summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Stakenvicius <axs@gentoo.org>2017-01-19 10:40:12 -0500
committerIan Stakenvicius <axs@gentoo.org>2017-01-19 10:40:50 -0500
commit05c31f8cca591b3ce8219e4def7c26c7b1b130d6 (patch)
tree19c78d1cc80e320e6b2fea013e694e8c684dd7ca /dev-libs/nss
parentvirtual/perl-Encode: Spread keywords from dev-lang/perl (diff)
downloadgentoo-05c31f8cca591b3ce8219e4def7c26c7b1b130d6.tar.gz
gentoo-05c31f8cca591b3ce8219e4def7c26c7b1b130d6.tar.bz2
gentoo-05c31f8cca591b3ce8219e4def7c26c7b1b130d6.zip
dev-libs/nss: clean old, security bug 604916
Package-Manager: portage-2.3.0
Diffstat (limited to 'dev-libs/nss')
-rw-r--r--dev-libs/nss/Manifest7
-rw-r--r--dev-libs/nss/files/nss-3.21-cacert-class3.patch203
-rw-r--r--dev-libs/nss/files/nss-3.21-gentoo-fixups.patch238
-rw-r--r--dev-libs/nss/files/nss-3.21-hppa-byte_order.patch16
-rw-r--r--dev-libs/nss/files/nss-3.21-pem-werror.patch141
-rw-r--r--dev-libs/nss/nss-3.22.2.ebuild331
-rw-r--r--dev-libs/nss/nss-3.23.ebuild340
-rw-r--r--dev-libs/nss/nss-3.25-r1.ebuild339
-rw-r--r--dev-libs/nss/nss-3.26.1.ebuild338
-rw-r--r--dev-libs/nss/nss-3.27.2.ebuild339
10 files changed, 0 insertions, 2292 deletions
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 51c832c25834..e4859491319f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,10 +1,3 @@
-DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
-DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
-DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
-DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
-DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
-DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836
diff --git a/dev-libs/nss/files/nss-3.21-cacert-class3.patch b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
deleted file mode 100644
index fb4cf74aba9f..000000000000
--- a/dev-libs/nss/files/nss-3.21-cacert-class3.patch
+++ /dev/null
@@ -1,203 +0,0 @@
---- nss/lib/ckfw/builtins/certdata.txt
-+++ nss/lib/ckfw/builtins/certdata.txt
-@@ -30351,3 +30351,200 @@
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-+
-+#
-+# Certificate "CAcert Inc."
-+#
-+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
-+# Serial Number: 672138 (0xa418a)
-+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
-+# Not Valid Before: Mon May 23 17:48:02 2011
-+# Not Valid After : Thu May 20 17:48:02 2021
-+# Fingerprint (SHA-256): 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5:BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8
-+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
-+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "CAcert Inc."
