diff --git a/.cvsignore b/.cvsignore index 45014b7..6277b7e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,4 @@ nss-3.11.5-fbst-stripped.tar.gz nss-3.11.7-no-fbst-with-ckbi-1.64.tar.gz +nss-3.12-alpha-ckfw.tar.gz +nss-3.12-alpha-pem.tar.gz diff --git a/nss-create-obj.patch b/nss-create-obj.patch new file mode 100644 index 0000000..37cdb73 --- /dev/null +++ b/nss-create-obj.patch @@ -0,0 +1,177 @@ +Index: mozilla/security/nss/lib/nss/nss.def +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/nss/nss.def,v +retrieving revision 1.158.2.7 +diff -u -r1.158.2.7 nss.def +--- mozilla/security/nss/lib/nss/nss.def 25 Apr 2007 23:26:53 -0000 1.158.2.7 ++++ mozilla/security/nss/lib/nss/nss.def 31 Aug 2007 18:54:54 -0000 +@@ -899,3 +899,10 @@ + ;+ local: + ;+ *; + ;+}; ++;+NSS_3.12 { ++;+ global: ++PK11_CreateGenericObject; ++PK11_WriteRawAttribute; ++;+ local: ++;+ *; ++;+}; +Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v +retrieving revision 1.11.2.3 +diff -u -r1.11.2.3 pk11obj.c +--- mozilla/security/nss/lib/pk11wrap/pk11obj.c 5 Jan 2007 09:44:05 -0000 1.11.2.3 ++++ mozilla/security/nss/lib/pk11wrap/pk11obj.c 9 May 2007 20:58:17 -0000 +@@ -388,7 +388,7 @@ + + SECStatus + PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, +- CK_ATTRIBUTE *theTemplate, int count, ++ const CK_ATTRIBUTE *theTemplate, int count, + PRBool token, CK_OBJECT_HANDLE *objectID) + { + CK_SESSION_HANDLE rwsession; +@@ -1306,7 +1306,7 @@ + PK11_DestroyGenericObject(objects); + } + /* delete all the objects before it in the list */ +- for (objects = prevObject; objects; objects = nextObject) { ++ for (objects = prevObject; objects; objects = prevObject) { + prevObject = objects->prev; + PK11_DestroyGenericObject(objects); + } +@@ -1314,6 +1314,96 @@ + } + + ++/* ++ * Hand Create a new object and return the Generic object for our new object. ++ */ ++PK11GenericObject * ++PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *template, ++ int count, PRBool token) ++{ ++ CK_OBJECT_HANDLE objectID; ++ PK11GenericObject *obj; ++ CK_RV crv; ++ ++ PK11_EnterSlotMonitor(slot); ++ crv = PK11_CreateNewObject(slot, slot->session, template, count, ++ token, &objectID); ++ PK11_ExitSlotMonitor(slot); ++ if (crv != CKR_OK) { ++ PORT_SetError(PK11_MapError(crv)); ++ return NULL; ++ } ++ ++ obj = PORT_New(PK11GenericObject); ++ if ( !obj ) { ++ /* error set by PORT_New */ ++ return NULL; ++ } ++ ++ /* initialize it */ ++ obj->slot = PK11_ReferenceSlot(slot); ++ obj->objectID = objectID; ++ obj->next = NULL; ++ obj->prev = NULL; ++ return obj; ++} ++ ++/* ++ * Change an attribute on a raw object ++ */ ++SECStatus ++PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec, ++ CK_ATTRIBUTE_TYPE attrType, SECItem *item) ++{ ++ PK11SlotInfo *slot = NULL; ++ CK_OBJECT_HANDLE handle; ++ CK_ATTRIBUTE setTemplate; ++ CK_RV crv; ++ CK_SESSION_HANDLE rwsession; ++ ++ switch (objType) { ++ case PK11_TypeGeneric: ++ slot = ((PK11GenericObject *)objSpec)->slot; ++ handle = ((PK11GenericObject *)objSpec)->objectID; ++ break; ++ case PK11_TypePrivKey: ++ slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot; ++ handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID; ++ break; ++ case PK11_TypePubKey: ++ slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot; ++ handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID; ++ break; ++ case PK11_TypeSymKey: ++ slot = ((PK11SymKey *)objSpec)->slot; ++ handle = ((PK11SymKey *)objSpec)->objectID; ++ break; ++ case PK11_TypeCert: /* don't handle cert case for now */ ++ default: ++ break; ++ } ++ if (slot == NULL) { ++ PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE); ++ return SECFailure; ++ } ++ ++ PK11_SETATTRS(&setTemplate, attrType, (CK_CHAR *) item->data, item->len); ++ rwsession = PK11_GetRWSession(slot); ++ if (rwsession == CK_INVALID_SESSION) { ++ PORT_SetError(SEC_ERROR_BAD_DATA); ++ return SECFailure; ++ } ++ crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, handle, ++ &setTemplate, 1); ++ PK11_RestoreROSession(slot, rwsession); ++ if (crv != CKR_OK) { ++ PORT_SetError(PK11_MapError(crv)); ++ return SECFailure; ++ } ++ return SECSuccess; ++} ++ ++ + SECStatus + PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, + CK_ATTRIBUTE_TYPE attrType, SECItem *item) +Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v +retrieving revision 1.14.2.1 +diff -u -r1.14.2.1 pk11pub.h +--- mozilla/security/nss/lib/pk11wrap/pk11pub.h 2 Mar 2006 00:12:27 -0000 1.14.2.1 ++++ mozilla/security/nss/lib/pk11wrap/pk11pub.h 9 May 2007 20:58:17 -0000 +@@ -688,8 +688,13 @@ + PK11GenericObject *object); + SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object); + SECStatus PK11_DestroyGenericObject(PK11GenericObject *object); ++PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot, ++ const CK_ATTRIBUTE *template, ++ int count, PRBool token); + SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object, + CK_ATTRIBUTE_TYPE attr, SECItem *item); ++SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object, ++ CK_ATTRIBUTE_TYPE attr, SECItem *item); + + + /********************************************************************** +Index: mozilla/security/nss/lib/pk11wrap/secmodi.h +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/secmodi.h,v +retrieving revision 1.23 +diff -u -r1.23 secmodi.h +--- mozilla/security/nss/lib/pk11wrap/secmodi.h 9 Sep 2005 02:03:57 -0000 1.23 ++++ mozilla/security/nss/lib/pk11wrap/secmodi.h 9 May 2007 20:58:17 -0000 +@@ -105,7 +105,7 @@ + #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ + (x)->pValue=(v); (x)->ulValueLen = (l); + SECStatus PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, +- CK_ATTRIBUTE *theTemplate, int count, ++ const CK_ATTRIBUTE *theTemplate, int count, + PRBool token, CK_OBJECT_HANDLE *objectID); + + SECStatus pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech); diff --git a/nss-enable-pem.patch b/nss-enable-pem.patch new file mode 100644 index 0000000..451d902 --- /dev/null +++ b/nss-enable-pem.patch @@ -0,0 +1,16 @@ +Index: mozilla/security/nss/lib/ckfw/manifest.mn +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/manifest.mn,v +retrieving revision 1.9 +diff -u -r1.9 manifest.mn +--- mozilla/security/nss/lib/ckfw/manifest.mn 16 Dec 2005 00:48:01 -0000 1.9 ++++ mozilla/security/nss/lib/ckfw/manifest.mn 31 Aug 2007 17:58:23 -0000 +@@ -38,7 +38,7 @@ + + CORE_DEPTH = ../../.. + +-DIRS = builtins ++DIRS = builtins pem + + PRIVATE_EXPORTS = \ + ck.h \ diff --git a/nss.spec b/nss.spec index 02398ae..d4ed701 100644 --- a/nss.spec +++ b/nss.spec @@ -1,12 +1,13 @@ %define nspr_version 4.6.2 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools %define fips_source_version 3.11.5 +%define ckfw_source_version 3.12-alpha %define ckbi_version 1.64 Summary: Network Security Services Name: nss Version: 3.11.7 -Release: 6%{?dist} +Release: 7%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -29,12 +30,16 @@ Source4: blank-key3.db Source5: blank-secmod.db Source7: fake-kstat.h Source10: %{name}-%{fips_source_version}-fbst-stripped.tar.gz +Source11: %{name}-%{ckfw_source_version}-ckfw.tar.gz +Source12: %{name}-%{ckfw_source_version}-pem.tar.gz Patch1: nss-no-rpath.patch Patch2: nss-smartcard-auth.patch Patch3: nss-use-netstat-hack.patch Patch4: nss-decouple-softokn.patch Patch5: nss-disable-build-freebl-softoken.patch +Patch6: nss-enable-pem.patch +Patch7: nss-create-obj.patch %description @@ -86,9 +91,12 @@ low level services. %prep %setup -q %setup -q -T -D -n %{name}-%{version} -a 10 +%setup -q -T -D -n %{name}-%{version} -a 11 +%setup -q -T -D -n %{name}-%{version} -a 12 %define old_nss_lib %{name}-%{fips_source_version}/mozilla/security/nss/lib %define new_nss_lib mozilla/security/nss/lib +%define new_ckfw_lib %{name}-%{ckfw_source_version}/mozilla/security/nss/lib # Ensure we will not use new freebl/softoken code rm -rf %{new_nss_lib}/freebl @@ -98,6 +106,10 @@ rm -rf %{new_nss_lib}/softoken cp -a %{old_nss_lib}/freebl %{new_nss_lib} cp -a %{old_nss_lib}/softoken %{new_nss_lib} +# set up ckfw +rm -rf %{new_nss_lib}/ckfw +cp -a %{new_ckfw_lib}/ckfw %{new_nss_lib} + # Ensure the newer NSS tree will not build code, except the loader mv -i %{new_nss_lib}/freebl/loader.c %{new_nss_lib}/freebl/loader.c.save rm -rf %{new_nss_lib}/freebl/*.c %{new_nss_lib}/freebl/*.s @@ -114,6 +126,8 @@ rm -rf mozilla/security/nss/cmd/certcgi %patch2 -p0 -b .smartcard-auth %patch4 -p0 -b .decouple-softokn %patch5 -p0 -b .nofbst +%patch6 -p0 -b .libpem +%patch7 -p0 -b .create-obj # Apply the patches to the tree where we build freebl/softoken cd nss-%{fips_source_version} @@ -228,7 +242,7 @@ do done # Copy the binary libraries we want -for file in libnss3.so libssl3.so libsmime3.so libnssckbi.so +for file in libnss3.so libssl3.so libsmime3.so libnssckbi.so libnsspem.so do %{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} done @@ -298,6 +312,7 @@ done %{_libdir}/libsmime3.so %{_libdir}/libsoftokn3.so %{_libdir}/libnssckbi.so +%{_libdir}/libnsspem.so %{_libdir}/libfreebl3.so %{unsupported_tools_directory}/shlibsign %ghost %{_libdir}/libsoftokn3.chk @@ -370,6 +385,7 @@ done %{_includedir}/nss3/nssilckt.h %{_includedir}/nss3/nssilock.h %{_includedir}/nss3/nsslocks.h +%{_includedir}/nss3/nsspem.h %{_includedir}/nss3/nssrwlk.h %{_includedir}/nss3/nssrwlkt.h %{_includedir}/nss3/ocsp.h @@ -437,6 +453,9 @@ done %changelog +* Wed Sep 05 2007 Bob Relyea - 3.11.7-7 +- Add 3.12 ckfw and libnsspem + * Tue Aug 28 2007 Kai Engert - 3.11.7-6 - Updated license tag diff --git a/sources b/sources index 97305fd..0f259af 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ 68c5e1bd8ba091e5a50babcd9e552bc5 nss-3.11.5-fbst-stripped.tar.gz c1053d1e001a5b1eb4b7c296a968ca5c nss-3.11.7-no-fbst-with-ckbi-1.64.tar.gz +baa96599af6f0a2b656479d8e4efd58f nss-3.12-alpha-ckfw.tar.gz +84bad7e42304a6d4fdf2b83f5295b938 nss-3.12-alpha-pem.tar.gz