Rebase to NSS 3.15

- Remove three patches obsolted by the rebase and updated two
- Temporarily not building the ecperf tool
- ecperef requires freebl/ec.h and ecl-curve.h and the latter
- causes compile failure because it requires that
- NSS_ECC_MORE_THAN_SUITE_B not be defined yet this is
- required for nss builds to allow external pkcs #11 providers
- to support curves beyond suite-b, such restriction only applies
- to the internal crypto module
This commit is contained in:
Elio Maldonado 2016-06-24 14:13:59 -07:00
parent 1911d47990
commit 3792f60887
10 changed files with 71 additions and 236 deletions

2
.gitignore vendored
View File

@ -9,4 +9,4 @@ TestUser50.cert
TestUser51.cert TestUser51.cert
/PayPalRootCA.cert /PayPalRootCA.cert
/PayPalICA.cert /PayPalICA.cert
/nss-3.24.0.tar.gz /nss-3.25.0.tar.gz

View File

@ -1,102 +0,0 @@
--- ./lib/ssl/sslsock.c.compatibility 2016-06-02 10:59:07.188831825 -0700
+++ ./lib/ssl/sslsock.c 2016-06-02 10:59:07.205831404 -0700
@@ -675,16 +675,28 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure; /* not allowed */
}
break;
}
ssl_EnableSSL3(&ss->vrange, on);
break;
+ case SSL_ENABLE_SSL2:
+ case SSL_V2_COMPATIBLE_HELLO:
+ /* We no longer support SSL v2.
+ * However, if an old application requests to disable SSL v2,
+ * we shouldn't fail.
+ */
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ }
+ break;
+
case SSL_NO_CACHE:
ss->opt.noCache = on;
break;
case SSL_ENABLE_FDX:
if (on && ss->opt.noLocks) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@@ -856,16 +868,20 @@
on = ss->opt.handshakeAsServer;
break;
case SSL_ENABLE_TLS:
on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
break;
case SSL_ENABLE_SSL3:
on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
break;
+ case SSL_ENABLE_SSL2:
+ case SSL_V2_COMPATIBLE_HELLO:
+ on = PR_FALSE;
+ break;
case SSL_NO_CACHE:
on = ss->opt.noCache;
break;
case SSL_ENABLE_FDX:
on = ss->opt.fdx;
break;
case SSL_ROLLBACK_DETECTION:
on = ss->opt.detectRollBack;
@@ -967,16 +983,20 @@
on = ssl_defaults.handshakeAsServer;
break;
case SSL_ENABLE_TLS:
on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
break;
case SSL_ENABLE_SSL3:
on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
break;
+ case SSL_ENABLE_SSL2:
+ case SSL_V2_COMPATIBLE_HELLO:
+ on = PR_FALSE;
+ break;
case SSL_NO_CACHE:
on = ssl_defaults.noCache;
break;
case SSL_ENABLE_FDX:
on = ssl_defaults.fdx;
break;
case SSL_ROLLBACK_DETECTION:
on = ssl_defaults.detectRollBack;
@@ -1100,16 +1120,28 @@
case SSL_ENABLE_TLS:
ssl_EnableTLS(&versions_defaults_stream, on);
break;
case SSL_ENABLE_SSL3:
ssl_EnableSSL3(&versions_defaults_stream, on);
break;
+ case SSL_ENABLE_SSL2:
+ case SSL_V2_COMPATIBLE_HELLO:
+ /* We no longer support SSL v2.
+ * However, if an old application requests to disable SSL v2,
+ * we shouldn't fail.
+ */
+ if (on) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ break;
+
case SSL_NO_CACHE:
ssl_defaults.noCache = on;
break;
case SSL_ENABLE_FDX:
if (on && ssl_defaults.noLocks) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;

View File

@ -1,12 +0,0 @@
diff -up nss/lib/ckfw/manifest.mn.libpem nss/lib/ckfw/manifest.mn
--- nss/lib/ckfw/manifest.mn.libpem 2013-05-28 14:43:24.000000000 -0700
+++ nss/lib/ckfw/manifest.mn 2013-05-30 22:14:49.247459672 -0700
@@ -5,7 +5,7 @@
CORE_DEPTH = ../..
-DIRS = builtins
+DIRS = builtins pem
PRIVATE_EXPORTS = \
ck.h \

View File

@ -1,17 +1,15 @@
diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile
--- nss/cmd/Makefile.nobltest 2013-05-28 14:43:24.000000000 -0700 --- ./nss/cmd/Makefile.skipem 2016-06-24 10:10:38.143165159 -0700
+++ nss/cmd/Makefile 2013-06-15 11:51:11.669655168 -0700 +++ ./nss/cmd/Makefile 2016-06-24 10:13:08.566457400 -0700
@@ -14,10 +14,10 @@ ifdef BUILD_LIBPKIX_TESTS @@ -17,7 +17,11 @@ endif
DIRS += libpkix ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
endif
-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
BLTEST_SRCDIR = BLTEST_SRCDIR =
-FIPSTEST_SRCDIR = FIPSTEST_SRCDIR =
-SHLIBSIGN_SRCDIR = +ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1)
+FIPSTEST_SRCDIR =
+SHLIBSIGN_SRCDIR = shlibsign +SHLIBSIGN_SRCDIR = shlibsign
+else
SHLIBSIGN_SRCDIR =
+endif
else else
BLTEST_SRCDIR = bltest BLTEST_SRCDIR = bltest
FIPSTEST_SRCDIR = fipstest FIPSTEST_SRCDIR = fipstest

