From fb479754a0d81a1e22bb63aa60f2b03821d7078a Mon Sep 17 00:00:00 2001
From: Kai Engert
Date: Thu, 3 Jan 2013 19:15:31 +0100
Subject: [PATCH 1/7] - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
---
.gitignore | 2 +-
nss.spec | 15 +++++++++++++--
sources | 2 +-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/.gitignore b/.gitignore
index a948d04..6c7c806 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@ blank-key4.db
PayPalEE.cert
/nss-pem-20120811.tar.bz2
/dummy-sources-for-testing
-/nss-3.14.1-stripped.tar.bz2
+/nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
diff --git a/nss.spec b/nss.spec
index 2520f09..9d2d488 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,10 +4,14 @@
%global nss_softokn_version 3.14
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+# Define if using a source archive like "nss-version.with.ckbi.version".
+# To "disable", add "#" to start of line, AND a space after "%".
+%define nss_ckbi_suffix .with.ckbi.1.93
+
Summary: Network Security Services
Name: nss
Version: 3.14.1
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -29,7 +33,11 @@ BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
-Source0: %{name}-%{version}-stripped.tar.bz2
+%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
+%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
+
+Source0: %{name}-%{full_nss_version}-stripped.tar.bz2
+
# The stripped tar ball is a subset of the upstream sources with
# patent-encumbered cryptographic algorithms removed.
# Use this script to remove them and create the stripped archive.
@@ -603,6 +611,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Wed Jan 02 2013 Kai Engert - 3.14.1-3
+- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
+
* Sat Dec 22 2012 Elio Maldonado - 3.14.1-2
- Require nspr >= 4.9.4
- Fix changelog invalid dates
diff --git a/sources b/sources
index 5e6526f..fa53974 100644
--- a/sources
+++ b/sources
@@ -6,4 +6,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing
-78b4c196af29ef5e7851447029f947c0 nss-3.14.1-stripped.tar.bz2
+331910e63d3ff5ff3acb845ba44dcf56 nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
From 37e12fb581a08c933d6d52ab29608dc3fafb3280 Mon Sep 17 00:00:00 2001
From: Kai Engert
Date: Thu, 3 Jan 2013 19:16:40 +0100
Subject: [PATCH 2/7] - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
---
.gitignore | 2 +-
nss.spec | 15 +++++++++++++--
sources | 2 +-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/.gitignore b/.gitignore
index a948d04..6c7c806 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@ blank-key4.db
PayPalEE.cert
/nss-pem-20120811.tar.bz2
/dummy-sources-for-testing
-/nss-3.14.1-stripped.tar.bz2
+/nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
diff --git a/nss.spec b/nss.spec
index d74c8e6..318a4f6 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,10 +4,14 @@
%global nss_softokn_version 3.14
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+# Define if using a source archive like "nss-version.with.ckbi.version".
+# To "disable", add "#" to start of line, AND a space after "%".
+%define nss_ckbi_suffix .with.ckbi.1.93
+
Summary: Network Security Services
Name: nss
Version: 3.14.1
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -29,7 +33,11 @@ BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
