1 files changed, 76 insertions, 78 deletions

diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index 5ce35a21169..d26d36a891a 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -1,28 +1,52 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Rasmus Thomsen <oss@cogitri.dev>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=nss
-pkgver=3.47.1
-_ver=${pkgver//./_}
+pkgver=3.99
 pkgrel=0
 pkgdesc="Mozilla Network Security Services"
 url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
 arch="all"
-license="MPL GPL"
-options="!check" # failing tests
-depends=
+license="MPL-2.0"
 depends_dev="nspr-dev"
-makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
-subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
-source="https://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${pkgver//./_}_RTM/src/$pkgname-$pkgver.tar.gz
+makedepends="
+	$depends_dev
+	bash
+	bsd-compat-headers
+	linux-headers
+	gyp
+	perl
+	sqlite-dev
+	zlib-dev
+	"
+subpackages="$pkgname-dev $pkgname-tools"
+source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
+	gyp-config.patch
+	no-werror.patch
 	nss.pc.in
 	nss-util.pc.in
 	nss-softokn.pc.in
 	nss-config.in
-	add_spi+cacert_ca_certs.patch
 	"
-builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   3.98-r0:
+#     - CVE-2023-5388
+#   3.76.1-r0:
+#     - CVE-2022-1097
+#   3.73-r0:
+#     - CVE-2021-43527
+#   3.58-r0:
+#     - CVE-2020-25648
+#   3.55-r0:
+#     - CVE-2020-12400
+#     - CVE-2020-12401
+#     - CVE-2020-12403
+#     - CVE-2020-6829
+#   3.53.1-r0:
+#     - CVE-2020-12402
+#   3.49-r0:
+#     - CVE-2019-17023
 #   3.47.1-r0:
 #     - CVE-2019-11745
 #   3.41-r0:
@@ -30,117 +54,90 @@ builddir="$srcdir/$pkgname-$pkgver"
 #   3.39-r0:
 #     - CVE-2018-12384
 
-prepare() {
-	default_prepare
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
-		"$builddir"/nss/coreconf/rules.mk
-}
-
 build() {
-	cd "$builddir"
-	unset CFLAGS
-	unset CXXFLAGS
-	export BUILD_OPT=1
-	export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
-	export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-	export FREEBL_NO_DEPEND=0
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSS_ENABLE_WERROR=0
-	export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'`
-	export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'`
-	case "$CARCH" in
-		*64* | s390x) export USE_64=1;;
-	esac
-	make -j 1 -C nss/coreconf
-	make -j 1 -C nss/lib/dbm
-	make -j 1 -C nss
+	cd nss
+	CFLAGS="$CFLAGS -O2 -flto=auto" \
+	CXXFLAGS="$CXXFLAGS -O2 -flto=auto" \
+	./build.sh \
+		--opt \
+		--system-nspr \
+		--system-sqlite \
+		--enable-libpkix
 }
 
 check() {
-	HOST=localhost DOMSUF=localdomain sh "$builddir/nss/tests/all.sh"
+	cd nss/tests
+	# other tests are failing for some reason and prompt an interactive password
+	export NSS_TESTS="cipher lowhash libpkix"
+	export NSS_CYCLES=standard
+	HOST=localhost DOMSUF=localdomain bash ./all.sh
 }
 
 package() {
 	replaces="nss-dev libnss"
 
-	cd "$builddir"
-
-	install -m755 -d "$pkgdir"/usr/lib/pkgconfig
-	install -m755 -d "$pkgdir"/usr/bin
-	install -m755 -d "$pkgdir"/usr/include/nss/private
-
-	NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h `
-	msg "DEBUG: $NSS_VMAJOR"
-	NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h`
-	NSS_VPATCH=`awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h`
+	local nss_vmajor=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
+	local nss_vminor=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
+	local nss_vpatch=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
+	local nspr_version="$(pkg-config --modversion nspr)"
 
