[SVN-Commit] r659 - branches/experimental/devel/nspr
branches/experimental/security/ca_root_nss
branches/experimental/security/ca_root_nss/files
branches/experimental/security/nss trunk/devel/nspr
trunk/security trunk/security/ca_root_nss
trunk/security/ca_root_nss/files trunk/security/nss
trunk/security/nss/files
svn-freebsd-gecko at chruetertee.ch
svn-freebsd-gecko at chruetertee.ch
Wed Oct 19 17:21:51 UTC 2011
Author: beat
Date: Wed Oct 19 17:21:47 2011
New Revision: 659
Log:
- Add and update ports which are maintained by gecko@ now.
Added:
branches/experimental/security/ca_root_nss/
branches/experimental/security/ca_root_nss/Makefile
branches/experimental/security/ca_root_nss/distinfo
branches/experimental/security/ca_root_nss/files/
branches/experimental/security/ca_root_nss/files/MAca-bundle.pl
branches/experimental/security/ca_root_nss/pkg-descr
branches/experimental/security/ca_root_nss/pkg-plist
trunk/security/
trunk/security/ca_root_nss/
trunk/security/ca_root_nss/Makefile
trunk/security/ca_root_nss/distinfo
trunk/security/ca_root_nss/files/
trunk/security/ca_root_nss/files/MAca-bundle.pl
trunk/security/ca_root_nss/pkg-descr
trunk/security/ca_root_nss/pkg-plist
trunk/security/nss/
trunk/security/nss/Makefile
trunk/security/nss/distinfo
trunk/security/nss/files/
trunk/security/nss/files/nss-config.in
trunk/security/nss/files/nss.pc.in
trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk
trunk/security/nss/files/patch-..::coreconf::command.mk
trunk/security/nss/files/patch-..::coreconf::rules.mk
trunk/security/nss/files/patch-.._coreconf_arch.mk
trunk/security/nss/files/patch-Makefile
trunk/security/nss/files/patch-const
trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c
trunk/security/nss/files/patch-lib_softoken_manifest.mn
trunk/security/nss/files/patch-lib_softoken_pkcs11c.c
trunk/security/nss/files/patch-sysdb
trunk/security/nss/files/patch-tests
trunk/security/nss/pkg-descr
trunk/security/nss/pkg-plist
Modified:
branches/experimental/devel/nspr/Makefile
branches/experimental/devel/nspr/distinfo
branches/experimental/security/nss/Makefile
trunk/devel/nspr/Makefile
trunk/devel/nspr/distinfo
Modified: branches/experimental/devel/nspr/Makefile
==============================================================================
--- branches/experimental/devel/nspr/Makefile Wed Oct 19 17:15:34 2011 (r658)
+++ branches/experimental/devel/nspr/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -2,17 +2,16 @@
# Date created: 18 December 2001
# Whom: Maxim Sobolev <sobomax at FreeBSD.org>
#
-# $FreeBSD: ports/devel/nspr/Makefile,v 1.45 2011/09/10 10:35:10 flo Exp $
+# $FreeBSD: ports/devel/nspr/Makefile,v 1.47 2011/10/07 22:39:17 flo Exp $
# $MCom: ports-experimental/devel/nspr/Makefile,v 1.6 2008/03/12 13:06:56 ahze Exp $
PORTNAME= nspr
-DISTVERSION= 4.8.8
-PORTREVISION= 1
+DISTVERSION= 4.8.9
CATEGORIES= devel
MASTER_SITES= MOZILLA
MASTER_SITE_SUBDIR= nspr/releases/v${PORTVERSION}/src
-MAINTAINER= gnome at FreeBSD.org
+MAINTAINER= gecko at FreeBSD.org
COMMENT= A platform-neutral API for system level and libc like functions
WRKSRC= ${WRKDIR}/${DISTNAME}/mozilla/nsprpub/build
Modified: branches/experimental/devel/nspr/distinfo
==============================================================================
--- branches/experimental/devel/nspr/distinfo Wed Oct 19 17:15:34 2011 (r658)
+++ branches/experimental/devel/nspr/distinfo Wed Oct 19 17:21:47 2011 (r659)
@@ -1,2 +1,2 @@
-SHA256 (nspr-4.8.8.tar.gz) = 92f3f4ded2ee313e396c180d5445cc3c718ff347d86c06b7bf14a1b5e049d4c9
-SIZE (nspr-4.8.8.tar.gz) = 1246068
+SHA256 (nspr-4.8.9.tar.gz) = ff43c7c819e72f03bb908e7652c5d5f59a5d31ee86c333e692650207103d1cce
+SIZE (nspr-4.8.9.tar.gz) = 1235265
Added: branches/experimental/security/ca_root_nss/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/experimental/security/ca_root_nss/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,72 @@
+# New ports collection makefile for: ca-root-nss
+# Date created: Thu Jan 25 13:02:14 CST 2007
+# Whom: Brooks Davis <brooks at FreeBSD.org>
+#
+# $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.15 2011/10/08 21:37:44 flo Exp $
+#
+
+PORTNAME= ca_root_nss
+PORTVERSION= ${VERSION_NSS}
+PORTREVISION= 1
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_MOZILLA}
+MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
+DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX}
+
+MAINTAINER= gecko at FreeBSD.org
+COMMENT= The root certificate bundle from the Mozilla Project
+
+OPTIONS= ETCSYMLINK "Add symlink to /etc/ssl/cert.pem" off
+
+USE_PERL5_BUILD= yes
+NO_WRKSUBDIR= yes
+
+CERTDIR?= share/certs
+PLIST_SUB+= CERTDIR=${CERTDIR}
+
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# !!! These versions are indented to track security/nss and !!!
+# !!! www/apache13-modssl. Please DO NOT submit patches for !!!
