diff options
-rw-r--r-- | debian/changelog | 1485 | ||||
-rw-r--r-- | debian/control | 64 | ||||
-rw-r--r-- | debian/copyright | 85 | ||||
-rw-r--r-- | debian/libnss3-dev.dirs | 2 | ||||
-rw-r--r-- | debian/libnss3-tools.dirs | 1 | ||||
-rw-r--r-- | debian/libnss3-tools.manpages | 1 | ||||
-rw-r--r-- | debian/libnss3.lintian-overrides.in | 23 | ||||
-rw-r--r-- | debian/libnss3.symbols | 172 | ||||
-rw-r--r-- | debian/make.mk | 13 | ||||
-rw-r--r-- | debian/nss.pc.in | 11 | ||||
-rw-r--r-- | debian/patches/38_hppa.patch | 17 | ||||
-rw-r--r-- | debian/patches/38_hurd.patch | 59 | ||||
-rw-r--r-- | debian/patches/80_security_tools.patch | 26 | ||||
-rw-r--r-- | debian/patches/series | 3 | ||||
-rwxr-xr-x | debian/rules | 197 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/upstream/metadata | 4 | ||||
-rw-r--r-- | debian/watch | 3 |
18 files changed, 2167 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..200330b --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1485 @@ +nss (2:3.87.1-1) unstable; urgency=medium + + * New upstream release. + * Fixes CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS. + + -- Mike Hommey <glandium@debian.org> Wed, 15 Feb 2023 09:22:38 +0900 + +nss (2:3.87-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 18 Jan 2023 07:02:20 +0900 + +nss (2:3.85-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 16 Nov 2022 09:15:28 +0900 + +nss (2:3.83-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Sun, 18 Sep 2022 06:33:16 +0900 + +nss (2:3.82-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSSUTIL_3.82 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 24 Aug 2022 07:00:08 +0900 + +nss (2:3.81-2) unstable; urgency=medium + + * debian/rules: Disable -Werror on less mainline architectures. + + -- Mike Hommey <glandium@debian.org> Sun, 14 Aug 2022 05:45:08 +0900 + +nss (2:3.81-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.80 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 27 Jul 2022 10:19:59 +0900 + +nss (2:3.79-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.79 symbol version. + * debian/control: Bump nspr build dependency. + + -- Mike Hommey <glandium@debian.org> Wed, 01 Jun 2022 06:30:56 +0900 + +nss (2:3.77-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.77 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 06 Apr 2022 09:18:22 +0900 + +nss (2:3.75-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 09 Feb 2022 08:46:51 +0900 + +nss (2:3.73.1-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2021 06:16:55 +0900 + +nss (2:3.73-1) unstable; urgency=medium + + * New upstream release. + * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded + DSA and RSA-PSS signatures. + + -- Mike Hommey <glandium@debian.org> Thu, 02 Dec 2021 06:04:31 +0900 + +nss (2:3.72-2) unstable; urgency=medium + + * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). + Closes: #998733. + + -- Mike Hommey <glandium@debian.org> Fri, 12 Nov 2021 06:21:05 +0900 + +nss (2:3.72-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, + nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, + nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo + symbol and remove the previous workaround. Closes: #990058. + * debian/libnss3.lintian-overrides.in, debian/rules, + nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, + nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, + nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a + subdirectory. It's a deviation from upstream that is causing more problems + than it's worth keeping. Closes: #737855, #846012, #979159. + * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. + * debian/rules: Stop forcing xz compression. + * debian/copyright: Add dot for continuation. + * debian/watch: Upgrade to version 4. + * debian/control: Upgrade Standard-Version to 4.6.0: + - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains + terse. + - debian/control: Add Rules-Requires-Root: no. + * debian/control: Remove conflict with libnss3-1d. The last Debian version + with libnss3-1d was jessie, and it had a newer version anyways. + * debian/rules: Enable all hardening options. + * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. + * debian/*.lintian-overrides*: Remove + copyright-refers-to-versionless-license-file lintian overrides. + * debian/libnss3.lintian-overrides.in: + - s/shlib-without-versioned-soname/shared-library-lacks-version/. + - Add lacks-unversioned-link-to-shared-library overrides. + * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of + ours. Closes: #737855, #963136. + * debian/rules, debian/control: Always set Multi-Arch: same. + * debian/copyright: + - Remove commas in `Files`. + - Add missing license name for ifparser. + - Add missing `Copyright`. + - Remove copyright for mkdepend, which is not in the source tree anymore. + * debian/upstream/metadata: Add upstream bug tracking metadata. + + [ Daniel Kahn Gillmor ] + * debian/control: correct Homepage (old URL redirects to 404) + + [ Janitor ] + * debian/changelog: Trim trailing whitespace. + * debian/copyright: Use secure copyright file specification URI. + * debian/compat, debian/control: + - Bump debhelper from deprecated 9 to 13. + - Set debhelper-compat version in Build-Depends. + * debian/upstream/metadata: Set upstream metadata fields: Repository. + * debian/rules: Drop transition for old debug package migration. + + -- Mike Hommey <glandium@debian.org> Tue, 02 Nov 2021 06:57:06 +0900 + +nss (2:3.70-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 08 Sep 2021 08:31:23 +0900 + +nss (2:3.68-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Mon, 19 Jul 2021 06:23:39 +0900 + +nss (2:3.67-2) unstable; urgency=medium + + * nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, + nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Make + SSL_GetChannelInfo ABI compatible with older versions by default. Nothing + else than NSS itself currently uses the new field. Closes: #990059. + + -- Mike Hommey <glandium@debian.org> Mon, 05 Jul 2021 07:58:02 +0900 + +nss (2:3.67-1) unstable; urgency=medium + + * New upstream release. Fixes: #989410. + + -- Mike Hommey <glandium@debian.org> Fri, 11 Jun 2021 09:58:51 +0900 + +nss (2:3.66-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.65/NSS_3.66 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 02 Jun 2021 05:53:44 +0900 + +nss (2:3.63-1) unstable; urgency=medium + + * New upstream release. Fixes: #984657. + + -- Mike Hommey <glandium@debian.org> Wed, 24 Mar 2021 12:51:23 +0900 + +nss (2:3.61-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Mon, 08 Feb 2021 06:10:24 +0900 + +nss (2:3.60-1) unstable; urgency=medium + + * New upstream release. Fixes: #977723. + + -- Mike Hommey <glandium@debian.org> Sun, 20 Dec 2020 06:36:28 +0900 + +nss (2:3.59-1) unstable; urgency=medium + + * New upstream release. Fixes: #972713. + * debian/libnss3.symbols: Add NSS_3.59/NSSUTIL_3.59 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 18 Nov 2020 07:26:57 +0900 + +nss (2:3.58-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_58 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 21 Oct 2020 08:04:53 +0900 + +nss (2:3.56-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Thu, 03 Sep 2020 10:55:04 +0900 + +nss (2:3.55-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_55 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 29 Jul 2020 14:00:17 +0900 + +nss (2:3.53.1-1) unstable; urgency=medium + + * New upstream release. + * Fixes CVE-2020-12402. Closes: #963152. + + -- Mike Hommey <glandium@debian.org> Mon, 22 Jun 2020 06:09:24 +0900 + +nss (2:3.53-1) unstable; urgency=medium + + * New upstream release. + * Fixes CVE-2020-12399. Closes: #961752. + * debian/libnss3.symbols: Add NSS_3_53 symbol version. + * nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back + into freeblpriv3. bz#1642146. + * nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is + not set. bz#1642153. + + -- Mike Hommey <glandium@debian.org> Sun, 31 May 2020 06:32:53 +0900 + +nss (2:3.52-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_52 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 06 May 2020 06:06:43 +0900 + +nss (2:3.51-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 08 Apr 2020 11:14:44 +0900 + +nss (2:3.50-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 12 Feb 2020 09:06:51 +0900 + +nss (2:3.49.1-1) unstable; urgency=medium + + * New upstream release. + * nss/lib/freebl/Makefile: Revert change from 2:3.48-1. + * nss/coreconf/config.gypi, nss/lib/freebl/Makefile, + nss/lib/freebl/aes-armv8.c, nss/lib/freebl/freebl.gyp, + nss/lib/freebl/gcm-arm32-neon.c, nss/lib/freebl/gcm.c, + nss/lib/freebl/rijndael.c: Fix freebl arm NEON code use, fixing FTBFS + on armhf, and enabling runtime detection of NEON on armel. bz#1608327 + + -- Mike Hommey <glandium@debian.org> Wed, 22 Jan 2020 15:13:40 +0900 + +nss (2:3.49-1) unstable; urgency=medium + + * New upstream release. + * Fixes CVE-2019-17023. + + -- Mike Hommey <glandium@debian.org> Thu, 09 Jan 2020 13:46:11 +0900 + +nss (2:3.48-1) unstable; urgency=medium + + * New upstream release. Closes: #947131. + * debian/control: Bump nspr build dependency to 4.24. + * nss/lib/freebl/Makefile: Disable hardware AES on ARM softfloat to fix + FTBFS on armel. Closes: #947246. + + -- Mike Hommey <glandium@debian.org> Sun, 29 Dec 2019 07:40:46 +0900 + +nss (2:3.47.1-1) unstable; urgency=medium + + * New upstream release. + - Fixes CVE-2019-11745. + + -- Mike Hommey <glandium@debian.org> Wed, 04 Dec 2019 09:00:54 +0900 + +nss (2:3.47-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_47 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 23 Oct 2019 11:19:59 +0900 + +nss (2:3.45-1) unstable; urgency=medium + + * New upstream release. + - Fixes CVE-2019-11727 and CVE-2019-11719. + * debian/libnss3.symbols: Add NSS_3_45 symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 10 Jul 2019 07:34:18 +0900 + +nss (2:3.44+really3.42.1-2) unstable; urgency=medium + + * debian/rules: Fix version exposed in nss-config and nss.pc. + + -- Mike Hommey <glandium@debian.org> Wed, 05 Jun 2019 06:36:00 +0900 + +nss (2:3.44.0-1) experimental; urgency=medium + + * debian/libnss3.symbols: + - Update the version needed for + SSL_Get{CipherSuite,Channel,PreliminaryChannel}Info. + - Adjust versions so that 3.44+really3.42.1-1 is considered older where it + matters. + + -- Mike Hommey <glandium@debian.org> Sun, 02 Jun 2019 13:06:26 +0900 + +nss (2:3.44+really3.42.1-1) unstable; urgency=medium + + * Reverse to 3.42.1. Building against 3.44 induces some behavior + differences when running against older versions, which could normally + be solved with updates to the symbols file, but since 3.44 is not meant + to ship in Buster, avoid disruption for nss reverse dependencies until + Buster is released by going back to previous version. + + -- Mike Hommey <glandium@debian.org> Sun, 02 Jun 2019 12:42:20 +0900 + +nss (2:3.44-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_43 and NSS_3_44 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sat, 01 Jun 2019 11:12:17 +0900 + +nss (2:3.42.1-1) unstable; urgency=medium + + * New upstream release. + - Fixes CVE-2018-18508. Closes: #921614. + + -- Mike Hommey <glandium@debian.org> Wed, 13 Feb 2019 13:19:39 +0900 + +nss (2:3.42-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 30 Jan 2019 16:47:58 +0900 + +nss (2:3.41-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 12 Dec 2018 14:13:39 +0900 + +nss (2:3.40-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Fri, 02 Nov 2018 14:44:19 +0900 + +nss (2:3.39-1) unstable; urgency=medium + + * New upstream release. + - Fixes CVE-2018-12384. Closes: #908332. + * debian/libnss3.symbols: Add NSS_3_39 and NSSUTIL_3_39 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sun, 09 Sep 2018 08:03:39 +0900 + +nss (2:3.38-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSSUTIL_3_38 symbol version. + + -- Mike Hommey <glandium@debian.org> Mon, 25 Jun 2018 07:26:21 +0900 + +nss (2:3.37.1-1) unstable; urgency=medium + + * New upstream release. + * nss/lib/freebl/Makefile: Build FStar.c when not building with int128 + support. bz#1459739. Closes: #900227 + + -- Mike Hommey <glandium@debian.org> Mon, 28 May 2018 07:58:44 +0900 + +nss (2:3.37-1) unstable; urgency=medium + + * New upstream release. Fixes: #898496. + * debian/control, debian/rules: Generate dbgsym package.AA + * debian/copyright: Switch to machine-readable format. + * debian/control: Bump Standards-Version to 4.1.4. + + -- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900 + +nss (2:3.36.1-1) unstable; urgency=medium + + * New upstream release. + * debian/control: Update Maintainer and Vcs fields, moving off alioth. + + -- Mike Hommey <glandium@debian.org> Tue, 10 Apr 2018 14:55:14 +0900 + +nss (2:3.36-1) unstable; urgency=medium + + * New upstream release. Closes: #894981. + + -- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900 + +nss (2:3.35-2) unstable; urgency=medium + + * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64. + + -- Mike Hommey <glandium@debian.org> Mon, 29 Jan 2018 13:51:18 +0900 + +nss (2:3.35-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Mon, 29 Jan 2018 10:59:06 +0900 + +nss (2:3.34.1-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Fri, 05 Jan 2018 20:15:40 +0900 + +nss (2:3.34-1) unstable; urgency=medium + + * New upstream release: + - Really build without -maes on i386. Closes: #875694. + * debian/libnss3.symbols: Add NSS_3_34 symbol version. + + -- Mike Hommey <glandium@debian.org> Sat, 18 Nov 2017 14:58:01 +0900 + +nss (2:3.33-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_33 and NSSUTIL_3.33 symbol versions. + + -- Mike Hommey <glandium@debian.org> Fri, 29 Sep 2017 06:49:26 +0900 + +nss (2:3.32-2) unstable; urgency=medium + + * nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc: Fix possibly uninitialized + value 'curve'. bz#1389263. Closes: #871691. + * lib/freebl/Makefile: Only build gcm.c and rijndael.c with -maes. + Closes: #871700. + + -- Mike Hommey <glandium@debian.org> Mon, 28 Aug 2017 07:39:59 +0900 + +nss (2:3.32-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Thu, 10 Aug 2017 15:29:40 +0900 + +nss (2:3.31-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3_31 and NSSUTIL_3.31 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sat, 17 Jun 2017 06:41:41 +0900 + +nss (2:3.30.2-1) experimental; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Fri, 19 May 2017 14:06:03 +0900 + +nss (2:3.30.1-1) experimental; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Wed, 19 Apr 2017 20:09:48 +0900 + +nss (2:3.30-1) experimental; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.30 and NSS_3.30.0.1 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sat, 18 Mar 2017 15:34:23 +0900 + +nss (2:3.29.1-1) experimental; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Sat, 25 Feb 2017 09:27:44 +0900 + +nss (2:3.29-1) experimental; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSSUTIL_3.25 symbol version. + + -- Mike Hommey <glandium@debian.org> Mon, 13 Feb 2017 07:42:36 +0900 + +nss (2:3.28.1-1) experimental; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.28 symbol version. + + -- Mike Hommey <glandium@debian.org> Sun, 05 Feb 2017 15:01:47 +0900 + +nss (2:3.27.1-1) experimental; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.27 symbol version. + + -- Mike Hommey <glandium@debian.org> Sat, 19 Nov 2016 08:29:17 +0900 + +nss (2:3.26.2-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Sun, 30 Oct 2016 07:20:34 +0900 + +nss (2:3.26-2) unstable; urgency=medium + + * debian/libnss3.symbols: SSL_GetCipherSuiteInfo and SSL_GetChannelInfo need + newer versions despite the symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2016 10:02:23 +0900 + +nss (2:3.26-1) unstable; urgency=medium + + * New upstream release. + * debian/watch: Update such that uscan --download-version works. + * debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the + libnss3-1d* transitional packages. + * debian/rules: + - Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292. + - Override KERNEL when cross building for a different OS. Closes: #810579. + * debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido Günther. + Closes: #806634. + + -- Mike Hommey <glandium@debian.org> Tue, 16 Aug 2016 16:33:15 +0900 + +nss (2:3.25-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols, debian/rules: Add the new libfreeblpriv3 library. + * debian/libnss3.symbols: Add NSS_3.24 and NSSUTIL_3.24 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 03 Aug 2016 10:23:13 +0900 + +nss (2:3.23-2) unstable; urgency=medium + + * debian/control, debian/rules: Leave it to dh_makeshlibs to do the right + thing wrt ldconfig. This requires debhelper 9.20160403. Closes: #811124. + + -- Mike Hommey <glandium@debian.org> Sun, 03 Apr 2016 18:29:02 +0900 + +nss (2:3.23-1) unstable; urgency=medium + + * New upstream release. + * Fixes mfsa2016-{35-36} also known as CVE-2016-1950 and CVE-2016-1979. + * debian/control: Bump nspr build dependency to 2:4.12. + * debian/libnss3.symbols: Add NSS_3.22 and NSS_3.23 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 09 Mar 2016 13:52:06 +0900 + +nss (2:3.21-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS on x32. Closes: #699217 + * Fix FTBFS on hppa. Closes: #808990 + + -- Adam Borowski <kilobyte@angband.pl> Sun, 14 Feb 2016 14:46:40 +0100 +nss (2:3.21-1) unstable; urgency=medium + + * New upstream release. + * nss/lib/ssl/sslsock.c: Disable transitional scheme for SSL renegotiation. + 5 years after the transition started, it shouldn't be necessary anymore. + * nss/lib/ckfw/builtins/certdata.txt: Remove the SPI CA. + * nss/lib/util/secload.c: Fix a warning introduced by our patch to this file. + * debian/libnss3.symbols: Add NSS_3.21 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 25 Nov 2015 09:18:30 +0900 + +nss (2:3.20.1-1) unstable; urgency=high + + * New upstream release. + * Fixes mfsa2015-133. also known as CVE-2015-7181 and CVE-2015-7182. + + -- Mike Hommey <glandium@debian.org> Wed, 04 Nov 2015 09:53:32 +0900 + +nss (2:3.20-1) unstable; urgency=medium + + * New upstream release. + * Removed patch for __DATE__ and __TIME__ references from 2:3.19.1-1 because + the parts that matter were applied upstream. + * debian/rules: Move USE_64 to common make flags, and always use + DEB_HOST_ARCH_BITS since it's even supported by dpkg in oldstable, now. + * debian/libnss3.symbols: Add NSS_3.20 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sat, 22 Aug 2015 09:02:11 +0900 + +nss (2:3.19.2-1) unstable; urgency=medium + + * New upstream release. + * debian/rules: Force set OS_TEST to DEB_HOST_GNU_CPU to avoid it defaulting + to `uname -m`. Thanks Helmut Grohne. Closes: #788452 + + -- Mike Hommey <glandium@debian.org> Sun, 21 Jun 2015 06:30:13 +0900 + +nss (2:3.19.1-2) unstable; urgency=medium + + * debian/control: Fix Vcs-Git url. + * nss/cmd/shlibsign/manifest.mn: Fix missing LIBRARY_VERSION. + * nss/cmd/shlibsign/shlibsign.c: Fix shlibsign on arm64. + + -- Mike Hommey <glandium@debian.org> Mon, 01 Jun 2015 16:25:07 +0900 + +nss (2:3.19.1-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: + - Add NSS_3.19.1 symbol versions. + - Reorder and replace *@ with (symver). + * debian/rules: + - Pass multi-arch dir for NSPR_LIB_DIR. Closes: #722811. + - Set umask when calling shlibsign, and rearrange how it's being called. + - Build nsinstall separately and set things up for cross-compilations. + - Use native shlibsign when cross-compiling. + - Do not run FIPS check on cross-builds. + * debian/control: Build depend on native libnss3-tools for cross builds. + Closes: #682926. + * debian/libnss3-tools.manpages, debian/rules: Install the manpages that + are now provided upstream. Closes: #505382. + * debian/control: Update Vcs-* urls. + * debian/control: Bump Standards-Version to 3.9.6.0. No changes required. + * nss/lib/ckfw/builtins/binst.c, nss/lib/ckfw/builtins/ckbiver.c, + nss/lib/ckfw/builtins/manifest.mn, nss/lib/ckfw/capi/ckcapiver.c, + nss/lib/ckfw/capi/manifest.mn, nss/lib/ckfw/nssmkey/ckmkver.c, + nss/lib/ckfw/nssmkey/manifest.mn, nss/lib/freebl/freeblver.c, + nss/lib/freebl/ldvector.c, nss/lib/freebl/manifest.mn, + nss/lib/nss/manifest.mn, nss/lib/nss/nssinit.c, nss/lib/nss/nssver.c, + nss/lib/smime/manifest.mn, nss/lib/smime/smimeutil.c, + nss/lib/smime/smimever.c, nss/lib/softoken/legacydb/lginit.c, + nss/lib/softoken/manifest.mn, nss/lib/softoken/pkcs11.c, + nss/lib/softoken/softkver.c, nss/lib/ssl/manifest.mn, + nss/lib/ssl/sslcon.c, nss/lib/ssl/sslver.c, nss/lib/util/secoid.c: Remove + __DATE__ and __TIME__ references. + * nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn, + nss/cmd/shlibsign/shlibsign.c: Fix shlibsign to properly load the sotfoken + module. + * debian/rules: Remove debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss from + LD_LIBRARY_PATH when executing shlibsign, which can be done now with the + fix above. + + -- Mike Hommey <glandium@debian.org> Mon, 01 Jun 2015 09:47:58 +0900 + +nss (2:3.19-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.19 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 13 May 2015 10:47:10 +0900 + +nss (2:3.18-1) experimental; urgency=medium + + * New upstream release. Closes: #782874. + * debian/libnss3.symbols: Add NSS_3.18 symbol versions. + + -- Mike Hommey <glandium@debian.org> Mon, 20 Apr 2015 08:50:46 +0900 + +nss (2:3.17.4-1) experimental; urgency=medium + + * New upstream release. + * Acknowledge NMU. + + -- Mike Hommey <glandium@debian.org> Wed, 25 Feb 2015 16:52:33 +0900 + +nss (2:3.17.2-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2014-1569. Closes: #773625. + + -- Matt Kraai <kraai@debian.org> Sun, 21 Dec 2014 19:46:52 -0800 + +nss (2:3.17.2-1) unstable; urgency=medium + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Sat, 18 Oct 2014 13:22:04 +0900 + +nss (2:3.17.1-1) unstable; urgency=high + + * New upstream release. + - Fixes CVE-2014-1568. + - Add support for ppc64el, with a non-broken patch. Closes: #745757. + * debian/libnss3.symbols: Add NSSUTIL_3.17.1 symbol versions. + + -- Mike Hommey <glandium@debian.org> Wed, 24 Sep 2014 22:16:32 +0900 + +nss (2:3.17-1) unstable; urgency=medium + + * New upstream release. + * nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757. + + -- Mike Hommey <glandium@debian.org> Sun, 24 Aug 2014 08:41:37 +0900 + +nss (2:3.16.3-1.1) unstable; urgency=low + + * Non-maintainer upload to delayed. + * Add support for ppc64el. Closes: #745757 + + -- Andreas Barth <aba@ayous.org> Mon, 18 Aug 2014 20:01:00 +0000 + +nss (2:3.16.3-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.16.2 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sun, 13 Jul 2014 09:24:12 +0900 + +nss (2:3.16.1-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.16.1 symbol versions. + + -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2014 17:24:57 +0900 + +nss (2:3.16-1) unstable; urgency=medium + + * New upstream release. + * debian/libnss3.symbols: Add NSS_3.16 symbol versions. + * nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates. + + -- Mike Hommey <glandium@debian.org> Fri, 21 Mar 2014 08:10:24 +0900 + +nss (2:3.15.4-2) unstable; urgency=high + + * Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490 + and CVE-2014-1491. Bumping urgency as such. + * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules: + Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061. + + -- Mike Hommey <glandium@debian.org> Wed, 05 Feb 2014 16:26:06 +0900 + +nss (2:3.15.4-1) unstable; urgency=low + + * New upstream release. + * Acknowledge NMU. + * debian/rules: Avoid long one-liner with semi-colons. + * debian/patches/*: Refresh patches. + * debian/copyright: Update. Closes: #730428. + * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules: + Add shared cert and key databases. Thanks Timo Aaltonen. Closes: #537866. + * debian/rules: Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH. + * debian/control: Mark libnss3-dev as Multi-Arch: same. Thanks Shawn + Landden. Closes: #682925. + * debian/libnss3.symbols: Add NSS_3.15.4 symbol versions. + + -- Mike Hommey <glandium@debian.org> Mon, 13 Jan 2014 10:46:04 +0900 + +nss (2:3.15.3.1-1.1) unstable; urgency=low + + * Non-Maintainer Upload + - ship extra NSS utilities (Closes: #701141) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 04 Jan 2014 11:34:41 -0500 + +nss (2:3.15.3.1-1) unstable; urgency=high + + * New upstream release. + - Distrusts AC DG Tresor SSL CA. + + -- Mike Hommey <glandium@debian.org> Sun, 15 Dec 2013 10:09:48 +0900 + +nss (2:3.15.3-1) unstable; urgency=high + + * New upstream release. + - Fixes CVE-2013-1741, CVE-2013-5605, CVE-2013-5606. + + -- Mike Hommey <glandium@debian.org> Sat, 16 Nov 2013 08:50:45 +0900 + +nss (2:3.15.2-1) unstable; urgency=low + + * New upstream release. + - Fixes CVE-2013-1739. Closes: #726473. + + -- Mike Hommey <glandium@debian.org> Mon, 21 Oct 2013 08:05:24 +0900 + +nss (2:3.15.1-1) unstable; urgency=low + + * New upstream release. + * debian/patches/*: Refresh patches. + * debian/patches/lower-dhe-priority.patch: Removed, as it was only necessary + for Iceweasel 3.5, which is long gone. + + -- Mike Hommey <glandium@debian.org> Mon, 05 Aug 2013 14:41:14 +0900 + +nss (2:3.15-1) unstable; urgency=low + + * New upstream release. + * debian/patches/*: Refresh patches and removed unused ones. + * debian/rules: Adjusted to the new source layout. + * debian/libnss3.symbols: Add NSS*_3.15 symbol versions. + * debian/control: Bump nspr build dependency. + + -- Mike Hommey <glandium@debian.org> Sat, 15 Jun 2013 19:23:12 +0900 + +nss (2:3.14.3-1) unstable; urgency=high + + * New upstream release. + - Fixes TLS timing attack (luck 13). Closes: #699888. + * debian/libnss3.symbols: Add NSS_3.14.3 symbol version. + * debian/control: Unbump sqlite3 build dependency, 3.14.3 lifted the need + for sqlite 3.7.15. + + -- Mike Hommey <glandium@debian.org> Sun, 17 Mar 2013 15:01:06 +0100 + +nss (2:3.14.2-1) unstable; urgency=low + + * New upstream release. + * debian/control: Bump sqlite3 build dependency. + * debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two + places. + * debian/libnss3-1d.lintian-overrides.in: Stop preprocessing, it has nothing + to preprocess anymore. + * debian/libnss3.lintian-overrides.in: Fix not to contain a reference to the + libnss3-1d package. + + -- Mike Hommey <glandium@debian.org> Fri, 15 Feb 2013 10:06:59 +0100 + +nss (2:3.14.1.with.ckbi.1.93-1) unstable; urgency=low + + * New upstream release. + - Explicitly distrust two intermediate CA certificates mis-issued by + TURKTRUST. + * debian/patches/95_add_spi+cacert_ca_certs.patch: Refreshed. + + -- Mike Hommey <glandium@debian.org> Fri, 04 Jan 2013 11:16:33 +0100 + +nss (2:3.14.1-1) unstable; urgency=low + + * New upstream release. + * debian/patches: Removed patches applied upstream, and refreshed + the others. + * debian/libnss3.symbols: Updated for new symbols. + + -- Mike Hommey <glandium@debian.org> Sun, 23 Dec 2012 17:40:21 +0100 + +nss (2:3.14-2) unstable; urgency=low + + * debian/nss-config.in: Fix nss-config when version is in the x.y form + instead of x.y.z. + + -- Mike Hommey <glandium@debian.org> Fri, 07 Dec 2012 17:07:05 +0100 + +nss (2:3.14-1) unstable; urgency=low + + * New upstream release. + * debian/patches: Removed patches applied upstream, and refreshed + the others. + * debian/libnss3.symbols: Updated for new symbols. + + -- Mike Hommey <glandium@debian.org> Thu, 01 Nov 2012 10:37:39 +0100 + +nss (2:3.13.6-1) unstable; urgency=low + + * New upstream release. + * debian/rules: Use xz compression for binary packages. + Thanks Ansgar Burchardt. Closes: #683835. + + -- Mike Hommey <glandium@debian.org> Fri, 31 Aug 2012 09:56:53 +0200 + +nss (2:3.13.5-1) unstable; urgency=low + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Fri, 15 Jun 2012 09:40:00 +0200 + +nss (2:3.13.4-3) unstable; urgency=low + + * debian/rules: Skip epoch when getting upstream version number. + + -- Mike Hommey <glandium@debian.org> Sun, 20 May 2012 07:36:11 +0200 + +nss (2:3.13.4-2) unstable; urgency=low + + * debian/control, debian/libnss3*, debian/rules, + mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn: + Move to unversioned library. ABI compatibility is ensured upstream, and + the SO version, if it needed a change at any time, would be a change in + the library name. There is no reason to keep making compatibility more + difficult with other distros and upstream binary releases. While previous + versions were one-way compatible (binaries built against other distros or + upstream nspr could work on Debian), this approach works both ways. + * debian/control: + - Bump