aboutsummaryrefslogtreecommitdiffstats
path: root/security/nss
diff options
context:
space:
mode:
authormarcus <marcus@FreeBSD.org>2005-07-31 08:06:49 +0800
committermarcus <marcus@FreeBSD.org>2005-07-31 08:06:49 +0800
commitd13697c0d3934d42e3078160b65bb64b3a098721 (patch)
treed2382dff3a44812f93127aaecc98eadb00cfe675 /security/nss
parent33e8a33c7a25cb01b27be733cdbd1014649d7a2d (diff)
downloadfreebsd-ports-gnome-d13697c0d3934d42e3078160b65bb64b3a098721.tar.gz
freebsd-ports-gnome-d13697c0d3934d42e3078160b65bb64b3a098721.tar.zst
freebsd-ports-gnome-d13697c0d3934d42e3078160b65bb64b3a098721.zip
* Update to 3.10 [1]
* Add a target for regression testing, and run that target automatically when building on the package build cluster [1] * Cleanup some portlint nits Submitted by: mi [1]
Diffstat (limited to 'security/nss')
-rw-r--r--security/nss/Makefile42
-rw-r--r--security/nss/distinfo4
-rw-r--r--security/nss/files/patch-certutil.c72
-rw-r--r--security/nss/files/patch-cmd::platlibs.mk56
-rw-r--r--security/nss/files/patch-const46
-rw-r--r--security/nss/files/patch-crlgen.c129
-rw-r--r--security/nss/files/patch-sysdb222
-rw-r--r--security/nss/files/patch-tests10
-rw-r--r--security/nss/files/patch-warnings352
-rw-r--r--security/nss/pkg-plist13
10 files changed, 916 insertions, 30 deletions
diff --git a/security/nss/Makefile b/security/nss/Makefile
index 390bc9ad726b..453de81237e4 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= nss
-PORTVERSION= 3.9.2
+PORTVERSION= 3.10
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
@@ -28,21 +28,45 @@ MAKE_ENV= BSD_LDOPTS="${PTHREAD_LIBS} -L${LOCALBASE}/lib" \
ALL_TARGET= nss_build_all
CFLAGS+= -I${LOCALBASE}/include/nspr
-DIST= ${WRKSRC}/../../dist
-
-CONFLICTS= btoa-5.* digest-* emboss-2.* oases-2.* p5-PAR-0.* \
- qmail-ldap2-*
+DIST= ${WRKSRC:H:H}/dist
+CONFLICTS= btoa-5.* digest-[0-9]* emboss-2.* oases-2.* p5-PAR-0.* \
+ qmail-ldap2-[0-9]*
.include <bsd.port.pre.mk>
-.if ${ARCH} == "alpha" && ${OSVERSION} < 500035
-IGNORE= "core dumps on alpha during build"
-.endif
+EXTERNALS= CVS dbm security/nss/cmd/zlib
+EXTRACT_AFTER_ARGS=| ${TAR} -xf - \
+ ${EXTERNALS:C,^,--exclude ${DISTNAME}/mozilla/,}
post-patch:
@${REINPLACE_CMD} -e "s|-pthread|${PTHREAD_LIBS}|g" \
- ${WRKSRC}/../../security/coreconf/FreeBSD.mk
+ ${WRKSRC:H:H}/security/coreconf/FreeBSD.mk
+
+BINS=${DIST}/${OPSYS}${OSREL}_OPT.OBJ
+
+test:
+ cd ${WRKSRC}/tests; \
+ ${SETENV} PATH="${BINS}/bin:${PATH}" \
+ LD_LIBRARY_PATH="${BINS}/lib" \
+ ./all.sh
+ @if ${GREP} -F '>Failed<' \
+ ${WRKSRC:H:H}/tests_results/security/*/results.html; then \
+ echo "Some tests have failed. Let ${MAINTAINER} know."; \
+ exit 1; \
+ else \
+ echo "All tests succeeded. Good news."; \
+ fi
+
+.if defined(PARALLEL_PACKAGE_BUILD)
+post-build: test
+.else
+post-build:
+ #
+ # Please, consider running ``make test'' now and fixing any problems
+ # and/or reporting them to ${MAINTAINER} . Thanks!
