Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory
checked in at Wed Apr 29 00:40:49 CEST 2009.
--------
--- GNOME/mozilla-nss/mozilla-nss.changes 2009-02-04 08:47:32.000000000 +0100
+++ mozilla-nss/mozilla-nss.changes 2009-04-27 16:25:41.000000000 +0200
@@ -1,0 +2,23 @@
+Mon Apr 20 14:47:43 CEST 2009 - wr@rosenauer.org
+
+- update to version 3.12.3 RTM
+ * default behaviour changed slightly but can be set up
+ backward compatible using environment variables
+ https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
+ * New Korean SEED cipher
+ * Some new functions in the nss library:
+ CERT_RFC1485_EscapeAndQuote (see cert.h)
+ CERT_CompareCerts (see cert.h)
+ CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
+ PK11_GetSymKeyHandle (see pk11pqg.h)
+ UTIL_SetForkState (see secoid.h)
+ NSS_GetAlgorithmPolicy (see secoid.h)
+ NSS_SetAlgorithmPolicy (see secoid.h)
+- created libfreebl3 subpackage and build it w/o nspr and nss deps
+- added patch to make all ASM noexecstack
+- create the softokn3 and freebl3 checksums at installation time
+ (moved shlibsign to the main package to achieve that)
+- applied upstream patch to avoid OSCP test failures (bmo#488646)
+- applied upstream patch to fix libjar crashes (bmo#485145)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
nss-3.12.2.tar.bz2
New:
----
bmo485145-libjar.patch.bz2
bmo488646-oscp-test.patch
nss-3.12.3.tar.bz2
nss-noexec.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.Z11517/_old 2009-04-29 00:35:39.000000000 +0200
+++ /var/tmp/diff_new_pack.Z11517/_new 2009-04-29 00:35:39.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package mozilla-nss (Version 3.12.2)
+# spec file for package mozilla-nss (Version 3.12.3)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -27,7 +27,7 @@
BuildRequires: sqlite3-devel
%endif
License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
-Version: 3.12.2
+Version: 3.12.3
Release: 1
# bug437293
%ifarch ppc64
@@ -37,6 +37,7 @@
Summary: Network (Netscape) Security Services
Url: http://www.mozilla.org/projects/security/pki/nss/
Group: System/Libraries
+# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r NSS
Source: nss-%{version}.tar.bz2
Source1: nss.pc.in
Source2: addon-certs.txt
@@ -46,10 +47,15 @@
Patch3: system-nspr.patch
Patch4: char.patch
Patch5: nss-no-rpath.patch
+Patch6: nss-noexec.patch
+Patch7: bmo488646-oscp-test.patch
+Patch8: bmo485145-libjar.patch.bz2
# Remove remnant traces from the package split.
Provides: libnss3 = %{version}-%{release}
Obsoletes: libnss3 <= %{version}-%{release}
-PreReq: mozilla-nspr >= %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
+%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
+PreReq: mozilla-nspr >= %nspr_ver
+PreReq: libfreebl3 >= %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
@@ -72,11 +78,11 @@
Group: Development/Libraries/Other
Requires: mozilla-nspr-devel
Requires: mozilla-nss = %{version}-%{release}
+Requires: libfreebl3 = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-devel-64bit
%endif
-#
%description devel
Network Security Services (NSS) is a set of libraries designed to
@@ -95,8 +101,8 @@
License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
Summary: Tools for developing, debugging, and managing applications that use NSS.
Group: System/Management
-PreReq: mozilla-nss >= %{version}-%{release}
-PreReq: coreutils
+PreReq: mozilla-nss >= %{version}
+Requires(post): coreutils
%description tools
The NSS Security Tools allow developers to test, debug, and manage
@@ -108,6 +114,26 @@
--------
Mozilla Foundation
+%package -n libfreebl3
+License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
+Summary: Freebl library for the Network Security Services
+Group: System/Libraries
+
+%description -n libfreebl3
+Network Security Services (NSS) is a set of libraries designed to
+support cross-platform development of security-enabled server
+applications. Applications built with NSS can support SSL v2 and v3,
+TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
+certificates, and other security standards.
+
+This package installs the freebl library from NSS.
+
+
+
+Authors:
+--------
+ Mozilla Foundation
+
%prep
%setup -n nss-%{version} -q
cd mozilla
@@ -116,12 +142,16 @@
%patch3
%patch4
%patch5
+%patch6
+%patch7
+%patch8
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate
%build
+export FREEBL_NO_DEPEND=1
cd mozilla/security/nss
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
@@ -152,6 +182,7 @@
mkdir -p $RPM_BUILD_ROOT%{_libdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
+mkdir -p $RPM_BUILD_ROOT/%{_lib}
pushd mozilla/dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
@@ -164,9 +195,10 @@
lib/libsoftokn3.so \
lib/libsoftokn3.chk \
lib/libssl3.so \
- lib/libfreebl3.so \
- lib/libfreebl3.chk \
$RPM_BUILD_ROOT%{_libdir}
+cp -L lib/libfreebl3.so \
+ lib/libfreebl3.chk \
+ $RPM_BUILD_ROOT/%{_lib}
%if %suse_version < 1030
cp -L lib/libnsssqlite3.so \
$RPM_BUILD_ROOT%{_libdir}
@@ -203,7 +235,8 @@
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
-s:%%VERSION%%:%{version}:g" \
+s:%%VERSION%%:%{version}:g
+s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
%{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
@@ -220,10 +253,35 @@
> $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
-%post -p /sbin/ldconfig
+%post
+/sbin/ldconfig
+# sign
+# removal of libfreebl3.so is a special needed case:
+# with this package it moves to %_lib and therefore is still
+# installed when %post runs disturbing the shlibsign tool
+rm -f %{_libdir}/libfreebl3.so
+rm -f %{_libdir}/libsoftokn3.chk
+rm -f /%{_lib}/libfreebl3.chk
+%{_libdir}/nss/shlibsign -i %{_libdir}/libsoftokn3.so
+%{_libdir}/nss/shlibsign -i /%{_lib}/libfreebl3.so
+# sign existing baselibs as well (FIXME other multiarchs)
+%ifarch x86_64
+if [ -e /lib/libfreebl3.so ]; then
+ rm -f /lib/libfreebl3.chk
+ %{_libdir}/nss/shlibsign -i /lib/libfreebl3.so
+fi
+if [ -e /usr/lib/libsoftokn3.so ]; then
+ rm -f /usr/lib/libsoftokn3.chk
+ %{_libdir}/nss/shlibsign -i /usr/lib/libsoftokn3.so
+fi
+%endif
%postun -p /sbin/ldconfig
+%post -n libfreebl3 -p /sbin/ldconfig
+
+%postun -n libfreebl3 -p /sbin/ldconfig
+
%post tools
if [ ! -d "%{nssdbdir}" ] ; then
mkdir -p "%{nssdbdir}"
@@ -238,8 +296,19 @@
%files
%defattr(-, root, root)
-%{_libdir}/*.so
-%{_libdir}/*.chk
+%{_libdir}/libnss3.so
+%{_libdir}/libnssckbi.so
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssutil3.so
+%{_libdir}/libsmime3.so
+%{_libdir}/libsoftokn3.so
+%{_libdir}/libssl3.so
+%if %suse_version < 1030
+%{_libdir}/libnsssqlite3.so
+%endif
+%{_libdir}/nss/shlibsign
+%ghost %verify(not md5 mtime size) %{_libdir}/libsoftokn3.chk
+%ghost %verify(not md5 mtime size) /%{_lib}/libfreebl3.chk
%files devel
%defattr(644, root, root, 755)
@@ -252,8 +321,33 @@
%defattr(-, root, root)
%{_bindir}/*
%{_libdir}/nss/
+%exclude %{_libdir}/nss/shlibsign
%exclude %{_bindir}/nss-config
+
+%files -n libfreebl3
+%defattr(-, root, root)
+/%{_lib}/libfreebl3.so
%changelog
+* Mon Apr 20 2009 wr@rosenauer.org
+- update to version 3.12.3 RTM
+ * default behaviour changed slightly but can be set up
+ backward compatible using environment variables
+ https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
+ * New Korean SEED cipher
+ * Some new functions in the nss library:
+ CERT_RFC1485_EscapeAndQuote (see cert.h)
+ CERT_CompareCerts (see cert.h)
+ CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
