Commit graph

67 commits

Author SHA1 Message Date
Eelco Dolstra
cb37ab146b Add mirror://mozilla scheme 2016-05-09 19:37:22 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz
1a9b272c09 nss: 3.22.2 -> 3.23 (security)
Fixes CVE-2016-1950.

See: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
2016-03-21 21:27:59 +01:00
Domen Kožar
603ea2652f nss: 3.22 -> 3.22.2 (CVE-2016-1950) 2016-03-11 12:18:18 +00:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Eelco Dolstra
1f952e0172 nss: 3.21 -> 3.22 2016-02-12 16:10:59 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Eelco Dolstra
86bf3662df nss: 3.20.1 -> 3.21 2015-12-16 16:18:42 +01:00
Luca Bruno
e289717414 rename moveToOutput and propagatedBuildInputs 2015-12-02 10:05:36 +01:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
William A. Kennington III
e8cbf833ef nss: 3.20 -> 3.20.1 2015-11-04 00:58:28 -08:00
Vladimír Čunát
ba9b80c7e0 nspr,nss: split into multiple outputs
Hopefully most references are OK.
2015-10-13 20:18:44 +02:00
William A. Kennington III
ec18091961 nss: Add platforms 2015-09-18 14:52:52 -07:00
William A. Kennington III
b5d599af8c nss: 3.19.3 -> 3.20 2015-08-20 15:32:47 -07:00
Eelco Dolstra
36ab9c695a nss: Update to 3.19.3 2015-08-11 14:26:30 +02:00
William A. Kennington III
f80dc98ca9 nss: 3.19.1 -> 3.19.2 2015-06-24 18:14:17 -07:00
Eelco Dolstra
98a4eabd99 Revert "qemu: 2.2.2 -> 2.3.0"
This reverts commit 19c259161b.
2015-06-04 14:54:48 +02:00
William A. Kennington III
5483697ab1 nss: 3.19 -> 3.19.1 2015-05-29 15:29:53 -07:00
William A. Kennington III
19c259161b qemu: 2.2.2 -> 2.3.0 2015-05-20 18:30:22 -07:00
William A. Kennington III
9f337e8cc7 nss: 3.18.1 -> 3.19 2015-05-08 06:14:35 -07:00
Eelco Dolstra
1d8590afe4 nss: Update to 3.18.1 2015-04-21 16:53:43 +02:00
William A. Kennington III
7215167342 nss: 3.17.4 -> 3.18 2015-03-27 11:37:06 -07:00
Eelco Dolstra
843f21fd6a nss: Update to 3.17.4 2015-02-24 18:50:04 +01:00
William A. Kennington III
ffee9f6a92 nss: Fix gentoo patch to specify library path in nss.pc 2015-01-02 00:24:49 -08:00
Vladimír Čunát
2e1bb14b93 nss: security update fixing CVE-2014-1569 2014-12-02 21:51:25 +01:00
Eelco Dolstra
f445fb8240 nss: Update to 3.17.2 2014-10-14 22:53:56 +02:00
Eelco Dolstra
711d67263a nss: Update to 3.16.5
CVE-2014-1568
2014-09-25 11:43:23 +02:00
Eelco Dolstra
b3b06af89a nss: Update to 3.16.4 2014-09-03 22:51:55 +02:00
Eelco Dolstra
ea0013a0d9 nss: Update to 3.16.3 2014-07-23 17:28:36 +02:00
Eelco Dolstra
ec332f520c nss: Update to 3.16.1 2014-05-19 16:04:32 +02:00
Eelco Dolstra
6fe24bda2d nss: Update to 3.16 2014-04-22 14:55:51 +02:00
James Cook
ce5f84ce56 nss: update to 3.15.4 2014-02-06 12:15:43 -08:00
Domen Kožar
5b982bd090 nss: patch http location moved, let's keep it in filesystem 2014-01-22 10:46:37 +01:00
Eelco Dolstra
72feb8e011 nss: Update to 3.15.3.1
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
2014-01-06 17:42:32 +01:00
Ricardo M. Correia
94536ea09f nss: Fix patch download URL 2013-12-24 11:16:58 +01:00
Shea Levy
2909634cac nss: Bump
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-11-18 15:39:13 -05:00
Eelco Dolstra
11960d2f47 nss: Update to 3.15.2 2013-10-15 17:24:33 +02:00
Eelco Dolstra
d17f7d2fdf nss: Update to 3.15.1 2013-08-07 17:12:33 +02:00
aszlig
964621438a nss: Update to version 3.14.3.
This update involves a bunch of fixes on our side:

Update the Gentoo patch to 3.14.1 from http://bit.ly/ZG8OK5 and drop the older
one from http://bit.ly/15mN0X1 (for 3.12.5).