Standards-Version to 3.9.3.0. No changes required. + - Force to build against libnspr4-dev >= 2:4.9 + * Removed unapplied patches. + * Adding an epoch to match the old libnss3 package that used to be in + the Debian archive. + + -- Mike Hommey <glandium@debian.org> Thu, 17 May 2012 09:45:36 +0200 + +nss (3.13.4-1) unstable; urgency=low + + * New upstream release. + - Changed __GNUC_MINOR__ use in pkcs11n.h. Closes: #650319. + * mozilla/security/nss/cmd/certcgi/certcgi.c, + mozilla/security/nss/cmd/digest/digest.c, + mozilla/security/nss/cmd/signver/pk7print.c: Import patch from Moritz + Muehlenhoff for hardened format strings. + * debian/make.mk, debian/rules, debian/control: Enable hardening. + Closes: #657325. + * debian/libnss3-1d.lintian-overrides.in, debian/rules: Use wildcards in + lintian override. Closes: #670013. + * debian/compat, debian/control: Bump debian/compat to 9. This has the + effect of using build-id for debug files, thus Closes: #670015. + * debian/libnss3-1d.symbols: Add symbols for /usr/lib/nss/ libraries. + + -- Mike Hommey <glandium@debian.org> Sun, 29 Apr 2012 09:48:58 +0200 + +nss (3.13.3-1) unstable; urgency=low + + * New upstream release. + * debian/libnss3-1d.symbols: Updated to fit new upstream. + + -- Mike Hommey <glandium@debian.org> Fri, 24 Feb 2012 09:56:10 +0100 + +nss (3.13.2~beta1-3) experimental; urgency=low + + * debian/libnss3-1d.symbols: Fix symbol version for the symbol added in + -2. + + -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 19:20:23 +0100 + +nss (3.13.2~beta1-2) experimental; urgency=low + + * mozilla/security/nss/lib/ssl/*, + mozilla/security/nss/cmd/tstclnt/tstclnt.c, + mozilla/security/nss/tests/ssl/ssl.sh: Apply patches from bz#542832, + required for Iceweasel 11. + * debian/libnss3-1d.symbols: Add corresponding symbol. + + -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 17:54:03 +0100 + +nss (3.13.2~beta1-1) experimental; urgency=low + + * New upstream snapshot, picked from NSS_3_13_2_BETA1 cvs tag. + * debian/libnss3-1d.symbols: Add NSS 3.13.2 symbols. + + -- Mike Hommey <glandium@debian.org> Fri, 23 Dec 2011 16:22:05 +0100 + +nss (3.13.1.with.ckbi.1.88-1) unstable; urgency=low + + * New upstream release. + - Distrusts malaysian Digicert Sdn. Bhd CA certificate. + - Addresses CVE-2011-3640 (Untrusted search path vulnerability). + Closes: #647614. + * debian/patches/*: Refreshed patches. + * debian/libnss3-1d.symbols: Add NSS 3.13 symbols. + + -- Mike Hommey <glandium@debian.org> Sat, 05 Nov 2011 17:05:26 +0100 + +nss (3.12.11-3) unstable; urgency=high + + * mozilla/security/nss/lib/ckfw/builtins/certdata.*: + Explicitely distrust various DigiNotar CAs: + - DigiNotar Root CA + - DigiNotar Services 1024 CA + - DigiNotar Cyber CA + - DigiNotar Cyber CA 2nd + - DigiNotar PKIoverheid + - DigiNotar PKIoverheid G2 + + -- Mike Hommey <glandium@debian.org> Sat, 03 Sep 2011 09:33:28 +0200 + +nss (3.12.11-2) unstable; urgency=high + + * mozilla/security/nss/lib/ckfw/builtins/certdata.*: + Remove DigiNotar Root CA. + + -- Mike Hommey <glandium@debian.org> Wed, 31 Aug 2011 08:49:00 +0200 + +nss (3.12.11-1) unstable; urgency=low + + * New upstream release. + * mozilla/security/nss/lib/ckfw/builtins/certdata.*, + * mozilla/security/coreconf/{config,Linux}.mk: Refreshed. + * debian/copyright: Update dbm license according to that in the source. + Closes: #624310 + + -- Mike Hommey <glandium@debian.org> Fri, 12 Aug 2011 12:45:08 +0200 + +nss (3.12.10-3) unstable; urgency=low + + * debian/nss-config.in, debian/nss.pc.in, debian/rules: Return the multiarch + path in nss-config and nss.pc. + + -- Mike Hommey <glandium@debian.org> Thu, 21 Jul 2011 18:08:48 +0200 + +nss (3.12.10-2) unstable; urgency=low + + * debian/control, debian/libnss3-1d.dirs, + debian/libnss3-1d.lintian-overrides.in, debian/libnss3-dev.dirs, + debian/libnss3-1d.links.in, debian/libnss3-dev.links.in, + debian/rules: Switch to multi-arch while keeping backports easy. + Closes: #497088. + + -- Mike Hommey <glandium@debian.org> Mon, 04 Jul 2011 11:24:18 +0200 + +nss (3.12.10-1) unstable; urgency=low + + * New upstream release. + * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed. + * debian/control: Build depend on libnspr4-dev >= 4.8.8. + * debian/libnss3-1d.symbols: Add new symbol version. + + -- Mike Hommey <glandium@debian.org> Wed, 25 May 2011 10:20:59 +0200 + +nss (3.12.9.with.ckbi.1.82-1) unstable; urgency=low + + * New upstream release. + - Marks fraudulent Comodo certificates as untrusted. + * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed. + + -- Mike Hommey <glandium@debian.org> Thu, 24 Mar 2011 16:37:46 +0100 + +nss (3.12.9-2) unstable; urgency=low + + * Upload to unstable. + * debian/rules: Fallback to DEB_BUILD_ARCH when dpkg-architecture does't + support DEB_BUILD_ARCH_BITS. + * debian/control: Lower build depends on dpkg-dev to (>= 1.13.19), which + was the previous value. + * mozilla/security/nss/lib/freebl/unix_rand.c: We don't need to prevent + using netstat for entropy seeding. The seeding will stop before netstat + if it could get data from /dev/urandom. + * mozilla/security/coreconf/Linux.mk: We shouldn't need to special case + mips64 anymore. + * mozilla/security/nss/cmd/shlibsign/Makefile, debian/rules: Don't rely + on patching the source to not create .chk files during build. + + -- Mike Hommey <glandium@debian.org> Sun, 06 Mar 2011 09:58:41 +0100 + +nss (3.12.9-1) experimental; urgency=low + + * New upstream release. + + -- Mike Hommey <glandium@debian.org> Sat, 15 Jan 2011 11:33:35 +0100 + +nss (3.12.9~beta2-1) experimental; urgency=low + + * New upstream snapshot, picked from NSS_3_12_9_BETA2 cvs tag. + * debian/patches/*: Refresh patches. + * debian/libnss3-1d.symbols: Add new symbol versions. + * debian/rules: Bump shlibs. + + -- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2010 15:01:31 +0100 + +nss (3.12.8-1) unstable; urgency=low + + * New upstream release. + * debian/patches/*: Refresh patches. + * debian/patches/series: + + lower-dhe-priority.patch: Upstream patch from bz#583337 to lower DHE + priority. Closes: #592315. + + -- Mike Hommey <glandium@debian.org> Thu, 07 Oct 2010 08:50:48 +0200 + +nss (3.12.8~b2-1) experimental; urgency=low + + * New upstream snapshot, picked from NSS_3_12_8_BETA2 cvs tag. + * debian/patches/*: Refresh patches. + + -- Mike Hommey <glandium@debian.org> Mon, 23 Aug 2010 18:11:12 +0200 + +nss (3.12.7-1) unstable; urgency=low + + * New upstream release. + * debian/patches/*: Refresh patches. + * debian/control: + - Bump Standards-Version to 3.9.1.0. + - Build depend on libnspr4-dev >= 4.8.6. + * debian/libnss3-1d.symbols: Simplify symbols file and add new symbols. + * debian/rules: Bump shlibs. + + -- Mike Hommey <glandium@debian.org> Fri, 06 Aug 2010 13:55:14 +0200 + +nss (3.12.6-3) unstable; urgency=low + + * debian/rules: + + Sign libnssdbm3.so. Closes: #588806. + + Test that the FIPS mode can be properly enabled during build. + * debian/control: + + Remove conflicts with very old packages. + + Bump Standards-Version to 3.9.0.0. + + -- Mike Hommey <glandium@debian.org> Mon, 12 Jul 2010 15:12:24 +0200 + +nss (3.12.6-2) unstable; urgency=low + + * debian/patches/series: + + 00_ckbi_1.79.patch: New patch to update CKBI to 1.79. + + 95_add_spi+cacert_ca_certs.patch: Refreshed against CKBI 1.79. + + -- Mike Hommey <glandium@debian.org> Fri, 09 Apr 2010 10:45:01 +0200 + +nss (3.12.6-1) unstable; urgency=low + + * New upstream release. + * debian/patches/*: Refresh patches. + * debian/libnss3-1d.symbols, debian/rules: Update symbols file with new + symbols and bump shlibs. + * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch, + debian/patches/series: Enable transitional scheme for ssl renegotiation. + Closes: #561918. + * debian/control: + + Bump Standards-Version to 3.8.4.0. + + Drop libnss3-1d dependency on dpkg. The versions it didn't really like + were between oldstable and stable. + + Don't allow different versions of libnss3-1d, libnss3-1d-dbg and + libnss3-tools to be installed at the same time. + + Add ${misc:Depends} to libnss3-1d-dbg dependencies. + * debian/rules: Revert workaround for gcc 4.4 bug on powerpc with -Os. + * debian/rules, debian/control, debian/compat: Simplify debian/rules by + using dh. + + -- Mike Hommey <glandium@debian.org> Wed, 17 Mar 2010 20:33:32 +0100 + +nss (3.12.5-2) unstable; urgency=low + + * debian/control: + + Remove build dependency on autotools-dev, we don't use it. + + libnss3-dev depends on libnspr4-dev >= 4.6.6-1. 