Hello community,
here is the log from the commit of package mozilla-nss.5440 for openSUSE:13.2:Update checked in at 2016-08-04 21:50:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/mozilla-nss.5440 (Old)
and /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5440.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss.5440"
Changes:
--------
New Changes file:
--- /dev/null 2016-07-07 10:01:34.856033756 +0200
+++ /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5440.new/mozilla-nss.changes 2016-08-04 21:50:11.000000000 +0200
@@ -0,0 +1,1679 @@
+-------------------------------------------------------------------
+Sat Jul 30 08:53:02 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.24
+ New functionality:
+ * NSS softoken has been updated with the latest National Institute
+ of Standards and Technology (NIST) guidance (as of 2015):
+ - Software integrity checks and POST functions are executed on
+ shared library load. These checks have been disabled by default,
+ as they can cause a performance regression. To enable these
+ checks, you must define symbol NSS_FORCE_FIPS when building NSS.
+ - Counter mode and Galois/Counter Mode (GCM) have checks to
+ prevent counter overflow.
+ - Additional CSPs are zeroed in the code.
+ - NSS softoken uses new guidance for how many Rabin-Miller tests
+ are needed to verify a prime based on prime size.
+ * NSS softoken has also been updated to allow NSS to run in FIPS
+ Level 1 (no password). This mode is triggered by setting the
+ database password to the empty string. In FIPS mode, you may move
+ from Level 1 to Level 2 (by setting an appropriate password),
+ but not the reverse.
+ * A SSL_ConfigServerCert function has been added for configuring
+ SSL/TLS server sockets with a certificate and private key. Use
+ this new function in place of SSL_ConfigSecureServer,
+ SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses,
+ and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically
+ determines the certificate type from the certificate and private key.
+ The caller is no longer required to use SSLKEAType explicitly to
+ select a "slot" into which the certificate is configured (which
+ incorrectly identifies a key agreement type rather than a certificate).
+ Separate functions for configuring Online Certificate Status Protocol
+ (OCSP) responses or Signed Certificate Timestamps are not needed,
+ since these can be added to the optional SSLExtraServerCertData struct
+ provided to SSL_ConfigServerCert. Also, partial support for RSA
+ Probabilistic Signature Scheme (RSA-PSS) certificates has been added.
+ Although these certificates can be configured, they will not be
+ used by NSS in this version.
+ New functions
+ * SSL_ConfigServerCert - Configures an SSL/TLS socket with a
+ certificate, private key, and other information.
+ * PORT_InitCheapArena - Initializes an arena that was created on
+ the stack. (See PORTCheapArenaPool.=
+ * PORT_DestroyCheapArena - Destroys an arena that was created on
+ the stack. (See PORTCheapArenaPool.)
+ New types
+ * SSLExtraServerCertData - Optionally passed as an argument to
+ SSL_ConfigServerCert. This struct contains supplementary information
+ about a certificate, such as the intended type of the certificate,
+ stapled OCSP responses, or Signed Certificate Timestamps (used for
+ certificate transparency).
+ * PORTCheapArenaPool - A stack-allocated arena pool, to be used for
+ temporary arena allocations.
+ New macros
+ * CKM_TLS12_MAC
+ * SEC_OID_TLS_ECDHE_PSK - This OID governs the use of the
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is used
+ only for session resumption in TLS 1.3.
+ Notable changes:
+ * Deprecate the following functions. (Applications should instead use the new
+ SSL_ConfigServerCert function.):
+ - SSL_SetStapledOCSPResponses
+ - SSL_SetSignedCertTimestamps
+ - SSL_ConfigSecureServer
+ - SSL_ConfigSecureServerWithCertChain
+ * Deprecate the NSS_FindCertKEAType function, as it reports a misleading
+ value for certificates that might be used for signing rather than
+ key exchange.
+ * Update SSLAuthType to define a larger number of authentication key types.
+ * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo.
+ Instead, applications should use the newly added attribute authType.
+ * Rename ssl_auth_rsa to ssl_auth_rsa_decrypt.
+ * Add a shared library (libfreeblpriv3) on Linux platforms that
+ define FREEBL_LOWHASH.
+ * Remove most code related to SSL v2, including the ability to actively
+ send a SSLv2-compatible client hello. However, the server-side
+ implementation of the SSL/TLS protocol still supports processing
+ of received v2-compatible client hello messages.
+ * Disable (by default) NSS support in optimized builds for logging SSL/TLS
+ key material to a logfile if the SSLKEYLOGFILE environment variable
+ is set. To enable the functionality in optimized builds, you must define
+ the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS.
+ * Update NSS to protect it against the Cachebleed attack.
+ * Disable support for DTLS compression.
