From 7f1714290799271a43b1d1bfb7cae8be05f02321 Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Sat, 24 Feb 2007 08:43:08 +0000 Subject: [PATCH] - Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package --- .cvsignore | 2 +- nss-clobber.sh | 1 + nss-no-rpath.patch | 14 ++++++++++++++ nss.spec | 38 +++++++++++++++++++++++++++++++++++--- sources | 2 +- 5 files changed, 52 insertions(+), 5 deletions(-) create mode 100644 nss-no-rpath.patch diff --git a/.cvsignore b/.cvsignore index ceb6a29..d41f591 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -nss-3.11.4.tar.gz +nss-3.11.5.tar.gz diff --git a/nss-clobber.sh b/nss-clobber.sh index 5ace9da..7cb1512 100755 --- a/nss-clobber.sh +++ b/nss-clobber.sh @@ -4,6 +4,7 @@ set -e mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save rm -rf ${FREEBLDIR}/ecl/tests +rm -rf ${FREEBLDIR}/ecl/CVS for i in ${FREEBLDIR}/ecl/* ; do echo clobbering $i > $i diff --git a/nss-no-rpath.patch b/nss-no-rpath.patch new file mode 100644 index 0000000..35ea573 --- /dev/null +++ b/nss-no-rpath.patch @@ -0,0 +1,14 @@ +--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100 ++++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100 +@@ -52,9 +52,9 @@ + + ifeq ($(OS_ARCH), Linux) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' + else +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' + endif + endif + diff --git a/nss.spec b/nss.spec index e4bfd90..cb647b5 100644 --- a/nss.spec +++ b/nss.spec @@ -1,9 +1,10 @@ %define nspr_version 4.6.2 +%define unsupported_tools_directory %{_libdir}/nss/unsupported-tools Summary: Network Security Services Name: nss -Version: 3.11.4 -Release: 5%{?dist} +Version: 3.11.5 +Release: 1%{?dist} License: MPL/GPL/LGPL URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -23,6 +24,8 @@ Source4: blank-key3.db Source5: blank-secmod.db Source6: nss-clobber.sh +Patch1: nss-no-rpath.patch + %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and @@ -72,6 +75,7 @@ low level services. %prep %setup -q sh %{SOURCE6} > /dev/null +%patch1 -p0 %build @@ -148,6 +152,7 @@ chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} # Copy the binary libraries we want for file in libnss3.so libssl3.so libsmime3.so libsoftokn3.so libnssckbi.so libfreebl3.so @@ -174,11 +179,17 @@ do done # Copy the binaries we want -for file in certutil modutil pk12util signtool ssltap +for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap do %{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} done +# Copy the binaries we ship as unsupported +for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain +do + %{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} +done + # Copy the include files for file in mozilla/dist/public/nss/*.h do @@ -216,10 +227,25 @@ done %files tools %defattr(-,root,root) %{_bindir}/certutil +%{_bindir}/cmsutil +%{_bindir}/crlutil %{_bindir}/modutil %{_bindir}/pk12util %{_bindir}/signtool +%{_bindir}/signver %{_bindir}/ssltap +%{unsupported_tools_directory}/atob +%{unsupported_tools_directory}/btoa +%{unsupported_tools_directory}/derdump +%{unsupported_tools_directory}/ocspclnt +%{unsupported_tools_directory}/pp +%{unsupported_tools_directory}/selfserv +%{unsupported_tools_directory}/shlibsign +%{unsupported_tools_directory}/strsclnt +%{unsupported_tools_directory}/symkeyutil +%{unsupported_tools_directory}/tstclnt +%{unsupported_tools_directory}/vfyserv +%{unsupported_tools_directory}/vfychain %files devel @@ -327,6 +353,12 @@ done %changelog +* Sat Feb 24 2007 Kai Engert - 3.11.5-1 +- Update to 3.11.5 +- This update fixes two security vulnerabilities with SSL 2 +- Do not use -rpath link option +- Added several unsupported tools to tools package + * Tue Jan 9 2007 Bob Relyea - 3.11.4-4 - disable ECC, cleanout dead code diff --git a/sources b/sources index bd0f9c4..ceae8f3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -74af8ebdf94307f47ff8931adbef9c39 nss-3.11.4.tar.gz +1add44e6a41dbf5091cfd000f19ad6b9 nss-3.11.5.tar.gz