4.6.6-1 was the first + version where the pkg-config file was nspr.pc instead of + xulrunner-nspr.pc. Closes: #567134. + * debian/patches/96_NSS_VersionCheck.patch, debian/patches/series: + Remove runtime check of NSPR version in NSS_VersionCheck, which seems to + be pointless. Closes: #567136. + + -- Mike Hommey <glandium@debian.org> Thu, 28 Jan 2010 12:12:35 +0100 + +nss (3.12.5-1) unstable; urgency=low + + * New upstream release. + * debian/copyright: Modify with new location for the embedded copy of zlib. + * debian/patches/*: + + Adapt patches to new upstream. + + Switch to quilt format + * debian/source/format: Switch to 3.0 (quilt) format. + * debian/rules, debian/control: Stop using dpatch. + * debian/patches/38_intel_aes_executable_stack.patch: Removed. An upstream + change in version 3.12.4 obsoleted it. + * debian/rules: + + Remove DEB_{BUILD,HOST}_* variables, they are not used. + + Use DEB_BUILD_ARCH_BITS to determine whether to build with USE_64 or not. + + Ship more tools in libnss3-tools. Closes: #526267. + + Work around gcc 4.4 bug on powerpc with -Os. + + Force non parallel build. There are too many race conditions in the + build system to support parallel builds. Closes: #536248. + + Bump shlibs. + * debian/control: + + Bump Standards-Version to 3.8.3.0. + + Build-depend on dpkg-dev (>= 1.15.4) for DEB_BUILD_ARCH_BITS. + + Stricter dependency between libnss3-dev and libnss3-1d. + * debian/libnss3-1d.symbols: + + Add new symbols. + + Remove debian revision for symbols added in 3.12.4. + * debian/patches/38_hurd.patch: Fix FTBFS on Hurd due to PATH_MAX usage in + unix_rand.c. Closes: #550995. + + -- Mike Hommey <glandium@debian.org> Fri, 18 Dec 2009 11:48:14 +0100 + +nss (3.12.4-1) unstable; urgency=low + + * New upstream release. + * debian/patches/38_kbsd.dpatch: + + Use CHECK_FORK_PTHREAD on kfreebsd and hurd. Closes: #547301. + + Adapt to upstream changes. + * debian/patches/95_add_spi+cacert_ca_certs.dpatch, + * debian/patches/81_sonames.dpatch: Adapt to upstream changes. + * debian/libnss3-1d.symbols: Update symbols file with new symbols. + * debian/rules: Bumped shlibs. + + -- Mike Hommey <glandium@debian.org> Sun, 11 Oct 2009 01:26:14 +0200 + +nss (3.12.3.1-1) unstable; urgency=low + + * New upstream release. + * debian/patches/95_add_spi+cacert_ca_certs.dpatch, Adapted to upstream + changes. + + -- Mike Hommey <glandium@debian.org> Fri, 21 Aug 2009 23:47:24 +0200 + +nss (3.12.3-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Updated to catch new upstream .bz2 tarballs. + * debian/copyright: Add information about + mozilla/security/corecond/mkdepend. + * debian/patches/38_hurd.dpatch, debian/patches/38_kbsd.dpatch: Adapted + to upstream changes. + * debian/patches/85_security_load.dpatch: Load libsoftokn3.so from + /usr/lib/nss when unable to load it from standard ld.so paths in + shlibsign. + * debian/rules: + + Add debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH when running + shlibsign during build. + + Bumped shlibs. + * debian/libnss3-1d.symbols: Update symbols file with new symbols. + * debian/control: + + Bumped Standards-Version to 3.8.1.0. No changes needed. + + Put the libnss3-1d-dbg package in the "debug" section. + + Correct libnss3-1d-dbg short description. + + Remove redundant section on libnss3-1d. + + Build-depend on proper version of debhelper for dh_lintian. + * debian/*.lintian-overrides, debian/rules: Install some Lintian + overrides with dh_lintian. + * debian/patches/38_intel_aes_executable_stack.dpatch: Indicate that + we don't need executable stack in intel-aes.s. + * debian/patches/00list: Updated accordingly. + + -- Mike Hommey <glandium@debian.org> Sat, 18 Apr 2009 09:37:31 +0200 + +nss (3.12.2.with.ckbi.1.73-2) unstable; urgency=low + + * mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h: + Apply patch from upstream to fix alignment issues on sparc and ia64. + Closes: #509930. + + -- Mike Hommey <glandium@debian.org> Mon, 06 Apr 2009 20:24:01 +0200 + +nss (3.12.2.with.ckbi.1.73-1) unstable; urgency=low + + * debian/patches/38_kbsd.dpatch: Brown paper bag fix for regression + in previous release that led to FTBFS on i386 only. Closes: #513101. + Thanks Steffen Joeris, Sebastian Andrzej Siewior and Petr Salinger. + * debian/patches/95_add_spi+cacert_ca_certs.dpatch, + debian/patches/80_security_tools.dpatch: Adapted to upstream changes. + * debian/libnss3-1d.symbols: Update symbols file with new symbols. + * debian/rules: Bumped shlibs. + + -- Mike Hommey <glandium@debian.org> Sat, 31 Jan 2009 16:41:26 +0100 + +nss (3.12.1-1) unstable; urgency=low + + * New upstream release. + * debian/patches/95_add_spi+cacert_ca_certs.dpatch, + debian/patches/38_mips64_build.dpatch, + debian/patches/38_kbsd.dpatch: Adapted to upstream changes. + * debian/libnss3-1d.symbols: Update symbols file with new symbols. + * debian/rules: Bumped shlibs. + + -- Mike Hommey <glandium@debian.org> Sat, 20 Dec 2008 12:11:28 +0100 + +nss (3.12.0-5) unstable; urgency=low + + * debian/control: + + Conflict with libnss3-0d >= 3.11.5, that has conflicting files in + /usr/lib/nss. Older versions (those from etch) don't conflict. + This makes updates from old testing smoother. Closes: #492332. + + Build-depend on libsqlite3-dev >= 3.3.9, since API introduced in this + version is used. Closes: #493191. + + -- Mike Hommey <glandium@debian.org> Sun, 03 Aug 2008 09:42:03 +0200 + +nss (3.12.0-4) unstable; urgency=low + + * debian/control: Remove conflict with libnss3-0d, it was only useful when + libnss3-0d was a transitional package. Closes: #490995. + + -- Mike Hommey <glandium@debian.org> Wed, 16 Jul 2008 21:29:19 +0200 + +nss (3.12.0-3) unstable; urgency=low + + * debian/rules: + + Enable ECC cypher suite. Closes: #490826. + + Build with the same optimization level as upstream. + + -- Mike Hommey <glandium@debian.org> Mon, 14 Jul 2008 17:35:25 +0200 + +nss (3.12.0-2) unstable; urgency=low + + * debian/patches/95_add_spi+cacert_ca_certs.dpatch: + + Add CAcert root and class 3 certificates to nssckbi module. + + Add SPI Inc. certificate to nssckbi module. + Thanks to Martin F Krafft for these. Closes: #309564. + * debian/patches/00list: Updated accordingly. + + -- Mike Hommey <glandium@debian.org> Sat, 12 Jul 2008 18:26:09 +0200 + +nss (3.12.0-1) unstable; urgency=low + + * New upstream release. + * debian/patches/92_ocsp.dpatch: Removed, as applied upstream. + * debian/patches/00list: Updated accordingly. + * debian/control: + + Bumped Standards-Version to 3.8.0.1. No changes needed. + + Added Vcs-Browser and Vcs-Git fields. + + libnss3-dev don't need explicit version dependency on libnss3-1d. + + libnss3-dev depends on libnspr4-dev. Closes: #488402. + + Make the -dbg package less a hassle for manual installations with dpkg. + + libnss3-1d depends on version of dpkg that either don't support symbols + files or has fix for #474079. + * debian/patches/85_security_load.dpatch: Load files from /usr/lib/nss if + given reference path is only a filename, which happens when freebl is + statically linked in a binary executable, such as signtool, and the + executable is run from $PATH. When the executable is run using a full + path, we must replace /bin/ in the path with /lib/ to find the libraries. + Closes: #483774. + * debian/libnss3-1d.symbols: Re-enable symbols file. + + -- Mike Hommey <glandium@debian.org> Sat, 05 Jul 2008 10:19:53 +0200 + +nss (3.12.0~rc3-3) unstable; urgency=low + + * debian/control: Make libnss3-0d conflict with old libnss3, which can + still be installed on some systems, though it hasn't been in the archive + since sarge. Closes: #485080. + + -- Mike Hommey <glandium@debian.org> Sun, 08 Jun 2008 14:11:13 +0200 + +nss (3.12.0~rc3-2) unstable; urgency=low + + * debian/patches/92_ocsp.dpatch: Apply patches from bz433594 and bz#433386, + which are applied in upstream RC4 (and are the only changes), to fix + crashes under some conditions with OCSP checks. + * debian/patches/00list: Updated accordingly. + * debian/libnss3-dev.links, debian/libnss3-1d.links: Don't install so + files in the -dev package but in the library package. It will allow + external applications linked against upstream nss to work on Debian with + system nss libraries, and will avoid all browsers to have to implement + symlinks themselves to allow some external plugins to work properly. + * debian/control: Make libnss3-1d conflict with older versions of + libnss3-dev and libnss3-dev need newer libnss3-1d accordingly. + + -- Mike Hommey <glandium@debian.org> Sat, 07 Jun 2008 11:57:55 +0200 + +nss (3.12.0~rc3-1) unstable; urgency=low + + * New upstream snapshot, picked from NSS_3_12_RC3 cvs tag. + + -- Mike Hommey <glandium@debian.org> Sun, 11 May 2008 16:58:17 +0200 + +nss (3.12.0~beta3-1) unstable; urgency=low + + * New upstream snapshot, picked from NSS_3_12_BETA3 cvs tag. + * debian/control: Turn Homepage indications in descriptions into a + control field. + * debian/patches/91_build_pwdecrypt.dpatch: Enable building and installing + pwdecrypt. Thanks Paul Wise. Closes: #472303. + * debian/patches/00list: Updated accordingly. + * debian/libnss3-1d.symbols: Update symbols file with new symbols and rename + the file, so that it isn't used, as a workaround to #474079. + Closes: #474007. + * debian/rules: Bumped shlibs. + + -- Mike Hommey <glandium@debian.org> Tue, 08 Apr 2008 21:23:53 +0200 + +nss (3.12.0~beta2-1) unstable; urgency=low + + * New upstream snapshot, picked from NSS_3_12_BETA2 cvs tag. + * debian/patches/10_3.11.7_symbol_fix.dpatch: Removed, as applied upstream. + * debian/patches/38_kbsd.dpatch: Adapted to upstream changes. + * debian/patches/81_sonames.dpatch: Add SO_VERSION to libnssutil3. + * debian/libnss3-dev.links: Add link for libnssutil3. + * debian/libnss3-1d.symbols: Update symbols file with new symbols. Note that + SEC_StringToOID disappeared (well, was moved to nssutil), compared to + version 3.12.0~1.9b1, but it was a new symbol, and isn't used anywhere. + * debian/nss.pc.in, debian/nss-config.in: Add libnssutil3 support. + * debian/rules: + + Bumped shlibs. + + Don't generate libsoftokn3.so.0d. + * debian/control: + + Remove transitional libnss3-0d package. + + Bumped Standards-Version to 3.7.3.0. No changes needed. + + Build depend on libnspr4-dev >= 4.7.0 (we *do* need the RTM version, and + not the preceding betas) + * debian/libnss3-0d.