+# !!! new versions until they have been committed there first. !!!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+VERSION_NSS= 3.12.11
+CKBI_VER= 1.87
+VERSION_APACHE= 1.3.41
+NSS_SUFFIX= .with.ckbi.${CKBI_VER}
+CERTDATA_TXT_PATH= nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+BUNDLE_PROCESSOR= MAca-bundle.pl
+
+.include <bsd.port.pre.mk>
+
+.if !defined(WITHOUT_ETCSYMLINK)
+PLIST_SUB+= ETCSYMLINK=
+CONFLICTS= ca-roots-[0-9]*
+.else
+PLIST_SUB+= ETCSYMLINK="@comment "
+.endif
+
+do-extract:
+ @${MKDIR} ${WRKDIR}
+ @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
+ ${CERTDATA_TXT_PATH}
+ @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR}
+ @${CP} ${FILESDIR}/${BUNDLE_PROCESSOR} ${WRKDIR}
+ @${RM} -rf ${WRKDIR}/nss-${VERSION_NSS}
+
+post-patch:
+ @${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS}${NSS_SUFFIX},g;' \
+ ${WRKDIR}/${BUNDLE_PROCESSOR}
+
+do-build:
+ @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \
+ < ${WRKDIR}/certdata.txt > \
+ ${WRKDIR}/ca-root-nss.crt
+
+do-install:
+ ${MKDIR} ${PREFIX}/${CERTDIR}
+ ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR}
+.if !defined(WITHOUT_ETCSYMLINK)
+ ${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
+.endif
+
+.include <bsd.port.post.mk>
Added: branches/experimental/security/ca_root_nss/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/experimental/security/ca_root_nss/distinfo Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,2 @@
+SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020
+SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595
Added: branches/experimental/security/ca_root_nss/files/MAca-bundle.pl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/experimental/security/ca_root_nss/files/MAca-bundle.pl Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,190 @@
+##
+## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
+##
+## Rewritten in September 2011 by Matthias Andree to heed untrust
+##
+
+## Copyright (c) 2011, Matthias Andree
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions are
+## met:
+##
+## * Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+##
+## * Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in the
+## documentation and/or other materials provided with the distribution.
+##
+## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+## POSSIBILITY OF SUCH DAMAGE.
+
+use strict;
+use MIME::Base64;
+
+my $VERSION = '$FreeBSD: ports/security/ca_root_nss/files/MAca-bundle.pl,v 1.3 2011/09/04 15:11:48 mandree Exp $';
+
+# configuration
+print <<EOH;
+##
+## ca-root-nss.crt -- Bundle of CA Root Certificates
+##
+## This is a bundle of X.509 certificates of public Certificate
+## Authorities (CA). These were automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt').
+##
+## Extracted from nss-%%VERSION_NSS%%
+## with $VERSION
+##
+EOH
+my $debug = 1;
+
+my %certs;
+my %trusts;
+
+sub printcert_plain($$)
+{
+ my ($label, $certdata) = @_;
+ print "=== $label ===\n" if $label;
+ print
+ "-----BEGIN CERTIFICATE-----\n",
+ MIME::Base64::encode_base64($certdata),
+ "-----END CERTIFICATE-----\n\n";
+}
+
+sub printcert_info($$)
+{
+ my (undef, $certdata) = @_;
+ return unless $certdata;
+ open(OUT, "|openssl x509 -text -inform DER -fingerprint")
+ || die "could not pipe to openssl x509";
+ print OUT $certdata;
+ close(OUT) or die "openssl x509 failed with exit code $?";
+}
+
+sub printcert($$) {
+ my ($a, $b) = @_;
+ printcert_info($a, $b);
+}
+
+sub graboct()
+{
+ my $data;
+
+ while (<>) {
+ last if /^END/;
+ my (undef, at oct) = split /\\/;
+ my @bin = map(chr(oct), @oct);
+ $data .= join('', @bin);
+ }
+
+ return $data;
+}
+
+
+sub grabcert()
+{
+ my $certdata;
+ my $cka_label;
+ my $serial;
+
+ while (<>) {
+ chomp;
+ last if ($_ eq '');
+
+ if (/^CKA_LABEL UTF8 "([^"]+)"/) {
+ $cka_label = $1;
+ }
+
+ if (/^CKA_VALUE MULTILINE_OCTAL/) {
+ $certdata = graboct();
+ }
+
+ if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
+ $serial = graboct();
+ }
+ }
+ return ($serial, $cka_label, $certdata);
+}
+
+sub grabtrust() {
+ my $cka_label;
+ my $serial;
+ my $trust = 1;
+
+ while (<>) {
+ chomp;
+ last if ($_ eq '');
+
+ if (/^CKA_LABEL UTF8 "([^"]+)"/) {
+ $cka_label = $1;
+ }
+
+ if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
+ $serial = graboct();
+ }
+
+ if (/^CKA_TRUST_.*\s.*_(UN|NOT_)TRUSTED/) {
+ $trust = 0;
+ }
+ }
+ return ($serial, $cka_label, $trust);
+}
+
+while (<>) {
+ if (/^CKA_CLASS .* CKO_CERTIFICATE/) {
+ my ($serial, $label, $certdata) = grabcert();
+ if (defined $certs{$serial.$label}) {
+ warn "Certificate $label duplicated!\n";
+ }
+ $certs{$serial.$label} = $certdata;
+ } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) {
+ my ($serial, $label, $trust) = grabtrust();
+ if (defined $trusts{$serial.$label}) {
+ warn "Trust for $label duplicated!\n";
+ }
+ $trusts{$serial.$label} = $trust;
+ } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
+ print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
+ }
+}
+
+# weed out untrusted certificates
+my $untrusted = 0;
+foreach my $it (keys %trusts) {
+ if (!$trusts{$it}) {
+ if (!exists($certs{$it})) {
+ warn "Found trust for nonexistent certificate\n";
+ } else {
+ delete $certs{$it};
+ $untrusted++;
+ }
+ }
+}
+
+print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
+
+my $certcount = 0;
+foreach my $it (keys %certs) {
+ if (!exists($trusts{$it})) {
+ die "Found certificate without trust block,\naborting";
+ }
+ printcert("", $certs{$it});
+ print "\n\n\n";
+ $certcount++;
+}
+
+print "## Number of certificates: $certcount\n";
+print "## End of file.\n";
Added: branches/experimental/security/ca_root_nss/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/experimental/security/ca_root_nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,4 @@
+Root certificates from certificate authorities included in the Mozilla
+NSS library and thus in Firefox and Thunderbird.
+
+This port directly tracks the version of NSS in the security/nss port.
