diff --git a/.cvsignore b/.cvsignore index e5a1fc4..3aad1a8 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,4 +1,4 @@ -nss-3.12.5-stripped.tar.bz2 +nss-3.12.6-stripped.tar.bz2 nss-pem-20091210.tar.bz2 blank-cert8.db blank-key3.db diff --git a/533125-ammend.patch b/533125-ammend.patch deleted file mode 100644 index 73846ab..0000000 --- a/533125-ammend.patch +++ /dev/null @@ -1,23 +0,0 @@ -Index: mozilla/security/nss/lib/ssl/ssl3con.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v -retrieving revision 1.121 -diff -u -p -r1.121 ssl3con.c ---- mozilla/security/nss/lib/ssl/ssl3con.c 12 Nov 2009 05:08:27 -0000 1.121 -+++ mozilla/security/nss/lib/ssl/ssl3con.c 20 Nov 2009 19:36:30 -0000 -@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST); - return SECFailure; - } -+ /* - if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - ssl_GetXmitBufLock(ss); - rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation); -@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) - PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); - return SECFailure; - } -+ */ - - if (sid) { - ss->sec.uncache(sid); diff --git a/540387.patch b/540387.patch deleted file mode 100644 index 6133526..0000000 --- a/540387.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pars.c b/mozilla/security/nss/lib/pk11wrap/pk11pars.c -index c36cd25..5855084 100644 ---- a/mozilla/security/nss/lib/pk11wrap/pk11pars.c -+++ b/mozilla/security/nss/lib/pk11wrap/pk11pars.c -@@ -1134,6 +1134,12 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) - - for (; *index; index++) { - SECMODModule *child; -+ if (0 == PORT_Strcmp(*index, modulespec)) { -+ /* avoid trivial infinite recursion */ -+ PORT_SetError(SEC_ERROR_NO_MODULE); -+ rv = SECFailure; -+ break; -+ } - child = SECMOD_LoadModule(*index,module,PR_TRUE); - if (!child) break; - if (child->isCritical && !child->loaded) { diff --git a/545779.patch b/545779.patch deleted file mode 100644 index 53477b6..0000000 --- a/545779.patch +++ /dev/null @@ -1,49 +0,0 @@ -Index: mozilla/security/nss/lib/sysinit/nsssysinit.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v -retrieving revision 1.1 -diff -u -p -r1.1 nsssysinit.c ---- mozilla/security/nss/lib/sysinit/nsssysinit.c 8 Oct 2009 17:08:36 -0000 1.1 -+++ mozilla/security/nss/lib/sysinit/nsssysinit.c 12 Dec 2009 03:34:17 -0000 -@@ -198,11 +198,20 @@ getFIPSMode(void) - * the decision making process. - * - */ -+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \ -+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \ -+askpw=any timeout=30 ] } "; -+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \ -+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \ -+askpw=any timeout=30 ] } "; -+ - static char ** - get_list(char *filename, char *stripped_parameters) - { - char **module_list = PORT_ZNewArray(char *, 4); - char *userdb; -+ int isFIPS = getFIPSMode(); -+ const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags; - int next = 0; - - /* can't get any space */ -@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_ - "library= " - "module=\"NSS User database\" " - "parameters=\"configdir='sql:%s' %s\" " -- "NSS=\"flags=internal%s\"", -- userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : ""); -+ "NSS=\"%sflags=internal%s\"", -+ userdb, stripped_parameters, nssflags, -+ isFIPS ? ",FIPS" : ""); - - /* now open the user's defined PKCS #11 modules */ - /* skip the local user DB entry */ -@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_ - "library= " - "module=\"NSS system database\" " - "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" " -- "NSS=\"flags=internal,critical\"",filename); -+ "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags); - - /* that was the last module */ - module_list[next] = 0; diff --git a/546221.patch b/546221.patch deleted file mode 100644 index 21be24a..0000000 --- a/546221.