diff --git a/.gitignore b/.gitignore index c9c406c..c043d8d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,5 @@ PayPalEE.cert TestCA.ca.cert TestUser50.cert TestUser51.cert -/nss-pem-20120811.tar.bz2 -/dummy-sources-for-testing -/nss-3.14.3-stripped.tar.bz2 +/nss-pem-20130405.tar.bz2 +/nss-3.15-stripped.tar.bz2 diff --git a/0001-sync-up-with-upstream-softokn-changes.patch b/0001-sync-up-with-upstream-softokn-changes.patch index 4942deb..36fbd9d 100644 --- a/0001-sync-up-with-upstream-softokn-changes.patch +++ b/0001-sync-up-with-upstream-softokn-changes.patch @@ -10,10 +10,10 @@ Subject: [PATCH] Sync up with upstream softokn changes mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 338 +++++++------------------- 1 files changed, 82 insertions(+), 256 deletions(-) -diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +diff --git a/nss/lib/ckfw/pem/rsawrapr.c b/nss/lib/ckfw/pem/rsawrapr.c index 5ac4f39..3780d30 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c -+++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +--- a/nss/lib/ckfw/pem/rsawrapr.c ++++ b/nss/lib/ckfw/pem/rsawrapr.c @@ -46,6 +46,7 @@ #include "sechash.h" #include "base.h" diff --git a/Bug-896651-pem-dont-trash-keys-on-failed-login.patch b/Bug-896651-pem-dont-trash-keys-on-failed-login.patch index c7a301f..6f0e88c 100644 --- a/Bug-896651-pem-dont-trash-keys-on-failed-login.patch +++ b/Bug-896651-pem-dont-trash-keys-on-failed-login.patch @@ -1,5 +1,5 @@ ---- mozilla/security/nss/lib/ckfw/pem/psession.c -+++ mozilla/security/nss/lib/ckfw/pem/psession.c +--- nss/lib/ckfw/pem/psession.c ++++ nss/lib/ckfw/pem/psession.c @@ -230,6 +230,7 @@ pem_mdSession_Login unsigned int len = 0; NSSLOWKEYPrivateKey *lpk = NULL; diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch index 05758f7..7ab9db1 100644 --- a/add-relro-linker-option.patch +++ b/add-relro-linker-option.patch @@ -1,7 +1,7 @@ -diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk ---- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700 -+++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700 -@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1 +diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk +--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700 ++++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700 +@@ -174,6 +174,12 @@ endif endif endif diff --git a/dummy-sources-for-testing b/dummy-sources-for-testing new file mode 100644 index 0000000..59ba8d6 --- /dev/null +++ b/dummy-sources-for-testing @@ -0,0 +1,2 @@ +Dummy source file that we by uploading it lets us verify that nss builds +do not cause the 'fedpkg upload' or 'fedpg new-sources' commands to hang. diff --git a/mozilla-crypto-strip.sh b/mozilla-crypto-strip.sh index 4edcbf0..56b00a8 100755 --- a/mozilla-crypto-strip.sh +++ b/mozilla-crypto-strip.sh @@ -50,9 +50,9 @@ then fi TOPDIR=`ls -1` -if test "x$TOPDIR" != "xmozilla" +if test "x$TOPDIR" != "xnss" then - # try to deal with a single additional subdirectory above "mozilla" + # try to deal with a single additional subdirectory above "nss" echo "== skipping toplevel directory $TOPDIR" cd $TOPDIR fi @@ -65,18 +65,18 @@ then fi SINGLEDIR=`ls -1` -if test "x$SINGLEDIR" != "xmozilla" +if test "x$SINGLEDIR" != "xnss" then - echo "unable to process, first or second level directory is not mozilla" + echo "unable to process, first or second level directory is not nss" exit fi echo "== input archive accepted, now processing" -REALFREEBLDIR=mozilla/security/nss/lib/freebl +REALFREEBLDIR=nss/lib/freebl FREEBLDIR=./$REALFREEBLDIR -rm -rf ./mozilla/security/nss/cmd/ecperf +rm -rf ./nss/cmd/ecperf mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save rm -rf ${FREEBLDIR}/ecl/tests diff --git a/no-softoken-freebl-tests.patch b/no-softoken-freebl-tests.patch index 356678d..ec27a97 100644 --- a/no-softoken-freebl-tests.patch +++ b/no-softoken-freebl-tests.patch @@ -1,6 +1,6 @@ -diff -up ./mozilla/security/nss/cmd/Makefile.nosoftokentests ./mozilla/security/nss/cmd/Makefile ---- ./mozilla/security/nss/cmd/Makefile.nosoftokentests 2012-12-22 14:06:13.193304912 -0800 -+++ ./mozilla/security/nss/cmd/Makefile 2012-12-22 14:10:04.942248630 -0800 +diff -up nss/cmd/Makefile.nosoftokentests nss/cmd/Makefile +--- nss/cmd/Makefile.nosoftokentests 2012-12-22 14:06:13.193304912 -0800 ++++ nss/cmd/Makefile 2012-12-22 14:10:04.942248630 -0800 @@ -14,6 +14,14 @@ ifdef BUILD_LIBPKIX_TESTS DIRS += libpkix endif @@ -16,9 +16,9 @@ diff -up ./mozilla/security/nss/cmd/Makefile.nosoftokentests ./mozilla/security/ LOWHASHTEST_SRCDIR= ifeq ($(FREEBL_LOWHASH),1) LOWHASHTEST_SRCDIR = lowhashtest # Add the lowhashtest directory to DIRS. -diff -up ./mozilla/security/nss/cmd/manifest.mn.nosoftokentests ./mozilla/security/nss/cmd/manifest.mn ---- ./mozilla/security/nss/cmd/manifest.mn.nosoftokentests 2012-12-22 14:06:35.191293837 -0800 -+++ ./mozilla/security/nss/cmd/manifest.mn 2012-12-22 14:11:22.342263467 -0800 +diff -up nss/cmd/manifest.mn.nosoftokentests nss/cmd/manifest.mn +--- nss/cmd/manifest.mn.nosoftokentests 2012-12-22 14:06:35.191293837 -0800 ++++ nss/cmd/manifest.mn 2012-12-22 14:11:22.342263467 -0800 @@ -11,7 +11,7 @@ REQUIRES = nss nspr libdbm DIRS = lib \ addbuiltin \ diff --git a/nss-3.14.0.0-disble-ocsp-test.patch b/nss-3.14.0.0-disble-ocsp-test.patch index 393d3ab..8a37516 100644 --- a/nss-3.14.0.0-disble-ocsp-test.patch +++ b/nss-3.14.0.0-disble-ocsp-test.patch @@ -1,6 +1,6 @@ -diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest ./mozilla/security/nss/tests/chains/scenarios/scenarios ---- ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest 2013-01-06 19:56:15.000000000 -0800 -+++ ./mozilla/security/nss/tests/chains/scenarios/scenarios 2013-02-01 08:38:28.140615299 -0800 +diff -up nss/tests/chains/scenarios/scenarios.noocsptest nss/tests/chains/scenarios/scenarios +--- nss/tests/chains/scenarios/scenarios.noocsptest 2013-01-06 19:56:15.000000000 -0800 ++++ nss/tests/chains/scenarios/scenarios 2013-02-01 08:38:28.140615299 -0800 @@ -50,6 +50,5 @@ bridgewithpolicyextensionandmapping.cfg realcerts.cfg dsa.cfg diff --git a/nss-539183.patch b/nss-539183.patch index 0a85894..4247a55 100644 --- a/nss-539183.patch +++ b/nss-539183.patch @@ -1,10 +1,6 @@ -Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v -retrieving revision 1.1 -diff -u -p -r1.1 httpserv.c ---- ./mozilla/security/nss/cmd/httpserv/httpserv.c 28 Jun 2012 11:11:06 -0000 1.1 -+++ ./mozilla/security/nss/cmd/httpserv/httpserv.c 21 Oct 2012 22:22:10 -0000 +diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c +--- nss/cmd/httpserv/httpserv.c.539183 2013-04-04 13:31:50.000000000 -0700 ++++ nss/cmd/httpserv/httpserv.c 2013-04-04 15:44:24.965842070 -0700 @@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port PRStatus prStatus; PRNetAddr addr; @@ -29,14 +25,10 @@ diff -u -p -r1.1 httpserv.c } opt.option = PR_SockOpt_Nonblocking; -Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v -retrieving revision 1.102 -diff -u -p -r1.102 selfserv.c ---- ./mozilla/security/nss/cmd/selfserv/selfserv.c 27 Sep 2012 17:13:34 -0000 1.102 -+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 21 Oct 2012 22:22:10 -0000 -@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port +diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c +--- nss/cmd/selfserv/selfserv.c.539183 2013-04-04 13:31:51.000000000 -0700 ++++ nss/cmd/selfserv/selfserv.c 2013-04-04 15:44:24.967842088 -0700 +@@ -1690,14 +1690,18 @@ getBoundListenSocket(unsigned short port PRStatus prStatus; PRNetAddr addr; PRSocketOptionData opt; diff --git a/nss-646045.patch b/nss-646045.patch index 5492127..33b80fe 100644 --- a/nss-646045.patch +++ b/nss-646045.patch @@ -1,7 +1,7 @@ -diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh ---- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700 -+++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700 -@@ -201,6 +201,9 @@ dbtest_main() +diff -up nss/tests/dbtests/dbtests.sh.646045 nss/tests/dbtests/dbtests.sh +--- nss/tests/dbtests/dbtests.sh.646045 2013-04-04 13:31:55.000000000 -0700 ++++ nss/tests/dbtests/dbtests.sh 2013-04-04 15:57:46.298127149 -0700 +@@ -168,6 +168,9 @@ dbtest_main() cat $RONLY_DIR/* > /dev/null fi @@ -11,7 +11,7 @@ diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/securi ${BINDIR}/dbtest -d $RONLY_DIR ret=$? if [ $ret -ne 46 ]; then -@@ -208,6 +211,10 @@ dbtest_main() +@@ -175,6 +178,10 @@ dbtest_main() else html_passed "Dbtest r/w didn't work in an readonly dir $ret" fi @@ -22,7 +22,7 @@ diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/securi ${BINDIR}/certutil -D -n "TestUser" -d . ret=$? if [ $ret -ne 255 ]; then -@@ -215,6 +222,9 @@ dbtest_main() +@@ -182,6 +189,9 @@ dbtest_main() else html_passed "Certutil didn't work in an readonly dir $ret" fi diff --git a/nss-enable-pem.patch b/nss-enable-pem.patch index 665a148..7234fcf 100644 --- a/nss-enable-pem.patch +++ b/nss-enable-pem.patch @@ -1,9 +1,9 @@ -diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn ---- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 -@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife +diff -up nss/lib/ckfw/manifest.mn.libpem nss/lib/ckfw/manifest.mn +--- nss/lib/ckfw/manifest.mn.libpem 2013-04-04 15:38:01.631363005 -0700 ++++ nss/lib/ckfw/manifest.mn 2013-04-04 15:38:32.668644523 -0700 +@@ -6,7 +6,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revis - CORE_DEPTH = ../../.. + CORE_DEPTH = ../.. -DIRS = builtins +DIRS = builtins pem diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch index 8b0f73c..bdc777e 100644 --- a/nss-ssl-cbc-random-iv-off-by-default.patch +++ b/nss-ssl-cbc-random-iv-off-by-default.patch @@ -1,16 +1,16 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff 2013-02-01 10:14:36.960458329 -0800 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2013-02-01 10:17:16.532265855 -0800 +diff -up nss/lib/ssl/sslsock.c.cbcrandomivoff nss/lib/ssl/sslsock.c +--- nss/lib/ssl/sslsock.c.cbcrandomivoff 2013-04-04 16:07:40.273535199 -0700 ++++ nss/lib/ssl/sslsock.c 2013-04-04 16:10:02.861834236 -0700 @@ -153,7 +153,7 @@ static sslOptions ssl_defaults = { 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ -- PR_TRUE /* cbcRandomIV */ +- PR_TRUE, /* cbcRandomIV */ + PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */ + PR_FALSE /* enableOCSPStapling */ }; - /* -@@ -2837,9 +2837,9 @@ ssl_SetDefaultsFromEnvironment(void) +@@ -2910,9 +2910,9 @@ ssl_SetDefaultsFromEnvironment(void) PR_TRUE)); } ev = getenv("NSS_SSL_CBC_RANDOM_IV"); diff --git a/nss-ssl-enforce-no-pkcs11-bypass.path b/nss-ssl-enforce-no-pkcs11-bypass.path index ee4e9df..b9e41e6 100644 --- a/nss-ssl-enforce-no-pkcs11-bypass.path +++ b/nss-ssl-enforce-no-pkcs11-bypass.path @@ -1,15 +1,16 @@ -diff -up ./mozilla/security/nss/lib/ssl/derive.c.nobypass ./mozilla/security/nss/lib/ssl/derive.c -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.nobypass ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.nobypass 2012-10-07 15:12:25.455307540 -0700 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-10-07 15:21:27.229346754 -0700 -@@ -547,8 +547,8 @@ static PRStatus SSL_BypassRegisterShutdo +diff -up nss/lib/ssl/sslsock.c.nobypass nss/lib/ssl/sslsock.c +--- nss/lib/ssl/sslsock.c.nobypass 2013-04-04 16:52:20.614559042 -0700 ++++ nss/lib/ssl/sslsock.c 2013-04-04 16:55:55.353777732 -0700 +@@ -554,8 +554,10 @@ static PRStatus SSL_BypassRegisterShutdo static PRStatus SSL_BypassSetup(void) { #ifdef NO_PKCS11_BYPASS - /* Guarantee binary compatibility */ - return PR_SUCCESS; -+ /* We can safely return failure as we have never supported it */ -+ return PR_FALSE; ++ /* No need in our case to guarantee binary compatibility and ++ * we can safely return failure as we have never supported it ++ */ ++ return PR_FAILURE; #else return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown); #endif diff --git a/nss.spec b/nss.spec index 1967599..faefb65 100644 --- a/nss.spec +++ b/nss.spec @@ -1,7 +1,7 @@ %global nspr_version 4.9.5 -%global nss_util_version 3.14.3 +%global nss_util_version 3.15 %global nss_softokn_fips_version 3.12.9 -%global nss_softokn_version 3.14.3 +%global nss_softokn_version 3.15 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools # solution taken from icedtea-web.spec @@ -18,8 +18,8 @@ Summary: Network Security Services Name: nss -Version: 3.14.3 -Release: 12%{?dist} +Version: 3.15 +Release: 0.1%{?dist}.beta1.1 License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -70,7 +70,7 @@ Source7: blank-key4.db Source8: system-pkcs11.txt Source9: setup-nsssysinit.sh Source10: PayPalEE.cert -Source12: %{name}-pem-20120811.tar.bz2 +Source12: %{name}-pem-20130405.tar.bz2 Source17: TestCA.ca.cert Source18: TestUser50.cert Source19: TestUser51.cert @@ -162,10 +162,10 @@ low level services. %prep %setup -q -%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs -%{__cp} %{SOURCE17} -f ./mozilla/security/nss/tests/libpkix/certs -%{__cp} %{SOURCE18} -f ./mozilla/security/nss/tests/libpkix/certs -%{__cp} %{SOURCE19} -f ./mozilla/security/nss/tests/libpkix/certs +%{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs +%{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs +%{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs +%{__cp} %{SOURCE19} -f ./nss/tests/libpkix/certs %setup -q -T -D -n %{name}-%{version} -a 12 %patch2 -p0 -b .relro @@ -177,8 +177,8 @@ low level services. %patch25 -p0 -b .systemfreebl # activate for stable and beta branches #%patch29 -p0 -b .cbcrandomivoff -%patch39 -p1 -b .nobypass -%patch40 -p1 -b .noocsptest +%patch39 -p0 -b .nobypass +%patch40 -p0 -b .noocsptest %patch43 -p0 -b .nosoftokentests %patch44 -p1 -b .syncupwithupstream %patch45 -p0 -b .notrash @@ -231,21 +231,20 @@ export USE_64 # there no ecc in freebl unset NSS_ENABLE_ECC # Compile softoken plus needed support -%{__make} -C ./mozilla/security/coreconf -%{__make} -C ./mozilla/security/dbm +%{__make} -C ./nss/coreconf -%{__make} -C ./mozilla/security/nss/lib/util export -%{__make} -C ./mozilla/security/nss/lib/freebl export -%{__make} -C ./mozilla/security/nss/lib/softoken export +%{__make} -C ./nss/lib/util export +%{__make} -C ./nss/lib/freebl export +%{__make} -C ./nss/lib/softoken export -%{__make} -C ./mozilla/security/nss/lib/util -%{__make} -C ./mozilla/security/nss/lib/freebl -%{__make} -C ./mozilla/security/nss/lib/softoken +%{__make} -C ./nss/lib/util +%{__make} -C ./nss/lib/dbm +%{__make} -C ./nss/lib/freebl +%{__make} -C ./nss/lib/softoken # stash away the bltest and fipstest to build them last -tar cf build_these_later.tar ./mozilla/security/nss/cmd/bltest ./mozilla/security/nss/cmd/fipstest -rm -rf ./mozilla/security/nss/cmd/bltest -rm -rf ./mozilla/security/nss/cmd/fipstest +tar cf build_these_later.tar ./nss/cmd/bltest ./nss/cmd/fipstest +rm -rf ./nss/cmd/bltest ./nss/cmd/fipstest ##### phase 2: build the rest of nss # nss supports pluggable ecc @@ -259,21 +258,21 @@ export NSS_ECC_MORE_THAN_SUITE_B # private exports from util. The install section will ensure not # to override nss-util and nss-softoken headers already installed. # -%{__make} -C ./mozilla/security/coreconf -%{__make} -C ./mozilla/security/dbm -%{__make} -C ./mozilla/security/nss +%{__make} -C ./nss/coreconf +%{__make} -C ./nss/lib/dbm +%{__make} -C ./nss ##### phase 3: build bltest and fipstest tar xf build_these_later.tar -unset NSS_ENABLE_ECC; %{__make} -C ./mozilla/security/nss/cmd/bltest -unset NSS_ENABLE_ECC; %{__make} -C ./mozilla/security/nss/cmd/fipstest +unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/bltest +unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/fipstest %{__rm} -f build_these_later.tar # Set up our package file # The nspr_version and nss_{util|softokn}_version globals used # here match the ones nss has for its Requires. # Using the current %%{nss_softokn_version} for fedora again -%{__mkdir_p} ./mozilla/dist/pkgconfig +%{__mkdir_p} ./dist/pkgconfig %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ @@ -282,11 +281,11 @@ unset NSS_ENABLE_ECC; %{__make} -C ./mozilla/security/nss/cmd/fipstest -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \ -e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_version},g" > \ - ./mozilla/dist/pkgconfig/nss.pc + ./dist/pkgconfig/nss.pc -NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` -NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` -NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` +NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` +NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` +NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` export NSS_VMAJOR export NSS_VMINOR @@ -299,14 +298,14 @@ export NSS_VPATCH -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ - > ./mozilla/dist/pkgconfig/nss-config + > ./dist/pkgconfig/nss-config -chmod 755 ./mozilla/dist/pkgconfig/nss-config +chmod 755 ./dist/pkgconfig/nss-config -%{__cat} %{SOURCE9} > ./mozilla/dist/pkgconfig/setup-nsssysinit.sh -chmod 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh +%{__cat} %{SOURCE9} > ./dist/pkgconfig/setup-nsssysinit.sh +chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh -%{__cp} ./mozilla/security/nss/lib/ckfw/nssck.api ./mozilla/dist/private/nss/ +%{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/ %check if [ $DISABLETEST -eq 1 ]; then @@ -328,7 +327,7 @@ export USE_64 # End -- copied from the build section # enable the following line to force a test failure -# find ./mozilla -name \*.chk | xargs rm -f +# find ./nss -name \*.chk | xargs rm -f # Run test suite. # In order to support multiple concurrent executions of the test suite @@ -341,29 +340,29 @@ export USE_64 # Using xargs doesn't mix well with spaces in filenames, in order to # avoid weird quoting we'll require that no spaces are being used. -SPACEISBAD=`find ./mozilla/security/nss/tests | grep -c ' '` ||: +SPACEISBAD=`find ./nss/tests | grep -c ' '` ||: if [ $SPACEISBAD -ne 0 ]; then echo "error: filenames containing space are not supported (xargs)" exit 1 fi MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||: RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||: -DISTBINDIR=`ls -d ./mozilla/dist/*.OBJ/bin`; echo $DISTBINDIR ||: +DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||: pushd `pwd` cd $DISTBINDIR ln -s selfserv $RANDSERV popd # man perlrun, man perlrequick # replace word-occurrences of selfserv with selfserv_$MYRAND -find ./mozilla/security/nss/tests -type f |\ +find ./nss/tests -type f |\ grep -v "\.db$" |grep -v "\.crl$" | grep -v "\.crt$" |\ grep -vw CVS |xargs grep -lw selfserv |\ xargs -l perl -pi -e "s/\bselfserv\b/$RANDSERV/g" ||: killall $RANDSERV || : -rm -rf ./mozilla/tests_results -cd ./mozilla/security/nss/tests/ +rm -rf ./tests_results +cd ./nss/tests/ # all.sh is the test suite script # don't need to run all the tests when testing packaging @@ -383,7 +382,7 @@ cd ../../../../ killall $RANDSERV || : -TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || : +TEST_FAILURES=`grep -c FAILED ./tests_results/security/localhost.1/output.log` || : # test suite is failing on arm and has for awhile let's run the test suite but make it non fatal on arm %ifnarch %{arm} if [ $TEST_FAILURES -ne 0 ]; then @@ -407,12 +406,12 @@ echo "test suite completed" %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so -%{__install} -p -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so +%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so # Copy the binary libraries we want for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so do - %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} + %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} done # Install the empty NSS db files @@ -429,38 +428,38 @@ done # Copy the development libraries we want for file in libcrmf.a libnssb.a libnssckfw.a do - %{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} + %{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} done # Copy the binaries we want for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap do - %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} + %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} done # Copy the binaries we ship as unsupported for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain do - %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} + %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} done # Copy the include files we want -for file in mozilla/dist/public/nss/*.h +for file in dist/public/nss/*.h do %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 done # Copy the template files we want -for file in mozilla/dist/private/nss/nssck.api +for file in dist/private/nss/nssck.api do %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates done # Copy the package configuration files -%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc -%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config +%{__install} -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc +%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config # Copy the pkcs #11 configuration script -%{__install} -p -m 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh +%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh #remove the nss-util-devel headers rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h @@ -679,6 +678,10 @@ fi %changelog +* Thu Apr 04 2013 Elio Maldonado - 3.15-0.1.beta1.1 +- Update to NSS_3_15_BETA1 +- Update spec file, patches, and helper scripts on account of a shallower source tree + * Sun Mar 24 2013 Kai Engert - 3.14.3-12 - Update expired test certificates (fixed in upstream bug 852781) diff --git a/nsspem-use-system-freebl.patch b/nsspem-use-system-freebl.patch index f85fa3e..115b49c 100644 --- a/nsspem-use-system-freebl.patch +++ b/nsspem-use-system-freebl.patch @@ -1,19 +1,6 @@ -diff -up ./mozilla/security/coreconf/Linux.mk.sytemfreebl ./mozilla/security/coreconf/Linux.mk ---- ./mozilla/security/coreconf/Linux.mk.sytemfreebl 2011-12-03 22:07:23.924156119 -0800 -+++ ./mozilla/security/coreconf/Linux.mk 2011-12-03 22:08:28.322328345 -0800 -@@ -182,6 +182,9 @@ endif - USE_SYSTEM_ZLIB = 1 - ZLIB_LIBS = -lz - -+USE_SYSTEM_FREEBL = 1 -+FREEBL_LIBS = -lfreebl3 -+ - # The -rpath '$$ORIGIN' linker option instructs this library to search for its - # dependencies in the same directory where it resides. - ifeq ($(BUILD_SUN_PKG), 1) -diff -up ./mozilla/security/nss/lib/ckfw/pem/config.mk.extras ./mozilla/security/nss/lib/ckfw/pem/config.mk ---- ./mozilla/security/nss/lib/ckfw/pem/config.mk.extras 2010-11-25 10:01:17.000000000 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/config.mk 2011-06-21 18:20:04.484985568 -0700 +diff -up nss/lib/ckfw/pem/config.mk.systemfreebl nss/lib/ckfw/pem/config.mk +--- nss/lib/ckfw/pem/config.mk.systemfreebl 2012-08-11 09:06:59.000000000 -0700 ++++ nss/lib/ckfw/pem/config.mk 2013-04-04 16:02:33.805744145 -0700 @@ -41,6 +41,11 @@ CONFIG_CVS_ID = "@(#) $RCSfile: config.m # are specifed as dependencies within rules.mk. # @@ -49,9 +36,9 @@ diff -up ./mozilla/security/nss/lib/ckfw/pem/config.mk.extras ./mozilla/security +EXTRA_LIBS += $(FREEBL_LIBS) +endif + -diff -up ./mozilla/security/nss/lib/ckfw/pem/Makefile.extras ./mozilla/security/nss/lib/ckfw/pem/Makefile ---- ./mozilla/security/nss/lib/ckfw/pem/Makefile.extras 2010-11-25 10:01:17.000000000 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/Makefile 2011-06-21 18:25:25.959136920 -0700 +diff -up nss/lib/ckfw/pem/Makefile.systemfreebl nss/lib/ckfw/pem/Makefile +--- nss/lib/ckfw/pem/Makefile.systemfreebl 2012-08-11 09:06:59.000000000 -0700 ++++ nss/lib/ckfw/pem/Makefile 2013-04-04 16:02:33.806744154 -0700 @@ -43,8 +43,7 @@ include config.mk EXTRA_LIBS = \ $(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \ @@ -82,9 +69,9 @@ diff -up ./mozilla/security/nss/lib/ckfw/pem/Makefile.extras ./mozilla/security/ $(NULL) endif -diff -up ./mozilla/security/nss/lib/ckfw/pem/manifest.mn.extras ./mozilla/security/nss/lib/ckfw/pem/manifest.mn ---- ./mozilla/security/nss/lib/ckfw/pem/manifest.mn.extras 2010-11-25 10:01:17.000000000 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/manifest.mn 2011-06-21 18:20:04.485985661 -0700 +diff -up nss/lib/ckfw/pem/manifest.mn.systemfreebl nss/lib/ckfw/pem/manifest.mn +--- nss/lib/ckfw/pem/manifest.mn.systemfreebl 2012-08-11 09:06:59.000000000 -0700 ++++ nss/lib/ckfw/pem/manifest.mn 2013-04-04 16:02:33.807744163 -0700 @@ -65,4 +65,4 @@ REQUIRES = nspr LIBRARY_NAME = nsspem diff --git a/renegotiate-transitional.patch b/renegotiate-transitional.patch index 989491d..730bbc1 100644 --- a/renegotiate-transitional.patch +++ b/renegotiate-transitional.patch @@ -1,7 +1,7 @@ -diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c ---- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700 -+++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700 -@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = { +diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c +--- nss/lib/ssl/sslsock.c.transitional 2013-04-04 15:32:21.567170092 -0700 ++++ nss/lib/ssl/sslsock.c 2013-04-04 15:33:20.555729144 -0700 +@@ -150,7 +150,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ @@ -9,4 +9,4 @@ diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/ns + 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ - PR_TRUE /* cbcRandomIV */ + PR_TRUE, /* cbcRandomIV */ diff --git a/sources b/sources index b3b9e6a..ae68d6b 100644 --- a/sources +++ b/sources @@ -7,6 +7,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert 1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert -2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2 -0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing -43be35fcc852361748b59ba8ecd2e239 nss-3.14.3-stripped.tar.bz2 +efb41291d540c1278bbb953d201b41bf nss-3.15-stripped.tar.bz2