diff --git a/pkgs/development/libraries/nss/85_security_load.patch b/pkgs/development/libraries/nss/85_security_load.patch index 4268231380c1..d20572a051ef 100644 --- a/pkgs/development/libraries/nss/85_security_load.patch +++ b/pkgs/development/libraries/nss/85_security_load.patch @@ -1,25 +1,29 @@ -## 85_security_load.patch by Mike Hommey -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Load modules from $ORIGIN/nss. - -Index: nss/nss/cmd/shlibsign/shlibsign.c -=================================================================== ---- nss.orig/nss/cmd/shlibsign/shlibsign.c 2013-08-05 14:40:31.041657554 +0900 -+++ nss/nss/cmd/shlibsign/shlibsign.c 2013-08-05 14:40:31.033657739 +0900 -@@ -851,6 +851,8 @@ +diff -ru nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c nss-3.16/nss/cmd/shlibsign/shlibsign.c +--- nss-3.16-orig/nss/cmd/shlibsign/shlibsign.c 2014-03-14 21:31:59.000000000 +0100 ++++ nss-3.16/nss/cmd/shlibsign/shlibsign.c 2014-04-22 14:50:31.340743655 +0200 +@@ -852,6 +852,8 @@ libname = PR_GetLibraryName(NULL, "softokn3"); assert(libname != NULL); lib = PR_LoadLibrary(libname); + if (!lib) -+ lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so"); ++ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); assert(lib != NULL); PR_FreeLibraryName(libname); -Index: nss/nss/lib/pk11wrap/pk11load.c -=================================================================== ---- nss.orig/nss/lib/pk11wrap/pk11load.c 2013-08-05 14:40:31.041657554 +0900 -+++ nss/nss/lib/pk11wrap/pk11load.c 2013-08-05 14:40:31.033657739 +0900 +Only in nss-3.16/nss/cmd/shlibsign: shlibsign.c.orig +diff -ru nss-3.16-orig/nss/coreconf/config.mk nss-3.16/nss/coreconf/config.mk +--- nss-3.16-orig/nss/coreconf/config.mk 2014-03-14 21:31:59.000000000 +0100 ++++ nss-3.16/nss/coreconf/config.mk 2014-04-22 14:50:51.302731097 +0200 +@@ -188,3 +188,6 @@ + + # Hide old, deprecated, TLS cipher suite names when building NSS + DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES ++ ++# Nix specific stuff. ++DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" +diff -ru nss-3.16-orig/nss/lib/pk11wrap/pk11load.c nss-3.16/nss/lib/pk11wrap/pk11load.c +--- nss-3.16-orig/nss/lib/pk11wrap/pk11load.c 2014-03-14 21:31:59.000000000 +0100 ++++ nss-3.16/nss/lib/pk11wrap/pk11load.c 2014-04-22 14:50:22.164749330 +0200 @@ -406,6 +406,13 @@ * unload the library if anything goes wrong from here on out... */ @@ -34,18 +38,17 @@ Index: nss/nss/lib/pk11wrap/pk11load.c mod->library = (void *)library; if (library == NULL) { -Index: nss/nss/lib/util/secload.c -=================================================================== ---- nss.orig/nss/lib/util/secload.c 2013-08-05 14:40:31.041657554 +0900 -+++ nss/nss/lib/util/secload.c 2013-08-05 14:40:31.033657739 +0900 +diff -ru nss-3.16-orig/nss/lib/util/secload.c nss-3.16/nss/lib/util/secload.c +--- nss-3.16-orig/nss/lib/util/secload.c 2014-03-14 21:31:59.000000000 +0100 ++++ nss-3.16/nss/lib/util/secload.c 2014-04-22 14:50:31.342743654 +0200 @@ -69,9 +69,14 @@ /* Remove the trailing filename from referencePath and add the new one */ c = strrchr(referencePath, PR_GetDirectorySeparator()); + if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] -+ * and program was called from $PATH. Hack to get libs from /usr/lib */ -+ referencePath = "/usr/lib/"; -+ c = &referencePath[8]; /* last / */ ++ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ ++ referencePath = NIX_NSS_LIBDIR; ++ c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ + } if (c) { size_t referencePathSize = 1 + c - referencePath; @@ -54,7 +57,7 @@ Index: nss/nss/lib/util/secload.c if (fullName) { memcpy(fullName, referencePath, referencePathSize); strcpy(fullName + referencePathSize, name); -@@ -81,6 +86,12 @@ +@@ -81,6 +86,11 @@ #endif libSpec.type = PR_LibSpec_Pathname; libSpec.value.pathname = fullName; @@ -62,12 +65,11 @@ Index: nss/nss/lib/util/secload.c + (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { + memcpy(fullName + referencePathSize -4, "lib", 3); + } -+ strcpy(fullName + referencePathSize, "nss/"); -+ strcpy(fullName + referencePathSize + 4, name); ++ strcpy(fullName + referencePathSize, name); dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL #ifdef PR_LD_ALT_SEARCH_PATH /* allow library's dependencies to be found in the same directory -@@ -88,6 +99,10 @@ +@@ -88,6 +98,10 @@ | PR_LD_ALT_SEARCH_PATH #endif ); diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 92cc12fe1be8..920fd75b1b60 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -11,11 +11,11 @@ let in stdenv.mkDerivation rec { name = "nss-${version}"; - version = "3.15.4"; + version = "3.16"; src = fetchurl { - url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/${name}.tar.gz"; - sha1 = "c164fac83fcbaff010786767e2a858ca23a89a5b"; + url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/${name}.tar.gz"; + sha1 = "981dc6ef2f1e69ec7e2b277ce27c7005e9837f95"; }; buildInputs = [ nspr perl zlib sqlite ]; @@ -26,9 +26,8 @@ in stdenv.mkDerivation rec { patches = [ ./nss-3.15-gentoo-fixups.patch - # from http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch ./85_security_load.patch - ./nix_secload_fixup.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/nss/nix_secload_fixup.patch b/pkgs/development/libraries/nss/nix_secload_fixup.patch deleted file mode 100644 index 89c82f1b87d4..000000000000 --- a/pkgs/development/libraries/nss/nix_secload_fixup.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -ru -x '*~' nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c nss-3.15.1/nss/cmd/shlibsign/shlibsign.c ---- nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:03:40.013256377 +0200 -+++ nss-3.15.1/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:04:21.128410153 +0200 -@@ -853,7 +853,7 @@ - assert(libname != NULL); - lib = PR_LoadLibrary(libname); - if (!lib) -- lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so"); -+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); - assert(lib != NULL); - PR_FreeLibraryName(libname); - -diff -ru -x '*~' nss-3.15.1-orig/nss/coreconf/config.mk nss-3.15.1/nss/coreconf/config.mk ---- nss-3.15.1-orig/nss/coreconf/config.mk 2013-06-27 19:58:08.000000000 +0200 -+++ nss-3.15.1/nss/coreconf/config.mk 2013-08-07 16:11:27.364608802 +0200 -@@ -181,3 +181,6 @@ - - # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features - DEFINES += -DNO_NSPR_10_SUPPORT -+ -+# Nix specific stuff. -+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" -diff -ru -x '*~' nss-3.15.1-orig/nss/lib/util/secload.c nss-3.15.1/nss/lib/util/secload.c ---- nss-3.15.1-orig/nss/lib/util/secload.c 2013-08-07 16:03:40.014256381 +0200 -+++ nss-3.15.1/nss/lib/util/secload.c 2013-08-07 16:05:02.453563064 +0200 -@@ -70,9 +70,9 @@ - /* Remove the trailing filename from referencePath and add the new one */ - c = strrchr(referencePath, PR_GetDirectorySeparator()); - if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] -- * and program was called from $PATH. Hack to get libs from /usr/lib */ -- referencePath = "/usr/lib/"; -- c = &referencePath[8]; /* last / */ -+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ -+ referencePath = NIX_NSS_LIBDIR; -+ c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ - } - if (c) { - size_t referencePathSize = 1 + c - referencePath; -@@ -90,8 +90,7 @@ - (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { - memcpy(fullName + referencePathSize -4, "lib", 3); - } -- strcpy(fullName + referencePathSize, "nss/"); -- strcpy(fullName + referencePathSize + 4, name); -+ strcpy(fullName + referencePathSize, name); - dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL - #ifdef PR_LD_ALT_SEARCH_PATH - /* allow library's dependencies to be found in the same directory