[arch-commits] Commit in lib32-nss/repos (4 files)
Jan Steffens
heftig at archlinux.org
Wed Aug 27 19:45:22 UTC 2014
Date: Wednesday, August 27, 2014 @ 21:45:22
Author: heftig
Revision: 117984
archrelease: copy trunk to multilib-testing-x86_64
Added:
lib32-nss/repos/multilib-testing-x86_64/
lib32-nss/repos/multilib-testing-x86_64/PKGBUILD
(from rev 117983, lib32-nss/trunk/PKGBUILD)
lib32-nss/repos/multilib-testing-x86_64/nss.pc.in
(from rev 117983, lib32-nss/trunk/nss.pc.in)
lib32-nss/repos/multilib-testing-x86_64/ssl-renegotiate-transitional.patch
(from rev 117983, lib32-nss/trunk/ssl-renegotiate-transitional.patch)
------------------------------------+
PKGBUILD | 82 +++++++++++++++++++++++++++++++++++
nss.pc.in | 11 ++++
ssl-renegotiate-transitional.patch | 21 ++++++++
3 files changed, 114 insertions(+)
Copied: lib32-nss/repos/multilib-testing-x86_64/PKGBUILD (from rev 117983, lib32-nss/trunk/PKGBUILD)
===================================================================
--- multilib-testing-x86_64/PKGBUILD (rev 0)
+++ multilib-testing-x86_64/PKGBUILD 2014-08-27 19:45:22 UTC (rev 117984)
@@ -0,0 +1,82 @@
+# $Id$
+# Maintainer: Daniel Wallace <danielwallace at gtmanfred dot com>
+# Contributor: kfgz <kfgz at interia pl>
+# Contributor: Ionut Biru <ibiru at archlinux dot org>
+
+_pkgbasename=nss
+pkgname=lib32-${_pkgbasename}
+pkgver=3.17
+pkgrel=1
+pkgdesc="Mozilla Network Security Services (32-bit)"
+arch=('x86_64')
+url="http://www.mozilla.org/projects/security/pki/nss/"
+
+#download_url=ftp://ftp.mozilla.org/pub/security/nss/releases/
+#alternative download link
+#ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_pkgbasename}-${pkgver}.tar.gz
+
+license=('MPL' 'GPL')
+_nsprver=4.10.7
+depends=("lib32-nspr>=${_nsprver}" 'lib32-sqlite>=3.6.17' "${_pkgbasename}" 'lib32-zlib' 'lib32-p11-kit')
+makedepends=('gcc-multilib' 'perl')
+options=('!strip' '!makeflags' staticlibs)
+source=(ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_pkgbasename}-${pkgver}.tar.gz
+ nss.pc.in
+ ssl-renegotiate-transitional.patch)
+sha256sums=('3b1abcd8f89211dda2cc739bfa76552d080f7ea80482ef2727b006548a7f0c81'
+ 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
+ '12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97')
+
+prepare() {
+ cd "${srcdir}"/${_pkgbasename}-${pkgver}/
+
+ # Adds transitional SSL renegotiate support - patch from Debian
+ patch -Np3 -i "${srcdir}/ssl-renegotiate-transitional.patch"
+
+ # Respect LDFLAGS
+ sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \
+ -i nss/coreconf/rules.mk
+}
+
+build(){
+ cd "${srcdir}"/${_pkgbasename}-${pkgver}/$_pkgbasename
+
+ export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSS_ENABLE_ECC=1
+ export NSPR_INCLUDE_DIR="`nspr-config --includedir`"
+ export NSPR_LIB_DIR="`nspr-config --libdir`"
+ export XCFLAGS="${CFLAGS}"
+
+ make -C coreconf
+ make -C lib/dbm
+ make
+}
+
+package() {
+ cd "${srcdir}"/${_pkgbasename}-${pkgver}/$_pkgbasename
+ install -d "$pkgdir"/usr/lib32/pkgconfig
+
+ NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}')
+ NSS_VMINOR=$(grep '#define.*NSS_VMINOR' nss/lib/nss/nss.h | awk '{print $3}')
+ NSS_VPATCH=$(grep '#define.*NSS_VPATCH' nss/lib/nss/nss.h | awk '{print $3}')
+
+ sed $srcdir/nss.pc.in \
+ -e "s,%libdir%,/usr/lib32,g" \
+ -e "s,%prefix%,/usr,g" \
+ -e "s,%exec_prefix%,/usr/bin,g" \
+ -e "s,%includedir%,/usr/include/nss,g" \
+ -e "s,%NSPR_VERSION%,${_nsprver},g" \
+ -e "s,%NSS_VERSION%,${pkgver},g" \
+ > "$pkgdir/usr/lib32/pkgconfig/nss.pc"
+ ln -s nss.pc "$pkgdir/usr/lib32/pkgconfig/mozilla-nss.pc"
+
+
+ cd "${srcdir}"/${_pkgbasename}-${pkgver}/dist/*.OBJ/lib
+ install -t "$pkgdir/usr/lib32" *.so
+ install -t "$pkgdir/usr/lib32" -m644 libcrmf.a *.chk
+
+ rm "$pkgdir/usr/lib32/libnssckbi.so"
+ ln -s pkcs11/p11-kit-trust.so "$pkgdir/usr/lib32/libnssckbi.so"
+}
Copied: lib32-nss/repos/multilib-testing-x86_64/nss.pc.in (from rev 117983, lib32-nss/trunk/nss.pc.in)
===================================================================
--- multilib-testing-x86_64/nss.pc.in (rev 0)
+++ multilib-testing-x86_64/nss.pc.in 2014-08-27 19:45:22 UTC (rev 117984)
@@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS
+Description: Network Security Services
+Version: %NSS_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
Copied: lib32-nss/repos/multilib-testing-x86_64/ssl-renegotiate-transitional.patch (from rev 117983, lib32-nss/trunk/ssl-renegotiate-transitional.patch)
===================================================================
--- multilib-testing-x86_64/ssl-renegotiate-transitional.patch (rev 0)
+++ multilib-testing-x86_64/ssl-renegotiate-transitional.patch 2014-08-27 19:45:22 UTC (rev 117984)
@@ -0,0 +1,21 @@
+Enable transitional scheme for ssl renegotiation:
+
+(from mozilla/security/nss/lib/ssl/ssl.h)
+Disallow unsafe renegotiation in server sockets only, but allow clients
+to continue to renegotiate with vulnerable servers.
+This value should only be used during the transition period when few
+servers have been upgraded.
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* noLocks */
+ PR_FALSE, /* enableSessionTickets */
+ PR_FALSE, /* enableDeflate */
+- 2, /* enableRenegotiation (default: requires extension) */
++ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ };
+
More information about the arch-commits
mailing list