Use the full pristine sources from upstream

- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
2013-10-27 09:45:10 -07:00 · 2013-10-27 09:45:10 -07:00 · d61e6dba7b
commit d61e6dba7b
parent 1bb4981176
4 changed files with 7 additions and 144 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,4 +8,4 @@ TestCA.ca.cert
 TestUser50.cert
 TestUser51.cert
 /nss-pem-20130828.tar.bz2
-/nss-3.15.2-stripped.tar.bz2
+/nss-3.15.2.tar.gz
--- a/mozilla-crypto-strip.sh
+++ b/mozilla-crypto-strip.sh
@ -1,128 +0,0 @@
-#!/bin/sh
-set -e
-
-if test -z $1
-then
-  echo "usage: $0 <input-tarball>"
-  exit
-fi
-
-ORIGDIR=`pwd`
-WORKDIR=nss_ecc_strip_working_dir
-EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'`
-BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'`
-COMPRESS=""
-
-if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2"
-then
-  COMPRESS="j"
-fi
-
-if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz"
-then
-  COMPRESS="z"
-fi
-
-if test "x$COMPRESS" = "x"
-then
-  echo "unable to process, input file $1 has unsupported extension"
-  exit
-fi
-
-echo "== extension is $EXTENSION - ok"
-echo "== new extension will be $JEXTENSION"
-echo "== cleaning old workdir $WORKDIR"
-
-rm -rf $WORKDIR
-mkdir $WORKDIR
-
-echo "== extracting input archive $1"
-tar -x -$COMPRESS -C $WORKDIR -f $1
-
-echo "changing into $WORKDIR"
-pushd $WORKDIR
-
-DIRCOUNT=`ls -1 | wc -l`
-if test $DIRCOUNT -ne 1
-then
-  echo "unable to process, $1 contains more than one toplevel directory"
-  exit
-fi
-
-TOPDIR=`ls -1`
-if test "x$TOPDIR" != "xnss"
-then
-  # try to deal with a single additional subdirectory above "nss"
-  echo "== skipping toplevel directory $TOPDIR"
-  cd $TOPDIR
-fi
-
-DIRCOUNT=`ls -1 | wc -l`
-if test $DIRCOUNT -ne 1
-then
-  echo "unable to process, $1 contains more than one second level directory"
-  exit
-fi
-
-SINGLEDIR=`ls -1`
-if test "x$SINGLEDIR" != "xnss"
-then
-  echo "unable to process, first or second level directory is not nss"
-  exit
-fi
-
-echo "== input archive accepted, now processing"
-
-REALFREEBLDIR=nss/lib/freebl
-FREEBLDIR=./$REALFREEBLDIR
-
-rm -rf ./nss/cmd/ecperf
-
-mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save
-rm -rf ${FREEBLDIR}/ecl/tests
-rm -rf ${FREEBLDIR}/ecl/CVS
-for i in ${FREEBLDIR}/ecl/* ; do
-echo clobbering $i
- > $i
-done
-mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h
-
-for j in ${FREEBLDIR}/ec.*; do
-        echo unifdef $j
-        cat $j | \
-        awk    'BEGIN {ech=1; prt=0;} \
-                /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \
-                /^#[ \t]*if/ {if(ech < 1) ech--;} \
-                {if(ech>0) {;print $0};} \
-                /^#[ \t]*endif/ {if(ech < 1) ech++;} \
-                {if (prt && (ech<=0)) {;print $0}; } \
-                {if (ech>0) {prt=0;} } \
-                /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \
-        mv $j.hobbled $j
-done
-
-echo "== returning to original directory"
-popd
-
-JCOMPRESS=j
-JEXTENSION=.tar.bz2
-NEWARCHIVE=$BASE-stripped$JEXTENSION
-echo "== finally producing new archive $NEWARCHIVE"
-tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR
-
-echo "== all done, listing of old and new archive:"
-ls -l $1
-ls -l $NEWARCHIVE
-
-LISTING_DIR=""
-if test "x$TOPDIR" != "xmozilla"
-then
-  LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl"
-else
-  LISTING_DIR="$REALFREEBLDIR/ecl"
-fi
-
-echo "== FYI, producing listing of stripped dir in new archive"
-tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR
-
-
--- a/nss.spec
+++ b/nss.spec
@ -47,20 +47,7 @@ BuildRequires:    perl
 %{!?nss_ckbi_suffix:%define full_nss_version %{version}}
 %{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}

-Source0:          %{name}-%{full_nss_version}-stripped.tar.bz2
-
-# The stripped tar ball is a subset of the upstream sources with
-# patent-encumbered cryptographic algorithms removed.
-# Use this script to remove them and create the stripped archive.
-# 1. Download the sources nss-{version}.tar.gz found within 
-# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
-# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src
-# 2. In the download directory execute
-# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz
-# to produce ${name}-${version}-stripped.tar.bz2
-# for uploading to the lookaside cache.
-Source100:        mozilla-crypto-strip.sh
-
+Source0:          %{name}-%{full_nss_version}.tar.gz
 Source1:          nss.pc.in
 Source2:          nss-config.in
 Source3:          blank-cert8.db
@ -755,6 +742,10 @@ fi


 %changelog
+* Sun Oct 27 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-3
+- Use the full pristine sources from upstream
+- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
+
 * Fri Oct 18 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-2
 - Disable the nss-ssl-cbc-random-iv-off-by-default.patch
 - Resolves: rhbz#1020420 - Turn on the fix for BEAST by default [CVE-2011-3389]
--- a/2
+++ b/2
@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2  TestCA.ca.cert
 1b7b6808cd77d5df29bf5bb9e5fac967  TestUser50.cert
 ab0b56dd505a995425c03e5266f7c8d6  TestUser51.cert
 e82dd2b9520f9d0f5d101e7710d59656  nss-pem-20130828.tar.bz2
-b402f7062b1c0c0ee9d0f223d03b4d6a  nss-3.15.2-stripped.tar.bz2
+154223568f9734c76c164b46c774450c  nss-3.15.2.tar.gz