1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.23
_ver=${pkgver//./_}
pkgrel=1
pkgdesc="Mozilla Network Security Services"
url="http://www.mozilla.org/projects/security/pki/nss/"
arch="all"
license="MPL GPL"
depends=
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers"
subpackages="$pkgname-dev $pkgname-tools"
source="http://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src/$pkgname-$pkgver.tar.gz
nss.pc.in
nss-config.in
add_spi+cacert_ca_certs.patch
CVE-2017-5461.patch
CVE-2017-5462.patch
"
depends_dev="nspr-dev"
# secfixes:
# 3.23-r1:
# - CVE-2017-5461
# - CVE-2017-5462
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
nss/coreconf/rules.mk
}
build() {
cd "$_builddir"
unset CFLAGS
unset CXXFLAGS
export BUILD_OPT=1
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export FREEBL_NO_DEPEND=0
export NSS_USE_SYSTEM_SQLITE=1
export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'`
export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'`
if [ "$CARCH" = "x86_64" ]; then
export USE_64=1
fi
make -j 1 -C nss/coreconf || return 1
make -j 1 -C nss/lib/dbm || return 1
make -j 1 -C nss || return 1
}
package() {
replaces="nss-dev libnss"
cd "$_builddir"
install -m755 -d "$pkgdir"/usr/lib/pkgconfig
install -m755 -d "$pkgdir"/usr/bin
install -m755 -d "$pkgdir"/usr/include/nss
NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h `
msg "DEBUG: $NSS_VMAJOR"
NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h`
NSS_VPATCH=`awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h`
# pkgconfig files
sed "$srcdir"/nss.pc.in \
-e "s,%libdir%,/usr/lib,g" \
-e "s,%prefix%,/usr,g" \
-e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \
-e "s,%NSPR_VERSION%,$pkgver,g" \
-e "s,%NSS_VERSION%,$pkgver,g" \
> "$pkgdir"/usr/lib/pkgconfig/nss.pc \
|| return 1
ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc || return 1
chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc || return 1
# nss-config
sed "$srcdir"/nss-config.in \
-e "s,@libdir@,/usr/lib,g" \
-e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
> "$pkgdir"/usr/bin/nss-config || return 1
chmod 755 "$pkgdir"/usr/bin/nss-config || return 1
local minor=${pkgver#*.}
minor=${minor%.*}
for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so; do
install -m755 dist/*.OBJ/lib/${file} \
"$pkgdir"/usr/lib/${file}.$minor || return 1
ln -s $file.$minor "$pkgdir"/usr/lib/$file
done
install -m644 dist/*.OBJ/lib/libcrmf.a "$pkgdir"/usr/lib/ \
|| return 1
install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/ \
|| return 1
for file in certutil cmsutil crlutil modutil pk12util shlibsign \
signtool signver ssltap; do
install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/\
|| return 1
done
install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/ \
|| return 1
}
dev() {
local i= j=
depends="$pkgname $depends_dev"
mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin
cd "$pkgdir" || return 0
for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
d="$subpkgdir/${i%/*}" # dirname $i
mkdir -p "$d"
mv "$pkgdir/$i" "$d"
rmdir "$pkgdir/${i%/*}" 2>/dev/null
fi
done
return 0
}
tools() {
pkgdesc="Tools for the Network Security Services"
replaces="nss"
mkdir -p "$subpkgdir"/usr/
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
md5sums="21c3fed84441b2ab4c50ac626f6517e7 nss-3.23.tar.gz
c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in
46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in
981e0df9e9cb7a9426b316f68911fb17 add_spi+cacert_ca_certs.patch
84cc1a457563f2bfce14adb5f7c21031 CVE-2017-5461.patch
0be3456e1b5f48e2b2821bd8e5a7a468 CVE-2017-5462.patch"
sha256sums="94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf nss-3.23.tar.gz
b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd nss.pc.in
e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9 nss-config.in
592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e add_spi+cacert_ca_certs.patch
687d4a16be13c746cb9df6cbbd7fccf342052be429a1632ef1d4fc35ed9ce852 CVE-2017-5461.patch
d47e2e934f71681c75df5b7ebb84823a4b9dc1e0d100e37428eed814a258c525 CVE-2017-5462.patch"
sha512sums="f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 nss-3.23.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in
6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16 add_spi+cacert_ca_certs.patch
a0096ef23690177209a578c537625f734f9728c60a46dc135e708ca9319799514d954e1383ceb8b2dd2b55ab38fb1dcd070e2b2dab1ab66aeacf172e7a353e2c CVE-2017-5461.patch
ab4a290074e9dc742774c3cab7d49b0b53189121b840643c9fd244c165e6c7edb617b9999525ee457346c36949abc45f8b9f4ca8e6f037cd77947d41d637604d CVE-2017-5462.patch"
|
