diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/nss')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/85_security_load_3.85+.patch (renamed from nixpkgs/pkgs/development/libraries/nss/85_security_load.patch) | 14 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/ckpem.patch | 11 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/esr.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/gcc-13-esr.patch | 44 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/generic.nix | 54 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/latest.nix | 4 |
6 files changed, 81 insertions, 50 deletions
diff --git a/nixpkgs/pkgs/development/libraries/nss/85_security_load.patch b/nixpkgs/pkgs/development/libraries/nss/85_security_load_3.85+.patch index 2b2cce465ba7..bc3f48e66744 100644 --- a/nixpkgs/pkgs/development/libraries/nss/85_security_load.patch +++ b/nixpkgs/pkgs/development/libraries/nss/85_security_load_3.85+.patch @@ -12,13 +12,13 @@ index ad8f3b84e..74676d039 100644 if (!lib) { PR_fprintf(PR_STDERR, "loading softokn3 failed"); diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c -index 9e7a0a546..a0a23a1a4 100644 +index 119c8c512..720d39ccc 100644 --- nss/lib/pk11wrap/pk11load.c +++ nss/lib/pk11wrap/pk11load.c -@@ -466,6 +466,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) - * unload the library if anything goes wrong from here on out... - */ +@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) + #else library = PR_LoadLibrary(mod->dllName); + #endif // defined(_WIN32) +#ifndef NSS_STATIC_SOFTOKEN + if ((library == NULL) && + !rindex(mod->dllName, PR_GetDirectorySeparator())) { @@ -32,7 +32,7 @@ index 9e7a0a546..a0a23a1a4 100644 if (library == NULL) { diff --git nss/lib/util/secload.c nss/lib/util/secload.c -index 12efd2f75..8b74478f6 100644 +index 1cebae4e2..9194bb761 100644 --- nss/lib/util/secload.c +++ nss/lib/util/secload.c @@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) @@ -66,8 +66,8 @@ index 12efd2f75..8b74478f6 100644 @@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) | PR_LD_ALT_SEARCH_PATH #endif - ); -+ if (! dlh) { + ); ++ if (!dlh) { + strcpy(fullName + referencePathSize, name); + dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL); + } diff --git a/nixpkgs/pkgs/development/libraries/nss/ckpem.patch b/nixpkgs/pkgs/development/libraries/nss/ckpem.patch deleted file mode 100644 index c1a65a6c0b28..000000000000 --- a/nixpkgs/pkgs/development/libraries/nss/ckpem.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:12.000000000 -0800 -+++ nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:20.000000000 -0800 -@@ -156,8 +156,6 @@ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; - -- PRBool logged_in; -- - /* our raw object data array */ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; diff --git a/nixpkgs/pkgs/development/libraries/nss/esr.nix b/nixpkgs/pkgs/development/libraries/nss/esr.nix index a789f0306d32..d9103f75399a 100644 --- a/nixpkgs/pkgs/development/libraries/nss/esr.nix +++ b/nixpkgs/pkgs/development/libraries/nss/esr.nix @@ -1,4 +1,4 @@ import ./generic.nix { - version = "3.68.4"; - hash = "sha256-K5/T9aG0nzs7KdEgAmdPcEgRViV1b7R3KELsfDm+Fgs="; + version = "3.79.4"; + hash = "sha256-Skcdv6Wzo7fsB4U8b8CijNBmn2mEEp4k9VQeLOFdcdU="; } diff --git a/nixpkgs/pkgs/development/libraries/nss/gcc-13-esr.patch b/nixpkgs/pkgs/development/libraries/nss/gcc-13-esr.patch new file mode 100644 index 000000000000..547ee0bd3761 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/nss/gcc-13-esr.patch @@ -0,0 +1,44 @@ +https://bugzilla.mozilla.org/show_bug.cgi?id=1771273 +https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a + +# HG changeset patch +# User Sergei Trofimovich <slyich@gmail.com> +# Date 1653552519 0 +# Node ID 21e7aaa1f7d94bca15d997e5b4c2329b32fad21a +# Parent ad1046e9eee5f5dc17dac7c9343e2f7f0da44b4e +Bug 1771273 - cpputil/databuffer.h: add missing <cstdint> include r=nss-reviewers,mt + +Without the change build fails on this week's gcc-13 snapshot as: + + ../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type + 