diff options
author | Jory Pratt <anarchy@gentoo.org> | 2012-09-01 23:07:37 +0000 |
---|---|---|
committer | Jory Pratt <anarchy@gentoo.org> | 2012-09-01 23:07:37 +0000 |
commit | 636227fe3694639a639d4b7ef3fa496c0fc16080 (patch) | |
tree | d085113fd7d8a9210f484dc779b7722cdb125290 /dev-libs/nss | |
parent | Stable ppc, bug #427714 (diff) | |
download | historical-636227fe3694639a639d4b7ef3fa496c0fc16080.tar.gz historical-636227fe3694639a639d4b7ef3fa496c0fc16080.tar.bz2 historical-636227fe3694639a639d4b7ef3fa496c0fc16080.zip |
Security bump
Package-Manager: portage-2.1.11.12/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/nss')
-rw-r--r-- | dev-libs/nss/ChangeLog | 7 | ||||
-rw-r--r-- | dev-libs/nss/Manifest | 15 | ||||
-rw-r--r-- | dev-libs/nss/nss-3.13.6.ebuild | 212 |
3 files changed, 222 insertions, 12 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog index 4b50038d36a8..4dd942791769 100644 --- a/dev-libs/nss/ChangeLog +++ b/dev-libs/nss/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for dev-libs/nss # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.258 2012/08/25 07:07:21 xmw Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.259 2012/09/01 23:07:37 anarchy Exp $ + +*nss-3.13.6 (01 Sep 2012) + + 01 Sep 2012; <anarchy@gentoo.org> +nss-3.13.6.ebuild: + Security bump 25 Aug 2012; Michael Weber <xmw@gentoo.org> nss-3.13.5.ebuild: ppc stable (bug 427224) diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest index a818642ab781..39a63d5f988e 100644 --- a/dev-libs/nss/Manifest +++ b/dev-libs/nss/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - AUX nss-3.12.11-CVE-2011-3640.patch 4608 SHA256 d48b2117c52a30c8ef659fc7222f501cce175ead29891ed8dceadd6f7d8bada4 SHA512 2aa77d5d6c33456ef4e57cc42eff490f9689e8a1f2a580228e0dac3530d60b30c989e3b36ec2621da30688dce31e86cb10644596bb0458ca69c1d97ae28e128d WHIRLPOOL 8b600cea13a4a5d8efbf99b6df6dc3d333344012c3783a0d858d4b95f908ca19f57902a355d02913a680709bb81fb7d6bec22cd9dfc37f60843a90e5844990a6 AUX nss-3.12.4-solaris-gcc.patch 842 SHA256 cf2695f4d73ad9de267ffd2e47b2f8940bf56d94b51e66d1e36907b5d6368865 SHA512 ef07fd443bb1bcbf23dc7041c085ae028a7e30720610f266c1b941d1ab7fd0e5591355682e42de415650e8890629a26de25522a98177d4782ba565ea1bd98c1d WHIRLPOOL d1ab130cb39c18b5e87b8c7b40c4cea29c8a259ea4bcfa5c7a511cc7bba32a6b76fcb877f5bc56de0a27962154f7b9000f8646024260b823965f53997d5cf721 AUX nss-3.12.5-gentoo-fixups.diff 6669 SHA256 24593640e682cb7a831cd8a0888397b7b20880c9cfabed76bb647cc12385aef6 SHA512 e367f6b55057bbe2f260128845a31fee17dc37ba11fbfcb18c26a9ebbadbd6833ce44ffd2325a3cbc83669c8163063b9fc59ad4dc842aa27136b88e0b5f75257 WHIRLPOOL 6ef0c60cd2f713ecc33f1c9ea5eb4e6ba7caacb6c620a16f99d791f8b0a558847e8d6ab08a923d4471b2a7682832a81f148d1606dbaba89f45d2b939b5333faa @@ -17,18 +14,14 @@ DIST nss-3.13.3.tar.gz 6083507 SHA256 efa10f2c70da4bddabf1a6081964969bb23359b93d DIST nss-3.13.3_pem.support 191571 SHA256 cb6cf7955203514b3c1210c9b32504b0d2f1c158fa9b5d2509ef0bb34b68374c SHA512 223026adbacf2f325f808210cc050f95cb65cb0fe8c6022109a42bd991fd576e2e96beb5ec8e185dbbd649f4bd4516bc0f7fc10401f47eda806ab2d63f0c23a3 