Hello community,
here is the log from the commit of package mozilla-nss.5017 for openSUSE:13.2:Update checked in at 2016-05-04 11:38:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/mozilla-nss.5017 (Old)
and /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5017.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss.5017"
Changes:
--------
New Changes file:
--- /dev/null 2016-04-07 01:36:33.300037506 +0200
+++ /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5017.new/mozilla-nss.changes 2016-05-04 11:38:47.000000000 +0200
@@ -0,0 +1,1540 @@
+-------------------------------------------------------------------
+Mon Apr 18 15:53:40 UTC 2016 - normand@linux.vnet.ibm.com
+
+- add nss_gcc6_change.patch
+
+-------------------------------------------------------------------
+Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.3
+ * required for Firefox 46.0
+ * Increase compatibility of TLS extended master secret,
+ don't send an empty TLS extension last in the handshake
+ (bmo#1243641)
+
+-------------------------------------------------------------------
+Wed Mar 9 15:42:01 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.2
+ New functionality:
+ * RSA-PSS signatures are now supported (bmo#1215295)
+ * Pseudorandom functions based on hashes other than SHA-1 are now supported
+ * Enforce an External Policy on NSS from a config file (bmo#1009429)
+ New functions:
+ * PK11_SignWithMechanism - an extended version PK11_Sign()
+ * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
+ * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
+ TLS extension data
+ * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
+ TLS extension data
+ New types:
+ * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
+ * Constants for several object IDs are added to SECOidTag
+ New macros:
+ * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
+ * NSS_USE_ALG_IN_SSL
+ * NSS_USE_POLICY_IN_SSL
+ * NSS_RSA_MIN_KEY_SIZE
+ * NSS_DH_MIN_KEY_SIZE
+ * NSS_DSA_MIN_KEY_SIZE
+ * NSS_TLS_VERSION_MIN_POLICY
+ * NSS_TLS_VERSION_MAX_POLICY
+ * NSS_DTLS_VERSION_MIN_POLICY
+ * NSS_DTLS_VERSION_MAX_POLICY
+ * CKP_PKCS5_PBKD2_HMAC_SHA224
+ * CKP_PKCS5_PBKD2_HMAC_SHA256
+ * CKP_PKCS5_PBKD2_HMAC_SHA384
+ * CKP_PKCS5_PBKD2_HMAC_SHA512
+ * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
+ * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
+ * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
+ Notable changes:
+ * NSS C++ tests are built by default, requiring a C++11 compiler.
+ Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
+ * NSS has been changed to use the PR_GetEnvSecure function that
+ was made available in NSPR 4.12
+
+-------------------------------------------------------------------
+Mon Mar 7 15:41:50 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.21.1 (bmo#969894)
+ * required for Firefox 45.0
+ * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+ Buffer overflow during ASN.1 decoding in NSS
+ * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+ Use-after-free during processing of DER encoded keys in NSS
+
+-------------------------------------------------------------------
+Sun Dec 20 10:12:35 UTC 2015 - wr@rosenauer.org
+
+- update to NSS 3.21
+ * required for Firefox 44.0
+ New functionality:
+ * certutil now supports a --rename option to change a nickname (bmo#1142209)
+ * TLS extended master secret extension (RFC 7627) is supported (bmo#1117022)
+ * New info functions added for use during mid-handshake callbacks (bmo#1084669)
+ New Functions:
+ * NSS_OptionSet - sets NSS global options
+ * NSS_OptionGet - gets the current value of NSS global options
+ * SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
+ string, module parameters string, NSS specific parameters string, and NSS
+ configuration parameter string. The module represented by the module
+ structure is not loaded. The difference with SECMOD_CreateModule is the new
+ function handles NSS configuration parameter strings.
+ * SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
+ to the handshake being completed, for use with the callbacks that are invoked
+ during the handshake
+ * SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
+ for TLS
+ * SSL_SignaturePrefGet - retrieves the currently configured signature and hash
+ algorithms
+ * SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
+ can be configured with SSL_SignaturePrefSet
+ * NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
+ library string, module name string, module parameters string, NSS specific
+ parameters string, and NSS configuration parameter strings. The returned
+ strings must be freed by the caller. The difference with
+ NSS_ArgParseModuleSpec is the new function handles NSS configuration
+ parameter strings.
+ * NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
+ module parameters string, NSS specific parameters string, and NSS
+ configuration parameter string and returns a module string which the caller
+ must free when it is done. The difference with NSS_MkModuleSpec is the new
+ function handles NSS configuration parameter strings.
