From b75c860fac9c0fc354c79a0bca4a61ab0156daf3 Mon Sep 17 00:00:00 2001 From: Lucian Cristian Date: Sat, 6 Apr 2019 15:08:47 +0300 Subject: [PATCH] nss: add nss-tools Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Signed-off-by: Lucian Cristian --- libs/nss/Makefile | 138 ++++++++++++ libs/nss/files/blank-cert9.db | Bin 0 -> 28672 bytes libs/nss/files/blank-key4.db | Bin 0 -> 36864 bytes libs/nss/files/system-pkcs11.txt | 5 + libs/nss/patches/001-nss_standalone.patch | 247 ++++++++++++++++++++++ libs/nss/patches/002-os_test.patch | 18 ++ libs/nss/patches/003-openwrt_fix.patch | 86 ++++++++ 7 files changed, 494 insertions(+) create mode 100644 libs/nss/Makefile create mode 100644 libs/nss/files/blank-cert9.db create mode 100644 libs/nss/files/blank-key4.db create mode 100644 libs/nss/files/system-pkcs11.txt create mode 100644 libs/nss/patches/001-nss_standalone.patch create mode 100644 libs/nss/patches/002-os_test.patch create mode 100644 libs/nss/patches/003-openwrt_fix.patch diff --git a/libs/nss/Makefile b/libs/nss/Makefile new file mode 100644 index 000000000..724af3893 --- /dev/null +++ b/libs/nss/Makefile @@ -0,0 +1,138 @@ +# +# Copyright (C) 2019 Lucian Cristian +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +include $(TOPDIR)/rules.mk + +PKG_NAME:=nss +PKG_VERSION:=3.43 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Lucian Cristian +PKG_LICENCE:=MPL-2.0 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:= \ + https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \ + https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src +PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca + +PKG_BUILD_PARALLEL:=0 + +include $(INCLUDE_DIR)/package.mk + +define Package/libnss + SECTION:=libs + SUBMENU:=SSL + CATEGORY:=Libraries + TITLE:=Mozilla's SSL and TLS implementation + URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS + DEPENDS:=+libpthread +librt +libsqlite3 +nspr +endef + +define Package/nss-utils + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Utilities for Mozilla's SSL and TLS implementation + URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS + DEPENDS:=+libnss +endef + +define Package/libnss/description + Network Security Services (NSS) is a set of libraries designed to support + cross-platform development of security-enabled client and server applications. + Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, + PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards. +endef + +CONFIGURE_PATH = ./nss +MAKE_PATH = ./nss + +LBITS = $(shell $(TARGET_CC) -dM -E - *&F{wuccN{o(-@&vF*Mi2=rvIMnr}O+nF`U&7>vtSn_P&Rbs?}Ky8c(Wy zjHlCiaZ{VD-7zVX_dOET`quV08qKEvy)(=5Nl};AV#WCkI{QcIZ4Tp+IO%uabo%Gw zb$Tw&dfn5rlx8?M?!7wd9t=ch|F}PRE;4CfWnXPyLz+9NM^RTo&4ii>H)%)`Qiv$T z6m}^j6xtLr3b_q!wvuIJM@b$^mh+H{l4PSK`6x+7N|KY3WThl|DM@BZ4k^0jmFr_? zU21mL?5x>Yv$JMr&CZ&g4ObbiGF)Z2%5YW8*_g92XJgLBWtKf-_T1%>%ttXG%{$eS zYBldv^J+tBAFZg{N%A#3+VE(@qivFhlmlr@$fQC^bB9bSWKto|8uF|mf0u}BBX*0} zE#lf?5t-0LWa%XNI!POIl4fv{w&*17(@6s8BvC9SLveCZ#&}%sqAae;;>B{Ttd?VC zwHzy}THeW0!r{#>I zOpbCUp3t|IjGe}YCgyXi+by*cG}5N;l|Le%C-z2vk2!H?xfB*=900@8p2!H?xfB*HU&&_aBAa~B@8(POer3jZPkcWy z`P|6mo5q3cmM!kM!TvAiVe%S-c% z3-wjeY^*HS>WyPU|Gc`cqBpzpe$Fb^OQzAi(h0xnU+wA6R-dC=2)>@Ht*E=lBEG@m5HOG%a-ncl?zv!TW+o%6M@t(ecb|EzZ|N02klX` zt4bfM^s&kxX-L(j#-qlk<~TJ~YG$bksA=nFmZN0Ua-yURC8Og|ijowgB;_bcK}u4R zk`$#RWhqHvO0H2GFE3gjC)-iY$u=k3oNRNl&B-<=+nnt1EQe<~Jj>x(4$tzr*XLfJ zdwuTpqh8MRIrBJ=WFN&qHlL|2X|By@YV&GcsW)5E?zp5}heta++Tqc3%$tZD|PGg>UZ#vCSrupe|beSwim&tN;nJh<_Nv)fW)#XdMbkER%^-c=%+OriWV--Ir z@Ap?