20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) { + | ^~~~~~~ + ../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'? + 13 | #include <iostream> + +++ |+#include <cstdint> + 14 | + +Differential Revision: https://phabricator.services.mozilla.com/D147404 + +diff --git a/cpputil/databuffer.h b/cpputil/databuffer.h +--- nss/cpputil/databuffer.h ++++ nss/cpputil/databuffer.h +@@ -6,16 +6,17 @@ + + #ifndef databuffer_h__ + #define databuffer_h__ + + #include <algorithm> + #include <cstring> + #include <iomanip> + #include <iostream> ++#include <cstdint> + + namespace nss_test { + + class DataBuffer { + public: + DataBuffer() : data_(nullptr), len_(0) {} + DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) { + Assign(d, l); + diff --git a/nixpkgs/pkgs/development/libraries/nss/generic.nix b/nixpkgs/pkgs/development/libraries/nss/generic.nix index febc2423388e..b2d1c1e15fd8 100644 --- a/nixpkgs/pkgs/development/libraries/nss/generic.nix +++ b/nixpkgs/pkgs/development/libraries/nss/generic.nix @@ -19,11 +19,6 @@ }: let - nssPEM = fetchurl { - url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; - sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; - }; - underscoreVersion = lib.replaceStrings [ "." ] [ "_" ] version; in stdenv.mkDerivation rec { @@ -44,37 +39,32 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ nspr ]; - prePatch = '' - # strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_ - xz -d < ${nssPEM} | sed \ - -e 's/-DIRS = builtins $/-DIRS = . builtins/g' \ - -e 's/CKO_NETSCAPE_/CKO_NSS_/g' \ - -e 's/CKT_NETSCAPE_/CKT_NSS_/g' \ - | patch -p1 - - patchShebangs nss - - for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do - substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" - done - - substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" - ''; - patches = [ # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - (if (lib.versionOlder version "3.77") then - ./85_security_load.patch - else + (if (lib.versionOlder version "3.84") then ./85_security_load_3.77+.patch + else + ./85_security_load_3.85+.patch ) - ./ckpem.patch ./fix-cross-compilation.patch + ] ++ lib.optionals (lib.versionOlder version "3.89") [ + # Backport gcc-13 build fix: + # https://bugzilla.mozilla.org/show_bug.cgi?id=1771273 + # https://hg.mozilla.org/projects/nss/raw-rev/21e7aaa1f7d94bca15d997e5b4c2329b32fad21a + ./gcc-13-esr.patch ]; patchFlags = [ "-p0" ]; - postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' + postPatch = '' + patchShebangs nss + + for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do + substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" + done + + substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" ''; @@ -111,6 +101,7 @@ stdenv.mkDerivation rec { -Dhost_arch=${host} \ -Duse_system_zlib=1 \ --enable-libpkix \ + -j $NIX_BUILD_CORES \ ${lib.optionalString enableFIPS "--enable-fips"} \ ${lib.optionalString stdenv.isDarwin "--clang"} \ ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} @@ -118,7 +109,14 @@ stdenv.mkDerivation rec { runHook postBuild ''; - NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\" " + lib.optionalString stdenv.hostPlatform.is64bit "-DNSS_USE_64=1"; + env.NIX_CFLAGS_COMPILE = toString ([ + "-Wno-error" + "-DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\"" + ] ++ lib.optionals stdenv.hostPlatform.is64bit [ + "-DNSS_USE_64=1" + ] ++ lib.optionals stdenv.hostPlatform.isILP32 [ + "-DNS_PTR_LE_32=1" # See RNG_RandomUpdate() in drdbg.c + ]); installPhase = '' runHook preInstall diff --git a/nixpkgs/pkgs/development/libraries/nss/latest.nix b/nixpkgs/pkgs/development/libraries/nss/latest.nix index f313cc328822..fc00cd84b727 100644 --- a/nixpkgs/pkgs/development/libraries/nss/latest.nix +++ b/nixpkgs/pkgs/development/libraries/nss/latest.nix @@ -5,6 +5,6 @@ # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert import ./generic.nix { - version = "3.82"; - hash = "sha256-Mr9nO3LC+ZU+07THAzq/WmytMChUokrliMV1plZ8FXM="; + version = "3.89.1"; + hash = "sha256-OtrtuecMPF9AYDv2CgHjNhkKbb4Bkp05XxawH+hKAVY="; } |