commit mozilla-nss.3024 for openSUSE:12.3:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package mozilla-nss.3024 for openSUSE:12.3:Update checked in at 2014-09-26 14:20:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/mozilla-nss.3024 (Old)
and /work/SRC/openSUSE:12.3:Update/.mozilla-nss.3024.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss.3024"
Changes:
--------
New Changes file:
--- /dev/null 2014-09-26 12:09:11.568032006 +0200
+++ /work/SRC/openSUSE:12.3:Update/.mozilla-nss.3024.new/mozilla-nss.changes 2014-09-26 14:20:38.000000000 +0200
@@ -0,0 +1,1039 @@
+-------------------------------------------------------------------
+Tue Sep 23 21:44:44 UTC 2014 - wr@rosenauer.org
+
+- update to 3.16.5 (bnc#897890)
+ * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405)
+ RSA Signature Forgery in NSS
+
+-------------------------------------------------------------------
+Tue Aug 12 10:56:55 UTC 2014 - wr@rosenauer.org
+
+- update to 3.16.4 (bnc#894201)
+ * now required for Firefox 32
+ Notable Changes:
+ * The following 1024-bit root CA certificate was restored to allow more
+ time to develop a better transition strategy for affected sites. It was
+ removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
+ forum led to the decision to keep this root included longer in order to
+ give website administrators more time to update their web servers.
+ - CN = GTE CyberTrust Global Root
+ * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
+ Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
+ intermediate CA certificate has been included, without explicit trust.
+ The intention is to mitigate the effects of the previous removal of the
+ 1024-bit Entrust.net root certificate, because many public Internet
+ sites still use the "USERTrust Legacy Secure Server CA" intermediate
+ certificate that is signed by the 1024-bit Entrust.net root certificate.
+ The inclusion of the intermediate certificate is a temporary measure to
+ allow those sites to function, by allowing them to find a trust path to
+ another 2048-bit root CA certificate. The temporarily included
+ intermediate certificate expires November 1, 2015.
+
+-------------------------------------------------------------------
+Sat Jul 5 12:10:36 UTC 2014 - wr@rosenauer.org
+
+- update to 3.16.3
+ * required for Firefox 32
+ New Functions:
+ * CERT_GetGeneralNameTypeFromString (This function was already added
+ in NSS 3.16.2, however, it wasn't declared in a public header file.)
+ Notable Changes:
+ * The following 1024-bit CA certificates were removed
+ - Entrust.net Secure Server Certification Authority
+ - GTE CyberTrust Global Root
+ - ValiCert Class 1 Policy Validation Authority
+ - ValiCert Class 2 Policy Validation Authority
+ - ValiCert Class 3 Policy Validation Authority
+ * Additionally, the following CA certificate was removed as
+ requested by the CA:
+ - TDC Internet Root CA
+ * The following CA certificates were added:
+ - Certification Authority of WoSign
+ - CA 沃通根证书
+ - DigiCert Assured ID Root G2
+ - DigiCert Assured ID Root G3
+ - DigiCert Global Root G2
+ - DigiCert Global Root G3
+ - DigiCert Trusted Root G4
+ - QuoVadis Root CA 1 G3
+ - QuoVadis Root CA 2 G3
+ - QuoVadis Root CA 3 G3
+ * The Trust Bits were changed for the following CA certificates
+ - Class 3 Public Primary Certification Authority
+ - Class 3 Public Primary Certification Authority
+ - Class 2 Public Primary Certification Authority - G2
+ - VeriSign Class 2 Public Primary Certification Authority - G3
+ - AC Raíz Certicámara S.A.
+ - NetLock Uzleti (Class B) Tanusitvanykiado
+ - NetLock Expressz (Class C) Tanusitvanykiado
+- changes in 3.16.2
+ New functionality:
+ * DTLS 1.2 is supported.
+ * The TLS application layer protocol negotiation (ALPN) extension
+ is also supported on the server side.
+ * RSA-OEAP is supported. Use the new PK11_PrivDecrypt and
+ PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
+ * New Intel AES assembly code for 32-bit and 64-bit Windows,
+ contributed by Shay Gueron and Vlad Krasnov of Intel.
+ New Functions:
+ * CERT_AddExtensionByOID
+ * PK11_PrivDecrypt
+ * PK11_PubEncrypt
+ New Macros
+ * SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK
+ * SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL
+ Notable Changes:
+ * The btoa command has a new command-line option -w suffix, which
+ causes the output to be wrapped in BEGIN/END lines with the
+ given suffix
+ * The certutil commands supports additionals types of subject
+ alt name extensions.