-Source0: %{name}-%{version}-stripped.tar.bz2
+%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
+%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
+
+Source0: %{name}-%{full_nss_version}-stripped.tar.bz2
+
# The stripped tar ball is a subset of the upstream sources with
# patent-encumbered cryptographic algorithms removed.
# Use this script to remove them and create the stripped archive.
@@ -603,6 +611,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Wed Jan 02 2013 Kai Engert - 3.14.1-3
+- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
+
* Sat Dec 22 2012 Elio Maldonado - 3.14.1-2
- Require nspr >= 4.9.4
- Fix changelog invalid dates
diff --git a/sources b/sources
index 5e6526f..fa53974 100644
--- a/sources
+++ b/sources
@@ -6,4 +6,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing
-78b4c196af29ef5e7851447029f947c0 nss-3.14.1-stripped.tar.bz2
+331910e63d3ff5ff3acb845ba44dcf56 nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
From ca00551ea7795f9846d469ceed3b9db3a18e6861 Mon Sep 17 00:00:00 2001
From: Kai Engert
Date: Thu, 3 Jan 2013 19:17:24 +0100
Subject: [PATCH 3/7] - Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
---
.gitignore | 2 +-
nss.spec | 15 +++++++++++++--
sources | 2 +-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/.gitignore b/.gitignore
index a948d04..6c7c806 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@ blank-key4.db
PayPalEE.cert
/nss-pem-20120811.tar.bz2
/dummy-sources-for-testing
-/nss-3.14.1-stripped.tar.bz2
+/nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
diff --git a/nss.spec b/nss.spec
index 9fdb794..1862906 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,10 +4,14 @@
%global nss_softokn_version 3.14
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+# Define if using a source archive like "nss-version.with.ckbi.version".
+# To "disable", add "#" to start of line, AND a space after "%".
+%define nss_ckbi_suffix .with.ckbi.1.93
+
Summary: Network Security Services
Name: nss
Version: 3.14.1
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -29,7 +33,11 @@ BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
-Source0: %{name}-%{version}-stripped.tar.bz2
+%{!?nss_ckbi_suffix:%define full_nss_version %{version}}
+%{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
+
+Source0: %{name}-%{full_nss_version}-stripped.tar.bz2
+
# The stripped tar ball is a subset of the upstream sources with
# patent-encumbered cryptographic algorithms removed.
# Use this script to remove them and create the stripped archive.
@@ -603,6 +611,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Wed Jan 02 2013 Kai Engert - 3.14.1-3
+- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
+
* Sat Dec 22 2012 Elio Maldonado - 3.14.1-2
- Require nspr >= 4.9.4
- Fix changelog invalid dates
diff --git a/sources b/sources
index 5e6526f..fa53974 100644
--- a/sources
+++ b/sources
@@ -6,4 +6,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing
-78b4c196af29ef5e7851447029f947c0 nss-3.14.1-stripped.tar.bz2
+331910e63d3ff5ff3acb845ba44dcf56 nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
From 830ee96f85b9db9e685925b5f7aeb9fecaa99322 Mon Sep 17 00:00:00 2001
From: Elio Maldonado
Date: Fri, 1 Feb 2013 11:24:15 -0800
Subject: [PATCH 4/7] Update to NSS_3_14_2_RTM
- Update the minimum requred versiobs of nspr, nss-util, and nss-softokn
- Remove patch obsoleted by the update and update others
- Restore missing second half of the cbc random iv by default patch
- Restore the freebl tests patch until we build without nsssoftoken
---
.gitignore | 2 +-
...-usage-for-MS-Authenticode-Code-Sign.patch | 168 ------------------
nss-3.14.0.0-disble-ocsp-test.patch | 9 +-
nss-ssl-cbc-random-iv-off-by-default.patch | 19 +-
nss.spec | 30 ++--
sources | 2 +-
6 files changed, 38 insertions(+), 192 deletions(-)
delete mode 100644 0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
diff --git a/.gitignore b/.gitignore
index 6c7c806..ecfc729 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@ blank-key4.db
PayPalEE.cert
/nss-pem-20120811.tar.bz2
/dummy-sources-for-testing
-/nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
+/nss-3.14.2-stripped.tar.bz2
diff --git a/0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch b/0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
deleted file mode 100644
index d3a3ac6..0000000
--- a/0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-diff -up ./mozilla/security/nss/cmd/certcgi/ca_form.html.870864 ./mozilla/security/nss/cmd/certcgi/ca_form.html
---- ./mozilla/security/nss/cmd/certcgi/ca_form.html.870864 2012-03-20 07:46:53.000000000 -0700
-+++ ./mozilla/security/nss/cmd/certcgi/ca_form.html 2012-11-19 21:32:32.568415831 -0800
-@@ -167,6 +167,7 @@
- Timestamp
- OCSP Responder
- Step-up
-+ Microsoft Code Signing
-
-
-
-diff -up ./mozilla/security/nss/cmd/certcgi/certcgi.c.870864 ./mozilla/security/nss/cmd/certcgi/certcgi.c
---- ./mozilla/security/nss/cmd/certcgi/certcgi.c.870864 2012-04-29 05:52:04.000000000 -0700
-+++ ./mozilla/security/nss/cmd/certcgi/certcgi.c 2012-11-19 21:32:32.569415846 -0800
-@@ -21,6 +21,7 @@
- #include "pk11pqg.h"
- #include "certxutl.h"
- #include "nss.h"
-+#include "secutil.h"
-
-
- /* #define TEST 1 */
-@@ -33,6 +34,8 @@
-
- static char *progName;
-
-+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
-+
- typedef struct PairStr Pair;
-
- struct PairStr {
-@@ -819,6 +822,10 @@ AddExtKeyUsage(void *extHandle, Pair *da
- if( SECSuccess != rv ) goto loser;
- }
-
-+ if( find_field_bool(data, "extKeyUsage-msCodeSign", PR_TRUE) ) {
-+ SECU_RegisterDynamicOids();
-+ }
-+
- if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
- if( SECSuccess != rv ) goto loser;
-diff -up ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html.870864 ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html
---- ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html.870864 2012-03-20 07:46:53.000000000 -0700
-+++ ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html 2012-11-19 21:32:32.570415861 -0800
-@@ -34,6 +34,7 @@
- Timestamp
- OCSP Responder
- Step-up
-+ Microsoft Code Signing
- |
-
-
-diff -up ./mozilla/security/nss/cmd/certutil/certext.c.870864 ./mozilla/security/nss/cmd/certutil/certext.c
---- ./mozilla/security/nss/cmd/certutil/certext.c.870864 2012-03-20 07:46:54.000000000 -0700
-+++ ./mozilla/security/nss/cmd/certutil/certext.c 2012-11-19 21:32:32.571415876 -0800
-@@ -18,6 +18,9 @@
- #endif
-
- #include "secutil.h"
-+/* #include "secoidt.h" */ /* For when we update nss */
-+
-+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
-
- #if defined(XP_UNIX)
- #include
-@@ -483,6 +486,7 @@ extKeyUsageKeyWordArray[] = { "serverAut
- "timeStamp",
- "ocspResponder",
- "stepUp",
-+ "msCodeSigning",
- NULL};
-
- static SECStatus
-@@ -554,6 +558,9 @@ AddExtKeyUsage (void *extHandle, const c
- case 6:
- rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
- break;
-+ case 7:
-+ rv = AddOidToSequence(os, szOID_KP_CTL_USAGE_SIGNING);
-+ break;
- default:
- goto endloop;
- }
-diff -up ./mozilla/security/nss/cmd/certutil/certutil.c.870864 ./mozilla/security/nss/cmd/certutil/certutil.c
---- ./mozilla/security/nss/cmd/certutil/certutil.c.870864 2012-03-20 07:46:54.000000000 -0700
-+++ ./mozilla/security/nss/cmd/certutil/certutil.c 2012-11-19 21:32:32.573415906 -0800
-@@ -46,6 +46,8 @@
-
- char *progName;
-
-+extern SECOidTag szOID_KP_CTL_USAGE_SIGNING;
-+
- static CERTCertificateRequest *
- GetCertRequest(PRFileDesc *inFile, PRBool ascii)
- {
-@@ -1145,6 +1147,7 @@ static void luC(enum usage_level ul, con
- "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
- "%-20s \"stepUp\", \"critical\"\n",
- " -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
-+ "%-20s \"stepUp\", \"msCodeSign\", \"critical\"\n",
- FPS "%-20s Create an email subject alt name extension\n",
- " -7 emailAddrs");
- FPS "%-20s Create an dns subject alt name extension\n",
-diff -up ./mozilla/security/nss/cmd/lib/moreoids.c.870864 ./mozilla/security/nss/cmd/lib/moreoids.c
---- ./mozilla/security/nss/cmd/lib/moreoids.c.870864 2012-03-20 07:46:59.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/moreoids.c 2012-11-19 21:36:23.782925556 -0800
-@@ -41,6 +41,18 @@ OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }
- OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
- OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
-
-+#define _TO_ITEM(x) {siDEROID, (unsigned char *)(x), sizeof(x) }
-+
-+SECOidTag szOID_KP_CTL_USAGE_SIGNING = SEC_OID_UNKNOWN;
-+/* { 1.3.6.1.4.1.311 } */
-+static const unsigned char msExtendedKeyUsageCodeSigning[] =
-+ { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0xa, 3, 1 };
-+
-+static const SECOidData microsoftAuthenticodeSigning_Entry =
-+ { _TO_ITEM(msExtendedKeyUsageCodeSigning), SEC_OID_UNKNOWN,
-+ "Microsoft Authenticode Signing", CKM_INVALID_MECHANISM,
-+ INVALID_CERT_EXTENSION };
-+
- /* AOL OIDs (1 3 6 1 4 1 1066 ... ) */
- #define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
-
-@@ -127,6 +139,18 @@ static const SECOidData oids[] = {
-
- static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
-
-+/* register the oid if we haven't already */
-+void
-+SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src)
-+{
-+ if (*data == SEC_OID_UNKNOWN) {
-+ /* AddEntry does the right thing if someone else has already
-+ * added the oid. (that is return that oid tag) */
-+ *data = SECOID_AddEntry(src);
-+ }
-+}
-+
-+
- SECStatus
- SECU_RegisterDynamicOids(void)
- {
-@@ -144,5 +168,10 @@ SECU_RegisterDynamicOids(void)
- #endif
- }
- }
-+
-+ /* Fetch and register the oid on behalf of the tools. */
-+ SECU_cert_fetchOID(&szOID_KP_CTL_USAGE_SIGNING,
-+ µsoftAuthenticodeSigning_Entry);
-+
- return rv;
- }
-diff -up ./mozilla/security/nss/cmd/lib/secutil.h.870864 ./mozilla/security/nss/cmd/lib/secutil.h
---- ./mozilla/security/nss/cmd/lib/secutil.h.870864 2012-09-27 10:13:33.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/secutil.h 2012-11-19 21:32:32.575415936 -0800
-@@ -293,6 +293,8 @@ extern SECStatus DER_PrettyPrint(FILE *o
-
- extern char *SECU_SECModDBName(void);
-
-+extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src);
-+
- extern SECStatus SECU_RegisterDynamicOids(void);
-
- /* Identifies hash algorithm tag by its string representation. */
diff --git a/nss-3.14.0.0-disble-ocsp-test.patch b/nss-3.14.0.0-disble-ocsp-test.patch
index df4e692..393d3ab 100644
--- a/nss-3.14.0.0-disble-ocsp-test.patch
+++ b/nss-3.14.0.0-disble-ocsp-test.patch
@@ -1,9 +1,10 @@
-diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
---- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test 2012-10-12 09:30:07.264987000 -0700
-+++ ./mozilla/security/nss/tests/chains/scenarios/scenarios 2012-10-12 09:34:55.653123000 -0700
-@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
+diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest ./mozilla/security/nss/tests/chains/scenarios/scenarios
+--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.noocsptest 2013-01-06 19:56:15.000000000 -0800
++++ ./mozilla/security/nss/tests/chains/scenarios/scenarios 2013-02-01 08:38:28.140615299 -0800
+@@ -50,6 +50,5 @@ bridgewithpolicyextensionandmapping.cfg
realcerts.cfg
dsa.cfg
revoc.cfg
-ocsp.cfg
crldp.cfg
+ trustanchors.cfg
diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch
index 2678580..8b0f73c 100644
--- a/nss-ssl-cbc-random-iv-off-by-default.patch
+++ b/nss-ssl-cbc-random-iv-off-by-default.patch
@@ -1,6 +1,6 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
---- ./mozilla/security/nss/lib/ssl/sslsock.c.770682 2012-11-01 11:10:54.107504267 -0700
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-11-01 11:07:36.758464814 -0700
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.cbcrandomivoff 2013-02-01 10:14:36.960458329 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2013-02-01 10:17:16.532265855 -0800
@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
@@ -10,3 +10,16 @@ diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/
};
/*
+@@ -2837,9 +2837,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ PR_TRUE));
+ }
+ ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+- if (ev && ev[0] == '0') {
+- ssl_defaults.cbcRandomIV = PR_FALSE;
+- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++ if (ev && ev[0] == '1') {
++ ssl_defaults.cbcRandomIV = PR_TRUE;
++ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ }
+ }
+ #endif /* NSS_HAVE_GETENV */
diff --git a/nss.spec b/nss.spec
index 1862906..cdb5193 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,17 +1,17 @@
