sync with mageia

2025-02-23 16:32:48 +00:00 · 2013-08-13 19:36:03 +04:00 · 2013-08-13 19:36:03 +04:00 · d082198205
commit d082198205
parent d9ad30ac00
4 changed files with 136 additions and 143 deletions
--- a/nss-fixrandom.patch
+++ b/nss-fixrandom.patch
@ -1,5 +1,5 @@
--- mozilla/security/nss/lib/freebl/unix_rand.c.orig	2006-12-16 09:38:48.000000000 +0100
-+++ mozilla/security/nss/lib/freebl/unix_rand.c	2006-12-16 09:38:59.000000000 +0100
+--- nss/lib/freebl/unix_rand.c.orig	2006-12-16 09:38:48.000000000 +0100
+++ nss/lib/freebl/unix_rand.c	2006-12-16 09:38:59.000000000 +0100
@@ -876,7 +876,7 @@
 /* Fork netstat to collect its output by default. Do not unset this unless
  * another source of entropy is available
--- a/nss-no-rpath.patch
+++ b/nss-no-rpath.patch
@ -1,6 +1,6 @@
--- nss-3.14.1/mozilla/security/nss/cmd/platlibs.mk.norpath	2012-11-14 05:14:08.000000000 +0400
-+++ nss-3.14.1/mozilla/security/nss/cmd/platlibs.mk	2013-01-14 13:08:22.895819720 +0400
-@@ -18,9 +18,9 @@ endif
+--- nss/cmd/platlibs.mk~	2012-07-17 11:22:42.000000000 -0400
+++ nss/cmd/platlibs.mk	2012-10-27 13:03:47.839324389 -0400
+@@ -18,9 +18,9 @@
 
 ifeq ($(OS_ARCH), Linux)
 ifeq ($(USE_64), 1)
--- a/nss.spec
+++ b/nss.spec
@ -2,37 +2,38 @@

 %define major 3
 %define libname %mklibname %{name} %{major}
-%define libfreebl %mklibname freebl %{major}
 %define develname %mklibname -d %{name}
 %define sdevelname %mklibname -d -s %{name}
 %define cvsver 3_15_1
+%define version 3.15.1
+
+%define patchver %(echo %{version}|cut -d. -f3)
+%if %{patchver}
+%define tarballver %{version}
+%else
+%define tarballver %(echo %{version}|cut -d. -f1,2)
+%endif

 %define nspr_libname %mklibname nspr 4
-%define	nspr_version 4.9.0

 # this seems fragile, so require the exact version or later (#58754)
 %define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0)
 %define nspr_version %(pkg-config --modversion nspr &>/dev/null && pkg-config --modversion nspr 2>/dev/null || echo 0)

-%define build_empty 0
-%{?_with_empty:   %{expand: %%global build_empty 1}}
-%{?_without_empty:   %{expand: %%global build_empty 0}}
-
 Name:		nss
+Version:	%{version}
+Release:	%mkrel 1
 Epoch:		2
-Version:	3.15.1
-Release:	1
 Summary:	Netscape Security Services
 Group:		System/Libraries
-License:	MPL or GPLv2+ or LGPLv2+
+License:	MPLv1.1 or GPLv2+ or LGPLv2+
 URL:		http://www.mozilla.org/projects/security/pki/nss/index.html
-Source0:	ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{version}.tar.gz
+Source0:	ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{tarballver}.tar.gz
 Source1:	nss.pc.in
 Source2:	nss-config.in
 Source3:	blank-cert8.db
 Source4:	blank-key3.db
 Source5:	blank-secmod.db
-Source6:	certdata_empty.txt
 # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
 # converted from PEM to DER format with openssl command:
 # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
@ -44,10 +45,11 @@ Source8:	http://www.icpbrasil.gov.br/certificadoACRaiz.crt
 Patch0:		nss-no-rpath.patch
 Patch1:		nss-fixrandom.patch
 Patch4:		renegotiate-transitional.patch
-BuildRequires:	rootcerts >= 1:20120218.00
-BuildRequires:	nspr-devel >= 2:4.9.0
-BuildRequires:	zlib-devel
-BuildRequires:	sqlite3-devel >= 3.7.7.1
+BuildRequires:	rootcerts >= 1:20121229.00
+BuildRequires:	libnspr-devel >= 2:%{nspr_version}
+BuildRequires:	libz-devel
+# one should look in nss/lib/sqlite/README to check which version is "recommended"
+BuildRequires:	sqlite3-devel >= 3.7.14.1
 BuildRequires:	zip

 %description
@ -64,41 +66,65 @@ libraries have been not been included due to conflicts with the Mozilla
 libraries.
 %endif

-%package shlibsign
-Summary:	Netscape Security Services - shlibsign
-Group:		System/Libraries
-Conflicts:	%{name} < 2:3.13.1-2
+%package doc
+Summary:	Network Security Services (NSS) - Documentation
+Group:		Documentation
+BuildArch:	noarch

-%description shlibsign
-This package contains the binary shlibsign needed by libfreebl3
-and libsoftokn3.
+%description doc
+Documentation for Network Security Services.

 %if %with lib
 %package -n %{libname}
 Summary:	Network Security Services (NSS)
 Group:		System/Libraries
+Provides:	mozilla-nss = %{epoch}:%{version}-%{release}
+Requires(pre):	filesystem >= 2.1.9-18
+Requires(post):	nss
+Requires(post):	rpm-helper
+Requires:	%{mklibname sqlite3_ 0} >= %{sqlite3_version}
+Requires:	%{nspr_libname} >= %{nspr_version}
+Conflicts:	%{_lib}nss-devel < 2:3.13.5-2

 %description -n %{libname}
-This package contains the shared libraries libnss3, libnssckbi, libnssdbm3,
-libnssutil3, libsmime3, and libssl3.
-
-%package -n %{libfreebl}
-Summary:	Network Security Services (NSS)
-Group:		System/Libraries
-Requires(post): nss-shlibsign
-Requires(post): rpm-helper
-Conflicts: %{_lib}nss3 < 2:3.13.1-5
-
-%description -n %{libfreebl}
-This package contains the shared libraries libfreebl3 and libsoftokn3.
+Network Security Services (NSS) is a set of libraries designed to
+support cross-platform development of security-enabled server
+applications. Applications built with NSS can support SSL v2 and v3,
+TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
+#12, S/MIME, X.509 v3 certificates, and other security standards. For
+detailed information on standards supported, see
+http://www.mozilla.org/projects/security/pki/nss/overview.html.

 %package -n %{develname}
 Summary:	Network Security Services (NSS) - development files
 Group:		Development/C++
-Requires:	%{libname} >= %{epoch}:%{version}-%{release}
-Requires:	%{libfreebl} >= %{epoch}:%{version}-%{release}
+Requires(pre):	filesystem >= 2.1.9-18
+Requires:	%{libname} = %{epoch}:%{version}-%{release}
+Requires:	libnspr-devel
+Provides:	libnss-devel = %{epoch}:%{version}-%{release}
 Provides:	nss-devel = %{epoch}:%{version}-%{release}
-%rename %{libname}-devel
+# (cg) The -devel package doesn't generate these automatically.
+%ifarch x86_64
+Provides: devel(libfreebl3(64bit))
+Provides: devel(libnss3(64bit))
+Provides: devel(libnssckbi(64bit))
+Provides: devel(libnssdbm3(64bit))
+Provides: devel(libnssutil3(64bit))
+Provides: devel(libsmime3(64bit))
+Provides: devel(libsoftokn3(64bit))
+Provides: devel(libssl3(64bit))
+%else
+Provides: devel(libfreebl3)
+Provides: devel(libnss3)
+Provides: devel(libnssckbi)
+Provides: devel(libnssdbm3)
+Provides: devel(libnssutil3)
+Provides: devel(libsmime3)
+Provides: devel(libsoftokn3)
+Provides: devel(libssl3)
+%endif
+Obsoletes:	%{libname}-devel < 2:3.12-8
+Conflicts:	%{libname} < 2:3.12-8

 %description -n %{develname}
 Header files to doing development with Network Security Services.
@ -106,22 +132,23 @@ Header files to doing development with Network Security Services.
 %package -n %{sdevelname}
 Summary:	Network Security Services (NSS) - static libraries
 Group:		Development/C++
-Requires:	%{libname} >= %{epoch}:%{version}-%{release}
-Requires:	%{develname} >= %{epoch}:%{version}-%{release}
+Requires:	%{libname} = %{epoch}:%{version}-%{release}
+Requires:	%{develname} = %{epoch}:%{version}-%{release}
+Requires:	libnspr-devel >= 2:%{nspr_version} 
+Provides:	libnss-static-devel = %{epoch}:%{version}-%{release}
 Provides:	nss-static-devel = %{epoch}:%{version}-%{release}
 Conflicts:	libopenssl-static-devel
-%rename %{libname}-static-devel
+Obsoletes:	%{libname}-static-devel < 2:3.12-8

 %description -n %{sdevelname}
 Static libraries for doing development with Network Security Services.
 %endif

 %prep
-
-%setup -q
-#patch0 -p1 -b .no-rpath
-#patch1 -p0
-#patch4 -p0 -b .transitional
+%setup -qn %{name}-%{tarballver}
+%patch0 -p0
+%patch1 -p0
+%patch4 -p0 -b .transitional

 find . -type d -perm 0700 -exec chmod 755 {} \;
 find . -type f -perm 0555 -exec chmod 755 {} \;
@ -134,14 +161,15 @@ find . -name '*.c' -executable -exec chmod -x {} \;
 export BUILD_OPT=1
 export OPTIMIZER="%{optflags}"
 export XCFLAGS="%{optflags}"
+export LDOPTS="$LDFLAGS"
 export ARCHFLAG="$LDFLAGS"
 export LIBDIR=%{_libdir}
 export USE_SYSTEM_ZLIB=1
 export ZLIB_LIBS="-lz"
 export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | sed 's/-I//'`
-export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | sed 's/-L//'`
+export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | %{__sed} 's/-I//'`
+export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | %{__sed} 's/-L//'`
 export MOZILLA_CLIENT=1
 export NS_USE_GCC=1
 export NSS_USE_SYSTEM_SQLITE=1
@ -150,29 +178,10 @@ export NSS_ENABLE_ECC=1
 export USE_64=1
 %endif

-%if %{build_empty}
-# (oe) the "trust no one" scenario, it goes like:
-# 1. mv /% {_lib}/libnssckbi.so /% {_lib}/libnssckbi.so.BAK
-# 2. mv /% {_lib}/libnssckbi_empty.so /% {_lib}/libnssckbi.so
-# 3. restart ff/tb
-# it has to be done manually for now, but at least we have a way for 
-# users to quickly mitigate future problems, or whatever :-)
-
-pushd mozilla/security/nss/lib/ckfw/builtins
-%{__perl} ./certdata.perl < %{SOURCE6}
-popd
-%endif
-
 # Parallel is broken as of 3.11.4 :(
-%make -j1 -C ./mozilla/security/nss \
-	build_coreconf \
-	build_dbm \
-	all
-
-%if %{build_empty}
-# tuck away the empty libnssckbi.so library
-cp -p mozilla/security/nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so
-%endif
+%make -j1 -C ./nss/coreconf
+%make -j1 -C ./nss/lib/dbm
+%make -j1 -C ./nss

 # install new Verisign intermediate certificate
 # http://qa.mandriva.com/show_bug.cgi?id=29612
@ -184,23 +193,13 @@ if [ -z "$ADDBUILTIN" ]; then
 fi
 ADDBUILTIN="$PWD/$ADDBUILTIN"
 OLD="$LD_LIBRARY_PATH"
-libpath=`%{_bindir}/find mozilla/dist/ -name "Linux*" -type d`
+libpath=`%{_bindir}/find ./dist/ -name "Linux*.*" -type d`
 # to use the built libraries instead of requiring nss
 # again as buildrequires
 export LD_LIBRARY_PATH="$PWD/$libpath/lib"

-pushd mozilla/security/nss/lib/ckfw/builtins
+pushd nss/lib/ckfw/builtins

-# (oe) for reference:
-# *ALL* of the root CA certs are hard coded into the libnssckbi.so library.
-# So, for Mandriva we can add/remove certs easily in the rootcerts package. Please
-# checkout and examine the rootcerts package.
-# Once this has been done and the new rootcerts package has been installed this
-# package (nss) has to be rebuilt to pickup the changes made. The "recreate 
-# certificates" lines below generates a new certdata.c source containing the root
-# CA certs for mozilla.
-# *ALL* of the mozilla based softwares that support SSL has to link against
-# the NSS library.
 # recreate certificates
 %{__perl} ./certdata.perl < /etc/pki/tls/mozilla/certdata.txt

@ -211,14 +210,15 @@ popd
 export LD_LIBRARY_PATH="$OLD"

 %install
-pushd mozilla/dist/$(uname -s)*
+%{__rm} -rf %{buildroot}
+
+pushd dist/$(uname -s)*

 %{__mkdir_p} %{buildroot}%{_bindir}
 %{__cp} -aL bin/* %{buildroot}%{_bindir}

 %if %with lib
 %{__mkdir_p} %{buildroot}%{_libdir}
-%{__mkdir_p} %{buildroot}/%{_lib}
 %{__mkdir_p} %{buildroot}%{_includedir}/nss
 %{__cp} -aL ../public/nss/* %{buildroot}%{_includedir}/nss