+ * The certutil command supports generic certificate extensions,
+ by loading binary data from files, which have been prepared using
+ external tools, or which have been extracted from other existing
+ certificates and dumped to file.
+ * The certutil command supports three new certificate usage specifiers.
+ * The pp command supports printing UTF-8 (-u).
+ * On Linux, NSS is built with the -ffunction-sections -fdata-sections
+ compiler flags and the --gc-sections linker flag to allow unused
+ functions to be discarded.
+
+-------------------------------------------------------------------
+Thu May 8 05:46:17 UTC 2014 - wr@rosenauer.org
+
+- update to 3.16.1
+ * required for Firefox 31
+ New functionality:
+ * Added the "ECC" flag for modutil to select the module used for
+ elliptic curve cryptography (ECC) operations.
+ New Functions:
+ * PK11_ExportDERPrivateKeyInfo/PK11_ExportPrivKeyInfo
+ exports a private key in a DER-encoded ASN.1 PrivateKeyInfo type
+ or a SECKEYPrivateKeyInfo structure. Only RSA private keys are
+ supported now.
+ * SECMOD_InternalToPubMechFlags
+ converts from NSS-internal to public representation of mechanism
+ flags
+ New Types:
+ * ssl_padding_xtn
+ the value of this enum constant changed from the experimental
+ value 35655 to the IANA-assigned value 21
+ New Macros
+ * PUBLIC_MECH_ECC_FLAG
+ a public mechanism flag for elliptic curve cryptography (ECC)
+ operations
+ * SECMOD_ECC_FLAG
+ an NSS-internal mechanism flag for elliptic curve cryptography
+ (ECC) operations. This macro has the same numeric value as
+ PUBLIC_MECH_ECC_FLAG.
+ Notable Changes:
+ * Imposed name constraints on the French government root CA ANSSI
+ (DCISS).
+
+-------------------------------------------------------------------
+Fri Mar 21 21:16:31 UTC 2014 - wr@rosenauer.org
+
+- update to 3.16
+ * required for Firefox 29
+ * bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
+ character should not be embedded within the U-label of an
+ internationalized domain name. See the last bullet point in RFC 6125,
+ Section 7.2.
+ * Supports the Linux x32 ABI. To build for the Linux x32 target, set
+ the environment variable USE_X32=1 when building NSS.
+ New Functions:
+ * NSS_CMSSignerInfo_Verify
+ New Macros
+ * TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
+ cipher suites that were first defined in SSL 3.0 can now be referred
+ to with their official IANA names in TLS, with the TLS_ prefix.
+ Previously, they had to be referred to with their names in SSL 3.0,
+ with the SSL_ prefix.
+ Notable Changes:
+ * ECC is enabled by default. It is no longer necessary to set the
+ environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
+ ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
+ * libpkix should not include the common name of CA as DNS names when
+ evaluating name constraints.
+ * AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
+ * Fix a memory corruption in sec_pkcs12_new_asafe.
+ * If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
+ test sdb_measureAccess.
+ * The built-in roots module has been updated to version 1.97, which
+ adds, removes, and distrusts several certificates.
+ * The atob utility has been improved to automatically ignore lines of
+ text that aren't in base64 format.
+ * The certutil utility has been improved to support creation of
+ version 1 and version 2 certificates, in addition to the existing
+ version 3 support.
+
+-------------------------------------------------------------------
+Tue Feb 25 11:31:18 UTC 2014 - wr@rosenauer.org
+
+- update to 3.15.5
+ * required for Firefox 28
+ * export FREEBL_LOWHASH to get the correct default headers
+ (bnc#865539)
+ New functionality
+ * Added support for the TLS application layer protocol negotiation
+ (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and
+ SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both)
+ should be used for application layer protocol negotiation.
+ * Added the TLS padding extension. The extension type value is 35655,
+ which may change when an official extension type value is assigned
+ by IANA. NSS automatically adds the padding extension to ClientHello
+ when necessary.
+ * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting
+ the tail of a CERTCertList.
+ Notable Changes
+ * bmo#950129: Improve the OCSP fetching policy when verifying OCSP
+ responses
+ * bmo#949060: Validate the iov input argument (an array of PRIOVec
+ structures) of ssl_WriteV (called via PR_Writev). Applications should
+ still take care when converting struct iov to PRIOVec because the
+ iov_len members of the two structures have different types
+ (size_t vs. int). size_t is unsigned and may be larger than int.
