diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/pkgs/development/libraries/nss | |
parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/nss')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/85_security_load_3.77+.patch | 76 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/esr.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/generic.nix (renamed from nixpkgs/pkgs/development/libraries/nss/default.nix) | 29 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/latest.nix | 10 |
4 files changed, 108 insertions, 11 deletions
diff --git a/nixpkgs/pkgs/development/libraries/nss/85_security_load_3.77+.patch b/nixpkgs/pkgs/development/libraries/nss/85_security_load_3.77+.patch new file mode 100644 index 000000000000..bae86c9d26ad --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/nss/85_security_load_3.77+.patch @@ -0,0 +1,76 @@ +diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c +index ad8f3b84e..74676d039 100644 +--- nss/cmd/shlibsign/shlibsign.c ++++ nss/cmd/shlibsign/shlibsign.c +@@ -875,6 +875,8 @@ main(int argc, char **argv) + goto cleanup; + } + lib = PR_LoadLibrary(libname); ++ if (!lib) ++ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); + assert(lib != NULL); + if (!lib) { + PR_fprintf(PR_STDERR, "loading softokn3 failed"); +diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c +index 119c8c512..720d39ccc 100644 +--- nss/lib/pk11wrap/pk11load.c ++++ nss/lib/pk11wrap/pk11load.c +@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) + #else + library = PR_LoadLibrary(mod->dllName); + #endif // defined(_WIN32) ++#ifndef NSS_STATIC_SOFTOKEN ++ if ((library == NULL) && ++ !rindex(mod->dllName, PR_GetDirectorySeparator())) { ++ library = PORT_LoadLibraryFromOrigin(my_shlib_name, ++ (PRFuncPtr) &softoken_LoadDSO, ++ mod->dllName); ++ } ++#endif ++ + mod->library = (void *)library; + + if (library == NULL) { +diff --git nss/lib/util/secload.c nss/lib/util/secload.c +index 12efd2f75..8b74478f6 100644 +--- nss/lib/util/secload.c ++++ nss/lib/util/secload.c +@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) + + /* Remove the trailing filename from referencePath and add the new one */ + c = strrchr(referencePath, PR_GetDirectorySeparator()); ++ if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] ++ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ ++ referencePath = NIX_NSS_LIBDIR; ++ c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ ++ } + if (c) { + size_t referencePathSize = 1 + c - referencePath; +- fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1); ++ fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5); + if (fullName) { + memcpy(fullName, referencePath, referencePathSize); + strcpy(fullName + referencePathSize, name); +@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) + #endif + libSpec.type = PR_LibSpec_Pathname; + libSpec.value.pathname = fullName; ++ if ((referencePathSize >= 4) && ++ (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { ++ memcpy(fullName + referencePathSize -4, "lib", 3); ++ } ++ strcpy(fullName + referencePathSize, name); + dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL + #ifdef PR_LD_ALT_SEARCH_PATH + /* allow library's dependencies to be found in the same directory +@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) + | PR_LD_ALT_SEARCH_PATH + #endif + ); ++ if (! dlh) { ++ strcpy(fullName + referencePathSize, name); ++ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL); ++ } + PORT_Free(fullName); + } + } diff --git a/nixpkgs/pkgs/development/libraries/nss/esr.nix b/nixpkgs/pkgs/development/libraries/nss/esr.nix new file mode 100644 index 000000000000..a789f0306d32 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/nss/esr.nix @@ -0,0 +1,4 @@ +import ./generic.nix { + version = "3.68.4"; + hash = "sha256-K5/T9aG0nzs7KdEgAmdPcEgRViV1b7R3KELsfDm+Fgs="; +} diff --git a/nixpkgs/pkgs/development/libraries/nss/default.nix b/nixpkgs/pkgs/development/libraries/nss/generic.nix index d17f4c4a7835..febc2423388e 100644 --- a/nixpkgs/pkgs/development/libraries/nss/default.nix +++ b/nixpkgs/pkgs/development/libraries/nss/generic.nix @@ -1,3 +1,4 @@ +{ version, hash }: { lib , stdenv , fetchurl @@ -14,6 +15,7 @@ , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false +, nixosTests }: let @@ -22,21 +24,15 @@ let sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; - # NOTE: Whenever you updated this version check if the `cacert` package also - # needs an update. You can run the regular updater script for cacerts. - # It will rebuild itself using the version of this package (NSS) and if - # an update is required do the required changes to the expression. - # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert - version = "3.75"; - + underscoreVersion = lib.replaceStrings [ "." ] [ "_" ] version; in stdenv.mkDerivation rec { pname = "nss"; inherit version; src = fetchurl { - url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings [ "." ] [ "_" ] version}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "10l5qn68gly2l4ifv0v6by1qc8nsmhra08nm9m7n913jh83iamzx"; + url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; + inherit hash; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -67,7 +63,11 @@ stdenv.mkDerivation rec { patches = [ # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - ./85_security_load.patch + (if (lib.versionOlder version "3.77") then + ./85_security_load.patch + else + ./85_security_load_3.77+.patch + ) ./ckpem.patch ./fix-cross-compilation.patch ]; @@ -187,10 +187,17 @@ stdenv.mkDerivation rec { passthru.updateScript = ./update.sh; + passthru.tests = lib.optionalAttrs (lib.versionOlder version "3.69") { + inherit (nixosTests) firefox-esr-91; + } // lib.optionalAttrs (lib.versionAtLeast version "3.69") { + inherit (nixosTests) firefox firefox-esr-102; + }; + meta = with lib; { homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"; description = "A set of libraries for development of security-enabled client and server applications"; - maintainers = with maintainers; [ ]; + changelog = "https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_${underscoreVersion}.rst"; + maintainers = with maintainers; [ hexa ajs124 ]; license = licenses.mpl20; platforms = platforms.all; }; diff --git a/nixpkgs/pkgs/development/libraries/nss/latest.nix b/nixpkgs/pkgs/development/libraries/nss/latest.nix new file mode 100644 index 000000000000..f313cc328822 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/nss/latest.nix @@ -0,0 +1,10 @@ +# NOTE: Whenever you updated this version check if the `cacert` package also +# needs an update. You can run the regular updater script for cacerts. +# It will rebuild itself using the version of this package (NSS) and if +# an update is required do the required changes to the expression. +# Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert + +import ./generic.nix { + version = "3.82"; + hash = "sha256-Mr9nO3LC+ZU+07THAzq/WmytMChUokrliMV1plZ8FXM="; +} |