Commit Graph

181 Commits

Author SHA1 Message Date
Martin Weinelt
79a5b548cc Revert "nss_latest: 3.76.1 -> 3.77"
This reverts commit eb9c616c79.

Breaks the Firefox build and needs further investigation.

In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^

https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003
2022-04-06 18:09:45 +02:00
ajs124
eb9c616c79 nss_latest: 3.76.1 -> 3.77 2022-04-03 13:14:08 +01:00
ajs124
faee35ce35 nss_latest: 3.76 -> 3.76.1 2022-04-03 13:14:08 +01:00
ajs124
9109742c6b nss: add maintainers 2022-04-03 13:14:07 +01:00
ajs124
44f241f69a nss: split into nss_latest and nss_esr 2022-04-03 13:14:07 +01:00
ajs124
4e0daeeee4 nss: 3.75 -> 3.76
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_76.rst
2022-03-14 18:23:34 +01:00
ajs124
de76433f54 nss: 3.74 -> 3.75 2022-02-04 00:52:14 +01:00
ajs124
da28ed7df0 nss: 3.73.1 -> 3.74 2022-01-06 22:25:53 +01:00
R. RyanTM
8a4345ee0d
nss: 3.73 -> 3.73.1 (#151041) 2021-12-25 16:56:14 -05:00
Léo Gaspard
ee36cb7d2c
nss: 3.72 -> 3.73 (#148219)
Update done by running the `nss` and `cacert` update scripts, then
running nixpkgs-check to validate things look good enough to be thrown
at hydra
2021-12-02 01:24:35 +01:00
Vladimír Čunát
a4f105791c
Merge #144218: nss: 3.71 -> 3.72 (into staging) 2021-11-15 22:28:32 +01:00
Martin Weinelt
dff515718d
nss_3_53: drop 2021-11-02 14:41:05 +01:00
R. Ryantm
f0b1f93f1d nss: 3.71 -> 3.72 2021-11-02 09:44:16 +00:00
Martin Weinelt
adf4e67dd4 Merge remote-tracking branch 'origin/staging' into staging-next 2021-10-15 01:34:36 +02:00
Alyssa Ross
851b719ac6 treewide: use stdenv.hostPlatform.extensions.sharedLibrary where appropriate 2021-10-13 17:39:37 +00:00
ajs124
c47854697c nss: 3.70 -> 3.71 2021-09-30 21:16:07 +02:00
Tim Steinbach
b558d1552b nss: Add updateScript 2021-09-16 09:33:38 -04:00
Tim Steinbach
e079a9b46d nss: 3.68 -> 3.70 2021-09-09 08:37:00 -04:00
Sandro Jäckel
d7a6dc0bb9
nss: format, cleanup 2021-08-10 13:01:51 +02:00
Sandro Jäckel
4b84c7a0c8
nss: format, cleanup 2021-08-10 13:01:37 +02:00
github-actions[bot]
08a8809bfe
Merge staging-next into staging 2021-07-18 00:02:06 +00:00
Felix Buehler
e023025ee0 various: cleanup of "inherit version;" 2021-07-17 22:39:35 +02:00
ajs124
04bc2667d1 nss: 3.67 -> 3.68 2021-07-12 16:52:41 +02:00
ajs124
1128dadcd8 nss: 3.66 -> 3.67 2021-06-14 16:28:39 +02:00
Martin Weinelt
b70b74f52a
Merge pull request #125280 from zhaofengli/nss-use-64
nss: Set NSS_USE_64=1 for 64-bit platforms
2021-06-02 00:32:04 +02:00
ajs124
db82e8c2e2 nss: 3.64 -> 3.66 2021-06-01 23:10:39 +02:00
Zhaofeng Li
345e777888 nss: Set NSS_USE_64=1 for 64-bit platforms
The config script does that automatically for a few architectures [1],
but on 64-bit platforms that are not listed (like riscv64) the
freebl build fails. Debian always adds the USE_64=1 flag when
compiling on 64-bit architectures (they use legacy make instead of gyp),
and we should do that as well to fix the general problem at the cost of
a mass rebuild.