+ #
+.endif
do-install:
${MKDIR} ${PREFIX}/include/nss
diff --git a/security/nss/distinfo b/security/nss/distinfo
index 4ffd79a7f95d..42311b0ed2e0 100644
--- a/security/nss/distinfo
+++ b/security/nss/distinfo
@@ -1,2 +1,2 @@
-MD5 (nss-3.9.2.tar.gz) = c10b5100510dab1e3c94b76a4d7b1f23
-SIZE (nss-3.9.2.tar.gz) = 4734817
+MD5 (nss-3.10.tar.gz) = bd58f762f1b352910901f11823e67b97
+SIZE (nss-3.10.tar.gz) = 3622612
diff --git a/security/nss/files/patch-certutil.c b/security/nss/files/patch-certutil.c
new file mode 100644
index 000000000000..357ddaf78e79
--- /dev/null
+++ b/security/nss/files/patch-certutil.c
@@ -0,0 +1,72 @@
+--- cmd/certutil/certutil.c Fri Apr 22 22:12:00 2005
++++ cmd/certutil/certutil.c Fri Jul 22 02:02:20 2005
+@@ -131,3 +131,3 @@
+ fflush (stdout);
+- if (gets (buffer) == NULL) {
++ if (fgets(buffer, sizeof buffer, stdin) == NULL) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+@@ -206,3 +206,3 @@
+ puts (prompt);
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+ if (strlen (buffer) > 0) {
+@@ -1424,3 +1424,3 @@
+ fprintf(stdout, "%-25s Other to finish\n", "");
+- if (gets (buffer)) {
++ if (fgets(buffer, sizeof buffer, stdin)) {
+ value = atoi (buffer);
+@@ -1439,3 +1439,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+
+@@ -1580,3 +1580,3 @@
+
+- if (gets(buffer) == NULL) {
++ if (fgets(buffer, sizeof buffer, stdin) == NULL) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+@@ -1621,3 +1621,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+
+@@ -1650,3 +1650,3 @@
+ fprintf(stdout, "%-25s Other to finish\n", "");
+- if (gets (buffer) == NULL) {
++ if (fgets(buffer, sizeof buffer, stdin) == NULL) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+@@ -1664,3 +1664,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+
+@@ -1769,3 +1769,3 @@
+ puts ("Is this a CA certificate [y/n]?");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+ basicConstraint.isCA = (buffer[0] == 'Y' || buffer[0] == 'y') ?
+@@ -1774,3 +1774,3 @@
+ puts ("Enter the path length constraint, enter to skip [<0 for unlimited path]:");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+ if (PORT_Strlen (buffer) > 0)
+@@ -1784,3 +1784,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+ rv = CERT_AddExtension
+@@ -1908,3 +1908,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+
+@@ -1963,3 +1963,3 @@
+ fflush (stdout);
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+ /* For simplicity, use CERT_AsciiToName to converse from a string
+@@ -2031,3 +2031,3 @@
+ puts ("Is this a critical extension [y/n]? ");
+- gets (buffer);
++ fgets(buffer, sizeof buffer, stdin);
+
diff --git a/security/nss/files/patch-cmd::platlibs.mk b/security/nss/files/patch-cmd::platlibs.mk
index a448196741ae..73d609023faa 100644
--- a/security/nss/files/patch-cmd::platlibs.mk
+++ b/security/nss/files/patch-cmd::platlibs.mk
@@ -1,13 +1,51 @@
$FreeBSD$
---- cmd/platlibs.mk 2002/08/08 18:13:37 1.1
-+++ cmd/platlibs.mk 2002/08/08 18:14:06
-@@ -186,6 +186,7 @@
- -L$(DIST)/lib/ \
- -lssl3 \
- -lsmime3 \
-+ -lsoftokn3 \
- -lnss3 \
- -lplc4 \
+--- cmd/platlibs.mk Wed Apr 6 17:35:41 2005
++++ cmd/platlibs.mk Wed Jul 27 22:22:59 2005
+@@ -72,5 +72,4 @@
+ $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+@@ -85,5 +84,4 @@
+
+ JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \
+ $(NULL)
+ else
+@@ -120,5 +118,4 @@
+ $(CRYPTOLIB) \
+ $(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
+ $(NULL)
+
+@@ -141,4 +138,5 @@
-lplds4 \
+ -lnspr4 \
++ -lz \
+ $(NULL)
+ endif
+@@ -146,5 +144,4 @@
+
+ JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \
+ $(NULL)
+
+@@ -171,5 +168,4 @@
+
+ JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \
+ $(NULL)
+ else
+@@ -226,8 +222,8 @@
+ -lplds4 \
+ -lnspr4 \
++ -lz \
+ $(NULL)
+
+ JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX) \
+ $(NULL)
+ endif
diff --git a/security/nss/files/patch-const b/security/nss/files/patch-const
new file mode 100644
index 000000000000..de5fae9f6601
--- /dev/null
+++ b/security/nss/files/patch-const
@@ -0,0 +1,46 @@
+--- cmd/modutil/modutil.h Sun Apr 25 11:02:47 2004
++++ cmd/modutil/modutil.h Fri Jul 22 17:35:20 2005
+@@ -53,6 +53,6 @@
+ #include "error.h"
+
+-Error FipsMode(char *arg);
+-Error ChkFipsMode(char *arg);
++Error FipsMode(const char *arg);
++Error ChkFipsMode(const char *arg);
+ Error AddModule(char *moduleName, char *libFile, char *ciphers,
+ char *mechanisms, char* modparms);
+--- cmd/modutil/pk11.c Sun Apr 25 11:02:47 2004
++++ cmd/modutil/pk11.c Fri Jul 22 17:36:48 2005
+@@ -53,5 +53,5 @@
+ */
+ Error
+-FipsMode(char *arg)
++FipsMode(const char *arg)
