From 113f941fb1fa95e0f5b449244a66ce710855d012 Mon Sep 17 00:00:00 2001
From: Automatic Build System <autodist@mambasoft.it>
Date: Sat, 6 Jan 2024 05:12:50 +0100
Subject: [PATCH] automatic version update by autodist [release
 3.16.1-1mamba;Sat May 10 2014]

---
 README.md                                     |   3 +
 blank-cert8.db                                | Bin 0 -> 65536 bytes
 blank-cert9.db                                | Bin 0 -> 9216 bytes
 blank-key3.db                                 | Bin 0 -> 16384 bytes
 blank-key4.db                                 | Bin 0 -> 11264 bytes
 blank-secmod.db                               | Bin 0 -> 16384 bytes
 libnss-3.12.3-enable-pem.patch                |  12 +
 libnss-3.12.3-no-rpath.patch                  |  14 +
 libnss-3.12.3-nolocalsql.patch                |  52 +++
 libnss-3.12.3-stubs-bug502133.patch           |  23 +
 libnss-3.12.9-enable-pem.patch                |  12 +
 ...-3.12.9-honor-user-trust-preferences.patch | 133 ++++++
 ...12.9-ipv6-type-connections-bug539183.patch |  33 ++
 libnss-3.12.9-nsspem-642433.patch             |  52 +++
 libnss-3.12.9-renegotiate-transitional.patch  |  12 +
 libnss-3.12.9-system-nspr.patch               |  11 +
 libnss-3.15.1-lfs-buildfixes.patch            | 241 +++++++++++
 libnss-3.15.1-opt_flags.patch                 |  15 +
 libnss-3.15.4-add-missing-RSA_BlockOAEP.patch |  10 +
 libnss.spec                                   | 398 ++++++++++++++++++
 nss-config.in                                 | 144 +++++++
 nss-pkcs11.txt                                |   4 +
 nss.pc.in                                     |  11 +
 setup-nsssysinit.sh                           |  68 +++
 24 files changed, 1248 insertions(+)
 create mode 100644 blank-cert8.db
 create mode 100644 blank-cert9.db
 create mode 100644 blank-key3.db
 create mode 100644 blank-key4.db
 create mode 100644 blank-secmod.db
 create mode 100644 libnss-3.12.3-enable-pem.patch
 create mode 100644 libnss-3.12.3-no-rpath.patch
 create mode 100644 libnss-3.12.3-nolocalsql.patch
 create mode 100644 libnss-3.12.3-stubs-bug502133.patch
 create mode 100644 libnss-3.12.9-enable-pem.patch
 create mode 100644 libnss-3.12.9-honor-user-trust-preferences.patch
 create mode 100644 libnss-3.12.9-ipv6-type-connections-bug539183.patch
 create mode 100644 libnss-3.12.9-nsspem-642433.patch
 create mode 100644 libnss-3.12.9-renegotiate-transitional.patch
 create mode 100644 libnss-3.12.9-system-nspr.patch
 create mode 100644 libnss-3.15.1-lfs-buildfixes.patch
 create mode 100644 libnss-3.15.1-opt_flags.patch
 create mode 100644 libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
 create mode 100644 libnss.spec
 create mode 100644 nss-config.in
 create mode 100644 nss-pkcs11.txt
 create mode 100644 nss.pc.in
 create mode 100644 setup-nsssysinit.sh

diff --git a/README.md b/README.md
index a85a205..106f655 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,5 @@
 # libnss
 
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
diff --git a/blank-cert8.db b/blank-cert8.db
new file mode 100644
index 0000000000000000000000000000000000000000..ac40a3325724b598ba93a314d250bd03eb7f479f
GIT binary patch
literal 65536
zcmeI)F$w}P5CFjS6uHXI_nfb=x3I9e1Fe0AAM*=#)`FF2lC!k)NHq&fmLz1uJYZwF
z-bF+cvA9NTQW>j=Sz2;N`z_LW*_fBL9F3PQ{rQ&ma^yQXt4BNjr+Qxv2@oJafB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+z*GWFJiAACPx%%E2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+Kt+Kz4G-AvkEg@XPc=rs
zI|K+2AV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!Cs>0<Vg52ecwUfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7ehYj6JGXse

literal 0
HcmV?d00001

diff --git a/blank-cert9.db b/blank-cert9.db
new file mode 100644
index 0000000000000000000000000000000000000000..1763264e7842df0b349d57432012b11a394513ba
GIT binary patch
literal 9216
zcmeHLO>fgc5Vh+h1tiW9;*dQy5{Lb;UH5{TrbbFBX&VxW9#CZ`t`rEZXcCEkfW(1+
z#DzP*hzmQ<YsYO*&|D(ck|)nQGjC>}*YV14&yJ^yj9p&ed`cEfIW@<1oqfg}$8q&p
zJ?i?RI#$KixO*6h-ftRj<UjX9?0{9kD)0~m#8#sjw_Im>HOaorKhN}2eUU5|*SNm8
zn$J&{>1;Z_5GB;rYVK32S$jxfn`;%Y3T&zZPpEPG{BP>*vwd3y9;5)h|6S+EagMxS
z6{4@o-EOv8?)PAkq_eEtGn8PfJBT~Om<>Az$1$Vfe@MZOgzZcx>~zq3(;1wz*YP<U
z^?PTdn4R=l_oV;oxYr%B&cVrG_<|)|pF*EfpNcRBXhhIZM3)g=M!2Mq$R`t!3CZk|
ziOB4cNywzy?175s7L1%Y1kdXbi{L~fIPnNhM1m8O;6x=jaS2Xjf{)3X_VWI~EOQKI
z31$gq31$gq31$gqg)D_Eg)D_Eg{%<X5Z(~p5Z*BNf-?l?E+V0ifIt#6m7H=VW-8IG
z&-Eb%4I4<j3egJD3enn$kUWrLd?@8}s_jE5A4>VC>Z7WU`w}2G09ydI0J-BVP`(O?