-+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-+CKA_SUBJECT MULTILINE_OCTAL
-+\060\124\061\024\060\022\006\003\125\004\012\023\013\103\101\143
-+\145\162\164\040\111\156\143\056\061\036\060\034\006\003\125\004
-+\013\023\025\150\164\164\160\072\057\057\167\167\167\056\103\101
-+\143\145\162\164\056\157\162\147\061\034\060\032\006\003\125\004
-+\003\023\023\103\101\143\145\162\164\040\103\154\141\163\163\040
-+\063\040\122\157\157\164
-+END
-+CKA_ID UTF8 "0"
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
-+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
-+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
-+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
-+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
-+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
-+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
-+\100\143\141\143\145\162\164\056\157\162\147
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\003\012\101\212
-+END
-+CKA_VALUE MULTILINE_OCTAL
-+\060\202\007\131\060\202\005\101\240\003\002\001\002\002\003\012
-+\101\212\060\015\006\011\052\206\110\206\367\015\001\001\013\005
-+\000\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157
-+\157\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025
-+\150\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162
-+\164\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031
-+\103\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040
-+\101\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052
-+\206\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162
-+\164\100\143\141\143\145\162\164\056\157\162\147\060\036\027\015
-+\061\061\060\065\062\063\061\067\064\070\060\062\132\027\015\062
-+\061\060\065\062\060\061\067\064\070\060\062\132\060\124\061\024
-+\060\022\006\003\125\004\012\023\013\103\101\143\145\162\164\040
-+\111\156\143\056\061\036\060\034\006\003\125\004\013\023\025\150
-+\164\164\160\072\057\057\167\167\167\056\103\101\143\145\162\164
-+\056\157\162\147\061\034\060\032\006\003\125\004\003\023\023\103
-+\101\143\145\162\164\040\103\154\141\163\163\040\063\040\122\157
-+\157\164\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-+\002\001\000\253\111\065\021\110\174\322\046\176\123\224\317\103
-+\251\335\050\327\102\052\213\363\207\170\031\130\174\017\236\332
-+\211\175\341\373\353\162\220\015\164\241\226\144\253\237\240\044
-+\231\163\332\342\125\166\307\027\173\365\004\254\106\270\303\276
-+\177\144\215\020\154\044\363\141\234\300\362\220\372\121\346\365
-+\151\001\143\303\017\126\342\112\102\317\342\104\214\045\050\250
-+\305\171\011\175\106\271\212\363\351\363\064\051\010\105\344\034
-+\237\313\224\004\034\201\250\024\263\230\145\304\103\354\116\202
-+\215\011\321\275\252\133\215\222\320\354\336\220\305\177\012\302
-+\343\353\346\061\132\136\164\076\227\063\131\350\303\003\075\140
-+\063\277\367\321\157\107\304\315\356\142\203\122\156\056\010\232
-+\244\331\025\030\221\246\205\222\107\260\256\110\353\155\267\041
-+\354\205\032\150\162\065\253\377\360\020\135\300\364\224\247\152
-+\325\073\222\176\114\220\005\176\223\301\054\213\244\216\142\164
-+\025\161\156\013\161\003\352\257\025\070\232\324\322\005\162\157
-+\214\371\053\353\132\162\045\371\071\106\343\162\033\076\004\303
-+\144\047\042\020\052\212\117\130\247\003\255\276\264\056\023\355
-+\135\252\110\327\325\175\324\052\173\134\372\106\004\120\344\314
-+\016\102\133\214\355\333\362\317\374\226\223\340\333\021\066\124
-+\142\064\070\217\014\140\233\073\227\126\070\255\363\322\133\213
-+\240\133\352\116\226\270\174\327\325\240\206\160\100\323\221\051
-+\267\242\074\255\365\214\273\317\032\222\212\344\064\173\300\330
-+\154\137\351\012\302\303\247\040\232\132\337\054\135\122\134\272
-+\107\325\233\357\044\050\160\070\040\057\325\177\051\300\262\101
-+\003\150\222\314\340\234\314\227\113\105\357\072\020\012\253\160
-+\072\230\225\160\255\065\261\352\205\053\244\034\200\041\061\251
-+\256\140\172\200\046\110\000\270\001\300\223\143\125\042\221\074
-+\126\347\257\333\072\045\363\217\061\124\352\046\213\201\131\371
-+\241\321\123\021\305\173\235\003\366\164\021\340\155\261\054\077
-+\054\206\221\231\161\232\246\167\213\064\140\321\024\264\054\254
-+\235\257\214\020\323\237\304\152\370\157\023\374\163\131\367\146
-+\102\164\036\212\343\370\334\322\157\230\234\313\107\230\225\100
-+\005\373\351\002\003\001\000\001\243\202\002\015\060\202\002\011
-+\060\035\006\003\125\035\016\004\026\004\024\165\250\161\140\114
-+\210\023\360\170\331\211\167\265\155\305\211\337\274\261\172\060
-+\201\243\006\003\125\035\043\004\201\233\060\201\230\200\024\026
-+\265\062\033\324\307\363\340\346\216\363\275\322\260\072\356\262
-+\071\030\321\241\175\244\173\060\171\061\020\060\016\006\003\125
-+\004\012\023\007\122\157\157\164\040\103\101\061\036\060\034\006
-+\003\125\004\013\023\025\150\164\164\160\072\057\057\167\167\167
-+\056\143\141\143\145\162\164\056\157\162\147\061\042\060\040\006
-+\003\125\004\003\023\031\103\101\040\103\145\162\164\040\123\151
-+\147\156\151\156\147\040\101\165\164\150\157\162\151\164\171\061
-+\041\060\037\006\011\052\206\110\206\367\015\001\011\001\026\022
-+\163\165\160\160\157\162\164\100\143\141\143\145\162\164\056\157
-+\162\147\202\001\000\060\017\006\003\125\035\023\001\001\377\004
-+\005\060\003\001\001\377\060\135\006\010\053\006\001\005\005\007
-+\001\001\004\121\060\117\060\043\006\010\053\006\001\005\005\007
-+\060\001\206\027\150\164\164\160\072\057\057\157\143\163\160\056
-+\103\101\143\145\162\164\056\157\162\147\057\060\050\006\010\053
-+\006\001\005\005\007\060\002\206\034\150\164\164\160\072\057\057
-+\167\167\167\056\103\101\143\145\162\164\056\157\162\147\057\143
-+\141\056\143\162\164\060\112\006\003\125\035\040\004\103\060\101
-+\060\077\006\010\053\006\001\004\001\201\220\112\060\063\060\061
-+\006\010\053\006\001\005\005\007\002\001\026\045\150\164\164\160
-+\072\057\057\167\167\167\056\103\101\143\145\162\164\056\157\162
-+\147\057\151\156\144\145\170\056\160\150\160\077\151\144\075\061
-+\060\060\064\006\011\140\206\110\001\206\370\102\001\010\004\047
-+\026\045\150\164\164\160\072\057\057\167\167\167\056\103\101\143
-+\145\162\164\056\157\162\147\057\151\156\144\145\170\056\160\150
-+\160\077\151\144\075\061\060\060\120\006\011\140\206\110\001\206
-+\370\102\001\015\004\103\026\101\124\157\040\147\145\164\040\171
-+\157\165\162\040\157\167\156\040\143\145\162\164\151\146\151\143
-+\141\164\145\040\146\157\162\040\106\122\105\105\054\040\147\157
-+\040\164\157\040\150\164\164\160\072\057\057\167\167\167\056\103
-+\101\143\145\162\164\056\157\162\147\060\015\006\011\052\206\110
-+\206\367\015\001\001\013\005\000\003\202\002\001\000\051\050\205
-+\256\104\251\271\257\244\171\023\360\250\243\053\227\140\363\134
-+\356\343\057\301\366\342\146\240\021\256\066\067\072\166\025\004
-+\123\352\102\365\371\352\300\025\330\246\202\331\344\141\256\162
-+\013\051\134\220\103\350\101\262\341\167\333\002\023\104\170\107
-+\125\257\130\374\314\230\366\105\271\321\040\370\330\041\007\376
-+\155\252\163\324\263\306\007\351\011\205\314\073\362\266\276\054
-+\034\045\325\161\214\071\265\056\352\276\030\201\272\260\223\270
-+\017\343\346\327\046\214\061\132\162\003\204\122\346\246\365\063
-+\042\105\012\310\013\015\212\270\066\157\220\011\241\253\275\327
-+\325\116\056\161\242\324\256\372\247\124\053\353\065\215\132\267