+ {
+ char *internal_name;
+@@ -62,14 +62,16 @@
+ SECMOD_GetInternalModule()->commonName);
+ if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
++ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
+ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+- PR_smprintf_free(internal_name);
+ if (!PK11_IsFIPS()) {
++ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
++ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
++ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+ } else {
+@@ -112,5 +114,5 @@
+ */
+ Error
+-ChkFipsMode(char *arg)
++ChkFipsMode(const char *arg)
+ {
+ if(!PORT_Strcasecmp(arg, "true")) {
diff --git a/security/nss/files/patch-crlgen.c b/security/nss/files/patch-crlgen.c
new file mode 100644
index 000000000000..119ea98e8465
--- /dev/null
+++ b/security/nss/files/patch-crlgen.c
@@ -0,0 +1,129 @@
+--- cmd/crlutil/crlgen.c Mon Apr 11 22:24:14 2005
++++ cmd/crlutil/crlgen.c Fri Jul 29 01:50:48 2005
+@@ -53,46 +53,4 @@
+ #include "crlgen.h"
+
+-
+-/* these reroutines were taken from secitem.c, which is supposed to
+- * replace this file some day */
+-/*
+- * This is the hash function. We simply XOR the encoded form with
+- * itself in sizeof(PLHashNumber)-byte chunks. Improving this
+- * routine is left as an excercise for the more mathematically
+- * inclined student.
+- */
+-PLHashNumber PR_CALLBACK
+-SECITEM_Hash ( const void *key)
+-{
+- const SECItem *item = (const SECItem *)key;
+- PLHashNumber rv = 0;
+-
+- PRUint8 *data = (PRUint8 *)item->data;
+- PRUint32 i;
+- PRUint8 *rvc = (PRUint8 *)&rv;
+-
+- for( i = 0; i < item->len; i++ ) {
+- rvc[ i % sizeof(rv) ] ^= *data;
+- data++;
+- }
+-
+- return rv;
+-}
+-
+-/*
+- * This is the key-compare function. It simply does a lexical
+- * comparison on the item data. This does not result in
+- * quite the same ordering as the "sequence of numbers" order,
+- * but heck it's only used internally by the hash table anyway.
+- */
+-PRIntn PR_CALLBACK
+-SECITEM_HashCompare ( const void *k1, const void *k2)
+-{
+- const SECItem *i1 = (const SECItem *)k1;
+- const SECItem *i2 = (const SECItem *)k2;
+-
+- return SECITEM_ItemsAreEqual(i1,i2);
+-}
+-
+ /* Destroys extHandle and data. data was create on heap.
+ * extHandle creaded by CERT_StartCRLEntryExtensions. entry
+@@ -513,5 +471,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "AddIssuerAltNames: insufficient number of arguments.\n");
+ return SECFailure;
+ }
+@@ -575,5 +533,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "AddCrlNumber: insufficient number of arguments.\n");
+ goto loser;
+ }
+@@ -725,5 +683,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "%s: insufficient number of arguments.\n", extName);
+ }
+
+@@ -923,5 +881,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "SetNewRangeField: insufficient number of arguments.\n");
+ return SECFailure;
+ }
+@@ -988,5 +946,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "SetTimeField: insufficient number of arguments.\n");
+ return SECFailure;
+ }
+@@ -1024,5 +982,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "AddExtension: insufficient number of arguments.\n");
+ return SECFailure;
+ }
+@@ -1042,5 +1000,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "AddExtension(%s) insufficient number of arguments.\n", *extData);
+ return SECFailure;
+ }
+@@ -1078,5 +1036,5 @@
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+- "insufficient number of arguments.\n");
++ "AddCert(%s, %s) insufficient number of arguments.\n", certId, revocationDate);
+ return SECFailure;
+ }
+@@ -1362,12 +1362,12 @@
+ }
+
+ if (extStr->extData == NULL) {
+- extStr->extData = PORT_ZAlloc(MAX_EXT_DATA_LENGTH);
++ extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH);
+ if (!extStr->extData) {
+ return SECFailure;
+ }
+ }
+- if (extStr->nextUpdatedData > MAX_EXT_DATA_LENGTH) {
++ if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "number of fields in extension "
+@@ -1415,7 +1415,7 @@
+ PORT_Free(crlGenData->certEntry);
+ break;
+ case CRLGEN_ADD_EXTENSION_CONTEXT:
+- if (crlGenData->extensionEntry->nextUpdatedData) {
++ if (crlGenData->extensionEntry->extData) {
+ int i = 0;
+ for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
+ PORT_Free(*(crlGenData->extensionEntry->extData + i));
diff --git a/security/nss/files/patch-sysdb b/security/nss/files/patch-sysdb
new file mode 100644
index 000000000000..ec8d9acc7d7a
--- /dev/null
+++ b/security/nss/files/patch-sysdb
@@ -0,0 +1,222 @@
+This patches NSS' code to use the Operating System's standard <db.h> header
+and the db-implementation from -lc. Seems to work on FreeBSD.