z(m>)hkS1mzRWOjIXdungKoZbEQZa`R#lTe><T0bGw6I7ESM6w6w4-6sj)p}$8Wy}7
z7VT(Q@M>7$r8Pr^^(ZYI18MabNK44T$qHsGcv(U$ggiD~wUbgilOW-f6pBZ5Z#iVA
zSYL&EZTtSO{Oeh075L8-p!a`$>!;&=^L}`TUQI)LSOqpnf&E6K*=)Jz_|P@}m`o?-
zCiSt|r1tuU@jC_|Z7WMZ+tE8U*?w6E!w3wsB+X`J#G_jb@ZDul?ZaB5`Ml-6&p*8_
z(+}BrQ8H}bVwmUNyBvax_TPWN^EzIm`K*}wbUt5ZH)Y-Wt-87MZrMoK_x}d1bla*`
fVBHGX{r|cZwR~2A%~8NU|C@8KY^PR%bt~`(>auiN

literal 0
HcmV?d00001

diff --git a/blank-key3.db b/blank-key3.db
new file mode 100644
index 0000000000000000000000000000000000000000..31e39756693147dbe949a0d5888cd6131277f69a
GIT binary patch
literal 16384
zcmeI$u}cDR6u|L!U5b$Lb8%{I3S625K^KSiK$?O}C9A_LFL1Gj2p4gR=5PvHf`+DO
zyftu_3dzluhAT+ycUOOb!-epD@c2F6`@#G18GjN_TOzU`ve*|%=~9v+hCYIn#9yK3
zVZ#j1a3o=USw9)-UJ${ZAR~{&?|UNO%R&SYKmY**5I_I{1Q0*~0R-knATD3(Q;pR?
zJ*g|z)j1^)KmY**5I_I{1Q0*~0R#|0AX))4Wjt;kz2BU9r=wSYdR_4LWofOw(e{^(
zWXv#gZ_ir~y=EtyFAQt`%I%@$x=p81$&_o=^1;2@Ud<Kn&Mzt-FW>84Yu9#mEIZ>`
z_OV&2Hrzd@J}>_iyb}Qg5I_I{1Q0*~0R#|0009JM7nnr*pTRZ+5I_I{1Q0*~0R#|0
L009IL_y>U>%c-RO

literal 0
HcmV?d00001

diff --git a/blank-key4.db b/blank-key4.db
new file mode 100644
index 0000000000000000000000000000000000000000..987ffe0807602dd96217bc6d6053dca551027bb9
GIT binary patch
literal 11264
zcmeHL&ubGw6yDiQHr2M^!4j$lCI_KW(V5-NHU*KUX<Cc5KVn3SO4u}8h^AJX)D{Fm
zlnOm4UPTc>4<5W#5WS1&-T%OY2Ty_?^x(X=yKYJlB)u4!B|H1=oA<u==G)oqFsEiG
zs|}YfEG;iO4QeV8g%D+!QbkczaW)^ixFJo3X53_Mg;5C9en5xrU0QvlMJgZ_Xj=hO
z)#KwyqEs(e+_n1Ens}#6&Prnm?@O2K^_k`BHAfhEh()pp>4lV$w)4tBsen|VgB92b
zwafRvgP))*T`JJN0`UDO%DAG8Yacw8J2r{MlSy)Su;G+zZn$0uk(w*yv&B3uW=AIT
z6zpvUc}o&HP_59J!o<mJVUC{2&(YIU6SJrDbb5;Brl-axCvrua9hoi^4^fASlZ(?3
zrwJGhVBuiOz-<O@Gk6Ow84H>;G&VGY&}5()g2sWSESe#tVqS}k3^+LR@&F5GK*JgE
za0W!20TX9H#TjsM24tMgL+h94)rZW6hmqMpW&@cGWHyl5KxPA(O^h-z%ETxWqfCsl
zvDe048+&c+wY^^Cw2^ZVJy9Qy0vR|`gF&o;BQ>yEi;2VFVD=&Kn&@q!w~5}O6J0z<
z@Uc)Si$QJ+m9kJN3$t37)xzhJ#@IBnrI9U-vGZ=)w9GV6`Ve@12m|vWWbh#j(T6Zj
zAA*2B1Qk7qqWCZjLwS5_7-k1yc36&pK{)~j<p>y*BVfQQU{H>L0k42fyf9}Vv9Q9#
z@gd9}AHo#!VI_oa2p4`soCuz8IV`6P<y6uRtCUgk3_M$gvV*T>+CwS%{cr!jQ$|V!
zI$eQYbyJC{eTufOz0r=TKh;-ipL(m)M<wgumIAd{ES^Y^n+I_Pxac;VQK#Vq*PUBd
ze}VOHmT`sr%w#r~KSag$)S~#z!^KD)>C)r5#Gm%A0{#*YP`4OcWJK5F@gzBi8(j03
zoN6Upp6>7qoR}KTpQYFdtI5!T4u}<+ks6L7#~I|PIc2vNx^!*fz|Iy9Gc^{`<9m~&
z<ZZjHlrOsTjgTX@g`@6ux3F-=Q|)ZuX*o@g_XiSG>-80PIm{j1lH2QTNuA;H`@gLh
zMFvX+I$Hs`{_pJPC##nVY)1k4{%=P;87md&Yz1)tUwf>GpFE@jQh|R<ff9)(teag|
zoO*qAX}Pj7@c7f<i);JW_Pu&|a&vX_%$<!V>?j-1yAP}%U;o}qdZI*Q{gK^?cgY8t
z>*p`b?s<Fr{^--^U*10}s)R&#J^H+F_1nwp;jVEdd*j~gkMR8`+E+#V<RKN13jF^H
L^k@kZ{GpIvXKdN~

literal 0
HcmV?d00001

diff --git a/blank-secmod.db b/blank-secmod.db
new file mode 100644
index 0000000000000000000000000000000000000000..9a028078d61e7d1e7df5f3269801a2d04e71afc6
GIT binary patch
literal 16384
zcmeI&!AiqG5P;#aO6ftU7jGg99`;r!o)-^2Nl^-Uf|%Wu&@_Rxf*w5j2;O}rUqN3(
zbdnWB1dk=iKQQcOcE}Fjd1ZK<ipW6Z;6>y}w{j@5r%RhM`r7DuSJ>~??kF}rRS&OP
zYoqOHbLTON^X&XyE<^wU1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILK%g%I
z19=;}@wsMSCSnc*5I_I{1Q0*~0R#|0009L0CNLBuk3U|Y&vitv8H*>^Nn$RmZD^{r
zG>iExF=x}MxvKqb8MJGb)m2_BebG2Ou_g=6cF}~qxO3K;Rk;8D*o16dduQW1@i*4w
uWxCur6W`%K%Z1Y)o@)MzzlM1KAP_(R0R#|0009ILKmY**5J2F+3w#1IM<MzE

literal 0
HcmV?d00001

diff --git a/libnss-3.12.3-enable-pem.patch b/libnss-3.12.3-enable-pem.patch
new file mode 100644
index 0000000..665a148
--- /dev/null
+++ b/libnss-3.12.3-enable-pem.patch
@@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
+@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
+ 
+ CORE_DEPTH = ../../..