=`e(JJ(t1RHN6FE5l?iI5sKEvS2tWV=5P$##AOHafKmY;|fWWW{c#d009U<00Izz00bZa0SG_<0uUH}0X+W?|24)L zLI45~fB*y_009U<00Izz00ij&|2HRpH1roX2tWV=5P$##AOHafKmY;|fB*zuk3h>D zExFsdFN1#n`o?DG@A=!mz4-R0mFHhS{`aGMCw_gf{mystq@1=2M|VElc{X7l7&S-a z;q0N#(b>ECcfWb-&&$6&y8G8Z_h0;R>*tJVW~XMJ>|DC|(5t=u;D?(BCuVNYzyF() mPYwNr4FV8=00bZa0SG_<0uX=z1Rwx`ArdHzl*W_aDEtSkqPYeD literal 0 HcmV?d00001 diff --git a/libs/nss/files/system-pkcs11.txt b/libs/nss/files/system-pkcs11.txt new file mode 100644 index 000000000..1a264e9cc --- /dev/null +++ b/libs/nss/files/system-pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/libs/nss/patches/001-nss_standalone.patch b/libs/nss/patches/001-nss_standalone.patch new file mode 100644 index 000000000..eb3b6fd00 --- /dev/null +++ b/libs/nss/patches/001-nss_standalone.patch @@ -0,0 +1,247 @@ +Submitted By: DJ Lucas +Date: 2016-12-27 +Initial Package Version: 3.12.4 +Upstream Status: Not applicable +Origin: Self, rediffed for nss-3.28. +Description: Adds auto-generated nss.pc and nss-config script, and + allows building without nspr in the source tree. + For 3.40.1, Requires: updated to nspr >= 4.20. + +diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile +--- nss-3.28-orig/nss/Makefile 2016-12-21 05:56:27.000000000 -0600 ++++ nss-3.28/nss/Makefile 2016-12-26 22:24:52.695146032 -0600 +@@ -46,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +-nss_build_all: build_nspr all latest ++nss_build_all: all latest + + nss_clean_all: clobber_nspr clobber + +diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile +--- nss-3.28-orig/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/Makefile 2016-12-26 22:20:40.008205774 -0600 +@@ -0,0 +1,40 @@ ++CORE_DEPTH = .. ++DEPTH = .. ++ ++include $(CORE_DEPTH)/coreconf/config.mk ++ ++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` ++PREFIX = /usr ++ ++all: export libs ++ ++export: ++ # Create the nss.pc file ++ mkdir -p $(DIST)/lib/pkgconfig ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@exec_prefix@,\$${prefix}," \ ++ -e "s,@libdir@,\$${prefix}/lib," \ ++ -e "s,@includedir@,\$${prefix}/include/nss," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss.pc.in > nss.pc ++ chmod 0644 nss.pc ++ ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig ++ ++ # Create the nss-config script ++ mkdir -p $(DIST)/bin ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss-config.in > nss-config ++ chmod 0755 nss-config ++ ln -sf ../../../nss/config/nss-config $(DIST)/bin ++ ++libs: ++ ++dummy: all export libs ++ +diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in +--- nss-3.28-orig/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/nss-config.in 2016-12-26 22:20:40.008205774 -0600 +@@ -0,0 +1,153 @@ ++#!