# Contributor: Ɓukasz Jendrysik # Maintainer: Natanael Copa pkgname=nss pkgver=3.41 _ver=${pkgver//./_} pkgrel=0 pkgdesc="Mozilla Network Security Services" url="http://www.mozilla.org/projects/security/pki/nss/" arch="all" license="MPL GPL" options="!check" depends= depends_dev="nspr-dev" makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers" subpackages="$pkgname-static $pkgname-dev $pkgname-tools" source="https://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${pkgver//./_}_RTM/src/$pkgname-$pkgver.tar.gz nss.pc.in nss-util.pc.in nss-softokn.pc.in nss-config.in add_spi+cacert_ca_certs.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 3.41-r0: # - CVE-2018-12404 # 3.39-r0: # - CVE-2018-12384 prepare() { default_prepare # Respect LDFLAGS sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \ "$builddir"/nss/coreconf/rules.mk } build() { cd "$builddir" unset CFLAGS unset CXXFLAGS export BUILD_OPT=1 export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 export FREEBL_NO_DEPEND=0 export NSS_USE_SYSTEM_SQLITE=1 export NSS_ENABLE_WERROR=0 export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'` export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'` case "$CARCH" in *64* | s390x) export USE_64=1;; esac make -j 1 -C nss/coreconf make -j 1 -C nss/lib/dbm make -j 1 -C nss } package() { replaces="nss-dev libnss" cd "$builddir" install -m755 -d "$pkgdir"/usr/lib/pkgconfig install -m755 -d "$pkgdir"/usr/bin install -m755 -d "$pkgdir"/usr/include/nss/private NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h ` msg "DEBUG: $NSS_VMAJOR" NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h` NSS_VPATCH=`awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h` # pkgconfig files local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do sed "$srcdir"/${_pc}.in \ -e "s,%libdir%,/usr/lib,g" \ -e "s,%prefix%,/usr,g" \ -e "s,%exec_prefix%,/usr/bin,g" \ -e "s,%includedir%,/usr/include/nss,g" \ -e "s,%SOFTOKEN_VERSION%,$pkgver,g" \ -e "s,%NSPR_VERSION%,$pkgver,g" \ -e "s,%NSS_VERSION%,$pkgver,g" \ -e "s,%NSSUTIL_VERSION%,$pkgver,g" \ > "$pkgdir"/usr/lib/pkgconfig/${_pc} done ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc # nss-config sed "$srcdir"/nss-config.in \ -e "s,@libdir@,/usr/lib,g" \ -e "s,@prefix@,/usr/bin,g" \ -e "s,@exec_prefix@,/usr/bin,g" \ -e "s,@includedir@,/usr/include/nss,g" \ -e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \ -e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \ -e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \ > "$pkgdir"/usr/bin/nss-config chmod 755 "$pkgdir"/usr/bin/nss-config local minor=${pkgver#*.} minor=${minor%.*} for file in $(find dist/*.OBJ/lib -name "*.so"); do install -m755 $file \ "$pkgdir"/usr/lib/${file##*/}.$minor ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/} done install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/ install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/ for file in certutil cmsutil crlutil modutil pk12util shlibsign \ signtool signver ssltap; do install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/ done install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/ install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/ } static() { pkgdesc="Static libraries for nss" mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ # remove libssl.a which conflicts with libressl rm "$subpkgdir"/usr/lib/libssl.a } dev() { # we cannot use default_dev because we need the .so symlinks in main package local i= j= pkgdesc="Development files for nss" depends="$pkgname $depends_dev" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin cd "$pkgdir" for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then d="$subpkgdir/${i%/*}" # dirname $i mkdir -p "$d" mv "$pkgdir/$i" "$d" rmdir "$pkgdir/${i%/*}" 2>/dev/null || true fi done mv "$pkgdir"/usr/lib/libgtest1.* "$pkgdir"/usr/lib/libnsssysinit.* \ "$subpkgdir"/usr/lib } tools() { pkgdesc="Tools for the Network Security Services" replaces="nss" mkdir -p "$subpkgdir"/usr/ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } sha512sums="b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114 nss-3.41.tar.gz 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in 0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in 09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in 6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16 add_spi+cacert_ca_certs.patch"