+ 
+-DIRS = builtins 
++DIRS = builtins pem
+ 
+ PRIVATE_EXPORTS = \
+ 	ck.h		  \
diff --git a/libnss-3.12.3-no-rpath.patch b/libnss-3.12.3-no-rpath.patch
new file mode 100644
index 0000000..35ea573
--- /dev/null
+++ b/libnss-3.12.3-no-rpath.patch
@@ -0,0 +1,14 @@
+--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2007-02-19 07:17:06.000000000 +0100
++++ ./mozilla/security/nss/cmd/platlibs.mk	2007-02-19 07:18:07.000000000 +0100
+@@ -52,9 +52,9 @@
+ 
+ ifeq ($(OS_ARCH), Linux)
+ ifeq ($(USE_64), 1)
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+ else
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+ endif
+ endif
+ 
diff --git a/libnss-3.12.3-nolocalsql.patch b/libnss-3.12.3-nolocalsql.patch
new file mode 100644
index 0000000..21101fa
--- /dev/null
+++ b/libnss-3.12.3-nolocalsql.patch
@@ -0,0 +1,52 @@
+diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
+--- ./mozilla/security/nss/lib/Makefile.nolocalsql	2007-07-19 23:36:49.000000000 +0200
++++ ./mozilla/security/nss/lib/Makefile	2009-04-14 17:07:40.000000000 +0200
+@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
+ DIRS := $(filter-out fortcrypt,$(DIRS))
+ endif
+ 
+-ifndef MOZILLA_CLIENT
+-ifndef NSS_USE_SYSTEM_SQLITE
+-DIRS := sqlite $(DIRS)
+-endif
+-endif
++#ifndef MOZILLA_CLIENT
++#ifndef NSS_USE_SYSTEM_SQLITE
++#DIRS := sqlite $(DIRS)
++#endif
++#endif
+ 
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL)                              #
+diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2007-07-19 23:36:50.000000000 +0200
++++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
+ 
+ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
+ 
+-ifdef MOZILLA_CLIENT
+-INCLUDES += -I$(DIST)/include/sqlite3
+-endif
++#ifdef MOZILLA_CLIENT
++#INCLUDES += -I$(DIST)/include/sqlite3
++#endif
+ 
+ CSRCS = \
+ 	dbmshim.c \
+diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2009-03-25 17:21:37.000000000 +0100
++++ ./mozilla/security/nss/lib/softoken/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
+ 
+ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
+ 
+-ifdef MOZILLA_CLIENT
+-INCLUDES += -I$(DIST)/include/sqlite3
+-endif
++#ifdef MOZILLA_CLIENT
++#INCLUDES += -I$(DIST)/include/sqlite3
++#endif
+ 
+ EXPORTS = \
+ 	secmodt.h \
diff --git a/libnss-3.12.3-stubs-bug502133.patch b/libnss-3.12.3-stubs-bug502133.patch
new file mode 100644
index 0000000..a0f1503
--- /dev/null
+++ b/libnss-3.12.3-stubs-bug502133.patch
@@ -0,0 +1,23 @@
+diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c
+--- ./mozilla/security/nss/lib/freebl/stubs.c	2009-03-28 19:21:50.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/stubs.c	2009-06-08 20:37:20.000000000 -0700
+@@ -558,8 +558,8 @@ FREEBL_InitStubs()
+ 	    return SECFailure;
+ 	}
+ 	rv = freebl_InitNSPR(nspr);
+-	freebl_releaseLibrary(nspr);
+ 	if (rv != SECSuccess) {
++	    freebl_releaseLibrary(nspr);
+ 	    return rv;
+ 	}
+     }
+@@ -570,8 +570,8 @@ FREEBL_InitStubs()
+ 	    return SECFailure;
+ 	}
+ 	rv = freebl_InitNSSUtil(nssutil);
+-	freebl_releaseLibrary(nssutil);
+ 	if (rv != SECSuccess) {
++	    freebl_releaseLibrary(nssutil);
+ 	    return rv;
+ 	}
+     }
diff --git a/libnss-3.12.9-enable-pem.patch b/libnss-3.12.9-enable-pem.patch
new file mode 100644
index 0000000..665a148
--- /dev/null
+++ b/libnss-3.12.9-enable-pem.patch
@@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
+@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
+ 
+ CORE_DEPTH = ../../..