+
+-------------------------------------------------------------------
++++ 842 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.mozilla-nss.3024.new/mozilla-nss.changes
New:
----
baselibs.conf
cert9.db
key4.db
malloc.patch
mozilla-nss-rpmlintrc
mozilla-nss.changes
mozilla-nss.spec
nss-3.16.5.tar.gz
nss-config.in
nss-disable-ocsp-test.patch
nss-no-rpath.patch
nss-opt.patch
nss-sqlitename.patch
nss.pc.in
pkcs11.txt
renegotiate-transitional.patch
setup-nsssysinit.sh
system-nspr.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
#
# spec file for package mozilla-nss
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2006-2014 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global nss_softokn_fips_version 3.12.4
Name: mozilla-nss
BuildRequires: gcc-c++
BuildRequires: mozilla-nspr-devel >= 4.10.5
BuildRequires: pkg-config
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
Version: 3.16.5
Release: 0
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-64bit
%endif
#
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/
#Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_5_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.16.5/nss ; cd nss-3.16.5/nss ; hg up NSS_3_16_5_RTM
Source: nss-%{version}.tar.gz
Source1: nss.pc.in
Source3: nss-config.in
Source4: %{name}-rpmlintrc
Source5: baselibs.conf
Source6: setup-nsssysinit.sh
Source7: cert9.db
Source8: key4.db
Source9: pkcs11.txt
#Source10: PayPalEE.cert
Patch1: nss-opt.patch
Patch2: system-nspr.patch
Patch4: nss-no-rpath.patch
Patch5: renegotiate-transitional.patch
Patch6: malloc.patch
Patch7: nss-disable-ocsp-test.patch
Patch8: nss-sqlitename.patch
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
PreReq: mozilla-nspr >= %nspr_ver
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
PreReq: libsoftokn3 >= %{nss_softokn_fips_version}
%if %{_lib} == lib64
Requires: libnssckbi.so()(64bit)
%else
Requires: libnssckbi.so
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
%ifnarch %sparc
%if ! 0%{?qemu_user_space_build}
%define run_testsuite 1
%endif
%endif
%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package devel
Summary: Network (Netscape) Security Services development files
Group: Development/Libraries/Other
Requires: libfreebl3
Requires: libsoftokn3
Requires: mozilla-nspr-devel >= 4.9
Requires: mozilla-nss = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-devel-64bit
%endif
%description devel
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package tools
Summary: Tools for developing, debugging, and managing applications that use NSS
Group: System/Management
PreReq: mozilla-nss >= %{version}
%description tools
The NSS Security Tools allow developers to test, debug, and manage
applications that use NSS.
%package sysinit
Summary: System NSS Initialization
Group: System/Management
Requires: mozilla-nss >= %{version}
Requires(post): coreutils
%description sysinit
Default Operation System module that manages applications loading
NSS globally on the system. This module loads the system defined
PKCS #11 modules for NSS and chains with other NSS modules to load
any system or user configured modules.
%package -n libfreebl3
Summary: Freebl library for the Network Security Services
Group: System/Libraries
%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
This package installs the freebl library from NSS.
%package -n libsoftokn3
Summary: Network Security Services Softoken Module
Group: System/Libraries
Requires: libfreebl3 = %{version}-%{release}
%description -n libsoftokn3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
Network Security Services Softoken Cryptographic Module
%package certs
Summary: CA certificates for NSS
Group: Productivity/Networking/Security
%description certs
This package contains the integrated CA root certificates from the
Mozilla project.