+ PK11_GetSymKeyHandle (see pk11pqg.h)
+ UTIL_SetForkState (see secoid.h)
+ NSS_GetAlgorithmPolicy (see secoid.h)
+ NSS_SetAlgorithmPolicy (see secoid.h)
+- created libfreebl3 subpackage and build it w/o nspr and nss deps
+- added patch to make all ASM noexecstack
+- create the softokn3 and freebl3 checksums at installation time
+ (moved shlibsign to the main package to achieve that)
+- applied upstream patch to avoid OSCP test failures (bmo#488646)
+- applied upstream patch to fix libjar crashes (bmo#485145)
* Wed Feb 04 2009 wr@rosenauer.org
- update to version 3.12.2 RTM (with CKBI 1.73) as in FF 3.0.6
* Tue Jan 13 2009 wr@rosenauer.org
@@ -306,7 +400,7 @@
- use string[0] instead of string in char.patch
* Mon Jun 11 2007 ro@suse.de
- update to NSS 3.11.6 (pull in from wr from opensuse BS)
-* Wed Feb 21 2007 maw@suse.de
+* Thu Feb 22 2007 maw@suse.de
- Update to NSS 3.11.5 (thanks, Wolfgang)
* Sun Oct 01 2006 wr@rosenauer.org
- update to NSS 3.11.3
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.Z11517/_old 2009-04-29 00:35:39.000000000 +0200
+++ /var/tmp/diff_new_pack.Z11517/_new 2009-04-29 00:35:39.000000000 +0200
@@ -1 +1,5 @@
mozilla-nss
+ requires "libfreebl3-<targettype> >= <version>"
+ +/usr/lib/libsoftokn3.chk
+ +/lib/libfreebl3.chk
+libfreebl3
++++++ bmo485145-libjar.patch.bz2 ++++++
++++ 8443 lines (skipped)
++++++ bmo488646-oscp-test.patch ++++++
Index: chains.sh
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v
retrieving revision 1.15
diff -u -9 -r1.15 chains.sh
--- chains.sh 15 Apr 2009 18:04:35 -0000 1.15
+++ security/nss/tests/chains/chains.sh 17 Apr 2009 13:02:49 -0000
@@ -689,18 +689,49 @@
if [ "${EXP_RESULT}" = "pass" -a ${RESULT} -eq 0 ]; then
html_passed "${SCENARIO}${TESTNAME}"
elif [ "${EXP_RESULT}" = "fail" -a ${RESULT} -ne 0 ]; then
html_passed "${SCENARIO}${TESTNAME}"
else
html_failed "${SCENARIO}${TESTNAME}"
fi
}
+
+check_ocsp()
+{
+ OCSP_CERT=$1
+
+ CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1`
+ CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2`
+
+ if [ "${CERT_ISSUER}" = "x" ]; then
+ CERT_ISSUER=
+ CERT=${CERT_NICK}.cert
+ CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
+ else
+ CERT=${CERT_NICK}${CERT_ISSUER}.der
+ CERT_FILE=${CERT}
+ fi
+
+ OCSP_HOST=$(${BINDIR}/pp -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
+
+ if [ "${OS_ARCH}" = "WINNT" ]; then
+ ping -n 1 ${OCSP_HOST}
+ return $?
+ elif [ "${OS_ARCH}" = "HP-UX" ]; then
+ ping ${OCSP_HOST} -c 1
+ return $?
+ else
+ ping -c 1 ${OCSP_HOST}
+ return $?
+ fi
+}
+
############################ parse_result ##############################
# local shell function to process expected result value
# this function was created for case that expected result depends on
# some conditions - in our case type of cert DB
#
# default results are pass and fail
# this function added parsable values in format:
# type1:value1 type2:value2 .... typex:valuex
#
@@ -859,18 +890,25 @@
LOGFILE="${LOGDIR}/${LOGNAME}"
fi
;;
"sleep")
sleep ${VALUE}
;;
"break")
break
;;
+ "check_ocsp")
+ check_ocsp ${VALUE}
+ if [ $? -ne 0 ]; then
+ echo "OCSP server not accessible, skipping OCSP tests"
+ break;
+ fi
+ ;;
"")
if [ -n "${ENTITY}" ]; then
if [ -z "${DB}" ]; then
create_entity "${ENTITY}" "${TYPE}"
fi
sign_cert "${ENTITY}" "${ISSUER}" "${TYPE}"
if [ "${TYPE}" = "Bridge" ]; then