+ 
+-DIRS = builtins 
++DIRS = builtins pem
+ 
+ PRIVATE_EXPORTS = \
+ 	ck.h		  \
diff --git a/libnss-3.12.9-honor-user-trust-preferences.patch b/libnss-3.12.9-honor-user-trust-preferences.patch
new file mode 100644
index 0000000..e9414de
--- /dev/null
+++ b/libnss-3.12.9-honor-user-trust-preferences.patch
@@ -0,0 +1,133 @@
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
+retrieving revision 1.30
+diff -u -p -r1.30 pk11load.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c	30 Apr 2010 07:22:54 -0000	1.30
++++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c	22 Jan 2011 05:39:07 -0000
+@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
+ 	char *oldModuleSpec;
+ 
+ 	if (secmod_IsInternalKeySlot(newModule)) {
+-	    pk11_SetInternalKeySlot(slot);
+-	}
++	    pk11_FirstInternalKeySlot(slot);
++	} 
+ 	newID = slot->slotID;
+ 	PK11_FreeSlot(slot);
+ 	for (thisChild=children, thisID=ids; thisChild && *thisChild; 
+@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
+ 	    /* look down the slot info table */
+ 	    PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
+ 	    SECMOD_SetRootCerts(mod->slots[i],mod);
++	    /* explicitly mark the internal slot as such if IsInternalKeySlot()
++	     * is set */
++	    if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
++		pk11_FirstInternalKeySlot(mod->slots[i]);
++	    } 
+ 	}
+ 	mod->slotCount = slotCount;
+ 	mod->slotInfoCount = 0;
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
+retrieving revision 1.13
+diff -u -p -r1.13 pk11priv.h
+--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	27 Oct 2009 23:04:46 -0000	1.13
++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	22 Jan 2011 05:39:07 -0000
+@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
+ PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
+ SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
+ void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
++void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
+ 
+ /*********************************************************************
+  *       Mechanism Mapping functions
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
+retrieving revision 1.101
+diff -u -p -r1.101 pk11slot.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	3 Apr 2010 18:27:31 -0000	1.101
++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	22 Jan 2011 05:39:08 -0000
+@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
+    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+ }
+ 
++void
++pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
++{
++   if (pk11InternalKeySlot) {
++	return;
++   }
++   pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
++}
++
+ 
+ /* get the internal key slot. FIPS has only one slot for both key slots and
+  * default slots */
+Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
+retrieving revision 1.2
+diff -u -p -r1.2 nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c	6 Feb 2010 04:56:37 -0000	1.2
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	22 Jan 2011 05:39:08 -0000
+@@ -221,7 +221,7 @@ getFIPSMode(void)
+  * 2 for the key slot, and
+  * 3 for the crypto operations slot fips
+  */
+-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
++#define ORDER_FLAGS "cipherOrder=100"
+ #define SLOT_FLAGS \
+ 	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ 	" askpw=any timeout=30 ]"
+@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+ 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+-        "NSS=\"%sflags=internal%s\"",
++        "NSS=\"trustOrder=75 %sflags=internal%s\"",
+         userdb, stripped_parameters, nssflags,
+         isFIPS ? ",FIPS" : "");
+ 
+@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
+ 		userdb, stripped_parameters);
+ 	}
+ 
+-#if 0
+-	/* This doesn't actually work. If we register
+-		both this and the sysdb (in either order)
+-		then only one of them actually shows up */
+-
+-    /* Using a NULL filename as a Boolean flag to
+-     * prevent registering both an application-defined
+-     * db and the system db. rhbz #546211.
+-     */
+-    PORT_Assert(filename);
+-    if (sysdb && PL_CompareStrings(filename, sysdb))
+-	    filename = NULL;
+-    else if (userdb && PL_CompareStrings(filename, userdb))
+-	    filename = NULL;
+-
+-    if (filename && !userIsRoot()) {
+-	    module_list[next++] = PR_smprintf(
+-	      "library= "
+-	      "module=\"NSS database\" "
+-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
+-	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
+-    }
+-#endif
+-
+     /* now the system database (always read only unless it's root) */
+     if (sysdb) {
+ 	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
+ 	      "library= "
+ 	      "module=\"NSS system database\" "
+ 	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+     }
+ 
+     /* that was the last module */
diff --git a/libnss-3.12.9-ipv6-type-connections-bug539183.patch b/libnss-3.12.9-ipv6-type-connections-bug539183.patch
new file mode 100644
index 0000000..d86a705
--- /dev/null
+++ b/libnss-3.12.9-ipv6-type-connections-bug539183.patch
@@ -0,0 +1,33 @@
+Index: mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.94
+diff -p -u -8 -r1.94 selfserv.c
+--- mozilla/security/nss/cmd/selfserv/selfserv.c	3 Apr 2010 18:27:27 -0000	1.94
++++ mozilla/security/nss/cmd/selfserv/selfserv.c	24 Feb 2011 02:28:02 -0000
+@@ -1487,21 +1487,21 @@ PRFileDesc *
+ getBoundListenSocket(unsigned short port)
+ {
+     PRFileDesc *       listen_sock;
+     int                listenQueueDepth = 5 + (2 * maxThreads);
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
++    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
++	errExit("PR_SetNetAddr");
++    }
+ 
+-    listen_sock = PR_NewTCPSocket();
++    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+ 	errExit("PR_NewTCPSocket");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+     opt.value.non_blocking = PR_FALSE;
+     prStatus = PR_SetSocketOption(listen_sock, &opt);
+     if (prStatus < 0) {
diff --git a/libnss-3.12.9-nsspem-642433.patch b/libnss-3.12.9-nsspem-642433.patch
new file mode 100644
index 0000000..710919b
--- /dev/null
+++ b/libnss-3.12.9-nsspem-642433.patch
@@ -0,0 +1,52 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