+
+ -mi
+
+--- lib/softoken/cdbhdl.h Sun Apr 25 11:03:16 2004
++++ lib/softoken/cdbhdl.h Fri Jul 22 00:25:16 2005
+@@ -43,6 +43,6 @@
+ #define _CDBHDL_H_
+
+-#include "nspr.h"
+-#include "mcom_db.h"
++#include <nspr.h>
++#include <db.h>
+ #include "pcertt.h"
+
+--- lib/softoken/dbinit.c Tue Mar 29 13:21:18 2005
++++ lib/softoken/dbinit.c Fri Jul 22 00:33:35 2005
+@@ -40,4 +40,5 @@
+
+ #include <ctype.h>
++#include <fcntl.h>
+ #include "seccomon.h"
+ #include "prinit.h"
+--- lib/softoken/dbmshim.c Tue Mar 29 13:21:18 2005
++++ lib/softoken/dbmshim.c Fri Jul 22 00:35:33 2005
+@@ -40,5 +40,6 @@
+ * $Id: dbmshim.c,v 1.11 2005/03/29 18:21:18 nelsonb%netscape.com Exp $
+ */
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "secitem.h"
+ #include "secder.h"
+--- lib/softoken/keydb.c Fri Jun 4 20:50:32 2004
++++ lib/softoken/keydb.c Fri Jul 22 00:37:01 2005
+@@ -46,5 +46,6 @@
+ #include "secitem.h"
+ #include "pcert.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "lowpbe.h"
+ #include "secerr.h"
+--- lib/softoken/pcertdb.c Tue Mar 29 13:21:18 2005
++++ lib/softoken/pcertdb.c Fri Jul 22 00:40:00 2005
+@@ -44,5 +44,6 @@
+ #include "lowkeyti.h"
+ #include "pcert.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "pcert.h"
+ #include "secitem.h"
+--- lib/softoken/pk11db.c Fri Apr 1 19:46:13 2005
++++ lib/softoken/pk11db.c Fri Jul 22 00:42:01 2005
+@@ -42,5 +42,6 @@
+ #include "pk11pars.h"
+ #include "pkcs11i.h"
+-#include "mcom_db.h"
++#include <db.h>
++#include <fcntl.h>
+ #include "cdbhdl.h"
+ #include "secerr.h"
+--- lib/softoken/keydbi.h Tue Apr 27 19:04:38 2004
++++ lib/softoken/keydbi.h Fri Jul 22 00:43:24 2005
+@@ -42,7 +42,7 @@
+ #define _KEYDBI_H_
+
+-#include "nspr.h"
++#include <nspr.h>
+ #include "seccomon.h"
+-#include "mcom_db.h"
++#include <db.h>
+
+ /*
+--- lib/softoken/config.mk Mon May 24 20:13:11 2004
++++ lib/softoken/config.mk Fri Jul 22 00:55:20 2005
+@@ -47,5 +47,4 @@
+ $(CRYPTOLIB) \
+ $(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
+- $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
+ $(NULL)
+
+--- lib/certdb/certdb.c Sat Mar 5 03:03:03 2005
++++ lib/certdb/certdb.c Fri Jul 22 01:02:11 2005
+@@ -53,5 +53,4 @@
+ #include "keyhi.h"
+ #include "secitem.h"
+-#include "mcom_db.h"
+ #include "certdb.h"
+ #include "prprf.h"
+--- lib/certdb/genname.c Sun Apr 25 11:03:03 2004
++++ lib/certdb/genname.c Fri Jul 22 01:02:59 2005
+@@ -39,5 +39,4 @@
+ #include "secitem.h"
+ #include "secoidt.h"
+-#include "mcom_db.h"
+ #include "secasn1.h"
+ #include "secder.h"
+--- lib/certdb/stanpcertdb.c Thu Dec 2 16:34:15 2004
++++ lib/certdb/stanpcertdb.c Fri Jul 22 01:03:19 2005
+@@ -38,5 +38,4 @@
+
+ #include "cert.h"
+-#include "mcom_db.h"
+ #include "certdb.h"
+ #include "secitem.h"
+--- lib/certdb/xauthkid.c Sun Apr 25 11:03:03 2004
++++ lib/certdb/xauthkid.c Fri Jul 22 01:03:54 2005
+@@ -40,6 +40,5 @@
+ */
+
+-#include "prtypes.h"
+-#include "mcom_db.h"
++#include <prtypes.h>
+ #include "seccomon.h"
+ #include "secdert.h"
+--- lib/certdb/xbsconst.c Sun Apr 25 11:03:03 2004