-%global nspr_version 4.9.4
-%global nss_util_version 3.14
+%global nspr_version 4.9.5
+%global nss_util_version 3.14.2
%global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.14
+%global nss_softokn_version 3.14.2
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
# Define if using a source archive like "nss-version.with.ckbi.version".
# To "disable", add "#" to start of line, AND a space after "%".
-%define nss_ckbi_suffix .with.ckbi.1.93
+#% define nss_ckbi_suffix .with.ckbi.1.93
Summary: Network Security Services
Name: nss
-Version: 3.14.1
-Release: 3%{?dist}
+Version: 3.14.2
+Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -68,7 +68,7 @@ Patch6: nss-enable-pem.patch
Patch16: nss-539183.patch
Patch18: nss-646045.patch
# must statically link pem against the freebl in the buildroot
-# Needed only when freebl on tree has newe APIS
+# Needed only when freebl on tree has new APIS
Patch25: nsspem-use-system-freebl.patch
# This patch is currently meant for stable branches
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
@@ -76,10 +76,8 @@ Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=807890
-Patch42: 0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch
-
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
+# Keeping it disabled until further view upstream
Patch43: no-softoken-freebl-tests.patch
%description
@@ -161,11 +159,10 @@ low level services.
# link pem against buildroot's freebl, essential when mixing and matching
%patch25 -p0 -b .systemfreebl
# activate for stable and beta branches
-#%patch29 -p0 -b .770682
+#%patch29 -p0 -b .cbcrandomivoff
%patch39 -p1 -b .nobypass
-%patch40 -p1 -b .noocsptest
-%patch42 -p0 -b .870864
-%patch43 -p0 -b .nosoftokentests
+#%patch40 -p1 -b .noocsptest
+#%patch43 -p0 -b .nosoftokentests
%build
@@ -611,6 +608,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Fri Feb 01 2013 Elio Maldonado - 3.14.2-1
+- Update to NSS_3_14_2_RTM
+
* Wed Jan 02 2013 Kai Engert - 3.14.1-3
- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM
diff --git a/sources b/sources
index fa53974..d9ecc95 100644
--- a/sources
+++ b/sources
@@ -6,4 +6,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
2a06bf7b815d1a666cc3587b895506ce nss-pem-20120811.tar.bz2
0be54f196b5da7e9008eb13a71bc2cb0 dummy-sources-for-testing
-331910e63d3ff5ff3acb845ba44dcf56 nss-3.14.1.with.ckbi.1.93-stripped.tar.bz2
+828c6949bd348684b15237f8796f54c1 nss-3.14.2-stripped.tar.bz2
From 7a7f48e7125cbfcad24dc1e32ea3c7bec35ff50b Mon Sep 17 00:00:00 2001
From: Elio Maldonado
Date: Fri, 1 Feb 2013 13:39:03 -0800
Subject: [PATCH 5/7] Reenable patch to run the freebl tests that were ron as
part of the nss-softokn build
- continue turning off the ocsp tests
---
nss.spec | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/nss.spec b/nss.spec
index cdb5193..ee0fc28 100644
--- a/nss.spec
+++ b/nss.spec
@@ -77,7 +77,6 @@ Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
-# Keeping it disabled until further view upstream
Patch43: no-softoken-freebl-tests.patch
%description
@@ -161,8 +160,8 @@ low level services.