+--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433	2010-11-25 10:49:27.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/util.c	2010-12-08 08:02:02.618304926 -0800
+@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
+     return (result);
+ 
+   loser:
+-    if (result != NULL) {
+-	SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
+-    }
+     return (NULL);
+ }
+ 
+@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
+ 
+     prStatus = PR_GetOpenFileInfo(src, &info);
+ 
+-    if (prStatus != PR_SUCCESS) {
++    if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
+ 	return SECFailure;
+     }
+ 
+@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
+ 
+     return SECSuccess;
+   loser:
+-    SECITEM_FreeItem(dst, PR_FALSE);
+-    nss_ZFreeIf(dst);
++    nss_ZFreeIf(dst->data);
+     return SECFailure;
+ }
+ 
+@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
+ 
+ 	/* Read in ascii data */
+ 	rv = FileToItem(&filedata, inFile);
++	if (rv != SECSuccess) {
++	    PR_Close(inFile);
++	    return -1;
++	}
+ 	asc = (char *) filedata.data;
+ 	if (!asc) {
+ 	    PR_Close(inFile);
+@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
+     } else {
+ 	/* Read in binary der */
+ 	rv = FileToItem(der, inFile);
+-	if (rv) {
++	if (rv != SECSuccess) {
+ 	    PR_Close(inFile);
+ 	    return -1;
+ 	}
diff --git a/libnss-3.12.9-renegotiate-transitional.patch b/libnss-3.12.9-renegotiate-transitional.patch
new file mode 100644
index 0000000..3dc6eec
--- /dev/null
+++ b/libnss-3.12.9-renegotiate-transitional.patch
@@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional	2010-09-04 09:46:50.331327676 -0700
++++ ./mozilla/security/nss/lib/ssl/sslsock.c	2010-09-04 09:50:02.814325605 -0700
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,   /* noLocks            */
+     PR_FALSE,   /* enableSessionTickets */
+     PR_FALSE,   /* enableDeflate      */
+-    2,          /* enableRenegotiation (default: requires extension) */
++    3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+     PR_FALSE,   /* enableFalseStart   */
+ };
diff --git a/libnss-3.12.9-system-nspr.patch b/libnss-3.12.9-system-nspr.patch
new file mode 100644
index 0000000..97cdc7e
--- /dev/null
+++ b/libnss-3.12.9-system-nspr.patch
@@ -0,0 +1,11 @@
+--- mozilla/security/nss/Makefile	2009-12-08 17:47:03.000000000 +0100
++++ mozilla/security/nss/Makefile-gil	2011-01-26 01:02:44.000000000 +0100
+@@ -78,7 +78,7 @@
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+ 
+-nss_build_all: build_coreconf build_nspr build_dbm all
++nss_build_all: build_coreconf build_dbm all
+ 
+ nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
+ 
diff --git a/libnss-3.15.1-lfs-buildfixes.patch b/libnss-3.15.1-lfs-buildfixes.patch
new file mode 100644
index 0000000..289dbc2
--- /dev/null
+++ b/libnss-3.15.1-lfs-buildfixes.patch
@@ -0,0 +1,241 @@
+Submitted By:            Armin K. <krejzi at email dot com>
+Date:                    2013-07-02
+Initial Package Version: 3.15
+Upstream Status:         Not applicable
+Origin:                  Based on dj's original patch, rediffed and modified for 3.15
+Description:             Adds auto-generated nss.pc and nss-config script, and allows
+                         building without nspr in the source tree.
+
+--- a/nss/config/Makefile	1970-01-01 01:00:00.000000000 +0100
++++ b/nss/config/Makefile	2013-07-02 14:53:56.684750636 +0200
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH      = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++	# Create the nss.pc file
++	mkdir -p $(DIST)/lib/pkgconfig
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@exec_prefix@,\$${prefix}," \
++	    -e "s,@libdir@,\$${prefix}/lib," \
++	    -e "s,@includedir@,\$${prefix}/include/nss," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss.pc.in > nss.pc
++	chmod 0644 nss.pc
++	ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
++
++	# Create the nss-config script
++	mkdir -p $(DIST)/bin
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss-config.in > nss-config
++	chmod 0755 nss-config
++	ln -sf ../../../nss/config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+--- a/nss/config/nss-config.in	1970-01-01 01:00:00.000000000 +0100
++++ b/nss/config/nss-config.in	2013-07-02 14:52:58.328084334 +0200
+@@ -0,0 +1,153 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++	cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++	[--prefix[=DIR]]
++	[--exec-prefix[=DIR]]
++	[--includedir[=DIR]]
++	[--libdir[=DIR]]
++	[--version]
++	[--libs]
++	[--cflags]
++Dynamic Libraries:
++	nss
++	nssutil
++	smime
++	ssl
++	softokn
++EOF
++	exit $1
++}
++
++if test $# -eq 0; then
++	usage 1 1>&2
++fi
++
++lib_nss=yes
++lib_nssutil=yes
++lib_smime=yes
++lib_ssl=yes
++lib_softokn=yes
++
++while test $# -gt 0; do
++  case "$1" in
++  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++  *) optarg= ;;
++  esac
++
++  case $1 in
++    --prefix=*)
++      prefix=$optarg
++      ;;
++    --prefix)
++      echo_prefix=yes
++      ;;
++    --exec-prefix=*)
++      exec_prefix=$optarg
++      ;;
++    --exec-prefix)
++      echo_exec_prefix=yes
++      ;;
++    --includedir=*)
++      includedir=$optarg
++      ;;
++    --includedir)
++      echo_includedir=yes
++      ;;
++    --libdir=*)
++      libdir=$optarg
++      ;;
++    --libdir)
++      echo_libdir=yes
++      ;;
++    --version)
++      echo ${major_version}.${minor_version}.${patch_version}
++      ;;
++    --cflags)
++      echo_cflags=yes
++      ;;
++    --libs)
++      echo_libs=yes
++      ;;
++    nss)
++      lib_nss=yes
++      ;;
++    nssutil)
++      lib_nssutil=yes
++      ;;
++    smime)
++      lib_smime=yes
++      ;;
++    ssl)
++      lib_ssl=yes
++      ;;
++    softokn)
++      lib_softokn=yes
++      ;;
++    *)
++      usage 1 1>&2
++      ;;
++  esac
++  shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++    exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++    includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++    libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++    echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++    echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++    echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++    echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++    echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++      libdirs="-L$libdir"
