch "${FILESDIR}/${PN}-3.15-x32.patch" - epatch "${FILESDIR}/${PN}-3.15.1-fipstest-warnings.patch" - cd coreconf - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - "${S}"/config/Makefile - - epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - "${S}"/cmd/shlibsign/sign.sh - fi - - # dirty hack - cd "${S}" - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - echo > "${T}"/test.c || die - ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die - case $(file "${T}"/test.o) in - *32-bit*x86-64*) echo USE_x32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -src_compile() { - strip-flags - - tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} - local makeargs=( - CC="${CC}" - AR="${AR} rc \$@" - RANLIB="${RANLIB}" - OPTIMIZER= - $(nssbits) - ) - - # Take care of nspr settings #436216 - append-cppflags $(${PKG_CONFIG} nspr --cflags) - append-ldflags $(${PKG_CONFIG} nspr --libs-only-L) - unset NSPR_INCLUDE_DIR - export NSPR_LIB_DIR=${T}/fake-dir - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export XCFLAGS="${CFLAGS} ${CPPFLAGS}" - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - emake -j1 -C coreconf \ - CC="${BUILD_CC}" \ - $(nssbits BUILD_) \ - || die - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed" - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -src_install() { - cd "${S}"/dist - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - # We generate these after stripping the libraries, else they don't match. - #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - fi - cd "${S}"/dist/*/bin/ - for f in ${nssutils}; do - dobin ${f} - done - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - local l libs=() liblist - for l in ${NSS_CHK_SIGN_LIBS} ; do - libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") - done - liblist=$(printf '%s:' "${libs[@]}") - echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss" - doenvd "${T}/90nss" -} - -pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) -} - -pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) -} |