/bin/sh ++ ++prefix=@prefix@ ++ ++major_version=@NSS_MAJOR_VERSION@ ++minor_version=@NSS_MINOR_VERSION@ ++patch_version=@NSS_PATCH_VERSION@ ++ ++usage() ++{ ++ cat <&2 ++fi ++ ++lib_nss=yes ++lib_nssutil=yes ++lib_smime=yes ++lib_ssl=yes ++lib_softokn=yes ++ ++while test $# -gt 0; do ++ case "$1" in ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ++ *) optarg= ;; ++ esac ++ ++ case $1 in ++ --prefix=*) ++ prefix=$optarg ++ ;; ++ --prefix) ++ echo_prefix=yes ++ ;; ++ --exec-prefix=*) ++ exec_prefix=$optarg ++ ;; ++ --exec-prefix) ++ echo_exec_prefix=yes ++ ;; ++ --includedir=*) ++ includedir=$optarg ++ ;; ++ --includedir) ++ echo_includedir=yes ++ ;; ++ --libdir=*) ++ libdir=$optarg ++ ;; ++ --libdir) ++ echo_libdir=yes ++ ;; ++ --version) ++ echo ${major_version}.${minor_version}.${patch_version} ++ ;; ++ --cflags) ++ echo_cflags=yes ++ ;; ++ --libs) ++ echo_libs=yes ++ ;; ++ nss) ++ lib_nss=yes ++ ;; ++ nssutil) ++ lib_nssutil=yes ++ ;; ++ smime) ++ lib_smime=yes ++ ;; ++ ssl) ++ lib_ssl=yes ++ ;; ++ softokn) ++ lib_softokn=yes ++ ;; ++ *) ++ usage 1 1>&2 ++ ;; ++ esac ++ shift ++done ++ ++# Set variables that may be dependent upon other variables ++if test -z "$exec_prefix"; then ++ exec_prefix=`pkg-config --variable=exec_prefix nss` ++fi ++if test -z "$includedir"; then ++ includedir=`pkg-config --variable=includedir nss` ++fi ++if test -z "$libdir"; then ++ libdir=`pkg-config --variable=libdir nss` ++fi ++ ++if test "$echo_prefix" = "yes"; then ++ echo $prefix ++fi ++ ++if test "$echo_exec_prefix" = "yes"; then ++ echo $exec_prefix ++fi ++ ++if test "$echo_includedir" = "yes"; then ++ echo $includedir ++fi ++ ++if test "$echo_libdir" = "yes"; then ++ echo $libdir ++fi ++ ++if test "$echo_cflags" = "yes"; then ++ echo -I$includedir ++fi ++ ++if test "$echo_libs" = "yes"; then ++ libdirs="-L$libdir" ++ if test -n "$lib_nss"; then ++ libdirs="$libdirs -lnss${major_version}" ++ fi ++ if test -n "$lib_nssutil"; then ++ libdirs="$libdirs -lnssutil${major_version}" ++ fi ++ if test -n "$lib_smime"; then ++ libdirs="$libdirs -lsmime${major_version}" ++ fi ++ if test -n "$lib_ssl"; then ++ libdirs="$libdirs -lssl${major_version}" ++ fi ++ if test -n "$lib_softokn"; then ++ libdirs="$libdirs -lsoftokn${major_version}" ++ fi ++ echo $libdirs ++fi ++ +diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in +--- nss-3.28-orig/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/nss.pc.in 2016-12-26 22:22:53.300694346 -0600 +@@ -0,0 +1,12 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: NSS ++Description: Network Security Services ++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ ++Requires: nspr >= 4.20 ++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@ ++Cflags: -I${includedir} ++ +diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn +--- nss-3.28-orig/nss/manifest.mn 2016-12-21 05:56:27.000000000 -0600 ++++ nss-3.28/nss/manifest.mn 2016-12-26 22:24:12.278991843 -0600 +@@ -10,4 +10,4 @@ IMPORTS = nspr20/v4.8 \ + + RELEASE = nss + +-DIRS = coreconf lib cmd cpputil gtests ++DIRS = coreconf lib cmd cpputil gtests config diff --git a/libs/nss/patches/002-os_test.patch b/libs/nss/patches/002-os_test.patch new file mode 100644 index 000000000..ce2b683d1 --- /dev/null +++ b/libs/nss/patches/002-os_test.patch @@ -0,0 +1,18 @@ +--- a/nss/coreconf/arch.mk 2019-04-01 22:20:32.470080052 +0300 ++++ b/nss/coreconf/arch.mk 2019-04-01 22:21:01.730987548 +0300 +@@ -20,13 +20,13 @@ + # Macros for getting the OS architecture + # + +-OS_ARCH := $(subst /,_,$(shell uname -s)) ++OS_ARCH ?