colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
388,635 Commits 125 Branches 0 Tags 3.4 GiB
788fc876f9
Commit Graph

189 Commits

Author SHA1 Message Date
ajs124
0bd02d1963 nss_latest: 3.79 -> 3.80 
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_80.rst
 2022-06-24 00:41:32 +02:00
Martin Weinelt
0af7e9c407 Revert "nss: 3.68.4 -> 3.79" 
This reverts commit 1c76a270d2.

This breaks the Firefox 91esr build, which is apparently not compatible
with this NSS version.

/build/firefox-91.10.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'

Will revisit this upgrade, when we drop 91esr in favor of 102esr soon.
 2022-06-12 01:24:12 +02:00
ajs124
1c76a270d2 nss: 3.68.4 -> 3.79 
This ESR branch has reached EOL:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-z6f6dOWx9A/m/Bpl8VWd_FwAJ
 2022-06-08 22:27:15 +02:00
ajs124
309bfdf2e2 nss: sha256 -> hash 2022-06-01 12:47:36 +02:00
ajs124
ae1f1709b7 nss_latest: 3.78 -> 3.79 
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_79.rst
 2022-06-01 12:47:31 +02:00
ajs124
bf5c00fc75 nss_esr: 3.68.3 -> 3.68.4 
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_68_4.rst
 2022-06-01 12:47:23 +02:00
Martin Weinelt
2473837984
nss_latest: 3.77 -> 3.78 
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html

Fixes the ordering of the security load patchset to save us rebuilds.
 2022-05-03 15:36:13 +02:00
Martin Weinelt
c773303215
Revert "Revert "nss_latest: 3.76.1 -> 3.77"" 
This reverts commit 79a5b548cc.
 2022-05-03 15:36:13 +02:00
Martin Weinelt
79a5b548cc Revert "nss_latest: 3.76.1 -> 3.77" 
This reverts commit eb9c616c79.

Breaks the Firefox build and needs further investigation.

In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^

https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003
 2022-04-06 18:09:45 +02:00
ajs124
eb9c616c79 nss_latest: 3.76.1 -> 3.77 2022-04-03 13:14:08 +01:00
ajs124
faee35ce35 nss_latest: 3.76 -> 3.76.1 2022-04-03 13:14:08 +01:00
ajs124
9109742c6b nss: add maintainers 2022-04-03 13:14:07 +01:00
ajs124
44f241f69a nss: split into nss_latest and nss_esr 2022-04-03 13:14:07 +01:00
ajs124
4e0daeeee4 nss: 3.75 -> 3.76 
https://github.com/nss-dev/nss/blob/master/doc/rst/releases/nss_3_76.rst
 2022-03-14 18:23:34 +01:00
ajs124
de76433f54 nss: 3.74 -> 3.75 2022-02-04 00:52:14 +01:00
ajs124
da28ed7df0 nss: 3.73.1 -> 3.74 2022-01-06 22:25:53 +01:00
R. RyanTM
8a4345ee0d
nss: 3.73 -> 3.73.1 (#151041) 2021-12-25 16:56:14 -05:00
Léo Gaspard
ee36cb7d2c
nss: 3.72 -> 3.73 (#148219) 
Update done by running the `nss` and `cacert` update scripts, then
running nixpkgs-check to validate things look good enough to be thrown
at hydra
 2021-12-02 01:24:35 +01:00
Vladimír Čunát
a4f105791c
Merge #144218: nss: 3.71 -> 3.72 (into staging) 2021-11-15 22:28:32 +01:00
Martin Weinelt
dff515718d
nss_3_53: drop 2021-11-02 14:41:05 +01:00
R. Ryantm
f0b1f93f1d nss: 3.71 -> 3.72 2021-11-02 09:44:16 +00:00
Martin Weinelt
adf4e67dd4 Merge remote-tracking branch 'origin/staging' into staging-next 2021-10-15 01:34:36 +02:00
Alyssa Ross
851b719ac6 treewide: use stdenv.hostPlatform.extensions.sharedLibrary where appropriate 2021-10-13 17:39:37 +00:00
ajs124
c47854697c nss: 3.70 -> 3.71 2021-09-30 21:16:07 +02:00
Tim Steinbach
b558d1552b nss: Add updateScript 2021-09-16 09:33:38 -04:00
Tim Steinbach
e079a9b46d nss: 3.68 -> 3.70 2021-09-09 08:37:00 -04:00
Sandro Jäckel
d7a6dc0bb9
nss: format, cleanup 2021-08-10 13:01:51 +02:00
Sandro Jäckel
4b84c7a0c8
nss: format, cleanup 2021-08-10 13:01:37 +02:00
github-actions[bot]
08a8809bfe
Merge staging-next into staging 2021-07-18 00:02:06 +00:00
Felix Buehler
e023025ee0 various: cleanup of "inherit version;" 2021-07-17 22:39:35 +02:00
ajs124
04bc2667d1 nss: 3.67 -> 3.68 2021-07-12 16:52:41 +02:00
ajs124
1128dadcd8 nss: 3.66 -> 3.67 2021-06-14 16:28:39 +02:00
Martin Weinelt
b70b74f52a
Merge pull request #125280 from zhaofengli/nss-use-64 
nss: Set NSS_USE_64=1 for 64-bit platforms
 2021-06-02 00:32:04 +02:00
ajs124
db82e8c2e2 nss: 3.64 -> 3.66 2021-06-01 23:10:39 +02:00
Zhaofeng Li
345e777888 nss: Set NSS_USE_64=1 for 64-bit platforms 
The config script does that automatically for a few architectures [1],
but on 64-bit platforms that are not listed (like riscv64) the
freebl build fails. Debian always adds the USE_64=1 flag when
compiling on 64-bit architectures (they use legacy make instead of gyp),
and we should do that as well to fix the general problem at the cost of
a mass rebuild.