[1] 0ef2306a62/coreconf/config.gypi (l212)
[2] c446c61808/debian/rules (L66)
2021-06-01 12:23:41 -07:00
ajs124
36d2488cb6 nss_3_44: drop 2021-05-15 17:59:39 +02:00
ajs124
5240b3fa7c nss: 3.63 -> 3.64 2021-04-16 15:49:23 +02:00
ajs124
636fab48a6 nss: 3.62 -> 3.63 2021-03-20 16:41:00 +01:00
Martin Weinelt
e73210fd67
nss: 3.61 -> 3.62 2021-03-14 16:23:29 +01:00
ajs124
d86882dd0f nss: 3.60 -> 3.61 2021-03-14 16:20:51 +01:00
Sandro Jäckel
9fc898d625
nss: remove usage of stdenv.lib 2021-01-31 16:07:26 +01:00
rnhmjoj
b9bb98cf49
nss: add option to use p11-kit
This commit adds an option to replace libnssckbi with the
p11-kit-trust[1] module. It makes all NSS application (like Firefox,
Chromium, etc.) use the system trust store (/etc/ssl/certs/ in NixOS)
and other PKCS#11 modules without ad-hoc configuration.

This approach was first implemented in Fedora[2] and other distributions
like Arch Linux, later.
[1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html

[2]: https://fedoraproject.org/wiki/Features/SharedSystemCertificates
2021-01-24 10:50:52 +01:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
ajs124
22cd16f5b0 nss: 3.59 -> 3.60 2020-12-17 07:31:34 +01:00
ajs124
fce1a3ee1a
nss: 3.58 -> 3.59
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.59_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
6c33216fcb
nss: 3.57 -> 3.58
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
cbd0f8931c
nss_3_53: init 2020-11-18 20:13:23 +01:00
Andreas Rammhold
94448baf6d
cacert: decouple from NSS to reduce rebuild amount
In [#100765] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.

[#100765]: https://github.com/NixOS/nixpkgs/pull/100765
2020-11-18 20:13:22 +01:00
Michael Raskin
15430f8465
Merge pull request #102428 from r-burns/nss
nss: fix build on ppc64[le]
2020-11-15 09:42:19 +00:00
zimbatm
5ff35fab0f
fixup! nss: make reproducible (#102156)
Fixes a precedence issue from fe9f55907e

`lib.optionalString <cond> 'text' + 'text2'` will always have 'text2' as
part of the result.
2020-11-02 11:55:11 +01:00
Ryan Burns
eed2008a2d nss: fix build on ppc64[le]
NSS configure scripts use the abbreviated form ppc64/ppc64le:
https://github.com/nss-dev/nss/blob/NSS_3_57_RTM/coreconf/config.gypi#L209

Whereas nixpkgs uses the longer form:
`nix eval nixpkgs.pkgsCross.powernv.hostPlatform.parsed.cpu.name`
`powerpc64le`
2020-11-01 20:37:48 -08:00
zimbatm
8f2be9ac36
nss: make reproducible (#102156)
According to
c1fad130dc/build.sh (l129)
the FIPS mode is not enabled by default. Yet we generate the .chk files
that are only meant to be used for that mode. I have a sense that those
have been cargo-culted around.

Adding FIPS is still possible but you have to explictily build the lib
with `pkgs.nss.override { enableFIPS = true; }`

More info on what FIPS is:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6

Other distros wrangling with the same issue:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081723
2020-10-31 21:17:26 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
This reverts commit c778945806.

I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Andrew Childs
722d02a720 treewide: move fixDarwinDylibNames to nativeBuildInputs
This hook runs at build time and depends on executing
install_name_tool from binutils.
2020-10-21 13:26:53 +09:00
Vladimír Čunát
80d90e69fe
nss: 3.56 -> 3.57
Release notes seem "boring":
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

My understanding is that this version will be needed in Firefox 82 released
in one month from now: https://wiki.mozilla.org/NSS:Release_Versions
2020-09-19 08:23:45 +02:00
ajs124
49aa282108 nss: 3.55 -> 3.56 2020-08-26 08:34:52 +02:00
Vladimír Čunát
ce174c7bc9
Merge #94587: nss: fix on darwin 2020-08-06 09:08:29 +02:00