+ New Types:
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
+ CKM_TLS12_MASTER_KEY_DERIVE
+ * CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
+ CKM_TLS12_KEY_AND_MAC_DERIVE
+ * CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
+ * CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
+ * SSLHashType - identifies a hash function
+ * SSLSignatureAndHashAlg - identifies a signature and hash function
+ * SSLPreliminaryChannelInfo - provides information about the session state
+ prior to handshake completion
+ New Macros:
+ * NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
+ get the minimum RSA key size
+ * NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
+ get the minimum DH key size
+ * NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
+ get the minimum DSA key size
+ * CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
+ * CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
+ * CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
+ ECDH) cipher suites
+ * CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
+ PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
+ * CKM_TLS_MAC - computes TLS Finished MAC
+ * NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
+ exchange
+ * SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
+ DTLS record in a UDP packet
+ * SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
+ signature and hash algorithm is available
+ * SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
+ unsupported signature and hash algorithm is configured
+ * SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
+ master secret is missing after having been negotiated
+ * SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
+ extended master secret when previously not negotiated
+ * SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
+ master secret extension (RFC 7627)
+ * ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
+ TLS version has been selected
+ * ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
+ that a TLS cipher suite has been selected
+ * ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
+ preliminary information has been set
+ Notable Changes:
+ * NSS now builds with elliptic curve ciphers enabled by default (bmo#1205688)
+ * NSS now builds with warnings as errors (bmo#1182667)
+ * The following CA certificates were Removed
+ - CN = VeriSign Class 4 Public Primary Certification Authority - G3
+ - CN = UTN-USERFirst-Network Applications
+ - CN = TC TrustCenter Universal CA III
+ - CN = A-Trust-nQual-03
+ - CN = USERTrust Legacy Secure Server CA
+ - Friendly Name: Digital Signature Trust Co. Global CA 1
+ - Friendly Name: Digital Signature Trust Co. Global CA 3
+ - CN = UTN - DATACorp SGC
+ - O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
+ * The following CA certificate had the Websites trust bit turned off
+ - OU = Equifax Secure Certificate Authority
+ * The following CA certificates were Added
+ - CN = Certification Authority of WoSign G2
+ - CN = CA WoSign ECC Root
+ - CN = OISTE WISeKey Global Root GB CA
+- increased the minimum level of possible mixed installations
+ (softokn3, freebl3) to 3.21
+- added nss-bmo1236011.patch to fix compiler error (bmo#1236011)
+- disabled testsuite as it currently breaks (bmo#1236340)
+
+-------------------------------------------------------------------
+Sat Dec 19 17:13:21 UTC 2015 - wr@rosenauer.org
+
+- update to NSS 3.20.2 (bnc#959888)
+ * MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
+ MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
+ server signature
+
+-------------------------------------------------------------------
+Sun Oct 25 14:44:21 UTC 2015 - wr@rosenauer.org
+
+- update to NSS 3.20.1 (bnc#952810)
+ * requires NSPR 4.10.10
+ * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868)
+ memory corruption issues
+
+-------------------------------------------------------------------
+Thu Sep 24 15:41:09 UTC 2015 - fstrba@suse.com
+
+- Install the static libfreebl.a that is needed in order to link
+ Sun elliptical curves provider in Java 7.
