Author: beat Date: Wed Oct 19 17:21:47 2011 New Revision: 659 Log: - Add and update ports which are maintained by gecko@ now.
Added: branches/experimental/security/ca_root_nss/ branches/experimental/security/ca_root_nss/Makefile branches/experimental/security/ca_root_nss/distinfo branches/experimental/security/ca_root_nss/files/ branches/experimental/security/ca_root_nss/files/MAca-bundle.pl branches/experimental/security/ca_root_nss/pkg-descr branches/experimental/security/ca_root_nss/pkg-plist trunk/security/ trunk/security/ca_root_nss/ trunk/security/ca_root_nss/Makefile trunk/security/ca_root_nss/distinfo trunk/security/ca_root_nss/files/ trunk/security/ca_root_nss/files/MAca-bundle.pl trunk/security/ca_root_nss/pkg-descr trunk/security/ca_root_nss/pkg-plist trunk/security/nss/ trunk/security/nss/Makefile trunk/security/nss/distinfo trunk/security/nss/files/ trunk/security/nss/files/nss-config.in trunk/security/nss/files/nss.pc.in trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk trunk/security/nss/files/patch-..::coreconf::command.mk trunk/security/nss/files/patch-..::coreconf::rules.mk trunk/security/nss/files/patch-.._coreconf_arch.mk trunk/security/nss/files/patch-Makefile trunk/security/nss/files/patch-const trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c trunk/security/nss/files/patch-lib_softoken_manifest.mn trunk/security/nss/files/patch-lib_softoken_pkcs11c.c trunk/security/nss/files/patch-sysdb trunk/security/nss/files/patch-tests trunk/security/nss/pkg-descr trunk/security/nss/pkg-plist Modified: branches/experimental/devel/nspr/Makefile branches/experimental/devel/nspr/distinfo branches/experimental/security/nss/Makefile trunk/devel/nspr/Makefile trunk/devel/nspr/distinfo Modified: branches/experimental/devel/nspr/Makefile ============================================================================== --- branches/experimental/devel/nspr/Makefile Wed Oct 19 17:15:34 2011 (r658) +++ branches/experimental/devel/nspr/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -2,17 +2,16 @@ # Date created: 18 December 2001 # Whom: Maxim Sobolev <[email protected]> # -# $FreeBSD: ports/devel/nspr/Makefile,v 1.45 2011/09/10 10:35:10 flo Exp $ +# $FreeBSD: ports/devel/nspr/Makefile,v 1.47 2011/10/07 22:39:17 flo Exp $ # $MCom: ports-experimental/devel/nspr/Makefile,v 1.6 2008/03/12 13:06:56 ahze Exp $ PORTNAME= nspr -DISTVERSION= 4.8.8 -PORTREVISION= 1 +DISTVERSION= 4.8.9 CATEGORIES= devel MASTER_SITES= MOZILLA MASTER_SITE_SUBDIR= nspr/releases/v${PORTVERSION}/src -MAINTAINER= [email protected] +MAINTAINER= [email protected] COMMENT= A platform-neutral API for system level and libc like functions WRKSRC= ${WRKDIR}/${DISTNAME}/mozilla/nsprpub/build Modified: branches/experimental/devel/nspr/distinfo ============================================================================== --- branches/experimental/devel/nspr/distinfo Wed Oct 19 17:15:34 2011 (r658) +++ branches/experimental/devel/nspr/distinfo Wed Oct 19 17:21:47 2011 (r659) @@ -1,2 +1,2 @@ -SHA256 (nspr-4.8.8.tar.gz) = 92f3f4ded2ee313e396c180d5445cc3c718ff347d86c06b7bf14a1b5e049d4c9 -SIZE (nspr-4.8.8.tar.gz) = 1246068 +SHA256 (nspr-4.8.9.tar.gz) = ff43c7c819e72f03bb908e7652c5d5f59a5d31ee86c333e692650207103d1cce +SIZE (nspr-4.8.9.tar.gz) = 1235265 Added: branches/experimental/security/ca_root_nss/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/experimental/security/ca_root_nss/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,72 @@ +# New ports collection makefile for: ca-root-nss +# Date created: Thu Jan 25 13:02:14 CST 2007 +# Whom: Brooks Davis <[email protected]> +# +# $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.15 2011/10/08 21:37:44 flo Exp $ +# + +PORTNAME= ca_root_nss +PORTVERSION= ${VERSION_NSS} +PORTREVISION= 1 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_MOZILLA} +MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src +DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} + +MAINTAINER= [email protected] +COMMENT= The root certificate bundle from the Mozilla Project + +OPTIONS= ETCSYMLINK "Add symlink to /etc/ssl/cert.pem" off + +USE_PERL5_BUILD= yes +NO_WRKSUBDIR= yes + +CERTDIR?= share/certs +PLIST_SUB+= CERTDIR=${CERTDIR} + +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# !!! These versions are indented to track security/nss and !!! +# !!! www/apache13-modssl. Please DO NOT submit patches for !!! +# !!! new versions until they have been committed there first. !!! +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +VERSION_NSS= 3.12.11 +CKBI_VER= 1.87 +VERSION_APACHE= 1.3.41 +NSS_SUFFIX= .with.ckbi.${CKBI_VER} +CERTDATA_TXT_PATH= nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt +BUNDLE_PROCESSOR= MAca-bundle.pl + +.include <bsd.port.pre.mk> + +.if !defined(WITHOUT_ETCSYMLINK) +PLIST_SUB+= ETCSYMLINK= +CONFLICTS= ca-roots-[0-9]* +.else +PLIST_SUB+= ETCSYMLINK="@comment " +.endif + +do-extract: + @${MKDIR} ${WRKDIR} + @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ + ${CERTDATA_TXT_PATH} + @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR} + @${CP} ${FILESDIR}/${BUNDLE_PROCESSOR} ${WRKDIR} + @${RM} -rf ${WRKDIR}/nss-${VERSION_NSS} + +post-patch: + @${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS}${NSS_SUFFIX},g;' \ + ${WRKDIR}/${BUNDLE_PROCESSOR} + +do-build: + @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ + < ${WRKDIR}/certdata.txt > \ + ${WRKDIR}/ca-root-nss.crt + +do-install: + ${MKDIR} ${PREFIX}/${CERTDIR} + ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR} +.if !defined(WITHOUT_ETCSYMLINK) + ${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem +.endif + +.include <bsd.port.post.mk> Added: branches/experimental/security/ca_root_nss/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/experimental/security/ca_root_nss/distinfo Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,2 @@ +SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020 +SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595 Added: branches/experimental/security/ca_root_nss/files/MAca-bundle.pl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/experimental/security/ca_root_nss/files/MAca-bundle.pl Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,190 @@ +## +## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt +## +## Rewritten in September 2011 by Matthias Andree to heed untrust +## + +## Copyright (c) 2011, Matthias Andree +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions are +## met: +## +## * Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## +## * Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following disclaimer in the +## documentation and/or other materials provided with the distribution. +## +## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +## POSSIBILITY OF SUCH DAMAGE. + +use strict; +use MIME::Base64; + +my $VERSION = '$FreeBSD: ports/security/ca_root_nss/files/MAca-bundle.pl,v 1.3 2011/09/04 15:11:48 mandree Exp $'; + +# configuration +print <<EOH; +## +## ca-root-nss.crt -- Bundle of CA Root Certificates +## +## This is a bundle of X.509 certificates of public Certificate +## Authorities (CA). These were automatically extracted from Mozilla's +## root CA list (the file `certdata.txt'). +## +## Extracted from nss-%%VERSION_NSS%% +## with $VERSION +## +EOH +my $debug = 1; + +my %certs; +my %trusts; + +sub printcert_plain($$) +{ + my ($label, $certdata) = @_; + print "=== $label ===\n" if $label; + print + "-----BEGIN CERTIFICATE-----\n", + MIME::Base64::encode_base64($certdata), + "-----END CERTIFICATE-----\n\n"; +} + +sub printcert_info($$) +{ + my (undef, $certdata) = @_; + return unless $certdata; + open(OUT, "|openssl x509 -text -inform DER -fingerprint") + || die "could not pipe to openssl x509"; + print OUT $certdata; + close(OUT) or die "openssl x509 failed with exit code $?"; +} + +sub printcert($$) { + my ($a, $b) = @_; + printcert_info($a, $b); +} + +sub graboct() +{ + my $data; + + while (<>) { + last if /^END/; + my (undef,@oct) = split /\\/; + my @bin = map(chr(oct), @oct); + $data .= join('', @bin); + } + + return $data; +} + + +sub grabcert() +{ + my $certdata; + my $cka_label; + my $serial; + + while (<>) { + chomp; + last if ($_ eq ''); + + if (/^CKA_LABEL UTF8 "([^"]+)"/) { + $cka_label = $1; + } + + if (/^CKA_VALUE MULTILINE_OCTAL/) { + $certdata = graboct(); + } + + if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { + $serial = graboct(); + } + } + return ($serial, $cka_label, $certdata); +} + +sub grabtrust() { + my $cka_label; + my $serial; + my $trust = 1; + + while (<>) { + chomp; + last if ($_ eq ''); + + if (/^CKA_LABEL UTF8 "([^"]+)"/) { + $cka_label = $1; + } + + if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { + $serial = graboct(); + } + + if (/^CKA_TRUST_.*\s.*_(UN|NOT_)TRUSTED/) { + $trust = 0; + } + } + return ($serial, $cka_label, $trust); +} + +while (<>) { + if (/^CKA_CLASS .* CKO_CERTIFICATE/) { + my ($serial, $label, $certdata) = grabcert(); + if (defined $certs{$serial.$label}) { + warn "Certificate $label duplicated!\n"; + } + $certs{$serial.$label} = $certdata; + } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) { + my ($serial, $label, $trust) = grabtrust(); + if (defined $trusts{$serial.$label}) { + warn "Trust for $label duplicated!\n"; + } + $trusts{$serial.$label} = $trust; + } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { + print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n"; + } +} + +# weed out untrusted certificates +my $untrusted = 0; +foreach my $it (keys %trusts) { + if (!$trusts{$it}) { + if (!exists($certs{$it})) { + warn "Found trust for nonexistent certificate\n"; + } else { + delete $certs{$it}; + $untrusted++; + } + } +} + +print "## Untrusted certificates omitted from this bundle: $untrusted\n\n"; + +my $certcount = 0; +foreach my $it (keys %certs) { + if (!exists($trusts{$it})) { + die "Found certificate without trust block,\naborting"; + } + printcert("", $certs{$it}); + print "\n\n\n"; + $certcount++; +} + +print "## Number of certificates: $certcount\n"; +print "## End of file.\n"; Added: branches/experimental/security/ca_root_nss/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/experimental/security/ca_root_nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,4 @@ +Root certificates from certificate authorities included in the Mozilla +NSS library and thus in Firefox and Thunderbird. + +This port directly tracks the version of NSS in the security/nss port. Added: branches/experimental/security/ca_root_nss/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/experimental/security/ca_root_nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,4 @@ +%%CERTDIR%%/ca-root-nss.crt +@dirrmtry %%CERTDIR%% +%%ETCSYMLINK%%@cwd / +%%ETCSYMLINK%%etc/ssl/cert.pem Modified: branches/experimental/security/nss/Makefile ============================================================================== --- branches/experimental/security/nss/Makefile Wed Oct 19 17:15:34 2011 (r658) +++ branches/experimental/security/nss/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -2,7 +2,7 @@ # Date created: 18 December 2001 # Whom: Maxim Sobolev <[email protected]> # -# $FreeBSD: ports/security/nss/Makefile,v 1.58 2011/09/04 13:23:51 mandree Exp $ +# $FreeBSD: ports/security/nss/Makefile,v 1.59 2011/10/07 20:40:40 kwm Exp $ # $MCom ports-experimental/security/nss/Makefile,v 1.4 2008/02/23 15:47:28 ahze Exp $ PORTNAME= nss @@ -12,7 +12,7 @@ MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src DISTNAME= nss-${PORTVERSION}.with.ckbi.${CKBI_VER} -MAINTAINER= [email protected] +MAINTAINER= [email protected] COMMENT= Libraries to support development of security-enabled applications BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \ Modified: trunk/devel/nspr/Makefile ============================================================================== --- trunk/devel/nspr/Makefile Wed Oct 19 17:15:34 2011 (r658) +++ trunk/devel/nspr/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -2,17 +2,16 @@ # Date created: 18 December 2001 # Whom: Maxim Sobolev <[email protected]> # -# $FreeBSD: ports/devel/nspr/Makefile,v 1.45 2011/09/10 10:35:10 flo Exp $ +# $FreeBSD: ports/devel/nspr/Makefile,v 1.47 2011/10/07 22:39:17 flo Exp $ # $MCom: ports-experimental/devel/nspr/Makefile,v 1.6 2008/03/12 13:06:56 ahze Exp $ PORTNAME= nspr -DISTVERSION= 4.8.8 -PORTREVISION= 1 +DISTVERSION= 4.8.9 CATEGORIES= devel MASTER_SITES= MOZILLA MASTER_SITE_SUBDIR= nspr/releases/v${PORTVERSION}/src -MAINTAINER= [email protected] +MAINTAINER= [email protected] COMMENT= A platform-neutral API for system level and libc like functions WRKSRC= ${WRKDIR}/${DISTNAME}/mozilla/nsprpub/build Modified: trunk/devel/nspr/distinfo ============================================================================== --- trunk/devel/nspr/distinfo Wed Oct 19 17:15:34 2011 (r658) +++ trunk/devel/nspr/distinfo Wed Oct 19 17:21:47 2011 (r659) @@ -1,2 +1,2 @@ -SHA256 (nspr-4.8.8.tar.gz) = 92f3f4ded2ee313e396c180d5445cc3c718ff347d86c06b7bf14a1b5e049d4c9 -SIZE (nspr-4.8.8.tar.gz) = 1246068 +SHA256 (nspr-4.8.9.tar.gz) = ff43c7c819e72f03bb908e7652c5d5f59a5d31ee86c333e692650207103d1cce +SIZE (nspr-4.8.9.tar.gz) = 1235265 Added: trunk/security/ca_root_nss/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/ca_root_nss/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,72 @@ +# New ports collection makefile for: ca-root-nss +# Date created: Thu Jan 25 13:02:14 CST 2007 +# Whom: Brooks Davis <[email protected]> +# +# $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.15 2011/10/08 21:37:44 flo Exp $ +# + +PORTNAME= ca_root_nss +PORTVERSION= ${VERSION_NSS} +PORTREVISION= 1 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_MOZILLA} +MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src +DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} + +MAINTAINER= [email protected] +COMMENT= The root certificate bundle from the Mozilla Project + +OPTIONS= ETCSYMLINK "Add symlink to /etc/ssl/cert.pem" off + +USE_PERL5_BUILD= yes +NO_WRKSUBDIR= yes + +CERTDIR?= share/certs +PLIST_SUB+= CERTDIR=${CERTDIR} + +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# !!! These versions are indented to track security/nss and !!! +# !!! www/apache13-modssl. Please DO NOT submit patches for !!! +# !!! new versions until they have been committed there first. !!! +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +VERSION_NSS= 3.12.11 +CKBI_VER= 1.87 +VERSION_APACHE= 1.3.41 +NSS_SUFFIX= .with.ckbi.${CKBI_VER} +CERTDATA_TXT_PATH= nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt +BUNDLE_PROCESSOR= MAca-bundle.pl + +.include <bsd.port.pre.mk> + +.if !defined(WITHOUT_ETCSYMLINK) +PLIST_SUB+= ETCSYMLINK= +CONFLICTS= ca-roots-[0-9]* +.else +PLIST_SUB+= ETCSYMLINK="@comment " +.endif + +do-extract: + @${MKDIR} ${WRKDIR} + @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ + ${CERTDATA_TXT_PATH} + @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR} + @${CP} ${FILESDIR}/${BUNDLE_PROCESSOR} ${WRKDIR} + @${RM} -rf ${WRKDIR}/nss-${VERSION_NSS} + +post-patch: + @${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS}${NSS_SUFFIX},g;' \ + ${WRKDIR}/${BUNDLE_PROCESSOR} + +do-build: + @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ + < ${WRKDIR}/certdata.txt > \ + ${WRKDIR}/ca-root-nss.crt + +do-install: + ${MKDIR} ${PREFIX}/${CERTDIR} + ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR} +.if !defined(WITHOUT_ETCSYMLINK) + ${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem +.endif + +.include <bsd.port.post.mk> Added: trunk/security/ca_root_nss/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/ca_root_nss/distinfo Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,2 @@ +SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020 +SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595 Added: trunk/security/ca_root_nss/files/MAca-bundle.pl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/ca_root_nss/files/MAca-bundle.pl Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,190 @@ +## +## MAca-bundle.pl -- Regenerate ca-root-nss.crt from the Mozilla certdata.txt +## +## Rewritten in September 2011 by Matthias Andree to heed untrust +## + +## Copyright (c) 2011, Matthias Andree +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions are +## met: +## +## * Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## +## * Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following disclaimer in the +## documentation and/or other materials provided with the distribution. +## +## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +## "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +## LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +## COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +## INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +## BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +## CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +## ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +## POSSIBILITY OF SUCH DAMAGE. + +use strict; +use MIME::Base64; + +my $VERSION = '$FreeBSD: ports/security/ca_root_nss/files/MAca-bundle.pl,v 1.3 2011/09/04 15:11:48 mandree Exp $'; + +# configuration +print <<EOH; +## +## ca-root-nss.crt -- Bundle of CA Root Certificates +## +## This is a bundle of X.509 certificates of public Certificate +## Authorities (CA). These were automatically extracted from Mozilla's +## root CA list (the file `certdata.txt'). +## +## Extracted from nss-%%VERSION_NSS%% +## with $VERSION +## +EOH +my $debug = 1; + +my %certs; +my %trusts; + +sub printcert_plain($$) +{ + my ($label, $certdata) = @_; + print "=== $label ===\n" if $label; + print + "-----BEGIN CERTIFICATE-----\n", + MIME::Base64::encode_base64($certdata), + "-----END CERTIFICATE-----\n\n"; +} + +sub printcert_info($$) +{ + my (undef, $certdata) = @_; + return unless $certdata; + open(OUT, "|openssl x509 -text -inform DER -fingerprint") + || die "could not pipe to openssl x509"; + print OUT $certdata; + close(OUT) or die "openssl x509 failed with exit code $?"; +} + +sub printcert($$) { + my ($a, $b) = @_; + printcert_info($a, $b); +} + +sub graboct() +{ + my $data; + + while (<>) { + last if /^END/; + my (undef,@oct) = split /\\/; + my @bin = map(chr(oct), @oct); + $data .= join('', @bin); + } + + return $data; +} + + +sub grabcert() +{ + my $certdata; + my $cka_label; + my $serial; + + while (<>) { + chomp; + last if ($_ eq ''); + + if (/^CKA_LABEL UTF8 "([^"]+)"/) { + $cka_label = $1; + } + + if (/^CKA_VALUE MULTILINE_OCTAL/) { + $certdata = graboct(); + } + + if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { + $serial = graboct(); + } + } + return ($serial, $cka_label, $certdata); +} + +sub grabtrust() { + my $cka_label; + my $serial; + my $trust = 1; + + while (<>) { + chomp; + last if ($_ eq ''); + + if (/^CKA_LABEL UTF8 "([^"]+)"/) { + $cka_label = $1; + } + + if (/^CKA_SERIAL_NUMBER MULTILINE_OCTAL/) { + $serial = graboct(); + } + + if (/^CKA_TRUST_.*\s.*_(UN|NOT_)TRUSTED/) { + $trust = 0; + } + } + return ($serial, $cka_label, $trust); +} + +while (<>) { + if (/^CKA_CLASS .* CKO_CERTIFICATE/) { + my ($serial, $label, $certdata) = grabcert(); + if (defined $certs{$serial.$label}) { + warn "Certificate $label duplicated!\n"; + } + $certs{$serial.$label} = $certdata; + } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) { + my ($serial, $label, $trust) = grabtrust(); + if (defined $trusts{$serial.$label}) { + warn "Trust for $label duplicated!\n"; + } + $trusts{$serial.$label} = $trust; + } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { + print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n"; + } +} + +# weed out untrusted certificates +my $untrusted = 0; +foreach my $it (keys %trusts) { + if (!$trusts{$it}) { + if (!exists($certs{$it})) { + warn "Found trust for nonexistent certificate\n"; + } else { + delete $certs{$it}; + $untrusted++; + } + } +} + +print "## Untrusted certificates omitted from this bundle: $untrusted\n\n"; + +my $certcount = 0; +foreach my $it (keys %certs) { + if (!exists($trusts{$it})) { + die "Found certificate without trust block,\naborting"; + } + printcert("", $certs{$it}); + print "\n\n\n"; + $certcount++; +} + +print "## Number of certificates: $certcount\n"; +print "## End of file.\n"; Added: trunk/security/ca_root_nss/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/ca_root_nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,4 @@ +Root certificates from certificate authorities included in the Mozilla +NSS library and thus in Firefox and Thunderbird. + +This port directly tracks the version of NSS in the security/nss port. Added: trunk/security/ca_root_nss/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/ca_root_nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,4 @@ +%%CERTDIR%%/ca-root-nss.crt +@dirrmtry %%CERTDIR%% +%%ETCSYMLINK%%@cwd / +%%ETCSYMLINK%%etc/ssl/cert.pem Added: trunk/security/nss/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,102 @@ +# Ports collection Makefile for: nss +# Date created: 18 December 2001 +# Whom: Maxim Sobolev <[email protected]> +# +# $FreeBSD: ports/security/nss/Makefile,v 1.59 2011/10/07 20:40:40 kwm Exp $ +# $MCom ports-experimental/security/nss/Makefile,v 1.4 2008/02/23 15:47:28 ahze Exp $ + +PORTNAME= nss +PORTVERSION= ${_MAJOR}.${_MINOR}.${_PATCH} +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_MOZILLA} +MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src +DISTNAME= nss-${PORTVERSION}.with.ckbi.