*: Removed. + * debian/patches/85_security_load.dpatch: Load files from $ORIGIN/nss before + those of $ORIGIN. Closes: #469079. + * debian/patches/38_hurd.dpatch: Fix FTBFS on Hurd because of MAXPATHLEN. + Closes: #419529. + * debian/patches/00list: Updated accordingly. + + -- Mike Hommey <glandium@debian.org> Fri, 07 Mar 2008 21:27:54 +0100 + +nss (3.12.0~1.9b1-2) unstable; urgency=low + + * debian/control: libnss3-1-dbg needs to conflict with older libnss3-0d-dbg, + as it overwrites so of its files. Closes: #455875. + * debian/patches/90_realpath.dpatch: Use realpath() in + loader_GetOriginalPathname, so that symlinks are properly followed when + determining where the current library lives. + * debian/patches/00list: Updated accordingly. + * debian/patches/85_security_load.dpatch: When the module given by the + caller contains a directory name, remove it so that the module can be + properly loaded. Closes: #456296. + + -- Mike Hommey <glandium@debian.org> Sun, 16 Dec 2007 11:06:03 +0100 + +nss (3.12.0~1.9b1-1) unstable; urgency=low + + * New upstream snapshot, picked from FIREFOX_3_0b1_RELEASE cvs tag. + * debian/copyright: Add licensing information about the recently added + sqlite copy in the source tree. + * debian/control: + + Build depend on libsqlite3-dev. + + Rename all -0d packages to -1d, but keep a transitional -0d package, + since all libraries are compatible (except for the removed one). + + Make libnss3-1d conflict with older libnss3-0d. + * debian/patches/38_kbsd.dpatch, debian/patches/81_sonames.dpatch: + Adapted to upstream changes. + * debian/patches/81_sonames.dpatch: + + Remove SO version from libsoftokn3, now it is not linked against + anymore, but dlloaded. + + Remove the hacks to have shlibsign and the signature verification code + handle the SO version in the file name. + + Bump SO version to 1d. + * debian/rules: + + Add NSS_USE_SYSTEM_SQLITE=1 to the make options. + + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss. + + Run shlibsign on libsoftokn3 in /usr/lib/nss, without a SO version. + + For some reason, build-stamp was missing in install-stamp dependencies. + + Bumped shlibs because of new symbols, and pass -c4 to dpkg-gensymbols, + so that it fails in all cases where the symbols file is not up to date. + + Adapt upstream version pattern matching so that the ~1.9b1 part is + removed. + + Install .1d libraries in -1d packages. + + Create a dummy libsoftokn3.so.0d library, installed in the libnss3-0d + package. + * debian/libnss3-0d.links: + + Remove links in /usr/lib/xulrunner. The workaround they were + implementing is going to be done another way. + + Add .0d links to .1d libraries. + * debian/libnss3-dev.links: + + Don't put a symlink for libsoftokn3. + + .so files now link to .1d libraries. + * debian/patches/80_security_build.dpatch: Remove the hack to load libfreebl + from /usr/lib/nss. + * debian/patches/85_security_load.dpatch: Load modules from $ORIGIN/nss. + * debian/patches/10_3.11.7_symbol_fix.dpatch: Fix a symbol version. Stolen + from bz#325672. + * debian/patches/00list: Updated accordingly. + * debian/libnss3-0d.dirs: Renamed to libnss3-1d.dirs. + + -- Mike Hommey <glandium@debian.org> Sat, 08 Dec 2007 10:53:02 +0100 + +nss (3.11.7-1) unstable; urgency=low + + * New upstream release, picked from NSS_3_11_7_RTM cvs tag. + * debian/patches/38_kbsd.dpatch: Also add support for the Hurd. + Closes: #419529. + * debian/rules: + + Don't fail on clean with unpatched ruleset. Closes: #421542. + + Bumped shlibs because of new symbols. + * debian/patches/81_sonames.dpatch: Adapted to upstream changes. + + -- Mike Hommey <glandium@debian.org> Sun, 01 Jul 2007 11:29:06 +0200 + +nss (3.11.5-3) unstable; urgency=low + + * Upload to unstable. + + -- Mike Hommey <glandium@debian.org> Mon, 09 Apr 2007 20:37:25 +0200 + +nss (3.11.5-2) experimental; urgency=low + + * debian/rules: + + Cleaner way to set the NSPR location. + + Install libcrmf.a files in libnss3-dev. + + binary-indep now does nothing. + * debian/control: Make libnss3-dev an Arch: any package. + * debian/nss.pc.in: + + Remove libsoftokn3 from ld libraries. + + Improvement in directories setting. + * debian/libnss3-dev.dirs: Create /usr/bin. + * debian/nss-config.in, debian/rules: Install a nss-config script into + libnss3-dev. + + -- Mike Hommey <glandium@debian.org> Tue, 27 Mar 2007 20:41:11 +0200 + +nss (3.11.5-1) experimental; urgency=low + + * Initial release. (Closes: #416151) + + -- Mike Hommey <glandium@debian.org> Sun, 25 Mar 2007 23:56:17 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..307a6ba --- /dev/null +++ b/debian/control @@ -0,0 +1,64 @@ +Source: nss +Section: libs +Priority: optional +Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org> +Uploaders: Mike Hommey <glandium@debian.org> +Build-Depends: debhelper-compat (= 13), + dpkg-dev (>= 1.17.14), + libnspr4-dev (>= 2:4.34), + zlib1g-dev, + libsqlite3-dev (>= 3.3.9), + libnss3-tools:native (>= 2:3.19-1-1~) <cross> +Standards-Version: 4.6.0 +Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS +Rules-Requires-Root: no +Vcs-Git: https://salsa.debian.org/mozilla-team/nss.git +Vcs-Browser: https://salsa.debian.org/mozilla-team/nss + +Package: libnss3 +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, + ${misc:Depends} +Multi-Arch: same +Description: Network Security Service libraries + This is a set of libraries designed to support cross-platform development + of security-enabled client and server applications. It can support SSLv2 + and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and + other security standards. + +Package: libnss3-tools +Section: admin +Architecture: any +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: Network Security Service tools + This is a set of tools on top of the Network Security Service libraries. + This package includes: + * certutil: manages certificate and key databases (cert7.db and key3.db) + * modutil: manages the database of PKCS11 modules (secmod.db) + * pk12util: imports/exports keys and certificates between the cert/key + databases and files in PKCS12 format. + * shlibsign: creates .chk files for use in FIPS mode. + * signtool: creates digitally-signed jar archives containing files and/or + code. + * ssltap: proxy requests for an SSL server and display the contents of + the messages exchanged between the client and server. +Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/ + +Package: libnss3-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, + libnss3 (= ${binary:Version}), + libnspr4-dev (>= 4.6.6-1) +Breaks: libxmlsec1-dev (<< 1.2.33-1~) +Multi-Arch: same +Description: Development files for the Network Security Service libraries + This is a set of libraries designed to support cross-platform development + of security-enabled client and server applications. It can support SSLv2 + and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and + other security standards. + . + Install this package if you wish to develop your own programs using the + Network Security Service Libraries. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..ff87d56 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,85 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: NSS +Source: http://ftp.mozilla.org/pub/security/nss/releases/ + +Files: * +Copyright: 1994-2000 Netscape Communications Corporation. +License: MPL-2.0 + On Debian systems the full text of the MPL-2.0 can be found in + /usr/share/common-licenses/MPL-2.0. + +Files: nss/lib/zlib/* +Copyright: 1995-2004 Jean-loup Gailly and Mark Adler +License: Zlib + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + . + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + . + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + . + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + . + If you use the zlib library in a product, we would appreciate *not* + receiving lengthy legal documents to sign. The sources are provided + for free but without warranty of any kind. The library has been + entirely written by Jean-loup Gailly and Mark Adler; it does not + include third-party code. + . + If you redistribute modified sources, we would appreciate that you include + in the file ChangeLog history information documenting your changes. Please + read the FAQ for more information on the distribution of modified source + versions. + +Files: nss/lib/dbm/* +Copyright: 1991, 1993, 1994 The Regents of the University of California. +License: BSD-3 + Copyright (c) 1991, 1993, 1994 + The Regents of the University of California. All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. ***REMOVED*** - see + ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change" + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +Files: nss/lib/sqlite/sqlite3.c + nss/lib/sqlite/sqlite3.h +Copyright: D. Richard Hipp <drh@hwaci.com> +License: public-domain + The author disclaims copyright to this source code. In place of + a legal notice, here is a blessing: + . + May you do good and not evil. + May you find forgiveness for yourself and forgive others. + May you share freely, never taking more than you give. diff --git a/debian/libnss3-dev.dirs b/debian/libnss3-dev.dirs new file mode 100644 index 0000000..a49329f --- /dev/null +++ b/debian/libnss3-dev.dirs @@ -0,0 +1,2 @@ +usr/bin +usr/include/nss diff --git a/debian/libnss3-tools.dirs b/debian/libnss3-tools.dirs new file mode 100644 index 0000000..e772481 --- /dev/null +++ b/debian/libnss3-tools.dirs @@ -0,0 +1 @@ +usr/bin diff --git a/debian/libnss3-tools.manpages b/debian/libnss3-tools.manpages new file mode 100644 index 0000000..9242b2c --- /dev/null +++ b/debian/libnss3-tools.manpages @@ -0,0 +1 @@ +dist/man/*.1 diff --git a/debian/libnss3.lintian-overrides.in b/debian/libnss3.lintian-overrides.in new file mode 100644 index 0000000..79d5ef2 --- /dev/null +++ b/debian/libnss3.lintian-overrides.in @@ -0,0 +1,23 @@ +# ABI compatibility is ensured upstream, and the SO version, if it needed +# a change at any time, would be a change in the library name. There is +# no reason to make compatibility more difficult with other distros and +# upstream binary releases. +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so libnss3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so libssl3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so libnssutil3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so libsmime3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so libfreebl3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so libfreeblpriv3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so libsoftokn3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so libnssdbm3.so +libnss3: shared-library-lacks-version usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so libnssckbi.