@ -236,20 +236,18 @@ pushd mozilla/dist/$(uname -s)*
 for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
            libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so
 do
-  %{__install} -m 755 lib/$file %{buildroot}/%{_lib}
-  ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
+  %{__install} -m 755 lib/$file %{buildroot}%{_libdir}
 done

 # These ghost files will be generated in the post step
 # Make sure chk files can be found in both places
 for file in libsoftokn3.chk libfreebl3.chk
 do
-  touch %{buildroot}/%{_lib}/$file
-  ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
+  touch %{buildroot}%{_libdir}/$file
 done

 %{__mkdir_p} %{buildroot}%{_libdir}/pkgconfig
-cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
                          -e "s,%%prefix%%,%{_prefix},g" \
                          -e "s,%%exec_prefix%%,%{_prefix},g" \
                          -e "s,%%includedir%%,%{_includedir}/nss,g" \
@ -261,12 +259,12 @@ cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
 popd

 %if %with lib
-export NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
-export NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
-export NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
+export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR" | %{__awk} '{print $3}'`
+export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'`
+export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'`

 %{__mkdir_p} %{buildroot}%{_bindir}
-cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+%{__cat} %{SOURCE2} | %{__sed} -e "s,@libdir@,%{_libdir},g" \
                               -e "s,@prefix@,%{_prefix},g" \
                               -e "s,@exec_prefix@,%{_prefix},g" \
                               -e "s,@includedir@,%{_includedir}/nss%{major},g" \
@ -276,34 +274,34 @@ cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
                               > %{buildroot}/%{_bindir}/nss-config
 %endif

-pushd mozilla/security/nss/cmd/smimetools
+pushd nss/cmd/smimetools
 %{__install} -m 0755 smime %{buildroot}%{_bindir}
 %{__perl} -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime
 popd

 # add docs
 %{__mkdir_p} docs/SSLsample
+#%{__cp} -a nss/cmd/SSLsample/README docs/SSLsample/

 %{__mkdir_p} docs/bltest
-cp -a mozilla/security/nss/cmd/bltest/tests/* docs/bltest/
-chmod -R a+r docs
+%{__cp} -a nss/cmd/bltest/tests/* docs/bltest/

 %{__mkdir_p} docs/certcgi
-%{__cp} -a mozilla/security/nss/cmd/certcgi/*.html docs/certcgi/
-%{__cp} -a mozilla/security/nss/cmd/certcgi/HOWTO.txt docs/certcgi/
+%{__cp} -a nss/cmd/certcgi/*.html docs/certcgi/
+%{__cp} -a nss/cmd/certcgi/HOWTO.txt docs/certcgi/

 %{__mkdir_p} docs/modutil
-%{__cp} -a mozilla/security/nss/cmd/modutil/*.html docs/modutil/
+%{__cp} -a nss/cmd/modutil/*.html docs/modutil/

 %{__mkdir_p} docs/signtool
-%{__cp} -a mozilla/security/nss/cmd/signtool/README docs/signtool/
+%{__cp} -a nss/cmd/signtool/README docs/signtool/

 %{__mkdir_p} docs/signver
-%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.pl docs/signver/
-%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.html docs/signver/
+%{__cp} -a nss/cmd/signver/examples/1/*.pl docs/signver/
+%{__cp} -a nss/cmd/signver/examples/1/*.html docs/signver/

 %{__mkdir_p} docs/ssltap
-%{__cp} -a mozilla/security/nss/cmd/ssltap/*.html docs/ssltap/
+%{__cp} -a nss/cmd/ssltap/*.html docs/ssltap/

 # Install the empty NSS db files
 %{__mkdir_p} %{buildroot}%{_sysconfdir}/pki/nssdb
@ -313,23 +311,21 @@ chmod -R a+r docs

 %{_bindir}/find docs -type f | %{_bindir}/xargs -t %{__perl} -pi -e 's/\r$//g'

-%if %{build_empty}
-# install the empty libnssckbi.so library (use alternatives?)
-install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
-%endif
-
 %multiarch_binaries %{buildroot}%{_bindir}/nss-config

+%clean
+%{__rm} -rf %{buildroot}
+
 %if %with lib
-%posttrans -n %{libfreebl}
-%create_ghostfile /%{_lib}/libsoftokn%{major}.chk root root 644
-%create_ghostfile /%{_lib}/libfreebl%{major}.chk root root 644
-%{_bindir}/shlibsign -i /%{_lib}/libsoftokn%{major}.so >/dev/null 2>/dev/null
-%{_bindir}/shlibsign -i /%{_lib}/libfreebl%{major}.so >/dev/null 2>/dev/null
+%post -n %{libname}
+%create_ghostfile %{_libdir}/libsoftokn%{major}.chk root root 644
+%create_ghostfile %{_libdir}/libfreebl%{major}.chk root root 644
+%{_bindir}/shlibsign -i %{_libdir}/libsoftokn%{major}.so >/dev/null 2>/dev/null
+%{_bindir}/shlibsign -i %{_libdir}/libfreebl%{major}.so >/dev/null 2>/dev/null
 %endif