WHIRLPOOL 78345665e54fe67f57bc09311567ad525f9a8dae7d17e600a9639fac820fcf9c64e9f4bacc5df3f90b90a224e374ac44e938962c5248189fe76dad7143bf3476 DIST nss-3.13.4.tar.gz 6087584 SHA256 a552f56b03c0c716ba950c7eef971d87f717c02a4d9a75ee2fe84bd036830de5 SHA512 d39117239030b93e4e644ffaec6788f6b2d4ef604cb6232ca0146882e6d9315834e73804c1b67bf90e79c533104c856cc141a4153f7d946beb122ced0ce49173 WHIRLPOOL 67d5f4468543f4afe9734036acbfbde4c6dc21f7e2ef7c634001587d7f066af5db9cc544953fdfd500aa94ca89ec65ef117aa8b923a189dbbf80247e2b088bd1 DIST nss-3.13.5.tar.gz 6087983 SHA256 ee8b995ebc971308a5bc8b50eb391cd925d6ee7c5e139d25018ee993e71b012a SHA512 8096390bbb8544ef1c3d5b8e3245b5bb618b4fa718e2fb8ab4c134f3e8b386c07146bbd60a16edd261b4c5014d29b6cf85118ad0e7e43b53ba3fd7c25a7c79b5 WHIRLPOOL 7aeae5506bbf7f118ea6139cde6444fbc2c3152ef41a606d690d04956692c88303779a52147c7bece5a4f943b271b887e9008e3802a8e367edbfb7a353246960 +DIST nss-3.13.6-add_spi+cacerts_ca_certs.patch 70095 SHA256 66779b7c64f0f71662f29f8127f78eac086b1415778872cdbfdf3017bacbca9f SHA512 3aaf7671a179e28f2bb80a9d9f753337e15ed46df97724a9517c58f436b4e835815b974de9344bb422326b0625de52e6444523b37f36d4bdcda0a05e9839ce4c WHIRLPOOL 48bd80ffef3ca7f007f02f654cb33e7887bd4b5ce91e5ef2b9c88ca888aeda5ce8d02f41c4ed38b553ade572256fbf84a42de87814c5e6b4252950bd2555a74a +DIST nss-3.13.6.tar.gz 6109538 SHA256 f7e90727e0ecc1c29de10da39a79bc9c53b814ccfbf40720e053b29c683d43a0 SHA512 45bc254eb238ea23fdd8d2c9128a22cebe15fda9ed5c9c1d112b5756d4d2b76e7f3a99d3600254bdcd6eeb18bda224d52e676e169207193798200f0d41baa29d WHIRLPOOL 8172b4a29a513ed931d8b9c5b72270e448282ff7454ea8aea9fba23e667f8c76417861f3f716857ba05e38f0ee940fc21d86d7343e1ffc780a849c37929b94aa EBUILD nss-3.12.11-r1.ebuild 7122 SHA256 d5841f3fcc82b82daec8e8af075ce0da6188eed4138ec55bad35472590917fb1 SHA512 8bb37d7f83cd9e3612676eb3bfae7cfdfac52f1c0b1fa53dbcc7a5ab37581717236cc3652c3b9bc9b35e2beb541372ee459e3b6de4b53ed3d1d61517a65063fd WHIRLPOOL b34fd3889fe2b9e42c7f7d6acf1504c4d7b1972155f090db312b76f86d906046a595bb1cbc959bbf2e4503729e9733f48729647584a2f519a7555cd4358237bf EBUILD nss-3.13.2.ebuild 6661 SHA256 893ccc693582e62752fc6647b8609cf1e4b4f2ab6bd373a126a5b9e9224e3c1e SHA512 0f78b650a10ce5b0dfe693223fc4e857fb42bc58668a8dd60bf14660427b4df3c9317e97c0b0c70279d3c00cbb9aa3346f812ba10412046fd00cbaf7dc1289c8 WHIRLPOOL dc6424a7915138c3e131a286ac5d891fb973704be3acd0b9128153bbeb297d77bc40a2801ea731f3de43117b34cbda49e3100caa749c83d8404bb17da48999ad EBUILD nss-3.13.3.ebuild 6701 SHA256 8548f900f91d5193a6e81a6424ccbc0ef09e3661983991eb547be6caa9da4d6b SHA512 7941a0be3ce5684421726ec6f4133c98277b9f6a7697e9812c82d4dde589b88955328c2984752f19b1540c5821d037525e848131f157bc99af509c4f764dae26 WHIRLPOOL bd7dc5b9ceb1ef0aa7c20e51831d013dee428534a1c91959392984a02203b3fcebf462c3dc3b346674d6080ff07c957c0b0f5bc2c58e74988cd955a91e7bfafa EBUILD nss-3.13.4.ebuild 6804 SHA256 a93734fc7b1ebd871a7402cc3a7e927e0fa0a7658f72ccb8efbd4eb854a4656d SHA512 45cb4860a7292cbb1adf551aa7e7d6f5467f036f0128e58ca604d29bb266328cc48556bbdae20b8b7623ef0cbb4f0d8c410d4a957694c1e0bb18ca5e32500dfd WHIRLPOOL