+ * Improve support for TLS 1.3. This includes support for DTLS 1.3.
+ Note that TLS 1.3 support is experimental and not suitable for
+ production use.
+- removed obsolete nss-bmo1236011.patch
+
+-------------------------------------------------------------------
+Thu May 26 05:59:03 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.23
+ New functionality:
+ * ChaCha20/Poly1305 cipher and TLS cipher suites now supported
+ * Experimental-only support TLS 1.3 1-RTT mode (draft-11).
+ This code is not ready for production use.
+ New functions:
+ * SSL_SetDowngradeCheckVersion - Set maximum version for new
+ ServerRandom anti-downgrade mechanism. Clients that perform a
+ version downgrade (which is generally a very bad idea) call this
+ with the highest version number that they possibly support.
+ This gives them access to the version downgrade protection from
+ TLS 1.3.
+ Notable changes:
+ * The copy of SQLite shipped with NSS has been updated to version
+ 3.10.2
+ * The list of TLS extensions sent in the TLS handshake has been
+ reordered to increase compatibility of the Extended Master Secret
+ with with servers
+ * The build time environment variable NSS_ENABLE_ZLIB has been
+ renamed to NSS_SSL_ENABLE_ZLIB
+ * The build time environment variable NSS_DISABLE_CHACHAPOLY was
+ added, which can be used to prevent compilation of the
+ ChaCha20/Poly1305 code.
+ * The following CA certificates were Removed
+ - Staat der Nederlanden Root CA
+ - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
+ - NetLock Kozjegyzoi (Class A) Tanusitvanykiado
+ - NetLock Uzleti (Class B) Tanusitvanykiado
+ - NetLock Expressz (Class C) Tanusitvanykiado
+ - VeriSign Class 1 Public PCA – G2
+ - VeriSign Class 3 Public PCA
+ - VeriSign Class 3 Public PCA – G2
+ - CA Disig
+ * The following CA certificates were Added
+ + SZAFIR ROOT CA2
+ + Certum Trusted Network CA 2
+ * The following CA certificate had the Email trust bit turned on
+ + Actalis Authentication Root CA
+ Security fixes:
+ * CVE-2016-2834: Memory safety bugs (boo#983639)
+ MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037
+- removed obsolete nss_gcc6_change.patch
+
+-------------------------------------------------------------------
+Mon Apr 18 15:53:40 UTC 2016 - normand@linux.vnet.ibm.com
+
+- add nss_gcc6_change.patch
+
+-------------------------------------------------------------------
+Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.3
+ * required for Firefox 46.0
+ * Increase compatibility of TLS extended master secret,
+ don't send an empty TLS extension last in the handshake
+ (bmo#1243641)
+ * Fixed a heap-based buffer overflow related to the parsing of
+ certain ASN.1 structures. An attacker could create a specially-crafted
+ certificate which, when parsed by NSS, would cause a crash or
+ execution of arbitrary code with the permissions of the user.
+ (CVE-2016-1950, bmo#1245528)
+
+-------------------------------------------------------------------
+Wed Mar 9 15:42:01 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.2
+ New functionality:
+ * RSA-PSS signatures are now supported (bmo#1215295)
+ * Pseudorandom functions based on hashes other than SHA-1 are now supported
+ * Enforce an External Policy on NSS from a config file (bmo#1009429)
+ New functions:
+ * PK11_SignWithMechanism - an extended version PK11_Sign()
+ * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
+ * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
+ TLS extension data
+ * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
+ TLS extension data
+ New types:
+ * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
+ * Constants for several object IDs are added to SECOidTag
+ New macros:
+ * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
+ * NSS_USE_ALG_IN_SSL
+ * NSS_USE_POLICY_IN_SSL
+ * NSS_RSA_MIN_KEY_SIZE
+ * NSS_DH_MIN_KEY_SIZE
+ * NSS_DSA_MIN_KEY_SIZE
+ * NSS_TLS_VERSION_MIN_POLICY
+ * NSS_TLS_VERSION_MAX_POLICY
+ * NSS_DTLS_VERSION_MIN_POLICY
+ * NSS_DTLS_VERSION_MAX_POLICY
+ * CKP_PKCS5_PBKD2_HMAC_SHA224
+ * CKP_PKCS5_PBKD2_HMAC_SHA256
+ * CKP_PKCS5_PBKD2_HMAC_SHA384
+ * CKP_PKCS5_PBKD2_HMAC_SHA512
+ * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
+ * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
+ * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
+ Notable changes:
+ * NSS C++ tests are built by default, requiring a C++11 compiler.
+ Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
+ * NSS has been changed to use the PR_GetEnvSecure function that
+ was made available in NSPR 4.12
+
+-------------------------------------------------------------------
+Mon Mar 7 15:41:50 UTC 2016 - wr@rosenauer.org
++++ 1482 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.2:Update/.mozilla-nss.5440.new/mozilla-nss.changes
New:
----
baselibs.conf
cert9.db
key4.db
malloc.patch
mozilla-nss-rpmlintrc
mozilla-nss.changes
mozilla-nss.spec
nss-3.24.tar.gz
nss-config.in
nss-disable-ocsp-test.patch
nss-no-rpath.patch
nss-opt.patch
nss-sqlitename.patch
nss.pc.in
pkcs11.txt
renegotiate-transitional.patch
setup-nsssysinit.sh
system-nspr.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
#
# spec file for package mozilla-nss
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2006-2016 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global nss_softokn_fips_version 3.21
Name: mozilla-nss
BuildRequires: gcc-c++
BuildRequires: mozilla-nspr-devel >= 4.12
BuildRequires: pkg-config
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
Version: 3.24
Release: 0
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-64bit
%endif
#
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
Url: http://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_24_RTM/src/nss-%{version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-3.24/nss ; cd nss-3.24/nss ; hg up NSS_3_24_RTM
#Source: nss-%{version}.tar.gz
Source1: nss.pc.in
Source3: nss-config.in
Source4: %{name}-rpmlintrc
Source5: baselibs.conf
Source6: setup-nsssysinit.sh
Source7: cert9.db
Source8: key4.db
Source9: pkcs11.txt
#Source10: PayPalEE.cert
Source99: %{name}.changes
Patch1: nss-opt.patch
Patch2: system-nspr.patch
Patch4: nss-no-rpath.patch
Patch5: renegotiate-transitional.patch
Patch6: malloc.patch
Patch7: nss-disable-ocsp-test.patch
Patch8: nss-sqlitename.patch
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
PreReq: mozilla-nspr >= %nspr_ver
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
PreReq: libsoftokn3 >= %{nss_softokn_fips_version}
%if %{_lib} == lib64
Requires: libnssckbi.so()(64bit)
%else
Requires: libnssckbi.so
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
%ifnarch %sparc
%if ! 0%{?qemu_user_space_build}
# disabled temporarily bmo#1236340
%define run_testsuite 0
%endif
%endif
%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package devel
Summary: Network (Netscape) Security Services development files
Group: Development/Libraries/Other
Requires: libfreebl3
Requires: libsoftokn3
Requires: mozilla-nspr-devel >= 4.9
Requires: mozilla-nss = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes: mozilla-nss-devel-64bit
%endif
%description devel
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
%package tools
Summary: Tools for developing, debugging, and managing applications that use NSS
Group: System/Management
PreReq: mozilla-nss >= %{version}
%description tools
The NSS Security Tools allow developers to test, debug, and manage
applications that use NSS.
%package sysinit
Summary: System NSS Initialization
Group: System/Management
Requires: mozilla-nss >= %{version}
Requires(post): coreutils
%description sysinit
Default Operation System module that manages applications loading
NSS globally on the system. This module loads the system defined
PKCS #11 modules for NSS and chains with other NSS modules to load
any system or user configured modules.
%package -n libfreebl3
Summary: Freebl library for the Network Security Services
Group: System/Libraries
Provides: libfreebl3-hmac
%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
This package installs the freebl library from NSS.
%package -n libsoftokn3
Summary: Network Security Services Softoken Module
Group: System/Libraries
Requires: libfreebl3 = %{version}-%{release}
Provides: libsoftokn3-hmac
%description -n libsoftokn3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
Network Security Services Softoken Cryptographic Module
%package certs
Summary: CA certificates for NSS
Group: Productivity/Networking/Security
%description certs
This package contains the integrated CA root certificates from the
Mozilla project.