= $(subst /,_,$(shell uname -s)) + + # + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) + ifeq ($(OS_TEST),i86pc) + OS_RELEASE := $(shell uname -r)_$(OS_TEST) + else diff --git a/libs/nss/patches/003-openwrt_fix.patch b/libs/nss/patches/003-openwrt_fix.patch new file mode 100644 index 000000000..d4af64253 --- /dev/null +++ b/libs/nss/patches/003-openwrt_fix.patch @@ -0,0 +1,86 @@ +--- a/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:14.797053528 +0300 ++++ b/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:26.156310432 +0300 +@@ -30,7 +30,7 @@ + #define MAXNAMLEN FILENAME_MAX + + #else +-#include ++#include + #endif + #endif + +--- a/nss/coreconf/rules.mk 2019-03-31 22:39:06.741609534 +0300 ++++ b/nss/coreconf/rules.mk 2019-03-31 22:36:13.260356949 +0300 +@@ -261,7 +261,7 @@ + ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) + $(AR) $(subst /,\\,$(OBJS)) + else +- $(AR) $(OBJS) ++ $(AR) rcs $@ $(OBJS) + endif + $(RANLIB) $@ + +--- a/nss/coreconf/arch.mk 2019-03-31 23:38:34.374931416 +0300 ++++ b/nss/coreconf/arch.mk 2019-03-31 23:38:44.667236102 +0300 +@@ -305,7 +305,7 @@ + OBJDIR_NAME_COMPILER = $(COMPILER_TAG) + endif + OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG) +-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ ++OBJDIR_NAME = build_dir + + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) +--- a/nss/coreconf/Linux.mk 2019-04-01 10:08:59.129269177 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-01 10:09:15.557782574 +0300 +@@ -139,6 +139,7 @@ + DEFINES += -D_REENTRANT + endif + ++ifndef USE_NATIVE + DSO_CFLAGS = -fPIC + DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections + # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) +@@ -149,6 +150,7 @@ + ZDEFS_FLAG = -Wl,-z,defs + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) + LDFLAGS += $(ARCHFLAG) -z noexecstack ++endif + + # On Maemo, we need to use the -rpath-link flag for even the standard system + # library directories. +--- a/nss/coreconf/Linux.mk 2019-04-01 23:10:19.091912203 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-06 14:07:13.499169075 +0300 +@@ -140,7 +140,7 @@ + endif + + ifndef USE_NATIVE +-DSO_CFLAGS = -fPIC ++DSO_CFLAGS = $(fpic) + DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections + # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) + # incorrectly reports undefined references in the libraries we link with, so +--- a/nss/coreconf/Linux.mk 2019-04-06 20:25:36.431663894 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-06 20:26:23.397129525 +0300 +@@ -107,11 +107,6 @@ + endif + + ifdef BUILD_OPT +-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) +- OPTIMIZER = -Os +-else +- OPTIMIZER = -O2 +-endif + ifdef MOZ_DEBUG_SYMBOLS + ifdef MOZ_DEBUG_FLAGS + OPTIMIZER += $(MOZ_DEBUG_FLAGS) +--- a/nss/coreconf/UNIX.mk 2019-04-06 20:34:24.284157646 +0300 ++++ b/nss/coreconf/UNIX.mk 2019-04-06 20:34:34.760485327 +0300 +@@ -10,7 +10,6 @@ + LDOPTS += -L$(SOURCE_LIB_DIR) + + ifdef BUILD_OPT +- OPTIMIZER += -O + DEFINES += -UDEBUG -DNDEBUG + else + OPTIMIZER += -g