 %files
-%doc docs/*
+%defattr(0644,root,root,0755)
 %attr(0755,root,root) %{_bindir}/addbuiltin
 %attr(0755,root,root) %{_bindir}/atob
 %attr(0755,root,root) %{_bindir}/baddbdir
@ -364,6 +360,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %attr(0755,root,root) %{_bindir}/p7env
 %attr(0755,root,root) %{_bindir}/p7sign
 %attr(0755,root,root) %{_bindir}/p7verify
+%attr(0755,root,root) %{_bindir}/pk11gcmtest
 %attr(0755,root,root) %{_bindir}/pk11mode
 %attr(0755,root,root) %{_bindir}/pk12util
 %attr(0755,root,root) %{_bindir}/pk1sign
@ -375,6 +372,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %attr(0755,root,root) %{_bindir}/sdrtest
 %attr(0755,root,root) %{_bindir}/secmodtest
 %attr(0755,root,root) %{_bindir}/selfserv
+%attr(0755,root,root) %{_bindir}/shlibsign
 %attr(0755,root,root) %{_bindir}/signtool
 %attr(0755,root,root) %{_bindir}/signver
 %attr(0755,root,root) %{_bindir}/smime
@ -389,33 +387,29 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
 %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db

-%files shlibsign
-%attr(0755,root,root) %{_bindir}/shlibsign
+%files doc
+%defattr(0644,root,root,0755)
+%doc docs/*

 %if %with lib
-%files -n %{libfreebl}
-/%{_lib}/libfreebl%{major}.so
-/%{_lib}/libsoftokn%{major}.so
-%defattr(0644,root,root,0755)
-%ghost /%{_lib}/libfreebl%{major}.chk
-%ghost /%{_lib}/libsoftokn%{major}.chk
-
 %files -n %{libname}
-/%{_lib}/libnss%{major}.so
-/%{_lib}/libnssckbi.so
-%if %{build_empty}
-/%{_lib}/libnssckbi_empty.so
-%endif
-/%{_lib}/libnssutil%{major}.so
-/%{_lib}/libnssdbm%{major}.so
-/%{_lib}/libsmime%{major}.so
-/%{_lib}/libssl%{major}.so
+%defattr(0755,root,root,0755)
+%{_libdir}/libfreebl%{major}.so
+%{_libdir}/libnss%{major}.so
+%{_libdir}/libnssckbi.so
+%{_libdir}/libsmime%{major}.so
+%{_libdir}/libsoftokn%{major}.so
+%{_libdir}/libssl%{major}.so
+%{_libdir}/libnssutil%{major}.so
+%{_libdir}/libnssdbm%{major}.so
+%defattr(0644,root,root,0755)
+%ghost %{_libdir}/libsoftokn%{major}.chk
+%ghost %{_libdir}/libfreebl%{major}.chk

 %files -n %{develname}
 %defattr(0644,root,root,0755)
 %attr(0755,root,root) %{_bindir}/nss-config
 %attr(0755,root,root) %{multiarch_bindir}/nss-config
-%_libdir/*.so
 %dir %{_includedir}/nss
 %{_includedir}/nss/base64.h
 %{_includedir}/nss/blapit.h
@ -527,4 +521,3 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %{_libdir}/libssl.a
 %endif

-
--- a/renegotiate-transitional.patch
+++ b/renegotiate-transitional.patch
@ -1,11 +1,11 @@
--- mozilla/security/nss/lib/ssl/sslsock.c	2011-10-22 18:45:40.000000000 +0200
-+++ mozilla/security/nss/lib/ssl/sslsock.c.oden	2011-11-05 17:45:55.672091551 +0100
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+--- nss/lib/ssl/sslsock.c	2013-05-28 23:43:24.000000000 +0200
+++ nss/lib/ssl/sslsock.c.oden	2013-06-26 10:52:13.194644826 +0200
+@@ -149,7 +149,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
 -    2,          /* enableRenegotiation (default: requires extension) */
-+    3,          /* enableRenegotiation (default: transitional) */
+    3,          /* enableRenegotiation (default: requires extension) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
-     PR_TRUE     /* cbcRandomIV        */
+     PR_TRUE,    /* cbcRandomIV        */