++      if test -n "$lib_nss"; then
++	libdirs="$libdirs -lnss${major_version}"
++      fi
++      if test -n "$lib_nssutil"; then
++        libdirs="$libdirs -lnssutil${major_version}"
++      fi
++      if test -n "$lib_smime"; then
++	libdirs="$libdirs -lsmime${major_version}"
++      fi
++      if test -n "$lib_ssl"; then
++	libdirs="$libdirs -lssl${major_version}"
++      fi
++      if test -n "$lib_softokn"; then
++        libdirs="$libdirs -lsoftokn${major_version}"
++      fi
++      echo $libdirs
++fi      
++
+--- a/nss/config/nss.pc.in	1970-01-01 01:00:00.000000000 +0100
++++ b/nss/config/nss.pc.in	2013-07-02 14:52:58.328084334 +0200
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.8
++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
++Cflags: -I${includedir}
++
+--- a/nss/Makefile	2013-05-28 23:43:24.000000000 +0200
++++ b/nss/Makefile	2013-07-02 14:52:58.328084334 +0200
+@@ -44,7 +44,7 @@
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+ 
+-nss_build_all: build_nspr all
++nss_build_all: all
+ 
+ nss_clean_all: clobber_nspr clobber
+ 
+--- a/nss/manifest.mn	2013-05-28 23:43:24.000000000 +0200
++++ b/nss/manifest.mn	2013-07-02 14:52:58.331417666 +0200
+@@ -10,4 +10,4 @@
+ 
+ RELEASE = nss
+ 
+-DIRS = coreconf lib cmd
++DIRS = coreconf lib cmd config
diff --git a/libnss-3.15.1-opt_flags.patch b/libnss-3.15.1-opt_flags.patch
new file mode 100644
index 0000000..f6074d0
--- /dev/null
+++ b/libnss-3.15.1-opt_flags.patch
@@ -0,0 +1,15 @@
+--- nss/coreconf/Linux.mk	2010-08-13 03:32:29.000000000 +0200
++++ nss/coreconf/Linux.mk-gil	2011-01-26 01:13:01.000000000 +0100
+@@ -112,11 +112,7 @@
+ endif
+ 
+ ifdef BUILD_OPT
+-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+-	OPTIMIZER = -Os
+-else
+-	OPTIMIZER = -O2
+-endif
++   OPTIMIZER = $(OPT_FLAGS)
+ ifdef MOZ_DEBUG_SYMBOLS
+ 	ifdef MOZ_DEBUG_FLAGS
+ 		OPTIMIZER += $(MOZ_DEBUG_FLAGS)
diff --git a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
new file mode 100644
index 0000000..43541fc
--- /dev/null
+++ b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
@@ -0,0 +1,10 @@
+--- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig	2014-02-18 14:09:04.195114868 +0100
++++ nss-3.15.4/nss/lib/freebl/rsapkcs.c	2014-02-18 14:09:13.416071147 +0100
+@@ -32,6 +32,7 @@
+     RSA_BlockUnused = 0,    /* unused */
+     RSA_BlockPrivate = 1,   /* pad for a private-key operation */
+     RSA_BlockPublic = 2,    /* pad for a public-key operation */
++    RSA_BlockOAEP = 3,
+     RSA_BlockRaw = 4,       /* simply justify the block appropriately */
+     RSA_BlockTotal
+ } RSA_BlockType;
diff --git a/libnss.spec b/libnss.spec
new file mode 100644
index 0000000..ecbbf01
--- /dev/null
+++ b/libnss.spec
@@ -0,0 +1,398 @@
+%define        srcver                        %(echo %version | tr . _)
+#%define        nspr_version                  %(rpm -q --queryformat '%{VERSION}' libnspr)
+%define        nspr_version                  %(%{_bindir}/nspr-config --version)
+%define        with_test   1
+%define        with_nsspem 1
+Name:          libnss
+Version:       3.16.1
+Release:       1mamba
+Summary:       Network Security Services
+Group:         System/Libraries
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.mozilla.org/projects/security/pki/nss/
+Source0:       ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz
+Source1:       nss.pc.in
+Source2:       nss-config.in
+Source3:       blank-cert8.db
+Source4:       blank-key3.db
+Source5:       blank-secmod.db
+Source6:       blank-cert9.db
+Source7:       blank-key4.db
+Source8:       nss-pkcs11.txt
+Source9:       setup-nsssysinit.sh
+# from fedora
+# git clone https://git.fedorahosted.org/git/nss-pem.git
+# tar cjf ../SOURCES/libnss-pem-20140218.tar.bz2 nss-pem/
+%if %with_nsspem
+Source10:      libnss-pem-20140218.tar.bz2
+%endif
+Patch1:        libnss-3.12.3-no-rpath.patch
+Patch2:        libnss-3.12.3-nolocalsql.patch
+Patch3:        libnss-3.12.9-renegotiate-transitional.patch
+Patch4:        libnss-3.12.9-enable-pem.patch
+Patch5:        libnss-3.12.9-nsspem-642433.patch
+Patch6:        libnss-3.12.3-enable-pem.patch
+Patch7:        libnss-3.12.3-stubs-bug502133.patch
+Patch8:        libnss-3.12.9-honor-user-trust-preferences.patch
+Patch9:        libnss-3.12.9-system-nspr.patch
+Patch10:       libnss-3.15.1-opt_flags.patch
+Patch11:       libnss-3.12.9-ipv6-type-connections-bug539183.patch
+Patch12:       libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
+Patch13:       libnss-3.15.1-lfs-buildfixes.patch
+License:       GPL, MPL 1.1, LGPL
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libnspr-devel
+BuildRequires: libsqlite-devel
+BuildRequires: libz-devel
+## AUTOBUILDREQ-END
+BuildRequires: gawk
+BuildRequires: perl
+BuildRequires: pkgconfig
+BuildRequires: psmisc
+Obsoletes:     libmozilla-nss
+Provides:      libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release}
+Obsoletes:     libmozilla
+Conflicts:     libmozilla <= 1.7.13-1
+Requires:      %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release}
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+%package tools
+Summary:       Tools for the Network Security Services
+Group:         Applications/Security
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description tools
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+Install the nss-tools package if you need command-line tools to manipulate the NSS certificate and key database.
+
+%package devel
+Group:         Development/Libraries
+Summary:       Static libraries and headers for %{name}
+Obsoletes:     libmozilla-nss-devel
+Provides:      libmozilla-nss-devel = %{?epoch:%epoch:}%{version}-%{release}
+Conflicts:     libmozilla-devel <= 1.7.13-1
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description devel
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+This package contains static libraries and header files need for development.
+
+%package sysinit
+Summary:       System NSS Initilization
+Group:         System/Tools
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+Requires:      coreutils
+Requires:      sed
+
+%description sysinit
+Default Operating System module that manages applications loading NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules.
