automatic version update by autodist [release 3.16.1-1mamba;Sat May 10 2014]

2024-01-06 05:12:50 +01:00 · 2024-01-06 05:12:50 +01:00 · 113f941fb1
commit 113f941fb1
parent b2338f4fbe
24 changed files with 1248 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,5 @@
 # libnss

+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
--- a/blank-cert8.db
+++ b/blank-cert8.db
--- a/blank-cert9.db
+++ b/blank-cert9.db
--- a/blank-key3.db
+++ b/blank-key3.db
--- a/blank-key4.db
+++ b/blank-key4.db
--- a/blank-secmod.db
+++ b/blank-secmod.db
--- a/libnss-3.12.3-enable-pem.patch
+++ b/libnss-3.12.3-enable-pem.patch
@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
+@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
+ 
+ CORE_DEPTH = ../../..
+ 
+-DIRS = builtins 
+DIRS = builtins pem
+ 
+ PRIVATE_EXPORTS = \
+ 	ck.h		  \
--- a/libnss-3.12.3-no-rpath.patch
+++ b/libnss-3.12.3-no-rpath.patch
@ -0,0 +1,14 @@
+--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2007-02-19 07:17:06.000000000 +0100
+++ ./mozilla/security/nss/cmd/platlibs.mk	2007-02-19 07:18:07.000000000 +0100
+@@ -52,9 +52,9 @@
+ 
+ ifeq ($(OS_ARCH), Linux)
+ ifeq ($(USE_64), 1)
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+ else
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+ endif
+ endif
+ 
--- a/libnss-3.12.3-nolocalsql.patch
+++ b/libnss-3.12.3-nolocalsql.patch
@ -0,0 +1,52 @@
+diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
+--- ./mozilla/security/nss/lib/Makefile.nolocalsql	2007-07-19 23:36:49.000000000 +0200
+++ ./mozilla/security/nss/lib/Makefile	2009-04-14 17:07:40.000000000 +0200
+@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
+ DIRS := $(filter-out fortcrypt,$(DIRS))
+ endif
+ 
+-ifndef MOZILLA_CLIENT
+-ifndef NSS_USE_SYSTEM_SQLITE
+-DIRS := sqlite $(DIRS)
+-endif
+-endif
+#ifndef MOZILLA_CLIENT
+#ifndef NSS_USE_SYSTEM_SQLITE
+#DIRS := sqlite $(DIRS)
+#endif
+#endif
+ 
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL)                              #
+diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2007-07-19 23:36:50.000000000 +0200
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
+ 
+ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
+ 
+-ifdef MOZILLA_CLIENT
+-INCLUDES += -I$(DIST)/include/sqlite3
+-endif
+#ifdef MOZILLA_CLIENT
+#INCLUDES += -I$(DIST)/include/sqlite3
+#endif
+ 
+ CSRCS = \
+ 	dbmshim.c \
+diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
+--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2009-03-25 17:21:37.000000000 +0100
+++ ./mozilla/security/nss/lib/softoken/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
+ 
+ DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
+ 
+-ifdef MOZILLA_CLIENT
+-INCLUDES += -I$(DIST)/include/sqlite3
+-endif
+#ifdef MOZILLA_CLIENT
+#INCLUDES += -I$(DIST)/include/sqlite3
+#endif
+ 
+ EXPORTS = \
+ 	secmodt.h \
--- a/libnss-3.12.3-stubs-bug502133.patch
+++ b/libnss-3.12.3-stubs-bug502133.patch
@ -0,0 +1,23 @@
+diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c
+--- ./mozilla/security/nss/lib/freebl/stubs.c	2009-03-28 19:21:50.000000000 -0700
+++ ./mozilla/security/nss/lib/freebl/stubs.c	2009-06-08 20:37:20.000000000 -0700
+@@ -558,8 +558,8 @@ FREEBL_InitStubs()
+ 	    return SECFailure;
+ 	}
+ 	rv = freebl_InitNSPR(nspr);
+-	freebl_releaseLibrary(nspr);
+ 	if (rv != SECSuccess) {
+	    freebl_releaseLibrary(nspr);
+ 	    return rv;
+ 	}
+     }
+@@ -570,8 +570,8 @@ FREEBL_InitStubs()
+ 	    return SECFailure;
+ 	}
+ 	rv = freebl_InitNSSUtil(nssutil);
+-	freebl_releaseLibrary(nssutil);
+ 	if (rv != SECSuccess) {
+	    freebl_releaseLibrary(nssutil);
+ 	    return rv;
+ 	}
+     }
--- a/libnss-3.12.9-enable-pem.patch
+++ b/libnss-3.12.9-enable-pem.patch
@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
+@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
+ 
+ CORE_DEPTH = ../../..
+ 
+-DIRS = builtins 
+DIRS = builtins pem
+ 
+ PRIVATE_EXPORTS = \
+ 	ck.h		  \
--- a/libnss-3.12.9-honor-user-trust-preferences.patch
+++ b/libnss-3.12.9-honor-user-trust-preferences.patch
@ -0,0 +1,133 @@
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
+retrieving revision 1.30
+diff -u -p -r1.30 pk11load.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c	30 Apr 2010 07:22:54 -0000	1.30
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c	22 Jan 2011 05:39:07 -0000
+@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
+ 	char *oldModuleSpec;
+ 
+ 	if (secmod_IsInternalKeySlot(newModule)) {
+-	    pk11_SetInternalKeySlot(slot);
+-	}
+	    pk11_FirstInternalKeySlot(slot);
+	} 
+ 	newID = slot->slotID;
+ 	PK11_FreeSlot(slot);
+ 	for (thisChild=children, thisID=ids; thisChild && *thisChild; 
+@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
+ 	    /* look down the slot info table */
+ 	    PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
+ 	    SECMOD_SetRootCerts(mod->slots[i],mod);
+	    /* explicitly mark the internal slot as such if IsInternalKeySlot()
+	     * is set */
+	    if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
+		pk11_FirstInternalKeySlot(mod->slots[i]);
+	    } 
+ 	}
+ 	mod->slotCount = slotCount;
+ 	mod->slotInfoCount = 0;
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
+retrieving revision 1.13
+diff -u -p -r1.13 pk11priv.h
+--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	27 Oct 2009 23:04:46 -0000	1.13
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	22 Jan 2011 05:39:07 -0000
+@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
+ PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
+ SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
+ void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
+ 
+ /*********************************************************************
+  *       Mechanism Mapping functions
+Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
+retrieving revision 1.101
+diff -u -p -r1.101 pk11slot.c
+--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	3 Apr 2010 18:27:31 -0000	1.101
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	22 Jan 2011 05:39:08 -0000
+@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
+    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+ }
+ 
+void
+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
+{
+   if (pk11InternalKeySlot) {
+	return;
+   }
+   pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+}
+
+ 
+ /* get the internal key slot. FIPS has only one slot for both key slots and
+  * default slots */
+Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
+retrieving revision 1.2
+diff -u -p -r1.2 nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c	6 Feb 2010 04:56:37 -0000	1.2
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	22 Jan 2011 05:39:08 -0000
+@@ -221,7 +221,7 @@ getFIPSMode(void)
+  * 2 for the key slot, and
+  * 3 for the crypto operations slot fips
+  */
+-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
+#define ORDER_FLAGS "cipherOrder=100"
+ #define SLOT_FLAGS \
+ 	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ 	" askpw=any timeout=30 ]"
+@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+ 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+-        "NSS=\"%sflags=internal%s\"",
+        "NSS=\"trustOrder=75 %sflags=internal%s\"",
+         userdb, stripped_parameters, nssflags,
+         isFIPS ? ",FIPS" : "");
+ 
+@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
+ 		userdb, stripped_parameters);
+ 	}
+ 
+-#if 0
+-	/* This doesn't actually work. If we register
+-		both this and the sysdb (in either order)
+-		then only one of them actually shows up */
+-
+-    /* Using a NULL filename as a Boolean flag to
+-     * prevent registering both an application-defined
+-     * db and the system db. rhbz #546211.
+-     */
+-    PORT_Assert(filename);
+-    if (sysdb && PL_CompareStrings(filename, sysdb))
+-	    filename = NULL;
+-    else if (userdb && PL_CompareStrings(filename, userdb))
+-	    filename = NULL;
+-
+-    if (filename && !userIsRoot()) {
+-	    module_list[next++] = PR_smprintf(
+-	      "library= "
+-	      "module=\"NSS database\" "
+-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
+-	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
+-    }
+-#endif
+-
+     /* now the system database (always read only unless it's root) */
+     if (sysdb) {
+ 	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
+ 	      "library= "
+ 	      "module=\"NSS system database\" "
+ 	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
+	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+     }
+ 
+     /* that was the last module */
--- a/libnss-3.12.9-ipv6-type-connections-bug539183.patch
+++ b/libnss-3.12.9-ipv6-type-connections-bug539183.patch
@ -0,0 +1,33 @@
+Index: mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.94
+diff -p -u -8 -r1.94 selfserv.c
+--- mozilla/security/nss/cmd/selfserv/selfserv.c	3 Apr 2010 18:27:27 -0000	1.94
+++ mozilla/security/nss/cmd/selfserv/selfserv.c	24 Feb 2011 02:28:02 -0000
+@@ -1487,21 +1487,21 @@ PRFileDesc *
+ getBoundListenSocket(unsigned short port)
+ {
+     PRFileDesc *       listen_sock;
+     int                listenQueueDepth = 5 + (2 * maxThreads);
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
+    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+	errExit("PR_SetNetAddr");
+    }
+ 
+-    listen_sock = PR_NewTCPSocket();
+    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+ 	errExit("PR_NewTCPSocket");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+     opt.value.non_blocking = PR_FALSE;
+     prStatus = PR_SetSocketOption(listen_sock, &opt);
+     if (prStatus < 0) {
--- a/libnss-3.12.9-nsspem-642433.patch
+++ b/libnss-3.12.9-nsspem-642433.patch
@ -0,0 +1,52 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
+--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433	2010-11-25 10:49:27.000000000 -0800
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c	2010-12-08 08:02:02.618304926 -0800
+@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
+     return (result);
+ 
+   loser:
+-    if (result != NULL) {
+-	SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
+-    }
+     return (NULL);
+ }
+ 
+@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
+ 
+     prStatus = PR_GetOpenFileInfo(src, &info);
+ 
+-    if (prStatus != PR_SUCCESS) {
+    if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
+ 	return SECFailure;
+     }
+ 
+@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
+ 
+     return SECSuccess;
+   loser:
+-    SECITEM_FreeItem(dst, PR_FALSE);
+-    nss_ZFreeIf(dst);
+    nss_ZFreeIf(dst->data);
+     return SECFailure;
+ }
+ 
+@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
+ 
+ 	/* Read in ascii data */
+ 	rv = FileToItem(&filedata, inFile);
+	if (rv != SECSuccess) {
+	    PR_Close(inFile);
+	    return -1;
+	}
+ 	asc = (char *) filedata.data;
+ 	if (!asc) {
+ 	    PR_Close(inFile);
+@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
+     } else {
+ 	/* Read in binary der */
+ 	rv = FileToItem(der, inFile);
+-	if (rv) {
+	if (rv != SECSuccess) {
+ 	    PR_Close(inFile);
+ 	    return -1;
+ 	}
--- a/libnss-3.12.9-renegotiate-transitional.patch
+++ b/libnss-3.12.9-renegotiate-transitional.patch
@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional	2010-09-04 09:46:50.331327676 -0700
+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2010-09-04 09:50:02.814325605 -0700
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,   /* noLocks            */
+     PR_FALSE,   /* enableSessionTickets */
+     PR_FALSE,   /* enableDeflate      */
+-    2,          /* enableRenegotiation (default: requires extension) */
+    3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+     PR_FALSE,   /* enableFalseStart   */
+ };
--- a/libnss-3.12.9-system-nspr.patch
+++ b/libnss-3.12.9-system-nspr.patch
@ -0,0 +1,11 @@
+--- mozilla/security/nss/Makefile	2009-12-08 17:47:03.000000000 +0100
+++ mozilla/security/nss/Makefile-gil	2011-01-26 01:02:44.000000000 +0100
+@@ -78,7 +78,7 @@
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+ 
+-nss_build_all: build_coreconf build_nspr build_dbm all
+nss_build_all: build_coreconf build_dbm all
+ 
+ nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
+ 
--- a/libnss-3.15.1-lfs-buildfixes.patch
+++ b/libnss-3.15.1-lfs-buildfixes.patch
@ -0,0 +1,241 @@
+Submitted By:            Armin K. <krejzi at email dot com>
+Date:                    2013-07-02
+Initial Package Version: 3.15
+Upstream Status:         Not applicable
+Origin:                  Based on dj's original patch, rediffed and modified for 3.15
+Description:             Adds auto-generated nss.pc and nss-config script, and allows
+                         building without nspr in the source tree.