[1] 0ef2306a62/coreconf/config.gypi (l212)
[2] c446c61808/debian/rules (L66)
 2021-06-01 12:23:41 -07:00
ajs124
36d2488cb6 nss_3_44: drop 2021-05-15 17:59:39 +02:00
ajs124
5240b3fa7c nss: 3.63 -> 3.64 2021-04-16 15:49:23 +02:00
ajs124
636fab48a6 nss: 3.62 -> 3.63 2021-03-20 16:41:00 +01:00
Martin Weinelt
e73210fd67
nss: 3.61 -> 3.62 2021-03-14 16:23:29 +01:00
ajs124
d86882dd0f nss: 3.60 -> 3.61 2021-03-14 16:20:51 +01:00
Sandro Jäckel
9fc898d625
nss: remove usage of stdenv.lib 2021-01-31 16:07:26 +01:00
rnhmjoj
b9bb98cf49
nss: add option to use p11-kit 
This commit adds an option to replace libnssckbi with the
p11-kit-trust[1] module. It makes all NSS application (like Firefox,
Chromium, etc.) use the system trust store (/etc/ssl/certs/ in NixOS)
and other PKCS#11 modules without ad-hoc configuration.

This approach was first implemented in Fedora[2] and other distributions
like Arch Linux, later.
[1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html

[2]: https://fedoraproject.org/wiki/Features/SharedSystemCertificates
 2021-01-24 10:50:52 +01:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
ajs124
22cd16f5b0 nss: 3.59 -> 3.60 2020-12-17 07:31:34 +01:00
ajs124
fce1a3ee1a
nss: 3.58 -> 3.59 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.59_release_notes
 2020-11-18 20:13:23 +01:00
Andreas Rammhold
6c33216fcb
nss: 3.57 -> 3.58 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
 2020-11-18 20:13:23 +01:00
Andreas Rammhold
cbd0f8931c
nss_3_53: init 2020-11-18 20:13:23 +01:00
Andreas Rammhold
94448baf6d
cacert: decouple from NSS to reduce rebuild amount 
In [#100765] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.

[#100765]: https://github.com/NixOS/nixpkgs/pull/100765
 2020-11-18 20:13:22 +01:00
Michael Raskin
15430f8465
Merge pull request #102428 from r-burns/nss 
nss: fix build on ppc64[le]
 2020-11-15 09:42:19 +00:00
zimbatm
5ff35fab0f
fixup! nss: make reproducible (#102156) 
Fixes a precedence issue from fe9f55907e

`lib.optionalString <cond> 'text' + 'text2'` will always have 'text2' as
part of the result.
 2020-11-02 11:55:11 +01:00