From 276caf649637e540e2b108e0c2ebf99b8abc32dd Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 6 Jan 2024 05:12:55 +0100 Subject: [PATCH] remove redhat coming possibly obsolete libnss-sysinit; install all libraries [release 3.27.1-3mamba;Sat Oct 08 2016] --- libnss-3.12.3-enable-pem.patch | 12 - libnss-3.12.3-no-rpath.patch | 14 - libnss-3.12.3-nolocalsql.patch | 52 ---- libnss-3.12.3-stubs-bug502133.patch | 23 -- ...-3.12.9-honor-user-trust-preferences.patch | 133 --------- ...12.9-ipv6-type-connections-bug539183.patch | 33 --- libnss-3.12.9-nsspem-642433.patch | 52 ---- libnss-3.12.9-renegotiate-transitional.patch | 12 - libnss-3.12.9-system-nspr.patch | 11 - libnss-3.15.4-add-missing-RSA_BlockOAEP.patch | 10 - ....patch => libnss-3.27.1-standalone-1.patch | 45 +-- libnss.spec | 271 ++++++++++-------- nss-pem-3.22-buildfix.patch | 22 -- 13 files changed, 177 insertions(+), 513 deletions(-) delete mode 100644 libnss-3.12.3-enable-pem.patch delete mode 100644 libnss-3.12.3-no-rpath.patch delete mode 100644 libnss-3.12.3-nolocalsql.patch delete mode 100644 libnss-3.12.3-stubs-bug502133.patch delete mode 100644 libnss-3.12.9-honor-user-trust-preferences.patch delete mode 100644 libnss-3.12.9-ipv6-type-connections-bug539183.patch delete mode 100644 libnss-3.12.9-nsspem-642433.patch delete mode 100644 libnss-3.12.9-renegotiate-transitional.patch delete mode 100644 libnss-3.12.9-system-nspr.patch delete mode 100644 libnss-3.15.4-add-missing-RSA_BlockOAEP.patch rename libnss-3.15.1-lfs-buildfixes.patch => libnss-3.27.1-standalone-1.patch (76%) delete mode 100644 nss-pem-3.22-buildfix.patch diff --git a/libnss-3.12.3-enable-pem.patch b/libnss-3.12.3-enable-pem.patch deleted file mode 100644 index 665a148..0000000 --- a/libnss-3.12.3-enable-pem.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn ---- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 -@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife - - CORE_DEPTH = ../../.. - --DIRS = builtins -+DIRS = builtins pem - - PRIVATE_EXPORTS = \ - ck.h \ diff --git a/libnss-3.12.3-no-rpath.patch b/libnss-3.12.3-no-rpath.patch deleted file mode 100644 index 35ea573..0000000 --- a/libnss-3.12.3-no-rpath.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100 -+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100 -@@ -52,9 +52,9 @@ - - ifeq ($(OS_ARCH), Linux) - ifeq ($(USE_64), 1) --EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' -+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' - else --EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' -+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' - endif - endif - diff --git a/libnss-3.12.3-nolocalsql.patch b/libnss-3.12.3-nolocalsql.patch deleted file mode 100644 index 21101fa..0000000 --- a/libnss-3.12.3-nolocalsql.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile ---- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200 -+++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200 -@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE) - DIRS := $(filter-out fortcrypt,$(DIRS)) - endif - --ifndef MOZILLA_CLIENT --ifndef NSS_USE_SYSTEM_SQLITE --DIRS := sqlite $(DIRS) --endif --endif -+#ifndef MOZILLA_CLIENT -+#ifndef NSS_USE_SYSTEM_SQLITE -+#DIRS := sqlite $(DIRS) -+#endif -+#endif - - ####################################################################### - # (5) Execute "global" rules. (OPTIONAL) # -diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn ---- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200 -+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200 -@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def - - DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" - --ifdef MOZILLA_CLIENT --INCLUDES += -I$(DIST)/include/sqlite3 --endif -+#ifdef MOZILLA_CLIENT -+#INCLUDES += -I$(DIST)/include/sqlite3 -+#endif - - CSRCS = \ - dbmshim.c \ -diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn ---- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100 -+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200 -@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def - - DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" - --ifdef MOZILLA_CLIENT --INCLUDES += -I$(DIST)/include/sqlite3 --endif -+#ifdef MOZILLA_CLIENT -+#INCLUDES += -I$(DIST)/include/sqlite3 -+#endif - - EXPORTS = \ - secmodt.h \ diff --git a/libnss-3.12.3-stubs-bug502133.patch b/libnss-3.12.3-stubs-bug502133.patch deleted file mode 100644 index a0f1503..0000000 --- a/libnss-3.12.3-stubs-bug502133.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c ---- ./mozilla/security/nss/lib/freebl/stubs.c 2009-03-28 19:21:50.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/stubs.c 2009-06-08 20:37:20.000000000 -0700 -@@ -558,8 +558,8 @@ FREEBL_InitStubs() - return SECFailure; - } - rv = freebl_InitNSPR(nspr); -- freebl_releaseLibrary(nspr); - if (rv != SECSuccess) { -+ freebl_releaseLibrary(nspr); - return rv; - } - } -@@ -570,8 +570,8 @@ FREEBL_InitStubs() - return SECFailure; - } - rv = freebl_InitNSSUtil(nssutil); -- freebl_releaseLibrary(nssutil); - if (rv != SECSuccess) { -+ freebl_releaseLibrary(nssutil); - return rv; - } - } diff --git a/libnss-3.12.9-honor-user-trust-preferences.patch b/libnss-3.12.9-honor-user-trust-preferences.patch deleted file mode 100644 index e9414de..0000000 --- a/libnss-3.12.9-honor-user-trust-preferences.patch +++ /dev/null @@ -1,133 +0,0 @@ -Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v -retrieving revision 1.30 -diff -u -p -r1.30 pk11load.c ---- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30 -+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000 -@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod - char *oldModuleSpec; - - if (secmod_IsInternalKeySlot(newModule)) { -- pk11_SetInternalKeySlot(slot); -- } -+ pk11_FirstInternalKeySlot(slot); -+ } - newID = slot->slotID; - PK11_FreeSlot(slot); - for (thisChild=children, thisID=ids; thisChild && *thisChild; -@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo - /* look down the slot info table */ - PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount); - SECMOD_SetRootCerts(mod->slots[i],mod); -+ /* explicitly mark the internal slot as such if IsInternalKeySlot() -+ * is set */ -+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) { -+ pk11_FirstInternalKeySlot(mod->slots[i]); -+ } - } - mod->slotCount = slotCount; - mod->slotInfoCount = 0; -Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v -retrieving revision 1.13 -diff -u -p -r1.13 pk11priv.h ---- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13 -+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000 -@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_ - PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot); - SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot); - void pk11_SetInternalKeySlot(PK11SlotInfo *slot); -+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot); - - /********************************************************************* - * Mechanism Mapping functions -Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v -retrieving revision 1.101 -diff -u -p -r1.101 pk11slot.c ---- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101 -+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000 -@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl - pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; - } - -+void -+pk11_FirstInternalKeySlot(PK11SlotInfo *slot) -+{ -+ if (pk11InternalKeySlot) { -+ return; -+ } -+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; -+} -+ - - /* get the internal key slot. FIPS has only one slot for both key slots and - * default slots */ -Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v -retrieving revision 1.2 -diff -u -p -r1.2 nsssysinit.c ---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2 -+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000 -@@ -221,7 +221,7 @@ getFIPSMode(void) - * 2 for the key slot, and - * 3 for the crypto operations slot fips - */ --#define ORDER_FLAGS "trustOrder=75 cipherOrder=100" -+#define ORDER_FLAGS "cipherOrder=100" - #define SLOT_FLAGS \ - "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \ - " askpw=any timeout=30 ]" -@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_ - "library= " - "module=\"NSS User database\" " - "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " -- "NSS=\"%sflags=internal%s\"", -+ "NSS=\"trustOrder=75 %sflags=internal%s\"", - userdb, stripped_parameters, nssflags, - isFIPS ? ",FIPS" : ""); - -@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_ - userdb, stripped_parameters); - } - --#if 0 -- /* This doesn't actually work. If we register -- both this and the sysdb (in either order) -- then only one of them actually shows up */ -- -- /* Using a NULL filename as a Boolean flag to -- * prevent registering both an application-defined -- * db and the system db. rhbz #546211. -- */ -- PORT_Assert(filename); -- if (sysdb && PL_CompareStrings(filename, sysdb)) -- filename = NULL; -- else if (userdb && PL_CompareStrings(filename, userdb)) -- filename = NULL; -- -- if (filename && !userIsRoot()) { -- module_list[next++] = PR_smprintf( -- "library= " -- "module=\"NSS database\" " -- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " -- "NSS=\"%sflags=internal\"",filename, filename, nssflags); -- } --#endif -- - /* now the system database (always read only unless it's root) */ - if (sysdb) { - const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; -@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_ - "library= " - "module=\"NSS system database\" " - "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " -- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); -+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags); - } - - /* that was the last module */ diff --git a/libnss-3.12.9-ipv6-type-connections-bug539183.patch b/libnss-3.12.9-ipv6-type-connections-bug539183.patch deleted file mode 100644 index d86a705..0000000 --- a/libnss-3.12.9-ipv6-type-connections-bug539183.patch +++ /dev/null @@ -1,33 +0,0 @@ -Index: mozilla/security/nss/cmd/selfserv/selfserv.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v -retrieving revision 1.94 -diff -p -u -8 -r1.94 selfserv.c ---- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 -+++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 -@@ -1487,21 +1487,21 @@ PRFileDesc * - getBoundListenSocket(unsigned short port) - { - PRFileDesc * listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { - errExit("PR_NewTCPSocket"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { diff --git a/libnss-3.12.9-nsspem-642433.patch b/libnss-3.12.9-nsspem-642433.patch deleted file mode 100644 index 710919b..0000000 --- a/libnss-3.12.9-nsspem-642433.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c ---- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800 -@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item - return (result); - - loser: -- if (result != NULL) { -- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE); -- } - return (NULL); - } - -@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds - - prStatus = PR_GetOpenFileInfo(src, &info); - -- if (prStatus != PR_SUCCESS) { -+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) { - return SECFailure; - } - -@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds - - return SECSuccess; - loser: -- SECITEM_FreeItem(dst, PR_FALSE); -- nss_ZFreeIf(dst); -+ nss_ZFreeIf(dst->data); - return SECFailure; - } - -@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha - - /* Read in ascii data */ - rv = FileToItem(&filedata, inFile); -+ if (rv != SECSuccess) { -+ PR_Close(inFile); -+ return -1; -+ } - asc = (char *) filedata.data; - if (!asc) { - PR_Close(inFile); -@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha - } else { - /* Read in binary der */ - rv = FileToItem(der, inFile); -- if (rv) { -+ if (rv != SECSuccess) { - PR_Close(inFile); - return -1; - } diff --git a/libnss-3.12.9-renegotiate-transitional.patch b/libnss-3.12.9-renegotiate-transitional.patch deleted file mode 100644 index 3dc6eec..0000000 --- a/libnss-3.12.9-renegotiate-transitional.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700 -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - PR_FALSE, /* enableFalseStart */ - }; diff --git a/libnss-3.12.9-system-nspr.patch b/libnss-3.12.9-system-nspr.patch deleted file mode 100644 index 97cdc7e..0000000 --- a/libnss-3.12.9-system-nspr.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- mozilla/security/nss/Makefile 2009-12-08 17:47:03.000000000 +0100 -+++ mozilla/security/nss/Makefile-gil 2011-01-26 01:02:44.000000000 +0100 -@@ -78,7 +78,7 @@ - # (7) Execute "local" rules. (OPTIONAL). # - ####################################################################### - --nss_build_all: build_coreconf build_nspr build_dbm all -+nss_build_all: build_coreconf build_dbm all - - nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber - diff --git a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch deleted file mode 100644 index 43541fc..0000000 --- a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig 2014-02-18 14:09:04.195114868 +0100 -+++ nss-3.15.4/nss/lib/freebl/rsapkcs.c 2014-02-18 14:09:13.416071147 +0100 -@@ -32,6 +32,7 @@ - RSA_BlockUnused = 0, /* unused */ - RSA_BlockPrivate = 1, /* pad for a private-key operation */ - RSA_BlockPublic = 2, /* pad for a public-key operation */ -+ RSA_BlockOAEP = 3, - RSA_BlockRaw = 4, /* simply justify the block appropriately */ - RSA_BlockTotal - } RSA_BlockType; diff --git a/libnss-3.15.1-lfs-buildfixes.patch b/libnss-3.27.1-standalone-1.patch similarity index 76% rename from libnss-3.15.1-lfs-buildfixes.patch rename to libnss-3.27.1-standalone-1.patch index 289dbc2..33b09b8 100644 --- a/libnss-3.15.1-lfs-buildfixes.patch +++ b/libnss-3.27.1-standalone-1.patch @@ -1,13 +1,16 @@ -Submitted By: Armin K. -Date: 2013-07-02 -Initial Package Version: 3.15 +Submitted By: Fernando de Oliveira +Date: 2015-11-10 +Initial Package Version: 3.21 Upstream Status: Not applicable -Origin: Based on dj's original patch, rediffed and modified for 3.15 -Description: Adds auto-generated nss.pc and nss-config script, and allows - building without nspr in the source tree. +Origin: Based on dj's original patch, rediffed and + modified for 3.15 by Armin K. + +Description: Adds auto-generated nss.pc and nss-config script, and + allows building without nspr in the source tree. ---- a/nss/config/Makefile 1970-01-01 01:00:00.000000000 +0100 -+++ b/nss/config/Makefile 2013-07-02 14:53:56.684750636 +0200 +diff -Naur nss-3.21.orig/nss/config/Makefile nss-3.21/nss/config/Makefile +--- nss-3.21.orig/nss/config/Makefile 1969-12-31 21:00:00.000000000 -0300 ++++ nss-3.21/nss/config/Makefile 2015-11-10 12:54:49.358835857 -0300 @@ -0,0 +1,40 @@ +CORE_DEPTH = .. +DEPTH = .. @@ -49,8 +52,9 @@ Description: Adds auto-generated nss.pc and nss-config script, and a + +dummy: all export libs + ---- a/nss/config/nss-config.in 1970-01-01 01:00:00.000000000 +0100 -+++ b/nss/config/nss-config.in 2013-07-02 14:52:58.328084334 +0200 +diff -Naur nss-3.21.orig/nss/config/nss-config.in nss-3.21/nss/config/nss-config.in +--- nss-3.21.orig/nss/config/nss-config.in 1969-12-31 21:00:00.000000000 -0300 ++++ nss-3.21/nss/config/nss-config.in 2015-11-10 12:54:49.359835835 -0300 @@ -0,0 +1,153 @@ +#!/bin/sh + @@ -205,8 +209,9 @@ Description: Adds auto-generated nss.pc and nss-config script, and a + echo $libdirs +fi + ---- a/nss/config/nss.pc.in 1970-01-01 01:00:00.000000000 +0100 -+++ b/nss/config/nss.pc.in 2013-07-02 14:52:58.328084334 +0200 +diff -Naur nss-3.21.orig/nss/config/nss.pc.in nss-3.21/nss/config/nss.pc.in +--- nss-3.21.orig/nss/config/nss.pc.in 1969-12-31 21:00:00.000000000 -0300 ++++ nss-3.21/nss/config/nss.pc.in 2015-11-10 12:54:49.359835835 -0300 @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ @@ -220,9 +225,10 @@ Description: Adds auto-generated nss.pc and nss-config script, and a +Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@ +Cflags: -I${includedir} + ---- a/nss/Makefile 2013-05-28 23:43:24.000000000 +0200 -+++ b/nss/Makefile 2013-07-02 14:52:58.328084334 +0200 -@@ -44,7 +44,7 @@ +diff -Naur nss-3.21.orig/nss/Makefile nss-3.21/nss/Makefile +--- nss-3.21.orig/nss/Makefile 2015-11-09 02:12:59.000000000 -0300 ++++ nss-3.21/nss/Makefile 2015-11-10 12:54:49.359835835 -0300 +@@ -46,7 +46,7 @@ # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### @@ -231,11 +237,12 @@ Description: Adds auto-generated nss.pc and nss-config script, and a nss_clean_all: clobber_nspr clobber ---- a/nss/manifest.mn 2013-05-28 23:43:24.000000000 +0200 -+++ b/nss/manifest.mn 2013-07-02 14:52:58.331417666 +0200 +diff -Naur nss-3.21.orig/nss/manifest.mn nss-3.21/nss/manifest.mn +--- nss-3.21.orig/nss/manifest.mn 2015-11-09 02:12:59.000000000 -0300 ++++ nss-3.21/nss/manifest.mn 2015-11-10 12:59:22.439784449 -0300 @@ -10,4 +10,4 @@ RELEASE = nss --DIRS = coreconf lib cmd -+DIRS = coreconf lib cmd config +-DIRS = coreconf lib cmd external_tests ++DIRS = coreconf lib cmd external_tests config diff --git a/libnss.spec b/libnss.spec index 61ce529..7933bd5 100644 --- a/libnss.spec +++ b/libnss.spec @@ -4,15 +4,15 @@ %define with_test 0 %define with_nsspem 1 Name: libnss -Version: 3.23 -Release: 1mamba +Version: 3.27.1 +Release: 3mamba Summary: Network Security Services Group: System/Libraries Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco URL: http://www.mozilla.org/projects/security/pki/nss/ -Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz +Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db @@ -29,36 +29,31 @@ Source9: setup-nsssysinit.sh #Source10: libnss-pem-20140218.tar.bz2 Source10: https://git.fedorahosted.org/git/nss-pem.git/master/nss-pem-%{version}.tar.bz2 %endif -Patch1: libnss-3.12.3-no-rpath.patch -Patch2: libnss-3.12.3-nolocalsql.patch -Patch3: libnss-3.12.9-renegotiate-transitional.patch Patch4: libnss-3.12.9-enable-pem.patch -Patch5: libnss-3.12.9-nsspem-642433.patch -Patch6: libnss-3.12.3-enable-pem.patch -Patch7: libnss-3.12.3-stubs-bug502133.patch -Patch8: libnss-3.12.9-honor-user-trust-preferences.patch -Patch9: libnss-3.12.9-system-nspr.patch Patch10: libnss-3.15.1-opt_flags.patch -Patch11: libnss-3.12.9-ipv6-type-connections-bug539183.patch -Patch12: libnss-3.15.4-add-missing-RSA_BlockOAEP.patch -Patch13: libnss-3.15.1-lfs-buildfixes.patch -Patch14: nss-pem-3.22-buildfix.patch +Patch15: libnss-3.27.1-standalone-1.patch License: GPL, MPL 1.1, LGPL ## AUTOBUILDREQ-BEGIN -BuildRequires: glibc-devel +BuildRequires: libgcc BuildRequires: libnspr-devel BuildRequires: libsqlite-devel +BuildRequires: libstdc++6-devel BuildRequires: libz-devel ## AUTOBUILDREQ-END +BuildRequires: libnspr-devel >= 4.13 BuildRequires: gawk BuildRequires: perl BuildRequires: pkgconfig BuildRequires: psmisc +BuildRequires: libsqlite-devel >= 3.14.2.0 +Requires: libnspr >= 4.13 Obsoletes: libmozilla-nss Provides: libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release} Obsoletes: libmozilla Conflicts: libmozilla <= 1.7.13-1 -Requires: %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release} +#Requires: %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release} +Provides: libnss-sysinit +Obsoletes: libnss-sysinit BuildRoot: %{_tmppath}/%{name}-%{version}-root %description @@ -104,20 +99,17 @@ Default Operating System module that manages applications loading NSS globally o %setup -q -n nss-%{version} #-D -T #:<< __EOF -#%patch3 -p3 %if %with_nsspem tar -xf %{SOURCE10} mv nss-pem-%{version}/nss/lib/ckfw/pem/ nss/lib/ckfw/ -#%patch14 -p0 %patch4 -p3 -#%patch5 -p3 %endif -#%patch8 -p1 -#%patch9 -p0 %patch10 -p0 -#%patch11 -p0 -#%patch12 -p1 -#%patch13 -p1 +%patch15 -p1 + +%ifarch x86_64 +sed -i "s|/lib,|/lib64,|" nss/config/Makefile +%endif %build #:<< __EOF @@ -132,83 +124,91 @@ export NSPR_LIB_DIR export NSS_USE_SYSTEM_SQLITE=1 export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -%ifarch x86_64 ia64 -export USE_64=1 +%make -j1 -C nss \ + BUILD_OPT=1 \ + NSPR_INCLUDE_DIR=%{_includedir}/nspr \ + USE_SYSTEM_ZLIB=1 \ + ZLIB_LIBS=-lz \ +%ifarch x86_64 + USE_64=1 \ %endif + NSS_USE_SYSTEM_SQLITE=1 -make -C ./nss/coreconf -make -C ./nss/lib/dbm -make -C ./nss CORE_DEPTH=`pwd`/nss - -cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ - -e "s,%%prefix%%,%{_prefix},g" \ - -e "s,%%exec_prefix%%,%{_prefix},g" \ - -e "s,%%includedir%%,%{_includedir}/nss3,g" \ - -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ - -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc - -%define majver %(echo %version | cut -d. -f1) -%define minver %(echo %version | cut -d. -f2) -%define patchver %(echo %version | cut -d. -f3) - -NSS_VMAJOR=%majver -NSS_VMINOR=%minver -NSS_VPATCH=%patchver -cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ - -e "s,@prefix@,%{_prefix},g" \ - -e "s,@exec_prefix@,%{_prefix},g" \ - -e "s,@includedir@,%{_includedir}/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ - -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ - -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config - -cat %{SOURCE9} > setup-nsssysinit.sh - -%if %with_test -export BUILD_OPT=1 -export HOST="localhost" -export DOMSUF=" " -export USE_IP=TRUE -export IP_ADDRESS="127.0.0.1" -cd nss/tests -./all.sh -#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || : -#if [ $TEST_FAILURES -ne 0 ]; then -# echo "error: test suite returned failure(s)" -# exit 1 -#fi -%endif +#make -C ./nss/coreconf +#make -C ./nss/lib/dbm +#make -C ./nss CORE_DEPTH=`pwd`/nss +# +#cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ +# -e "s,%%prefix%%,%{_prefix},g" \ +# -e "s,%%exec_prefix%%,%{_prefix},g" \ +# -e "s,%%includedir%%,%{_includedir}/nss3,g" \ +# -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ +# -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc +# +#%define majver %(echo %version | cut -d. -f1) +#%define minver %(echo %version | cut -d. -f2) +#%define patchver %(echo %version | cut -d. -f3) +# +#NSS_VMAJOR=%majver +#NSS_VMINOR=%minver +#NSS_VPATCH=%patchver +#cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ +# -e "s,@prefix@,%{_prefix},g" \ +# -e "s,@exec_prefix@,%{_prefix},g" \ +# -e "s,@includedir@,%{_includedir}/nss3,g" \ +# -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ +# -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ +# -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config +# +#cat %{SOURCE9} > setup-nsssysinit.sh +# +#% if %with_test +#export BUILD_OPT=1 +#export HOST="localhost" +#export DOMSUF=" " +#export USE_IP=TRUE +#export IP_ADDRESS="127.0.0.1" +#cd nss/tests +#./all.sh +##TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || : +##if [ $TEST_FAILURES -ne 0 ]; then +## echo "error: test suite returned failure(s)" +## exit 1 +##fi +#% endif %install [ "%{buildroot}" != / ] && rm -rf "%{buildroot}" -install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc -install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config + +install -D -m644 dist/Linux*/lib/pkgconfig/nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc +#install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc +#install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config # copy all the binary libraries -for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do - install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir} +install -d -m0755 %{buildroot}%{_bindir} +for file in dist/*.OBJ/lib/*.so; do + install -m 755 $file %{buildroot}%{_libdir} done -%if %with_nsspem -install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir} -%endif +#% if %with_nsspem +#install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir} +#% endif # copy alle the chk files -for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do - install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir} +for file in dist/*.OBJ/lib/*.chk; do + install -m 644 $file %{buildroot}%{_libdir} done -# install the empty NSS db files -# legacy db -install -d %{buildroot}%{_sysconfdir}/pki/nssdb -install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db -install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db -install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db -# shared db -install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db -install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db -install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt - +## install the empty NSS db files +## legacy db +#install -d %{buildroot}%{_sysconfdir}/pki/nssdb +#install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db +#install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db +#install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db +## shared db +#install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db +#install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db +#install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt # copy the development libraries we want for file in libcrmf.a libnssb.a libnssckfw.a; do @@ -216,7 +216,7 @@ for file in libcrmf.a libnssb.a libnssckfw.a; do done # copy the binaries we want -for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do +for file in certutil cmsutil crlutil modutil nss-config pk12util signtool signver ssltap; do install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir} done @@ -226,16 +226,18 @@ for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss done -# pkcs11 configuration script -mkdir -p %{buildroot}%{_sbindir} -install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh +## pkcs11 configuration script +#mkdir -p %{buildroot}%{_sbindir} +#install -pm 755 %{SOURCE9} %{buildroot}%{_sbindir}/setup-nsssysinit.sh # copy the include files install -d %{buildroot}%{_includedir}/nss3 -for file in dist/public/nss/*.h; do +for file in dist/public/nss/*.h dist/private/nss/*.h; do install -m 644 $file %{buildroot}%{_includedir}/nss3 done +ln -s nss3 %{buildroot}%{_includedir}/nss + %clean [ "%{buildroot}" != / ] && rm -rf "%{buildroot}" @@ -244,44 +246,47 @@ done %files %defattr(-,root,root) +%{_libdir}/libfreebl3.so +%{_libdir}/libfreebl3.chk +%{_libdir}/libfreeblpriv3.chk +%{_libdir}/libfreeblpriv3.so +%{_libdir}/libgtest1.so %{_libdir}/libnss3.so +%{_libdir}/libnssckbi.so +%{_libdir}/libnssdbm3.so +%{_libdir}/libnssdbm3.chk +%{_libdir}/libnsssysinit.so +%{_libdir}/libnssutil3.so %{_libdir}/libssl3.so %{_libdir}/libsmime3.so %{_libdir}/libsoftokn3.so %{_libdir}/libsoftokn3.chk -%{_libdir}/libnssckbi.so -%{_libdir}/libfreebl3.so -%{_libdir}/libfreebl3.chk -%{_libdir}/libnssutil3.so -%{_libdir}/libnssdbm3.so -%{_libdir}/libnssdbm3.chk %if %with_nsspem %{_libdir}/libnsspem.so %endif -%dir %{_sysconfdir}/pki/nssdb -%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db -%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db -%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db +#%dir %{_sysconfdir}/pki/nssdb +#%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db +#%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db +#%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db -%post sysinit -/sbin/ldconfig -%{_sbindir}/setup-nsssysinit.sh on +#%post sysinit +#/sbin/ldconfig +#%{_sbindir}/setup-nsssysinit.sh on -%preun sysinit -if [ $1 = 0 ]; then - %{_sbindir}/setup-nsssysinit.sh off -fi +#%preun sysinit +#if [ $1 = 0 ]; then +# %{_sbindir}/setup-nsssysinit.sh off +#fi -%postun sysinit -p /sbin/ldconfig +#%postun sysinit -p /sbin/ldconfig -%files sysinit -%defattr(-,root,root) -%{_sbindir}/setup-nsssysinit.sh -%{_libdir}/libnsssysinit.so -%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db -%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db -%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt +#%files sysinit +#%defattr(-,root,root) +#%{_sbindir}/setup-nsssysinit.sh +#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db +#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db +#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt %files tools %defattr(-,root,root) @@ -303,9 +308,35 @@ fi %{_libdir}/libnssb.a %{_libdir}/libnssckfw.a %{_libdir}/pkgconfig/nss.pc -%{_includedir}/nss3/ +%{_includedir}/nss +%dir %{_includedir}/nss3 +%{_includedir}/nss3/* %changelog +* Sat Oct 08 2016 Silvan Calarco 3.27.1-3mamba +- remove redhat coming possibly obsolete libnss-sysinit; install all libraries + +* Sat Oct 08 2016 Silvan Calarco 3.27.1-2mamba +- rebuilt with libsqlite 3.14.2.0 + +* Fri Oct 07 2016 Silvan Calarco 3.27.1-1mamba +- update to 3.27.1 + +* Fri Oct 07 2016 Silvan Calarco 3.26-2mamba +- rebuilt with libnspr 4.13 + +* Fri Oct 07 2016 Automatic Build System 3.26-1mamba +- automatic version update by autodist + +* Wed Jul 06 2016 Automatic Build System 3.25-2mamba +- automatic version update by autodist + +* Tue Jul 05 2016 Automatic Build System 3.25-1mamba +- automatic version update by autodist + +* Wed Jun 08 2016 Automatic Build System 3.24-1mamba +- automatic version update by autodist + * Thu May 05 2016 Automatic Build System 3.23-1mamba - automatic version update by autodist diff --git a/nss-pem-3.22-buildfix.patch b/nss-pem-3.22-buildfix.patch deleted file mode 100644 index f7a8d13..0000000 --- a/nss-pem-3.22-buildfix.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- nss/lib/ckfw/pem/pinst.c.orig 2016-02-19 18:32:43.545902319 +0100 -+++ nss/lib/ckfw/pem/pinst.c 2016-02-19 18:32:50.773900029 +0100 -@@ -581,7 +581,7 @@ - - objid = pem_nobjs + 1; - -- nickname = getUniquePEMNicknameFromFilename(certfile, i); -+ nickname = getUniquePEMNicknameFromFilename(certfile, 0); - if (!nickname) { - error = CKR_GENERAL_ERROR; - goto loser; ---- nss/lib/ckfw/pem/pinst.c.orig 2016-02-19 18:54:07.225438587 +0100 -+++ nss/lib/ckfw/pem/pinst.c 2016-02-19 18:54:37.368427084 +0100 -@@ -534,7 +534,7 @@ - AddCertificate(char *certfile, char *keyfile, PRBool cacert, - CK_SLOT_ID slotID) - { -- pemInternalObject *o; -+ pemInternalObject *o = NULL; - CK_RV error = 0; - int objid, i; - int nobjs = 0;