-+\124\210\057\356\164\237\355\110\026\312\015\110\320\224\323\254
-+\244\242\366\044\337\222\343\275\353\103\100\221\156\034\030\216
-+\126\264\202\022\363\251\223\237\324\274\234\255\234\165\356\132
-+\227\033\225\347\164\055\034\017\260\054\227\237\373\251\063\071
-+\172\347\003\072\222\216\042\366\214\015\344\331\176\015\166\030
-+\367\001\371\357\226\226\242\125\163\300\074\161\264\035\032\126
-+\103\267\303\012\215\162\374\342\020\011\013\101\316\214\224\240
-+\371\003\375\161\163\113\212\127\063\345\216\164\176\025\001\000
-+\346\314\112\034\347\177\225\031\055\305\245\014\213\273\265\355
-+\205\263\134\323\337\270\271\362\312\307\015\001\024\254\160\130
-+\305\214\215\063\324\235\146\243\032\120\225\043\374\110\340\006
-+\103\022\331\315\247\206\071\057\066\162\243\200\020\344\341\363
-+\321\313\133\032\300\344\200\232\174\023\163\006\117\333\243\153
-+\044\012\272\263\034\274\112\170\273\345\343\165\070\245\110\247
-+\242\036\257\166\324\136\367\070\206\126\132\211\316\326\303\247
-+\171\262\122\240\306\361\205\264\045\214\362\077\226\263\020\331
-+\215\154\127\073\237\157\206\072\030\202\042\066\310\260\221\070
-+\333\052\241\223\252\204\077\365\047\145\256\163\325\310\325\323
-+\167\352\113\235\307\101\273\307\300\343\240\077\344\175\244\215
-+\163\346\022\113\337\241\163\163\163\072\200\350\325\313\216\057
-+\313\352\023\247\326\101\213\254\372\074\211\327\044\365\116\264
-+\340\141\222\267\363\067\230\304\276\226\243\267\212
-+END
-+
-+# Trust for "CAcert Inc."
-+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
-+# Serial Number: 672138 (0xa418a)
-+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
-+# Not Valid Before: Mon May 23 17:48:02 2011
-+# Not Valid After : Thu May 20 17:48:02 2021
-+# Fingerprint (SHA-256): 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5:BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8
-+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
-+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "CAcert Inc."
-+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-+\255\174\077\144\374\104\071\376\364\351\013\350\364\174\154\372
-+\212\255\375\316
-+END
-+CKA_CERT_MD5_HASH MULTILINE_OCTAL
-+\367\045\022\202\116\147\265\320\215\222\267\174\013\206\172\102
-+END
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
-+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
-+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
-+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
-+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
-+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
-+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
-+\100\143\141\143\145\162\164\056\157\162\147
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\003\012\101\212
-+END
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
deleted file mode 100644
index 29cda280cfde..000000000000
--- a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
+++ /dev/null
@@ -1,238 +0,0 @@
---- nss/config/Makefile
-+++ nss/config/Makefile
-@@ -0,0 +1,40 @@
-+CORE_DEPTH = ..
-+DEPTH = ..
-+
-+include $(CORE_DEPTH)/coreconf/config.mk
-+
-+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
-+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
-+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
-+PREFIX = /usr
-+
-+all: export libs
-+
-+export:
-+ # Create the nss.pc file
-+ mkdir -p $(DIST)/lib/pkgconfig
-+ sed -e "s,@prefix@,$(PREFIX)," \
-+ -e "s,@exec_prefix@,\$${prefix}," \
-+ -e "s,@libdir@,\$${prefix}/lib64," \
-+ -e "s,@includedir@,\$${prefix}/include/nss," \
-+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