 	# pkgconfig files
+	mkdir -p "$pkgdir"/usr/lib/pkgconfig
 	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
-		sed "$srcdir"/${_pc}.in \
+		sed "$srcdir"/$_pc.in \
 			-e "s,%libdir%,/usr/lib,g" \
 			-e "s,%prefix%,/usr,g" \
 			-e "s,%exec_prefix%,/usr/bin,g" \
 			-e "s,%includedir%,/usr/include/nss,g" \
 			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
-			-e "s,%NSPR_VERSION%,$pkgver,g" \
+			-e "s,%NSPR_VERSION%,$nspr_version,g" \
 			-e "s,%NSS_VERSION%,$pkgver,g" \
 			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
-			> "$pkgdir"/usr/lib/pkgconfig/${_pc}
+			> "$pkgdir"/usr/lib/pkgconfig/$_pc
 	done
 	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
 	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc
 
 	# nss-config
+	mkdir -p "$pkgdir"/usr/bin
 	sed "$srcdir"/nss-config.in \
 		-e "s,@libdir@,/usr/lib,g" \
 		-e "s,@prefix@,/usr/bin,g" \
 		-e "s,@exec_prefix@,/usr/bin,g" \
 		-e "s,@includedir@,/usr/include/nss,g" \
-		-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
-		-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
-		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
+		-e "s,@MOD_MAJOR_VERSION@,${nss_vmajor},g" \
+		-e "s,@MOD_MINOR_VERSION@,${nss_vminor},g" \
+		-e "s,@MOD_PATCH_VERSION@,${nss_vpatch},g" \
 		> "$pkgdir"/usr/bin/nss-config
 	chmod 755 "$pkgdir"/usr/bin/nss-config
+
 	local minor=${pkgver#*.}
 	minor=${minor%.*}
-	for file in $(find dist/*.OBJ/lib -name "*.so"); do
-		install -m755 $file \
+	find dist/Release/lib -name "*.so" | while IFS= read -r file; do
+		install -Dm755 $file \
 			"$pkgdir"/usr/lib/${file##*/}.$minor
 		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
 	done
-	install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
-	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/
 
 	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
 			signtool signver ssltap; do
-		install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/
+		install -Dm755 dist/Release/bin/$file -t "$pkgdir"/usr/bin/
 	done
-	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
-	install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
-}
 
-static() {
-	pkgdesc="Static libraries for nss"
-	mkdir -p "$subpkgdir"/usr/lib
-	mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
-
-	# remove libssl.a which conflicts with libressl
-	rm "$subpkgdir"/usr/lib/libssl.a
+	install -Dm644 dist/public/nss/*.h -t "$pkgdir"/usr/include/nss/
+	install -Dm644 dist/private/nss/blapi.h dist/private/nss/alghmac.h -t "$pkgdir"/usr/include/nss/private/
 }
 
 dev() {
 	# we cannot use default_dev because we need the .so symlinks in main package
-	local i= j=
+	local i
 	pkgdesc="Development files for nss"
-	depends="$pkgname $depends_dev"
+	depends="$pkgname=$pkgver-r$pkgrel $depends_dev"
 
-	mkdir -p "$subpkgdir"/usr/bin
-	mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin
+	amove usr/bin/nss-config
 
 	cd "$pkgdir"
-	for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
+	for i in usr/include usr/lib/pkgconfig; do
 		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
 			d="$subpkgdir/${i%/*}"  # dirname $i
 			mkdir -p "$d"
@@ -148,20 +145,21 @@ dev() {
 			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
 		fi
 	done
-	mv "$pkgdir"/usr/lib/libgtest1.* "$pkgdir"/usr/lib/libnsssysinit.* \
-		"$subpkgdir"/usr/lib
 }
 
 tools() {
 	pkgdesc="Tools for the Network Security Services"
 	replaces="nss"
-	mkdir -p "$subpkgdir"/usr/
-	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+
+	amove usr/bin
 }
 
-sha512sums="ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9  nss-3.47.1.tar.gz
+sha512sums="
+8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32  nss-3.99.tar.gz
+fba19cc35986dde6e5994ce67ab29fb4417814e12d6ae82c406600832eb8db79a0fdea4fd5eb6c5e77d565bfebb9e154e190796f67c06097ddae1539084243bb  gyp-config.patch
+20046e6adf3d1cfcd8ddf2b92fe3f79678d569c653d26126dde6a967ab6c90a798b9a6bb6351f82d49dbd751d0637c5e46aa98dbe7342c8cd604c7e3dc8ce48a  no-werror.patch
 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
 0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
 09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
-6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch"
+"