pyrox.dev / nixpkgs
lol
fork atom

nss: Update to 3.16

Eelco Dolstra 6fe24bda 393c9f2e

+32 -79
+28 -26
pkgs/development/libraries/nss/85_security_load.patch
··· 1 - ## 85_security_load.patch by Mike Hommey <glandium@debian.org> 2 - ## 3 - ## All lines beginning with `## DP:' are a description of the patch. 4 - ## DP: Load modules from $ORIGIN/nss. 5 - 6 - Index: nss/nss/cmd/shlibsign/shlibsign.c 7 - =================================================================== 8 - --- nss.orig/nss/cmd/shlibsign/shlibsign.c 2013-08-05 14:40:31.041657554 +0900 9 - +++ nss/nss/cmd/shlibsign/shlibsign.c 2013-08-05 14:40:31.033657739 +0900 10 - @@ -851,6 +851,8 @@ 1 + diff -ru nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c nss-3.16/nss/cmd/shlibsign/shlibsign.c 2 + --- nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c 2014-03-14 21:31:59.000000000 +0100 3 + +++ nss-3.16/nss/cmd/shlibsign/shlibsign.c 2014-04-22 14:50:31.340743655 +0200 4 + @@ -852,6 +852,8 @@ 11 5 libname = PR_GetLibraryName(NULL, "softokn3"); 12 6 assert(libname != NULL); 13 7 lib = PR_LoadLibrary(libname); 14 8 + if (!lib) 15 - + lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so"); 9 + + lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); 16 10 assert(lib != NULL); 17 11 PR_FreeLibraryName(libname); 18 12 19 - Index: nss/nss/lib/pk11wrap/pk11load.c 20 - =================================================================== 21 - --- nss.orig/nss/lib/pk11wrap/pk11load.c 2013-08-05 14:40:31.041657554 +0900 22 - +++ nss/nss/lib/pk11wrap/pk11load.c 2013-08-05 14:40:31.033657739 +0900 13 + Only in nss-3.16/nss/cmd/shlibsign: shlibsign.c.orig 14 + diff -ru nss-3.16-orig/nss/coreconf/config.mk nss-3.16/nss/coreconf/config.mk 15 + --- nss-3.16-orig/nss/coreconf/config.mk 2014-03-14 21:31:59.000000000 +0100 16 + +++ nss-3.16/nss/coreconf/config.mk 2014-04-22 14:50:51.302731097 +0200 17 + @@ -188,3 +188,6 @@ 18 + 19 + # Hide old, deprecated, TLS cipher suite names when building NSS 20 + DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES 21 + + 22 + +# Nix specific stuff. 23 + +DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" 24 + diff -ru nss-3.16-orig/nss/lib/pk11wrap/pk11load.c nss-3.16/nss/lib/pk11wrap/pk11load.c 25 + --- nss-3.16-orig/nss/lib/pk11wrap/pk11load.c 2014-03-14 21:31:59.000000000 +0100 26 + +++ nss-3.16/nss/lib/pk11wrap/pk11load.c 2014-04-22 14:50:22.164749330 +0200 23 27 @@ -406,6 +406,13 @@ 24 28 * unload the library if anything goes wrong from here on out... 25 29 */ ··· 34 38 mod->library = (void *)library; 35 39 36 40 if (library == NULL) { 37 - Index: nss/nss/lib/util/secload.c 38 - =================================================================== 39 - --- nss.orig/nss/lib/util/secload.c 2013-08-05 14:40:31.041657554 +0900 40 - +++ nss/nss/lib/util/secload.c 2013-08-05 14:40:31.033657739 +0900 41 + diff -ru nss-3.16-orig/nss/lib/util/secload.c nss-3.16/nss/lib/util/secload.c 42 + --- nss-3.16-orig/nss/lib/util/secload.c 2014-03-14 21:31:59.000000000 +0100 43 + +++ nss-3.16/nss/lib/util/secload.c 2014-04-22 14:50:31.342743654 +0200 41 44 @@ -69,9 +69,14 @@ 42 45 43 46 /* Remove the trailing filename from referencePath and add the new one */ 44 47 c = strrchr(referencePath, PR_GetDirectorySeparator()); 45 48 + if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] 46 - + * and program was called from $PATH. Hack to get libs from /usr/lib */ 47 - + referencePath = "/usr/lib/"; 48 - + c = &referencePath[8]; /* last / */ 49 + + * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ 50 + + referencePath = NIX_NSS_LIBDIR; 51 + + c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ 49 52 + } 50 53 if (c) { 51 54 size_t referencePathSize = 1 + c - referencePath; ··· 54 57 if (fullName) { 55 58 memcpy(fullName, referencePath, referencePathSize); 56 59 strcpy(fullName + referencePathSize, name); 57 - @@ -81,6 +86,12 @@ 60 + @@ -81,6 +86,11 @@ 58 61 #endif 59 62 libSpec.type = PR_LibSpec_Pathname; 60 63 libSpec.value.pathname = fullName; ··· 62 65 + (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { 63 66 + memcpy(fullName + referencePathSize -4, "lib", 3); 64 67 + } 65 - + strcpy(fullName + referencePathSize, "nss/"); 66 - + strcpy(fullName + referencePathSize + 4, name); 68 + + strcpy(fullName + referencePathSize, name); 67 69 dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL 68 70 #ifdef PR_LD_ALT_SEARCH_PATH 69 71 /* allow library's dependencies to be found in the same directory 70 - @@ -88,6 +99,10 @@ 72 + @@ -88,6 +98,10 @@ 71 73 | PR_LD_ALT_SEARCH_PATH 72 74 #endif 73 75 );
+4 -5
pkgs/development/libraries/nss/default.nix
··· 11 11 12 12 in stdenv.mkDerivation rec { 13 13 name = "nss-${version}"; 14 - version = "3.15.4"; 14 + version = "3.16"; 15 15 16 16 src = fetchurl { 17 - url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/${name}.tar.gz"; 18 - sha1 = "c164fac83fcbaff010786767e2a858ca23a89a5b"; 17 + url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/${name}.tar.gz"; 18 + sha1 = "981dc6ef2f1e69ec7e2b277ce27c7005e9837f95"; 19 19 }; 20 20 21 21 buildInputs = [ nspr perl zlib sqlite ]; ··· 26 26 27 27 patches = 28 28 [ ./nss-3.15-gentoo-fixups.patch 29 - # from http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch 29 + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch 30 30 ./85_security_load.patch 31 - ./nix_secload_fixup.patch 32 31 ]; 33 32 34 33 postPatch = ''
-48
pkgs/development/libraries/nss/nix_secload_fixup.patch
··· 1 - diff -ru -x '*~' nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c nss-3.15.1/nss/cmd/shlibsign/shlibsign.c 2 - --- nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:03:40.013256377 +0200 3 - +++ nss-3.15.1/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:04:21.128410153 +0200 4 - @@ -853,7 +853,7 @@ 5 - assert(libname != NULL); 6 - lib = PR_LoadLibrary(libname); 7 - if (!lib) 8 - - lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so"); 9 - + lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); 10 - assert(lib != NULL); 11 - PR_FreeLibraryName(libname); 12 - 13 - diff -ru -x '*~' nss-3.15.1-orig/nss/coreconf/config.mk nss-3.15.1/nss/coreconf/config.mk 14 - --- nss-3.15.1-orig/nss/coreconf/config.mk 2013-06-27 19:58:08.000000000 +0200 15 - +++ nss-3.15.1/nss/coreconf/config.mk 2013-08-07 16:11:27.364608802 +0200 16 - @@ -181,3 +181,6 @@ 17 - 18 - # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features 19 - DEFINES += -DNO_NSPR_10_SUPPORT 20 - + 21 - +# Nix specific stuff. 22 - +DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" 23 - diff -ru -x '*~' nss-3.15.1-orig/nss/lib/util/secload.c nss-3.15.1/nss/lib/util/secload.c 24 - --- nss-3.15.1-orig/nss/lib/util/secload.c 2013-08-07 16:03:40.014256381 +0200 25 - +++ nss-3.15.1/nss/lib/util/secload.c 2013-08-07 16:05:02.453563064 +0200 26 - @@ -70,9 +70,9 @@ 27 - /* Remove the trailing filename from referencePath and add the new one */ 28 - c = strrchr(referencePath, PR_GetDirectorySeparator()); 29 - if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] 30 - - * and program was called from $PATH. Hack to get libs from /usr/lib */ 31 - - referencePath = "/usr/lib/"; 32 - - c = &referencePath[8]; /* last / */ 33 - + * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ 34 - + referencePath = NIX_NSS_LIBDIR; 35 - + c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ 36 - } 37 - if (c) { 38 - size_t referencePathSize = 1 + c - referencePath; 39 - @@ -90,8 +90,7 @@ 40 - (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { 41 - memcpy(fullName + referencePathSize -4, "lib", 3); 42 - } 43 - - strcpy(fullName + referencePathSize, "nss/"); 44 - - strcpy(fullName + referencePathSize + 4, name); 45 - + strcpy(fullName + referencePathSize, name); 46 - dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL 47 - #ifdef PR_LD_ALT_SEARCH_PATH 48 - /* allow library's dependencies to be found in the same directory