Martin Weinelt
79a5b548cc
Revert "nss_latest: 3.76.1 -> 3.77"
...
This reverts commit eb9c616c79
.
Breaks the Firefox build and needs further investigation.
In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
^
https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003
2022-04-06 18:09:45 +02:00
ajs124
eb9c616c79
nss_latest: 3.76.1 -> 3.77
2022-04-03 13:14:08 +01:00
ajs124
faee35ce35
nss_latest: 3.76 -> 3.76.1
2022-04-03 13:14:08 +01:00
ajs124
9109742c6b
nss: add maintainers
2022-04-03 13:14:07 +01:00
ajs124
44f241f69a
nss: split into nss_latest and nss_esr
2022-04-03 13:14:07 +01:00
ajs124
4e0daeeee4
nss: 3.75 -> 3.76
...
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_76.rst
2022-03-14 18:23:34 +01:00
ajs124
de76433f54
nss: 3.74 -> 3.75
2022-02-04 00:52:14 +01:00
ajs124
da28ed7df0
nss: 3.73.1 -> 3.74
2022-01-06 22:25:53 +01:00
R. RyanTM
8a4345ee0d
nss: 3.73 -> 3.73.1 ( #151041 )
2021-12-25 16:56:14 -05:00
Léo Gaspard
ee36cb7d2c
nss: 3.72 -> 3.73 ( #148219 )
...
Update done by running the `nss` and `cacert` update scripts, then
running nixpkgs-check to validate things look good enough to be thrown
at hydra
2021-12-02 01:24:35 +01:00
Vladimír Čunát
a4f105791c
Merge #144218 : nss: 3.71 -> 3.72 (into staging)
2021-11-15 22:28:32 +01:00
Martin Weinelt
dff515718d
nss_3_53: drop
2021-11-02 14:41:05 +01:00
R. Ryantm
f0b1f93f1d
nss: 3.71 -> 3.72
2021-11-02 09:44:16 +00:00
Martin Weinelt
adf4e67dd4
Merge remote-tracking branch 'origin/staging' into staging-next
2021-10-15 01:34:36 +02:00
Alyssa Ross
851b719ac6
treewide: use stdenv.hostPlatform.extensions.sharedLibrary where appropriate
2021-10-13 17:39:37 +00:00
ajs124
c47854697c
nss: 3.70 -> 3.71
2021-09-30 21:16:07 +02:00
Tim Steinbach
b558d1552b
nss: Add updateScript
2021-09-16 09:33:38 -04:00
Tim Steinbach
e079a9b46d
nss: 3.68 -> 3.70
2021-09-09 08:37:00 -04:00
Sandro Jäckel
d7a6dc0bb9
nss: format, cleanup
2021-08-10 13:01:51 +02:00
Sandro Jäckel
4b84c7a0c8
nss: format, cleanup
2021-08-10 13:01:37 +02:00
github-actions[bot]
08a8809bfe
Merge staging-next into staging
2021-07-18 00:02:06 +00:00
Felix Buehler
e023025ee0
various: cleanup of "inherit version;"
2021-07-17 22:39:35 +02:00
ajs124
04bc2667d1
nss: 3.67 -> 3.68
2021-07-12 16:52:41 +02:00
ajs124
1128dadcd8
nss: 3.66 -> 3.67
2021-06-14 16:28:39 +02:00
Martin Weinelt
b70b74f52a
Merge pull request #125280 from zhaofengli/nss-use-64
...
nss: Set NSS_USE_64=1 for 64-bit platforms
2021-06-02 00:32:04 +02:00
ajs124
db82e8c2e2
nss: 3.64 -> 3.66
2021-06-01 23:10:39 +02:00
Zhaofeng Li
345e777888
nss: Set NSS_USE_64=1 for 64-bit platforms
...
The config script does that automatically for a few architectures [1],
but on 64-bit platforms that are not listed (like riscv64) the
freebl build fails. Debian always adds the USE_64=1 flag when
compiling on 64-bit architectures (they use legacy make instead of gyp),
and we should do that as well to fix the general problem at the cost of
a mass rebuild.