11
nss-skip-ecperf.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up ./nss/cmd/manifest.mn.skip_ecperf ./nss/cmd/manifest.mn
--- ./nss/cmd/manifest.mn.noecperf 2016-06-24 08:04:53.891106841 -0700
+++ ./nss/cmd/manifest.mn 2016-06-24 08:06:57.186887403 -0700
@@ -42,7 +42,6 @@ NSS_SRCDIRS = \
dbtest \
derdump \
digest \
- ecperf \
httpserv \
listsuites \
makepqg \

View File

@ -1,6 +1,6 @@
%global nspr_version 4.12.0 %global nspr_version 4.12.0
%global nss_util_version 3.24.0 %global nss_util_version 3.25.0
%global nss_softokn_version 3.24.0 %global nss_softokn_version 3.25.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
@ -18,10 +18,10 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.24.0 Version: 3.25.0
# for Rawhide, please always use release >= 2 # for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 3%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -94,14 +94,14 @@ Patch50: iquote.patch
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
# TODO: file a bug usptream # TODO: file a bug usptream
Patch59: nss-check-policy-file.patch Patch59: nss-check-policy-file.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1277569
Patch61: mozbz1277569backport.patch
# TODO: file a bug usptream # TODO: file a bug usptream
Patch62: nss-skip-util-gtest.patch Patch62: nss-skip-util-gtest.patch
# TODO: file a bug usptream when enough tests are run # TODO: file a bug usptream when enough tests are run
Patch63: tests-check-policy-file.patch Patch63: tests-check-policy-file.patch
# TODO: file a bug usptream when enough tests are run # TODO: file a bug usptream when enough tests are run
Patch64: tests-data-adjust-for-policy.patch Patch64: tests-data-adjust-for-policy.patch
# TODO: file a bug upstream
Patch70: nss-skip-ecperf.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -185,11 +185,12 @@ low level services.
%patch58 -p0 -b .1185708_3des %patch58 -p0 -b .1185708_3des
pushd nss pushd nss
%patch59 -p1 -b .check_policy_file %patch59 -p1 -b .check_policy_file
%patch61 -p1 -b .compatibility #%patch62 -p0 -b .skip_util_gtest
%patch62 -p0 -b .skip_util_gtest
%patch63 -p1 -b .check_policy %patch63 -p1 -b .check_policy
%patch64 -p1 -b .expected_result %patch64 -p1 -b .expected_result
popd popd
# temporary
%patch70 -p0 -b .skip_ecperf
######################################################### #########################################################
# Higher-level libraries and test tools need access to # Higher-level libraries and test tools need access to
@ -197,10 +198,13 @@ popd
# until fixed upstream we must copy some headers locally # until fixed upstream we must copy some headers locally
######################################################### #########################################################
# Copying these header until the upstream bug is accepted # Copying these headers until the upstream bug is accepted
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207 # Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
# TODO: similar problem as descrived above
# ./nss/lib/freebl/ec.h, ./nss/lib/freebl/ecl/ecl-curve.h
# the last one requires that NSS_ECC_MORE_THAN_SUITE_B not be defined
# Before removing util directory we must save verref.h # Before removing util directory we must save verref.h
# as it will be needed later during the build phase. # as it will be needed later during the build phase.
@ -230,6 +234,8 @@ popd
%build %build
# TODO: remove this when we solve the problems
export NSS_DISABLE_GTESTS=1
NSS_NO_PKCS11_BYPASS=1 NSS_NO_PKCS11_BYPASS=1
export NSS_NO_PKCS11_BYPASS export NSS_NO_PKCS11_BYPASS
@ -457,7 +463,9 @@ pushd ./nss/tests/
# don't need to run all the tests when testing packaging # don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb # nss_cycles: standard pkix upgradedb sharedb
%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" # the full list from all.sh is:
# "cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress # nss_ssl_run: cov auth stress
# #
@ -802,6 +810,9 @@ fi
%changelog %changelog
* Fri Jun 24 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-2
- Rebase to nss 3.25
* Thu Jun 16 2016 Kamil Dudka <kdudka@redhat.com> - 3.24.0-3 * Thu Jun 16 2016 Kamil Dudka <kdudka@redhat.com> - 3.24.0-3
- decouple nss-pem from the nss package (#1347336) - decouple nss-pem from the nss package (#1347336)

View File

@ -1,80 +0,0 @@
diff -up nss/lib/ckfw/pem/config.mk.systemfreebl nss/lib/ckfw/pem/config.mk
--- nss/lib/ckfw/pem/config.mk.systemfreebl 2012-08-11 09:06:59.000000000 -0700
+++ nss/lib/ckfw/pem/config.mk 2013-04-04 16:02:33.805744145 -0700
@@ -41,6 +41,11 @@ CONFIG_CVS_ID = "@(#) $RCSfile: config.m
# are specifed as dependencies within rules.mk.
#
+
+EXTRA_LIBS += \
+ $(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
+ $(NULL)
+
TARGETS = $(SHARED_LIBRARY)
LIBRARY =
IMPORT_LIBRARY =
@@ -69,3 +74,22 @@ ifeq ($(OS_TARGET),SunOS)
MKSHLIB += -R '$$ORIGIN'
endif
+# If a platform has a system nssutil, set USE_SYSTEM_NSSUTIL to 1 and
+# NSSUTIL_LIBS to the linker command-line arguments for the system nssutil
+# (for example, -lnssutil3 on fedora) in the platform's config file in coreconf.
+ifdef USE_SYSTEM_NSSUTIL
+OS_LIBS += $(NSSUTIL_LIBS)
+else
+NSSUTIL_LIBS = $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX)
+EXTRA_LIBS += $(NSSUTIL_LIBS)
+endif
+# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
+# FREEBL_LIBS to the linker command-line arguments for the system nssutil
+# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
+ifdef USE_SYSTEM_FREEBL
+OS_LIBS += $(FREEBL_LIBS)
+else
+FREEBL_LIBS = $(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX)
+EXTRA_LIBS += $(FREEBL_LIBS)
+endif
+
diff -up nss/lib/ckfw/pem/Makefile.systemfreebl nss/lib/ckfw/pem/Makefile
--- nss/lib/ckfw/pem/Makefile.systemfreebl 2012-08-11 09:06:59.000000000 -0700
+++ nss/lib/ckfw/pem/Makefile 2013-04-04 16:02:33.806744154 -0700
@@ -43,8 +43,7 @@ include config.mk
EXTRA_LIBS = \
$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
+ $(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
$(NULL)
# can't do this in manifest.mn because OS_TARGET isn't defined there.
@@ -56,6 +55,9 @@ EXTRA_LIBS += \
-lplc4 \
-lplds4 \
-lnspr4 \
+ -L$(NSSUTIL_LIB_DIR) \
+ -lnssutil3 \
+ -lfreebl3
$(NULL)
else
EXTRA_SHARED_LIBS += \
@@ -74,6 +76,9 @@ EXTRA_LIBS += \
-lplc4 \
-lplds4 \
-lnspr4 \
+ -L$(NSSUTIL_LIB_DIR) \
+ -lnssutil3 \
+ -lfreebl3 \
$(NULL)
endif
diff -up nss/lib/ckfw/pem/manifest.mn.systemfreebl nss/lib/ckfw/pem/manifest.mn
--- nss/lib/ckfw/pem/manifest.mn.systemfreebl 2012-08-11 09:06:59.000000000 -0700
+++ nss/lib/ckfw/pem/manifest.mn 2013-04-04 16:02:33.807744163 -0700
@@ -65,4 +65,4 @@ REQUIRES = nspr
LIBRARY_NAME = nsspem
-#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
+EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 -L$(NSS_LIB_DIR) -lnssutil3 -lfreebl3 -lsoftokn3

View File

@ -1,12 +1,12 @@
diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c diff -up ./nss/lib/ssl/sslsock.c.transitional ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.transitional 2016-03-05 08:54:13.871412639 -0800 --- ./nss/lib/ssl/sslsock.c.transitional 2016-06-23 21:03:16.316480089 -0400
+++ ./nss/lib/ssl/sslsock.c 2016-03-05 09:00:27.721889811 -0800 +++ ./nss/lib/ssl/sslsock.c 2016-06-23 21:08:07.290202477 -0400
@@ -77,7 +77,7 @@ static sslOptions ssl_defaults = { @@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */ PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */ PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */ - 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */ + 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */ PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */ PR_TRUE, /* cbcRandomIV */

View File

@ -1,14 +1,23 @@
diff -up ./nss/lib/ssl/ssl3con.c.1185708_3des ./nss/lib/ssl/ssl3con.c --- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400
--- ./nss/lib/ssl/ssl3con.c.1185708_3des 2015-09-29 16:24:18.717593591 -0700 +++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400
+++ ./nss/lib/ssl/ssl3con.c 2015-09-29 16:25:22.672879926 -0700 @@ -118,18 +118,18 @@
@@ -101,8 +101,8 @@ static ssl3CipherSuiteCfg cipherSuites[s { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},

View File

@ -3,4 +3,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db 73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db 691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db 2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
2a3ffd2f46b60ecc116ac086343a537a nss-3.24.0.tar.gz 950263d15d1f055605bfb6e634a1a019 nss-3.25.0.tar.gz