Added: branches/experimental/security/ca_root_nss/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/experimental/security/ca_root_nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,4 @@
+%%CERTDIR%%/ca-root-nss.crt
+ at dirrmtry %%CERTDIR%%
+%%ETCSYMLINK%%@cwd /
+%%ETCSYMLINK%%etc/ssl/cert.pem
Modified: branches/experimental/security/nss/Makefile
==============================================================================
--- branches/experimental/security/nss/Makefile Wed Oct 19 17:15:34 2011 (r658)
+++ branches/experimental/security/nss/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -2,7 +2,7 @@
# Date created: 18 December 2001
# Whom: Maxim Sobolev <sobomax at FreeBSD.org>
#
-# $FreeBSD: ports/security/nss/Makefile,v 1.58 2011/09/04 13:23:51 mandree Exp $
+# $FreeBSD: ports/security/nss/Makefile,v 1.59 2011/10/07 20:40:40 kwm Exp $
# $MCom ports-experimental/security/nss/Makefile,v 1.4 2008/02/23 15:47:28 ahze Exp $
PORTNAME= nss
@@ -12,7 +12,7 @@
MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
DISTNAME= nss-${PORTVERSION}.with.ckbi.${CKBI_VER}
-MAINTAINER= gnome at FreeBSD.org
+MAINTAINER= gecko at FreeBSD.org
COMMENT= Libraries to support development of security-enabled applications
BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \
Modified: trunk/devel/nspr/Makefile
==============================================================================
--- trunk/devel/nspr/Makefile Wed Oct 19 17:15:34 2011 (r658)
+++ trunk/devel/nspr/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -2,17 +2,16 @@
# Date created: 18 December 2001
# Whom: Maxim Sobolev <sobomax at FreeBSD.org>
#
-# $FreeBSD: ports/devel/nspr/Makefile,v 1.45 2011/09/10 10:35:10 flo Exp $
+# $FreeBSD: ports/devel/nspr/Makefile,v 1.47 2011/10/07 22:39:17 flo Exp $
# $MCom: ports-experimental/devel/nspr/Makefile,v 1.6 2008/03/12 13:06:56 ahze Exp $
PORTNAME= nspr
-DISTVERSION= 4.8.8
-PORTREVISION= 1
+DISTVERSION= 4.8.9
CATEGORIES= devel
MASTER_SITES= MOZILLA
MASTER_SITE_SUBDIR= nspr/releases/v${PORTVERSION}/src
-MAINTAINER= gnome at FreeBSD.org
+MAINTAINER= gecko at FreeBSD.org
COMMENT= A platform-neutral API for system level and libc like functions
WRKSRC= ${WRKDIR}/${DISTNAME}/mozilla/nsprpub/build
Modified: trunk/devel/nspr/distinfo
==============================================================================
--- trunk/devel/nspr/distinfo Wed Oct 19 17:15:34 2011 (r658)
+++ trunk/devel/nspr/distinfo Wed Oct 19 17:21:47 2011 (r659)
@@ -1,2 +1,2 @@
-SHA256 (nspr-4.8.8.tar.gz) = 92f3f4ded2ee313e396c180d5445cc3c718ff347d86c06b7bf14a1b5e049d4c9
-SIZE (nspr-4.8.8.tar.gz) = 1246068
+SHA256 (nspr-4.8.9.tar.gz) = ff43c7c819e72f03bb908e7652c5d5f59a5d31ee86c333e692650207103d1cce
+SIZE (nspr-4.8.9.tar.gz) = 1235265
Added: trunk/security/ca_root_nss/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/ca_root_nss/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,72 @@
+# New ports collection makefile for: ca-root-nss
+# Date created: Thu Jan 25 13:02:14 CST 2007
+# Whom: Brooks Davis <brooks at FreeBSD.org>
+#
+# $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.15 2011/10/08 21:37:44 flo Exp $
+#
+
+PORTNAME= ca_root_nss
+PORTVERSION= ${VERSION_NSS}
+PORTREVISION= 1
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_MOZILLA}
+MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
+DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX}
+
+MAINTAINER= gecko at FreeBSD.org
+COMMENT= The root certificate bundle from the Mozilla Project
+
+OPTIONS= ETCSYMLINK "Add symlink to /etc/ssl/cert.pem" off
+
+USE_PERL5_BUILD= yes
+NO_WRKSUBDIR= yes
+
+CERTDIR?= share/certs
+PLIST_SUB+= CERTDIR=${CERTDIR}
+
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# !!! These versions are indented to track security/nss and !!!
+# !!! www/apache13-modssl. Please DO NOT submit patches for !!!
+# !!! new versions until they have been committed there first. !!!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+VERSION_NSS= 3.12.11
+CKBI_VER= 1.87
+VERSION_APACHE= 1.3.41
+NSS_SUFFIX= .with.ckbi.${CKBI_VER}
+CERTDATA_TXT_PATH= nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+BUNDLE_PROCESSOR= MAca-bundle.pl
+
+.include <bsd.port.pre.mk>
+
+.if !defined(WITHOUT_ETCSYMLINK)
+PLIST_SUB+= ETCSYMLINK=
+CONFLICTS= ca-roots-[0-9]*
+.else
+PLIST_SUB+= ETCSYMLINK="@comment "
+.endif
+
+do-extract:
+ @${MKDIR} ${WRKDIR}
+ @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
+ ${CERTDATA_TXT_PATH}
+ @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR}
+ @${CP} ${FILESDIR}/${BUNDLE_PROCESSOR} ${WRKDIR}
+ @${RM} -rf ${WRKDIR}/nss-${VERSION_NSS}
+
+post-patch:
+ @${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS}${NSS_SUFFIX},g;' \
+ ${WRKDIR}/${BUNDLE_PROCESSOR}
+
+do-build:
+ @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \
+ < ${WRKDIR}/certdata.txt > \
+ ${WRKDIR}/ca-root-nss.crt
+
+do-install:
+ ${MKDIR} ${PREFIX}/${CERTDIR}
+ ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR}
+.if !defined(WITHOUT_ETCSYMLINK)
+ ${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
+.endif
+
+.include <bsd.port.post.mk>
Added: trunk/security/ca_root_nss/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/ca_root_nss/distinfo Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,2 @@
+SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020
+SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595
Added: trunk/security/ca_root_nss/files/MAca-bundle.pl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/ca_root_nss/files/MAca-bundle.pl Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,190 @@
+##
+## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt
+##
+## Rewritten in September 2011 by Matthias Andree to heed untrust
+##
+
+## Copyright (c) 2011, Matthias Andree
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions are
+## met:
+##
+## * Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+##
+## * Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in the
+## documentation and/or other materials provided with the distribution.
+##
+## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+## POSSIBILITY OF SUCH DAMAGE.
+
+use strict;
+use MIME::Base64;
+
+my $VERSION = '$FreeBSD: ports/security/ca_root_nss/files/MAca-bundle.pl,v 1.3 2011/09/04 15:11:48 mandree Exp $';
+
+# configuration
+print <<EOH;
+##
+## ca-root-nss.crt -- Bundle of CA Root Certificates
+##
+## This is a bundle of X.509 certificates of public Certificate
+## Authorities (CA). These were automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt').
+##
+## Extracted from nss-%%VERSION_NSS%%
+## with $VERSION
+##
+EOH
+my $debug = 1;
+
+my %certs;
+my %trusts;
+
+sub printcert_plain($$)
+{
+ my ($label, $certdata) = @_;
+ print "=== $label ===\n" if $label;
+ print
+ "-----BEGIN CERTIFICATE-----\n",
+ MIME::Base64::encode_base64($certdata),
+ "-----END CERTIFICATE-----\n\n";
+}
+
+sub printcert_info($$)
+{
+ my (undef, $certdata) = @_;
+ return unless $certdata;
+ open(OUT, "|openssl x509 -text -inform DER -fingerprint")
+ || die "could not pipe to openssl x509";
+ print OUT $certdata;
+ close(OUT) or die "openssl x509 failed with exit code $?";
+}
+
+sub printcert($$) {
+ my ($a, $b) = @_;
+ printcert_info($a, $b);
+}
+
+sub graboct()
+{
+ my $data;
+
+ while (<>) {
+ last if /^END/;
+ my (undef, at oct) = split /\\/;
+ my @bin = map(chr(oct), @oct);
+ $data .= join('', @bin);
+ }
+
+ return $data;
+}
+
+
+sub grabcert()
+{
+ my $certdata;
+ my $cka_label;
+ my $serial;
+
+ while (<>) {
+ chomp;
+ last if ($_ eq '');
+
+ if (/^CKA_LABEL UTF8 "([^"]+)"/) {
+ $cka_label = $1;
+ }
+
+ if (/^CKA_VALUE MULTILINE_OCTAL/) {
+ $certdata = graboct();
+ }
+
+ if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
+ $serial = graboct();
+ }
+ }
+ return ($serial, $cka_label, $certdata);
+}
+
+sub grabtrust() {
+ my $cka_label;
+ my $serial;
+ my $trust = 1;
+
+ while (<>) {
+ chomp;
+ last if ($_ eq '');
+
+ if (/^CKA_LABEL UTF8 "([^"]+)"/) {
+ $cka_label = $1;
+ }
+
+ if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) {
+ $serial = graboct();
+ }
+
+ if (/^CKA_TRUST_.*\s.*_(UN|NOT_)TRUSTED/) {
+ $trust = 0;
+ }
+ }
+ return ($serial, $cka_label, $trust);
+}
+
+while (<>) {
+ if (/^CKA_CLASS .* CKO_CERTIFICATE/) {
+ my ($serial, $label, $certdata) = grabcert();
+ if (defined $certs{$serial.$label}) {
+ warn "Certificate $label duplicated!\n";
+ }
+ $certs{$serial.$label} = $certdata;
+ } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) {
+ my ($serial, $label, $trust) = grabtrust();
+ if (defined $trusts{$serial.$label}) {
+ warn "Trust for $label duplicated!\n";
+ }
+ $trusts{$serial.$label} = $trust;
+ } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
+ print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n";
+ }
+}
+
+# weed out untrusted certificates
+my $untrusted = 0;
+foreach my $it (keys %trusts) {
+ if (!$trusts{$it}) {
+ if (!exists($certs{$it})) {
+ warn "Found trust for nonexistent certificate\n";
+ } else {
+ delete $certs{$it};
+ $untrusted++;
+ }
+ }
+}
+
+print "## Untrusted certificates omitted from this bundle: $untrusted\n\n";
+
+my $certcount = 0;
+foreach my $it (keys %certs) {
+ if (!exists($trusts{$it})) {
+ die "Found certificate without trust block,\naborting";
+ }
+ printcert("", $certs{$it});
+ print "\n\n\n";
+ $certcount++;
+}
+
+print "## Number of certificates: $certcount\n";
+print "## End of file.\n";
Added: trunk/security/ca_root_nss/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/ca_root_nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,4 @@
+Root certificates from certificate authorities included in the Mozilla
+NSS library and thus in Firefox and Thunderbird.
+
+This port directly tracks the version of NSS in the security/nss port.
Added: trunk/security/ca_root_nss/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/ca_root_nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,4 @@
+%%CERTDIR%%/ca-root-nss.crt
+ at dirrmtry %%CERTDIR%%
+%%ETCSYMLINK%%@cwd /
+%%ETCSYMLINK%%etc/ssl/cert.pem
Added: trunk/security/nss/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,102 @@
+# Ports collection Makefile for: nss
+# Date created: 18 December 2001
+# Whom: Maxim Sobolev <sobomax at FreeBSD.org>
+#
+# $FreeBSD: ports/security/nss/Makefile,v 1.59 2011/10/07 20:40:40 kwm Exp $
+# $MCom ports-experimental/security/nss/Makefile,v 1.4 2008/02/23 15:47:28 ahze Exp $
+
+PORTNAME= nss
+PORTVERSION= ${_MAJOR}.${_MINOR}.${_PATCH}
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_MOZILLA}
+MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
+DISTNAME= nss-${PORTVERSION}.with.ckbi.${CKBI_VER}
+
+MAINTAINER= gecko at FreeBSD.org
+COMMENT= Libraries to support development of security-enabled applications
+
+BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \
+ nspr>=4.8.8:${PORTSDIR}/devel/nspr
+LIB_DEPENDS= nspr4.1:${PORTSDIR}/devel/nspr \
+ sqlite3.8:${PORTSDIR}/databases/sqlite3
+
+_MAJOR= 3
+_MINOR= 12
+_PATCH= 11
+
+CKBI_VER= 1.87
+
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/mozilla/security/nss
+
+MAKE_JOBS_UNSAFE= yes
+USE_LDCONFIG= ${PREFIX}/lib/nss
+USE_GMAKE= yes
+USE_PERL5_BUILD=yes
+MAKE_ENV= BSD_LDOPTS="${PTHREAD_LIBS} -L${LOCALBASE}/lib" \
+ BUILD_OPT=1 NSS_ENABLE_ECC=1 NSS_USE_SYSTEM_SQLITE=1
+ALL_TARGET= nss_build_all
+CFLAGS+= -I${LOCALBASE}/include/nspr -L${LOCALBASE}/lib
+
+DIST= ${WRKSRC:H:H}/dist
+
+EXTERNALS= CVS dbm security/nss/cmd/zlib nsprpub security/dbm
+EXTRACT_AFTER_ARGS=| ${TAR} -xf - \
+ ${EXTERNALS:C,^,--exclude ${DISTNAME}/mozilla/,}
+
+BINS=${DIST}/${OPSYS}${OSREL}_OPT.OBJ
+
+INSTALL_BINS= certcgi certutil checkcert cmsutil crlutil derdump makepqg \
+ mangle modutil ocspclnt oidcalc p7content p7env p7sign \
+ p7verify pk12util rsaperf shlibsign signtool signver \
+ ssltap strsclnt symkeyutil vfychain vfyserv
+
+test:
+ cd ${WRKSRC}/tests; \
+ ${SETENV} PATH="${BINS}/bin:${PATH}" \
+ LD_LIBRARY_PATH="${BINS}/lib" \
+ ./all.sh
+ @if ${GREP} -F '>Failed<' \
+ ${WRKSRC:H:H}/tests_results/security/*/results.html; then \
+ echo "Some tests have failed. Let ${MAINTAINER} know."; \
+ exit 1; \
+ else \
+ echo "All tests succeeded. Good news."; \
+ fi
+
+post-patch:
+ @${REINPLACE_CMD} -e "s|-pthread|${PTHREAD_LIBS}|g" \
+ ${WRKSRC:H:H}/security/coreconf/FreeBSD.mk
+ @${SED} -e 's|@exec_prefix@|${PREFIX}|; \
+ s|@includedir@|${PREFIX}/include/nss|; \
+ s|@libdir@|${PREFIX}/lib/nss|; \
+ s|@prefix@|${PREFIX}|' \
+ ${FILESDIR}/nss-config.in >${WRKDIR}/nss-config
+ @${SED} -e 's|@PREFIX@|${PREFIX}|; s|@PORTVERSION@|${PORTVERSION}|' \
+ ${FILESDIR}/nss.pc.in >${WRKDIR}/nss.pc
+.for i in MAJOR MINOR PATCH
+ @${SED} -i.${i} -e 's|@${i}@|${_${i}}|' ${WRKDIR}/nss-config
+.endfor
+ @cd ${WRKSRC} && \
+ ${FIND} . -name "*.c" -o -name "*.h" | \
+ ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|'
+ @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \
+ ${WRKSRC}/lib/softoken/manifest.mn
+
+do-install:
+ ${MKDIR} ${PREFIX}/include/nss/nss ${PREFIX}/lib/nss
+ ${FIND} ${DIST}/public/nss -type l \
+ -exec ${INSTALL_DATA} {} ${PREFIX}/include/nss/nss \;
+ ${INSTALL_DATA} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib/*.so.1 \
+ ${PREFIX}/lib/nss
+ ${INSTALL_DATA} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib/libcrmf.a \
+ ${PREFIX}/lib/nss
+.for bin in ${INSTALL_BINS}
+ ${INSTALL_PROGRAM} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/bin/${bin} \
+ ${PREFIX}/bin
+.endfor
+ cd ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib && \
+ ${TAR} -cf - *.so | ${TAR} --unlink -C ${PREFIX}/lib/nss -xf -
+ ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${PREFIX}/bin
+ ${INSTALL_DATA} ${WRKDIR}/nss.pc ${PREFIX}/libdata/pkgconfig
+
+.include <bsd.port.mk>
Added: trunk/security/nss/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/distinfo Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,2 @@
+SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020
+SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595
Added: trunk/security/nss/files/nss-config.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/nss-config.in Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,145 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MAJOR@
+minor_version=@MINOR@
+patch_version=@PATCH@
+
+usage()
+{
+ cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+ [--prefix[=DIR]]
+ [--exec-prefix[=DIR]]
+ [--includedir[=DIR]]
+ [--libdir[=DIR]]
+ [--version]
+ [--libs]
+ [--cflags]
+Dynamic Libraries:
+ nss
+ nssutil
+ ssl
+ smime
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ ssl)
+ lib_ssl=yes
+ ;;
+ smime)
+ lib_smime=yes
+ ;;
+ nss)
+ lib_nss=yes
+ ;;
+ nssutil)
+ lib_nssutil=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=@exec_prefix@
+fi
+if test -z "$includedir"; then
+ includedir=@includedir@
+fi
+if test -z "$libdir"; then
+ libdir=@libdir@
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-L$libdir"
+ if test -n "$lib_ssl"; then
+ libdirs="$libdirs -lssl${major_version}"
+ fi
+ if test -n "$lib_smime"; then
+ libdirs="$libdirs -lsmime${major_version}"
+ fi
+ if test -n "$lib_nss"; then
+ libdirs="$libdirs -lnss${major_version}"
+ fi
+ if test -n "$lib_nssutil"; then
+ libdirs="$libdirs -lnssutil${major_version}"
+ fi
+ echo $libdirs
+fi
+
Added: trunk/security/nss/files/nss.pc.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/nss.pc.in Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,11 @@
+prefix=@PREFIX@
+exec_prefix=@PREFIX@
+libdir=@PREFIX@/lib/nss
+includedir=@PREFIX@/include
+
+Name: NSS
+Description: Mozilla Network Security Services
+Version: @PORTVERSION@
+Requires: nspr
+Libs: -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3
+Cflags: -I${includedir}/nss -I${includedir}/nss/nss
Added: trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,76 @@
+--- ../../security/coreconf/FreeBSD.mk.orig 2009-08-22 07:33:09.000000000 +0200
++++ ../../security/coreconf/FreeBSD.mk 2010-03-28 23:01:33.000000000 +0200
+@@ -37,9 +37,9 @@
+
+ include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+-DEFAULT_COMPILER = gcc
+-CC = gcc
+-CCC = g++
++DEFAULT_COMPILER = $(CC)
++CC ?= gcc
++CCC = $(CXX)
+ RANLIB = ranlib
+
+ CPU_ARCH = $(OS_TEST)
+@@ -50,7 +50,26 @@
+ CPU_ARCH = x86
+ endif
+ ifeq ($(CPU_ARCH),amd64)
+-CPU_ARCH = x86_64
++CPU_ARCH = amd64
++USE_64 = 1
++endif
++ifeq ($(OS_TEST),alpha)
++CPU_ARCH = alpha
++endif
++ifeq ($(OS_TEST),powerpc64)
++CPU_ARCH = powerpc
++USE_64 = 1
++endif
++ifeq ($(OS_TEST),powerpc)
++CPU_ARCH = powerpc
++endif
++ifeq ($(OS_TEST),sparc64)
++CPU_ARCH = sparc64
++USE_64 = 1
++endif
++ifeq ($(OS_TEST),ia64)
++CPU_ARCH = ia64
++USE_64 = 1
+ endif
+
+ OS_CFLAGS = $(DSO_CFLAGS) -ansi -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+@@ -65,20 +80,18 @@
+ USE_PTHREADS = 1
+ DEFINES += -D_THREAD_SAFE -D_REENTRANT
+ OS_LIBS += -pthread
+-DSO_LDOPTS += -pthread
++DSO_LDOPTS += $(BSD_LDOPTS)
+ endif
+
+ ARCH = freebsd
+
+-MOZ_OBJFORMAT := $(shell test -x /usr/bin/objformat && /usr/bin/objformat || echo elf)
++DLL_SUFFIX = so.1
+
+-ifeq ($(MOZ_OBJFORMAT),elf)
+-DLL_SUFFIX = so
++ifneq (,$(filter alpha ia64,$(OS_TEST)))
++MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS)
+ else
+-DLL_SUFFIX = so.1.0
++MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS)
+ endif
+-
+-MKSHLIB = $(CC) $(DSO_LDOPTS)
+ ifdef MAPFILE
+ MKSHLIB += -Wl,--version-script,$(MAPFILE)
+ endif
+@@ -87,4 +100,5 @@
+
+ G++INCLUDES = -I/usr/include/g++
+
+-INCLUDES += -I/usr/X11R6/include
++USE_SYSTEM_ZLIB = 1
++ZLIB_LIBS = -lz
Added: trunk/security/nss/files/patch-..::coreconf::command.mk
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-..::coreconf::command.mk Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,9 @@
+--- ../coreconf/command.mk Mon Oct 10 19:46:12 2005
++++ ../coreconf/command.mk Wed Jan 18 17:23:28 2006
+@@ -46,5 +46,5 @@
+ LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS)
+ LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS)
+-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
++CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
+ $(XCFLAGS)
+ RANLIB = echo
Added: trunk/security/nss/files/patch-..::coreconf::rules.mk
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-..::coreconf::rules.mk Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,10 @@
+--- ../coreconf/rules.mk.orig Sat Jan 6 00:48:54 2007
++++ ../coreconf/rules.mk Fri Mar 23 10:15:46 2007
+@@ -114,6 +114,7 @@
+ endif
+ ifdef SHARED_LIBRARY
+ $(INSTALL) -m 775 $(SHARED_LIBRARY) $(SOURCE_LIB_DIR)
++ ln -sf $(notdir $(SHARED_LIBRARY)) $(SOURCE_LIB_DIR)/$(notdir $(SHARED_LIBRARY:.so.1=.so))
+ ifdef MOZ_DEBUG_SYMBOLS
+ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+ $(INSTALL) -m 644 $(SHARED_LIBRARY:$(DLL_SUFFIX)=pdb) $(SOURCE_LIB_DIR)
Added: trunk/security/nss/files/patch-.._coreconf_arch.mk
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-.._coreconf_arch.mk Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,11 @@
+--- ../coreconf/arch.mk.orig 2011-03-03 18:13:52.000000000 +0100
++++ ../coreconf/arch.mk 2011-03-03 18:14:09.000000000 +0100
+@@ -66,7 +66,7 @@
+ # Attempt to differentiate between sparc and x86 Solaris
+ #
+
+-OS_TEST := $(shell uname -m)
++OS_TEST := $(shell uname -p)
+ ifeq ($(OS_TEST),i86pc)
+ OS_RELEASE := $(shell uname -r)_$(OS_TEST)
+ else
Added: trunk/security/nss/files/patch-Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-Makefile Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,11 @@
+--- Makefile.orig Thu Apr 14 20:28:40 2005
++++ Makefile Tue Aug 30 15:32:11 2005
+@@ -78,7 +78,7 @@
+ # (7) Execute "local" rules. (OPTIONAL). #
+ #######################################################################
+
+-nss_build_all: build_coreconf build_nspr build_dbm all
++nss_build_all: build_coreconf all
+
+ build_coreconf:
+ cd $(CORE_DEPTH)/coreconf ; $(MAKE)
Added: trunk/security/nss/files/patch-const
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-const Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,46 @@
+--- cmd/modutil/modutil.h Sun Apr 25 11:02:47 2004
++++ cmd/modutil/modutil.h Fri Jul 22 17:35:20 2005
+@@ -53,6 +53,6 @@
+ #include "error.h"
+
+-Error FipsMode(char *arg);
+-Error ChkFipsMode(char *arg);
++Error FipsMode(const char *arg);
++Error ChkFipsMode(const char *arg);
+ Error AddModule(char *moduleName, char *libFile, char *ciphers,
+ char *mechanisms, char* modparms);
+--- cmd/modutil/pk11.c Sun Apr 25 11:02:47 2004
++++ cmd/modutil/pk11.c Fri Jul 22 17:36:48 2005
+@@ -53,5 +53,5 @@
+ */
+ Error
+-FipsMode(char *arg)
++FipsMode(const char *arg)
+ {
+ char *internal_name;
+@@ -62,14 +62,16 @@
+ SECMOD_GetInternalModule()->commonName);
+ if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
++ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
+ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+- PR_smprintf_free(internal_name);
+ if (!PK11_IsFIPS()) {
++ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
++ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
++ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+ } else {
+@@ -112,5 +114,5 @@
+ */
+ Error
+-ChkFipsMode(char *arg)
++ChkFipsMode(const char *arg)
+ {
+ if(!PORT_Strcasecmp(arg, "true")) {
Added: trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,43 @@
+--- lib/freebl/mpi/mpcpucache.c.orig 2010-06-11 22:39:33.000000000 +0200
++++ lib/freebl/mpi/mpcpucache.c 2010-06-11 22:40:20.000000000 +0200
+@@ -733,6 +733,32 @@ s_mpi_getProcessorLineSize()
+ #endif
+
+ #if defined(__ppc64__)
++
++#if defined(__FreeBSD__)
++#include <sys/stddef.h>
++#include <sys/sysctl.h>
++
++#include <machine/cpu.h>
++#include <machine/md_var.h>
++
++unsigned long
++s_mpi_getProcessorLineSize()
++{
++ static int cacheline_size = 0;
++ static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE };
++ int clen;
++
++ if (cacheline_size > 0)
++ return cacheline_size;
++
++ clen = sizeof(cacheline_size);
++ if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]),
++ &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size)
++ return 128; /* guess */
++
++ return cacheline_size;
++}
++#else
+ /*
+ * Sigh, The PPC has some really nice features to help us determine cache
+ * size, since it had lots of direct control functions to do so. The POWER
+@@ -785,6 +811,7 @@ s_mpi_getProcessorLineSize()
+ }
+ return 0;
+ }
++#endif
+
+ #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+ #endif
Added: trunk/security/nss/files/patch-lib_softoken_manifest.mn
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-lib_softoken_manifest.mn Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,13 @@
+--- lib/softoken/manifest.mn.orig 2010-07-30 04:33:26.000000000 +0200
++++ lib/softoken/manifest.mn 2010-10-17 12:01:04.000000000 +0200
+@@ -47,9 +47,7 @@
+
+ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
+
+-ifdef SQLITE_INCLUDE_DIR
+-INCLUDES += -I$(SQLITE_INCLUDE_DIR)
+-endif