++++ lib/certdb/xbsconst.c Fri Jul 22 01:05:41 2005
+@@ -39,6 +39,6 @@
+ */
+
+-#include "prtypes.h"
+-#include "mcom_db.h"
++#include <limits.h> /* LONG_MAX */
++#include <prtypes.h>
+ #include "seccomon.h"
+ #include "secdert.h"
+@@ -48,5 +48,5 @@
+ #include "certt.h"
+ #include "secder.h"
+-#include "prprf.h"
++#include <prprf.h>
+ #include "secerr.h"
+
+--- lib/certdb/xconst.c Tue Nov 9 01:13:32 2004
++++ lib/certdb/xconst.c Fri Jul 22 01:06:20 2005
+@@ -39,6 +39,5 @@
+ */
+
+-#include "prtypes.h"
+-#include "mcom_db.h"
++#include <prtypes.h>
+ #include "seccomon.h"
+ #include "secdert.h"
+@@ -48,5 +47,5 @@
+ #include "cert.h"
+ #include "secder.h"
+-#include "prprf.h"
++#include <prprf.h>
+ #include "xconst.h"
+ #include "genname.h"
+--- lib/ckfw/dbm/ckdbm.h Wed Jan 19 21:25:47 2005
++++ lib/ckfw/dbm/ckdbm.h Fri Jul 22 01:06:58 2005
+@@ -57,5 +57,5 @@
+ #endif /* CKT_H */
+
+-#include "mcom_db.h"
++#include <db.h>
+
+ NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
+--- lib/fortcrypt/swfort/swfortti.h Sun Apr 25 11:03:07 2004
++++ lib/fortcrypt/swfort/swfortti.h Fri Jul 22 01:07:34 2005
+@@ -45,5 +45,5 @@
+ #include "maci.h"
+ #include "seccomon.h"
+-#include "mcom_db.h" /* really should be included by certt.h */
++#include <db.h> /* really should be included by certt.h */
+ #include "certt.h"
+ /*#include "keyt.h"*/
+--- lib/freebl/mac_rand.c Sun Apr 25 11:03:08 2004
++++ lib/freebl/mac_rand.c Fri Jul 22 01:08:19 2005
+@@ -40,5 +40,4 @@
+ #endif
+ #include "secrng.h"
+-#include "mcom_db.h"
+ #ifdef XP_MAC
+ #include <Events.h>
+--- lib/pk11wrap/secmodi.h Mon Mar 28 15:45:37 2005
++++ lib/pk11wrap/secmodi.h Fri Jul 22 01:08:47 2005
+@@ -42,5 +42,5 @@
+ #include "pkcs11.h"
+ #include "nssilock.h"
+-#include "mcom_db.h"
++#include <db.h>
+ #include "secoidt.h"
+ #include "secdert.h"
+--- lib/fortcrypt/swfort/swflib.c Sun Apr 25 11:03:07 2004
++++ lib/fortcrypt/swfort/swflib.c Fri Jul 22 01:11:20 2005
+@@ -43,6 +43,7 @@
+ */
+
+-#include "prtypes.h"
+-#include "prio.h"
++#include <fcntl.h>
++#include <prtypes.h>
++#include <prio.h>
+
+ #include "swforti.h"
+--- lib/fortcrypt/swfort/swfutl.c Sun Apr 25 11:03:07 2004
++++ lib/fortcrypt/swfort/swfutl.c Fri Jul 22 01:14:05 2005
+@@ -38,7 +38,7 @@
+ */
+
+-#include "prtypes.h"
+-#include "prsystem.h"
+-#include "prio.h"
++#include <prtypes.h>
++#include <prsystem.h>
++#include <prio.h>
+
+ #include "swforti.h"
+@@ -48,7 +48,6 @@
+ #include "secport.h"
+ #include "secrng.h"
+-#ifdef XP_OS2
++#include <sys/types.h>
+ #include <sys/stat.h>
+-#endif
+
+ #ifdef XP_WIN
diff --git a/security/nss/files/patch-tests b/security/nss/files/patch-tests
new file mode 100644
index 000000000000..2ff07f35a788
--- /dev/null
+++ b/security/nss/files/patch-tests
@@ -0,0 +1,10 @@
+--- tests/common/init.sh Mon Apr 11 22:24:17 2005
++++ tests/common/init.sh Fri Jul 22 16:55:36 2005
+@@ -197,5 +197,6 @@
+ case $HOST in
+ *\.*)
+- HOST=`echo $HOST | sed -e "s/\..*//"`
++ DOMSUF=${HOST#*.} # remove Smallest Prefix matching ``*.''
