Revert "nss_latest: 3.76.1 -> 3.77"

This reverts commit eb9c616c79.

Breaks the Firefox build and needs further investigation.

In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^

https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003
main
Martin Weinelt 2 years ago
parent 433a32e039
commit 79a5b548cc
  1. 76
      pkgs/development/libraries/nss/85_security_load_3.77+.patch
  2. 6
      pkgs/development/libraries/nss/generic.nix
  3. 4
      pkgs/development/libraries/nss/latest.nix

@ -1,76 +0,0 @@
diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c
index ad8f3b84e..74676d039 100644
--- nss/cmd/shlibsign/shlibsign.c
+++ nss/cmd/shlibsign/shlibsign.c
@@ -875,6 +875,8 @@ main(int argc, char **argv)
goto cleanup;
}
lib = PR_LoadLibrary(libname);
+ if (!lib)
+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
assert(lib != NULL);
if (!lib) {
PR_fprintf(PR_STDERR, "loading softokn3 failed");
diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c
index 119c8c512..720d39ccc 100644
--- nss/lib/pk11wrap/pk11load.c
+++ nss/lib/pk11wrap/pk11load.c
@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
#else
library = PR_LoadLibrary(mod->dllName);
#endif // defined(_WIN32)
+#ifndef NSS_STATIC_SOFTOKEN
+ if ((library == NULL) &&
+ !rindex(mod->dllName, PR_GetDirectorySeparator())) {
+ library = PORT_LoadLibraryFromOrigin(my_shlib_name,
+ (PRFuncPtr) &softoken_LoadDSO,
+ mod->dllName);
+ }
+#endif
+
mod->library = (void *)library;
if (library == NULL) {
diff --git nss/lib/util/secload.c nss/lib/util/secload.c
index 12efd2f75..8b74478f6 100644
--- nss/lib/util/secload.c
+++ nss/lib/util/secload.c
@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
/* Remove the trailing filename from referencePath and add the new one */
c = strrchr(referencePath, PR_GetDirectorySeparator());
+ if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
+ referencePath = NIX_NSS_LIBDIR;
+ c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
+ }
if (c) {
size_t referencePathSize = 1 + c - referencePath;
- fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
+ fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5);
if (fullName) {
memcpy(fullName, referencePath, referencePathSize);
strcpy(fullName + referencePathSize, name);
@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
#endif
libSpec.type = PR_LibSpec_Pathname;
libSpec.value.pathname = fullName;
+ if ((referencePathSize >= 4) &&
+ (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
+ memcpy(fullName + referencePathSize -4, "lib", 3);
+ }
+ strcpy(fullName + referencePathSize, name);
dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
#ifdef PR_LD_ALT_SEARCH_PATH
/* allow library's dependencies to be found in the same directory
@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
| PR_LD_ALT_SEARCH_PATH
#endif
);
+ if (! dlh) {
+ strcpy(fullName + referencePathSize, name);
+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+ }
PORT_Free(fullName);
}
}

@ -62,13 +62,9 @@ stdenv.mkDerivation rec {
patches = [
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
./85_security_load.patch
./ckpem.patch
./fix-cross-compilation.patch
(if (lib.versionOlder version "3.77") then
./85_security_load.patch
else
./85_security_load_3.77+.patch
)
];
patchFlags = [ "-p0" ];

@ -5,6 +5,6 @@
# Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert
import ./generic.nix {
version = "3.77";
sha256 = "1pfy33b51914sivqyaxdwfd930hzb77gm07z4f57hnyk5xddypl2";
version = "3.76.1";
sha256 = "0ai37ncg50n4s5243bfvsip8isqq1y6w2swg1n4xgqg2fk1h8cg1";
}

Loading…
Cancel
Save