1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.99
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL-2.0"
depends_dev="nspr-dev"
makedepends="
$depends_dev
bash
bsd-compat-headers
linux-headers
gyp
perl
sqlite-dev
zlib-dev
"
subpackages="$pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
gyp-config.patch
no-werror.patch
nss.pc.in
nss-util.pc.in
nss-softokn.pc.in
nss-config.in
"
# secfixes:
# 3.98-r0:
# - CVE-2023-5388
# 3.76.1-r0:
# - CVE-2022-1097
# 3.73-r0:
# - CVE-2021-43527
# 3.58-r0:
# - CVE-2020-25648
# 3.55-r0:
# - CVE-2020-12400
# - CVE-2020-12401
# - CVE-2020-12403
# - CVE-2020-6829
# 3.53.1-r0:
# - CVE-2020-12402
# 3.49-r0:
# - CVE-2019-17023
# 3.47.1-r0:
# - CVE-2019-11745
# 3.41-r0:
# - CVE-2018-12404
# 3.39-r0:
# - CVE-2018-12384
build() {
cd nss
CFLAGS="$CFLAGS -O2 -flto=auto" \
CXXFLAGS="$CXXFLAGS -O2 -flto=auto" \
./build.sh \
--opt \
--system-nspr \
--system-sqlite \
--enable-libpkix
}
check() {
cd nss/tests
# other tests are failing for some reason and prompt an interactive password
export NSS_TESTS="cipher lowhash libpkix"
export NSS_CYCLES=standard
HOST=localhost DOMSUF=localdomain bash ./all.sh
}
package() {
replaces="nss-dev libnss"
local nss_vmajor=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
local nss_vminor=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
local nss_vpatch=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
local nspr_version="$(pkg-config --modversion nspr)"
# pkgconfig files
mkdir -p "$pkgdir"/usr/lib/pkgconfig
local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
sed "$srcdir"/$_pc.in \
-e "s,%libdir%,/usr/lib,g" \
-e "s,%prefix%,/usr,g" \
-e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \
-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
-e "s,%NSPR_VERSION%,$nspr_version,g" \
-e "s,%NSS_VERSION%,$pkgver,g" \
-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
> "$pkgdir"/usr/lib/pkgconfig/$_pc
done
ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc
# nss-config
mkdir -p "$pkgdir"/usr/bin
sed "$srcdir"/nss-config.in \
-e "s,@libdir@,/usr/lib,g" \
-e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,${nss_vmajor},g" \
-e "s,@MOD_MINOR_VERSION@,${nss_vminor},g" \
-e "s,@MOD_PATCH_VERSION@,${nss_vpatch},g" \
> "$pkgdir"/usr/bin/nss-config
chmod 755 "$pkgdir"/usr/bin/nss-config
local minor=${pkgver#*.}
minor=${minor%.*}
find dist/Release/lib -name "*.so" | while IFS= read -r file; do
install -Dm755 $file \
"$pkgdir"/usr/lib/${file##*/}.$minor
ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
done
for file in certutil cmsutil crlutil modutil pk12util shlibsign \
signtool signver ssltap; do
install -Dm755 dist/Release/bin/$file -t "$pkgdir"/usr/bin/
done
install -Dm644 dist/public/nss/*.h -t "$pkgdir"/usr/include/nss/
install -Dm644 dist/private/nss/blapi.h dist/private/nss/alghmac.h -t "$pkgdir"/usr/include/nss/private/
}
dev() {
# we cannot use default_dev because we need the .so symlinks in main package
local i
pkgdesc="Development files for nss"
depends="$pkgname=$pkgver-r$pkgrel $depends_dev"
amove usr/bin/nss-config
cd "$pkgdir"
for i in usr/include usr/lib/pkgconfig; do
if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
d="$subpkgdir/${i%/*}" # dirname $i
mkdir -p "$d"
mv "$pkgdir/$i" "$d"
rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
fi
done
}
tools() {
pkgdesc="Tools for the Network Security Services"
replaces="nss"
amove usr/bin
}
sha512sums="
8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32 nss-3.99.tar.gz
fba19cc35986dde6e5994ce67ab29fb4417814e12d6ae82c406600832eb8db79a0fdea4fd5eb6c5e77d565bfebb9e154e190796f67c06097ddae1539084243bb gyp-config.patch
20046e6adf3d1cfcd8ddf2b92fe3f79678d569c653d26126dde6a967ab6c90a798b9a6bb6351f82d49dbd751d0637c5e46aa98dbe7342c8cd604c7e3dc8ce48a no-werror.patch
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in
"
|