[1] 0ef2306a62/coreconf/config.gypi (l212)
[2] c446c61808/debian/rules (L66)
2021-06-01 12:23:41 -07:00
ajs124
36d2488cb6
nss_3_44: drop
2021-05-15 17:59:39 +02:00
ajs124
5240b3fa7c
nss: 3.63 -> 3.64
2021-04-16 15:49:23 +02:00
ajs124
636fab48a6
nss: 3.62 -> 3.63
2021-03-20 16:41:00 +01:00
Martin Weinelt
e73210fd67
nss: 3.61 -> 3.62
2021-03-14 16:23:29 +01:00
ajs124
d86882dd0f
nss: 3.60 -> 3.61
2021-03-14 16:20:51 +01:00
Sandro Jäckel
9fc898d625
nss: remove usage of stdenv.lib
2021-01-31 16:07:26 +01:00
rnhmjoj
b9bb98cf49
nss: add option to use p11-kit
...
This commit adds an option to replace libnssckbi with the
p11-kit-trust[1] module. It makes all NSS application (like Firefox,
Chromium, etc.) use the system trust store (/etc/ssl/certs/ in NixOS)
and other PKCS#11 modules without ad-hoc configuration.
This approach was first implemented in Fedora[2] and other distributions
like Arch Linux, later.
[1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html
[2]: https://fedoraproject.org/wiki/Features/SharedSystemCertificates
2021-01-24 10:50:52 +01:00
Ben Siraphob
66e44425c6
pkgs/development/libraries: stdenv.lib -> lib
2021-01-21 19:11:02 -08:00
ajs124
22cd16f5b0
nss: 3.59 -> 3.60
2020-12-17 07:31:34 +01:00
ajs124
fce1a3ee1a
nss: 3.58 -> 3.59
...
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.59_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
6c33216fcb
nss: 3.57 -> 3.58
...
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
cbd0f8931c
nss_3_53: init
2020-11-18 20:13:23 +01:00
Andreas Rammhold
94448baf6d
cacert: decouple from NSS to reduce rebuild amount
...
In [#100765 ] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.
[#100765 ]: https://github.com/NixOS/nixpkgs/pull/100765
2020-11-18 20:13:22 +01:00
Michael Raskin
15430f8465
Merge pull request #102428 from r-burns/nss
...
nss: fix build on ppc64[le]
2020-11-15 09:42:19 +00:00
zimbatm
5ff35fab0f
fixup! nss: make reproducible ( #102156 )
...
Fixes a precedence issue from fe9f55907e
`lib.optionalString <cond> 'text' + 'text2'` will always have 'text2' as
part of the result.
2020-11-02 11:55:11 +01:00
Ryan Burns
eed2008a2d
nss: fix build on ppc64[le]
...
NSS configure scripts use the abbreviated form ppc64/ppc64le:
https://github.com/nss-dev/nss/blob/NSS_3_57_RTM/coreconf/config.gypi#L209
Whereas nixpkgs uses the longer form:
`nix eval nixpkgs.pkgsCross.powernv.hostPlatform.parsed.cpu.name`
`powerpc64le`
2020-11-01 20:37:48 -08:00
zimbatm
8f2be9ac36
nss: make reproducible ( #102156 )
...
According to
c1fad130dc/build.sh (l129)
the FIPS mode is not enabled by default. Yet we generate the .chk files
that are only meant to be used for that mode. I have a sense that those
have been cargo-culted around.
Adding FIPS is still possible but you have to explictily build the lib
with `pkgs.nss.override { enableFIPS = true; }`
More info on what FIPS is:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
Other distros wrangling with the same issue:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081723
2020-10-31 21:17:26 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge #101508 : libraw: 0.20.0 -> 0.20.2"
...
This reverts commit c778945806
.
I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508 : libraw: 0.20.0 -> 0.20.2"
...
I'm sorry; I didn't notice it contained staging commits.
This reverts commit 17f5305b6c
, reversing
changes made to a8a018ddc0
.
2020-10-25 09:41:51 +01:00
Andrew Childs
722d02a720
treewide: move fixDarwinDylibNames to nativeBuildInputs
...
This hook runs at build time and depends on executing
install_name_tool from binutils.
2020-10-21 13:26:53 +09:00
Vladimír Čunát
80d90e69fe
nss: 3.56 -> 3.57
...
Release notes seem "boring":
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
My understanding is that this version will be needed in Firefox 82 released
in one month from now: https://wiki.mozilla.org/NSS:Release_Versions
2020-09-19 08:23:45 +02:00
ajs124
49aa282108
nss: 3.55 -> 3.56
2020-08-26 08:34:52 +02:00
Vladimír Čunát
ce174c7bc9
Merge #94587 : nss: fix on darwin
2020-08-06 09:08:29 +02:00