-+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
-+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
-+ nss.pc.in > nss.pc
-+ chmod 0644 nss.pc
-+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
-+
-+ # Create the nss-config script
-+ mkdir -p $(DIST)/bin
-+ sed -e "s,@prefix@,$(PREFIX)," \
-+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
-+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
-+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
-+ nss-config.in > nss-config
-+ chmod 0755 nss-config
-+ ln -sf ../../../config/nss-config $(DIST)/bin
-+
-+libs:
-+
-+dummy: all export libs
-+
---- nss/config/nss-config.in
-+++ nss/config/nss-config.in
-@@ -0,0 +1,145 @@
-+#!/bin/sh
-+
-+prefix=@prefix@
-+
-+major_version=@NSS_MAJOR_VERSION@
-+minor_version=@NSS_MINOR_VERSION@
-+patch_version=@NSS_PATCH_VERSION@
-+
-+usage()
-+{
-+ cat <<EOF
-+Usage: nss-config [OPTIONS] [LIBRARIES]
-+Options:
-+ [--prefix[=DIR]]
-+ [--exec-prefix[=DIR]]
-+ [--includedir[=DIR]]
-+ [--libdir[=DIR]]
-+ [--version]
-+ [--libs]
-+ [--cflags]
-+Dynamic Libraries:
-+ nss
-+ ssl
-+ smime
-+ nssutil
-+EOF
-+ exit $1
-+}
-+
-+if test $# -eq 0; then
-+ usage 1 1>&2
-+fi
-+
-+lib_ssl=yes
-+lib_smime=yes
-+lib_nss=yes
-+lib_nssutil=yes
-+
-+while test $# -gt 0; do
-+ case "$1" in
-+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-+ *) optarg= ;;
-+ esac
-+
-+ case $1 in
-+ --prefix=*)
-+ prefix=$optarg
-+ ;;
-+ --prefix)
-+ echo_prefix=yes
-+ ;;
-+ --exec-prefix=*)
-+ exec_prefix=$optarg
-+ ;;
-+ --exec-prefix)
-+ echo_exec_prefix=yes
-+ ;;
-+ --includedir=*)
-+ includedir=$optarg
-+ ;;
-+ --includedir)
-+ echo_includedir=yes
-+ ;;
-+ --libdir=*)
-+ libdir=$optarg
-+ ;;
-+ --libdir)
-+ echo_libdir=yes
-+ ;;
-+ --version)
-+ echo ${major_version}.${minor_version}.${patch_version}
-+ ;;
-+ --cflags)
-+ echo_cflags=yes
-+ ;;
-+ --libs)
-+ echo_libs=yes
-+ ;;
-+ ssl)
-+ lib_ssl=yes
-+ ;;
-+ smime)
-+ lib_smime=yes
-+ ;;
-+ nss)
-+ lib_nss=yes
-+ ;;
-+ nssutil)
-+ lib_nssutil=yes
-+ ;;
-+ *)
-+ usage 1 1>&2
-+ ;;
-+ esac
-+ shift
-+done
-+
-+# Set variables that may be dependent upon other variables
-+if test -z "$exec_prefix"; then
-+ exec_prefix=`pkg-config --variable=exec_prefix nss`
-+fi
-+if test -z "$includedir"; then
-+ includedir=`pkg-config --variable=includedir nss`
-+fi
-+if test -z "$libdir"; then
-+ libdir=`pkg-config --variable=libdir nss`
-+fi
-+
-+if test "$echo_prefix" = "yes"; then
-+ echo $prefix
-+fi
-+
-+if test "$echo_exec_prefix" = "yes"; then
-+ echo $exec_prefix
-+fi
-+
-+if test "$echo_includedir" = "yes"; then
-+ echo $includedir
-+fi
-+
-+if test "$echo_libdir" = "yes"; then
-+ echo $libdir
-+fi
-+
-+if test "$echo_cflags" = "yes"; then
-+ echo -I$includedir
-+fi
-+
-+if test "$echo_libs" = "yes"; then
-+ libdirs=""
-+ if test -n "$lib_ssl"; then
-+ libdirs="$libdirs -lssl${major_version}"
-+ fi
-+ if test -n "$lib_smime"; then
-+ libdirs="$libdirs -lsmime${major_version}"
-+ fi
-+ if test -n "$lib_nss"; then
-+ libdirs="$libdirs -lnss${major_version}"
-+ fi
-+ if test -n "$lib_nssutil"; then
-+ libdirs="$libdirs -lnssutil${major_version}"
-+ fi
-+ echo $libdirs
-+fi
-+
---- nss/config/nss.pc.in
-+++ nss/config/nss.pc.in
-@@ -0,0 +1,12 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: NSS
-+Description: Network Security Services
-+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
-+Requires: nspr >= 4.8
-+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
-+Cflags: -I${includedir}
-+
---- nss/Makefile
-+++ nss/Makefile
-@@ -46,7 +46,7 @@
- # (7) Execute "local" rules. (OPTIONAL). #
- #######################################################################
-