# activate for stable and beta branches
#%patch29 -p0 -b .cbcrandomivoff
%patch39 -p1 -b .nobypass
-#%patch40 -p1 -b .noocsptest
-#%patch43 -p0 -b .nosoftokentests
+%patch40 -p1 -b .noocsptest
+%patch43 -p0 -b .nosoftokentests
%build
From cc8dc4398b8239f75c413ca1057e5c9861404157 Mon Sep 17 00:00:00 2001
From: Elio Maldonado
Date: Sun, 3 Feb 2013 19:29:42 -0800
Subject: [PATCH 6/7] Don't try to apply path 42 that was removed.
---
nss.spec | 1 -
1 file changed, 1 deletion(-)
diff --git a/nss.spec b/nss.spec
index fe9de0d..5680170 100644
--- a/nss.spec
+++ b/nss.spec
@@ -161,7 +161,6 @@ low level services.
%patch29 -p0 -b .cbcrandomivoff
%patch39 -p1 -b .nobypass
%patch40 -p1 -b .noocsptest
-%patch42 -p0 -b .870864
%patch43 -p0 -b .nosoftokentests
%build
From 96957e805aa4c2d48c804090d0217c038eb86610 Mon Sep 17 00:00:00 2001
From: Elio Maldonado
Date: Mon, 4 Feb 2013 15:12:54 -0800
Subject: [PATCH 7/7] Allow building nss softoken against older sqlite
- Adding a patch already applied upstream by Kai Engert
---
allow-building-nss-against-older-sqlite.patch | 20 +++++++++++++++++++
nss.spec | 8 +++++++-
2 files changed, 27 insertions(+), 1 deletion(-)
create mode 100644 allow-building-nss-against-older-sqlite.patch
diff --git a/allow-building-nss-against-older-sqlite.patch b/allow-building-nss-against-older-sqlite.patch
new file mode 100644
index 0000000..627edfb
--- /dev/null
+++ b/allow-building-nss-against-older-sqlite.patch
@@ -0,0 +1,20 @@
+Index: ./mozilla/security/nss/lib/softoken/sdb.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v
+retrieving revision 1.30
+retrieving revision 1.31
+diff -u -p -r1.30 -r1.31
+--- ./mozilla/security/nss/lib/softoken/sdb.c 16 Jan 2013 18:13:25 -0000 1.30
++++ ./mozilla/security/nss/lib/softoken/sdb.c 4 Feb 2013 19:58:20 -0000 1.31
+@@ -254,6 +254,11 @@ sdb_getFallbackTempDir(void)
+ #error "sdb_getFallbackTempDir not implemented"
+ #endif
+
++#ifndef SQLITE_FCNTL_TEMPFILENAME
++/* SQLITE_FCNTL_TEMPFILENAME was added in SQLite 3.7.15 */
++#define SQLITE_FCNTL_TEMPFILENAME 16
++#endif
++
+ static char *
+ sdb_getTempDir(sqlite3 *sqlDB)
+ {
diff --git a/nss.spec b/nss.spec
index ee0fc28..0f08d3f 100644
--- a/nss.spec
+++ b/nss.spec
@@ -11,7 +11,7 @@
Summary: Network Security Services
Name: nss
Version: 3.14.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -78,6 +78,7 @@ Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
Patch43: no-softoken-freebl-tests.patch
+Patch44: allow-building-nss-against-older-sqlite.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -162,6 +163,8 @@ low level services.
%patch39 -p1 -b .nobypass
%patch40 -p1 -b .noocsptest
%patch43 -p0 -b .nosoftokentests
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=837799
+%patch44 -p0 -b .oldersqlite
%build
@@ -607,6 +610,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Mon Feb 04 2013 Elio Maldonado - 3.14.2-2
+- Allow building nss against older system sqlite
+
* Fri Feb 01 2013 Elio Maldonado - 3.14.2-1
- Update to NSS_3_14_2_RTM
|