++ HOST=${HOST%%.*} # remove Largest Suffix ``.*''. See sh(1)
+ ;;
+ ?*)
diff --git a/security/nss/files/patch-warnings b/security/nss/files/patch-warnings
new file mode 100644
index 000000000000..269fecdfb230
--- /dev/null
+++ b/security/nss/files/patch-warnings
@@ -0,0 +1,352 @@
+--- lib/freebl/unix_rand.c Wed Dec 8 18:00:19 2004
++++ lib/freebl/unix_rand.c Mon Jul 25 00:26:00 2005
+@@ -783,7 +783,7 @@
+ char *randfile;
+ #ifdef DARWIN
+- char **environ = *_NSGetEnviron();
++ const char * const *environ = *_NSGetEnviron();
+ #else
+- extern char **environ;
++ extern const char * const *environ;
+ #endif
+ #ifdef BEOS
+--- lib/pk11wrap/pk11obj.c Sun Feb 27 10:25:46 2005
++++ lib/pk11wrap/pk11obj.c Wed Jul 27 22:03:16 2005
+@@ -1075,6 +1075,6 @@
+ * for (thisObj=firstObj; thisObj;
+ * thisObj=PK11_GetNextGenericObject(thisObj)) {
+- * /* operate on thisObj */
+-/* }
++ * operate on thisObj
++ * }
+ *
+ * If you want a particular object from the list...
+@@ -1084,6 +1084,6 @@
+ * if (isMyObj(thisObj)) {
+ * if ( thisObj == firstObj) {
+- * /* NOTE: firstObj could be NULL at this point */
+-/* firstObj = PK11_GetNextGenericObject(thsObj);
++ * // NOTE: firstObj could be NULL at this point
++ * firstObj = PK11_GetNextGenericObject(thsObj);
+ * }
+ * PK11_UnlinkGenericObject(thisObj);
+@@ -1094,6 +1094,6 @@
+ * PK11_DestroyGenericObjects(firstObj);
+ *
+- * /* use myObj */
+-/* PK11_DestroyGenericObject(myObj);
++ * use myObj
++ * PK11_DestroyGenericObject(myObj);
+ */
+ PK11GenericObject *
+@@ -1130,5 +1130,5 @@
+
+ /* link it in */
+- if (firstObj == NULL) {
++ if (i == 0) {
+ firstObj = obj;
+ } else {
+@@ -1248,5 +1248,5 @@
+ CK_ATTRIBUTE_TYPE attrType, SECItem *item)
+ {
+- PK11SlotInfo *slot = NULL;
++ PK11SlotInfo *slot;
+ CK_OBJECT_HANDLE handle;
+
+@@ -1270,7 +1270,4 @@
+ case PK11_TypeCert: /* don't handle cert case for now */
+ default:
+- break;
+- }
+- if (slot == NULL) {
+ PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+ return SECFailure;
+--- lib/pk11wrap/pk11util.c Sat Apr 2 01:02:53 2005
++++ lib/pk11wrap/pk11util.c Wed Jul 27 22:07:54 2005
+@@ -862,5 +862,5 @@
+ int i, oldCount;
+ PRBool freeRef = PR_FALSE;
+- void *mark;
++ void *mark = NULL;
+ CK_ULONG *slotIDs = NULL;
+ PK11SlotInfo **newSlots = NULL;
+--- cmd/certcgi/certcgi.c Sat Apr 2 00:24:07 2005
++++ cmd/certcgi/certcgi.c Wed Jul 27 22:01:50 2005
+@@ -112,5 +112,5 @@
+
+ static char *
+-make_copy_string(char *read_pos,
++make_copy_string(const char *read_pos,
+ int length,
+ char sentinal_value)
+@@ -122,5 +122,5 @@
+ char *new;
+
+- new = write_pos = (char *) PORT_Alloc (length);
++ new = write_pos = PORT_Alloc (length);
+ if (new == NULL) {
+ error_allocate();
+@@ -145,5 +145,4 @@
+ }
+
+-
+ static SECStatus
+ clean_input(Pair *data)
+@@ -217,5 +216,5 @@
+
+ static char *
+-make_name(char *new_data)
++make_name(const char *new_data)
+ /* gets the next field name in the input string and returns
+ a pointer to a string containing a copy of it */
+@@ -229,11 +228,10 @@
+
+ static char *
+-make_data(char *new_data)
++make_data(const char *new_data)
+ /* gets the data for the next field in the input string
+ and returns a pointer to a string containing it */
+ {
+ int length = 100;
+- char *data;
+- char *read_pos;
++ const char *read_pos;
+