create_pkcs7 "${ENTITY}"
fi
Index: scenarios/ocsp.cfg
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/chains/scenarios/ocsp.cfg,v
retrieving revision 1.4
diff -u -9 -r1.4 ocsp.cfg
--- scenarios/ocsp.cfg 19 Mar 2009 09:55:31 -0000 1.4
+++ security/nss/tests/chains/scenarios/ocsp.cfg 17 Apr 2009 13:02:49 -0000
@@ -1,11 +1,13 @@
scenario OCSP
+check_ocsp OCSPEE11:x
+
db OCSPRoot
import OCSPRoot:x:CT,C,C
db OCSPCA1
import_key OCSPCA1
crl OCSPCA1
revoke OCSPCA1
++++++ nss-3.12.2.tar.bz2 -> nss-3.12.3.tar.bz2 ++++++
++++ 76061 lines of diff (skipped)
++++++ nss-noexec.patch ++++++
Index: mozilla/security/coreconf/Linux.mk
===================================================================
RCS file: /cvsroot/mozilla/security/coreconf/Linux.mk,v
retrieving revision 1.35
diff -u -8 -r1.35 Linux.mk
--- security/coreconf/Linux.mk 5 Sep 2008 23:17:23 -0000 1.35
+++ security/coreconf/Linux.mk 3 Apr 2009 03:17:22 -0000
@@ -172,16 +172,17 @@
endif
ARCH = linux
DSO_CFLAGS = -fPIC
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,-z,defs
DSO_LDFLAGS =
LDFLAGS += $(ARCHFLAG)
+ASFLAGS += -Wa,--noexecstack
# INCLUDES += -I/usr/include -Y/usr/include/linux
G++INCLUDES = -I/usr/include/g++
#
# Always set CPU_TAG on Linux, OpenVMS, WINCE.
#
CPU_TAG = _$(CPU_ARCH)
++++++ nss.pc.in ++++++
--- /var/tmp/diff_new_pack.Z11517/_old 2009-04-29 00:35:51.000000000 +0200
+++ /var/tmp/diff_new_pack.Z11517/_new 2009-04-29 00:35:51.000000000 +0200
@@ -6,6 +6,6 @@
Name: NSS
Description: Network Security Services
Version: %VERSION%
-Requires: nspr >= 4.7.2
-Libs: -Wl,-rpath-link,${libdir} -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
Cflags: -I${includedir}
++++++ nss-sqlitename.patch ++++++
--- /var/tmp/diff_new_pack.Z11517/_old 2009-04-29 00:35:51.000000000 +0200
+++ /var/tmp/diff_new_pack.Z11517/_new 2009-04-29 00:35:51.000000000 +0200
@@ -1,28 +1,3 @@
-Index: security/nss/cmd/platlibs.mk
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/cmd/platlibs.mk,v
-retrieving revision 1.55
-diff -u -p -6 -r1.55 platlibs.mk
---- security/nss/cmd/platlibs.mk 12 Oct 2007 01:44:40 -0000 1.55
-+++ security/nss/cmd/platlibs.mk 23 Jan 2008 08:25:42 -0000
-@@ -69,13 +69,17 @@ EXTRA_SHARED_LIBS += \
- else
- EXTRA_SHARED_LIBS += -Wl,+b,'$$ORIGIN/../lib'
- endif
- endif
- endif
-
-+ifdef NSS_USE_SYSTEM_SQLITE
- SQLITE=-lsqlite3
-+else
-+SQLITE=-lnsssqlite3
-+endif
-
- ifdef USE_STATIC_LIBS
-
- # can't do this in manifest.mn because OS_ARCH isn't defined there.
- ifeq ($(OS_ARCH), WINNT)
-
Index: security/nss/lib/sqlite/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sqlite/manifest.mn,v
@@ -73,3 +48,28 @@
endif
ifeq ($(OS_TARGET),AIX)
+Index: security/nss/cmd/platlibs.mk
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/platlibs.mk,v
+retrieving revision 1.59
+diff -u -p -6 -r1.59 platlibs.mk
+--- security/nss/cmd/platlibs.mk 2 Dec 2008 23:24:46 -0000 1.59
++++ security/nss/cmd/platlibs.mk 14 Apr 2009 11:07:52 -0000
+@@ -69,13 +69,17 @@ EXTRA_SHARED_LIBS += \
+ else
+ EXTRA_SHARED_LIBS += -Wl,+b,'$$ORIGIN/../lib'
+ endif
+ endif
+ endif
+
++ifdef NSS_USE_SYSTEM_SQLITE
+ SQLITE=-lsqlite3
++else
++SQLITE=-lnsssqlite3
++endif
+
+ ifdef NSS_DISABLE_DBM
+ DBMLIB = $(NULL)
+ else
+ DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
+ endif
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org