While checking the old patch from Gentoo, I discovered, that the patch added in
revision 06c543b11d wasn't the original one in the
Gentoo repository.

Instead of doing the same again, we now patch up our specific modifications
using sed within the postPatch hook.

In addition to that, we now have another patch from RedHat/Fedora which syncs
the NSS PEM support repository with the latest upstream changes. Patch is coming
from the SRPM at http://koji.fedoraproject.org/koji/rpminfo?rpmID=3772072 and I
just stripped the "0001-" prefix from the filename.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-03-01 09:42:38 +01:00
Mathijs Kwik
6f90b481db nss: add yet another mirror to get the patch from
the original url throws 500
the mirror's patch differs (probably upgraded for newer nss)
so I found one more source, with a (versioned) url
2013-01-13 14:30:55 +01:00
Eelco Dolstra
df5cca471e nss: Update to 3.14 2012-10-31 14:04:58 +01:00
aszlig
9a65507b0f
nss: Fix and add URL for security_load.patch.
We now provide an additional URL from the Debian Git repository as well, just to
be sure that the URL is available.

And, well, of course fix the URL that has gone invalid.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-09-17 09:31:47 +02:00
aszlig
808108105d nss: Just delete files if includeTools is false.
Before, the entire directory was deleted and recreated, which fails if we want
to sign libraries (shlibsign is obviously deleted in that step as well), so we
delete everything but "nss-config" on postFixup.
2012-08-22 08:29:10 +02:00
aszlig
c672997dc6 nss: Remove redundant nss-config.in.
This file is already contained in nss-3.12.5-gentoo-fixups.diff, so we don't
need to do all that cruft twice.
2012-08-22 08:29:10 +02:00
aszlig
38a4d77665 nss: Fix referencePath to security modules.
This adds a patch from Debian, as they're already have security modules from NSS
in it's own library directory rather than /usr/lib{,64}/ and patch in loading of
libsoftokn as well.

The patch and our own fix of the patch (well, they hardcode Debian specific
stuff in there) ensures that SECMOD_AddNewModule() will find the right module
from the derivation's output path, so the built-in CA root certificates are
recognized and verified correctly.
2012-08-22 08:29:09 +02:00
aszlig
9e0aaf30aa nss: Sign libraries after striping.
Running NSS in FIPS mode is only possible if the libraries are signed correctly,
so we're doing this in the postFixup hook, to insure nothing gets altered after
that phase.

For more information about FIPS mode, please see:
https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation
2012-08-22 08:29:09 +02:00
aszlig
29fce94665 nss: Clean up build/make flags.
First of all, let's remove that redundant BUILD_OPT variable.

This variable already is in makeFlags, so we really don't want it to be lurking
around in the attribute set of the derivation, and it annoys me for being there
for days.

We now state build targets explicitly rather than relying on "nss_build_all".
This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as
only nss_build_all includes build_nspr.

In addition, we don't need the -lz hack anymore, as this has been fixed in
recent NSS versions, so we can completly remove the postBuild hook.

And while we're at it, we're removing those outdated build instructions as well,
especially because we don't and can't follow official building guidelines
anymore, as those are difficult to apply to Nix.
2012-08-22 08:29:09 +02:00
aszlig
5f4ca8ec18 nss: Add nss-pem module from fedora.
This is a compatibility module which adds suport for PEM certificates used by
OpenSSL and compatible libraries. The module gets built but isn't used at the
moment, so we're going to work on integration of it later.
2012-08-22 08:29:09 +02:00
aszlig
485dcc9152 nss: Build using system libsqlite.
Let's use system SQLite library, which makes sense anyway. More importantly
because it conflicts with the sqlite package, as NSS is building this as a
shared library aswell.
2012-08-22 08:29:09 +02:00
aszlig
0e768ba98d nss: Update NSS to version 3.13.6.
So to begin with fixing NSS let's get to the latest upstream release and start
fixing, so we won't carry around historic crap we then will throw away anyway.
2012-08-22 08:29:09 +02:00