+
+%prep
+%setup -q -n nss-%{version}
+#-D -T
+#:<< __EOF
+%patch3 -p3
+%if %with_nsspem
+tar -xf %{SOURCE10}
+mv nss-pem/nss/lib/ckfw/pem/ nss/lib/ckfw/
+
+%patch4 -p3
+#%patch5 -p3
+%endif
+#%patch8 -p1
+#%patch9 -p0
+%patch10 -p0
+#%patch11 -p0
+#%patch12 -p1
+%patch13 -p1
+
+%build
+#:<< __EOF
+export BUILD_OPT=1
+export XCFLAGS="%{optflags}"
+export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
+NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
+export NSPR_INCLUDE_DIR
+export NSPR_LIB_DIR
+export NSS_USE_SYSTEM_SQLITE=1
+export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
+
+%ifarch x86_64 ia64
+export USE_64=1
+%endif
+
+make -C ./nss/coreconf
+make -C ./nss/lib/dbm
+make -C ./nss CORE_DEPTH=`pwd`/nss
+
+cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+                 -e "s,%%prefix%%,%{_prefix},g" \
+                 -e "s,%%exec_prefix%%,%{_prefix},g" \
+                 -e "s,%%includedir%%,%{_includedir}/nss3,g" \
+                 -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
+                 -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc
+
+NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
+NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VMINOR" | awk '{print $3}'`
+NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VPATCH" | awk '{print $3}'`
+cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+                 -e "s,@prefix@,%{_prefix},g" \
+                 -e "s,@exec_prefix@,%{_prefix},g" \
+                 -e "s,@includedir@,%{_includedir}/nss3,g" \
+                 -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
+                 -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
+                 -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config
+
+cat %{SOURCE9} > setup-nsssysinit.sh
+
+%if %with_test
+export BUILD_OPT=1
+export HOST="localhost"
+export DOMSUF=" "
+export USE_IP=TRUE
+export IP_ADDRESS="127.0.0.1"
+cd nss/tests
+./all.sh
+#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || :
+#if [ $TEST_FAILURES -ne 0 ]; then
+#  echo "error: test suite returned failure(s)"
+#  exit 1
+#fi
+%endif
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
+install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config
+
+# copy all the binary libraries
+for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do
+   install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+%if %with_nsspem
+install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir}
+%endif
+
+# copy alle the chk files
+for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do
+   install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+# install the empty NSS db files
+# legacy db
+install -d %{buildroot}%{_sysconfdir}/pki/nssdb
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
+install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
+# shared db
+install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db
+install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db
+install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt
+
+
+# copy the development libraries we want
+for file in libcrmf.a libnssb.a libnssckfw.a; do
+   install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+# copy the binaries we want
+for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do
+   install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir}
+done
+
+# copy unsupported tools
+mkdir -p %{buildroot}%{_libexecdir}/nss
+for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain; do
+   install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss
+done
+
+# pkcs11 configuration script
+mkdir -p %{buildroot}%{_sbindir}
+install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh
+
+# copy the include files
+install -d %{buildroot}%{_includedir}/nss3
+for file in dist/public/nss/*.h; do
+   install -m 644 $file %{buildroot}%{_includedir}/nss3
+done
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%{_libdir}/libnss3.so
+%{_libdir}/libssl3.so
+%{_libdir}/libsmime3.so
+%{_libdir}/libsoftokn3.so
+%{_libdir}/libsoftokn3.chk
+%{_libdir}/libnssckbi.so
+%{_libdir}/libfreebl3.so
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libnssutil3.so
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssdbm3.chk
+%if %with_nsspem
+%{_libdir}/libnsspem.so
+%endif
+%dir %{_sysconfdir}/pki/nssdb
+%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
+%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
+%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
+
+
+%post sysinit
+/sbin/ldconfig
+%{_sbindir}/setup-nsssysinit.sh on
+
+%preun sysinit
+if [ $1 = 0 ]; then
+  %{_sbindir}/setup-nsssysinit.sh off
+fi
+
+%postun sysinit -p /sbin/ldconfig
+
+%files sysinit
+%defattr(-,root,root)
+%{_sbindir}/setup-nsssysinit.sh
+%{_libdir}/libnsssysinit.so
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
+
+%files tools
+%defattr(-,root,root)
+%{_bindir}/certutil
+%{_bindir}/cmsutil
+%{_bindir}/crlutil
+%{_bindir}/modutil
+%{_bindir}/pk12util
+%{_bindir}/signtool
+%{_bindir}/signver
+%{_bindir}/ssltap
+%dir %{_libexecdir}/nss
+%{_libexecdir}/nss/*
+
+%files devel
+%defattr(-,root,root)
+%{_bindir}/nss-config
+%{_libdir}/libcrmf.a
+%{_libdir}/libnssb.a
+%{_libdir}/libnssckfw.a
+%{_libdir}/pkgconfig/nss.pc
+%{_includedir}/nss3/
+
+%changelog
+* Sat May 10 2014 Automatic Build System <autodist@mambasoft.it> 3.16.1-1mamba
+- automatic version update by autodist
+
+* Wed Apr 09 2014 Automatic Build System <autodist@mambasoft.it> 3.16-1mamba
+- automatic version update by autodist
+
+* Sun Mar 30 2014 Automatic Build System <autodist@mambasoft.it> 3.15.5-1mamba
+- automatic version update by autodist
+
+* Tue Feb 18 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 3.15.4-1mamba
+- update to 3.15.4
+
+* Tue Dec 10 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3.1-1mamba
+- automatic version update by autodist
+
+* Thu Nov 14 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-2mamba
+- rebuilt after breaking and fixing rpm
+
+* Wed Nov 13 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-1mamba
+- automatic version update by autodist
+
+* Mon Oct 07 2013 Automatic Build System <autodist@mambasoft.it> 3.15.2-1mamba
+- automatic version update by autodist
+
+* Fri Aug 30 2013 Automatic Build System <autodist@mambasoft.it> 3.15.1-1mamba
+- automatic version update by autodist
+
+* Sun Apr 07 2013 Automatic Build System <autodist@mambasoft.it> 3.14.3-1mamba
+- automatic version update by autodist
+
+* Fri Dec 28 2012 Automatic Build System <autodist@mambasoft.it> 3.14.1-1mamba
+- automatic version update by autodist
+
+* Sat Dec 01 2012 Automatic Build System <autodist@mambasoft.it> 3.14-1mamba
+- automatic version update by autodist
+
+* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 3.13.6-1mamba
+- automatic version update by autodist
+
+* Mon Mar 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.3-1mamba
+- update to 3.13.3
+
+* Fri Jan 06 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.1-1mamba
+- update to 3.13.1
+
+* Tue Aug 02 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.10-1mamba
+- update to 3.12.10
+
+* Sat Apr 09 2011 Ercole 'ercolinux' Carpanetto <ercole69@gmail.com> 3.12.9-3mamba
+- rebuilt with libsqlite 3.7.3-2
+
+* Sun Mar 20 2011 gil <puntogil@libero.it> 3.12.9-2mamba
+- ... add a changelog entry
+
+* Tue Jan 25 2011 gil <puntogil@libero.it> 3.12.9-1mamba
+- update to 3.12.9
+
+* Mon Nov 29 2010 gil <puntogil@libero.it> 3.12.8-1mamba
+- update to 3.12.8
+
+* Tue Sep 14 2010 gil <puntogil@libero.it> 3.12.7-1mamba
+- update to 3.12.7
+
+* Thu Jul 22 2010 gil <puntogil@libero.it> 3.12.6-2mamba
+- rebuil with libnspr 4.8.6; libsqlite 3.7.0
+
+* Fri Apr 02 2010 gil <puntogil@libero.it> 3.12.6-1mamba
+- update to 3.12.6
+
+* Sat Dec 12 2009 gil <puntogil@libero.it> 3.12.4-1mamba
+- update to 3.12.4
+
+* Wed Jul 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.3-1mamba
+- update to 3.12.3
+
+* Mon Jun 23 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12-2mamba
+- add patch to use system libsqlite
+- development nss-config and nss.pc files updated for linking with libnssutil3
+
+* Sat Jun 21 2008 gil <puntogil@libero.it> 3.12-1mamba
+- update to 3.12
+
+* Sat May 31 2008 gil <puntogil@libero.it> 3.11.9-1mamba
+- update to 3.11.9
+
+* Wed Jan 31 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 3.11.4-3qilnx
+- obsolete libmozilla
+
+* Wed Jan 24 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-2qilnx
+- conflicts libmozilla
+
+* Tue Jan 16 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-1qilnx
+- package created by autospec
diff --git a/nss-config.in b/nss-config.in
new file mode 100644
index 0000000..af3c997
--- /dev/null
+++ b/nss-config.in
@@ -0,0 +1,144 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+	[--prefix[=DIR]]
+	[--exec-prefix[=DIR]]
+	[--includedir[=DIR]]
+	[--libdir[=DIR]]
+	[--version]
+	[--libs]
+	[--cflags]
+Dynamic Libraries:
+	nss
+	ssl
+	smime
+EOF
+	exit $1
+}
+
+if test $# -eq 0; then
+	usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    ssl)
+      lib_ssl=yes
+      ;;
+    smime)
+      lib_smime=yes
+      ;;
+    nss)
+      lib_nss=yes
+      ;;
+    nssutil)
+      lib_nssutil=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+    includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+    libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+      if test -n "$lib_ssl"; then
+	libdirs="$libdirs -lssl${major_version}"
+      fi
+      if test -n "$lib_smime"; then
+	libdirs="$libdirs -lsmime${major_version}"
+      fi
+      if test -n "$lib_nss"; then
+	libdirs="$libdirs -lnss${major_version}"
+      fi
+      if test -n "$lib_nssutil"; then
+	libdirs="$libdirs -lnssutil${major_version}"
+      fi
+      echo $libdirs
+fi      
+
diff --git a/nss-pkcs11.txt b/nss-pkcs11.txt
new file mode 100644
index 0000000..7f8bd21
--- /dev/null
+++ b/nss-pkcs11.txt
@@ -0,0 +1,4 @@
+library=libnsssysinit.so
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb'  certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
diff --git a/nss.pc.in b/nss.pc.in
new file mode 100644
index 0000000..d47b9e1
--- /dev/null
+++ b/nss.pc.in
@@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS
+Description: Network Security Services
+Version: %NSS_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh
new file mode 100644
index 0000000..8e1f5f7
--- /dev/null
+++ b/setup-nsssysinit.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+#
+# Turns on or off the nss-sysinit module db by editing the
+# global PKCS #11 congiguration file. Displays the status.
+#
+# This script can be invoked by the user as super user.
+# It is invoked at nss-sysinit post install time with argument on.
+#
+usage()
+{
+  cat <<EOF
+Usage: setup-nsssysinit [on|off]
+  on     - turns on nsssysinit
+  off    - turns off nsssysinit
+  status - reports whether nsssysinit is turned on or off
+EOF
+  exit $1
+}
+
+# validate
+if [ $# -eq 0 ]; then
+  usage 1 1>&2
+fi
+
+# the system-wide configuration file
+p11conf="/etc/pki/nssdb/pkcs11.txt"
+# must exist, otherwise report it and exit with failure
+if [ ! -f $p11conf ]; then
+  echo "Could not find ${p11conf}"
+  exit 1
+fi
+
+# check if nsssysinit is currently enabled or disabled
+sysinit_enabled()
+{
+  grep -q '^library=libnsssysinit' ${p11conf}
+}
+
+umask 022
+case "$1" in
+  on | ON )
+    if sysinit_enabled; then 
+      exit 0 
+    fi
+    cat ${p11conf} | \
+    sed -e 's/^library=$/library=libnsssysinit.so/' \
+        -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
+        ${p11conf}.on
+    mv ${p11conf}.on ${p11conf}
+    ;;
+  off | OFF )
+    if ! sysinit_enabled; then
+      exit 0
+    fi
+    cat ${p11conf} | \
+    sed -e 's/^library=libnsssysinit.so/library=/' \
+        -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
+        ${p11conf}.off
+    mv ${p11conf}.off ${p11conf}
+    ;;
+  status )
+    echo -n 'NSS sysinit is '
+    sysinit_enabled && echo 'enabled' || echo 'disabled'
+    ;;
+  * )
+    usage 1 1>&2
+    ;;
+esac