${CKBI_VER} + +MAINTAINER= [email protected] +COMMENT= Libraries to support development of security-enabled applications + +BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \ + nspr>=4.8.8:${PORTSDIR}/devel/nspr +LIB_DEPENDS= nspr4.1:${PORTSDIR}/devel/nspr \ + sqlite3.8:${PORTSDIR}/databases/sqlite3 + +_MAJOR= 3 +_MINOR= 12 +_PATCH= 11 + +CKBI_VER= 1.87 + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/mozilla/security/nss + +MAKE_JOBS_UNSAFE= yes +USE_LDCONFIG= ${PREFIX}/lib/nss +USE_GMAKE= yes +USE_PERL5_BUILD=yes +MAKE_ENV= BSD_LDOPTS="${PTHREAD_LIBS} -L${LOCALBASE}/lib" \ + BUILD_OPT=1 NSS_ENABLE_ECC=1 NSS_USE_SYSTEM_SQLITE=1 +ALL_TARGET= nss_build_all +CFLAGS+= -I${LOCALBASE}/include/nspr -L${LOCALBASE}/lib + +DIST= ${WRKSRC:H:H}/dist + +EXTERNALS= CVS dbm security/nss/cmd/zlib nsprpub security/dbm +EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ + ${EXTERNALS:C,^,--exclude ${DISTNAME}/mozilla/,} + +BINS=${DIST}/${OPSYS}${OSREL}_OPT.OBJ + +INSTALL_BINS= certcgi certutil checkcert cmsutil crlutil derdump makepqg \ + mangle modutil ocspclnt oidcalc p7content p7env p7sign \ + p7verify pk12util rsaperf shlibsign signtool signver \ + ssltap strsclnt symkeyutil vfychain vfyserv + +test: + cd ${WRKSRC}/tests; \ + ${SETENV} PATH="${BINS}/bin:${PATH}" \ + LD_LIBRARY_PATH="${BINS}/lib" \ + ./all.sh + @if ${GREP} -F '>Failed<' \ + ${WRKSRC:H:H}/tests_results/security/*/results.html; then \ + echo "Some tests have failed. Let ${MAINTAINER} know."; \ + exit 1; \ + else \ + echo "All tests succeeded. Good news."; \ + fi + +post-patch: + @${REINPLACE_CMD} -e "s|-pthread|${PTHREAD_LIBS}|g" \ + ${WRKSRC:H:H}/security/coreconf/FreeBSD.mk + @${SED} -e 's|@exec_prefix@|${PREFIX}|; \ + s|@includedir@|${PREFIX}/include/nss|; \ + s|@libdir@|${PREFIX}/lib/nss|; \ + s|@prefix@|${PREFIX}|' \ + ${FILESDIR}/nss-config.in >${WRKDIR}/nss-config + @${SED} -e 's|@PREFIX@|${PREFIX}|; s|@PORTVERSION@|${PORTVERSION}|' \ + ${FILESDIR}/nss.pc.in >${WRKDIR}/nss.pc +.for i in MAJOR MINOR PATCH + @${SED} -i.${i} -e 's|@${i}@|${_${i}}|' ${WRKDIR}/nss-config +.endfor + @cd ${WRKSRC} && \ + ${FIND} . -name "*.c" -o -name "*.h" | \ + ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|' + @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \ + ${WRKSRC}/lib/softoken/manifest.mn + +do-install: + ${MKDIR} ${PREFIX}/include/nss/nss ${PREFIX}/lib/nss + ${FIND} ${DIST}/public/nss -type l \ + -exec ${INSTALL_DATA} {} ${PREFIX}/include/nss/nss \; + ${INSTALL_DATA} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib/*.so.1 \ + ${PREFIX}/lib/nss + ${INSTALL_DATA} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib/libcrmf.a \ + ${PREFIX}/lib/nss +.for bin in ${INSTALL_BINS} + ${INSTALL_PROGRAM} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/bin/${bin} \ + ${PREFIX}/bin +.endfor + cd ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib && \ + ${TAR} -cf - *.so | ${TAR} --unlink -C ${PREFIX}/lib/nss -xf - + ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${PREFIX}/bin + ${INSTALL_DATA} ${WRKDIR}/nss.pc ${PREFIX}/libdata/pkgconfig + +.include <bsd.port.mk> Added: trunk/security/nss/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/distinfo Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,2 @@ +SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 4b84a7cd361bf2d14935d0f27681dd148cf3124edf558a271cfde8882f7f7020 +SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595 Added: trunk/security/nss/files/nss-config.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/nss-config.in Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,145 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MAJOR@ +minor_version=@MINOR@ +patch_version=@PATCH@ + +usage() +{ + cat <<EOF +Usage: nss-config [OPTIONS] [LIBRARIES] +Options: + [--prefix[=DIR]] + [--exec-prefix[=DIR]] + [--includedir[=DIR]] + [--libdir[=DIR]] + [--version] + [--libs] + [--cflags] +Dynamic Libraries: + nss + nssutil + ssl + smime +EOF + exit $1 +} + +if test $# -eq 0; then + usage 1 1>&2 +fi + +lib_ssl=yes +lib_smime=yes +lib_nss=yes +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + ssl) + lib_ssl=yes + ;; + smime) + lib_smime=yes + ;; + nss) + lib_nss=yes + ;; + nssutil) + lib_nssutil=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=@exec_prefix@ +fi +if test -z "$includedir"; then + includedir=@includedir@ +fi +if test -z "$libdir"; then + libdir=@libdir@ +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-L$libdir" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi + if test -n "$lib_smime"; then + libdirs="$libdirs -lsmime${major_version}" + fi + if test -n "$lib_nss"; then + libdirs="$libdirs -lnss${major_version}" + fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + Added: trunk/security/nss/files/nss.pc.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/nss.pc.in Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,11 @@ +prefix=@PREFIX@ +exec_prefix=@PREFIX@ +libdir=@PREFIX@/lib/nss +includedir=@PREFIX@/include + +Name: NSS +Description: Mozilla Network Security Services +Version: @PORTVERSION@ +Requires: nspr +Libs: -L${libdir} -lnss3 -lsmime3 -lssl3 -lnssutil3 +Cflags: -I${includedir}/nss -I${includedir}/nss/nss Added: trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-..::coreconf::FreeBSD.mk Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,76 @@ +--- ../../security/coreconf/FreeBSD.mk.orig 2009-08-22 07:33:09.000000000 +0200 ++++ ../../security/coreconf/FreeBSD.mk 2010-03-28 23:01:33.000000000 +0200 +@@ -37,9 +37,9 @@ + + include $(CORE_DEPTH)/coreconf/UNIX.mk + +-DEFAULT_COMPILER = gcc +-CC = gcc +-CCC = g++ ++DEFAULT_COMPILER = $(CC) ++CC ?