--nss_build_all: build_nspr all
-+nss_build_all: all
-
- nss_clean_all: clobber_nspr clobber
-
-@@ -115,12 +115,6 @@
- --with-dist-prefix='$(NSPR_PREFIX)' \
- --with-dist-includedir='$(NSPR_PREFIX)/include'
-
--build_nspr: $(NSPR_CONFIG_STATUS)
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
--
--clobber_nspr: $(NSPR_CONFIG_STATUS)
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
--
- build_docs:
- $(MAKE) -C $(CORE_DEPTH)/doc
-
---- nss/manifest.mn
-+++ nss/manifest.mn
-@@ -10,4 +10,4 @@
-
- RELEASE = nss
-
--DIRS = coreconf lib cmd external_tests
-+DIRS = coreconf lib cmd config
diff --git a/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch b/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch
deleted file mode 100644
index 703df99c7645..000000000000
--- a/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/nss/lib/dbm/include/mcom_db.h
-+++ b/nss/lib/dbm/include/mcom_db.h
-@@ -110,11 +110,13 @@
- #endif /* !BYTE_ORDER */
- #endif /* __sun */
-
-+#ifndef BYTE_ORDER
- #if defined(__hpux) || defined(__hppa)
- #define BYTE_ORDER BIG_ENDIAN
- #define BIG_ENDIAN 4321
- #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
- #endif
-+#endif /* !BYTE_ORDER */
-
- #if defined(AIXV3) || defined(AIX)
- /* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
diff --git a/dev-libs/nss/files/nss-3.21-pem-werror.patch b/dev-libs/nss/files/nss-3.21-pem-werror.patch
deleted file mode 100644
index 5a984ae34217..000000000000
--- a/dev-libs/nss/files/nss-3.21-pem-werror.patch
+++ /dev/null
@@ -1,141 +0,0 @@
---- nss/lib/ckfw/pem/ckpem.h
-+++ nss/lib/ckfw/pem/ckpem.h
-@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
- };
- typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
-
-+/* NOTE: Discrepancy with the the way callers use of the return value as a count
-+ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
-+ */
- SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
- const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
- void pem_PopulateModulusExponent(pemInternalObject *io);
---- nss/lib/ckfw/pem/pinst.c
-+++ nss/lib/ckfw/pem/pinst.c
-@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
- char *ivstring = NULL;
- int cipher;
-
-- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
-+ /* TODO: Fix discrepancy between our usage of the return value as
-+ * as an int (a count) and the declaration as a SECStatus. */
-+ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
- if (nobjs <= 0) {
- nss_ZFreeIf(objs);
- return CKR_GENERAL_ERROR;
-@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
- if (keyfile) { /* add the private key */
- SECItem **keyobjs = NULL;
- int kobjs = 0;
-+ /* TODO: Fix discrepancy between our usage of the return value as
-+ * as an int and the declaration as a SECStatus. */
- kobjs =
-- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
-+ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
- &ivstring, PR_FALSE);
- if (kobjs < 1) {
- error = CKR_GENERAL_ERROR;
---- nss/lib/ckfw/pem/pobject.c
-+++ nss/lib/ckfw/pem/pobject.c
-@@ -630,6 +630,11 @@ pem_DestroyInternalObject
- if (io->u.key.ivstring)
- free(io->u.key.ivstring);
- break;
-+ case pemAll:
-+ /* pemAll is not used, keep the compiler happy
-+ * TODO: investigate a proper solution
-+ */
-+ return;
- }
-
- if (NULL != gobj)
-@@ -1044,7 +1049,9 @@ pem_CreateObject
- int nobjs = 0;
- int i;
- int objid;
-+#if 0
- pemToken *token;
-+#endif
- int cipher;
- char *ivstring = NULL;
- pemInternalObject *listObj = NULL;
-@@ -1073,7 +1080,9 @@ pem_CreateObject
- }
- slotID = nssCKFWSlot_GetSlotID(fwSlot);
-
-+#if 0
- token = (pemToken *) mdToken->etc;
-+#endif
-
- /*
- * only create keys and certs.