+ read_pos = new_data;
+@@ -241,11 +239,10 @@
+ ++read_pos;
+ }
+- data = make_copy_string(read_pos, length, '&');
+- return data;
++ return make_copy_string(read_pos, length, '&');
+ }
+
+
+ static Pair
+-make_pair(char *new_data)
++make_pair(const char *new_data)
+ /* makes a pair name/data pair from the input string */
+ {
+@@ -298,77 +295,46 @@
+ }
+
+-static char *
+-return_name(Pair *data_struct,
++#ifdef FILEOUT /* The two functions below are only used for FILEOUT */
++static const char *
++return_name(const Pair *data_struct,
+ int n)
+ /* returns a pointer to the name of the nth
+ (starting from 0) item in the data structure */
+ {
+- char *name;
+
+- if ((data_struct + n)->name != NULL) {
+- name = (data_struct + n)->name;
+- return name;
+- } else {
+- return NULL;
+- }
++ return data_struct[n].name;
+ }
+
+-static char *
+-return_data(Pair *data_struct,int n)
++static const char *
++return_data(const Pair *data_struct, int n)
+ /* returns a pointer to the data of the nth (starting from 0)
+ itme in the data structure */
+ {
+- char *data;
+
+- data = (data_struct + n)->data;
+- return data;
++ return data_struct[n].data;
+ }
+-
+-
+-static char *
+-add_prefix(char *field_name)
+-{
+- extern char prefix[PREFIX_LEN];
+- int i = 0;
+- char *rv;
+- char *write;
+-
+- rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1);
+- for(i = 0; i < PORT_Strlen(prefix); i++) {
+- *write = prefix[i];
+- write++;
+- }
+- *write = '\0';
+- rv = PORT_Strcat(rv,field_name);
+- return rv;
+-}
+-
++#endif
+
+ static char *
+ find_field(Pair *data,
+- char *field_name,
++ const char *field_name,
+ PRBool add_pre)
+ /* returns a pointer to the data of the first pair
+ thats name matches the string it is passed */
+ {
+- int i = 0;
+- char *retrieved;
+- int found = 0;
+-
+- if (add_pre) {
+- field_name = add_prefix(field_name);
+- }
+- while(return_name(data, i) != NULL) {
+- if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+- retrieved = return_data(data, i);
+- found = 1;
+- break;
+- }
+- i++;
+- }
+- if (!found) {
+- retrieved = NULL;
++ extern char prefix[PREFIX_LEN];
++ size_t plen;
++
++ plen = add_pre ? PORT_Strlen(prefix) : 0;
++
++ for (; data->name != NULL; data++) {
++ /* See if the name begins with the prefix, if any */
++ if (plen > 0 && PORT_Memcmp(data->name, prefix, plen) != 0)
++ continue;
++ if (PORT_Strcmp(data->name + plen, field_name) == 0)
++ return data->data;
+ }
+- return retrieved;
++
++ return NULL;
+ }
+
+@@ -389,79 +355,4 @@
+ }
+
+-static char *
+-update_data_by_name(Pair *data,
+- char *field_name,
+- char *new_data)
+- /* replaces the data in the data structure associated with
+- a name with new data, returns null if not found */
+-{
+- int i = 0;
+- int found = 0;
+- int length = 100;
+- char *new;
+-
+- while (return_name(data, i) != NULL) {
+- if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+- new = make_copy_string( new_data, length, '\0');
+- PORT_Free(return_data(data, i));
+- found = 1;
+- (*(data + i)).data = new;
+- break;
+- }
+- i++;
+- }
+- if (!found) {
+- new = NULL;
+- }
+- return new;
+-}
+-
+-static char *
+-update_data_by_index(Pair *data,
+- int n,
+- char *new_data)
+- /* replaces the data of a particular index in the data structure */
+-{
+- int length = 100;