= gcc ++CCC = $(CXX) + RANLIB = ranlib + + CPU_ARCH = $(OS_TEST) +@@ -50,7 +50,26 @@ + CPU_ARCH = x86 + endif + ifeq ($(CPU_ARCH),amd64) +-CPU_ARCH = x86_64 ++CPU_ARCH = amd64 ++USE_64 = 1 ++endif ++ifeq ($(OS_TEST),alpha) ++CPU_ARCH = alpha ++endif ++ifeq ($(OS_TEST),powerpc64) ++CPU_ARCH = powerpc ++USE_64 = 1 ++endif ++ifeq ($(OS_TEST),powerpc) ++CPU_ARCH = powerpc ++endif ++ifeq ($(OS_TEST),sparc64) ++CPU_ARCH = sparc64 ++USE_64 = 1 ++endif ++ifeq ($(OS_TEST),ia64) ++CPU_ARCH = ia64 ++USE_64 = 1 + endif + + OS_CFLAGS = $(DSO_CFLAGS) -ansi -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK +@@ -65,20 +80,18 @@ + USE_PTHREADS = 1 + DEFINES += -D_THREAD_SAFE -D_REENTRANT + OS_LIBS += -pthread +-DSO_LDOPTS += -pthread ++DSO_LDOPTS += $(BSD_LDOPTS) + endif + + ARCH = freebsd + +-MOZ_OBJFORMAT := $(shell test -x /usr/bin/objformat && /usr/bin/objformat || echo elf) ++DLL_SUFFIX = so.1 + +-ifeq ($(MOZ_OBJFORMAT),elf) +-DLL_SUFFIX = so ++ifneq (,$(filter alpha ia64,$(OS_TEST))) ++MKSHLIB = $(CC) -Wl,-Bsymbolic -lc $(DSO_LDOPTS) + else +-DLL_SUFFIX = so.1.0 ++MKSHLIB = $(CC) -Wl,-Bsymbolic $(DSO_LDOPTS) + endif +- +-MKSHLIB = $(CC) $(DSO_LDOPTS) + ifdef MAPFILE + MKSHLIB += -Wl,--version-script,$(MAPFILE) + endif +@@ -87,4 +100,5 @@ + + G++INCLUDES = -I/usr/include/g++ + +-INCLUDES += -I/usr/X11R6/include ++USE_SYSTEM_ZLIB = 1 ++ZLIB_LIBS = -lz Added: trunk/security/nss/files/patch-..::coreconf::command.mk ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-..::coreconf::command.mk Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,9 @@ +--- ../coreconf/command.mk Mon Oct 10 19:46:12 2005 ++++ ../coreconf/command.mk Wed Jan 18 17:23:28 2006 +@@ -46,5 +46,5 @@ + LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) + LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS) +-CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ ++CFLAGS += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ + $(XCFLAGS) + RANLIB = echo Added: trunk/security/nss/files/patch-..::coreconf::rules.mk ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-..::coreconf::rules.mk Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,10 @@ +--- ../coreconf/rules.mk.orig Sat Jan 6 00:48:54 2007 ++++ ../coreconf/rules.mk Fri Mar 23 10:15:46 2007 +@@ -114,6 +114,7 @@ + endif + ifdef SHARED_LIBRARY + $(INSTALL) -m 775 $(SHARED_LIBRARY) $(SOURCE_LIB_DIR) ++ ln -sf $(notdir $(SHARED_LIBRARY)) $(SOURCE_LIB_DIR)/$(notdir $(SHARED_LIBRARY:.so.1=.so)) + ifdef MOZ_DEBUG_SYMBOLS + ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) + $(INSTALL) -m 644 $(SHARED_LIBRARY:$(DLL_SUFFIX)=pdb) $(SOURCE_LIB_DIR) Added: trunk/security/nss/files/patch-.._coreconf_arch.mk ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-.._coreconf_arch.mk Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,11 @@ +--- ../coreconf/arch.mk.orig 2011-03-03 18:13:52.000000000 +0100 ++++ ../coreconf/arch.mk 2011-03-03 18:14:09.000000000 +0100 +@@ -66,7 +66,7 @@ + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST := $(shell uname -p) + ifeq ($(OS_TEST),i86pc) + OS_RELEASE := $(shell uname -r)_$(OS_TEST) + else Added: trunk/security/nss/files/patch-Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-Makefile Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,11 @@ +--- Makefile.orig Thu Apr 14 20:28:40 2005 ++++ Makefile Tue Aug 30 15:32:11 2005 +@@ -78,7 +78,7 @@ + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +-nss_build_all: build_coreconf build_nspr build_dbm all ++nss_build_all: build_coreconf all + + build_coreconf: + cd $(CORE_DEPTH)/coreconf ; $(MAKE) Added: trunk/security/nss/files/patch-const ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-const Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,46 @@ +--- cmd/modutil/modutil.h Sun Apr 25 11:02:47 2004 ++++ cmd/modutil/modutil.h Fri Jul 22 17:35:20 2005 +@@ -53,6 +53,6 @@ + #include "error.h" + +-Error FipsMode(char *arg); +-Error ChkFipsMode(char *arg); ++Error FipsMode(const char *arg); ++Error ChkFipsMode(const char *arg); + Error AddModule(char *moduleName, char *libFile, char *ciphers, + char *mechanisms, char* modparms); +--- cmd/modutil/pk11.c Sun Apr 25 11:02:47 2004 ++++ cmd/modutil/pk11.c Fri Jul 22 17:36:48 2005 +@@ -53,5 +53,5 @@ + */ + Error +-FipsMode(char *arg) ++FipsMode(const char *arg) + { + char *internal_name; +@@ -62,14 +62,16 @@ + SECMOD_GetInternalModule()->commonName); + if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { +- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); ++ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name); + PR_smprintf_free(internal_name); + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } +- PR_smprintf_free(internal_name); + if (!PK11_IsFIPS()) { ++ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name); ++ PR_smprintf_free(internal_name); + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } ++ PR_smprintf_free(internal_name); + PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); + } else { +@@ -112,5 +114,5 @@ + */ + Error +-ChkFipsMode(char *arg) ++ChkFipsMode(const char *arg) + { + if(!PORT_Strcasecmp(arg, "true")) { Added: trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-lib_freebl_mpi_mpcpucache.c Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,43 @@ +--- lib/freebl/mpi/mpcpucache.c.orig 2010-06-11 22:39:33.000000000 +0200 ++++ lib/freebl/mpi/mpcpucache.c 2010-06-11 22:40:20.000000000 +0200 +@@ -733,6 +733,32 @@ s_mpi_getProcessorLineSize() + #endif + + #if defined(__ppc64__) ++ ++#if defined(__FreeBSD__) ++#include <sys/stddef.h> ++#include <sys/sysctl.h> ++ ++#include <machine/cpu.h> ++#include <machine/md_var.h> ++ ++unsigned long ++s_mpi_getProcessorLineSize() ++{ ++ static int cacheline_size = 0; ++ static int cachemib[] = { CTL_MACHDEP, CPU_CACHELINE }; ++ int clen; ++ ++ if (cacheline_size > 0) ++ return cacheline_size; ++ ++ clen = sizeof(cacheline_size); ++ if (sysctl(cachemib, sizeof(cachemib) / sizeof(cachemib[0]), ++ &cacheline_size, &clen, NULL, 0) < 0 || !cacheline_size) ++ return 128; /* guess */ ++ ++ return cacheline_size; ++} ++#else + /* + * Sigh, The PPC has some really nice features to help us determine cache + * size, since it had lots of direct control functions to do so. The POWER +@@ -785,6 +811,7 @@ s_mpi_getProcessorLineSize() + } + return 0; + } ++#endif + + #define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1 + #endif Added: trunk/security/nss/files/patch-lib_softoken_manifest.mn ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-lib_softoken_manifest.mn Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,13 @@ +--- lib/softoken/manifest.mn.orig 2010-07-30 04:33:26.000000000 +0200 ++++ lib/softoken/manifest.mn 2010-10-17 12:01:04.000000000 +0200 +@@ -47,9 +47,7 @@ + + DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" + +-ifdef SQLITE_INCLUDE_DIR +-INCLUDES += -I$(SQLITE_INCLUDE_DIR) +-endif ++INCLUDES += -I$(LOCALBASE)/include + + EXPORTS = \ + secmodt.h \ Added: trunk/security/nss/files/patch-lib_softoken_pkcs11c.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-lib_softoken_pkcs11c.c Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,22 @@ +--- lib/softoken/pkcs11c.c.orig 2010-05-05 14:36:05.000000000 +0000 ++++ lib/softoken/pkcs11c.c 2010-05-05 14:37:25.000000000 +0000 +@@ -4602,9 +4602,6 @@ + break; + case NSSLOWKEYDSAKey: + keyType = CKK_DSA; +- crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : +- CKR_KEY_TYPE_INCONSISTENT; +- if(crv != CKR_OK) break; + crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, + sizeof(keyType)); + if(crv != CKR_OK) break; +@@ -4638,9 +4635,6 @@ + #ifdef NSS_ENABLE_ECC + case NSSLOWKEYECKey: + keyType = CKK_EC; +- crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : +- CKR_KEY_TYPE_INCONSISTENT; +- if(crv != CKR_OK) break; + crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, + sizeof(keyType)); + if(crv != CKR_OK) break; Added: trunk/security/nss/files/patch-sysdb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-sysdb Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,138 @@ +--- lib/softoken/legacydb/cdbhdl.h.orig 2009-08-31 12:33:12.000000000 +0200 ++++ lib/softoken/legacydb/cdbhdl.h 2009-08-31 12:33:36.000000000 +0200 +@@ -43,7 +43,8 @@ + #define _CDBHDL_H_ + + #include "nspr.h" +-#include "mcom_db.h" ++#include <db.h> ++#include <fcntl.h> + #include "pcertt.h" + #include "prtypes.h" + + +--- lib/softoken/legacydb/dbmshim.c.orig 2009-08-31 10:40:23.000000000 +0200 ++++ lib/softoken/legacydb/dbmshim.c 2009-08-31 10:40:35.000000000 +0200 +@@ -39,7 +39,8 @@ + * + * $Id: dbmshim.c,v 1.2 2007/06/13 00:24:57 rrelyea%redhat.com Exp $ + */ +-#include "mcom_db.h" ++#include <db.h> ++#include <fcntl.h> + #include "secitem.h" + #include "nssb64.h" + #include "blapi.h" +--- lib/softoken/legacydb/keydb.c.orig 2009-08-31 10:40:04.000000000 +0200 ++++ lib/softoken/legacydb/keydb.c 2009-08-31 10:40:08.000000000 +0200 +@@ -43,7 +43,6 @@ + #include "blapi.h" + #include "secitem.h" + #include "pcert.h" +-#include "mcom_db.h" + #include "secerr.h" + + #include "keydbi.h" +--- lib/softoken/legacydb/keydbi.h.orig 2009-08-31 12:33:17.000000000 +0200 ++++ lib/softoken/legacydb/keydbi.h 2009-08-31 12:34:13.000000000 +0200 +@@ -43,5 +43,5 @@ + + #include "nspr.h" + #include "seccomon.h" +-#include "mcom_db.h" ++#include <db.h> + + /* + * Handle structure for open key databases +--- lib/softoken/legacydb/pcertdb.c.orig 2009-08-31 10:40:52.000000000 +0200 ++++ lib/softoken/legacydb/pcertdb.c 2009-08-31 10:41:26.000000000 +0200 +@@ -41,7 +41,8 @@ + */ + #include "lowkeyti.h" + #include "pcert.h" +-#include "mcom_db.h" ++#include <db.h> ++#include <fcntl.h> + #include "pcert.h" + #include "secitem.h" + #include "secder.h" +--- lib/softoken/legacydb/pk11db.c.orig 2009-08-31 10:40:57.000000000 +0200 ++++ lib/softoken/legacydb/pk11db.c 2009-08-31 10:41:55.000000000 +0200 +@@ -41,7 +41,8 @@ + + #include "pk11pars.h" + #include "lgdb.h" +-#include "mcom_db.h" ++#include <db.h> ++#include <fcntl.h> + #include "secerr.h" + + #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } +--- lib/ckfw/dbm/ckdbm.h.orig 2009-08-31 10:46:00.000000000 +0200 ++++ lib/ckfw/dbm/ckdbm.h 2009-08-31 10:46:22.000000000 +0200 +@@ -59,7 +59,7 @@ + #include "ckt.h" + #endif /* CKT_H */ + +-#include "mcom_db.h" ++#include <db.h> + + NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; + +--- lib/softoken/legacydb/config.mk.orig 2009-08-31 12:39:49.000000000 +0200 ++++ lib/softoken/legacydb/config.mk 2009-08-31 12:40:03.000000000 +0200 +@@ -40,10 +40,6 @@ + + EXTRA_LIBS += $(CRYPTOLIB) + +-ifndef NSS_DISABLE_DBM +-EXTRA_LIBS += $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) +-endif +- + # can't do this in manifest.mn because OS_TARGET isn't defined there. + ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +--- lib/certdb/xauthkid.c.orig 2009-08-31 12:43:13.000000000 +0200 ++++ lib/certdb/xauthkid.c 2009-08-31 12:44:21.000000000 +0200 +@@ -39,7 +39,7 @@ + * + */ + +-#include "prtypes.h" ++#include <prtypes.h> + #include "seccomon.h" + #include "secdert.h" + #include "secoidt.h" +--- lib/certdb/xbsconst.c.orig 2009-08-31 12:43:22.000000000 +0200 ++++ lib/certdb/xbsconst.c 2009-08-31 12:44:41.000000000 +0200 +@@ -38,7 +38,7 @@ + * X.509 v3 Basic Constraints Extension + */ + +-#include "prtypes.h" ++#include <prtypes.h> + #include <limits.h> /* for LONG_MAX */ + #include "seccomon.h" + #include "secdert.h" +--- lib/certdb/xconst.c.orig 2009-08-31 12:43:46.000000000 +0200 ++++ lib/certdb/xconst.c 2009-08-31 12:44:50.000000000 +0200 +@@ -38,7 +38,7 @@ + * X.509 Extension Encoding + */ + +-#include "prtypes.h" ++#include <prtypes.h> + #include "seccomon.h" + #include "secdert.h" + #include "secoidt.h" +--- cmd/platlibs.mk.orig 2009-08-31 12:57:13.000000000 +0200 ++++ cmd/platlibs.mk 2009-08-31 12:57:29.000000000 +0200 +@@ -85,7 +85,7 @@ + ifdef NSS_DISABLE_DBM + DBMLIB = $(NULL) + else +-DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) ++DBMLIB = $(NULL) + endif + + ifdef USE_STATIC_LIBS Added: trunk/security/nss/files/patch-tests ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/files/patch-tests Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,10 @@ +--- tests/common/init.sh Mon Apr 11 22:24:17 2005 ++++ tests/common/init.sh Fri Jul 22 16:55:36 2005 +@@ -197,5 +197,6 @@ + case $HOST in + *\.*) +- HOST=`echo $HOST | sed -e "s/\..*//"` ++ DOMSUF=${HOST#*.} # remove Smallest Prefix matching ``*.'' ++ HOST=${HOST%%.*} # remove Largest Suffix ``.*''. See sh(1) + ;; + ?*) Added: trunk/security/nss/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/pkg-descr Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,7 @@ +Network Security Services (NSS) is a set of libraries designed to support +cross-platform development of security-enabled server applications. +Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, +PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security +standards. + +WWW: http://www.mozilla.org/projects/security/pki/nss/ Added: trunk/security/nss/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/security/nss/pkg-plist Wed Oct 19 17:21:47 2011 (r659) @@ -0,0 +1,138 @@ +bin/certcgi +bin/certutil +bin/checkcert +bin/cmsutil +bin/crlutil +bin/derdump +bin/makepqg +bin/mangle +bin/modutil +bin/nss-config +bin/ocspclnt +bin/oidcalc +bin/p7content +bin/p7env +bin/p7sign +bin/p7verify +bin/pk12util +bin/rsaperf +bin/shlibsign +bin/signtool +bin/signver +bin/ssltap +bin/strsclnt +bin/symkeyutil +bin/vfychain +bin/vfyserv +include/nss/nss/base64.h +include/nss/nss/blapit.h +include/nss/nss/cert.h +include/nss/nss/certdb.h +include/nss/nss/certt.h +include/nss/nss/ciferfam.h +include/nss/nss/cmmf.h +include/nss/nss/cmmft.h +include/nss/nss/cms.h +include/nss/nss/cmsreclist.h +include/nss/nss/cmst.h +include/nss/nss/crmf.h +include/nss/nss/crmft.h +include/nss/nss/cryptohi.h +include/nss/nss/cryptoht.h +include/nss/nss/ecl-exp.h +include/nss/nss/hasht.h +include/nss/nss/jar-ds.h +include/nss/nss/jar.h +include/nss/nss/jarfile.h +include/nss/nss/key.h +include/nss/nss/keyhi.h +include/nss/nss/keyt.h +include/nss/nss/keythi.h +include/nss/nss/nss.h +include/nss/nss/nssb64.h +include/nss/nss/nssb64t.h +include/nss/nss/nssbase.h +include/nss/nss/nssbaset.h +include/nss/nss/nssck.api +include/nss/nss/nssckbi.h +include/nss/nss/nssckepv.h +include/nss/nss/nssckft.h +include/nss/nss/nssckfw.h +include/nss/nss/nssckfwc.h +include/nss/nss/nssckfwt.h +include/nss/nss/nssckg.h +include/nss/nss/nssckmdt.h +include/nss/nss/nssckt.h +include/nss/nss/nssilckt.h +include/nss/nss/nssilock.h +include/nss/nss/nsslocks.h +include/nss/nss/nssrwlk.h +include/nss/nss/nssrwlkt.h +include/nss/nss/nssutil.h +include/nss/nss/ocsp.h +include/nss/nss/ocspt.h +include/nss/nss/p12.h +include/nss/nss/p12plcy.h +include/nss/nss/p12t.h +include/nss/nss/pk11func.h +include/nss/nss/pk11pqg.h +include/nss/nss/pk11priv.h +include/nss/nss/pk11pub.h +include/nss/nss/pk11sdr.h +include/nss/nss/pkcs11.h +include/nss/nss/pkcs11f.h +include/nss/nss/pkcs11n.h +include/nss/nss/pkcs11p.h +include/nss/nss/pkcs11t.h +include/nss/nss/pkcs11u.h +include/nss/nss/pkcs12.h +include/nss/nss/pkcs12t.h +include/nss/nss/pkcs7t.h +include/nss/nss/portreg.h +include/nss/nss/preenc.h +include/nss/nss/secasn1.h +include/nss/nss/secasn1t.h +include/nss/nss/seccomon.h +include/nss/nss/secder.h +include/nss/nss/secdert.h +include/nss/nss/secdig.h +include/nss/nss/secdigt.h +include/nss/nss/secerr.h +include/nss/nss/sechash.h +include/nss/nss/secitem.h +include/nss/nss/secmime.h +include/nss/nss/secmod.h +include/nss/nss/secmodt.h +include/nss/nss/secoid.h +include/nss/nss/secoidt.h +include/nss/nss/secpkcs5.h +include/nss/nss/secpkcs7.h +include/nss/nss/secport.h +include/nss/nss/shsign.h +include/nss/nss/smime.h +include/nss/nss/ssl.h +include/nss/nss/sslerr.h +include/nss/nss/sslproto.h +include/nss/nss/sslt.h +include/nss/nss/utilrename.h +lib/nss/libcrmf.a +lib/nss/libfreebl3.so +lib/nss/libfreebl3.so.1 +lib/nss/libnss3.so +lib/nss/libnss3.so.1 +lib/nss/libnssckbi.so +lib/nss/libnssckbi.so.1 +lib/nss/libnssdbm3.so +lib/nss/libnssdbm3.so.1 +lib/nss/libnssutil3.so +lib/nss/libnssutil3.so.1 +lib/nss/libsmime3.so +lib/nss/libsmime3.so.1 +lib/nss/libsoftokn3.so +lib/nss/libsoftokn3.so.1 +lib/nss/libssl3.so +lib/nss/libssl3.so.1 +libdata/pkgconfig/nss.pc +@dirrm lib/nss +@dirrm include/nss/nss +@dirrm include/nss _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-gecko To unsubscribe, send any mail to "[email protected]"