%prep
%setup -n nss-%{version} -q
cd nss
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%if %suse_version > 1110
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate
%build
cd nss
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
export LIBDIR=%{_libdir}
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64
export USE_64=1
%endif
export NSS_USE_SYSTEM_SQLITE=1
#export SQLITE_LIB_NAME=nsssqlite3
MAKE_FLAGS="BUILD_OPT=1"
make nss_build_all $MAKE_FLAGS
# run testsuite
%if 0%{?run_testsuite}
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd tests
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
echo "Testsuite FAILED"
exit 1
fi
%endif
%install
cd nss
mkdir -p $RPM_BUILD_ROOT%{_libdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
pushd ../dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
# copy dynamic libs
cp -L lib/libnss3.so \
lib/libnssdbm3.so \
lib/libnssdbm3.chk \
lib/libnssutil3.so \
lib/libnssckbi.so \
lib/libnsssysinit.so \
lib/libsmime3.so \
lib/libsoftokn3.so \
lib/libsoftokn3.chk \
lib/libssl3.so \
$RPM_BUILD_ROOT%{_libdir}
cp -L lib/libfreebl3.so \
lib/libfreebl3.chk \
$RPM_BUILD_ROOT/%{_lib}
#cp -L lib/libnsssqlite3.so \
# $RPM_BUILD_ROOT%{_libdir}
# copy static libs
cp -L lib/libcrmf.a \
lib/libnssb.a \
lib/libnssckfw.a \
$RPM_BUILD_ROOT%{_libdir}
# copy tools
cp -L bin/certutil \
bin/cmsutil \
bin/crlutil \
bin/modutil \
bin/pk12util \
bin/signtool \
bin/signver \
bin/ssltap \
$RPM_BUILD_ROOT%{_bindir}
# copy unsupported tools
cp -L bin/atob \
bin/btoa \
bin/derdump \
bin/ocspclnt \
bin/pp \
bin/selfserv \
bin/shlibsign \
bin/strsclnt \
bin/symkeyutil \
bin/tstclnt \
bin/vfyserv \
bin/vfychain \
$RPM_BUILD_ROOT%{_libexecdir}/nss
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
s:%%VERSION%%:%{version}:g
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
%{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'`
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | gawk '{print $3}'`
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | gawk '{print $3}'`
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
> $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
# setup-nsssysinfo.sh
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/
# create empty NSS database
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/*
#sed "s:%{buildroot}::g
#s/^library=$/library=libnsssysinit.so/
#/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
# $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed
# mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,}
# copy empty NSS database
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir}
# create shlib sigs after extracting debuginfo
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
%{nil}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post -n libfreebl3 -p /sbin/ldconfig
%postun -n libfreebl3 -p /sbin/ldconfig
%post -n libsoftokn3 -p /sbin/ldconfig
%postun -n libsoftokn3 -p /sbin/ldconfig
%post sysinit
/sbin/ldconfig
# make sure the current config is enabled
%{_sbindir}/setup-nsssysinit.sh on
%preun sysinit
if [ $1 = 0 ]; then
%{_sbindir}/setup-nsssysinit.sh off
fi
%postun sysinit -p /sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, root, root)
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libsmime3.so
%{_libdir}/libssl3.so
#%{_libdir}/libnsssqlite3.so
%files devel
%defattr(644, root, root, 755)
%{_includedir}/nss3/
%{_libdir}/*.a
%{_libdir}/pkgconfig/*
%attr(755,root,root) %{_bindir}/nss-config
%files tools
%defattr(-, root, root)
%{_bindir}/*
%exclude %{_sbindir}/setup-nsssysinit.sh
%{_libexecdir}/nss/
%exclude %{_bindir}/nss-config
%files sysinit
%defattr(-, root, root)
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
%{_libdir}/libnsssysinit.so
%{_sbindir}/setup-nsssysinit.sh
%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so
/%{_lib}/libfreebl3.chk
%files -n libsoftokn3
%defattr(-, root, root)
%{_libdir}/libsoftokn3.so
%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssdbm3.chk
%files certs
%defattr(-, root, root)
%{_libdir}/libnssckbi.so
%changelog
++++++ baselibs.conf ++++++
mozilla-nss
requires "libfreebl3-<targettype>"
requires "libsoftokn3-<targettype>"
requires "mozilla-nss-certs-<targettype>"
libsoftokn3
requires "libfreebl3-<targettype> = <version>"
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
+/lib/libfreebl3.chk
mozilla-nss-sysinit
mozilla-nss-certs
++++++ malloc.patch ++++++
Index: security/nss/tests/ssl/ssl.sh
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v
retrieving revision 1.100
diff -u -r1.100 ssl.sh
--- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100
+++ nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000
@@ -974,6 +974,7 @@
################################# main #################################
+unset MALLOC_CHECK_
ssl_init
ssl_run_tests
ssl_cleanup
++++++ mozilla-nss-rpmlintrc ++++++
addFilter("shlib-policy-name-error")
addFilter("shlib-policy-missing-lib")
addFilter("shlib-policy-missing-suffix")
addFilter("shlib-unversioned-lib")
addFilter("shlib-fixed-dependency")
++++++ nss-config.in ++++++
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <
participants (1)
-
root@hilbert.suse.de