bea5f1840593535b90c77956ef167d796d8a5d00961a9afc2c0fda839a0532dd4e749b80cac75dc91b6daaa6fee55a3e4babbd1230681eaaa5d49ab9c5994488 EBUILD nss-3.13.5-r1.ebuild 6936 SHA256 4f21e7f2f61a1814e75156f2ee9f24f010e23cf227f5b1d8a783a4d2e627f01e SHA512 f5e1d170e01ddb340d718362d8675b0e7797d3b028fe534ae0909d93ccb5df52414ca1a6774e89b584c9ce866ea2b18e3ee3790f6aee9156011bf0ae904d4a67 WHIRLPOOL f42e7bfd1079a02df2539ebd0b42b302950a6bc9e7c82f033bb5108ea3121aefa7352140a4bf6021127ece903aca0dcf4ebe82bbaad42ccc6e60461a7d24e54f EBUILD nss-3.13.5.ebuild 6840 SHA256 3b183c22aba6a227f376fd0c96794caaf419eaf5198bcab9bb06ec1e32abb329 SHA512 f3fa6d400fba87f79c600b9eb20943c7f4ed113b055af1434fd0aae5d4feaffffd0077ae7d1887415ff33666508614472ad12e1d8b6276aab6980a4f5ebdb575 WHIRLPOOL 8cdeb14fefaffd7fdbf553ac4e2409cb8986ba6ba8865fcc2655e4a2461bca6755cdb9ad0b990c9c900332dc84ef08add4ba1e878c22239abc8db7e69104dd70 -MISC ChangeLog 32793 SHA256 01ff7aecca985a97ffef21d45001ab34d32bf944caad0cb2d6e95b0a2f765909 SHA512 74e09469d0cc6c915dcd8f3de3c4ced677f640d08e183bbb8c0a07c9c6b0e4d444502214ea9f0e02d7d3e897743bf0e97b7cd7aa8d5048b72dc7601dc7c07590 WHIRLPOOL b0a1d06ea4cb9b5fd5d19d3c2b896b1a5d71bce124ecb777c4fd3b5f750b6484387f72d455b3eab36fbbc03b8241821edb133c0d8d6a9348a9811997b11986c7 +EBUILD nss-3.13.6.ebuild 6933 SHA256 d42c54c49b7caced527064f211a68124ad06eb987780e6e2dc2646fcc01843b8 SHA512 db4d041165947991396bd0701d917b05c66e562af3c6becb6c5daa155a354c536fa08c0a568fd551eca87c509377eec17e8fbd853147470c260f41295439a3da WHIRLPOOL 76db71efb955b0f0748a35f7163d711410721ad0f87975ad5405dbe02c25db3dc53d8d501ba1726b34e22e037d2ca72b3231b1887990e2672296fe45d41fe628 +MISC ChangeLog 32897 SHA256 67a3bbb810866c687a831129688965ac40fb7d176d39a667b74bc4f12fede029 SHA512 6c8383279ea09eefb7e8e790855efa65c3dfccbdedf46df01033404670adf55c493f92cb695d27f72e7b999593e64a5f101f91546a3f1929249ac0ff990cfca8 WHIRLPOOL 0cdd9772f2f3a43bc8a10be3c50eb63dfc244c13a9809100d2cf58ef6bef93cf47b287e5c25a9357c63527715f654f196eae9dcb135cee2a5b1a79ca8263be75 MISC metadata.xml 245 SHA256 58443b11f9dff75b5d4391f03dbafd90305a0ec8f046f8f0068fb95777c01bd4 SHA512 3564c5476cd817e6ee8276a450cf646c8df81bfb90455345b8cd6f2cdd6c62b07cbf19f3c1abbcf1a02f9f91a034807303b5e6765df24404375b79fe13a646bd WHIRLPOOL 64c44be7cbb44e7707ef243d989222f3e498b4d23f6e1a875ac481d6577f54444c9dd575e92330d6d018c8f1084858a417eed59e650b7119842c7624a01d7462 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) - -iF4EAREIAAYFAlA4eawACgkQknrdDGLu8JAFIgEAk2brXBt63Lj7OetLqnIHzLka -/PUh8dRXSAm98mEUrfEA/ibEO3k+YD9QW11OyrtpeE9SWkkoQxPVTQVXOXMOZ2QX -=EDf4 ------END PGP SIGNATURE----- diff --git a/dev-libs/nss/nss-3.13.6.ebuild b/dev-libs/nss/nss-3.13.6.ebuild new file mode 100644 index 000000000000..ea29e4bfabc1 --- /dev/null +++ b/dev-libs/nss/nss-3.13.6.ebuild @@ -0,0 +1,212 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.13.6.ebuild,v 1.1 2012/09/01 23:07:37 anarchy Exp $ + +EAPI=3 +inherit eutils flag-o-matic multilib toolchain-funcs + +NSPR_VER="4.9.2" +RTM_NAME="NSS_${PV//./_}_RTM" + +DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" +HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" +SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz + http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.6-add_spi+cacerts_ca_certs.patch + http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.3_pem.support" + +LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="utils" + +DEPEND="virtual/pkgconfig + >=dev-libs/nspr-${NSPR_VER}" + +RDEPEND=">=dev-libs/nspr-${NSPR_VER} + >=dev-db/sqlite-3.5 + sys-libs/zlib" + +src_setup() { + export LC_ALL="C" +} + +src_prepare() { + # Custom changes for gentoo + epatch "${FILESDIR}/${PN}-3.13-gentoo-fixup.patch" + epatch "${FILESDIR}/${PN}-3.12.6-gentoo-fixup-warnings.patch" + epatch "${DISTDIR}/${PN}-3.13.6-add_spi+cacerts_ca_certs.patch" + epatch "${DISTDIR}/${PN}-3.13.3_pem.support" + epatch "${FILESDIR}/${PN}-3.13.5-x32.patch" + + cd "${S}"/mozilla/security/coreconf || die + # hack nspr paths + echo 'INCLUDES += -I'"${EPREFIX}"'/usr/include/nspr -I$(DIST)/include/dbm' \ + >> headers.mk || die "failed to append include" + + # modify install path + sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ + -i source.mk || die + + # Respect LDFLAGS + sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die + + # Ensure we stay multilib aware + sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/mozilla/security/nss/config/Makefile || die "Failed to fix for multilib" + + # Fix pkgconfig file for Prefix + sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ + "${S}"/mozilla/security/nss/config/Makefile || die + + epatch "${FILESDIR}/nss-3.13.1-solaris-gcc.patch" + + # dirty hack + cd "${S}"/mozilla/security/nss || die + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ + lib/ssl/config.mk || die + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ + cmd/platlibs.mk || die +} + +src_compile() { + strip-flags + + echo > "${T}"/test.c || die + $(tc-getCC) ${CFLAGS} -c "${T}"/test.c -o "${T}"/test.o || die + case $(file "${T}"/test.o) in + *32-bit*x86-64*) export USE_x32=1;; + *64-bit*|*ppc64*|*x86_64*) export USE_64=1;; + *32-bit*|*ppc*|*i386*) ;; + *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; + esac + + export NSPR_INCLUDE_DIR=`nspr-config --includedir` + export NSPR_LIB_DIR=`nspr-config --libdir` + export BUILD_OPT=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSDISTMODE=copy + export NSS_ENABLE_ECC=1 + export XCFLAGS="${CFLAGS}" + export FREEBL_NO_DEPEND=1 + export ASFLAGS="" + + cd "${S}"/mozilla/security/coreconf || die + emake -j1 CC="$(tc-getCC)" || die "coreconf make failed" + cd "${S}"/mozilla/security/dbm || die + emake -j1 CC="$(tc-getCC)" || die "dbm make failed" + cd "${S}"/mozilla/security/nss || die + emake -j1 CC="$(tc-getCC)" || die "nss make failed" +} + +# Altering these 3 libraries breaks the CHK verification. +# All of the following cause it to break: +# - stripping +# - prelink +# - ELF signing +# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html +# Either we have to NOT strip them, or we have to forcibly resign after +# stripping. +#local_libdir="$(get_libdir)" +#export