From 276caf649637e540e2b108e0c2ebf99b8abc32dd Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Sat, 6 Jan 2024 05:12:55 +0100
Subject: [PATCH] remove redhat coming possibly obsolete libnss-sysinit;
 install all libraries [release 3.27.1-3mamba;Sat Oct 08 2016]

---
 libnss-3.12.3-enable-pem.patch                |  12 -
 libnss-3.12.3-no-rpath.patch                  |  14 -
 libnss-3.12.3-nolocalsql.patch                |  52 ----
 libnss-3.12.3-stubs-bug502133.patch           |  23 --
 ...-3.12.9-honor-user-trust-preferences.patch | 133 ---------
 ...12.9-ipv6-type-connections-bug539183.patch |  33 ---
 libnss-3.12.9-nsspem-642433.patch             |  52 ----
 libnss-3.12.9-renegotiate-transitional.patch  |  12 -
 libnss-3.12.9-system-nspr.patch               |  11 -
 libnss-3.15.4-add-missing-RSA_BlockOAEP.patch |  10 -
 ....patch => libnss-3.27.1-standalone-1.patch |  45 +--
 libnss.spec                                   | 271 ++++++++++--------
 nss-pem-3.22-buildfix.patch                   |  22 --
 13 files changed, 177 insertions(+), 513 deletions(-)
 delete mode 100644 libnss-3.12.3-enable-pem.patch
 delete mode 100644 libnss-3.12.3-no-rpath.patch
 delete mode 100644 libnss-3.12.3-nolocalsql.patch
 delete mode 100644 libnss-3.12.3-stubs-bug502133.patch
 delete mode 100644 libnss-3.12.9-honor-user-trust-preferences.patch
 delete mode 100644 libnss-3.12.9-ipv6-type-connections-bug539183.patch
 delete mode 100644 libnss-3.12.9-nsspem-642433.patch
 delete mode 100644 libnss-3.12.9-renegotiate-transitional.patch
 delete mode 100644 libnss-3.12.9-system-nspr.patch
 delete mode 100644 libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
 rename libnss-3.15.1-lfs-buildfixes.patch => libnss-3.27.1-standalone-1.patch (76%)
 delete mode 100644 nss-pem-3.22-buildfix.patch