++INCLUDES += -I$(LOCALBASE)/include
+
+ EXPORTS = \
+ secmodt.h \
Added: trunk/security/nss/files/patch-lib_softoken_pkcs11c.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-lib_softoken_pkcs11c.c Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,22 @@
+--- lib/softoken/pkcs11c.c.orig 2010-05-05 14:36:05.000000000 +0000
++++ lib/softoken/pkcs11c.c 2010-05-05 14:37:25.000000000 +0000
+@@ -4602,9 +4602,6 @@
+ break;
+ case NSSLOWKEYDSAKey:
+ keyType = CKK_DSA;
+- crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
+- CKR_KEY_TYPE_INCONSISTENT;
+- if(crv != CKR_OK) break;
+ crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
+ sizeof(keyType));
+ if(crv != CKR_OK) break;
+@@ -4638,9 +4635,6 @@
+ #ifdef NSS_ENABLE_ECC
+ case NSSLOWKEYECKey:
+ keyType = CKK_EC;
+- crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
+- CKR_KEY_TYPE_INCONSISTENT;
+- if(crv != CKR_OK) break;
+ crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
+ sizeof(keyType));
+ if(crv != CKR_OK) break;
Added: trunk/security/nss/files/patch-sysdb
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-sysdb Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,138 @@
+--- lib/softoken/legacydb/cdbhdl.h.orig 2009-08-31 12:33:12.000000000 +0200
++++ lib/softoken/legacydb/cdbhdl.h 2009-08-31 12:33:36.000000000 +0200
+@@ -43,7 +43,8 @@
+ #define _CDBHDL_H_
+
+ #include "nspr.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "pcertt.h"
+ #include "prtypes.h"
+
+
+--- lib/softoken/legacydb/dbmshim.c.orig 2009-08-31 10:40:23.000000000 +0200
++++ lib/softoken/legacydb/dbmshim.c 2009-08-31 10:40:35.000000000 +0200
+@@ -39,7 +39,8 @@
+ *
+ * $Id: dbmshim.c,v 1.2 2007/06/13 00:24:57 rrelyea%redhat.com Exp $
+ */
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "secitem.h"
+ #include "nssb64.h"
+ #include "blapi.h"
+--- lib/softoken/legacydb/keydb.c.orig 2009-08-31 10:40:04.000000000 +0200
++++ lib/softoken/legacydb/keydb.c 2009-08-31 10:40:08.000000000 +0200
+@@ -43,7 +43,6 @@
+ #include "blapi.h"
+ #include "secitem.h"
+ #include "pcert.h"
+-#include "mcom_db.h"
+ #include "secerr.h"
+
+ #include "keydbi.h"
+--- lib/softoken/legacydb/keydbi.h.orig 2009-08-31 12:33:17.000000000 +0200
++++ lib/softoken/legacydb/keydbi.h 2009-08-31 12:34:13.000000000 +0200
+@@ -43,5 +43,5 @@
+
+ #include "nspr.h"
+ #include "seccomon.h"
+-#include "mcom_db.h"
++#include <db.h>
+
+ /*
+ * Handle structure for open key databases
+--- lib/softoken/legacydb/pcertdb.c.orig 2009-08-31 10:40:52.000000000 +0200
++++ lib/softoken/legacydb/pcertdb.c 2009-08-31 10:41:26.000000000 +0200
+@@ -41,7 +41,8 @@
+ */
+ #include "lowkeyti.h"
+ #include "pcert.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "pcert.h"
+ #include "secitem.h"
+ #include "secder.h"
+--- lib/softoken/legacydb/pk11db.c.orig 2009-08-31 10:40:57.000000000 +0200
++++ lib/softoken/legacydb/pk11db.c 2009-08-31 10:41:55.000000000 +0200
+@@ -41,7 +41,8 @@
+
+ #include "pk11pars.h"
+ #include "lgdb.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "secerr.h"
+
+ #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
+--- lib/ckfw/dbm/ckdbm.h.orig 2009-08-31 10:46:00.000000000 +0200
++++ lib/ckfw/dbm/ckdbm.h 2009-08-31 10:46:22.000000000 +0200
+@@ -59,7 +59,7 @@
+ #include "ckt.h"
+ #endif /* CKT_H */
+
+-#include "mcom_db.h"
++#include <db.h>
+
+ NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
+
+--- lib/softoken/legacydb/config.mk.orig 2009-08-31 12:39:49.000000000 +0200
++++ lib/softoken/legacydb/config.mk 2009-08-31 12:40:03.000000000 +0200
+@@ -40,10 +40,6 @@
+
+ EXTRA_LIBS += $(CRYPTOLIB)
+
+-ifndef NSS_DISABLE_DBM
+-EXTRA_LIBS += $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
+-endif
+-
+ # can't do this in manifest.mn because OS_TARGET isn't defined there.
+ ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+--- lib/certdb/xauthkid.c.orig 2009-08-31 12:43:13.000000000 +0200
++++ lib/certdb/xauthkid.c 2009-08-31 12:44:21.000000000 +0200
+@@ -39,7 +39,7 @@
+ *
+ */
+
+-#include "prtypes.h"
++#include <prtypes.h>
+ #include "seccomon.h"
+ #include "secdert.h"
+ #include "secoidt.h"
+--- lib/certdb/xbsconst.c.orig 2009-08-31 12:43:22.000000000 +0200
++++ lib/certdb/xbsconst.c 2009-08-31 12:44:41.000000000 +0200
+@@ -38,7 +38,7 @@
+ * X.509 v3 Basic Constraints Extension
+ */
+
+-#include "prtypes.h"
++#include <prtypes.h>
+ #include <limits.h> /* for LONG_MAX */
+ #include "seccomon.h"
+ #include "secdert.h"
+--- lib/certdb/xconst.c.orig 2009-08-31 12:43:46.000000000 +0200
++++ lib/certdb/xconst.c 2009-08-31 12:44:50.000000000 +0200
+@@ -38,7 +38,7 @@
+ * X.509 Extension Encoding
+ */
+
+-#include "prtypes.h"
++#include <prtypes.h>
+ #include "seccomon.h"
+ #include "secdert.h"
+ #include "secoidt.h"
+--- cmd/platlibs.mk.orig 2009-08-31 12:57:13.000000000 +0200
++++ cmd/platlibs.mk 2009-08-31 12:57:29.000000000 +0200
+@@ -85,7 +85,7 @@
+ ifdef NSS_DISABLE_DBM
+ DBMLIB = $(NULL)
+ else
+-DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
++DBMLIB = $(NULL)
+ endif
+
+ ifdef USE_STATIC_LIBS
Added: trunk/security/nss/files/patch-tests
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/files/patch-tests Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,10 @@
+--- tests/common/init.sh Mon Apr 11 22:24:17 2005
++++ tests/common/init.sh Fri Jul 22 16:55:36 2005
+@@ -197,5 +197,6 @@
+ case $HOST in
+ *\.*)
+- HOST=`echo $HOST | sed -e "s/\..*//"`
++ DOMSUF=${HOST#*.} # remove Smallest Prefix matching ``*.''