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreebl3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libfreeblpriv3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libsoftokn3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssdbm3.so +libnss3: lacks-unversioned-link-to-shared-library usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssckbi.so + diff --git a/debian/libnss3.symbols b/debian/libnss3.symbols new file mode 100644 index 0000000..8cae665 --- /dev/null +++ b/debian/libnss3.symbols @@ -0,0 +1,172 @@ +libfreebl3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSSRAWHASH_3.12.3 2:3.13.4-2~ + (symver)NSSprivate_3.11 2:3.13.4-2~ +libfreeblpriv3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSSprivate_3.11 2:3.24 + (symver)NSSprivate_3.16 2:3.24 +libnss3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + CERT_EncodeSubjectKeyID@NSS_3.12 2:3.13.4-2~ + CERT_GetClassicOCSPDisabledPolicy@NSS_3.12 2:3.13.4-2~ + CERT_GetClassicOCSPEnabledHardFailurePolicy@NSS_3.12 2:3.13.4-2~ + CERT_GetClassicOCSPEnabledSoftFailurePolicy@NSS_3.12 2:3.13.4-2~ + CERT_GetPKIXVerifyNistRevocationPolicy@NSS_3.12 2:3.13.4-2~ + CERT_GetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~ + CERT_GetValidDNSPatternsFromCert@NSS_3.12 2:3.13.4-2~ + CERT_NewTempCertificate@NSS_3.12 2:3.13.4-2~ + CERT_SetOCSPTimeout@NSS_3.12 2:3.13.4-2~ + CERT_SetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~ + HASH_GetType@NSS_3.12 2:3.13.4-2~ + (symver)NSS_3.10 2:3.13.4-2~ + (symver)NSS_3.10.2 2:3.13.4-2~ + (symver)NSS_3.11 2:3.13.4-2~ + (symver)NSS_3.11.1 2:3.13.4-2~ + (symver)NSS_3.11.2 2:3.13.4-2~ + (symver)NSS_3.11.7 2:3.13.4-2~ + (symver)NSS_3.11.9 2:3.13.4-2~ + (symver)NSS_3.12 2:3.13.4-2~ + (symver)NSS_3.12.1 2:3.13.4-2~ + (symver)NSS_3.12.10 2:3.13.4-2~ + (symver)NSS_3.12.3 2:3.13.4-2~ + (symver)NSS_3.12.4 2:3.13.4-2~ + (symver)NSS_3.12.5 2:3.13.4-2~ + (symver)NSS_3.12.6 2:3.13.4-2~ + (symver)NSS_3.12.7 2:3.13.4-2~ + (symver)NSS_3.12.9 2:3.13.4-2~ + (symver)NSS_3.13 2:3.13.4-2~ + (symver)NSS_3.13.2 2:3.13.4-2~ + (symver)NSS_3.14 2:3.14 + (symver)NSS_3.14.1 2:3.14.1~beta2 + (symver)NSS_3.14.3 2:3.14.3 + (symver)NSS_3.15 2:3.15 + (symver)NSS_3.15.4 2:3.15.4 + (symver)NSS_3.16.1 2:3.16.1 + (symver)NSS_3.16.2 2:3.16.2 + (symver)NSS_3.18 2:3.18 + (symver)NSS_3.19 2:3.19 + (symver)NSS_3.19.1 2:3.19.1 + (symver)NSS_3.2 2:3.13.4-2~ + (symver)NSS_3.2.1 2:3.13.4-2~ + (symver)NSS_3.21 2:3.21 + (symver)NSS_3.22 2:3.22 + (symver)NSS_3.3 2:3.13.4-2~ + (symver)NSS_3.3.1 2:3.13.4-2~ + (symver)NSS_3.30 2:3.30 + (symver)NSS_3.31 2:3.31 + (symver)NSS_3.33 2:3.33 + (symver)NSS_3.34 2:3.34 + (symver)NSS_3.39 2:3.39 + (symver)NSS_3.4 2:3.13.4-2~ + (symver)NSS_3.43 2:3.44.0 + (symver)NSS_3.44 2:3.44.0 + (symver)NSS_3.45 2:3.45 + (symver)NSS_3.47 2:3.47 + (symver)NSS_3.5 2:3.13.4-2~ + (symver)NSS_3.52 2:3.52 + (symver)NSS_3.53 2:3.53 + (symver)NSS_3.55 2:3.55 + (symver)NSS_3.58 2:3.58 + (symver)NSS_3.59 2:3.59 + (symver)NSS_3.6 2:3.13.4-2~ + (symver)NSS_3.62 2:3.62 + (symver)NSS_3.65 2:3.65 + (symver)NSS_3.66 2:3.66 + (symver)NSS_3.7 2:3.13.4-2~ + (symver)NSS_3.7.1 2:3.13.4-2~ + (symver)NSS_3.77 2:3.77 + (symver)NSS_3.79 2:3.79 + (symver)NSS_3.8 2:3.13.4-2~ + (symver)NSS_3.9 2:3.13.4-2~ + (symver)NSS_3.9.2 2:3.13.4-2~ + (symver)NSS_3.9.3 2:3.13.4-2~ + NSS_InitWithMerge@NSS_3.12 2:3.13.4-2~ + PK11_CreateGenericObject@NSS_3.12 2:3.13.4-2~ + PK11_CreateMergeLog@NSS_3.12 2:3.13.4-2~ + PK11_CreatePBEV2AlgorithmID@NSS_3.12 2:3.13.4-2~ + PK11_DestroyMergeLog@NSS_3.12 2:3.13.4-2~ + PK11_GetPBECryptoMechanism@NSS_3.12 2:3.13.4-2~ + PK11_IsRemovable@NSS_3.12 2:3.13.4-2~ + PK11_MergeTokens@NSS_3.12 2:3.13.4-2~ + PK11_WriteRawAttribute@NSS_3.12 2:3.13.4-2~ + SEC_PKCS5IsAlgorithmPBEAlgTag@NSS_3.12 2:3.13.4-2~ +libnssckbi.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSS_3.1 2:3.13.4-2~ +libnssdbm3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSSDBM_3.12 2:3.13.4-2~ +libnssutil3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSSUTIL_3.12 2:3.13.4-2~ + (symver)NSSUTIL_3.12.3 2:3.13.4-2~ + (symver)NSSUTIL_3.12.5 2:3.13.4-2~ + (symver)NSSUTIL_3.12.7 2:3.13.4-2~ + (symver)NSSUTIL_3.13 2:3.13.4-2~ + (symver)NSSUTIL_3.14 2:3.14 + (symver)NSSUTIL_3.15 2:3.15 + (symver)NSSUTIL_3.17.1 2:3.17.1 + (symver)NSSUTIL_3.21 2:3.21 + (symver)NSSUTIL_3.24 2:3.24 + (symver)NSSUTIL_3.25 2:3.29 + (symver)NSSUTIL_3.31 2:3.31 + (symver)NSSUTIL_3.33 2:3.33 + (symver)NSSUTIL_3.38 2:3.38 + (symver)NSSUTIL_3.39 2:3.39 + (symver)NSSUTIL_3.59 2:3.59 + (symver)NSSUTIL_3.82 2:3.82 +libsmime3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSS_3.10 2:3.13.4-2~ + (symver)NSS_3.12.10 2:3.13.4-2~ + (symver)NSS_3.12.2 2:3.13.4-2~ + (symver)NSS_3.13 2:3.13.4-2~ + (symver)NSS_3.15 2:3.15 + (symver)NSS_3.16 2:3.16 + (symver)NSS_3.18 2:3.18 + (symver)NSS_3.2 2:3.13.4-2~ + (symver)NSS_3.2.1 2:3.13.4-2~ + (symver)NSS_3.3 2:3.13.4-2~ + (symver)NSS_3.4 2:3.13.4-2~ + (symver)NSS_3.4.1 2:3.13.4-2~ + (symver)NSS_3.6 2:3.13.4-2~ + (symver)NSS_3.7 2:3.13.4-2~ + (symver)NSS_3.7.2 2:3.13.4-2~ + (symver)NSS_3.8 2:3.13.4-2~ + (symver)NSS_3.9 2:3.13.4-2~ + (symver)NSS_3.9.3 2:3.13.4-2~ +libsoftokn3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSS_3.4 2:3.13.4-2~ + (symver)NSS_3.52 2:3.52 +libssl3.so libnss3 #MINVER# +* Build-Depends-Package: libnss3-dev + (symver)NSS_3.11.4 2:3.13.4-2~ + (symver)NSS_3.11.8 2:3.13.4-2~ + (symver)NSS_3.12.10 2:3.13.4-2~ + (symver)NSS_3.12.6 2:3.13.4-2~ + (symver)NSS_3.13 2:3.13.4-2~ + (symver)NSS_3.13.2 2:3.13.4-2~ + (symver)NSS_3.14 2:3.14 + (symver)NSS_3.15 2:3.15 + (symver)NSS_3.15.4 2:3.15.4 + (symver)NSS_3.2 2:3.13.4-2~ + (symver)NSS_3.2.1 2:3.13.4-2~ + (symver)NSS_3.20 2:3.20 + (symver)NSS_3.21 2:3.21 + (symver)NSS_3.22 2:3.22 + (symver)NSS_3.23 2:3.23 + (symver)NSS_3.24 2:3.24 + (symver)NSS_3.27 2:3.27 + (symver)NSS_3.28 2:3.28 + (symver)NSS_3.30 2:3.30 + (symver)NSS_3.30.0.1 2:3.30 + (symver)NSS_3.33 2:3.33 + (symver)NSS_3.4 2:3.13.4-2~ + (symver)NSS_3.7.4 2:3.13.4-2~ + (symver)NSS_3.77 2:3.77 + (symver)NSS_3.80 2:3.80 + SSL_GetCipherSuiteInfo@NSS_3.4 2:3.44.0 + SSL_GetChannelInfo@NSS_3.4 2:3.66 + SSL_GetPreliminaryChannelInfo@NSS_3.21 2:3.44.0 diff --git a/debian/make.mk b/debian/make.mk new file mode 100644 index 0000000..ae5346c --- /dev/null +++ b/debian/make.mk @@ -0,0 +1,13 @@ +lazy = $(eval $(1) = $$(if $$(___$(1)),,$$(eval ___$(1) := $(2)))$$(___$(1))) +lc = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1)))))))))))))))))))))))))) +uc = $(subst a,A,$(subst b,B,$(subst c,C,$(subst d,D,$(subst e,E,$(subst f,F,$(subst g,G,$(subst h,H,$(subst i,I,$(subst j,J,$(subst k,K,$(subst l,L,$(subst m,M,$(subst n,N,$(subst o,O,$(subst p,P,$(subst q,Q,$(subst r,R,$(subst s,S,$(subst t,T,$(subst u,U,$(subst v,V,$(subst w,W,$(subst x,X,$(subst y,Y,$(subst z,Z,$1)))))))))))))))))))))))))) + +__VARS := $(.VARIABLES) + +dump: + @$(foreach var,$(sort $(filter-out $(__VARS) __VARS preprocess ___%,$(.VARIABLES))),echo '$(var) = $(subst ','\'',$(subst \,\\,$($(var))))';) + +dump-%: + @echo $($*) + +.PHONY: dump diff --git a/debian/nss.pc.in b/debian/nss.pc.in new file mode 100644 index 0000000..57cf3eb --- /dev/null +++ b/debian/nss.pc.in @@ -0,0 +1,11 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib/@DEB_HOST_MULTIARCH@ +includedir=${prefix}/include/nss + +Name: NSS +Description: Mozilla Network Security Services +Version: @VERSION@ +Requires: nspr +Libs: -L${libdir} -lnss3 -lnssutil3 -lsmime3 -lssl3 +Cflags: -I${includedir} diff --git a/debian/patches/38_hppa.patch b/debian/patches/38_hppa.patch new file mode 100644 index 0000000..99c9970 --- /dev/null +++ b/debian/patches/38_hppa.patch @@ -0,0 +1,17 @@ +Description: fix double definition of BYTE_ORDER on hppa +Author: Helge Deller <deller@gmx.de> +Bug-Debian: https://bugs.debian.org/808990 + +Index: nss/nss/lib/dbm/include/mcom_db.h +=================================================================== +--- nss.orig/nss/lib/dbm/include/mcom_db.h ++++ nss/nss/lib/dbm/include/mcom_db.h +@@ -110,7 +110,7 @@ typedef PRUint32 uint32; + #endif /* !BYTE_ORDER */ + #endif /* __sun */ + +-#if defined(__hpux) || defined(__hppa) ++#if defined(__hpux) + #define BYTE_ORDER BIG_ENDIAN + #define BIG_ENDIAN 4321 + #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ diff --git a/debian/patches/38_hurd.patch b/debian/patches/38_hurd.patch new file mode 100644 index 0000000..91b5442 --- /dev/null +++ b/debian/patches/38_hurd.patch @@ -0,0 +1,59 @@ +## 38_hurd.patch by <glandium@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix FTBFS on Hurd because of MAXPATHLEN + +Index: nss/nss/cmd/shlibsign/shlibsign.c +=================================================================== +--- nss.orig/nss/cmd/shlibsign/shlibsign.c ++++ nss/nss/cmd/shlibsign/shlibsign.c +@@ -725,7 +725,6 @@ main(int argc, char **argv) + #ifdef USES_LINKS + int ret; + struct stat stat_buf; +- char link_buf[MAXPATHLEN + 1]; + char *link_file = NULL; + #endif + +@@ -1068,10 +1067,22 @@ main(int argc, char **argv) + } + if (S_ISLNK(stat_buf.st_mode)) { + char *dirpath, *dirend; +- ret = readlink(input_file, link_buf, sizeof(link_buf) - 1); +- if (ret < 0) { +- perror(input_file); +- goto cleanup; ++ char *link_buf = NULL; ++ size_t size = 64; ++ while (1) { ++ link_buf = realloc(link_buf, size); ++ if (!link_buf) { ++ perror(input_file); ++ goto cleanup; ++ } ++ ret = readlink(input_file, link_buf, size - 1); ++ if (ret < 0) { ++ perror(input_file); ++ goto cleanup; ++ } ++ if (ret < size - 1) ++ break; ++ size *= 2; + } + link_buf[ret] = 0; + link_file = mkoutput(input_file); +Index: nss/nss/lib/freebl/unix_rand.c +=================================================================== +--- nss.orig/nss/lib/freebl/unix_rand.c ++++ nss/nss/lib/freebl/unix_rand.c +@@ -843,6 +843,10 @@ RNG_FileForRNG(const char *fileName) + #define _POSIX_PTHREAD_SEMANTICS + #include <dirent.h> + ++#ifndef PATH_MAX ++#define PATH_MAX 1024 ++#endif ++ + PRBool + ReadFileOK(char *dir, char *file) + { diff --git a/debian/patches/80_security_tools.patch b/debian/patches/80_security_tools.patch new file mode 100644 index 0000000..50f994f --- /dev/null +++ b/debian/patches/80_security_tools.patch @@ -0,0 +1,26 @@ +## 80_security_tools.patch by Mike Hommey <glandium@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Enable building of some NSS tools. +## DP: Disable rpath. + +Index: nss/nss/cmd/platlibs.mk +=================================================================== +--- nss.orig/nss/cmd/platlibs.mk ++++ nss/nss/cmd/platlibs.mk +@@ -8,6 +8,7 @@ ifeq ($(BUILD_SUN_PKG), 1) + # set RPATH-type linker instructions here so they can be used in the shared + # version and in the mixed (static nss libs/shared NSPR libs) version. + ++ifdef ENABLE_RPATH + ifeq ($(OS_ARCH), SunOS) + ifeq ($(USE_64), 1) + EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64' +@@ -31,6 +32,7 @@ DBMLIB = $(NULL) + else + DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) + endif ++endif + + ifeq ($(NSS_BUILD_UTIL_ONLY),1) + SECTOOL_LIB = $(NULL) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..9afecb0 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +38_hurd.patch +80_security_tools.patch +38_hppa.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..ce30869 --- /dev/null +++ b/debian/rules @@ -0,0 +1,197 @@ +#!/usr/bin/make -f +include debian/make.mk + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +$(call lazy,DEB_BUILD_ARCH,$$(shell dpkg-architecture -qDEB_BUILD_ARCH)) +$(call lazy,DEB_BUILD_GNU_TYPE,$$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)) +$(call lazy,DEB_HOST_ARCH,$$(shell dpkg-architecture -qDEB_HOST_ARCH)) +$(call lazy,DEB_HOST_ARCH_OS,$$(shell dpkg-architecture -qDEB_HOST_ARCH_OS)) +$(call lazy,DEB_HOST_GNU_TYPE,$$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)) +$(call lazy,DEB_HOST_GNU_CPU,$$(shell dpkg-architecture -qDEB_HOST_GNU_CPU)) +$(call lazy,DEB_HOST_MULTIARCH,$$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)) +$(call lazy,CFLAGS,$$(shell dpkg-buildflags --get CFLAGS)) +$(call lazy,CPPFLAGS,$$(shell dpkg-buildflags --get CPPFLAGS)) +$(call lazy,LDFLAGS,$$(shell dpkg-buildflags --get LDFLAGS)) + +PREPROCESS_FILES := $(wildcard debian/*.in) nss/pkg/pkg-config/nss-config.in +PREPROCESSED_FILES := $(addprefix debian/,$(notdir $(PREPROCESS_FILES:.in=))) + +$(filter debian/%,$(PREPROCESS_FILES:.in=)): %: %.in +debian/nss-config: nss/pkg/pkg-config/nss-config.in +$(PREPROCESSED_FILES): + sed 's,/@DEB_HOST_MULTIARCH@,$(DEB_HOST_MULTIARCH:%=/%),g;$(EXTRA_REPLACES)' $< > $@ + +UPSTREAM_VERSION := $(shell dpkg-parsechangelog | sed -n 's/^Version: *\([0-9]*:\)\?\([0-9.]*+really\)\?\([^~]*\)\(~.*\)\?-.*$$/\3/ p') +MOD_MAJOR_VERSION := $(word 1, $(subst ., ,$(UPSTREAM_VERSION))) +MOD_MINOR_VERSION := $(word 2, $(subst ., ,$(UPSTREAM_VERSION))) +MOD_PATCH_VERSION := $(or $(word 3, $(subst ., ,$(UPSTREAM_VERSION))),0) + +debian/nss.pc: EXTRA_REPLACES := s/@VERSION@/$(UPSTREAM_VERSION)/ +debian/nss-config: EXTRA_REPLACES := s/@MOD_MAJOR_VERSION@/$(MOD_MAJOR_VERSION)/;s/@MOD_MINOR_VERSION@/$(MOD_MINOR_VERSION)/;s/@MOD_PATCH_VERSION@/$(MOD_PATCH_VERSION)/;s/@prefix@/\/usr/ +debian/libnss3.lintian-overrides: EXTRA_REPLACES := s,/@DEB_HOST_MULTIARCH_WC@,$(DEB_HOST_MULTIARCH:%=/*),g + +TOOLCHAIN := + +ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) +ifeq ($(origin CC),default) +TOOLCHAIN += CC=$(DEB_HOST_GNU_TYPE)-gcc +endif +ifeq ($(origin CXX),default) +CXX := $(DEB_HOST_GNU_TYPE)-g++ +TOOLCHAIN += CXX=$(CXX) +endif +TOOLCHAIN += CCC=$(CXX) +ifeq ($(origin RANLIB),default) +TOOLCHAIN += RANLIB=$(DEB_HOST_GNU_TYPE)-ranlib +endif +TOOLCHAIN += OS_TEST=$(DEB_HOST_GNU_CPU) +TOOLCHAIN += KERNEL=$(DEB_HOST_ARCH_OS) +endif + +# $(foreach foo,$(list),$(call cmd,some command $(foo))) expands to +# some command first-elem +# some command second-elem +# etc. +# This avoid using a long one liner with semi colons. +define cmd +$(1) + +endef + +CFLAGS += -Wall -pipe + +DISTDIR := $(CURDIR)/dist + +COMMON_MAKE_FLAGS := \ + $(and $(filter terse,$(DEB_BUILD_OPTIONS)),-s) \ + SOURCE_PREFIX=$(DISTDIR) \ + SOURCE_MD_DIR=$(DISTDIR) \ + DIST=$(DISTDIR) \ + OBJDIR_NAME=OBJS \ + $(and $(filter 64,$(shell dpkg-architecture -qDEB_HOST_ARCH_BITS)),USE_64=1) \ + $(and $(filter x32,$(shell dpkg-architecture -qDEB_HOST_ARCH)),USE_X32=1) \ + $(NULL) + +# Disable -Werror on less mainline architectures. +ifneq (,$(filter-out i386 x86_64 aarch64,$(DEB_HOST_GNU_CPU))) +COMMON_MAKE_FLAGS += NSS_ENABLE_WERROR=0 +endif + +NSS_TOOLS := \ + certutil \ + chktest \ + cmsutil \ + crlutil \ + derdump \ + httpserv \ + modutil \ + ocspclnt \ + p7content \ + p7env \ + p7sign \ + p7verify \ + pk12util \ + pk1sign \ + pwdecrypt \ + rsaperf \ + selfserv \ + shlibsign \ + signtool \ + signver \ + ssltap \ + strsclnt \ + symkeyutil \ + tstclnt \ + vfychain \ + vfyserv \ + $(NULL) + +override_dh_auto_build: + $(MAKE) -C nss/coreconf/nsinstall \ + $(COMMON_MAKE_FLAGS) \ + CC=$(DEB_BUILD_GNU_TYPE)-gcc \ + ARCHFLAG= + + $(MAKE) -C nss \ + all \ + $(COMMON_MAKE_FLAGS) \ + MOZILLA_CLIENT=1 \ + NSPR_INCLUDE_DIR=/usr/include/nspr \ + NSPR_LIB_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ + BUILD_OPT=1 \ + NS_USE_GCC=1 \ + OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \ + LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \ + DSO_LDOPTS='-shared $$(LDFLAGS)' \ + NSS_USE_SYSTEM_SQLITE=1 \ + NSS_ENABLE_ECC=1 \ + CHECKLOC= \ + $(TOOLCHAIN) + +override_dh_auto_clean: + -$(MAKE) -C nss \ + clobber \ + $(COMMON_MAKE_FLAGS) \ + BUILD_OPT=1 + + rm -rf $(DISTDIR) $(PREPROCESSED_FILES) + +manpage = $(addsuffix .1,$(addprefix nss/doc/nroff/,$(1))) + +override_dh_auto_install: $(PREPROCESSED_FILES) + install -m 755 -d debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig + install -m 644 -t debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) \ + $(DISTDIR)/lib/libnss3.so \ + $(DISTDIR)/lib/libnssutil3.so \ + $(DISTDIR)/lib/libsmime3.so \ + $(DISTDIR)/lib/libssl3.so \ + $(DISTDIR)/lib/libfreebl3.so \ + $(DISTDIR)/lib/libfreeblpriv3.so \ + $(DISTDIR)/lib/libsoftokn3.so \ + $(DISTDIR)/lib/libnssdbm3.so \ + $(DISTDIR)/lib/libnssckbi.so + + install -m 644 -t debian/libnss3-dev/usr/include/nss \ + $(DISTDIR)/public/nss/* + install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH) \ + $(DISTDIR)/lib/libcrmf.a + install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig debian/nss.pc + install -m 755 -t debian/libnss3-dev/usr/bin debian/nss-config + + install -m 755 -t debian/libnss3-tools/usr/bin $(addprefix $(DISTDIR)/bin/,$(NSS_TOOLS)) + install -m 755 -d $(DISTDIR)/man + install -m 644 -t $(DISTDIR)/man $(wildcard $(call manpage,$(NSS_TOOLS))) + + # these utilities are too generically-named, so we prefix them with nss- (see http://bugs.debian.org/701141) + $(foreach bin, \ + addbuiltin \ + dbtest \ + pp \ + , \ + $(call cmd,install -m 755 -T $(DISTDIR)/bin/$(bin) debian/libnss3-tools/usr/bin/nss-$(bin)) \ + $(if $(wildcard $(call manpage,$(bin))),$(call cmd,install -m 644 -T $(call manpage,$(bin)) $(DISTDIR)/man/nss-$(bin).1))) + +ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) +SHLIBSIGN = LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/shlibsign +else +SHLIBSIGN = shlibsign +endif + +override_dh_strip: + dh_strip + $(foreach lib,libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnssdbm3.so, \ + $(call cmd,umask 022; $(SHLIBSIGN) -v -i debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/$(lib))) + +ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) + # Check FIPS mode correctly works + mkdir debian/tmp + LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null + LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null +endif + +override_dh_makeshlibs: + dh_makeshlibs -a -- -c4 + +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..1f4f9ec --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,4 @@ +--- +Repository: https://hg.mozilla.org/projects/nss +Bug-Database: https://bugzilla.mozilla.org/buglist.cgi?product=NSS&component=Libraries&resolution=--- +Bug-Submit: https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=Libraries diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..f0a7711 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=dirversionmangle=s/\.$// \ +https://archive.mozilla.org/pub/security/nss/releases/NSS_(?:(\d)_(\d+)(?:_(\d+))?)_RTM/src/nss-([\d\.]+)\.tar\.(?:bz2|gz) |