%prep
%setup -n nss-%{version} -q
cd nss
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%if %suse_version > 1110
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate
%build
cd nss
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
export LIBDIR=%{_libdir}
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64
export USE_64=1
%endif
export NSS_USE_SYSTEM_SQLITE=1
#export SQLITE_LIB_NAME=nsssqlite3
MAKE_FLAGS="BUILD_OPT=1"
make nss_build_all $MAKE_FLAGS
# run testsuite
%if 0%{?run_testsuite}
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd tests
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
echo "Testsuite FAILED"
exit 1
fi
%endif
%install
cd nss
mkdir -p $RPM_BUILD_ROOT%{_libdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
pushd ../dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
# copy some freebl include files we also want
for file in blapi.h alghmac.h
do
cp -L ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# copy dynamic libs
cp -L lib/libnss3.so \
lib/libnssdbm3.so \
lib/libnssdbm3.chk \
lib/libnssutil3.so \
lib/libnssckbi.so \
lib/libnsssysinit.so \
lib/libsmime3.so \
lib/libsoftokn3.so \
lib/libsoftokn3.chk \
lib/libssl3.so \
$RPM_BUILD_ROOT%{_libdir}
cp -L lib/libfreebl3.so \
lib/libfreebl3.chk \
lib/libfreeblpriv3.so \
lib/libfreeblpriv3.chk \
$RPM_BUILD_ROOT/%{_lib}
#cp -L lib/libnsssqlite3.so \
# $RPM_BUILD_ROOT%{_libdir}
# copy static libs
cp -L lib/libcrmf.a \
lib/libfreebl.a \
lib/libnssb.a \
lib/libnssckfw.a \
$RPM_BUILD_ROOT%{_libdir}
# copy tools
cp -L bin/certutil \
bin/cmsutil \
bin/crlutil \
bin/modutil \
bin/pk12util \
bin/signtool \
bin/signver \
bin/ssltap \
$RPM_BUILD_ROOT%{_bindir}
# copy unsupported tools
cp -L bin/atob \
bin/btoa \
bin/derdump \
bin/ocspclnt \
bin/pp \
bin/selfserv \
bin/shlibsign \
bin/strsclnt \
bin/symkeyutil \
bin/tstclnt \
bin/vfyserv \
bin/vfychain \
$RPM_BUILD_ROOT%{_libexecdir}/nss
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
s:%%VERSION%%:%{version}:g
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
%{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'`
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | gawk '{print $3}'`
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | gawk '{print $3}'`
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
> $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
# setup-nsssysinfo.sh
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/
# create empty NSS database
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/*
#sed "s:%{buildroot}::g
#s/^library=$/library=libnsssysinit.so/
#/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
# $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed
# mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,}
# copy empty NSS database
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir}
# create shlib sigs after extracting debuginfo
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
%{nil}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post -n libfreebl3 -p /sbin/ldconfig
%postun -n libfreebl3 -p /sbin/ldconfig
%post -n libsoftokn3 -p /sbin/ldconfig
%postun -n libsoftokn3 -p /sbin/ldconfig
%post sysinit
/sbin/ldconfig
# make sure the current config is enabled
%{_sbindir}/setup-nsssysinit.sh on
%preun sysinit
if [ $1 = 0 ]; then
%{_sbindir}/setup-nsssysinit.sh off
fi
%postun sysinit -p /sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-, root, root)
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libsmime3.so
%{_libdir}/libssl3.so
#%{_libdir}/libnsssqlite3.so
%files devel
%defattr(644, root, root, 755)
%{_includedir}/nss3/
%{_libdir}/*.a
%{_libdir}/pkgconfig/*
%attr(755,root,root) %{_bindir}/nss-config
%files tools
%defattr(-, root, root)
%{_bindir}/*
%exclude %{_sbindir}/setup-nsssysinit.sh
%{_libexecdir}/nss/
%exclude %{_bindir}/nss-config
%files sysinit
%defattr(-, root, root)
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
%{_libdir}/libnsssysinit.so
%{_sbindir}/setup-nsssysinit.sh
%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so
/%{_lib}/libfreebl3.chk
/%{_lib}/libfreeblpriv3.so
/%{_lib}/libfreeblpriv3.chk
%files -n libsoftokn3
%defattr(-, root, root)
%{_libdir}/libsoftokn3.so
%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssdbm3.chk
%files certs
%defattr(-, root, root)
%{_libdir}/libnssckbi.so
%changelog
++++++ baselibs.conf ++++++
mozilla-nss
requires "libfreebl3-<targettype>"
requires "libsoftokn3-<targettype>"
requires "mozilla-nss-certs-<targettype>"
libsoftokn3
requires "libfreebl3-<targettype> = <version>"
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
+/lib/libfreebl3.chk
mozilla-nss-sysinit
mozilla-nss-certs
++++++ malloc.patch ++++++
Index: security/nss/tests/ssl/ssl.sh
===================================================================
RCS file: /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v
retrieving revision 1.100
diff -u -r1.100 ssl.sh
--- security/nss/tests/ssl/ssl.sh 26 Mar 2009 23:14:34 -0000 1.100
+++ nss/tests/ssl/ssl.sh 6 Jun 2009 06:21:07 -0000
@@ -974,6 +974,7 @@
################################# main #################################
+unset MALLOC_CHECK_
ssl_init
ssl_run_tests
ssl_cleanup
++++++ mozilla-nss-rpmlintrc ++++++
addFilter("shlib-policy-name-error")
addFilter("shlib-policy-missing-lib")
addFilter("shlib-policy-missing-suffix")
addFilter("shlib-unversioned-lib")
addFilter("shlib-fixed-dependency")
++++++ nss-config.in ++++++
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <