From bc7f53f244cf39950243db0b6cbb6e9fe3d03af5 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Thu, 2 Jul 2020 00:04:04 +0300 Subject: [PATCH 01/62] compat provides (for java stack) --- nss.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 8469e0c..400a74d 100644 --- a/nss.spec +++ b/nss.spec @@ -19,7 +19,7 @@ Summary: Network Security Services Name: nss Version: 3.52.1 -Release: 1 +Release: 2 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -51,6 +51,9 @@ BuildRequires: pkgconfig(nspr) BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(zlib) +# compat with RH/Fedora +Provides: nss-tools = %{EVRD} + %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server From 306db09c740736b6f62a94947514934bd4338259 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Mon, 6 Jul 2020 03:46:55 +0300 Subject: [PATCH 02/62] provide mozilla-nss for compat with SUSE --- nss.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 400a74d..812e718 100644 --- a/nss.spec +++ b/nss.spec @@ -19,7 +19,7 @@ Summary: Network Security Services Name: nss Version: 3.52.1 -Release: 2 +Release: 3 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -53,6 +53,8 @@ BuildRequires: pkgconfig(zlib) # compat with RH/Fedora Provides: nss-tools = %{EVRD} +# compat with openSUSE +Provides: mozilla-nss = %{EVRD} %description Network Security Services (NSS) is a set of libraries designed to From 95173db436bd1da5a421f58b4533ccee777c6749 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sat, 25 Jul 2020 22:11:15 +0000 Subject: [PATCH 03/62] 3.55 --- .abf.yml | 2 +- nss.spec | 47 ++++++++++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.abf.yml b/.abf.yml index 96c36e3..1ca3321 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.52.1.tar.gz: 15c56e41102a788cebc1df3cf46ca08b71ac0942 + nss-3.55.tar.gz: 348bb25a1aa6b01319e125afcbcb49c61bdaafb3 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 812e718..548ea9b 100644 --- a/nss.spec +++ b/nss.spec @@ -18,8 +18,8 @@ Summary: Network Security Services Name: nss -Version: 3.52.1 -Release: 3 +Version: 3.55 +Release: 1 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -159,12 +159,11 @@ Summary: Network Security Services (NSS) Group: System/Libraries %description -n %{libname} -This package contains the shared libraries libnss3, libnssckbi, libnssdbm3, +This package contains the shared libraries libnss3, libnssdbm3, libnssutil3, libsmime3, and libssl3. %files -n %{libname} /%{_lib}/libnss%{major}.so -/%{_lib}/libnssckbi.so %if %{build_empty} /%{_lib}/libnssckbi_empty.so %endif @@ -269,10 +268,13 @@ find . -name '*.c' -executable -exec chmod -x {} \; # remove hardcoded gcc sed -i 's!gcc!%{__cc}!g' nss/coreconf/Linux.mk +# make 100% sure we don't pull in the internal copy of sqlite +rm nss/lib/sqlite/*.{c,h} + %build %serverbuild %setup_compile_flags -export CC=gcc +export CC=%{__cc} export BUILD_OPT=1 export OPTIMIZER="%{optflags}" export XCFLAGS="%{optflags} -Wno-error" @@ -285,9 +287,10 @@ export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | sed 's/-I//'` export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | sed 's/-L//'` export MOZILLA_CLIENT=1 -export NS_USE_GCC=1 export NSS_USE_SYSTEM_SQLITE=1 export NSS_ENABLE_ECC=1 +export MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1" +export NSS_ENABLE_TLS_1_3=1 # external tests are causing build problems because they access ssl internal types # TODO: Investigate as there may be a better solution @@ -298,7 +301,7 @@ export NSS_DISABLE_GTESTS=1 # 1. mv /%%{_lib}/libnssckbi.so /%%{_lib}/libnssckbi.so.BAK # 2. mv /%%{_lib}/libnssckbi_empty.so /%%{_lib}/libnssckbi.so # 3. restart ff/tb -# it has to be done manually for now, but at least we have a way for +# it has to be done manually for now, but at least we have a way for # users to quickly mitigate future problems, or whatever :-) pushd nss/lib/ckfw/builtins @@ -306,19 +309,18 @@ perl ./certdata.perl < %{SOURCE7} popd %endif -export NATIVE_CC="/usr/bin/gcc" +export NATIVE_CC="%{__cc}" export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch x86_64 ppc64 ia64 s390x aarch64 +%ifarch %{x86_64} ppc64 ia64 s390x %{aarch64} riscv64 export USE_64=1 %else unset USE_64 || : %endif -%make -j1 -C ./nss/coreconf -%make -j1 -C ./nss/lib/dbm -%make -j1 -C ./nss +%make_build -j1 -C ./nss all +%make_build -j1 -C ./nss latest %if %{build_empty} # tuck away the empty libnssckbi.so library @@ -356,7 +358,7 @@ pushd nss/lib/ckfw/builtins perl ./certdata.perl /etc/pki/tls/mozilla/certdata.txt %make clean -%make -j1 +%make_build popd export LD_LIBRARY_PATH="$OLD" @@ -367,25 +369,24 @@ pushd dist/$(uname -s)* mkdir -p %{buildroot}%{_bindir} cp -aL bin/* %{buildroot}%{_bindir} -%if %with lib +%if %{with lib} mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}%{_includedir}/nss cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss cp -aL lib/libcrmf.a \ - lib/libnss.a \ - lib/libnssb.a \ - lib/libnssckbi.so \ - lib/libnssckfw.a \ - lib/libnssutil.a \ - lib/libsmime.a \ - lib/libssl.a \ - %{buildroot}%{_libdir} + lib/libnss.a \ + lib/libnssb.a \ + lib/libnssckfw.a \ + lib/libnssutil.a \ + lib/libsmime.a \ + lib/libssl.a \ + %{buildroot}%{_libdir} # Copy the binary libraries we want for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \ - libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so + libssl3.so libsmime3.so libnssdbm3.so do install -m 755 lib/$file %{buildroot}/%{_lib} ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file From 10dd3b38aabac0d7bbd9119dc35be569cabccee8 Mon Sep 17 00:00:00 2001 From: Alzim Date: Mon, 27 Jul 2020 18:32:07 +0300 Subject: [PATCH 04/62] =?UTF-8?q?Macro=20%{x86=5F64}=20=E2=86=92=20x86=5F6?= =?UTF-8?q?4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nss.spec | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nss.spec b/nss.spec index 548ea9b..668d09c 100644 --- a/nss.spec +++ b/nss.spec @@ -19,7 +19,7 @@ Summary: Network Security Services Name: nss Version: 3.55 -Release: 1 +Release: 2 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -313,7 +313,7 @@ export NATIVE_CC="%{__cc}" export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch %{x86_64} ppc64 ia64 s390x %{aarch64} riscv64 +%ifarch x86_64 ppc64 ia64 s390x %{aarch64} riscv64 export USE_64=1 %else unset USE_64 || : @@ -376,13 +376,13 @@ mkdir -p %{buildroot}%{_includedir}/nss cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss cp -aL lib/libcrmf.a \ - lib/libnss.a \ - lib/libnssb.a \ - lib/libnssckfw.a \ - lib/libnssutil.a \ - lib/libsmime.a \ - lib/libssl.a \ - %{buildroot}%{_libdir} + lib/libnss.a \ + lib/libnssb.a \ + lib/libnssckfw.a \ + lib/libnssutil.a \ + lib/libsmime.a \ + lib/libssl.a \ + %{buildroot}%{_libdir} # Copy the binary libraries we want for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \ From fe25e980e2b19d9e6c2a9ab7c474f83cc75706e5 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Fri, 21 Aug 2020 23:33:23 +0300 Subject: [PATCH 05/62] Remove failing scriptlets: Failure: Running scriptlet: lib64freebl3-2:3.55-2.x86_64 warning: %posttrans(lib64freebl3-2:3.55-2.x86_64) scriptlet failed, exit status 127 Error in POSTTRANS scriptlet in rpm package lib64freebl3 Reason: Someone incorrectly put shlibsign into %%posttrans. In Fedora files are signed when package is being build: ``` %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \ %{?with_dbm:$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so} \ %{nil} ``` Signatures are packaged. But we in ROSA do not support FIPS, so adapting this for this spec does not make sense. FIPS signing in %%postrans does not make sense because signing is done to garantee consistency of the package. Removing it. --- nss.spec | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/nss.spec b/nss.spec index 668d09c..ba7ab63 100644 --- a/nss.spec +++ b/nss.spec @@ -19,7 +19,7 @@ Summary: Network Security Services Name: nss Version: 3.55 -Release: 2 +Release: 3 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -177,10 +177,6 @@ libnssutil3, libsmime3, and libssl3. %package -n %{libfreebl} Summary: Network Security Services (NSS) Group: System/Libraries -Requires(post): nss-shlibsign -Requires(post): rpm-helper -Requires(post): coreutils -Requires(post): /bin/sh Provides: nss-softokn%{?_isa} = %{EVRD} Conflicts: %{_lib}nss3 < 2:3.13.1-5 @@ -192,14 +188,6 @@ This package contains the shared libraries libfreebl3 and libsoftokn3. /%{_lib}/libfreeblpriv%{major}.so /%{_lib}/libsoftokn%{major}.so %defattr(0644,root,root,0755) -%ghost /%{_lib}/libfreebl%{major}.chk -%ghost /%{_lib}/libsoftokn%{major}.chk - -%posttrans -n %{libfreebl} -%create_ghostfile /%{_lib}/libsoftokn%{major}.chk root root 644 -%create_ghostfile /%{_lib}/libfreebl%{major}.chk root root 644 -%{_bindir}/shlibsign -i /%{_lib}/libsoftokn%{major}.so >/dev/null 2>/dev/null -%{_bindir}/shlibsign -i /%{_lib}/libfreebl%{major}.so >/dev/null 2>/dev/null #------------------------------------------------------------------------- @@ -218,14 +206,12 @@ Header files to doing development with Network Security Services. %files -n %{devname} %attr(0755,root,root) %{_bindir}/nss-config -%_libdir/*.so +%{_libdir}/*.so %dir %{_includedir}/nss %{_includedir}/nss/*.h %{_includedir}/nss/nssck.api %{_libdir}/pkgconfig/nss.pc %{_libdir}/pkgconfig/nss-softokn.pc -%{_libdir}/libsoftokn%{major}.chk -%{_libdir}/libfreebl%{major}.chk #------------------------------------------------------------------------- @@ -392,14 +378,6 @@ do ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file done -# These ghost files will be generated in the post step -# Make sure chk files can be found in both places -for file in libsoftokn3.chk libfreebl3.chk -do - touch %{buildroot}/%{_lib}/$file - ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file -done - mkdir -p %{buildroot}%{_libdir}/pkgconfig cat %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ From 9ba0584ebc455798d00213b61dc499b7ca7ec349 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 25 Aug 2020 01:48:14 +0000 Subject: [PATCH 06/62] version autoupdate [3.56] --- .abf.yml | 2 +- nss.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.abf.yml b/.abf.yml index 1ca3321..2ca2fc2 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.55.tar.gz: 348bb25a1aa6b01319e125afcbcb49c61bdaafb3 + nss-3.56.tar.gz: 5203e66425f51738c723c5db1940fdc20a4c5472 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index ba7ab63..bfa6970 100644 --- a/nss.spec +++ b/nss.spec @@ -18,8 +18,8 @@ Summary: Network Security Services Name: nss -Version: 3.55 -Release: 3 +Version: 3.56 +Release: 1 Epoch: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From bc86e70983d2206b21b954da475a43afda4b5507 Mon Sep 17 00:00:00 2001 From: alexander stefanov Date: Fri, 4 Sep 2020 12:33:50 +0000 Subject: [PATCH 07/62] fix aarch64 --- ...figure-option-to-disable-ARM-HW-cryp.patch | 47 +++++++++++++++++++ nss.spec | 3 +- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch diff --git a/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch new file mode 100644 index 0000000..bfc375e --- /dev/null +++ b/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch @@ -0,0 +1,47 @@ +From 8b67c22b057e158f61c9fdd5b01f37195c6f5ca4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Wed, 18 Dec 2019 12:29:50 +0100 +Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto + +Not all current hardware supports it, particularly anything +prior to armv8 does not. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin + +--- + nss/lib/freebl/Makefile | 4 ++++ + nss/lib/freebl/gcm.c | 2 ++ + 2 files changed, 6 insertions(+) + +--- a/nss/lib/freebl/Makefile ++++ b/nss/lib/freebl/Makefile +@@ -126,6 +126,8 @@ else + endif + endif + ifdef NS_USE_GCC ++ifdef NSS_USE_ARM_HW_CRYPTO ++ DEFINES += -DNSS_USE_ARM_HW_CRYPTO + ifeq ($(CPU_ARCH),aarch64) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c +@@ -150,6 +152,7 @@ endif + endif + endif + endif ++endif + + ifeq ($(OS_TARGET),OSF1) + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD +--- a/nss/lib/freebl/gcm.c ++++ b/nss/lib/freebl/gcm.c +@@ -21,7 +21,9 @@ + /* old gcc doesn't support some poly64x2_t intrinsic */ + #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \ + (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6) ++# ifdef NSS_USE_ARM_HW_CRYPTO + #define USE_ARM_GCM ++# endif + #elif defined(__arm__) && defined(IS_LITTLE_ENDIAN) && \ + !defined(NSS_DISABLE_ARM32_NEON) + /* We don't test on big endian platform, so disable this on big endian. */ diff --git a/nss.spec b/nss.spec index bfa6970..c6f652d 100644 --- a/nss.spec +++ b/nss.spec @@ -44,6 +44,7 @@ Patch0: nss-no-rpath.patch Patch2: renegotiate-transitional.patch # (tpg) be carefull with last nspr4-4.10 because prtypes.h was moved to include/nspr4/ Patch4: nss-3.15.1-correct-path-to-prtypes.h.patch +Patch5: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch BuildRequires: rootcerts >= 1:20120218.00 BuildRequires: zip @@ -240,10 +241,10 @@ Static libraries for doing development with Network Security Services. %prep %setup -q -#% apply_patches %patch0 -p0 %patch2 -p0 -b .transitional %patch4 -p1 +%patch5 -p1 find . -type d -perm 0700 -exec chmod 755 {} \; find . -type f -perm 0555 -exec chmod 755 {} \; From 6d4e3fbcea858c5ec75429623dfc2497828bad39 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 7 Sep 2020 15:42:40 +0000 Subject: [PATCH 08/62] try to fix chrome issues --- add-relro-linker-option.patch | 16 ++ iquote.patch | 13 + nss-539183.patch | 62 +++++ nss-config.in | 6 +- nss-config.xml | 132 ++++++++++ nss-p11-kit.config | 4 + nss-skip-bltest-and-fipstest.patch | 15 ++ nss-skip-util-gtest.patch | 10 + nss-softokn-config.in | 116 +++++++++ nss-softokn-dracut-module-setup.sh | 18 ++ nss-softokn-dracut.conf | 3 + nss-softokn.pc.in | 4 +- nss-util-config.in | 118 +++++++++ nss-util.pc.in | 11 + nss.spec | 400 ++++++++++++++++++++--------- pkcs11.txt.xml | 56 ++++ setup-nsssysinit.sh | 68 +++++ setup-nsssysinit.xml | 106 ++++++++ system-pkcs11.txt | 5 + utilwrap-include-templates.patch | 14 + 20 files changed, 1051 insertions(+), 126 deletions(-) create mode 100644 add-relro-linker-option.patch create mode 100644 iquote.patch create mode 100644 nss-539183.patch create mode 100644 nss-config.xml create mode 100644 nss-p11-kit.config create mode 100644 nss-skip-bltest-and-fipstest.patch create mode 100644 nss-skip-util-gtest.patch create mode 100644 nss-softokn-config.in create mode 100644 nss-softokn-dracut-module-setup.sh create mode 100644 nss-softokn-dracut.conf create mode 100644 nss-util-config.in create mode 100644 nss-util.pc.in create mode 100644 pkcs11.txt.xml create mode 100644 setup-nsssysinit.sh create mode 100644 setup-nsssysinit.xml create mode 100644 system-pkcs11.txt create mode 100644 utilwrap-include-templates.patch diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch new file mode 100644 index 0000000..7ab9db1 --- /dev/null +++ b/add-relro-linker-option.patch @@ -0,0 +1,16 @@ +diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk +--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700 ++++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700 +@@ -174,6 +174,12 @@ endif + endif + endif + ++# harden DSOs/executables a bit against exploits ++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE)))) ++DSO_LDOPTS+=-Wl,-z,relro ++LDFLAGS += -Wl,-z,relro ++endif ++ + USE_SYSTEM_ZLIB = 1 + ZLIB_LIBS = -lz + diff --git a/iquote.patch b/iquote.patch new file mode 100644 index 0000000..6e4adcd --- /dev/null +++ b/iquote.patch @@ -0,0 +1,13 @@ +diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk +--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200 ++++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200 +@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME + SQLITE_LIB_NAME = sqlite3 + endif + ++# Prefer in-tree headers over system headers ++ifdef IN_TREE_FREEBL_HEADERS_FIRST ++ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss ++endif ++ + MK_LOCATION = included diff --git a/nss-539183.patch b/nss-539183.patch new file mode 100644 index 0000000..eda3249 --- /dev/null +++ b/nss-539183.patch @@ -0,0 +1,62 @@ +--- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700 ++++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700 +@@ -953,23 +953,23 @@ + getBoundListenSocket(unsigned short port) + { + PRFileDesc *listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { +- errExit("PR_NewTCPSocket"); ++ errExit("PR_OpenTCPSockett"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { + PR_Close(listen_sock); + errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); +--- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700 ++++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700 +@@ -1711,23 +1711,23 @@ + getBoundListenSocket(unsigned short port) + { + PRFileDesc *listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { +- errExit("PR_NewTCPSocket"); ++ errExit("PR_OpenTCPSocket error"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { + PR_Close(listen_sock); + errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); diff --git a/nss-config.in b/nss-config.in index 3f9a246..3ce7583 100644 --- a/nss-config.in +++ b/nss-config.in @@ -66,7 +66,11 @@ while test $# -gt 0; do echo_libdir=yes ;; --version) - echo ${major_version}.${minor_version}.${patch_version} + version=${major_version}.${minor_version} + if [ ! -z ${patch_version} ]; then + version=${version}.${patch_version} + fi + echo ${version} ;; --cflags) echo_cflags=yes diff --git a/nss-config.xml b/nss-config.xml new file mode 100644 index 0000000..f9518c9 --- /dev/null +++ b/nss-config.xml @@ -0,0 +1,132 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + nss-config + 1 + + + + nss-config + Return meta information about nss libraries + + + + + nss-config + + + + + + + + + + + + Description + + nss-config is a shell scrip + tool which can be used to obtain gcc options for building client pacakges of nspt. + + + + + Options + + + + + Returns the top level system directory under which the nss libraries are installed. + + + + + returns the top level system directory under which any nss binaries would be installed. + + + + count + returns the path to the directory were the nss libraries are installed. + + + + + returns the upstream version of nss in the form major_version-minor_version-patch_version. + + + + + returns the compiler linking flags. + + + + + returns the compiler include flags. + + + + + returns the path to the directory were the nss libraries are installed. + + + + + + + Examples + + The following example will query for both include path and linkage flags: + + + /usr/bin/nss-config --cflags --libs + + + + + + + + + Files + + /usr/bin/nss-config + + + + + See also + pkg-config(1) + + + + Authors + The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/nss-p11-kit.config b/nss-p11-kit.config new file mode 100644 index 0000000..0ebf073 --- /dev/null +++ b/nss-p11-kit.config @@ -0,0 +1,4 @@ +name=p11-kit-proxy +library=p11-kit-proxy.so + + diff --git a/nss-skip-bltest-and-fipstest.patch b/nss-skip-bltest-and-fipstest.patch new file mode 100644 index 0000000..aee646c --- /dev/null +++ b/nss-skip-bltest-and-fipstest.patch @@ -0,0 +1,15 @@ +diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile +--- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100 ++++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100 +@@ -19,7 +19,11 @@ BLTEST_SRCDIR = + ECPERF_SRCDIR = + FREEBL_ECTEST_SRCDIR = + FIPSTEST_SRCDIR = ++ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1) ++SHLIBSIGN_SRCDIR = shlibsign ++else + SHLIBSIGN_SRCDIR = ++endif + else + BLTEST_SRCDIR = bltest + ECPERF_SRCDIR = ecperf diff --git a/nss-skip-util-gtest.patch b/nss-skip-util-gtest.patch new file mode 100644 index 0000000..94391c8 --- /dev/null +++ b/nss-skip-util-gtest.patch @@ -0,0 +1,10 @@ +diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn +--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200 ++++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200 +@@ -31,6 +31,5 @@ endif + + DIRS = \ + $(LIB_SRCDIRS) \ +- $(UTIL_SRCDIRS) \ + $(NSS_SRCDIRS) \ + $(NULL) diff --git a/nss-softokn-config.in b/nss-softokn-config.in new file mode 100644 index 0000000..c7abe29 --- /dev/null +++ b/nss-softokn-config.in @@ -0,0 +1,116 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-softokn` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-softokn` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-softokn` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + echo $libdirs +fi + diff --git a/nss-softokn-dracut-module-setup.sh b/nss-softokn-dracut-module-setup.sh new file mode 100644 index 0000000..010ec18 --- /dev/null +++ b/nss-softokn-dracut-module-setup.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +check() { + return 255 +} + +depends() { + return 0 +} + +install() { + local _dir + + inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \ + libfreebl3.so +} diff --git a/nss-softokn-dracut.conf b/nss-softokn-dracut.conf new file mode 100644 index 0000000..2d9232e --- /dev/null +++ b/nss-softokn-dracut.conf @@ -0,0 +1,3 @@ +# turn on nss-softokn module + +add_dracutmodules+=" nss-softokn " diff --git a/nss-softokn.pc.in b/nss-softokn.pc.in index e8e47d7..022ebbf 100644 --- a/nss-softokn.pc.in +++ b/nss-softokn.pc.in @@ -6,6 +6,6 @@ includedir=%includedir% Name: NSS-SOFTOKN Description: Network Security Services Softoken PKCS #11 Module Version: %SOFTOKEN_VERSION% -Requires: nspr >= %NSPR_VERSION% -Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 +Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% +Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 Cflags: -I${includedir} diff --git a/nss-util-config.in b/nss-util-config.in new file mode 100644 index 0000000..532abbe --- /dev/null +++ b/nss-util-config.in @@ -0,0 +1,118 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-util` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-util` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-util` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/nss-util.pc.in b/nss-util.pc.in new file mode 100644 index 0000000..1310248 --- /dev/null +++ b/nss-util.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-UTIL +Description: Network Security Services Utility Library +Version: %NSSUTIL_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -L${libdir} -lnssutil3 +Cflags: -I${includedir} diff --git a/nss.spec b/nss.spec index c6f652d..7fbcba3 100644 --- a/nss.spec +++ b/nss.spec @@ -1,6 +1,9 @@ %bcond_without lib +%bcond_with cross_compiling %define url_ver %(echo %{version}| sed -e "s|\\.|_|g") +# (tpg) WARNING !!! +# When you bump major, please make sure you bump "local major = 3" in %post section for lua script %define major 3 %define libname %mklibname %{name} %{major} %define libfreebl %mklibname freebl %{major} @@ -8,43 +11,60 @@ %define sdevname %mklibname -d -s %{name} %define _disable_lto 1 +%global optflags %{optflags} -O3 + # this seems fragile, so require the exact version or later (#58754) %define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0) %define nspr_version %(pkg-config --modversion nspr &>/dev/null && pkg-config --modversion nspr 2>/dev/null || echo 0) %define build_empty 0 -%{?_with_empty: %{expand: %%global build_empty 1}} -%{?_without_empty: %{expand: %%global build_empty 0}} +%{?_with_empty: %{expand: %%global build_empty 1}} +%{?