STRIP_MASK=" +# */${local_libdir}/libfreebl3.so* +# */${local_libdir}/libnssdbm3.so* +# */${local_libdir}/libsoftokn3.so*" + +export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" + +generate_chk() { + local shlibsign="$1" + local libdir="$2" + einfo "Resigning core NSS libraries for FIPS validation" + shift 2 + for i in ${NSS_CHK_SIGN_LIBS} ; do + local libname=lib${i}.so + local chkname=lib${i}.chk + "${shlibsign}" \ + -i "${libdir}"/${libname} \ + -o "${libdir}"/${chkname}.tmp \ + && mv -f \ + "${libdir}"/${chkname}.tmp \ + "${libdir}"/${chkname} \ + || die "Failed to sign ${libname}" + done +} + +cleanup_chk() { + local libdir="$1" + shift 1 + for i in ${NSS_CHK_SIGN_LIBS} ; do + local libfname="${libdir}/lib${i}.so" + # If the major version has changed, then we have old chk files. + [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ + && rm -f "${libfname}.chk" + done +} + +src_install () { + MINOR_VERSION=12 + cd "${S}"/mozilla/security/dist || die + + dodir /usr/$(get_libdir) || die + cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" + # We generate these after stripping the libraries, else they don't match. + #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" + cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" + + # Install nss-config and pkgconfig file + dodir /usr/bin || die + cp -L */bin/nss-config "${ED}"/usr/bin || die + dodir /usr/$(get_libdir)/pkgconfig || die + cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die + + # all the include files + insinto /usr/include/nss + doins public/nss/*.h || die + cd "${ED}"/usr/$(get_libdir) || die + local n= + for file in *$(get_libname); do + n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION}) + mv ${file} ${n} || die + ln -s ${n} ${file} || die + if [[ ${CHOST} == *-darwin* ]]; then + install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die + fi + done + + local nssutils + # Always enabled because we need it for chk generation. + nssutils="shlibsign" + if use utils; then + # The tests we do not need to install. + #nssutils_test="bltest crmftest dbtest dertimetest + #fipstest remtest sdrtest" + nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert + cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit + nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode + pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt + symkeyutil tstclnt vfychain vfyserv" + fi + cd "${S}"/mozilla/security/dist/*/bin/ || die + for f in $nssutils; do + dobin ${f} || die + done + + # Prelink breaks the CHK files. We don't have any reliable way to run + # shlibsign after prelink. + declare -a libs + for l in ${NSS_CHK_SIGN_LIBS} ; do + libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") + done + OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}" + echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss" || die + unset libs liblist + doenvd "${T}/90nss" || die +} + +pkg_postinst() { + # We must re-sign the libraries AFTER they are stripped. + generate_chk "${EROOT}"/usr/bin/shlibsign "${EROOT}"/usr/$(get_libdir) +} + +pkg_postrm() { + cleanup_chk "${EROOT}"/usr/$(get_libdir) +} |