+
+-------------------------------------------------------------------
+Thu Sep 24 09:39:17 UTC 2015 - wr@rosenauer.org
+
++++ 1343 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5017.new/mozilla-nss.changes
New:
----
baselibs.conf
cert9.db
key4.db
malloc.patch
mozilla-nss-rpmlintrc
mozilla-nss.changes
mozilla-nss.spec
nss-3.22.3.tar.gz
nss-bmo1236011.patch
nss-config.in
nss-disable-ocsp-test.patch
nss-no-rpath.patch
nss-opt.patch
nss-sqlitename.patch
nss.pc.in
nss_gcc6_change.patch
pkcs11.txt
renegotiate-transitional.patch
setup-nsssysinit.sh
system-nspr.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
#
# spec file for package mozilla-nss
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2006-2015 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global nss_softokn_fips_version 3.21
Name: mozilla-nss
BuildRequires: gcc-c++
BuildRequires: mozilla-nspr-devel >= 4.12
BuildRequires: pkg-config
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
Version: 3.22.3
Release: 0
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-64bit
%endif
#
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_3_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.22.3/nss ; cd nss-3.22.3/nss ; hg up NSS_3_22_3_RTM
#Source: nss-%{version}.tar.gz
Source1: nss.pc.in
Source3: nss-config.in
Source4: %{name}-rpmlintrc
Source5: baselibs.conf
Source6: setup-nsssysinit.sh
Source7: cert9.db
Source8: key4.db
Source9: pkcs11.txt
#Source10: PayPalEE.cert
Source99: %{name}.changes
Patch1: nss-opt.patch
Patch2: system-nspr.patch
Patch4: nss-no-rpath.patch
Patch5: renegotiate-transitional.patch
Patch6: malloc.patch
Patch7: nss-disable-ocsp-test.patch
Patch8: nss-sqlitename.patch
Patch9: nss-bmo1236011.patch
Patch10: nss_gcc6_change.patch
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
PreReq: mozilla-nspr >= %nspr_ver
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
PreReq: libsoftokn3 >= %{nss_softokn_fips_version}
%if %{_lib} == lib64
Requires: libnssckbi.so()(64bit)
%else
Requires: libnssckbi.so
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
%ifnarch %sparc
%if ! 0%{?qemu_user_space_build}
# disabled temporarily bmo#1236340
%define run_testsuite 0
%endif
%endif
%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package devel
Summary: Network (Netscape) Security Services development files
Group: Development/Libraries/Other
Requires: libfreebl3
Requires: libsoftokn3
Requires: mozilla-nspr-devel >= 4.9
Requires: mozilla-nss = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-devel-64bit
%endif
%description devel
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package tools
Summary: Tools for developing, debugging, and managing applications that use NSS
Group: System/Management
PreReq: mozilla-nss >= %{version}
%description tools
The NSS Security Tools allow developers to test, debug, and manage
applications that use NSS.
%package sysinit
Summary: System NSS Initialization
Group: System/Management
Requires: mozilla-nss >= %{version}
Requires(post): coreutils
%description sysinit
Default Operation System module that manages applications loading
NSS globally on the system. This module loads the system defined
PKCS #11 modules for NSS and chains with other NSS modules to load
any system or user configured modules.
%package -n libfreebl3
Summary: Freebl library for the Network Security Services
Group: System/Libraries
Provides: libfreebl3-hmac
%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
This package installs the freebl library from NSS.
%package -n libsoftokn3
Summary: Network Security Services Softoken Module
Group: System/Libraries
Requires: libfreebl3 = %{version}-%{release}
Provides: libsoftokn3-hmac
%description -n libsoftokn3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
Network Security Services Softoken Cryptographic Module
%package certs
Summary: CA certificates for NSS
Group: Productivity/Networking/Security
%description certs
This package contains the integrated CA root certificates from the
Mozilla project.
%prep
%setup -n nss-%{version} -q
cd nss
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%if %suse_version > 1110
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate
%build
cd nss
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
export LIBDIR=%{_libdir}
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64
export USE_64=1
%endif
export NSS_USE_SYSTEM_SQLITE=1
#export SQLITE_LIB_NAME=nsssqlite3
MAKE_FLAGS="BUILD_OPT=1"
make nss_build_all $MAKE_FLAGS
# run testsuite
%if 0%{?run_testsuite}
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd tests
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
echo "Testsuite FAILED"
exit 1
fi
%endif
%install
cd nss
mkdir -p $RPM_BUILD_ROOT%{_libdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
pushd ../dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
# copy some freebl include files we also want
for file in blapi.h alghmac.h
do
cp -L ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# copy dynamic libs