+
+--- a/nss/config/Makefile	1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/Makefile	2013-07-02 14:53:56.684750636 +0200
+@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH      = ..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
+PREFIX = /usr
+
+all: export libs
+
+export:
+	# Create the nss.pc file
+	mkdir -p $(DIST)/lib/pkgconfig
+	sed -e "s,@prefix@,$(PREFIX)," \
+	    -e "s,@exec_prefix@,\$${prefix}," \
+	    -e "s,@libdir@,\$${prefix}/lib," \
+	    -e "s,@includedir@,\$${prefix}/include/nss," \
+	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
+	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+	    nss.pc.in > nss.pc
+	chmod 0644 nss.pc
+	ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
+
+	# Create the nss-config script
+	mkdir -p $(DIST)/bin
+	sed -e "s,@prefix@,$(PREFIX)," \
+	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
+	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+	    nss-config.in > nss-config
+	chmod 0755 nss-config
+	ln -sf ../../../nss/config/nss-config $(DIST)/bin
+
+libs:
+
+dummy: all export libs
+
+--- a/nss/config/nss-config.in	1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/nss-config.in	2013-07-02 14:52:58.328084334 +0200
+@@ -0,0 +1,153 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@NSS_MAJOR_VERSION@
+minor_version=@NSS_MINOR_VERSION@
+patch_version=@NSS_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+	[--prefix[=DIR]]
+	[--exec-prefix[=DIR]]
+	[--includedir[=DIR]]
+	[--libdir[=DIR]]
+	[--version]
+	[--libs]
+	[--cflags]
+Dynamic Libraries:
+	nss
+	nssutil
+	smime
+	ssl
+	softokn
+EOF
+	exit $1
+}
+
+if test $# -eq 0; then
+	usage 1 1>&2
+fi
+
+lib_nss=yes
+lib_nssutil=yes
+lib_smime=yes
+lib_ssl=yes
+lib_softokn=yes
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    nss)
+      lib_nss=yes
+      ;;
+    nssutil)
+      lib_nssutil=yes
+      ;;
+    smime)
+      lib_smime=yes
+      ;;
+    ssl)
+      lib_ssl=yes
+      ;;
+    softokn)
+      lib_softokn=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+    includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+    libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-L$libdir"
+      if test -n "$lib_nss"; then
+	libdirs="$libdirs -lnss${major_version}"
+      fi
+      if test -n "$lib_nssutil"; then
+        libdirs="$libdirs -lnssutil${major_version}"
+      fi
+      if test -n "$lib_smime"; then
+	libdirs="$libdirs -lsmime${major_version}"
+      fi
+      if test -n "$lib_ssl"; then
+	libdirs="$libdirs -lssl${major_version}"
+      fi
+      if test -n "$lib_softokn"; then
+        libdirs="$libdirs -lsoftokn${major_version}"
+      fi
+      echo $libdirs
+fi      
+
+--- a/nss/config/nss.pc.in	1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/nss.pc.in	2013-07-02 14:52:58.328084334 +0200
+@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: NSS
+Description: Network Security Services
+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
+Requires: nspr >= 4.8
+Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
+Cflags: -I${includedir}
+
+--- a/nss/Makefile	2013-05-28 23:43:24.000000000 +0200
+++ b/nss/Makefile	2013-07-02 14:52:58.328084334 +0200
+@@ -44,7 +44,7 @@
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+ 
+-nss_build_all: build_nspr all
+nss_build_all: all
+ 
+ nss_clean_all: clobber_nspr clobber
+ 
+--- a/nss/manifest.mn	2013-05-28 23:43:24.000000000 +0200
+++ b/nss/manifest.mn	2013-07-02 14:52:58.331417666 +0200
+@@ -10,4 +10,4 @@
+ 
+ RELEASE = nss
+ 
+-DIRS = coreconf lib cmd
+DIRS = coreconf lib cmd config
--- a/libnss-3.15.1-opt_flags.patch
+++ b/libnss-3.15.1-opt_flags.patch
@ -0,0 +1,15 @@
+--- nss/coreconf/Linux.mk	2010-08-13 03:32:29.000000000 +0200
+++ nss/coreconf/Linux.mk-gil	2011-01-26 01:13:01.000000000 +0100
+@@ -112,11 +112,7 @@
+ endif
+ 
+ ifdef BUILD_OPT
+-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+-	OPTIMIZER = -Os
+-else
+-	OPTIMIZER = -O2
+-endif
+   OPTIMIZER = $(OPT_FLAGS)
+ ifdef MOZ_DEBUG_SYMBOLS
+ 	ifdef MOZ_DEBUG_FLAGS
+ 		OPTIMIZER += $(MOZ_DEBUG_FLAGS)
--- a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
+++ b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
@ -0,0 +1,10 @@
+--- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig	2014-02-18 14:09:04.195114868 +0100
+++ nss-3.15.4/nss/lib/freebl/rsapkcs.c	2014-02-18 14:09:13.416071147 +0100
+@@ -32,6 +32,7 @@
+     RSA_BlockUnused = 0,    /* unused */
+     RSA_BlockPrivate = 1,   /* pad for a private-key operation */
+     RSA_BlockPublic = 2,    /* pad for a public-key operation */
+    RSA_BlockOAEP = 3,
+     RSA_BlockRaw = 4,       /* simply justify the block appropriately */
+     RSA_BlockTotal
+ } RSA_BlockType;
--- a/libnss.spec
+++ b/libnss.spec
@ -0,0 +1,398 @@
+%define        srcver                        %(echo %version | tr . _)
+#%define        nspr_version                  %(rpm -q --queryformat '%{VERSION}' libnspr)
+%define        nspr_version                  %(%{_bindir}/nspr-config --version)
+%define        with_test   1
+%define        with_nsspem 1
+Name:          libnss
+Version:       3.16.1
+Release:       1mamba
+Summary:       Network Security Services
+Group:         System/Libraries
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.mozilla.org/projects/security/pki/nss/
+Source0:       ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz
+Source1:       nss.pc.in
+Source2:       nss-config.in
+Source3:       blank-cert8.db
+Source4:       blank-key3.db
+Source5:       blank-secmod.db
+Source6:       blank-cert9.db
+Source7:       blank-key4.db
+Source8:       nss-pkcs11.txt
+Source9:       setup-nsssysinit.sh
+# from fedora
+# git clone https://git.fedorahosted.org/git/nss-pem.git
+# tar cjf ../SOURCES/libnss-pem-20140218.tar.bz2 nss-pem/
+%if %with_nsspem
+Source10:      libnss-pem-20140218.tar.bz2
+%endif
+Patch1:        libnss-3.12.3-no-rpath.patch
+Patch2:        libnss-3.12.3-nolocalsql.patch
+Patch3:        libnss-3.12.9-renegotiate-transitional.patch
+Patch4:        libnss-3.12.9-enable-pem.patch
+Patch5:        libnss-3.12.9-nsspem-642433.patch
+Patch6:        libnss-3.12.3-enable-pem.patch
+Patch7:        libnss-3.12.3-stubs-bug502133.patch
+Patch8:        libnss-3.12.9-honor-user-trust-preferences.patch
+Patch9:        libnss-3.12.9-system-nspr.patch
+Patch10:       libnss-3.15.1-opt_flags.patch
+Patch11:       libnss-3.12.9-ipv6-type-connections-bug539183.patch
+Patch12:       libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
+Patch13:       libnss-3.15.1-lfs-buildfixes.patch
+License:       GPL, MPL 1.1, LGPL
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libnspr-devel
+BuildRequires: libsqlite-devel
+BuildRequires: libz-devel
+## AUTOBUILDREQ-END
+BuildRequires: gawk
+BuildRequires: perl
+BuildRequires: pkgconfig
+BuildRequires: psmisc
+Obsoletes:     libmozilla-nss
+Provides:      libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release}
+Obsoletes:     libmozilla
+Conflicts:     libmozilla <= 1.7.13-1
+Requires:      %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release}
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+%package tools
+Summary:       Tools for the Network Security Services
+Group:         Applications/Security
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description tools
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+Install the nss-tools package if you need command-line tools to manipulate the NSS certificate and key database.
+
+%package devel
+Group:         Development/Libraries
+Summary:       Static libraries and headers for %{name}
+Obsoletes:     libmozilla-nss-devel
+Provides:      libmozilla-nss-devel = %{?epoch:%epoch:}%{version}-%{release}
+Conflicts:     libmozilla-devel <= 1.7.13-1
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description devel
+Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
+Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
+This package contains static libraries and header files need for development.
+
+%package sysinit
+Summary:       System NSS Initilization
+Group:         System/Tools
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+Requires:      coreutils
+Requires:      sed
+
+%description sysinit
+Default Operating System module that manages applications loading NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules.
+
+%prep
+%setup -q -n nss-%{version}
+#-D -T
+#:<< __EOF
+%patch3 -p3
+%if %with_nsspem
+tar -xf %{SOURCE10}
+mv nss-pem/nss/lib/ckfw/pem/ nss/lib/ckfw/
+
+%patch4 -p3
+#%patch5 -p3
+%endif
+#%patch8 -p1
+#%patch9 -p0
+%patch10 -p0
+#%patch11 -p0
+#%patch12 -p1
+%patch13 -p1
+
+%build
+#:<< __EOF
+export BUILD_OPT=1
+export XCFLAGS="%{optflags}"
+export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
+NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
+export NSPR_INCLUDE_DIR
+export NSPR_LIB_DIR
+export NSS_USE_SYSTEM_SQLITE=1
+export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
+
+%ifarch x86_64 ia64
+export USE_64=1
+%endif
+
+make -C ./nss/coreconf
+make -C ./nss/lib/dbm
+make -C ./nss CORE_DEPTH=`pwd`/nss
+
+cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+                 -e "s,%%prefix%%,%{_prefix},g" \
+                 -e "s,%%exec_prefix%%,%{_prefix},g" \
+                 -e "s,%%includedir%%,%{_includedir}/nss3,g" \
+                 -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
+                 -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc
+
+NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
+NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VMINOR" | awk '{print $3}'`
+NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | \
+   grep "#define.*NSS_VPATCH" | awk '{print $3}'`
+cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+                 -e "s,@prefix@,%{_prefix},g" \
+                 -e "s,@exec_prefix@,%{_prefix},g" \
+                 -e "s,@includedir@,%{_includedir}/nss3,g" \
+                 -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
+                 -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
+                 -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config
+
+cat %{SOURCE9} > setup-nsssysinit.sh
+
+%if %with_test
+export BUILD_OPT=1
+export HOST="localhost"
+export DOMSUF=" "
+export USE_IP=TRUE
+export IP_ADDRESS="127.0.0.1"
+cd nss/tests
+./all.sh
+#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || :
+#if [ $TEST_FAILURES -ne 0 ]; then
+#  echo "error: test suite returned failure(s)"
+#  exit 1
+#fi
+%endif
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
+install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config
+
+# copy all the binary libraries
+for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do
+   install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+%if %with_nsspem
+install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir}
+%endif
+
+# copy alle the chk files
+for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do
+   install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+# install the empty NSS db files
+# legacy db
+install -d %{buildroot}%{_sysconfdir}/pki/nssdb
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
+install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
+# shared db
+install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db
+install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db
+install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt
+
+
+# copy the development libraries we want
+for file in libcrmf.a libnssb.a libnssckfw.a; do
+   install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+done
+
+# copy the binaries we want
+for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do
+   install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir}
+done
+
+# copy unsupported tools
+mkdir -p %{buildroot}%{_libexecdir}/nss
+for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain; do
+   install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss
+done
+
+# pkcs11 configuration script
+mkdir -p %{buildroot}%{_sbindir}
+install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh
+
+# copy the include files
+install -d %{buildroot}%{_includedir}/nss3
+for file in dist/public/nss/*.h; do
+   install -m 644 $file %{buildroot}%{_includedir}/nss3
+done
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%{_libdir}/libnss3.so
+%{_libdir}/libssl3.so
+%{_libdir}/libsmime3.so
+%{_libdir}/libsoftokn3.so
+%{_libdir}/libsoftokn3.chk
+%{_libdir}/libnssckbi.so
+%{_libdir}/libfreebl3.so
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libnssutil3.so
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssdbm3.chk
+%if %with_nsspem
+%{_libdir}/libnsspem.so
+%endif
+%dir %{_sysconfdir}/pki/nssdb
+%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
+%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
+%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
+
+
+%post sysinit
+/sbin/ldconfig
+%{_sbindir}/setup-nsssysinit.sh on
+
+%preun sysinit
+if [ $1 = 0 ]; then
+  %{_sbindir}/setup-nsssysinit.sh off
+fi
+
+%postun sysinit -p /sbin/ldconfig
+
+%files sysinit
+%defattr(-,root,root)
+%{_sbindir}/setup-nsssysinit.sh
+%{_libdir}/libnsssysinit.so
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
+
+%files tools
+%defattr(-,root,root)
+%{_bindir}/certutil
+%{_bindir}/cmsutil
+%{_bindir}/crlutil
+%{_bindir}/modutil
+%{_bindir}/pk12util
+%{_bindir}/signtool
+%{_bindir}/signver
+%{_bindir}/ssltap
+%dir %{_libexecdir}/nss
+%{_libexecdir}/nss/*
+
+%files devel
+%defattr(-,root,root)
+%{_bindir}/nss-config
+%{_libdir}/libcrmf.a
+%{_libdir}/libnssb.a
+%{_libdir}/libnssckfw.a
+%{_libdir}/pkgconfig/nss.pc
+%{_includedir}/nss3/
+
+%changelog
+* Sat May 10 2014 Automatic Build System <autodist@mambasoft.it> 3.16.1-1mamba
+- automatic version update by autodist
+
+* Wed Apr 09 2014 Automatic Build System <autodist@mambasoft.it> 3.16-1mamba
+- automatic version update by autodist
+
+* Sun Mar 30 2014 Automatic Build System <autodist@mambasoft.it> 3.15.5-1mamba
+- automatic version update by autodist
+
+* Tue Feb 18 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 3.15.4-1mamba
+- update to 3.15.4
+
+* Tue Dec 10 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3.1-1mamba
+- automatic version update by autodist
+
+* Thu Nov 14 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-2mamba
+- rebuilt after breaking and fixing rpm
+
+* Wed Nov 13 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-1mamba
+- automatic version update by autodist
+
+* Mon Oct 07 2013 Automatic Build System <autodist@mambasoft.it> 3.15.2-1mamba
+- automatic version update by autodist
+
+* Fri Aug 30 2013 Automatic Build System <autodist@mambasoft.it> 3.15.1-1mamba
+- automatic version update by autodist
+
+* Sun Apr 07 2013 Automatic Build System <autodist@mambasoft.it> 3.14.3-1mamba
+- automatic version update by autodist
+
+* Fri Dec 28 2012 Automatic Build System <autodist@mambasoft.it> 3.14.1-1mamba
+- automatic version update by autodist
+
+* Sat Dec 01 2012 Automatic Build System <autodist@mambasoft.it> 3.14-1mamba
+- automatic version update by autodist
+
+* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 3.13.6-1mamba
+- automatic version update by autodist
+
+* Mon Mar 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.3-1mamba
+- update to 3.13.3
+
+* Fri Jan 06 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.1-1mamba
+- update to 3.13.1
+
+* Tue Aug 02 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.10-1mamba
+- update to 3.12.10
+
+* Sat Apr 09 2011 Ercole 'ercolinux' Carpanetto <ercole69@gmail.com> 3.12.9-3mamba
+- rebuilt with libsqlite 3.7.3-2
+
+* Sun Mar 20 2011 gil <puntogil@libero.it> 3.12.9-2mamba
+- ... add a changelog entry
+
+* Tue Jan 25 2011 gil <puntogil@libero.it> 3.12.9-1mamba
+- update to 3.12.9
+
+* Mon Nov 29 2010 gil <puntogil@libero.it> 3.12.8-1mamba
+- update to 3.12.8
+
+* Tue Sep 14 2010 gil <puntogil@libero.it> 3.12.7-1mamba
+- update to 3.12.7
+
+* Thu Jul 22 2010 gil <puntogil@libero.it> 3.12.6-2mamba
+- rebuil with libnspr 4.8.6; libsqlite 3.7.0
+
+* Fri Apr 02 2010 gil <puntogil@libero.it> 3.12.6-1mamba
+- update to 3.12.6
+
+* Sat Dec 12 2009 gil <puntogil@libero.it> 3.12.4-1mamba
+- update to 3.12.4
+
+* Wed Jul 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.3-1mamba
+- update to 3.12.3
+
+* Mon Jun 23 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12-2mamba
+- add patch to use system libsqlite
+- development nss-config and nss.pc files updated for linking with libnssutil3
+
+* Sat Jun 21 2008 gil <puntogil@libero.it> 3.12-1mamba
+- update to 3.12
+
+* Sat May 31 2008 gil <puntogil@libero.it> 3.11.9-1mamba
+- update to 3.11.9
+
+* Wed Jan 31 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 3.11.4-3qilnx
+- obsolete libmozilla
+
+* Wed Jan 24 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-2qilnx
+- conflicts libmozilla
+
+* Tue Jan 16 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-1qilnx
+- package created by autospec
--- a/nss-config.in
+++ b/nss-config.in
@ -0,0 +1,144 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+	[--prefix[=DIR]]
+	[--exec-prefix[=DIR]]
+	[--includedir[=DIR]]
+	[--libdir[=DIR]]
+	[--version]
+	[--libs]
+	[--cflags]
+Dynamic Libraries:
+	nss
+	ssl
+	smime
+EOF
+	exit $1
+}
+
+if test $# -eq 0; then
+	usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    ssl)
+      lib_ssl=yes
+      ;;
+    smime)
+      lib_smime=yes
+      ;;
+    nss)
+      lib_nss=yes
+      ;;
+    nssutil)
+      lib_nssutil=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+    includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+    libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+      if test -n "$lib_ssl"; then
+	libdirs="$libdirs -lssl${major_version}"
+      fi
+      if test -n "$lib_smime"; then
+	libdirs="$libdirs -lsmime${major_version}"
+      fi
+      if test -n "$lib_nss"; then
+	libdirs="$libdirs -lnss${major_version}"
+      fi
+      if test -n "$lib_nssutil"; then
+	libdirs="$libdirs -lnssutil${major_version}"
+      fi
+      echo $libdirs
+fi      
+
--- a/nss-pkcs11.txt
+++ b/nss-pkcs11.txt
@ -0,0 +1,4 @@
+library=libnsssysinit.so
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb'  certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
--- a/nss.pc.in
+++ b/nss.pc.in
@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS
+Description: Network Security Services
+Version: %NSS_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
--- a/setup-nsssysinit.sh
+++ b/setup-nsssysinit.sh
@ -0,0 +1,68 @@
+#!/bin/sh
+#
+# Turns on or off the nss-sysinit module db by editing the
+# global PKCS #11 congiguration file. Displays the status.
+#
+# This script can be invoked by the user as super user.
+# It is invoked at nss-sysinit post install time with argument on.
+#
+usage()
+{
+  cat <<EOF
+Usage: setup-nsssysinit [on|off]
+  on     - turns on nsssysinit
+  off    - turns off nsssysinit
+  status - reports whether nsssysinit is turned on or off
+EOF
+  exit $1
+}
+
+# validate
+if [ $# -eq 0 ]; then
+  usage 1 1>&2
+fi
+
+# the system-wide configuration file
+p11conf="/etc/pki/nssdb/pkcs11.txt"
+# must exist, otherwise report it and exit with failure
+if [ ! -f $p11conf ]; then
+  echo "Could not find ${p11conf}"
+  exit 1
+fi
+
+# check if nsssysinit is currently enabled or disabled
+sysinit_enabled()
+{
+  grep -q '^library=libnsssysinit' ${p11conf}
+}
+
+umask 022
+case "$1" in
+  on | ON )
+    if sysinit_enabled; then 
+      exit 0 
+    fi
+    cat ${p11conf} | \
+    sed -e 's/^library=$/library=libnsssysinit.so/' \
+        -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
+        ${p11conf}.on
+    mv ${p11conf}.on ${p11conf}
+    ;;
+  off | OFF )
+    if ! sysinit_enabled; then
+      exit 0
+    fi
+    cat ${p11conf} | \
+    sed -e 's/^library=libnsssysinit.so/library=/' \
+        -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
+        ${p11conf}.off
+    mv ${p11conf}.off ${p11conf}
+    ;;
+  status )
+    echo -n 'NSS sysinit is '
+    sysinit_enabled && echo 'enabled' || echo 'disabled'
+    ;;
+  * )
+    usage 1 1>&2
+    ;;
+esac