+- char *new;
+-
+- new = make_copy_string(new_data, length, '\0');
+- PORT_Free(return_data(data, n));
+- (*(data + n)).data = new;
+- return new;
+-}
+-
+-
+-static Pair *
+-add_field(Pair *data,
+- char* field_name,
+- char* field_data)
+- /* adds a new name/data pair to the data structure */
+-{
+- int i = 0;
+- int j;
+- int name_length = 100;
+- int data_length = 100;
+-
+- while(return_name(data, i) != NULL) {
+- i++;
+- }
+- j = START_FIELDS;
+- while ( j < (i + 1) ) {
+- j = j * 2;
+- }
+- if (j == (i + 1)) {
+- data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair));
+- if (data == NULL) {
+- error_allocate();
+- }
+- }
+- (*(data + i)).name = make_copy_string(field_name, name_length, '\0');
+- (*(data + i)).data = make_copy_string(field_data, data_length, '\0');
+- (data + i + 1)->name = NULL;
+- return data;
+-}
+-
+-
+ static CERTCertificateRequest *
+ makeCertReq(Pair *form_data,
+@@ -620,10 +511,10 @@
+ serialFile = fopen(filename, "r");
+ if (serialFile != NULL) {
+- fread(&serial, sizeof(int), 1, serialFile);
++ fread(&serial, sizeof(serial), 1, serialFile);
+ if (ferror(serialFile) != 0) {
+ error_out("Error: Unable to read serial number file");
+ }
+- if (serial == 4294967295) {
+- serial = 21;
++ if (serial == 4294967295U) {
++ serial = 21U;
+ }
+ fclose(serialFile);
+@@ -633,5 +524,5 @@
+ error_out("ERROR: Unable to open serial number file for writing");
+ }
+- fwrite(&serial, sizeof(int), 1, serialFile);
++ fwrite(&serial, sizeof(serial), 1, serialFile);
+ if (ferror(serialFile) != 0) {
+ error_out("Error: Unable to write to serial number file");
+@@ -643,6 +534,6 @@
+ error_out("ERROR: Unable to open serial number file");
+ }
+- serial = 21;
+- fwrite(&serial, sizeof(int), 1, serialFile);
++ serial = 21U;
++ fwrite(&serial, sizeof(serial), 1, serialFile);
+ if (ferror(serialFile) != 0) {
+ error_out("Error: Unable to write to serial number file");
+@@ -672,6 +563,4 @@
+ return serial;
+ }
+-
+-
+
+ typedef SECStatus (* EXTEN_VALUE_ENCODER)
+@@ -1396,5 +1285,4 @@
+ int j = 0;
+ SECItem *ipaddress;
+-
+
+ while (*string == ' ') {
diff --git a/security/nss/pkg-plist b/security/nss/pkg-plist
index ba559250fabe..82d820690ed9 100644
--- a/security/nss/pkg-plist
+++ b/security/nss/pkg-plist
@@ -1,4 +1,5 @@
bin/atob
+bin/addbuiltin
bin/bltest
bin/btoa
bin/certcgi
@@ -36,11 +37,6 @@ bin/symkeyutil
bin/tstclnt
bin/vfychain
bin/vfyserv
-include/nss/dbm/cdefs.h
-include/nss/dbm/mcom_db.h
-include/nss/dbm/ncompat.h
-include/nss/dbm/nsres.h
-include/nss/dbm/winfile.h
include/nss/nss/base64.h
include/nss/nss/blapit.h
include/nss/nss/cert.h
@@ -92,6 +88,8 @@ include/nss/nss/p12plcy.h
include/nss/nss/p12t.h
include/nss/nss/pk11func.h
include/nss/nss/pk11pqg.h
+include/nss/nss/pk11priv.h
+include/nss/nss/pk11pub.h
include/nss/nss/pk11sdr.h
include/nss/nss/pkcs11.h
include/nss/nss/pkcs11f.h
@@ -131,9 +129,6 @@ include/nss/nss/sslt.h
include/nss/nss/swfort.h
include/nss/nss/swfortt.h
include/nss/nss/watcomfx.h
-include/nss/seccmd/secutil.h
-include/nss/seccmd/zconf.h
-include/nss/seccmd/zlib.h
lib/libfort.so
lib/libfort.so.1
lib/libnss3.so
@@ -148,7 +143,5 @@ lib/libssl3.so
lib/libssl3.so.1
lib/libswft.so
lib/libswft.so.1
-@dirrm include/nss/seccmd
@dirrm include/nss/nss
-@dirrm include/nss/dbm
@dirrm include/nss