diff --git a/.gitignore b/.gitignore index 370b654..25fde7a 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,4 @@ TestCA.ca.cert TestUser50.cert TestUser51.cert /nss-pem-20130828.tar.bz2 -/nss-3.15.2-stripped.tar.bz2 +/nss-3.15.2.tar.gz diff --git a/mozilla-crypto-strip.sh b/mozilla-crypto-strip.sh deleted file mode 100755 index 56b00a8..0000000 --- a/mozilla-crypto-strip.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/sh -set -e - -if test -z $1 -then - echo "usage: $0 " - exit -fi - -ORIGDIR=`pwd` -WORKDIR=nss_ecc_strip_working_dir -EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'` -BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'` -COMPRESS="" - -if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2" -then - COMPRESS="j" -fi - -if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz" -then - COMPRESS="z" -fi - -if test "x$COMPRESS" = "x" -then - echo "unable to process, input file $1 has unsupported extension" - exit -fi - -echo "== extension is $EXTENSION - ok" -echo "== new extension will be $JEXTENSION" -echo "== cleaning old workdir $WORKDIR" - -rm -rf $WORKDIR -mkdir $WORKDIR - -echo "== extracting input archive $1" -tar -x -$COMPRESS -C $WORKDIR -f $1 - -echo "changing into $WORKDIR" -pushd $WORKDIR - -DIRCOUNT=`ls -1 | wc -l` -if test $DIRCOUNT -ne 1 -then - echo "unable to process, $1 contains more than one toplevel directory" - exit -fi - -TOPDIR=`ls -1` -if test "x$TOPDIR" != "xnss" -then - # try to deal with a single additional subdirectory above "nss" - echo "== skipping toplevel directory $TOPDIR" - cd $TOPDIR -fi - -DIRCOUNT=`ls -1 | wc -l` -if test $DIRCOUNT -ne 1 -then - echo "unable to process, $1 contains more than one second level directory" - exit -fi - -SINGLEDIR=`ls -1` -if test "x$SINGLEDIR" != "xnss" -then - echo "unable to process, first or second level directory is not nss" - exit -fi - -echo "== input archive accepted, now processing" - -REALFREEBLDIR=nss/lib/freebl -FREEBLDIR=./$REALFREEBLDIR - -rm -rf ./nss/cmd/ecperf - -mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save -rm -rf ${FREEBLDIR}/ecl/tests -rm -rf ${FREEBLDIR}/ecl/CVS -for i in ${FREEBLDIR}/ecl/* ; do -echo clobbering $i - > $i -done -mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h - -for j in ${FREEBLDIR}/ec.*; do - echo unifdef $j - cat $j | \ - awk 'BEGIN {ech=1; prt=0;} \ - /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \ - /^#[ \t]*if/ {if(ech < 1) ech--;} \ - {if(ech>0) {;print $0};} \ - /^#[ \t]*endif/ {if(ech < 1) ech++;} \ - {if (prt && (ech<=0)) {;print $0}; } \ - {if (ech>0) {prt=0;} } \ - /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \ - mv $j.hobbled $j -done - -echo "== returning to original directory" -popd - -JCOMPRESS=j -JEXTENSION=.tar.bz2 -NEWARCHIVE=$BASE-stripped$JEXTENSION -echo "== finally producing new archive $NEWARCHIVE" -tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR - -echo "== all done, listing of old and new archive:" -ls -l $1 -ls -l $NEWARCHIVE - -LISTING_DIR="" -if test "x$TOPDIR" != "xmozilla" -then - LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl" -else - LISTING_DIR="$REALFREEBLDIR/ecl" -fi - -echo "== FYI, producing listing of stripped dir in new archive" -tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR - - diff --git a/nss.spec b/nss.spec index 7595e9b..3fd8c96 100644 --- a/nss.spec +++ b/nss.spec @@ -47,20 +47,7 @@ BuildRequires: perl %{!?nss_ckbi_suffix:%define full_nss_version %{version}} %{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}} -Source0: %{name}-%{full_nss_version}-stripped.tar.bz2 - -# The stripped tar ball is a subset of the upstream sources with -# patent-encumbered cryptographic algorithms removed. -# Use this script to remove them and create the stripped archive. -# 1. Download the sources nss-{version}.tar.gz found within -# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ -# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src -# 2. In the download directory execute -# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz -# to produce ${name}-${version}-stripped.tar.bz2 -# for uploading to the lookaside cache. -Source100: mozilla-crypto-strip.sh - +Source0: %{name}-%{full_nss_version}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db @@ -755,6 +742,10 @@ fi %changelog +* Sun Oct 27 2013 Elio Maldonado - 3.15.2-3 +- Use the full pristine sources from upstream +- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird + * Fri Oct 18 2013 Elio Maldonado - 3.15.2-2 - Disable the nss-ssl-cbc-random-iv-off-by-default.patch - Resolves: rhbz#1020420 - Turn on the fix for BEAST by default [CVE-2011-3389] diff --git a/sources b/sources index c14d054..2a414c9 100644 --- a/sources +++ b/sources @@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert 1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2 -b402f7062b1c0c0ee9d0f223d03b4d6a nss-3.15.2-stripped.tar.bz2 +154223568f9734c76c164b46c774450c nss-3.15.2.tar.gz