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c ---- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221 2009-12-19 21:11:06.590930221 -0800 -+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2009-12-19 21:17:29.019931181 -0800 -@@ -37,8 +37,6 @@ - #include "prio.h" - #include "prprf.h" - -- -- - /* - * The following provides a default example for operating systems to set up - * and manage applications loading NSS on their OS globally. -@@ -208,8 +206,8 @@ askpw=any timeout=30 ] } "; - static char ** - get_list(char *filename, char *stripped_parameters) - { -- char **module_list = PORT_ZNewArray(char *, 4); -- char *userdb; -+ char **module_list = PORT_ZNewArray(char *, 5); -+ char *userdb, *sysdb; - int isFIPS = getFIPSMode(); - const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags; - int next = 0; -@@ -219,13 +217,20 @@ get_list(char *filename, char *stripped_ - return NULL; - } - -- userdb = getUserDB(); -+ sysdb = getSystemDB(); -+ userdb = getUserDB(); -+ -+ if (sysdb && !strcmp(filename, sysdb)) -+ filename = NULL; -+ if (userdb && !strcmp(filename, userdb)) -+ filename = NULL; -+ - if (userdb != NULL) { - /* return a list of databases to open. First the user Database */ - module_list[next++] = PR_smprintf( - "library= " - "module=\"NSS User database\" " -- "parameters=\"configdir='sql:%s' %s\" " -+ "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " - "NSS=\"%sflags=internal%s\"", - userdb, stripped_parameters, nssflags, - isFIPS ? ",FIPS" : ""); -@@ -238,19 +243,32 @@ get_list(char *filename, char *stripped_ - "parameters=\"configdir='sql:%s' %s\" " - "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", - userdb, stripped_parameters); -- } -+ } -+ -+ if (filename && 0 /* This doesn't actually work. If we register -+ both this and the sysdb (in either order) -+ then only one of them actually shows up */) { -+ module_list[next++] = PR_smprintf( -+ "library= " -+ "module=\"NSS database\" " -+ "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " -+ "NSS=\"%sflags=internal\"",filename, filename, nssflags); -+ } - - /* now the system database (always read only) */ -- module_list[next++] = PR_smprintf( -- "library= " -- "module=\"NSS system database\" " -- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" " -- "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags); -+ if (sysdb) { -+ module_list[next++] = PR_smprintf( -+ "library= " -+ "module=\"NSS system database\" " -+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" " -+ "NSS=\"%sflags=internal,critical\"",sysdb, nssflags); -+ } - - /* that was the last module */ - module_list[next] = 0; - - PORT_Free(userdb); -+ PORT_Free(sysdb); - - return module_list; - } diff --git a/547860.patch b/547860.patch deleted file mode 100644 index 4954880..0000000 --- a/547860.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c ---- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 2010-01-06 17:57:30.722388282 -0800 -+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-06 18:20:59.713397530 -0800 -@@ -50,6 +50,7 @@ - */ - - #ifdef XP_UNIX -+#include - #include - #include - -@@ -108,12 +109,26 @@ getSystemDB(void) { - return PORT_Strdup(NSS_DEFAULT_SYSTEM); - } - -+static PRBool -+userIsRoot() -+{ -+ /* this works for linux and all unixes that we know off -+ though it isn't stated as such in POSIX documentation */ -+ return getuid() == 0; -+} -+ -+static PRBool -+userCanModifySystemDB() -+{ -+ return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0); -+} -+ - #else - #ifdef XP_WIN - static char * - getUserDB(void) - { -- /* use the registry to find the user's NSS_DIR. if no entry exists, creaate -+ /* use the registry to find the user's NSS_DIR. if no entry exists, create - * one in the users Appdir location */ - return NULL; - } -@@ -121,13 +136,28 @@ getUserDB(void) - static char * - getSystemDB(void) - { -- /* use the registry to find the system's NSS_DIR. if no entry exists, creaate -+ /* use the registry to find the system's NSS_DIR. if no entry