diff --git a/libnss-3.12.3-enable-pem.patch b/libnss-3.12.3-enable-pem.patch
deleted file mode 100644
index 665a148..0000000
--- a/libnss-3.12.3-enable-pem.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
---- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
-+++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
-@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
- 
- CORE_DEPTH = ../../..
- 
--DIRS = builtins 
-+DIRS = builtins pem
- 
- PRIVATE_EXPORTS = \
- 	ck.h		  \
diff --git a/libnss-3.12.3-no-rpath.patch b/libnss-3.12.3-no-rpath.patch
deleted file mode 100644
index 35ea573..0000000
--- a/libnss-3.12.3-no-rpath.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2007-02-19 07:17:06.000000000 +0100
-+++ ./mozilla/security/nss/cmd/platlibs.mk	2007-02-19 07:18:07.000000000 +0100
-@@ -52,9 +52,9 @@
- 
- ifeq ($(OS_ARCH), Linux)
- ifeq ($(USE_64), 1)
--EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
- else
--EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
- endif
- endif
- 
diff --git a/libnss-3.12.3-nolocalsql.patch b/libnss-3.12.3-nolocalsql.patch
deleted file mode 100644
index 21101fa..0000000
--- a/libnss-3.12.3-nolocalsql.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
---- ./mozilla/security/nss/lib/Makefile.nolocalsql	2007-07-19 23:36:49.000000000 +0200
-+++ ./mozilla/security/nss/lib/Makefile	2009-04-14 17:07:40.000000000 +0200
-@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
- DIRS := $(filter-out fortcrypt,$(DIRS))
- endif
- 
--ifndef MOZILLA_CLIENT
--ifndef NSS_USE_SYSTEM_SQLITE
--DIRS := sqlite $(DIRS)
--endif
--endif
-+#ifndef MOZILLA_CLIENT
-+#ifndef NSS_USE_SYSTEM_SQLITE
-+#DIRS := sqlite $(DIRS)
-+#endif
-+#endif
- 
- #######################################################################
- # (5) Execute "global" rules. (OPTIONAL)                              #
-diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
---- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2007-07-19 23:36:50.000000000 +0200
-+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2009-04-14 17:07:40.000000000 +0200
-@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
- 
- DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
- 
--ifdef MOZILLA_CLIENT
--INCLUDES += -I$(DIST)/include/sqlite3
--endif
-+#ifdef MOZILLA_CLIENT
-+#INCLUDES += -I$(DIST)/include/sqlite3
-+#endif
- 
- CSRCS = \
- 	dbmshim.c \
-diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
---- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2009-03-25 17:21:37.000000000 +0100
-+++ ./mozilla/security/nss/lib/softoken/manifest.mn	2009-04-14 17:07:40.000000000 +0200
-@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
- 
- DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
- 
--ifdef MOZILLA_CLIENT
--INCLUDES += -I$(DIST)/include/sqlite3
--endif
-+#ifdef MOZILLA_CLIENT
-+#INCLUDES += -I$(DIST)/include/sqlite3
-+#endif
- 
- EXPORTS = \
- 	secmodt.h \
diff --git a/libnss-3.12.3-stubs-bug502133.patch b/libnss-3.12.3-stubs-bug502133.patch
deleted file mode 100644
index a0f1503..0000000
--- a/libnss-3.12.3-stubs-bug502133.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c
---- ./mozilla/security/nss/lib/freebl/stubs.c	2009-03-28 19:21:50.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/stubs.c	2009-06-08 20:37:20.000000000 -0700
-@@ -558,8 +558,8 @@ FREEBL_InitStubs()
- 	    return SECFailure;
- 	}
- 	rv = freebl_InitNSPR(nspr);
--	freebl_releaseLibrary(nspr);
- 	if (rv != SECSuccess) {
-+	    freebl_releaseLibrary(nspr);
- 	    return rv;
- 	}
-     }
-@@ -570,8 +570,8 @@ FREEBL_InitStubs()
- 	    return SECFailure;
- 	}
- 	rv = freebl_InitNSSUtil(nssutil);
--	freebl_releaseLibrary(nssutil);
- 	if (rv != SECSuccess) {
-+	    freebl_releaseLibrary(nssutil);
- 	    return rv;
- 	}
-     }
diff --git a/libnss-3.12.9-honor-user-trust-preferences.patch b/libnss-3.12.9-honor-user-trust-preferences.patch
deleted file mode 100644
index e9414de..0000000
--- a/libnss-3.12.9-honor-user-trust-preferences.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
-retrieving revision 1.30
-diff -u -p -r1.30 pk11load.c
---- ./mozilla/security/nss/lib/pk11wrap/pk11load.c	30 Apr 2010 07:22:54 -0000	1.30
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c	22 Jan 2011 05:39:07 -0000
-@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
- 	char *oldModuleSpec;
- 
- 	if (secmod_IsInternalKeySlot(newModule)) {
--	    pk11_SetInternalKeySlot(slot);
--	}
-+	    pk11_FirstInternalKeySlot(slot);
-+	} 
- 	newID = slot->slotID;
- 	PK11_FreeSlot(slot);
- 	for (thisChild=children, thisID=ids; thisChild && *thisChild; 
-@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
- 	    /* look down the slot info table */
- 	    PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
- 	    SECMOD_SetRootCerts(mod->slots[i],mod);
-+	    /* explicitly mark the internal slot as such if IsInternalKeySlot()
-+	     * is set */
-+	    if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
-+		pk11_FirstInternalKeySlot(mod->slots[i]);
-+	    } 
- 	}
- 	mod->slotCount = slotCount;
- 	mod->slotInfoCount = 0;
-Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
-retrieving revision 1.13
-diff -u -p -r1.13 pk11priv.h
---- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	27 Oct 2009 23:04:46 -0000	1.13
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	22 Jan 2011 05:39:07 -0000
-@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
- PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
- SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
- void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
-+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
- 
- /*********************************************************************
-  *       Mechanism Mapping functions
-Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
-retrieving revision 1.101
-diff -u -p -r1.101 pk11slot.c
---- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	3 Apr 2010 18:27:31 -0000	1.101
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	22 Jan 2011 05:39:08 -0000
-@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
-    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
- }
- 
-+void
-+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
-+{
-+   if (pk11InternalKeySlot) {
-+	return;
-+   }
-+   pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
-+}
-+
- 
- /* get the internal key slot. FIPS has only one slot for both key slots and
-  * default slots */
-Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
-retrieving revision 1.2
-diff -u -p -r1.2 nsssysinit.c
---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c	6 Feb 2010 04:56:37 -0000	1.2
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	22 Jan 2011 05:39:08 -0000
-@@ -221,7 +221,7 @@ getFIPSMode(void)
-  * 2 for the key slot, and
-  * 3 for the crypto operations slot fips
-  */
--#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
-+#define ORDER_FLAGS "cipherOrder=100"
- #define SLOT_FLAGS \
- 	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
- 	" askpw=any timeout=30 ]"
-@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
- 	    "library= "
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
--        "NSS=\"%sflags=internal%s\"",
-+        "NSS=\"trustOrder=75 %sflags=internal%s\"",
-         userdb, stripped_parameters, nssflags,
-         isFIPS ? ",FIPS" : "");
- 
-@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
- 		userdb, stripped_parameters);
- 	}
- 
--#if 0
--	/* This doesn't actually work. If we register
--		both this and the sysdb (in either order)
--		then only one of them actually shows up */
--
--    /* Using a NULL filename as a Boolean flag to
--     * prevent registering both an application-defined
--     * db and the system db. rhbz #546211.
--     */
--    PORT_Assert(filename);
--    if (sysdb && PL_CompareStrings(filename, sysdb))
--	    filename = NULL;
--    else if (userdb && PL_CompareStrings(filename, userdb))
--	    filename = NULL;
--
--    if (filename && !userIsRoot()) {
--	    module_list[next++] = PR_smprintf(
--	      "library= "
--	      "module=\"NSS database\" "
--	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
--	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
--    }
--#endif
--
-     /* now the system database (always read only unless it's root) */
-     if (sysdb) {
- 	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
- 	      "library= "
- 	      "module=\"NSS system database\" "
- 	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
--	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-+	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
-     }
- 
-     /* that was the last module */
diff --git a/libnss-3.12.9-ipv6-type-connections-bug539183.patch b/libnss-3.12.9-ipv6-type-connections-bug539183.patch
deleted file mode 100644
index d86a705..0000000
--- a/libnss-3.12.9-ipv6-type-connections-bug539183.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Index: mozilla/security/nss/cmd/selfserv/selfserv.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
-retrieving revision 1.94
-diff -p -u -8 -r1.94 selfserv.c
---- mozilla/security/nss/cmd/selfserv/selfserv.c	3 Apr 2010 18:27:27 -0000	1.94
-+++ mozilla/security/nss/cmd/selfserv/selfserv.c	24 Feb 2011 02:28:02 -0000
-@@ -1487,21 +1487,21 @@ PRFileDesc *
- getBoundListenSocket(unsigned short port)
- {
-     PRFileDesc *       listen_sock;
-     int                listenQueueDepth = 5 + (2 * maxThreads);
-     PRStatus	       prStatus;
-     PRNetAddr          addr;
-     PRSocketOptionData opt;
- 
--    addr.inet.family = PR_AF_INET;
--    addr.inet.ip     = PR_INADDR_ANY;
--    addr.inet.port   = PR_htons(port);
-+    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
-+	errExit("PR_SetNetAddr");
-+    }
- 
--    listen_sock = PR_NewTCPSocket();
-+    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
-     if (listen_sock == NULL) {
- 	errExit("PR_NewTCPSocket");
-     }
- 
-     opt.option = PR_SockOpt_Nonblocking;
-     opt.value.non_blocking = PR_FALSE;
-     prStatus = PR_SetSocketOption(listen_sock, &opt);
-     if (prStatus < 0) {
diff --git a/libnss-3.12.9-nsspem-642433.patch b/libnss-3.12.9-nsspem-642433.patch
deleted file mode 100644
index 710919b..0000000
--- a/libnss-3.12.9-nsspem-642433.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
---- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433	2010-11-25 10:49:27.000000000 -0800
-+++ ./mozilla/security/nss/lib/ckfw/pem/util.c	2010-12-08 08:02:02.618304926 -0800
-@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
-     return (result);
- 
-   loser:
--    if (result != NULL) {
--	SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
--    }
-     return (NULL);
- }
- 
-@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
- 
-     prStatus = PR_GetOpenFileInfo(src, &info);
- 
--    if (prStatus != PR_SUCCESS) {
-+    if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
- 	return SECFailure;
-     }
- 
-@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
- 
-     return SECSuccess;
-   loser:
--    SECITEM_FreeItem(dst, PR_FALSE);
--    nss_ZFreeIf(dst);
-+    nss_ZFreeIf(dst->data);
-     return SECFailure;
- }
- 
-@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
- 
- 	/* Read in ascii data */
- 	rv = FileToItem(&filedata, inFile);
-+	if (rv != SECSuccess) {
-+	    PR_Close(inFile);
-+	    return -1;
-+	}
- 	asc = (char *) filedata.data;
- 	if (!asc) {
- 	    PR_Close(inFile);
-@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
-     } else {
- 	/* Read in binary der */
- 	rv = FileToItem(der, inFile);
--	if (rv) {
-+	if (rv != SECSuccess) {
- 	    PR_Close(inFile);
- 	    return -1;
- 	}
diff --git a/libnss-3.12.9-renegotiate-transitional.patch b/libnss-3.12.9-renegotiate-transitional.patch
deleted file mode 100644
index 3dc6eec..0000000
--- a/libnss-3.12.9-renegotiate-transitional.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
---- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional	2010-09-04 09:46:50.331327676 -0700
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2010-09-04 09:50:02.814325605 -0700
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
-     PR_FALSE,   /* noLocks            */
-     PR_FALSE,   /* enableSessionTickets */
-     PR_FALSE,   /* enableDeflate      */
--    2,          /* enableRenegotiation (default: requires extension) */
-+    3,          /* enableRenegotiation (default: transitional) */
-     PR_FALSE,   /* requireSafeNegotiation */
-     PR_FALSE,   /* enableFalseStart   */
- };
diff --git a/libnss-3.12.9-system-nspr.patch b/libnss-3.12.9-system-nspr.patch
deleted file mode 100644
index 97cdc7e..0000000
--- a/libnss-3.12.9-system-nspr.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- mozilla/security/nss/Makefile	2009-12-08 17:47:03.000000000 +0100
-+++ mozilla/security/nss/Makefile-gil	2011-01-26 01:02:44.000000000 +0100
-@@ -78,7 +78,7 @@
- # (7) Execute "local" rules. (OPTIONAL).                              #
- #######################################################################
- 
--nss_build_all: build_coreconf build_nspr build_dbm all
-+nss_build_all: build_coreconf build_dbm all
- 
- nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
- 
diff --git a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
deleted file mode 100644
index 43541fc..0000000
--- a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig	2014-02-18 14:09:04.195114868 +0100
-+++ nss-3.15.4/nss/lib/freebl/rsapkcs.c	2014-02-18 14:09:13.416071147 +0100
-@@ -32,6 +32,7 @@
-     RSA_BlockUnused = 0,    /* unused */
-     RSA_BlockPrivate = 1,   /* pad for a private-key operation */
-     RSA_BlockPublic = 2,    /* pad for a public-key operation */
-+    RSA_BlockOAEP = 3,
-     RSA_BlockRaw = 4,       /* simply justify the block appropriately */
-     RSA_BlockTotal
- } RSA_BlockType;
diff --git a/libnss-3.15.1-lfs-buildfixes.patch b/libnss-3.27.1-standalone-1.patch
similarity index 76%
rename from libnss-3.15.1-lfs-buildfixes.patch
rename to libnss-3.27.1-standalone-1.patch
index 289dbc2..33b09b8 100644
--- a/libnss-3.15.1-lfs-buildfixes.patch
+++ b/libnss-3.27.1-standalone-1.patch
@@ -1,13 +1,16 @@
-Submitted By:            Armin K. <krejzi at email dot com>
-Date:                    2013-07-02
-Initial Package Version: 3.15
+Submitted By:            Fernando de Oliveira <famobr at yahoo dot com dot br>
+Date:                    2015-11-10
+Initial Package Version: 3.21
 Upstream Status:         Not applicable
-Origin:                  Based on dj's original patch, rediffed and modified for 3.15
-Description:             Adds auto-generated nss.pc and nss-config script, and allows
-                         building without nspr in the source tree.
+Origin:                  Based on dj's original patch, rediffed and
+                         modified for 3.15 by Armin K.
+                         <krejzi at email dot com> 
+Description:             Adds auto-generated nss.pc and nss-config script, and
+                         allows building without nspr in the source tree.
 
---- a/nss/config/Makefile	1970-01-01 01:00:00.000000000 +0100
-+++ b/nss/config/Makefile	2013-07-02 14:53:56.684750636 +0200
+diff -Naur nss-3.21.orig/nss/config/Makefile nss-3.21/nss/config/Makefile
+--- nss-3.21.orig/nss/config/Makefile	1969-12-31 21:00:00.000000000 -0300
++++ nss-3.21/nss/config/Makefile	2015-11-10 12:54:49.358835857 -0300
 @@ -0,0 +1,40 @@
 +CORE_DEPTH = ..
 +DEPTH      = ..
@@ -49,8 +52,9 @@ Description:             Adds auto-generated nss.pc and nss-config script, and a
 +
 +dummy: all export libs
 +
---- a/nss/config/nss-config.in	1970-01-01 01:00:00.000000000 +0100
-+++ b/nss/config/nss-config.in	2013-07-02 14:52:58.328084334 +0200
+diff -Naur nss-3.21.orig/nss/config/nss-config.in nss-3.21/nss/config/nss-config.in
+--- nss-3.21.orig/nss/config/nss-config.in	1969-12-31 21:00:00.000000000 -0300
++++ nss-3.21/nss/config/nss-config.in	2015-11-10 12:54:49.359835835 -0300
 @@ -0,0 +1,153 @@
 +#!/bin/sh
 +
@@ -205,8 +209,9 @@ Description:             Adds auto-generated nss.pc and nss-config script, and a
 +      echo $libdirs
 +fi      
 +
---- a/nss/config/nss.pc.in	1970-01-01 01:00:00.000000000 +0100
-+++ b/nss/config/nss.pc.in	2013-07-02 14:52:58.328084334 +0200
+diff -Naur nss-3.21.orig/nss/config/nss.pc.in nss-3.21/nss/config/nss.pc.in
+--- nss-3.21.orig/nss/config/nss.pc.in	1969-12-31 21:00:00.000000000 -0300
++++ nss-3.21/nss/config/nss.pc.in	2015-11-10 12:54:49.359835835 -0300
 @@ -0,0 +1,12 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -220,9 +225,10 @@ Description:             Adds auto-generated nss.pc and nss-config script, and a
 +Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
 +Cflags: -I${includedir}
 +
---- a/nss/Makefile	2013-05-28 23:43:24.000000000 +0200
-+++ b/nss/Makefile	2013-07-02 14:52:58.328084334 +0200
-@@ -44,7 +44,7 @@
+diff -Naur nss-3.21.orig/nss/Makefile nss-3.21/nss/Makefile
+--- nss-3.21.orig/nss/Makefile	2015-11-09 02:12:59.000000000 -0300
++++ nss-3.21/nss/Makefile	2015-11-10 12:54:49.359835835 -0300
+@@ -46,7 +46,7 @@
  # (7) Execute "local" rules. (OPTIONAL).                              #
  #######################################################################
  
@@ -231,11 +237,12 @@ Description:             Adds auto-generated nss.pc and nss-config script, and a
  
  nss_clean_all: clobber_nspr clobber
  
---- a/nss/manifest.mn	2013-05-28 23:43:24.000000000 +0200
-+++ b/nss/manifest.mn	2013-07-02 14:52:58.331417666 +0200
+diff -Naur nss-3.21.orig/nss/manifest.mn nss-3.21/nss/manifest.mn
+--- nss-3.21.orig/nss/manifest.mn	2015-11-09 02:12:59.000000000 -0300
++++ nss-3.21/nss/manifest.mn	2015-11-10 12:59:22.439784449 -0300
 @@ -10,4 +10,4 @@
  
  RELEASE = nss
  
--DIRS = coreconf lib cmd
-+DIRS = coreconf lib cmd config
+-DIRS = coreconf lib cmd external_tests
++DIRS = coreconf lib cmd external_tests config
diff --git a/libnss.spec b/libnss.spec
index 61ce529..7933bd5 100644
--- a/libnss.spec
+++ b/libnss.spec
@@ -4,15 +4,15 @@
 %define        with_test   0
 %define        with_nsspem 1
 Name:          libnss
-Version:       3.23
-Release:       1mamba
+Version:       3.27.1
+Release:       3mamba
 Summary:       Network Security Services
 Group:         System/Libraries
 Vendor:        openmamba
 Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           http://www.mozilla.org/projects/security/pki/nss/
-Source0:       http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz
+Source0:       https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz
 Source1:       nss.pc.in
 Source2:       nss-config.in
 Source3:       blank-cert8.db
@@ -29,36 +29,31 @@ Source9:       setup-nsssysinit.sh
 #Source10:      libnss-pem-20140218.tar.bz2
 Source10:      https://git.fedorahosted.org/git/nss-pem.git/master/nss-pem-%{version}.tar.bz2
 %endif
-Patch1:        libnss-3.12.3-no-rpath.patch
-Patch2:        libnss-3.12.3-nolocalsql.patch
-Patch3:        libnss-3.12.9-renegotiate-transitional.patch
 Patch4:        libnss-3.12.9-enable-pem.patch
-Patch5:        libnss-3.12.9-nsspem-642433.patch
-Patch6:        libnss-3.12.3-enable-pem.patch
-Patch7:        libnss-3.12.3-stubs-bug502133.patch
-Patch8:        libnss-3.12.9-honor-user-trust-preferences.patch
-Patch9:        libnss-3.12.9-system-nspr.patch
 Patch10:       libnss-3.15.1-opt_flags.patch
-Patch11:       libnss-3.12.9-ipv6-type-connections-bug539183.patch
-Patch12:       libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
-Patch13:       libnss-3.15.1-lfs-buildfixes.patch
-Patch14:       nss-pem-3.22-buildfix.patch
+Patch15:       libnss-3.27.1-standalone-1.patch
 License:       GPL, MPL 1.1, LGPL
 ## AUTOBUILDREQ-BEGIN
-BuildRequires: glibc-devel
+BuildRequires: libgcc
 BuildRequires: libnspr-devel
 BuildRequires: libsqlite-devel
+BuildRequires: libstdc++6-devel
 BuildRequires: libz-devel
 ## AUTOBUILDREQ-END
+BuildRequires: libnspr-devel >= 4.13
 BuildRequires: gawk
 BuildRequires: perl
 BuildRequires: pkgconfig
 BuildRequires: psmisc
+BuildRequires: libsqlite-devel >= 3.14.2.0
+Requires:      libnspr >= 4.13
 Obsoletes:     libmozilla-nss
 Provides:      libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release}
 Obsoletes:     libmozilla
 Conflicts:     libmozilla <= 1.7.13-1
-Requires:      %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release}
+#Requires:      %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release}
+Provides:      libnss-sysinit
+Obsoletes:     libnss-sysinit
 BuildRoot:     %{_tmppath}/%{name}-%{version}-root
 
 %description
@@ -104,20 +99,17 @@ Default Operating System module that manages applications loading NSS globally o
 %setup -q -n nss-%{version}
 #-D -T
 #:<< __EOF
-#%patch3 -p3
 %if %with_nsspem
 tar -xf %{SOURCE10}
 mv nss-pem-%{version}/nss/lib/ckfw/pem/ nss/lib/ckfw/
-#%patch14 -p0
 %patch4 -p3
-#%patch5 -p3
 %endif
-#%patch8 -p1
-#%patch9 -p0
 %patch10 -p0
-#%patch11 -p0
-#%patch12 -p1
-#%patch13 -p1
+%patch15 -p1
+
+%ifarch x86_64
+sed -i "s|/lib,|/lib64,|" nss/config/Makefile
+%endif
 
 %build
 #:<< __EOF
@@ -132,83 +124,91 @@ export NSPR_LIB_DIR
 export NSS_USE_SYSTEM_SQLITE=1
 export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 
-%ifarch x86_64 ia64
-export USE_64=1
+%make -j1 -C nss \
+  BUILD_OPT=1 \
+  NSPR_INCLUDE_DIR=%{_includedir}/nspr \
+  USE_SYSTEM_ZLIB=1 \
+  ZLIB_LIBS=-lz \
+%ifarch x86_64
+  USE_64=1 \
 %endif
+  NSS_USE_SYSTEM_SQLITE=1
 
-make -C ./nss/coreconf
-make -C ./nss/lib/dbm
-make -C ./nss CORE_DEPTH=`pwd`/nss
-
-cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
-                 -e "s,%%prefix%%,%{_prefix},g" \
-                 -e "s,%%exec_prefix%%,%{_prefix},g" \
-                 -e "s,%%includedir%%,%{_includedir}/nss3,g" \
-                 -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-                 -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc
-
-%define majver %(echo %version | cut -d. -f1)
-%define minver %(echo %version | cut -d. -f2)
-%define patchver %(echo %version | cut -d. -f3)
-
-NSS_VMAJOR=%majver
-NSS_VMINOR=%minver
-NSS_VPATCH=%patchver
-cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
-                 -e "s,@prefix@,%{_prefix},g" \
-                 -e "s,@exec_prefix@,%{_prefix},g" \
-                 -e "s,@includedir@,%{_includedir}/nss3,g" \
-                 -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-                 -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-                 -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config
-
-cat %{SOURCE9} > setup-nsssysinit.sh
-
-%if %with_test
-export BUILD_OPT=1
-export HOST="localhost"
-export DOMSUF=" "
-export USE_IP=TRUE
-export IP_ADDRESS="127.0.0.1"
-cd nss/tests
-./all.sh
-#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || :
-#if [ $TEST_FAILURES -ne 0 ]; then
-#  echo "error: test suite returned failure(s)"
-#  exit 1
-#fi
-%endif
+#make -C ./nss/coreconf
+#make -C ./nss/lib/dbm
+#make -C ./nss CORE_DEPTH=`pwd`/nss
+#
+#cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+#                 -e "s,%%prefix%%,%{_prefix},g" \
+#                 -e "s,%%exec_prefix%%,%{_prefix},g" \
+#                 -e "s,%%includedir%%,%{_includedir}/nss3,g" \
+#                 -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
+#                 -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc
+#
+#%define majver %(echo %version | cut -d. -f1)
+#%define minver %(echo %version | cut -d. -f2)
+#%define patchver %(echo %version | cut -d. -f3)
+#
+#NSS_VMAJOR=%majver
+#NSS_VMINOR=%minver
+#NSS_VPATCH=%patchver
+#cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+#                 -e "s,@prefix@,%{_prefix},g" \
+#                 -e "s,@exec_prefix@,%{_prefix},g" \
+#                 -e "s,@includedir@,%{_includedir}/nss3,g" \
+#                 -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
+#                 -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
+#                 -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config
+#
+#cat %{SOURCE9} > setup-nsssysinit.sh
+#
+#% if %with_test
+#export BUILD_OPT=1
+#export HOST="localhost"
+#export DOMSUF=" "
+#export USE_IP=TRUE
+#export IP_ADDRESS="127.0.0.1"
+#cd nss/tests
+#./all.sh
+##TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || :
+##if [ $TEST_FAILURES -ne 0 ]; then
+##  echo "error: test suite returned failure(s)"
+##  exit 1
+##fi
+#% endif
 
 %install
 [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
-install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
-install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config
+
+install -D -m644 dist/Linux*/lib/pkgconfig/nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
+#install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
+#install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config
 
 # copy all the binary libraries
-for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do
-   install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+install -d -m0755 %{buildroot}%{_bindir}
+for file in dist/*.OBJ/lib/*.so; do
+   install -m 755 $file %{buildroot}%{_libdir}
 done
 
-%if %with_nsspem
-install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir}
-%endif
+#% if %with_nsspem
+#install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir}
+#% endif
 
 # copy alle the chk files
-for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do
-   install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
+for file in dist/*.OBJ/lib/*.chk; do
+   install -m 644 $file %{buildroot}%{_libdir}
 done
 
-# install the empty NSS db files
-# legacy db
-install -d %{buildroot}%{_sysconfdir}/pki/nssdb
-install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
-install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
-install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
-# shared db
-install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db
-install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db
-install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt
-
+## install the empty NSS db files
+## legacy db
+#install -d %{buildroot}%{_sysconfdir}/pki/nssdb
+#install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
+#install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
+#install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
+## shared db
+#install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db
+#install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db
+#install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt
 
 # copy the development libraries we want
 for file in libcrmf.a libnssb.a libnssckfw.a; do
@@ -216,7 +216,7 @@ for file in libcrmf.a libnssb.a libnssckfw.a; do
 done
 
 # copy the binaries we want
-for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do
+for file in certutil cmsutil crlutil modutil nss-config pk12util signtool signver ssltap; do
    install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir}
 done
 
@@ -226,16 +226,18 @@ for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil
    install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss
 done
 
-# pkcs11 configuration script
-mkdir -p %{buildroot}%{_sbindir}
-install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh
+## pkcs11 configuration script
+#mkdir -p %{buildroot}%{_sbindir}
+#install -pm 755 %{SOURCE9} %{buildroot}%{_sbindir}/setup-nsssysinit.sh
 
 # copy the include files
 install -d %{buildroot}%{_includedir}/nss3
-for file in dist/public/nss/*.h; do
+for file in dist/public/nss/*.h dist/private/nss/*.h; do
    install -m 644 $file %{buildroot}%{_includedir}/nss3
 done
 
+ln -s nss3 %{buildroot}%{_includedir}/nss
+
 %clean
 [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
 
@@ -244,44 +246,47 @@ done
 
 %files
 %defattr(-,root,root)
+%{_libdir}/libfreebl3.so
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libfreeblpriv3.chk
+%{_libdir}/libfreeblpriv3.so
+%{_libdir}/libgtest1.so
 %{_libdir}/libnss3.so
+%{_libdir}/libnssckbi.so
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssdbm3.chk
+%{_libdir}/libnsssysinit.so
+%{_libdir}/libnssutil3.so
 %{_libdir}/libssl3.so
 %{_libdir}/libsmime3.so
 %{_libdir}/libsoftokn3.so
 %{_libdir}/libsoftokn3.chk
-%{_libdir}/libnssckbi.so
-%{_libdir}/libfreebl3.so
-%{_libdir}/libfreebl3.chk
-%{_libdir}/libnssutil3.so
-%{_libdir}/libnssdbm3.so
-%{_libdir}/libnssdbm3.chk
 %if %with_nsspem
 %{_libdir}/libnsspem.so
 %endif
-%dir %{_sysconfdir}/pki/nssdb
-%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
-%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
-%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
+#%dir %{_sysconfdir}/pki/nssdb
+#%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
+#%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
+#%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
 
 
-%post sysinit
-/sbin/ldconfig
-%{_sbindir}/setup-nsssysinit.sh on
+#%post sysinit
+#/sbin/ldconfig
+#%{_sbindir}/setup-nsssysinit.sh on
 
-%preun sysinit
-if [ $1 = 0 ]; then
-  %{_sbindir}/setup-nsssysinit.sh off
-fi
+#%preun sysinit
+#if [ $1 = 0 ]; then
+#  %{_sbindir}/setup-nsssysinit.sh off
+#fi
 
-%postun sysinit -p /sbin/ldconfig
+#%postun sysinit -p /sbin/ldconfig
 
-%files sysinit
-%defattr(-,root,root)
-%{_sbindir}/setup-nsssysinit.sh
-%{_libdir}/libnsssysinit.so
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
+#%files sysinit
+#%defattr(-,root,root)
+#%{_sbindir}/setup-nsssysinit.sh
+#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
+#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
+#%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
 
 %files tools
 %defattr(-,root,root)
@@ -303,9 +308,35 @@ fi
 %{_libdir}/libnssb.a
 %{_libdir}/libnssckfw.a
 %{_libdir}/pkgconfig/nss.pc
-%{_includedir}/nss3/
+%{_includedir}/nss
+%dir %{_includedir}/nss3
+%{_includedir}/nss3/*
 
 %changelog
+* Sat Oct 08 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 3.27.1-3mamba
+- remove redhat coming possibly obsolete libnss-sysinit; install all libraries
+
+* Sat Oct 08 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 3.27.1-2mamba
+- rebuilt with libsqlite 3.14.2.0
+
+* Fri Oct 07 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 3.27.1-1mamba
+- update to 3.27.1
+
+* Fri Oct 07 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 3.26-2mamba
+- rebuilt with libnspr 4.13
+
+* Fri Oct 07 2016 Automatic Build System <autodist@mambasoft.it> 3.26-1mamba
+- automatic version update by autodist
+
+* Wed Jul 06 2016 Automatic Build System <autodist@mambasoft.it> 3.25-2mamba
+- automatic version update by autodist
+
+* Tue Jul 05 2016 Automatic Build System <autodist@mambasoft.it> 3.25-1mamba
+- automatic version update by autodist
+
+* Wed Jun 08 2016 Automatic Build System <autodist@mambasoft.it> 3.24-1mamba
+- automatic version update by autodist
+
 * Thu May 05 2016 Automatic Build System <autodist@mambasoft.it> 3.23-1mamba
 - automatic version update by autodist
 
diff --git a/nss-pem-3.22-buildfix.patch b/nss-pem-3.22-buildfix.patch
deleted file mode 100644
index f7a8d13..0000000
--- a/nss-pem-3.22-buildfix.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- nss/lib/ckfw/pem/pinst.c.orig	2016-02-19 18:32:43.545902319 +0100
-+++ nss/lib/ckfw/pem/pinst.c	2016-02-19 18:32:50.773900029 +0100
-@@ -581,7 +581,7 @@
- 
-         objid = pem_nobjs + 1;
- 
--        nickname = getUniquePEMNicknameFromFilename(certfile, i);
-+        nickname = getUniquePEMNicknameFromFilename(certfile, 0);
-         if (!nickname) {
-             error = CKR_GENERAL_ERROR;
-             goto loser;
---- nss/lib/ckfw/pem/pinst.c.orig	2016-02-19 18:54:07.225438587 +0100
-+++ nss/lib/ckfw/pem/pinst.c	2016-02-19 18:54:37.368427084 +0100
-@@ -534,7 +534,7 @@
- AddCertificate(char *certfile, char *keyfile, PRBool cacert,
-                CK_SLOT_ID slotID)
- {
--    pemInternalObject *o;
-+    pemInternalObject *o = NULL;
-     CK_RV error = 0;
-     int objid, i;
-     int nobjs = 0;