_without_empty: %{expand: %%global build_empty 0}} Summary: Network Security Services Name: nss +Epoch: 1 Version: 3.56 -Release: 1 -Epoch: 2 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html -Source0: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz -Source2: nss.pc.in -Source3: nss-config.in -Source4: blank-cert8.db -Source5: blank-key3.db -Source6: blank-secmod.db -Source7: certdata_empty.txt +Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz +# pkgconfig file templates and other extras from Fedora +Source1: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-util.pc.in +Source2: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-util-config.in +Source3: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn.pc.in +Source4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-config.in +Source6: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-dracut-module-setup.sh +Source7: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-dracut.conf +Source8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss.pc.in +Source9: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-config.in +Source10: blank-cert8.db +Source11: blank-key3.db +Source12: blank-secmod.db +Source15: https://src.fedoraproject.org/rpms/nss/raw/master/f/system-pkcs11.txt +Source16: https://src.fedoraproject.org/rpms/nss/raw/master/f/setup-nsssysinit.sh +Source20: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-config.xml +Source21: https://src.fedoraproject.org/rpms/nss/raw/master/f/setup-nsssysinit.xml +Source22: https://src.fedoraproject.org/rpms/nss/raw/master/f/pkcs11.txt.xml +Source28: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-p11-kit.config # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html # converted from PEM to DER format with openssl command: # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der # this way we can avoid a buildrequires for openssl -Source8: verisign-class-3-secure-server-ca.der +Source100: verisign-class-3-secure-server-ca.der # Brasilian government certificate # verified in person with a government official -Source9: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt -Source10: nss-softokn.pc.in -Patch0: nss-no-rpath.patch -Patch2: renegotiate-transitional.patch -# (tpg) be carefull with last nspr4-4.10 because prtypes.h was moved to include/nspr4/ -Patch4: nss-3.15.1-correct-path-to-prtypes.h.patch -Patch5: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt +# From Fedora +Patch0: https://src.fedoraproject.org/rpms/nss/raw/master/f/add-relro-linker-option.patch +Patch1: https://src.fedoraproject.org/rpms/nss/raw/master/f/renegotiate-transitional.patch +Patch2: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-539183.patch +Patch3: https://src.fedoraproject.org/rpms/nss/raw/master/f/utilwrap-include-templates.patch +Patch4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-bltest-and-fipstest.patch +Patch5: https://src.fedoraproject.org/rpms/nss/raw/master/f/iquote.patch +Patch8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-util-gtest.patch +# Our own BuildRequires: rootcerts >= 1:20120218.00 BuildRequires: zip @@ -53,9 +73,9 @@ BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(zlib) # compat with RH/Fedora -Provides: nss-tools = %{EVRD} +Provides: nss-tools = %{EVRD} # compat with openSUSE -Provides: mozilla-nss = %{EVRD} +Provides: mozilla-nss = %{EVRD} %description Network Security Services (NSS) is a set of libraries designed to @@ -64,7 +84,7 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see http://www.mozilla.org/projects/security/pki/nss/overview.html. -%if %without lib +%if %{without lib} Note: This package currently contains the NSS binaries only. The libraries have been not been included due to conflicts with the Mozilla @@ -72,78 +92,110 @@ libraries. %endif %files -%doc docs/* -%attr(0755,root,root) %{_bindir}/addbuiltin -%attr(0755,root,root) %{_bindir}/atob -%attr(0755,root,root) %{_bindir}/baddbdir -%attr(0755,root,root) %{_bindir}/bltest -%attr(0755,root,root) %{_bindir}/btoa +%dir %{_sysconfdir}/pki/nssdb +%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db +%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db +%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db +#nss supported bins %attr(0755,root,root) %{_bindir}/certutil -%attr(0755,root,root) %{_bindir}/chktest %attr(0755,root,root) %{_bindir}/cmsutil -%attr(0755,root,root) %{_bindir}/conflict %attr(0755,root,root) %{_bindir}/crlutil -%attr(0755,root,root) %{_bindir}/crmftest +%attr(0755,root,root) %{_bindir}/modutil +%attr(0755,root,root) %{_bindir}/nss-policy-check +%attr(0755,root,root) %{_bindir}/pk12util +%attr(0755,root,root) %{_bindir}/signver +%attr(0755,root,root) %{_bindir}/ssltap +#debian-additional +%attr(0755,root,root) %{_bindir}/addbuiltin +%attr(0755,root,root) %{_bindir}/chktest %attr(0755,root,root) %{_bindir}/dbtest %attr(0755,root,root) %{_bindir}/derdump -%attr(0755,root,root) %{_bindir}/dertimetest -%attr(0755,root,root) %{_bindir}/digest -%attr(0755,root,root) %{_bindir}/ecperf -%attr(0755,root,root) %{_bindir}/encodeinttest -%attr(0755,root,root) %{_bindir}/fbectest -%attr(0755,root,root) %{_bindir}/fipstest %attr(0755,root,root) %{_bindir}/httpserv -%attr(0755,root,root) %{_bindir}/listsuites -%attr(0755,root,root) %{_bindir}/lowhashtest -%attr(0755,root,root) %{_bindir}/makepqg -%attr(0755,root,root) %{_bindir}/mangle -%attr(0755,root,root) %{_bindir}/modutil -%attr(0755,root,root) %{_bindir}/multinit -%attr(0755,root,root) %{_bindir}/nonspr10 -%attr(0755,root,root) %{_bindir}/nss-policy-check %attr(0755,root,root) %{_bindir}/ocspclnt -%attr(0755,root,root) %{_bindir}/ocspresp -%attr(0755,root,root) %{_bindir}/oidcalc %attr(0755,root,root) %{_bindir}/p7content %attr(0755,root,root) %{_bindir}/p7env %attr(0755,root,root) %{_bindir}/p7sign %attr(0755,root,root) %{_bindir}/p7verify -%attr(0755,root,root) %{_bindir}/pk11ectest -%attr(0755,root,root) %{_bindir}/pk11gcmtest -%attr(0755,root,root) %{_bindir}/pk11importtest -%attr(0755,root,root) %{_bindir}/pk11mode -%attr(0755,root,root) %{_bindir}/pk12util %attr(0755,root,root) %{_bindir}/pk1sign -%attr(0755,root,root) %{_bindir}/pkix-errcodes %attr(0755,root,root) %{_bindir}/pp %attr(0755,root,root) %{_bindir}/pwdecrypt -%attr(0755,root,root) %{_bindir}/remtest %attr(0755,root,root) %{_bindir}/rsaperf -%attr(0755,root,root) %{_bindir}/rsapoptst -%attr(0755,root,root) %{_bindir}/sdrtest -%attr(0755,root,root) %{_bindir}/secmodtest %attr(0755,root,root) %{_bindir}/selfserv %attr(0755,root,root) %{_bindir}/signtool -%attr(0755,root,root) %{_bindir}/signver -%attr(0755,root,root) %{_bindir}/smime -%attr(0755,root,root) %{_bindir}/ssltap %attr(0755,root,root) %{_bindir}/strsclnt %attr(0755,root,root) %{_bindir}/symkeyutil %attr(0755,root,root) %{_bindir}/tstclnt %attr(0755,root,root) %{_bindir}/vfychain %attr(0755,root,root) %{_bindir}/vfyserv -%dir %{_sysconfdir}/pki/nssdb -%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db -%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db -%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db +#------------------------------------------------------------------------- + +%package unsupported-tools +Summary: Network Security Services - Examples +Group: System/Libraries +Requires: %{name} = %{EVRD} +Conflicts: %{name} < 1:3.44-2 + +%description unsupported-tools +This package contains additional unsupported tools +for ${name}. + +%files unsupported-tools +#unsupported +%attr(0755,root,root) %{_bindir}/atob +%attr(0755,root,root) %{_bindir}/baddbdir +%attr(0755,root,root) %{_bindir}/bltest +%attr(0755,root,root) %{_bindir}/btoa +%attr(0755,root,root) %{_bindir}/conflict +%attr(0755,root,root) %{_bindir}/crmftest +%attr(0755,root,root) %{_bindir}/dertimetest +%attr(0755,root,root) %{_bindir}/digest +%attr(0755,root,root) %{_bindir}/ecperf +%attr(0755,root,root) %{_bindir}/encodeinttest +%attr(0755,root,root) %{_bindir}/fbectest +%attr(0755,root,root) %{_bindir}/fipstest +%attr(0755,root,root) %{_bindir}/listsuites +%attr(0755,root,root) %{_bindir}/lowhashtest +%attr(0755,root,root) %{_bindir}/makepqg +%attr(0755,root,root) %{_bindir}/mangle +%attr(0755,root,root) %{_bindir}/multinit +%attr(0755,root,root) %{_bindir}/nonspr10 +%attr(0755,root,root) %{_bindir}/ocspresp +%attr(0755,root,root) %{_bindir}/oidcalc +%attr(0755,root,root) %{_bindir}/pk11ectest +%attr(0755,root,root) %{_bindir}/pk11gcmtest +%attr(0755,root,root) %{_bindir}/pk11importtest +%attr(0755,root,root) %{_bindir}/pk11mode +%attr(0755,root,root) %{_bindir}/pkix-errcodes +%attr(0755,root,root) %{_bindir}/remtest +%attr(0755,root,root) %{_bindir}/rsapoptst +%attr(0755,root,root) %{_bindir}/sdrtest +%attr(0755,root,root) %{_bindir}/secmodtest +%attr(0755,root,root) %{_bindir}/smime + +#------------------------------------------------------------------------- + +%package examples +Summary: Network Security Services - Examples +Group: System/Libraries +Requires: %{name} = %{EVRD} +Conflicts: %{name} < 1:3.44-2 + +%description examples +This package contains the bltest, modutil, signtool, signver, +and ssltap examples for ${name}. + +%files examples +%{_datadir}/%{name}/* #------------------------------------------------------------------------- %package shlibsign Summary: Network Security Services - shlibsign Group: System/Libraries -Conflicts: %{name} < 2:3.13.1-2 +%if %{with lib} +Requires: %{libname} +%endif %description shlibsign This package contains the binary shlibsign needed by libfreebl3 @@ -154,10 +206,11 @@ and libsoftokn3. #------------------------------------------------------------------------- -%if %with lib +%if %{with lib} %package -n %{libname} Summary: Network Security Services (NSS) Group: System/Libraries +Requires: p11-kit-trust %description -n %{libname} This package contains the shared libraries libnss3, libnssdbm3, @@ -172,14 +225,46 @@ libnssutil3, libsmime3, and libssl3. /%{_lib}/libnssdbm%{major}.so /%{_lib}/libsmime%{major}.so /%{_lib}/libssl%{major}.so +/%{_lib}/p11-kit-trust.so + +%post -n %{libname} -p +-- (tpg) execute only on install +if arg[2] == "0" then +-- variable definitions +-- make sure it meets %{major} from spec file +local major = 3 +local f1 = "libsoftokn" .. major .. ".chk" +local f2 = "libfreebl" .. major .. ".chk" +local f3 = "libfreeblpriv" .. major .. ".chk" + +-- check if we are 64bit + libcheck = posix.stat("/lib64") + if libcheck then + libpath = "/lib64" + else + libpath = "/lib" + end + + -- list of files to iterate + files = { f1, f2, f3 } + + -- iterate through all the files + for file in list_iter(files) do + local f = io.open(libpath .. "/" .. file, "w") + f:write("") + f:close() + posix.chown(libpath .. "/" .. file, "root", "root") + posix.chmod(libpath .. "/" .. file, "0644") + posix.exec(shlibsign, "-i", libpath .. "/" .. file) + end +end #------------------------------------------------------------------------- %package -n %{libfreebl} Summary: Network Security Services (NSS) Group: System/Libraries -Provides: nss-softokn%{?_isa} = %{EVRD} -Conflicts: %{_lib}nss3 < 2:3.13.1-5 +Requires(post): nss-shlibsign %description -n %{libfreebl} This package contains the shared libraries libfreebl3 and libsoftokn3. @@ -188,7 +273,12 @@ This package contains the shared libraries libfreebl3 and libsoftokn3. /%{_lib}/libfreebl%{major}.so /%{_lib}/libfreeblpriv%{major}.so /%{_lib}/libsoftokn%{major}.so +/%{_lib}/libnssckbi.so + %defattr(0644,root,root,0755) +%ghost /%{_lib}/libfreebl%{major}.chk +%ghost /%{_lib}/libsoftokn%{major}.chk +%ghost /%{_lib}/libfreeblpriv%{major}.chk #------------------------------------------------------------------------- @@ -198,7 +288,6 @@ Group: Development/C++ Requires: %{libname} >= %{EVRD} Requires: %{libfreebl} >= %{EVRD} Provides: nss-devel = %{EVRD} -# a BR of Java in RH/OEU Provides: nss-softokn-freebl-devel = %{EVRD} %rename %{libname}-devel @@ -207,12 +296,13 @@ Header files to doing development with Network Security Services. %files -n %{devname} %attr(0755,root,root) %{_bindir}/nss-config -%{_libdir}/*.so -%dir %{_includedir}/nss -%{_includedir}/nss/*.h -%{_includedir}/nss/nssck.api +%_libdir/*.so +%{_includedir}/nss %{_libdir}/pkgconfig/nss.pc %{_libdir}/pkgconfig/nss-softokn.pc +%{_libdir}/pkgconfig/nss-util.pc +%{_libdir}/libsoftokn%{major}.chk +%{_libdir}/libfreebl%{major}.chk #------------------------------------------------------------------------- @@ -236,15 +326,13 @@ Static libraries for doing development with Network Security Services. %{_libdir}/libnssckfw.a %{_libdir}/libsmime.a %{_libdir}/libssl.a +%{_libdir}/libfreebl.a %endif + #------------------------------------------------------------------------- %prep -%setup -q -%patch0 -p0 -%patch2 -p0 -b .transitional -%patch4 -p1 -%patch5 -p1 +%autosetup -p0 find . -type d -perm 0700 -exec chmod 755 {} \; find . -type f -perm 0555 -exec chmod 755 {} \; @@ -285,27 +373,55 @@ export NSS_DISABLE_GTESTS=1 %if %{build_empty} # (oe) the "trust no one" scenario, it goes like: -# 1. mv /%%{_lib}/libnssckbi.so /%%{_lib}/libnssckbi.so.BAK -# 2. mv /%%{_lib}/libnssckbi_empty.so /%%{_lib}/libnssckbi.so +# 1. mv /%{_lib}/libnssckbi.so /%{_lib}/libnssckbi.so.BAK +# 2. mv /%{_lib}/libnssckbi_empty.so /%{_lib}/libnssckbi.so # 3. restart ff/tb # it has to be done manually for now, but at least we have a way for # users to quickly mitigate future problems, or whatever :-) pushd nss/lib/ckfw/builtins -perl ./certdata.perl < %{SOURCE7} +perl ./certdata.perl %{SOURCE102} popd %endif -export NATIVE_CC="%{__cc}" +%if %cross_compiling + # Compile tools used at build time (nsinstall) in native + # mode before setting up the environment for crosscompiling + export USE_64=1 + make -j1 -C ./nss all + make -j1 -C ./nss latest + + CPU_ARCH="%_target_cpu" + if echo $CPU_ARCH |grep -qE '(i.86|pentium.|athlon)'; then + CPU_ARCH=x86 + fi + export CPU_ARCH +%endif + +export NATIVE_CC=%{__cc} export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch x86_64 ppc64 ia64 s390x %{aarch64} riscv64 +%ifarch %{x86_64} ppc64 ia64 s390x %{aarch64} riscv64 export USE_64=1 %else unset USE_64 || : %endif +# Parallel is broken as of 3.11.4 :( +#make -j1 -C ./nss/coreconf ./nss/lib/dbm ./nss \ +# TARGETCC="$TARGETCC" \ +# TARGETCCC="$TARGETCCC" \ +# TARGETRANLIB="$TARGETRANLIB" \ +# AR="%__ar cr \"\$@\"" \ +#%if %cross_compiling +# CPU_ARCH="$CPU_ARCH" \ +#%endif +#%if %with %{cross_compiling} +#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar" CPU_ARCH="$CPU_ARCH" +#%else +#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar" +#%endif %make_build -j1 -C ./nss all %make_build -j1 -C ./nss latest @@ -318,9 +434,9 @@ cp -p nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so # http://qa.mandriva.com/show_bug.cgi?id=29612 # use built addbuildin command to avoid having # a buildrequires for nss -ADDBUILTIN=`%{_bindir}/find . -type f -name addbuiltin` +ADDBUILTIN=$(%{_bindir}/find . -type f -name addbuiltin) if [ -z "$ADDBUILTIN" ]; then - exit 1 + exit 1 fi ADDBUILTIN="$PWD/$ADDBUILTIN" OLD="$LD_LIBRARY_PATH" @@ -336,7 +452,7 @@ pushd nss/lib/ckfw/builtins # So, for Mandriva we can add/remove certs easily in the rootcerts package. Please # checkout and examine the rootcerts package. # Once this has been done and the new rootcerts package has been installed this -# package (nss) has to be rebuilt to pickup the changes made. The "recreate +# package (nss) has to be rebuilt to pickup the changes made. The "recreate # certificates" lines below generates a new certdata.c source containing the root # CA certs for mozilla. # *ALL* of the mozilla based softwares that support SSL has to link against @@ -360,58 +476,93 @@ cp -aL bin/* %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}%{_includedir}/nss -cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss cp -aL lib/libcrmf.a \ - lib/libnss.a \ - lib/libnssb.a \ - lib/libnssckfw.a \ - lib/libnssutil.a \ - lib/libsmime.a \ - lib/libssl.a \ - %{buildroot}%{_libdir} + lib/libnss.a \ + lib/libnssb.a \ + lib/libnssckfw.a \ + lib/libnssutil.a \ + lib/libsmime.a \ + lib/libssl.a \ + %{buildroot}%{_libdir} # Copy the binary libraries we want for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \ libssl3.so libsmime3.so libnssdbm3.so do - install -m 755 lib/$file %{buildroot}/%{_lib} - ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file + install -m 755 lib/$file %{buildroot}/%{_lib} + ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file +done + +# Copy the include files we want +cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss + +# Copy some freebl include files we also want +for file in blapi.h alghmac.h cmac.h; do + pwd + install -p -m 644 ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss +done + +# Copy the static freebl library +for file in libfreebl.a; do + install -p -m 644 ../*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + + +ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so + +# These ghost files will be generated in the post step +# Make sure chk files can be found in both places +for file in libsoftokn3.chk libfreebl3.chk +do + touch %{buildroot}/%{_lib}/$file + ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file done mkdir -p %{buildroot}%{_libdir}/pkgconfig -cat %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ - -e "s,%%prefix%%,%{_prefix},g" \ - -e "s,%%exec_prefix%%,%{_prefix},g" \ - -e "s,%%includedir%%,%{_includedir}/nss,g" \ - -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ - -e "s,%%NSS_VERSION%%,%{version},g" > \ - %{buildroot}%{_libdir}/pkgconfig/nss.pc -cat %{SOURCE10} | sed -e "s,%%libdir%%,%{_libdir},g" \ - -e "s,%%prefix%%,%{_prefix},g" \ - -e "s,%%exec_prefix%%,%{_prefix},g" \ - -e "s,%%includedir%%,%{_includedir}/nss3,g" \ - -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ - -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ - %{buildroot}%{_libdir}/pkgconfig/nss-softokn.pc +cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ + %{buildroot}%{_libdir}/pkgconfig/nss-util.pc +cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ + %{buildroot}%{_libdir}/pkgconfig/nss-softokn.pc +cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss,g" \ + -e "s,%%NSS_VERSION%%,%{version},g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ + %{buildroot}%{_libdir}/pkgconfig/nss.pc + %endif popd -%if %with lib +%if %{with lib} export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR" | %{__awk} '{print $3}'` export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'` export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'` mkdir -p %{buildroot}%{_bindir} -cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ - -e "s,@prefix@,%{_prefix},g" \ - -e "s,@exec_prefix@,%{_prefix},g" \ - -e "s,@includedir@,%{_includedir}/nss%{major},g" \ - -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ - -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ - -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ - > %{buildroot}/%{_bindir}/nss-config +cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ + > %{buildroot}/%{_bindir}/nss-config %endif pushd nss/cmd/smimetools @@ -419,7 +570,7 @@ install -m 0755 smime %{buildroot}%{_bindir} perl -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime popd -# add docs +# add docs/examples mkdir -p docs/SSLsample #cp -a mozilla/security/nss/cmd/SSLsample/README docs/SSLsample/ @@ -440,11 +591,14 @@ cp -a nss/cmd/signver/examples/1/*.html docs/signver/ mkdir -p docs/ssltap cp -a nss/cmd/ssltap/*.html docs/ssltap/ +install -d %{buildroot}%{_datadir}/%{name}/ +cp -pr docs/* %{buildroot}%{_datadir}/%{name}/ + # Install the empty NSS db files mkdir -p %{buildroot}%{_sysconfdir}/pki/nssdb -install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db -install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db -install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db +install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db %{_bindir}/find docs -type f | %{_bindir}/xargs -t perl -pi -e 's/\r$//g' diff --git a/pkcs11.txt.xml b/pkcs11.txt.xml new file mode 100644 index 0000000..d30e469 --- /dev/null +++ b/pkcs11.txt.xml @@ -0,0 +1,56 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + pkcs11.txt + 5 + + + + pkcs11.txt + NSS PKCS #11 module configuration file + + + + Description + +The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules. + + +For full documentation visit PKCS #11 Module Specs. + + + + + Files + /etc/pki/nssdb/pkcs11.txt + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh new file mode 100644 index 0000000..8e1f5f7 --- /dev/null +++ b/setup-nsssysinit.sh @@ -0,0 +1,68 @@ +#!/bin/sh +# +# Turns on or off the nss-sysinit module db by editing the +# global PKCS #11 congiguration file. Displays the status. +# +# This script can be invoked by the user as super user. +# It is invoked at nss-sysinit post install time with argument on. +# +usage() +{ + cat <&2 +fi + +# the system-wide configuration file +p11conf="/etc/pki/nssdb/pkcs11.txt" +# must exist, otherwise report it and exit with failure +if [ ! -f $p11conf ]; then + echo "Could not find ${p11conf}" + exit 1 +fi + +# check if nsssysinit is currently enabled or disabled +sysinit_enabled() +{ + grep -q '^library=libnsssysinit' ${p11conf} +} + +umask 022 +case "$1" in + on | ON ) + if sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=$/library=libnsssysinit.so/' \ + -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \ + ${p11conf}.on + mv ${p11conf}.on ${p11conf} + ;; + off | OFF ) + if ! sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=libnsssysinit.so/library=/' \ + -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ + ${p11conf}.off + mv ${p11conf}.off ${p11conf} + ;; + status ) + echo -n 'NSS sysinit is ' + sysinit_enabled && echo 'enabled' || echo 'disabled' + ;; + * ) + usage 1 1>&2 + ;; +esac diff --git a/setup-nsssysinit.xml b/setup-nsssysinit.xml new file mode 100644 index 0000000..5b9827f --- /dev/null +++ b/setup-nsssysinit.xml @@ -0,0 +1,106 @@ + + + +]> + + + + + &date; + Network Security Services + nss + &version; + + + + setup-nsssysinit + 1 + + + + setup-nsssysinit + Query or enable the nss-sysinit module + + + + + setup-nsssysinit + + + + + + + + Description + setup-nsssysinit is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. + Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on. + + + + + Options + + + + + Turn on nss-sysinit. + + + + + Turn on nss-sysinit. + + + + + returns whether nss-syinit is enabled or not. + + + + + + + Examples + + The following example will query for the status of nss-sysinit: + + /usr/bin/setup-nsssysinit status + + + + The following example, when run as superuser, will turn on nss-sysinit: + + /usr/bin/setup-nsssysinit on + + + + + + + Files + /usr/bin/setup-nsssysinit + + + + See also + pkg-config(1) + + + + Authors + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/system-pkcs11.txt b/system-pkcs11.txt new file mode 100644 index 0000000..c2f5704 --- /dev/null +++ b/system-pkcs11.txt @@ -0,0 +1,5 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/utilwrap-include-templates.patch b/utilwrap-include-templates.patch new file mode 100644 index 0000000..649b548 --- /dev/null +++ b/utilwrap-include-templates.patch @@ -0,0 +1,14 @@ +diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk +--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700 ++++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700 +@@ -3,6 +3,10 @@ + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + ++#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1) ++INCLUDES += -I/usr/include/nss3/templates ++#endif ++ + # can't do this in manifest.mn because OS_TARGET isn't defined there. + ifeq (,$(filter-out WIN%,$(OS_TARGET))) + From cffd3117c35e25c8147c38a5a0f8ed620211f4c4 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 7 Sep 2020 15:50:40 +0000 Subject: [PATCH 09/62] rediff patch --- ...figure-option-to-disable-ARM-HW-cryp.patch | 32 ++++++------------- nss.spec | 5 +-- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch index bfc375e..764392a 100644 --- a/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +++ b/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch @@ -1,22 +1,8 @@ -From 8b67c22b057e158f61c9fdd5b01f37195c6f5ca4 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Wed, 18 Dec 2019 12:29:50 +0100 -Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto - -Not all current hardware supports it, particularly anything -prior to armv8 does not. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin - ---- - nss/lib/freebl/Makefile | 4 ++++ - nss/lib/freebl/gcm.c | 2 ++ - 2 files changed, 6 insertions(+) - ---- a/nss/lib/freebl/Makefile -+++ b/nss/lib/freebl/Makefile -@@ -126,6 +126,8 @@ else +diff --git nss/lib/freebl/Makefile nss/lib/freebl/Makefile +index 4a60041..51e8399 100644 +--- nss/lib/freebl/Makefile ++++ nss/lib/freebl/Makefile +@@ -120,6 +120,8 @@ else endif endif ifdef NS_USE_GCC @@ -25,7 +11,7 @@ Signed-off-by: Alexander Kanavin ifeq ($(CPU_ARCH),aarch64) DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c -@@ -150,6 +152,7 @@ endif +@@ -144,6 +146,7 @@ endif endif endif endif @@ -33,8 +19,10 @@ Signed-off-by: Alexander Kanavin ifeq ($(OS_TARGET),OSF1) DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD ---- a/nss/lib/freebl/gcm.c -+++ b/nss/lib/freebl/gcm.c +diff --git nss/lib/freebl/gcm.c nss/lib/freebl/gcm.c +index c2cc18d..970c1ed 100644 +--- nss/lib/freebl/gcm.c ++++ nss/lib/freebl/gcm.c @@ -21,7 +21,9 @@ /* old gcc doesn't support some poly64x2_t intrinsic */ #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \ diff --git a/nss.spec b/nss.spec index 7fbcba3..b7e3de5 100644 --- a/nss.spec +++ b/nss.spec @@ -64,6 +64,7 @@ Patch3: https://src.fedoraproject.org/rpms/nss/raw/master/f/utilwrap-include-te Patch4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-bltest-and-fipstest.patch Patch5: https://src.fedoraproject.org/rpms/nss/raw/master/f/iquote.patch Patch8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-util-gtest.patch +Patch9: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch # Our own BuildRequires: rootcerts >= 1:20120218.00 @@ -245,10 +246,10 @@ local f3 = "libfreeblpriv" .. major .. ".chk" libpath = "/lib" end - -- list of files to iterate +-- list of files to iterate files = { f1, f2, f3 } - -- iterate through all the files +-- iterate through all the files for file in list_iter(files) do local f = io.open(libpath .. "/" .. file, "w") f:write("") From 52cc17f388dc2f2ef11df50b3bd13d9d6dfbc1bc Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 7 Sep 2020 15:51:20 +0000 Subject: [PATCH 10/62] bump epoch --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index b7e3de5..22d9dfb 100644 --- a/nss.spec +++ b/nss.spec @@ -23,7 +23,7 @@ Summary: Network Security Services Name: nss -Epoch: 1 +Epoch: 2 Version: 3.56 Release: 2 Group: System/Libraries From 202931233b89de722e1ef466cbc5ece4feff7151 Mon Sep 17 00:00:00 2001 From: alexander stefanov Date: Mon, 7 Sep 2020 17:54:18 +0000 Subject: [PATCH 11/62] br: p11-kit, lint %post a bit --- nss.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index 22d9dfb..12478f8 100644 --- a/nss.spec +++ b/nss.spec @@ -72,6 +72,7 @@ BuildRequires: zip BuildRequires: pkgconfig(nspr) BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(zlib) +BuildRequires: p11-kit # compat with RH/Fedora Provides: nss-tools = %{EVRD} @@ -260,8 +261,6 @@ local f3 = "libfreeblpriv" .. major .. ".chk" end end -#------------------------------------------------------------------------- - %package -n %{libfreebl} Summary: Network Security Services (NSS) Group: System/Libraries From 471cff1f0112b00b35fe0871dbbd640b918e906a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9-=D0=97?= Date: Wed, 9 Sep 2020 22:24:01 +0000 Subject: [PATCH 12/62] Fixing an error in spec --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 12478f8..30a2e24 100644 --- a/nss.spec +++ b/nss.spec @@ -384,7 +384,7 @@ perl ./certdata.perl %{SOURCE102} popd %endif -%if %cross_compiling +%if %{with cross_compiling} # Compile tools used at build time (nsinstall) in native # mode before setting up the environment for crosscompiling export USE_64=1 From a4f6f341098cc1ae318095596205fd719b177fc1 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 22 Sep 2020 06:48:23 +0000 Subject: [PATCH 13/62] 3.57 --- .abf.yml | 2 +- nss.spec | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.abf.yml b/.abf.yml index 2ca2fc2..88e788c 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.56.tar.gz: 5203e66425f51738c723c5db1940fdc20a4c5472 + nss-3.57.tar.gz: ee150322d22ca2b449b31a9a4188eab156e0a13d verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 30a2e24..cfb8832 100644 --- a/nss.spec +++ b/nss.spec @@ -24,8 +24,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.56 -Release: 2 +Version: 3.57 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -57,14 +57,14 @@ Source100: verisign-class-3-secure-server-ca.der # verified in person with a government official Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt # From Fedora -Patch0: https://src.fedoraproject.org/rpms/nss/raw/master/f/add-relro-linker-option.patch +Patch0: add-relro-linker-option.patch Patch1: https://src.fedoraproject.org/rpms/nss/raw/master/f/renegotiate-transitional.patch Patch2: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-539183.patch Patch3: https://src.fedoraproject.org/rpms/nss/raw/master/f/utilwrap-include-templates.patch Patch4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-bltest-and-fipstest.patch Patch5: https://src.fedoraproject.org/rpms/nss/raw/master/f/iquote.patch Patch8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-util-gtest.patch -Patch9: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +# Patch9: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch # Our own BuildRequires: rootcerts >= 1:20120218.00 From 62af04fadb6b5ee58e3c481340bb13b570fac9cc Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 22 Sep 2020 06:54:54 +0000 Subject: [PATCH 14/62] cleanup --- ...figure-option-to-disable-ARM-HW-cryp.patch | 35 ------------------- nss.spec | 1 - 2 files changed, 36 deletions(-) delete mode 100644 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch diff --git a/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch deleted file mode 100644 index 764392a..0000000 --- a/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git nss/lib/freebl/Makefile nss/lib/freebl/Makefile -index 4a60041..51e8399 100644 ---- nss/lib/freebl/Makefile -+++ nss/lib/freebl/Makefile -@@ -120,6 +120,8 @@ else - endif - endif - ifdef NS_USE_GCC -+ifdef NSS_USE_ARM_HW_CRYPTO -+ DEFINES += -DNSS_USE_ARM_HW_CRYPTO - ifeq ($(CPU_ARCH),aarch64) - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c -@@ -144,6 +146,7 @@ endif - endif - endif - endif -+endif - - ifeq ($(OS_TARGET),OSF1) - DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD -diff --git nss/lib/freebl/gcm.c nss/lib/freebl/gcm.c -index c2cc18d..970c1ed 100644 ---- nss/lib/freebl/gcm.c -+++ nss/lib/freebl/gcm.c -@@ -21,7 +21,9 @@ - /* old gcc doesn't support some poly64x2_t intrinsic */ - #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \ - (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6) -+# ifdef NSS_USE_ARM_HW_CRYPTO - #define USE_ARM_GCM -+# endif - #elif defined(__arm__) && defined(IS_LITTLE_ENDIAN) && \ - !defined(NSS_DISABLE_ARM32_NEON) - /* We don't test on big endian platform, so disable this on big endian. */ diff --git a/nss.spec b/nss.spec index cfb8832..3e8d03f 100644 --- a/nss.spec +++ b/nss.spec @@ -64,7 +64,6 @@ Patch3: https://src.fedoraproject.org/rpms/nss/raw/master/f/utilwrap-include-te Patch4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-bltest-and-fipstest.patch Patch5: https://src.fedoraproject.org/rpms/nss/raw/master/f/iquote.patch Patch8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-util-gtest.patch -# Patch9: 0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch # Our own BuildRequires: rootcerts >= 1:20120218.00 From 148e36bf6932fbf6517e13306acf4674f2a9724a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9-=D0=97?= Date: Fri, 9 Oct 2020 12:15:44 +0000 Subject: [PATCH 15/62] =?UTF-8?q?%{x86=5F64}=20=E2=86=92=20x86=5F64?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nss.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index 3e8d03f..09954c5 100644 --- a/nss.spec +++ b/nss.spec @@ -25,7 +25,7 @@ Summary: Network Security Services Name: nss Epoch: 2 Version: 3.57 -Release: 1 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -401,7 +401,7 @@ export NATIVE_CC=%{__cc} export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch %{x86_64} ppc64 ia64 s390x %{aarch64} riscv64 +%ifarch x86_64 ppc64 ia64 s390x %{aarch64} riscv64 export USE_64=1 %else unset USE_64 || : From 344ce1d20c585b702fa4c7815f413db020f2eed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9-=D0=97?= Date: Fri, 9 Oct 2020 12:49:38 +0000 Subject: [PATCH 16/62] Bugfix for 2016.1 --- nss.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nss.spec b/nss.spec index 09954c5..cb96201 100644 --- a/nss.spec +++ b/nss.spec @@ -277,7 +277,9 @@ This package contains the shared libraries libfreebl3 and libsoftokn3. %defattr(0644,root,root,0755) %ghost /%{_lib}/libfreebl%{major}.chk %ghost /%{_lib}/libsoftokn%{major}.chk +%if %rpm4 %ghost /%{_lib}/libfreeblpriv%{major}.chk +%endif #------------------------------------------------------------------------- From 7eb0fe268dc42cd1c02c642d706ca102b1b1937b Mon Sep 17 00:00:00 2001 From: alexander stefanov Date: Sun, 18 Oct 2020 18:31:49 +0000 Subject: [PATCH 17/62] x86_64 > %{x86_64} and DO NOT CHANGE IT, add aarch64 not as macro and %e2k --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index cb96201..d76c566 100644 --- a/nss.spec +++ b/nss.spec @@ -403,7 +403,7 @@ export NATIVE_CC=%{__cc} export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch x86_64 ppc64 ia64 s390x %{aarch64} riscv64 +%ifarch %{x86_64} ppc64 ia64 s390x aarch64 riscv64 %e2k export USE_64=1 %else unset USE_64 || : From e0219a639135d1215abfa8956da179e08a845cd0 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sun, 18 Oct 2020 18:41:58 +0000 Subject: [PATCH 18/62] upgrade 3.58 --- .abf.yml | 2 +- nss.spec | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.abf.yml b/.abf.yml index 88e788c..833f7de 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.57.tar.gz: ee150322d22ca2b449b31a9a4188eab156e0a13d + nss-3.58.tar.gz: f0c572b72921690c77d59471fe21cfa811d8b876 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index d76c566..1ac76cd 100644 --- a/nss.spec +++ b/nss.spec @@ -24,8 +24,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.57 -Release: 2 +Version: 3.58 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -58,12 +58,12 @@ Source100: verisign-class-3-secure-server-ca.der Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt # From Fedora Patch0: add-relro-linker-option.patch -Patch1: https://src.fedoraproject.org/rpms/nss/raw/master/f/renegotiate-transitional.patch -Patch2: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-539183.patch -Patch3: https://src.fedoraproject.org/rpms/nss/raw/master/f/utilwrap-include-templates.patch -Patch4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-bltest-and-fipstest.patch -Patch5: https://src.fedoraproject.org/rpms/nss/raw/master/f/iquote.patch -Patch8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-skip-util-gtest.patch +Patch1: renegotiate-transitional.patch +Patch2: nss-539183.patch +Patch3: utilwrap-include-templates.patch +Patch4: nss-skip-bltest-and-fipstest.patch +Patch5: iquote.patch +Patch8: nss-skip-util-gtest.patch # Our own BuildRequires: rootcerts >= 1:20120218.00 From c82a8bb465fabd6e0d613c928a0d0f87eb2231bb Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 16 Nov 2020 07:22:41 +0000 Subject: [PATCH 19/62] version autoupdate [3.59] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 833f7de..a224698 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.58.tar.gz: f0c572b72921690c77d59471fe21cfa811d8b876 + nss-3.59.tar.gz: 1459fb7f197c0b80e85333fbd33e723adcd28a7f verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 1ac76cd..ddac33e 100644 --- a/nss.spec +++ b/nss.spec @@ -24,7 +24,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.58 +Version: 3.59 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 6b594be33c579bb97689064043b57a49f2928848 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 11 Jan 2021 19:07:13 +0000 Subject: [PATCH 20/62] version autoupdate [3.60.1] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index a224698..92de05e 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.59.tar.gz: 1459fb7f197c0b80e85333fbd33e723adcd28a7f + nss-3.60.1.tar.gz: 8653168acc4cb57f4785f862596408527c919ac0 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index ddac33e..1536e37 100644 --- a/nss.spec +++ b/nss.spec @@ -24,7 +24,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.59 +Version: 3.60.1 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From b67609c2f1b0f5b52bfa3a13c39d428aaa0ddf75 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sun, 24 Jan 2021 10:45:11 +0000 Subject: [PATCH 21/62] version autoupdate [3.61] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 92de05e..59a7647 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.60.1.tar.gz: 8653168acc4cb57f4785f862596408527c919ac0 + nss-3.61.tar.gz: 26ffe516cb4b374f765c0818cca03afe09e15292 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 1536e37..fa1c3db 100644 --- a/nss.spec +++ b/nss.spec @@ -24,7 +24,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.60.1 +Version: 3.61 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From a62a708b332e558b2cc467159a4f0a46ecb3526f Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 23 Feb 2021 08:51:03 +0000 Subject: [PATCH 22/62] 3.62 --- .abf.yml | 2 +- nss.spec | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.abf.yml b/.abf.yml index 59a7647..d7a12f3 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.61.tar.gz: 26ffe516cb4b374f765c0818cca03afe09e15292 + nss-3.62.tar.gz: 288bd0533ecc02e0480b17408e24f76d40cc9097 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index fa1c3db..deffbaf 100644 --- a/nss.spec +++ b/nss.spec @@ -24,30 +24,30 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.61 +Version: 3.62 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz # pkgconfig file templates and other extras from Fedora -Source1: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-util.pc.in -Source2: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-util-config.in -Source3: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn.pc.in -Source4: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-config.in -Source6: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-dracut-module-setup.sh -Source7: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-softokn-dracut.conf -Source8: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss.pc.in -Source9: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-config.in +Source1: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-util.pc.in +Source2: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-util-config.in +Source3: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn.pc.in +Source4: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-config.in +Source6: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-dracut-module-setup.sh +Source7: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-dracut.conf +Source8: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss.pc.in +Source9: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-config.in Source10: blank-cert8.db Source11: blank-key3.db Source12: blank-secmod.db -Source15: https://src.fedoraproject.org/rpms/nss/raw/master/f/system-pkcs11.txt -Source16: https://src.fedoraproject.org/rpms/nss/raw/master/f/setup-nsssysinit.sh -Source20: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-config.xml -Source21: https://src.fedoraproject.org/rpms/nss/raw/master/f/setup-nsssysinit.xml -Source22: https://src.fedoraproject.org/rpms/nss/raw/master/f/pkcs11.txt.xml -Source28: https://src.fedoraproject.org/rpms/nss/raw/master/f/nss-p11-kit.config +Source15: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/system-pkcs11.txt +Source16: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/setup-nsssysinit.sh +Source20: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-config.xml +Source21: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/setup-nsssysinit.xml +Source22: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/pkcs11.txt.xml +Source28: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-p11-kit.config # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html # converted from PEM to DER format with openssl command: # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der From ab22737a0f3cdd64f13494cab20b8fb2257adba6 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 19 Mar 2021 16:16:36 +0000 Subject: [PATCH 23/62] version autoupdate [3.63] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index d7a12f3..7f39d20 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.62.tar.gz: 288bd0533ecc02e0480b17408e24f76d40cc9097 + nss-3.63.tar.gz: ecdf1352cb35d43a2bb4e276ece100c30a26a0ec verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index deffbaf..9d4bf26 100644 --- a/nss.spec +++ b/nss.spec @@ -24,7 +24,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.62 +Version: 3.63 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 3cd96d65ab8d47073f285f65cb354d436f1132df Mon Sep 17 00:00:00 2001 From: Gel0bmstu Date: Wed, 31 Mar 2021 15:53:24 +0000 Subject: [PATCH 24/62] Excluding devel packages from nss libs --- nss.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 9d4bf26..237df6f 100644 --- a/nss.spec +++ b/nss.spec @@ -2,6 +2,9 @@ %bcond_with cross_compiling %define url_ver %(echo %{version}| sed -e "s|\\.|_|g") +# Excluding devel packages from nss libs +%global __develgen_exclude_path ^/%{_lib}/(p11-kit-trust.so)$ + # (tpg) WARNING !!! # When you bump major, please make sure you bump "local major = 3" in %post section for lua script %define major 3 @@ -25,7 +28,7 @@ Summary: Network Security Services Name: nss Epoch: 2 Version: 3.63 -Release: 1 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html From 525669cc53ccf52eb66e337a3ced43782b46c705 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 1 Jun 2021 16:02:01 +0000 Subject: [PATCH 25/62] version autoupdate [3.66] --- .abf.yml | 2 +- nss.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.abf.yml b/.abf.yml index 7f39d20..60c09de 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.63.tar.gz: ecdf1352cb35d43a2bb4e276ece100c30a26a0ec + nss-3.66.tar.gz: c0d452f828e16e3345e891fe2bd016250f1b51e1 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 237df6f..cef1696 100644 --- a/nss.spec +++ b/nss.spec @@ -27,8 +27,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.63 -Release: 2 +Version: 3.66 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html From 845338e81eb9007098454edd5e55faccc5c417b3 Mon Sep 17 00:00:00 2001 From: Andrey Grigorev Date: Wed, 11 Aug 2021 12:16:34 +0000 Subject: [PATCH 26/62] MassBuild#2340: Increase release tag --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index cef1696..701d757 100644 --- a/nss.spec +++ b/nss.spec @@ -28,7 +28,7 @@ Summary: Network Security Services Name: nss Epoch: 2 Version: 3.66 -Release: 1 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html From 4a35452ca98eca22d4f9a92e7f86f2f37641e164 Mon Sep 17 00:00:00 2001 From: slava86 Date: Fri, 3 Sep 2021 20:10:16 +0300 Subject: [PATCH 27/62] 3.66 -> 3.68 --- .abf.yml | 2 +- nss.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.abf.yml b/.abf.yml index 60c09de..b1dc0ee 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.66.tar.gz: c0d452f828e16e3345e891fe2bd016250f1b51e1 + nss-3.68.tar.gz: 3a08c3a6cc8133818ab0e92b6db25b0cb872e2b7 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 701d757..f43faa5 100644 --- a/nss.spec +++ b/nss.spec @@ -27,8 +27,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.66 -Release: 2 +Version: 3.68 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html From 18e50a7c76fa82e03c4506caa65285a2e589df79 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 17 Sep 2021 14:00:00 +0000 Subject: [PATCH 28/62] 3.70 --- .abf.yml | 2 +- nss.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index b1dc0ee..576b6df 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.68.tar.gz: 3a08c3a6cc8133818ab0e92b6db25b0cb872e2b7 + nss-3.70.tar.gz: 55fa81782b8666607673210a7682de0a643d5976 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index f43faa5..1186131 100644 --- a/nss.spec +++ b/nss.spec @@ -27,7 +27,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.68 +Version: 3.70 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ @@ -109,6 +109,7 @@ libraries. %attr(0755,root,root) %{_bindir}/pk12util %attr(0755,root,root) %{_bindir}/signver %attr(0755,root,root) %{_bindir}/ssltap +%attr(0755,root,root) %{_bindir}/sdbthreadtst #debian-additional %attr(0755,root,root) %{_bindir}/addbuiltin %attr(0755,root,root) %{_bindir}/chktest From cb0421fc76cb30758803112e7ec112de3cc52efb Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Thu, 6 Jan 2022 21:52:39 +0000 Subject: [PATCH 29/62] add validation --- nss.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/nss.spec b/nss.spec index 1186131..9a14d40 100644 --- a/nss.spec +++ b/nss.spec @@ -132,6 +132,7 @@ libraries. %attr(0755,root,root) %{_bindir}/tstclnt %attr(0755,root,root) %{_bindir}/vfychain %attr(0755,root,root) %{_bindir}/vfyserv +%attr(0755,root,root) %{_bindir}/validation #------------------------------------------------------------------------- From 39af688f3d1b2c84882926968e5a5e54e3eac96c Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Thu, 6 Jan 2022 22:03:01 +0000 Subject: [PATCH 30/62] version autoupdate [3.74] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 576b6df..8f8fa1b 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.70.tar.gz: 55fa81782b8666607673210a7682de0a643d5976 + nss-3.74.tar.gz: 7acc8e81afad5c6ba3ece739d2079da552e1c434 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 9a14d40..541c4cf 100644 --- a/nss.spec +++ b/nss.spec @@ -27,7 +27,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.70 +Version: 3.74 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From be02c244218b22138d6e8eae7f84d90aabc1c312 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sun, 6 Feb 2022 20:02:13 +0000 Subject: [PATCH 31/62] version autoupdate [3.75] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 8f8fa1b..01edebf 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.74.tar.gz: 7acc8e81afad5c6ba3ece739d2079da552e1c434 + nss-3.75.tar.gz: 58a654a8656bcbae504347ed2aff0674e993ddfc verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 541c4cf..81315e0 100644 --- a/nss.spec +++ b/nss.spec @@ -27,7 +27,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.74 +Version: 3.75 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 3457169806f06fe9a6ffd68a1af8a47694ec9843 Mon Sep 17 00:00:00 2001 From: betcher Date: Wed, 20 Apr 2022 17:22:43 +0000 Subject: [PATCH 32/62] fix for e2k --- nss.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nss.spec b/nss.spec index 81315e0..7db46fd 100644 --- a/nss.spec +++ b/nss.spec @@ -517,6 +517,10 @@ done ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so +%ifarch %e2k +ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/p11-kit-trust.so +%endif + # These ghost files will be generated in the post step # Make sure chk files can be found in both places for file in libsoftokn3.chk libfreebl3.chk From 3b5980988d9a26fd5f217633129a6378901aa707 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 2 May 2022 17:38:26 +0000 Subject: [PATCH 33/62] version autoupdate [3.78] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 01edebf..905e76c 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.75.tar.gz: 58a654a8656bcbae504347ed2aff0674e993ddfc + nss-3.78.tar.gz: aa87f05c8850c9fd4f370fa86eae22da92af15b9 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 7db46fd..b80a017 100644 --- a/nss.spec +++ b/nss.spec @@ -27,7 +27,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.75 +Version: 3.78 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 7232b2a4296882f69e718307279f01e43fc525e8 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sun, 15 May 2022 09:57:27 +0000 Subject: [PATCH 34/62] fix riscv --- nss.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index b80a017..2fe5617 100644 --- a/nss.spec +++ b/nss.spec @@ -517,7 +517,8 @@ done ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so -%ifarch %e2k +# split nss and p11-kit package in the future +%ifarch %{e2k} %{riscv} ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/p11-kit-trust.so %endif From a6f1453a15b406c72560dcb973ef0fe8f5043721 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 20 May 2022 12:32:49 +0000 Subject: [PATCH 35/62] cleanup --- nss.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nss.spec b/nss.spec index 2fe5617..ee7cf14 100644 --- a/nss.spec +++ b/nss.spec @@ -386,7 +386,7 @@ export NSS_DISABLE_GTESTS=1 # users to quickly mitigate future problems, or whatever :-) pushd nss/lib/ckfw/builtins -perl ./certdata.perl %{SOURCE102} +perl ./certdata.perl /etc/pki/tls/mozilla/certdata.txt popd %endif @@ -408,7 +408,7 @@ export NATIVE_CC=%{__cc} export TARGETCC="%{__cc}" export TARGETCCC="%{__cxx}" export TARGETRANLIB="%{__ranlib}" -%ifarch %{x86_64} ppc64 ia64 s390x aarch64 riscv64 %e2k +%ifarch %{x86_64} ppc64 ia64 s390x aarch64 riscv64 %{e2k} export USE_64=1 %else unset USE_64 || : From f0ca80aa6dacf292d91d43e03e46b71363984634 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 20 May 2022 12:43:55 +0000 Subject: [PATCH 36/62] cleanup --- nss.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nss.spec b/nss.spec index ee7cf14..ec99526 100644 --- a/nss.spec +++ b/nss.spec @@ -505,7 +505,6 @@ cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss # Copy some freebl include files we also want for file in blapi.h alghmac.h cmac.h; do - pwd install -p -m 644 ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss done @@ -516,11 +515,12 @@ done ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so - -# split nss and p11-kit package in the future -%ifarch %{e2k} %{riscv} -ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/p11-kit-trust.so -%endif +# weird bug that exist only on new arches +# /lib64/p11-kit-trust.so not exist +if [ ! -L %{buildroot}/%{_lib}/p11-kit-trust.so ]; then + echo "=> p11-kit symlink not exist" + ln -s /%{_lib}/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so +fi # These ghost files will be generated in the post step # Make sure chk files can be found in both places From 52a48f803d18b836af11fc5d4ea49d390d71662d Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 20 May 2022 12:55:21 +0000 Subject: [PATCH 37/62] fix link --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index ec99526..ad9313b 100644 --- a/nss.spec +++ b/nss.spec @@ -519,7 +519,7 @@ ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so # /lib64/p11-kit-trust.so not exist if [ ! -L %{buildroot}/%{_lib}/p11-kit-trust.so ]; then echo "=> p11-kit symlink not exist" - ln -s /%{_lib}/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so + ln -s %{buildroot}/%{_lib}/libnssckbi.so p11-kit-trust.so fi # These ghost files will be generated in the post step From 881137d14aab4d84a8579179f305ae92bb040dc1 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 20 May 2022 14:04:40 +0000 Subject: [PATCH 38/62] try to fix build --- nss.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index ad9313b..4d81f7d 100644 --- a/nss.spec +++ b/nss.spec @@ -519,7 +519,9 @@ ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so # /lib64/p11-kit-trust.so not exist if [ ! -L %{buildroot}/%{_lib}/p11-kit-trust.so ]; then echo "=> p11-kit symlink not exist" - ln -s %{buildroot}/%{_lib}/libnssckbi.so p11-kit-trust.so + pushd %{buildroot}/%{_lib} + ln -s libnssckbi.so p11-kit-trust.so + popd fi # These ghost files will be generated in the post step From bf82e59033db57b7b953441d6b6c8d317eb2caa3 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 20 May 2022 19:20:24 +0000 Subject: [PATCH 39/62] fix broken develgen --- nss.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/nss.spec b/nss.spec index 4d81f7d..395350e 100644 --- a/nss.spec +++ b/nss.spec @@ -4,6 +4,7 @@ # Excluding devel packages from nss libs %global __develgen_exclude_path ^/%{_lib}/(p11-kit-trust.so)$ +%global __develgen_exclude_path ^/%{_lib}/(libnssckbi.so)$ # (tpg) WARNING !!! # When you bump major, please make sure you bump "local major = 3" in %post section for lua script From 2434f5f95919e9e737549c8a4660ec688b41f637 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Sat, 21 May 2022 00:40:18 +0300 Subject: [PATCH 40/62] try to properly exclude all odd devel reqs --- nss.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nss.spec b/nss.spec index 395350e..6542e48 100644 --- a/nss.spec +++ b/nss.spec @@ -3,8 +3,9 @@ %define url_ver %(echo %{version}| sed -e "s|\\.|_|g") # Excluding devel packages from nss libs -%global __develgen_exclude_path ^/%{_lib}/(p11-kit-trust.so)$ -%global __develgen_exclude_path ^/%{_lib}/(libnssckbi.so)$ +# libraries are named in a non standard way, +# all really devel ones are in /usr/lib64 +%define __develgen_exclude_path ^/%{_lib}/.*$ # (tpg) WARNING !!! # When you bump major, please make sure you bump "local major = 3" in %post section for lua script @@ -29,7 +30,7 @@ Summary: Network Security Services Name: nss Epoch: 2 Version: 3.78 -Release: 1 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html From 852c3e81ff999caa9512f6ec628fed6bf646550b Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 6 Jan 2023 15:33:10 +0000 Subject: [PATCH 41/62] 3.86 --- .abf.yml | 2 +- nss-539183.patch | 62 ------------------------------------------------ nss.spec | 5 ++-- 3 files changed, 3 insertions(+), 66 deletions(-) delete mode 100644 nss-539183.patch diff --git a/.abf.yml b/.abf.yml index 905e76c..ed597a5 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.78.tar.gz: aa87f05c8850c9fd4f370fa86eae22da92af15b9 + nss-3.86.tar.gz: 2e1b5d2b248adce540ebbb16fb32aab6cc1a30ef verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss-539183.patch b/nss-539183.patch deleted file mode 100644 index eda3249..0000000 --- a/nss-539183.patch +++ /dev/null @@ -1,62 +0,0 @@ ---- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700 -+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700 -@@ -953,23 +953,23 @@ - getBoundListenSocket(unsigned short port) - { - PRFileDesc *listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { -- errExit("PR_NewTCPSocket"); -+ errExit("PR_OpenTCPSockett"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - PR_Close(listen_sock); - errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); ---- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700 -+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700 -@@ -1711,23 +1711,23 @@ - getBoundListenSocket(unsigned short port) - { - PRFileDesc *listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { -- errExit("PR_NewTCPSocket"); -+ errExit("PR_OpenTCPSocket error"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - PR_Close(listen_sock); - errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); diff --git a/nss.spec b/nss.spec index 6542e48..0f15bc0 100644 --- a/nss.spec +++ b/nss.spec @@ -29,8 +29,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.78 -Release: 2 +Version: 3.86 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -64,7 +64,6 @@ Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-bras # From Fedora Patch0: add-relro-linker-option.patch Patch1: renegotiate-transitional.patch -Patch2: nss-539183.patch Patch3: utilwrap-include-templates.patch Patch4: nss-skip-bltest-and-fipstest.patch Patch5: iquote.patch From fc6d3be4f48e8562b9e474aae7244a1e1e5800bd Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 13 Feb 2023 00:27:20 +0000 Subject: [PATCH 42/62] 3.88.1 --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index ed597a5..5bf53ca 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.86.tar.gz: 2e1b5d2b248adce540ebbb16fb32aab6cc1a30ef + nss-3.88.1.tar.gz: cbbd99de26c74e6cd227f394d9905dd53fc13f30 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 0f15bc0..2704803 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.86 +Version: 3.88.1 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 1dd420a77ca6535823ea380f74f343f21fb0f848 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 10 Apr 2023 19:34:49 +0000 Subject: [PATCH 43/62] version autoupdate [3.89] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 5bf53ca..48965a5 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.88.1.tar.gz: cbbd99de26c74e6cd227f394d9905dd53fc13f30 + nss-3.89.tar.gz: 24a032bcd22182db1b0f62aa14760747b4e2a3da verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 2704803..4e482a6 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.88.1 +Version: 3.89 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 29b9fca9de79e12bda9e6419c3e3c3ea4f5558ac Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Thu, 8 Jun 2023 11:10:15 +0000 Subject: [PATCH 44/62] version autoupdate [3.90] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 48965a5..3f45418 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.89.tar.gz: 24a032bcd22182db1b0f62aa14760747b4e2a3da + nss-3.90.tar.gz: 1e7d2f16655281cfb2972688af1605e0de302481 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 4e482a6..120c263 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.89 +Version: 3.90 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 337fab5faf7087d030e84fd81d79818f2c75cd95 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 7 Jul 2023 16:08:51 +0000 Subject: [PATCH 45/62] version autoupdate [3.91] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 3f45418..d041f21 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.90.tar.gz: 1e7d2f16655281cfb2972688af1605e0de302481 + nss-3.91.tar.gz: ee485a78d4dbedc5f4b6f8e37b3d156a6a0577fc verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 120c263..869ba28 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.90 +Version: 3.91 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From aaab6e90318be0069e313c9678a26da487807b12 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 21 Aug 2023 08:57:11 +0000 Subject: [PATCH 46/62] version autoupdate [3.92] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index d041f21..32b59d3 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.91.tar.gz: ee485a78d4dbedc5f4b6f8e37b3d156a6a0577fc + nss-3.92.tar.gz: df4fe563772b6fe10699cc5175c35ba48d1b900a verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 869ba28..0b379a8 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.91 +Version: 3.92 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 19041dd654434db168cb96eae7f218381b5e4253 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 8 Sep 2023 08:26:58 +0000 Subject: [PATCH 47/62] go to libdir --- nss.spec | 47 ++++++++++++++++++++++------------------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/nss.spec b/nss.spec index 0b379a8..db37a95 100644 --- a/nss.spec +++ b/nss.spec @@ -30,7 +30,7 @@ Summary: Network Security Services Name: nss Epoch: 2 Version: 3.92 -Release: 1 +Release: 2 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -224,15 +224,15 @@ This package contains the shared libraries libnss3, libnssdbm3, libnssutil3, libsmime3, and libssl3. %files -n %{libname} -/%{_lib}/libnss%{major}.so +%{_libdir}/libnss%{major}.so %if %{build_empty} -/%{_lib}/libnssckbi_empty.so +%{_libdir}/libnssckbi_empty.so %endif -/%{_lib}/libnssutil%{major}.so -/%{_lib}/libnssdbm%{major}.so -/%{_lib}/libsmime%{major}.so -/%{_lib}/libssl%{major}.so -/%{_lib}/p11-kit-trust.so +%{_libdir}/libnssutil%{major}.so +%{_libdir}/libnssdbm%{major}.so +%{_libdir}/libsmime%{major}.so +%{_libdir}/libssl%{major}.so +%{_libdir}/p11-kit-trust.so %post -n %{libname} -p -- (tpg) execute only on install @@ -275,16 +275,16 @@ Requires(post): nss-shlibsign This package contains the shared libraries libfreebl3 and libsoftokn3. %files -n %{libfreebl} -/%{_lib}/libfreebl%{major}.so -/%{_lib}/libfreeblpriv%{major}.so -/%{_lib}/libsoftokn%{major}.so -/%{_lib}/libnssckbi.so +%{_libdir}/libfreebl%{major}.so +%{_libdir}/libfreeblpriv%{major}.so +%{_libdir}/libsoftokn%{major}.so +%{_libdir}/libnssckbi.so %defattr(0644,root,root,0755) -%ghost /%{_lib}/libfreebl%{major}.chk -%ghost /%{_lib}/libsoftokn%{major}.chk +%ghost %{_libdir}/libfreebl%{major}.chk +%ghost %{_libdir}/libsoftokn%{major}.chk %if %rpm4 -%ghost /%{_lib}/libfreeblpriv%{major}.chk +%ghost %{_libdir}/libfreeblpriv%{major}.chk %endif #------------------------------------------------------------------------- @@ -303,7 +303,7 @@ Header files to doing development with Network Security Services. %files -n %{devname} %attr(0755,root,root) %{_bindir}/nss-config -%_libdir/*.so +#% _libdir/*.so %{_includedir}/nss %{_libdir}/pkgconfig/nss.pc %{_libdir}/pkgconfig/nss-softokn.pc @@ -481,7 +481,6 @@ cp -aL bin/* %{buildroot}%{_bindir} %if %{with lib} mkdir -p %{buildroot}%{_libdir} -mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}%{_includedir}/nss cp -aL lib/libcrmf.a \ @@ -497,8 +496,7 @@ cp -aL lib/libcrmf.a \ for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \ libssl3.so libsmime3.so libnssdbm3.so do - install -m 755 lib/$file %{buildroot}/%{_lib} - ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file + install -m 755 lib/$file %{buildroot}/%{_libdir} done # Copy the include files we want @@ -515,12 +513,12 @@ for file in libfreebl.a; do done -ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_lib}/libnssckbi.so +ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_libdir}/libnssckbi.so # weird bug that exist only on new arches # /lib64/p11-kit-trust.so not exist -if [ ! -L %{buildroot}/%{_lib}/p11-kit-trust.so ]; then +if [ ! -L %{buildroot}/%{_libdir}/p11-kit-trust.so ]; then echo "=> p11-kit symlink not exist" - pushd %{buildroot}/%{_lib} + pushd %{buildroot}/%{_libdir} ln -s libnssckbi.so p11-kit-trust.so popd fi @@ -529,8 +527,7 @@ fi # Make sure chk files can be found in both places for file in libsoftokn3.chk libfreebl3.chk do - touch %{buildroot}/%{_lib}/$file - ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file + touch %{buildroot}/%{_libdir}/$file done mkdir -p %{buildroot}%{_libdir}/pkgconfig @@ -618,5 +615,5 @@ install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db %if %{build_empty} # install the empty libnssckbi.so library (use alternatives?) -install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so +install -m0755 libnssckbi_empty.so %{buildroot}/%{_libdir}/libnssckbi_empty.so %endif From 337826511c27b94b966fdcf52568dabd16fb9d34 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Wed, 13 Sep 2023 21:13:30 +0000 Subject: [PATCH 48/62] fix provides --- nss.spec | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/nss.spec b/nss.spec index db37a95..4c8b50e 100644 --- a/nss.spec +++ b/nss.spec @@ -296,6 +296,25 @@ Requires: %{libname} >= %{EVRD} Requires: %{libfreebl} >= %{EVRD} Provides: nss-devel = %{EVRD} Provides: nss-softokn-freebl-devel = %{EVRD} + +%if %{__isa_bits} == 64 +Provides: devel(libfreebl3(64bit)) +Provides: devel(libnss3(64bit)) +Provides: devel(libnssdbm3(64bit)) +Provides: devel(libnssutil3(64bit)) +Provides: devel(libsmime3(64bit)) +Provides: devel(libsoftokn3(64bit)) +Provides: devel(libssl3(64bit)) +%else +Provides: devel(libfreebl3) +Provides: devel(libnss3) +Provides: devel(libnssdbm3) +Provides: devel(libnssutil3) +Provides: devel(libsmime3) +Provides: devel(libsoftokn3) +Provides: devel(libssl3) +%endif + %rename %{libname}-devel %description -n %{devname} From 7cf29fec92f201fc4d834b5a54e023c75549050f Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sat, 14 Oct 2023 10:10:18 +0000 Subject: [PATCH 49/62] 3.94 --- .abf.yml | 2 +- nss-skip-bltest-and-fipstest.patch | 15 --------------- nss.spec | 6 +++--- 3 files changed, 4 insertions(+), 19 deletions(-) delete mode 100644 nss-skip-bltest-and-fipstest.patch diff --git a/.abf.yml b/.abf.yml index 32b59d3..1c392eb 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.92.tar.gz: df4fe563772b6fe10699cc5175c35ba48d1b900a + nss-3.94.tar.gz: 220fe0c69a7e3dc176855cbc0feb8e587d812e78 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss-skip-bltest-and-fipstest.patch b/nss-skip-bltest-and-fipstest.patch deleted file mode 100644 index aee646c..0000000 --- a/nss-skip-bltest-and-fipstest.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile ---- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100 -+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100 -@@ -19,7 +19,11 @@ BLTEST_SRCDIR = - ECPERF_SRCDIR = - FREEBL_ECTEST_SRCDIR = - FIPSTEST_SRCDIR = -+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1) -+SHLIBSIGN_SRCDIR = shlibsign -+else - SHLIBSIGN_SRCDIR = -+endif - else - BLTEST_SRCDIR = bltest - ECPERF_SRCDIR = ecperf diff --git a/nss.spec b/nss.spec index 4c8b50e..0aeecba 100644 --- a/nss.spec +++ b/nss.spec @@ -29,8 +29,8 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.92 -Release: 2 +Version: 3.94 +Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ Url: http://www.mozilla.org/projects/security/pki/nss/index.html @@ -65,7 +65,6 @@ Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-bras Patch0: add-relro-linker-option.patch Patch1: renegotiate-transitional.patch Patch3: utilwrap-include-templates.patch -Patch4: nss-skip-bltest-and-fipstest.patch Patch5: iquote.patch Patch8: nss-skip-util-gtest.patch # Our own @@ -103,6 +102,7 @@ libraries. %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db #nss supported bins %attr(0755,root,root) %{_bindir}/certutil +%attr(0755,root,root) %{_bindir}/dbtool %attr(0755,root,root) %{_bindir}/cmsutil %attr(0755,root,root) %{_bindir}/crlutil %attr(0755,root,root) %{_bindir}/modutil From 127f9a884a230568534c7be24972d669bdbc84b3 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sat, 16 Dec 2023 21:01:55 +0000 Subject: [PATCH 50/62] version autoupdate [3.96] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 1c392eb..ad387af 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.94.tar.gz: 220fe0c69a7e3dc176855cbc0feb8e587d812e78 + nss-3.96.tar.gz: e05e4bb5d85a1ebaf4ae7f3de86abb175521ad8a verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 0aeecba..1bd3efa 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.94 +Version: 3.96 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From e89789e726ec27a8d063a67b744bf8da1f8069af Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 15 Jan 2024 11:34:44 +0000 Subject: [PATCH 51/62] version autoupdate [3.96.1] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index ad387af..55a9795 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.96.tar.gz: e05e4bb5d85a1ebaf4ae7f3de86abb175521ad8a + nss-3.96.1.tar.gz: 48fcf009a4a8e25ec02d69313494cda5c8d52c71 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 1bd3efa..459af7c 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.96 +Version: 3.96.1 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From e5ea7f8a502c08c9e85e5a772aac6a668273776b Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 23 Jan 2024 21:24:26 +0000 Subject: [PATCH 52/62] version autoupdate [3.97] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 55a9795..5e3c193 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.96.1.tar.gz: 48fcf009a4a8e25ec02d69313494cda5c8d52c71 + nss-3.97.tar.gz: c9fda7864437fb45a0ba273fce728416deb912d6 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 459af7c..932b374 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.96.1 +Version: 3.97 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From dbca99b1f7b47668c44c001a7185145c514b3860 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 23 Feb 2024 21:06:15 +0000 Subject: [PATCH 53/62] version autoupdate [3.98] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 5e3c193..665590e 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.97.tar.gz: c9fda7864437fb45a0ba273fce728416deb912d6 + nss-3.98.tar.gz: 2524923bfc6530c86f8ac27a7ae8460cb706f65c verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 932b374..c02d529 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.97 +Version: 3.98 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 540da5349503965e9897772f62575ad593731ce0 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 18 Mar 2024 14:40:23 +0000 Subject: [PATCH 54/62] version autoupdate [3.99] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 665590e..be6948a 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.98.tar.gz: 2524923bfc6530c86f8ac27a7ae8460cb706f65c + nss-3.99.tar.gz: 299576791b2072c1bd696a547ca73c145fbedc34 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index c02d529..c8f90a4 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.98 +Version: 3.99 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From ffba0755bafc709ad83b4d070b5cecc7057d94c5 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sun, 12 May 2024 20:10:37 +0000 Subject: [PATCH 55/62] version autoupdate [3.100] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index be6948a..28ad104 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.99.tar.gz: 299576791b2072c1bd696a547ca73c145fbedc34 + nss-3.100.tar.gz: cb89a9da979d571d22b24c715e4f97b4aac47afc verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index c8f90a4..35d007e 100644 --- a/nss.spec +++ b/nss.spec @@ -29,7 +29,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.99 +Version: 3.100 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From a5dfd71ac5483950b9f286b8d7039ade5756fcd0 Mon Sep 17 00:00:00 2001 From: Aleksandr Proklov Date: Sat, 18 May 2024 12:31:40 +0900 Subject: [PATCH 56/62] move libnssckbi.so --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 35d007e..7454d86 100644 --- a/nss.spec +++ b/nss.spec @@ -233,6 +233,7 @@ libnssutil3, libsmime3, and libssl3. %{_libdir}/libsmime%{major}.so %{_libdir}/libssl%{major}.so %{_libdir}/p11-kit-trust.so +%{_libdir}/libnssckbi.so %post -n %{libname} -p -- (tpg) execute only on install @@ -278,7 +279,6 @@ This package contains the shared libraries libfreebl3 and libsoftokn3. %{_libdir}/libfreebl%{major}.so %{_libdir}/libfreeblpriv%{major}.so %{_libdir}/libsoftokn%{major}.so -%{_libdir}/libnssckbi.so %defattr(0644,root,root,0755) %ghost %{_libdir}/libfreebl%{major}.chk From e5b43c66a9a27484c23e1f3cc64ee16c5f3d7cbc Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Sat, 18 May 2024 10:43:27 +0000 Subject: [PATCH 57/62] fix devel requires in non-devel pkg --- nss.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nss.spec b/nss.spec index 7454d86..8cddd63 100644 --- a/nss.spec +++ b/nss.spec @@ -5,7 +5,7 @@ # Excluding devel packages from nss libs # libraries are named in a non standard way, # all really devel ones are in /usr/lib64 -%define __develgen_exclude_path ^/%{_lib}/.*$ +%define __develgen_exclude_path ^/%{_libdir}/.*$ # (tpg) WARNING !!! # When you bump major, please make sure you bump "local major = 3" in %post section for lua script From 80213d4017f6678d150eab2ba92114db1459aafa Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 21 May 2024 09:48:10 +0000 Subject: [PATCH 58/62] fix devel for non-devel package --- nss.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nss.spec b/nss.spec index 8cddd63..6135399 100644 --- a/nss.spec +++ b/nss.spec @@ -4,8 +4,10 @@ # Excluding devel packages from nss libs # libraries are named in a non standard way, -# all really devel ones are in /usr/lib64 -%define __develgen_exclude_path ^/%{_libdir}/.*$ +# all really devel ones are *.chk +# fix it +#global __develgen_exclude_path ^/%{_libdir}/.*$ +%global __develgen_path %nil # (tpg) WARNING !!! # When you bump major, please make sure you bump "local major = 3" in %post section for lua script @@ -322,7 +324,6 @@ Header files to doing development with Network Security Services. %files -n %{devname} %attr(0755,root,root) %{_bindir}/nss-config -#% _libdir/*.so %{_includedir}/nss %{_libdir}/pkgconfig/nss.pc %{_libdir}/pkgconfig/nss-softokn.pc From ce5fd3d9088004f68bcca5af4df4c524f298113a Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 10 Jun 2024 09:09:44 +0000 Subject: [PATCH 59/62] version autoupdate [3.101] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 28ad104..96c7035 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.100.tar.gz: cb89a9da979d571d22b24c715e4f97b4aac47afc + nss-3.101.tar.gz: 90f6f1d5440e7cc72cd27f2ecf2e8f3f680a00aa verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 6135399..6eb0b98 100644 --- a/nss.spec +++ b/nss.spec @@ -31,7 +31,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.100 +Version: 3.101 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 814e40719461953a17988c42aae321b12023250f Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Tue, 2 Jul 2024 13:39:01 +0000 Subject: [PATCH 60/62] version autoupdate [3.101.1] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 96c7035..57e59a8 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.101.tar.gz: 90f6f1d5440e7cc72cd27f2ecf2e8f3f680a00aa + nss-3.101.1.tar.gz: c7925087586bd32a69c4c7ea85b1e6056254cc4f verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 6eb0b98..abd2ab6 100644 --- a/nss.spec +++ b/nss.spec @@ -31,7 +31,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.101 +Version: 3.101.1 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 2c3d4cb65a18526f540d3b103c89ad161d6ca544 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Fri, 26 Jul 2024 09:46:07 +0000 Subject: [PATCH 61/62] version autoupdate [3.102.1] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 57e59a8..7b24d14 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.101.1.tar.gz: c7925087586bd32a69c4c7ea85b1e6056254cc4f + nss-3.102.1.tar.gz: c451edc0589f738fdb9f39fa266f4f6dee471da6 verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index abd2ab6..4617539 100644 --- a/nss.spec +++ b/nss.spec @@ -31,7 +31,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.101.1 +Version: 3.102.1 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ From 0fd861791a51d86267390d821998eb5e0b3f8b62 Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Mon, 5 Aug 2024 11:16:19 +0000 Subject: [PATCH 62/62] version autoupdate [3.103] --- .abf.yml | 2 +- nss.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.abf.yml b/.abf.yml index 7b24d14..92dadba 100644 --- a/.abf.yml +++ b/.abf.yml @@ -3,5 +3,5 @@ sources: blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177 blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 - nss-3.102.1.tar.gz: c451edc0589f738fdb9f39fa266f4f6dee471da6 + nss-3.103.tar.gz: 45eda4a1dfe7b28d082865bdd028ef5d58bc8d7b verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5 diff --git a/nss.spec b/nss.spec index 4617539..5394830 100644 --- a/nss.spec +++ b/nss.spec @@ -31,7 +31,7 @@ Summary: Network Security Services Name: nss Epoch: 2 -Version: 3.102.1 +Version: 3.103 Release: 1 Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+