exists, create - * one based on the windows system data area */ - return NULL; - } - -+static PRBool -+userIsRoot() -+{ -+ /* use the registry to find if the user is the system administrator. */ -+ return PR_FALSE; -+} -+ -+static PRBool -+userCanModifySystemDB() -+{ -+ /* use the registry to find if the user has administrative privilege -+ * to modify the system's nss database. */ -+ return PR_FALSE; -+} -+ - #else --#error "Need to write getUserDB and get SystemDB functions" -+#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions" - #endif - #endif - -@@ -225,7 +255,8 @@ get_list(char *filename, char *stripped_ - if (userdb && !strcmp(filename, userdb)) - filename = NULL; - -- if (userdb != NULL) { -+ /* Don't open root's user DB */ -+ if (userdb != NULL && !userIsRoot()) { - /* return a list of databases to open. First the user Database */ - module_list[next++] = PR_smprintf( - "library= " -@@ -245,7 +276,8 @@ get_list(char *filename, char *stripped_ - userdb, stripped_parameters); - } - -- if (filename && 0 /* This doesn't actually work. If we register -+ if (filename && !userIsRoot() && 0 -+ /* This doesn't actually work. If we register - both this and the sysdb (in either order) - then only one of them actually shows up */) { - module_list[next++] = PR_smprintf( -@@ -255,13 +287,14 @@ get_list(char *filename, char *stripped_ - "NSS=\"%sflags=internal\"",filename, filename, nssflags); - } - -- /* now the system database (always read only) */ -+ /* now the system database (always read only unless it's root) */ - if (sysdb) { -- module_list[next++] = PR_smprintf( -+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; -+ module_list[next++] = PR_smprintf( - "library= " - "module=\"NSS system database\" " -- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" " -- "NSS=\"%sflags=internal,critical\"",sysdb, nssflags); -+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " -+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); - } - - /* that was the last module */ diff --git a/553638.patch b/553638.patch deleted file mode 100644 index 2eb09db..0000000 --- a/553638.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c ---- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 2010-01-25 08:58:42.358325102 -0800 -+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-25 09:07:20.028324059 -0800 -@@ -36,6 +36,7 @@ - #include "seccomon.h" - #include "prio.h" - #include "prprf.h" -+#include "plhash.h" - - /* - * The following provides a default example for operating systems to set up -@@ -212,6 +213,25 @@ getFIPSMode(void) - - #define NSS_DEFAULT_FLAGS "flags=readonly" - -+/* configuration flags according to -+ * https://developer.mozilla.org/en/PKCS11_Module_Specs -+ * As stated there the slotParams start with a slot name which is a slotID -+ * Slots 1 through 3 are reserved for the nss internal modules as follows: -+ * 1 for crypto operations slot non-fips, -+ * 2 for the key slot, and -+ * 3 for the crypto operations slot fips -+ */ -+#define ORDER_FLAGS "trustOrder=75 cipherOrder=100" -+#define SLOT_FLAGS \ -+ "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \ -+ " askpw=any timeout=30 ]" -+ -+static const char *nssDefaultFlags = -+ ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } "; -+ -+static const char *nssDefaultFIPSFlags = -+ ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } "; -+ - /* - * This function builds the list of databases and modules to load, and sets - * their configuration. For the sample we have a fixed set. -@@ -226,13 +246,6 @@ getFIPSMode(void) - * the decision making process. - * - */ --static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \ --slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \ --askpw=any timeout=30 ] } "; --static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \ --slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \ --askpw=any timeout=30 ] } "; -- - static char ** - get_list(char *filename, char *stripped_parameters) - { -@@ -250,11 +263,6 @@ get_list(char *filename, char *stripped_ - sysdb = getSystemDB(); - userdb = getUserDB(); - -- if (sysdb && !strcmp(filename, sysdb)) -- filename = NULL; -- if (userdb && !strcmp(filename, userdb)) -- filename = NULL; -- - /* Don't open root's user DB */ - if (userdb != NULL && !userIsRoot()) { - /* return a list of databases to open. First the user Database */ -@@ -276,16 +284,29 @@ get_list(char *filename, char *stripped_ - userdb, stripped_parameters); - } - -- if (filename && !userIsRoot() && 0 -- /* This doesn't actually work. If we register -- both this and the sysdb (in either order) -- then only one of them actually shows up */) { -+#if 0 -+ /* This doesn't actually work. If we register -+ both this and the sysdb (in either order) -+ then only one of them actually shows up */ -+ -+ /* Using a NULL filename as a Boolean flag to -+ * prevent registering both an application-defined -+ * db and the system db. rhbz #546211. -+ */ -+ PORT_Assert(filename); -+ if (sysdb && PL_CompareStrings(filename, sysdb)) -+ filename = NULL; -+ else if (userdb && PL_CompareStrings(filename, userdb)) -+ filename = NULL; -+ -+ if (filename && !userIsRoot()) { - module_list[next++] = PR_smprintf( - "library= " - "module=\"NSS database\" " - "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " - "NSS=\"%sflags=internal\"",filename, filename, nssflags); - } -+#endif - - /* now the system database (always read only unless it's root) */ - if (sysdb) { diff --git a/nss-no-rpath.patch b/nss-no-rpath.patch deleted file mode 100644 index 35ea573..0000000 --- a/nss-no-rpath.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100 -+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100 -@@ -52,9 +52,9 @@ - - ifeq ($(OS_ARCH), Linux) - ifeq ($(USE_64), 1) --EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' -+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' - else --EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' -+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' - endif - endif - diff --git a/nss-nolocalsql.patch b/nss-nolocalsql.patch index 21101fa..dc75a22 100644 --- a/nss-nolocalsql.patch +++ b/nss-nolocalsql.patch @@ -1,26 +1,26 @@ diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile ---- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200 -+++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200 -@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE) - DIRS := $(filter-out fortcrypt,$(DIRS)) +--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2010-02-27 16:40:25.891777537 -0800 ++++ ./mozilla/security/nss/lib/Makefile 2010-02-27 16:41:59.175902327 -0800 +@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB + ZLIB_SRCDIR = zlib # Add the zlib directory to DIRS. endif -ifndef MOZILLA_CLIENT -ifndef NSS_USE_SYSTEM_SQLITE --DIRS := sqlite $(DIRS) +-SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS. -endif -endif +#ifndef MOZILLA_CLIENT +#ifndef NSS_USE_SYSTEM_SQLITE -+#DIRS := sqlite $(DIRS) ++#SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS. +#endif +#endif - ####################################################################### - # (5) Execute "global" rules. (OPTIONAL) # + ifndef MOZILLA_CLIENT + ifeq ($(OS_ARCH),Linux) diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn ---- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200 -+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200 +--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2010-02-27 16:44:24.998777709 -0800 ++++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2010-02-27 16:45:08.533803472 -0800 @@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" @@ -35,8 +35,8 @@ diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./m CSRCS = \ dbmshim.c \ diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn ---- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100 -+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200 +--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2010-02-27 16:42:52.213902231 -0800 ++++ ./mozilla/security/nss/lib/softoken/manifest.mn 2010-02-27 16:43:34.040776788 -0800 @@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" diff --git a/nss-sysinit.patch b/nss-sysinit.patch deleted file mode 100644 index 6e4eed3..0000000 --- a/nss-sysinit.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: mozilla/security/nss/lib/manifest.mn -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/manifest.mn,v -retrieving revision 1.20 -diff -u -p -r1.20 manifest.mn ---- mozilla/security/nss/lib/manifest.mn 7 Nov 2009 05:57:41 -0000 1.20 -+++ mozilla/security/nss/lib/manifest.mn 4 Dec 2009 02:27:20 -0000 -@@ -56,6 +56,7 @@ DIRS = util freebl softoken \ - pkcs12 pkcs7 smime \ - crmf jar \ - ckfw \ -+ sysinit \ - $(NULL) - - # fortcrypt is no longer built diff --git a/nss.spec b/nss.spec index 5f26c50..3298c76 100644 --- a/nss.spec +++ b/nss.spec @@ -1,24 +1,24 @@ -%global nspr_version 4.8 -%global nss_util_version 3.12.5 +%global nspr_version 4.8.4 +%global nss_util_version 3.12.6 %global nss_softokn_version 3.12.4 %global nss_softokn_fips_version 3.12.4 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools Summary: Network Security Services Name: nss -Version: 3.12.5 -Release: 9%{?dist} +Version: 3.12.6 +Release: 1%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries Requires: nspr >= %{nspr_version} -Requires: nss-util >= %{nss_util_version} +Requires: nss-util = %{nss_util_version} Requires: nss-softokn%{_isa} = %{nss_softokn_fips_version} Requires: nss-system-init BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= %{nspr_version} BuildRequires: nss-softokn-devel = %{nss_softokn_version} -BuildRequires: nss-util-devel >= %{nss_util_version} +BuildRequires: nss-util-devel = %{nss_util_version} BuildRequires: sqlite-devel BuildRequires: zlib-devel BuildRequires: pkgconfig @@ -40,14 +40,9 @@ Source9: setup-nsssysinit.sh Source12: %{name}-pem-20091210.tar.bz2 Patch2: nss-nolocalsql.patch +Patch3: renegotiate-transitional.patch +Patch4: validate-arguments.patch Patch6: nss-enable-pem.patch -Patch7: 533125-ammend.patch -Patch8: nss-sysinit.patch -Patch9: 540387.patch -Patch10: 545779.patch -Patch11: 546221.patch -Patch12: 547860.patch -Patch13: 553638.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -112,15 +107,11 @@ low level services. %setup -q %setup -q -T -D -n %{name}-%{version} -a 12 -%patch2 -p0 +%patch2 -p0 -b .nolocalsql +%patch3 -p0 -b .transitional +%patch4 -p0 -b .validate %patch6 -p0 -b .libpem -%patch7 -p0 -b .533125 -%patch8 -p0 -b .sysinit -%patch9 -p1 -b .540387 -%patch10 -p0 -b .545779 -%patch11 -p1 -b .546221 -%patch12 -p1 -b .547860 -%patch13 -p1 -b .553638 + %build @@ -242,6 +233,12 @@ rm -rf ./mozilla/tests_results cd ./mozilla/security/nss/tests/ # all.sh is the test suite script +# don't need to run all the tests when testing packaging +# nss_cycles: standard pkix upgradedb sharedb +# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains +# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr +# nss_ssl_run: cov auth stress + # Temporarily disabling the ssl test suites # until bug 539183 gets resolved %global nss_ssl_tests " " @@ -487,6 +484,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Sat Mar 06 2010 Elio Maldonado - 3.12.6-1 +- Update to 3.12.6 +- Reactivate all tests +- Patch tools to validate command line options arguments + * Mon Jan 25 2010 Elio Maldonado - 3.12.5-8 - Fix curl related regression and general patch code clean up diff --git a/sources b/sources index e499ab7..64ba459 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -51c5958153b6c01fada2e74cedc66835 nss-3.12.5-stripped.tar.bz2 +3902499c8e02b02d4944f21d3c6a839f nss-3.12.6-stripped.tar.bz2 82c2c72c961f2783c8e975a42fa939cf nss-pem-20091210.tar.bz2 a5ae49867124ac75f029a9a33af31bad blank-cert8.db 9315689bbd9f28ceebd47894f99fccbd blank-key3.db