++ HOST=${HOST%%.*} # remove Largest Suffix ``.*''. See sh(1)
+ ;;
+ ?*)
Added: trunk/security/nss/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,7 @@
+Network Security Services (NSS) is a set of libraries designed to support
+cross-platform development of security-enabled server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
+PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
+standards.
+
+WWW: http://www.mozilla.org/projects/security/pki/nss/
Added: trunk/security/nss/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/security/nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659)
@@ -0,0 +1,138 @@
+bin/certcgi
+bin/certutil
+bin/checkcert
+bin/cmsutil
+bin/crlutil
+bin/derdump
+bin/makepqg
+bin/mangle
+bin/modutil
+bin/nss-config
+bin/ocspclnt
+bin/oidcalc
+bin/p7content
+bin/p7env
+bin/p7sign
+bin/p7verify
+bin/pk12util
+bin/rsaperf
+bin/shlibsign
+bin/signtool
+bin/signver
+bin/ssltap
+bin/strsclnt
+bin/symkeyutil
+bin/vfychain
+bin/vfyserv
+include/nss/nss/base64.h
+include/nss/nss/blapit.h
+include/nss/nss/cert.h
+include/nss/nss/certdb.h
+include/nss/nss/certt.h
+include/nss/nss/ciferfam.h
+include/nss/nss/cmmf.h
+include/nss/nss/cmmft.h
+include/nss/nss/cms.h
+include/nss/nss/cmsreclist.h
+include/nss/nss/cmst.h
+include/nss/nss/crmf.h
+include/nss/nss/crmft.h
+include/nss/nss/cryptohi.h
+include/nss/nss/cryptoht.h
+include/nss/nss/ecl-exp.h
+include/nss/nss/hasht.h
+include/nss/nss/jar-ds.h
+include/nss/nss/jar.h
+include/nss/nss/jarfile.h
+include/nss/nss/key.h
+include/nss/nss/keyhi.h
+include/nss/nss/keyt.h
+include/nss/nss/keythi.h
+include/nss/nss/nss.h
+include/nss/nss/nssb64.h
+include/nss/nss/nssb64t.h
+include/nss/nss/nssbase.h
+include/nss/nss/nssbaset.h
+include/nss/nss/nssck.api
+include/nss/nss/nssckbi.h
+include/nss/nss/nssckepv.h
+include/nss/nss/nssckft.h
+include/nss/nss/nssckfw.h
+include/nss/nss/nssckfwc.h
+include/nss/nss/nssckfwt.h
+include/nss/nss/nssckg.h
+include/nss/nss/nssckmdt.h
+include/nss/nss/nssckt.h
+include/nss/nss/nssilckt.h
+include/nss/nss/nssilock.h
+include/nss/nss/nsslocks.h
+include/nss/nss/nssrwlk.h
+include/nss/nss/nssrwlkt.h
+include/nss/nss/nssutil.h
+include/nss/nss/ocsp.h
+include/nss/nss/ocspt.h
+include/nss/nss/p12.h
+include/nss/nss/p12plcy.h
+include/nss/nss/p12t.h
+include/nss/nss/pk11func.h
+include/nss/nss/pk11pqg.h
+include/nss/nss/pk11priv.h
+include/nss/nss/pk11pub.h
+include/nss/nss/pk11sdr.h
+include/nss/nss/pkcs11.h
+include/nss/nss/pkcs11f.h
+include/nss/nss/pkcs11n.h
+include/nss/nss/pkcs11p.h
+include/nss/nss/pkcs11t.h
+include/nss/nss/pkcs11u.h
+include/nss/nss/pkcs12.h
+include/nss/nss/pkcs12t.h
+include/nss/nss/pkcs7t.h
+include/nss/nss/portreg.h
+include/nss/nss/preenc.h
+include/nss/nss/secasn1.h
+include/nss/nss/secasn1t.h
+include/nss/nss/seccomon.h
+include/nss/nss/secder.h
+include/nss/nss/secdert.h
+include/nss/nss/secdig.h
+include/nss/nss/secdigt.h
+include/nss/nss/secerr.h
+include/nss/nss/sechash.h
+include/nss/nss/secitem.h
+include/nss/nss/secmime.h
+include/nss/nss/secmod.h
+include/nss/nss/secmodt.h
+include/nss/nss/secoid.h
+include/nss/nss/secoidt.h
+include/nss/nss/secpkcs5.h
+include/nss/nss/secpkcs7.h
+include/nss/nss/secport.h
+include/nss/nss/shsign.h
+include/nss/nss/smime.h
+include/nss/nss/ssl.h
+include/nss/nss/sslerr.h
+include/nss/nss/sslproto.h
+include/nss/nss/sslt.h
+include/nss/nss/utilrename.h
+lib/nss/libcrmf.a
+lib/nss/libfreebl3.so
+lib/nss/libfreebl3.so.1
+lib/nss/libnss3.so
+lib/nss/libnss3.so.1
+lib/nss/libnssckbi.so
+lib/nss/libnssckbi.so.1
+lib/nss/libnssdbm3.so
+lib/nss/libnssdbm3.so.1
+lib/nss/libnssutil3.so
+lib/nss/libnssutil3.so.1
+lib/nss/libsmime3.so
+lib/nss/libsmime3.so.1
+lib/nss/libsoftokn3.so
+lib/nss/libsoftokn3.so.1
+lib/nss/libssl3.so
+lib/nss/libssl3.so.1
+libdata/pkgconfig/nss.pc
+ at dirrm lib/nss
+ at dirrm include/nss/nss
+ at dirrm include/nss
More information about the freebsd-gecko
mailing list