-@@ -1114,7 +1123,11 @@ pem_CreateObject
- }
-
- if (objClass == CKO_CERTIFICATE) {
-- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
-+ /* TODO: Fix discrepancy between our usage of the return value as
-+ * as an int and the declaration as a SECStatus. Typecasting as a
-+ * temporary workaround.
-+ */
-+ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
- if (nobjs < 1)
- goto loser;
-
---- nss/lib/ckfw/pem/rsawrapr.c
-+++ nss/lib/ckfw/pem/rsawrapr.c
-@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
- return 0;
- }
-
-+/* unused functions */
-+#if 0
- static SHA1Context *SHA1_CloneContext(SHA1Context * original)
- {
- SHA1Context *clone = NULL;
-@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
-
- return SECSuccess;
- }
-+#endif /* unused functions */
-
- /*
- * Format one block of data for public/private key encryption using
---- nss/lib/ckfw/pem/util.c
-+++ nss/lib/ckfw/pem/util.c
-@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
- return SECFailure;
- }
-
--int
-+/* FIX: Returns a SECStatus yet callers take result as a count */
-+SECStatus
- ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
- int *cipher, char **ivstring, PRBool certsonly)
- {
-@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
- goto loser;
- }
- if ((certsonly && !key) || (!certsonly && key)) {
-+ error = CKR_OK;
- PUT_Object(der, error);
-+ if (error != CKR_OK) {
-+ free(der);
-+ goto loser;
-+ }
- } else {
- free(der->data);
- free(der);
-@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
- }
-
- /* NOTE: This code path has never been tested. */
-+ error = CKR_OK;
- PUT_Object(der, error);
-+ if (error != CKR_OK) {
-+ free(der);
-+ goto loser;
-+ }
- }
-
- nss_ZFreeIf(filedata.data);
diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
deleted file mode 100644
index 3cc54a58a540..000000000000
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
- nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- # Custom changes for gentoo
- epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
- epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
-
- if use cacert ; then
- epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
- epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
- fi
- use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
- "${FILESDIR}/${PN}-3.21-pem-werror.patch"
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
deleted file mode 100644
index 3087247999d6..000000000000
--- a/dev-libs/nss/nss-3.23.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
- nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- "${FILESDIR}/${PN}-3.21-pem-werror.patch"
- )
- fi
-
- default
-
- if use cacert ; then
- eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
- eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
- fi
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.25-r1.ebuild b/dev-libs/nss/nss-3.25-r1.ebuild
deleted file mode 100644
index ede1f3ae60cb..000000000000
--- a/dev-libs/nss/nss-3.25-r1.ebuild
+++ /dev/null
@@ -1,339 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- "${FILESDIR}/${PN}-3.21-pem-werror.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-cacert-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.26.1.ebuild b/dev-libs/nss/nss-3.26.1.ebuild
deleted file mode 100644
index 3e9034ec663e..000000000000
--- a/dev-libs/nss/nss-3.26.1.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-cacert-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild
deleted file mode 100644
index c1ef5c7a708e..000000000000
--- a/dev-libs/nss/nss-3.27.2.ebuild
+++ /dev/null
@@ -1,339 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.h
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils="shlibsign"
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- nssutils="addbuiltin atob baddbdir btoa certcgi certutil
- cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
- nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
- pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
- symkeyutil tstclnt vfychain vfyserv"
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}