cp -L lib/libnss3.so \
lib/libnssdbm3.so \
lib/libnssdbm3.chk \
lib/libnssutil3.so \
lib/libnssckbi.so \
lib/libnsssysinit.so \
lib/libsmime3.so \
lib/libsoftokn3.so \
lib/libsoftokn3.chk \
lib/libssl3.so \
$RPM_BUILD_ROOT%{_libdir}
cp -L lib/libfreebl3.so \
lib/libfreebl3.chk \
$RPM_BUILD_ROOT/%{_lib}
#cp -L lib/libnsssqlite3.so \
# $RPM_BUILD_ROOT%{_libdir}
# copy static libs
cp -L lib/libcrmf.a \
lib/libfreebl.a \
lib/libnssb.a \
lib/libnssckfw.a \
$RPM_BUILD_ROOT%{_libdir}
# copy tools
cp -L bin/certutil \
bin/cmsutil \
bin/crlutil \
bin/modutil \
bin/pk12util \
bin/signtool \
bin/signver \
bin/ssltap \
$RPM_BUILD_ROOT%{_bindir}
# copy unsupported tools
cp -L bin/atob \
bin/btoa \
bin/derdump \
bin/ocspclnt \
bin/pp \
bin/selfserv \
bin/shlibsign \
bin/strsclnt \
bin/symkeyutil \
bin/tstclnt \
bin/vfyserv \
bin/vfychain \
$RPM_BUILD_ROOT%{_libexecdir}/nss
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
s:%%VERSION%%:%{version}:g
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
%{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'`
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | gawk '{print $3}'`
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | gawk '{print $3}'`
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
> $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
# setup-nsssysinfo.sh
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/
# create empty NSS database
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/*
#sed "s:%{buildroot}::g
#s/^library=$/library=libnsssysinit.so/
#/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
# $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed
# mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,}
# copy empty NSS database
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir}
# create shlib sigs after extracting debuginfo
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
%{nil}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post -n libfreebl3 -p /sbin/ldconfig
%postun -n libfreebl3 -p /sbin/ldconfig
%post -n libsoftokn3 -p /sbin/ldconfig
%postun -n libsoftokn3 -p /sbin/ldconfig
%post sysinit
/sbin/ldconfig
# make sure the current config is enabled
%{_sbindir}/setup-nsssysinit.sh on
%preun sysinit
if [ $1 = 0 ]; then
%{_sbindir}/setup-nsssysinit.sh off
fi
%postun sysinit -p /sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, root, root)
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libsmime3.so
%{_libdir}/libssl3.so
#%{_libdir}/libnsssqlite3.so
%files devel
%defattr(644, root, root, 755)
%{_includedir}/nss3/
%{_libdir}/*.a
%{_libdir}/pkgconfig/*
%attr(755,root,root) %{_bindir}/nss-config
%files tools
%defattr(-, root, root)
%{_bindir}/*
%exclude %{_sbindir}/setup-nsssysinit.sh
%{_libexecdir}/nss/
%exclude %{_bindir}/nss-config
%files sysinit
%defattr(-, root, root)
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
%{_libdir}/libnsssysinit.so
%{_sbindir}/setup-nsssysinit.sh
%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so
/%{_lib}/libfreebl3.chk
%files -n libsoftokn3
%defattr(-, root, root)
%{_libdir}/libsoftokn3.so
%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssdbm3.chk
%files certs
%defattr(-, root, root)
%{_libdir}/libnssckbi.so
%changelog
++++++ baselibs.conf ++++++
mozilla-nss
requires "libfreebl3-<targettype>"
requires "libsoftokn3-<targettype>"
requires "mozilla-nss-certs-<targettype>"
libsoftokn3
requires "libfreebl3-<targettype> = <version>"
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
+/lib/libfreebl3.chk
mozilla-nss-sysinit
mozilla-nss-certs
++++++ malloc.patch ++++++
Index: security/nss/tests/ssl/ssl.sh
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v
retrieving revision 1.100
diff -u -r1.100 ssl.sh
--- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100
+++ nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000
@@ -974,6 +974,7 @@
################################# main #################################
+unset MALLOC_CHECK_
ssl_init
ssl_run_tests
ssl_cleanup
++++++ mozilla-nss-rpmlintrc ++++++
addFilter("shlib-policy-name-error")
addFilter("shlib-policy-missing-lib")
addFilter("shlib-policy-missing-suffix")
addFilter("shlib-unversioned-lib")
addFilter("shlib-fixed-dependency")
++++++ nss-bmo1236011.patch ++++++
diff --git a/cmd/modutil/install-ds.h b/nss/cmd/modutil/install-ds.h
--- a/cmd/modutil/install-ds.h
+++ b/cmd/modutil/install-ds.h
@@ -238,17 +238,17 @@ struct Pk11Install_Info_str {
int numPlatforms;
Pk11Install_PlatformName *forwardCompatible;
int numForwardCompatible;
};
Pk11Install_Info*
Pk11Install_Info_new();
void
-Pk11Install_Info_init();
+Pk11Install_Info_init(Pk11Install_Info* _this);
void
Pk11Install_Info_delete(Pk11Install_Info* _this);
/*// Returns NULL for success, error message if parse error.*/
char*
Pk11Install_Info_Generate(Pk11Install_Info* _this,
const Pk11Install_ValueList *list);
/*// Returns NULL if there is no matching platform*/
Pk11Install_Platform*
++++++ nss-config.in ++++++
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <