Test build for update to nss-3.16.1
This commit is contained in:
parent
37a942df5c
commit
fef95b4814
|
@ -9,3 +9,5 @@ TestUser50.cert
|
|||
TestUser51.cert
|
||||
/nss-pem-20140125.tar.bz2
|
||||
/nss-3.16.0.tar.gz
|
||||
/nss-3.16.1.tar.gz
|
||||
/nss-pem-20140425.tar.bz2
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
|
||||
--- ./nss/lib/ssl/config.mk.disableSSL2 2013-09-25 06:57:55.000000000 -0700
|
||||
+++ ./nss/lib/ssl/config.mk 2013-11-05 16:09:47.459727948 -0800
|
||||
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
|
||||
DEFINES += -DNISCC_TEST
|
||||
endif
|
||||
|
||||
+ifdef NSS_NO_SSL2
|
||||
+DEFINES += -DNSS_NO_SSL2
|
||||
+endif
|
||||
+
|
||||
ifdef NSS_NO_PKCS11_BYPASS
|
||||
DEFINES += -DNO_PKCS11_BYPASS
|
||||
else
|
||||
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
|
||||
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2013-11-05 16:09:47.419727310 -0800
|
||||
+++ ./nss/lib/ssl/sslsock.c 2013-11-05 16:09:47.461727980 -0800
|
||||
@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
break;
|
||||
|
||||
case SSL_ENABLE_SSL2:
|
||||
+#ifdef NSS_NO_SSL2
|
||||
+ if (on) {
|
||||
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
||||
+ rv = SECFailure; /* not allowed */
|
||||
+ }
|
||||
+ break;
|
||||
+ ss->opt.enableSSL2 = on;
|
||||
+#else
|
||||
if (IS_DTLS(ss)) {
|
||||
if (on) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
if (on) {
|
||||
ss->opt.v2CompatibleHello = on;
|
||||
}
|
||||
+#endif
|
||||
ss->preferredCipher = NULL;
|
||||
if (ss->cipherSpecs) {
|
||||
PORT_Free(ss->cipherSpecs);
|
||||
@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
break;
|
||||
|
||||
case SSL_V2_COMPATIBLE_HELLO:
|
||||
+#ifdef NSS_NO_SSL2
|
||||
+ if (on) {
|
||||
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
||||
+ rv = SECFailure; /* not allowed */
|
||||
+ break;
|
||||
+ }
|
||||
+#else
|
||||
if (IS_DTLS(ss)) {
|
||||
if (on) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
||||
}
|
||||
break;
|
||||
}
|
||||
+#endif
|
||||
ss->opt.v2CompatibleHello = on;
|
||||
if (!on) {
|
||||
ss->opt.enableSSL2 = on;
|
||||
@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
|
||||
if (ssl_IsRemovedCipherSuite(which)) {
|
||||
rv = SECSuccess;
|
||||
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
+#ifdef NSS_NO_SSL2
|
||||
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
||||
+ rv = SECFailure; /* not allowed */
|
||||
+#else
|
||||
rv = ssl2_SetPolicy(which, policy);
|
||||
+#endif
|
||||
} else {
|
||||
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
diff -up ./nss/tests/ssl/ssl.sh.disableSSL2 ./nss/tests/ssl/ssl.sh
|
||||
--- ./nss/tests/ssl/ssl.sh.disableSSL2 2013-09-25 06:57:55.000000000 -0700
|
||||
+++ ./nss/tests/ssl/ssl.sh 2013-11-03 16:43:48.905914207 -0800
|
||||
@@ -278,6 +278,9 @@ ssl_cov()
|
||||
echo "${testname}" | grep "SSL2" > /dev/null
|
||||
SSL2=$?
|
||||
|
||||
+ # skip export and ssl2 tests when build has disabled SSL2
|
||||
+ if [ "${NSS_NO_SSL2}" = 1 ] && [ -n ${EXP} -o -n ${SSL2} ] && continue
|
||||
+
|
||||
if [ "${SSL2}" -eq 0 ] ; then
|
||||
# We cannot use asynchronous cert verification with SSL2
|
||||
SSL2_FLAGS=-O
|
|
@ -0,0 +1,123 @@
|
|||
diff -up ./nss/lib/certdb/certi.h.1034409 ./nss/lib/certdb/certi.h
|
||||
--- ./nss/lib/certdb/certi.h.1034409 2014-01-03 11:59:10.000000000 -0800
|
||||
+++ ./nss/lib/certdb/certi.h 2014-02-20 08:46:10.345136599 -0800
|
||||
@@ -116,11 +116,16 @@ struct CRLDPCacheStr {
|
||||
#else
|
||||
PRLock* lock;
|
||||
#endif
|
||||
- CERTCertificate* issuer; /* issuer cert
|
||||
- XXX there may be multiple issuer certs,
|
||||
- with different validity dates. Also
|
||||
- need to deal with SKID/AKID . See
|
||||
- bugzilla 217387, 233118 */
|
||||
+ SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference
|
||||
+ to the actual cert so the trust can be
|
||||
+ updated on the cert automatically.
|
||||
+ XXX there may be multiple issuer certs,
|
||||
+ with different validity dates. Also
|
||||
+ need to deal with SKID/AKID . See
|
||||
+ bugzilla 217387, 233118 */
|
||||
+
|
||||
+ CERTCertDBHandle *dbHandle;
|
||||
+
|
||||
SECItem* subject; /* DER of issuer subject */
|
||||
SECItem* distributionPoint; /* DER of distribution point. This may be
|
||||
NULL when distribution points aren't
|
||||
@@ -172,7 +177,7 @@ struct CRLIssuerCacheStr {
|
||||
NSSRWLock* lock;
|
||||
CRLDPCache** dps;
|
||||
PLHashTable* distributionpoints;
|
||||
- CERTCertificate* issuer;
|
||||
+ CERTCertificate* issuer; /* This should be the DER Cert, not a cert handle */
|
||||
#endif
|
||||
};
|
||||
|
||||
diff -up ./nss/lib/certdb/crl.c.1034409 ./nss/lib/certdb/crl.c
|
||||
--- ./nss/lib/certdb/crl.c.1034409 2014-01-03 11:59:10.000000000 -0800
|
||||
+++ ./nss/lib/certdb/crl.c 2014-02-20 08:49:30.835466687 -0800
|
||||
@@ -1123,9 +1123,9 @@ static SECStatus DPCache_Destroy(CRLDPCa
|
||||
PORT_Free(cache->crls);
|
||||
}
|
||||
/* destroy the cert */
|
||||
- if (cache->issuer)
|
||||
+ if (cache->issuerDERCert)
|
||||
{
|
||||
- CERT_DestroyCertificate(cache->issuer);
|
||||
+ SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE);
|
||||
}
|
||||
/* free the subject */
|
||||
if (cache->subject)
|
||||
@@ -1571,14 +1571,20 @@ static SECStatus CachedCrl_Verify(CRLDPC
|
||||
else
|
||||
{
|
||||
SECStatus signstatus = SECFailure;
|
||||
- if (cache->issuer)
|
||||
+ if (cache->issuerDERCert)
|
||||
{
|
||||
- signstatus = CERT_VerifyCRL(crlobject->crl, cache->issuer, vfdate,
|
||||
+ CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle,
|
||||
+ cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);
|
||||
+
|
||||
+ if (issuer) {
|
||||
+ signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate,
|
||||
wincx);
|
||||
+ CERT_DestroyCertificate(issuer);
|
||||
+ }
|
||||
}
|
||||
if (SECSuccess != signstatus)
|
||||
{
|
||||
- if (!cache->issuer)
|
||||
+ if (!cache->issuerDERCert)
|
||||
{
|
||||
/* we tried to verify without an issuer cert . This is
|
||||
because this CRL came through a call to SEC_FindCrlByName.
|
||||
@@ -1925,15 +1931,16 @@ static SECStatus DPCache_GetUpToDate(CRL
|
||||
}
|
||||
|
||||
/* add issuer certificate if it was previously unavailable */
|
||||
- if (issuer && (NULL == cache->issuer) &&
|
||||
+ if (issuer && (NULL == cache->issuerDERCert) &&
|
||||
(SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN)))
|
||||
{
|
||||
/* if we didn't have a valid issuer cert yet, but we do now. add it */
|
||||
DPCache_LockWrite();
|
||||
- if (!cache->issuer)
|
||||
+ if (!cache->issuerDERCert)
|
||||
{
|
||||
dirty = PR_TRUE;
|
||||
- cache->issuer = CERT_DupCertificate(issuer);
|
||||
+ cache->dbHandle = issuer->dbhandle;
|
||||
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
|
||||
}
|
||||
DPCache_UnlockWrite();
|
||||
}
|
||||
@@ -1944,7 +1951,7 @@ static SECStatus DPCache_GetUpToDate(CRL
|
||||
SEC_FindCrlByName, or through manual insertion, rather than through a
|
||||
certificate verification (CERT_CheckCRL) */
|
||||
|
||||
- if (cache->issuer && vfdate )
|
||||
+ if (cache->issuerDERCert && vfdate )
|
||||
{
|
||||
mustunlock = PR_FALSE;
|
||||
/* re-process all unverified CRLs */
|
||||
@@ -2201,7 +2208,8 @@ static SECStatus DPCache_Create(CRLDPCac
|
||||
}
|
||||
if (issuer)
|
||||
{
|
||||
- cache->issuer = CERT_DupCertificate(issuer);
|
||||
+ cache->dbHandle = issuer->dbhandle;
|
||||
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
|
||||
}
|
||||
cache->distributionPoint = SECITEM_DupItem(dp);
|
||||
cache->subject = SECITEM_DupItem(subject);
|
||||
diff -up ./nss/tests/chains/chains.sh.1034409 ./nss/tests/chains/chains.sh
|
||||
--- ./nss/tests/chains/chains.sh.1034409 2014-02-20 08:16:34.867686934 -0800
|
||||
+++ ./nss/tests/chains/chains.sh 2014-02-20 08:34:35.149603340 -0800
|
||||
@@ -974,6 +974,7 @@ check_ocsp()
|
||||
OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
|
||||
OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/")
|
||||
|
||||
+ echo "Cert = ${CERT_NICK}.cert"
|
||||
echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
|
||||
tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
|
||||
return $?
|
|
@ -0,0 +1,78 @@
|
|||
diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c
|
||||
--- nss/lib/pk11wrap/pk11pars.c.fips 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/lib/pk11wrap/pk11pars.c 2013-07-10 18:54:16.733465910 -0700
|
||||
@@ -150,6 +150,10 @@ SECMOD_CreateModule(const char *library,
|
||||
}
|
||||
mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc);
|
||||
mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc);
|
||||
+ /* if the system FIPS mode is enabled, force FIPS to be on */
|
||||
+ if (SECMOD_GetSystemFIPSEnabled()) {
|
||||
+ mod->isFIPS = PR_TRUE;
|
||||
+ }
|
||||
mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc);
|
||||
slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc);
|
||||
mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams,
|
||||
diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c
|
||||
--- nss/lib/pk11wrap/pk11util.c.fips 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/lib/pk11wrap/pk11util.c 2013-07-10 18:54:16.734465927 -0700
|
||||
@@ -95,6 +95,25 @@ SECMOD_Shutdown()
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
+int SECMOD_GetSystemFIPSEnabled(void) {
|
||||
+#ifdef LINUX
|
||||
+ FILE *f;
|
||||
+ char d;
|
||||
+ size_t size;
|
||||
+
|
||||
+ f = fopen("/proc/sys/crypto/fips_enabled", "r");
|
||||
+ if (!f)
|
||||
+ return 0;
|
||||
+
|
||||
+ size = fread(&d, 1, 1, f);
|
||||
+ fclose(f);
|
||||
+ if (size != 1)
|
||||
+ return 0;
|
||||
+ if (d == '1')
|
||||
+ return 1;
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
/*
|
||||
* retrieve the internal module
|
||||
@@ -417,7 +436,7 @@ SECMOD_DeleteInternalModule(const char *
|
||||
SECMODModuleList **mlpp;
|
||||
SECStatus rv = SECFailure;
|
||||
|
||||
- if (pendingModule) {
|
||||
+ if (SECMOD_GetSystemFIPSEnabled() || pendingModule) {
|
||||
PORT_SetError(SEC_ERROR_MODULE_STUCK);
|
||||
return rv;
|
||||
}
|
||||
@@ -888,7 +907,7 @@ SECMOD_DestroyModuleList(SECMODModuleLis
|
||||
PRBool
|
||||
SECMOD_CanDeleteInternalModule(void)
|
||||
{
|
||||
- return (PRBool) (pendingModule == NULL);
|
||||
+ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
|
||||
}
|
||||
|
||||
/*
|
||||
diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h
|
||||
--- nss/lib/pk11wrap/secmodi.h.fips 2013-07-10 18:55:06.358298154 -0700
|
||||
+++ nss/lib/pk11wrap/secmodi.h 2013-07-10 18:56:52.050069372 -0700
|
||||
@@ -116,7 +116,12 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
|
||||
CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
|
||||
SECItem **param, SECItem *pwd, PRBool faulty3DES);
|
||||
|
||||
-
|
||||
+/* Get the state of the system FIPS mode */
|
||||
+/* NSS uses this to force FIPS mode if the system bit is on. Applications which
|
||||
+ * use the SECMOD_CanDeleteInteral() to check to see if they can switch to or
|
||||
+ * from FIPS mode will automatically be told that they can't swith out of FIPS
|
||||
+ * mode */
|
||||
+int SECMOD_GetSystemFIPSEnabled();
|
||||
|
||||
extern void pk11sdr_Init(void);
|
||||
extern void pk11sdr_Shutdown(void);
|
|
@ -0,0 +1,42 @@
|
|||
diff -up ./nss/lib/softoken/fipstokn.c.allow_level1 ./nss/lib/softoken/fipstokn.c
|
||||
--- ./nss/lib/softoken/fipstokn.c.allow_level1 2013-10-11 11:47:31.265670032 -0700
|
||||
+++ ./nss/lib/softoken/fipstokn.c 2013-10-11 11:58:12.730655827 -0700
|
||||
@@ -97,6 +97,7 @@ libaudit_init(void)
|
||||
* ******************** Password Utilities *******************************
|
||||
*/
|
||||
static PRBool isLoggedIn = PR_FALSE;
|
||||
+static PRBool isLevel2 = PR_TRUE;
|
||||
PRBool sftk_fatalError = PR_FALSE;
|
||||
|
||||
/*
|
||||
@@ -197,7 +198,7 @@ static CK_RV sftk_newPinCheck(CK_CHAR_PT
|
||||
static CK_RV sftk_fipsCheck(void) {
|
||||
if (sftk_fatalError)
|
||||
return CKR_DEVICE_ERROR;
|
||||
- if (!isLoggedIn)
|
||||
+ if (isLevel2 && !isLoggedIn)
|
||||
return CKR_USER_NOT_LOGGED_IN;
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -498,6 +499,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve
|
||||
return crv;
|
||||
}
|
||||
nsf_init = PR_TRUE;
|
||||
+ isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -552,8 +554,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID,
|
||||
CHECK_FORK();
|
||||
|
||||
crv = NSC_GetTokenInfo(slotID,pInfo);
|
||||
- if (crv == CKR_OK)
|
||||
- pInfo->flags |= CKF_LOGIN_REQUIRED;
|
||||
+ if (crv == CKR_OK) {
|
||||
+ if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
|
||||
+ isLevel2 = PR_FALSE;
|
||||
+ }
|
||||
+ }
|
||||
return crv;
|
||||
|
||||
}
|
|
@ -0,0 +1,116 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
softokn3 - Requires full dynamic linking
|
||||
freebl3 - for internal use only (and glibc for self-integrity check)
|
||||
nssdbm3 - for internal use only
|
||||
Dymamically linked
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-softokn`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-softokn`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
echo $libdirs
|
||||
fi
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-SOFTOKN
|
||||
Description: Network Security Services Softoken PKCS #11 Module
|
||||
Version: %SOFTOKEN_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
|
||||
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
|
||||
Cflags: -I${includedir}
|
|
@ -0,0 +1,118 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-util-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
nssutil
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
lib_nssutil=yes
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-util`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-util`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
if test -n "$lib_nssutil"; then
|
||||
libdirs="$libdirs -lnssutil${major_version}"
|
||||
fi
|
||||
echo $libdirs
|
||||
fi
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-UTIL
|
||||
Description: Network Security Services Utility Library
|
||||
Version: %NSSUTIL_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%
|
||||
Libs: -L${libdir} -lnssutil3
|
||||
Cflags: -I${includedir}
|
437
nss.spec
437
nss.spec
|
@ -1,9 +1,12 @@
|
|||
%global nspr_version 4.10.4
|
||||
%global nss_util_version 3.16.0
|
||||
%global nss_softokn_version 3.16.0
|
||||
%global nspr_version 4.10.5
|
||||
%global nss_util_version 3.16.1
|
||||
%global nss_softokn_version 3.16.1
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
|
||||
|
||||
%global saved_files_dir %{_libdir}/nss/saved
|
||||
|
||||
|
||||
# solution taken from icedtea-web.spec
|
||||
%define multilib_arches ppc64 sparc64 x86_64 ppc64le
|
||||
%ifarch %{multilib_arches}
|
||||
|
@ -12,14 +15,33 @@
|
|||
%define alt_ckbi libnssckbi.so
|
||||
%endif
|
||||
|
||||
# Produce .chk files for the final stripped binaries
|
||||
#
|
||||
# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
|
||||
# against the freebl that we just built. This is necessary
|
||||
# because the signing algorithm changed on 3.14 to DSA2 with SHA256
|
||||
# whereas we previously signed with DSA and SHA1. We must Keep this line
|
||||
# until all mock platforms have been updated.
|
||||
# After %%{__os_install_post} we would add
|
||||
# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
|
||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
|
||||
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
|
||||
%{nil}
|
||||
|
||||
|
||||
# Define if using a source archive like "nss-version.with.ckbi.version".
|
||||
# To "disable", add "#" to start of line, AND a space after "%".
|
||||
#% define nss_ckbi_suffix .with.ckbi.1.93
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.16.0
|
||||
Release: 1%{?dist}
|
||||
Version: 3.16.1
|
||||
Release: 0.20140425.0%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -34,8 +56,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
# TODO: revert to same version as nss once we are done with the merge
|
||||
# Using '>=' but on RHEL the requires should be '='
|
||||
BuildRequires: nss-softokn-devel >= %{nss_softokn_version}
|
||||
BuildRequires: nss-util-devel >= %{nss_util_version}
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig
|
||||
|
@ -57,7 +77,7 @@ Source7: blank-key4.db
|
|||
Source8: system-pkcs11.txt
|
||||
Source9: setup-nsssysinit.sh
|
||||
Source10: PayPalEE.cert
|
||||
Source12: %{name}-pem-20140125.tar.bz2
|
||||
Source12: %{name}-pem-20140425.tar.bz2
|
||||
Source17: TestCA.ca.cert
|
||||
Source18: TestUser50.cert
|
||||
Source19: TestUser51.cert
|
||||
|
@ -77,7 +97,6 @@ Patch16: nss-539183.patch
|
|||
Patch18: nss-646045.patch
|
||||
# must statically link pem against the freebl in the buildroot
|
||||
# Needed only when freebl on tree has new APIS
|
||||
Patch25: nsspem-use-system-freebl.patch
|
||||
# TODO: Remove this patch when the ocsp test are fixed
|
||||
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
||||
|
@ -92,7 +111,34 @@ Patch49: nss-skip-bltest-and-fipstest.patch
|
|||
# to be searched for for header files. This ensures a build even when system
|
||||
# headers are older. Such is the case when starting an update with API changes or even private export changes.
|
||||
# Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it.
|
||||
Patch50: iquote.patch
|
||||
Patch55: enable-fips-when-system-is-in-fips-mode.patch
|
||||
# rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
|
||||
Patch56: p-ignore-setpolicy.patch
|
||||
#Patch61: nss-ecc-list-3.15.3.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=921684
|
||||
Patch62: dont-hold-issuer-cert-handles-in-crl-cache.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=977673
|
||||
#Patch63: dont-disable-internal-module.patch
|
||||
|
||||
|
||||
#Source100: %{name}-%{version}.tar.gz
|
||||
|
||||
#Source101: nss-split-util.sh
|
||||
Source102: nss-util.pc.in
|
||||
Source103: nss-util-config.in
|
||||
|
||||
#Patch103: nss-util-ecc-list-3.15.3.patch
|
||||
|
||||
|
||||
|
||||
#Source200: %{name}-%{version}.tar.gz
|
||||
|
||||
#Source201: nss-split-softokn.sh
|
||||
Source202: nss-softokn.pc.in
|
||||
Source203: nss-softokn-config.in
|
||||
|
||||
Patch211: nss-softokn-allow-level1.patch
|
||||
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -101,6 +147,93 @@ server applications. Applications built with NSS can support SSL v2
|
|||
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
|
||||
v3 certificates, and other security standards.
|
||||
|
||||
%package util
|
||||
Summary: Network Security Services Utilities Library
|
||||
Group: System Environment/Libraries
|
||||
Requires: nspr >= %{nspr_version}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: gawk
|
||||
BuildRequires: psmisc
|
||||
BuildRequires: perl
|
||||
|
||||
%description util
|
||||
Utilities for Network Security Services and the Softoken module
|
||||
|
||||
# We shouln't need to have a devel subpackage as util will be used in the
|
||||
# context of nss or nss-softoken. keeping to please rpmlint.
|
||||
#
|
||||
%package util-devel
|
||||
Summary: Development libraries for Network Security Services Utilities
|
||||
Group: Development/Libraries
|
||||
Requires: nss-util = %{version}-%{release}
|
||||
Requires: nspr-devel >= %{nspr_version}
|
||||
Requires: pkgconfig
|
||||
|
||||
%description util-devel
|
||||
Header and library files for doing development with Network Security Services.
|
||||
|
||||
|
||||
|
||||
%package softokn
|
||||
Summary: Network Security Services Softoken Module
|
||||
Group: System Environment/Libraries
|
||||
Requires: nspr >= %{nspr_version}
|
||||
Requires: nss-util >= %{nss_util_version}
|
||||
Requires: nss-softokn-freebl%{_isa} >= %{version}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: gawk
|
||||
BuildRequires: psmisc
|
||||
BuildRequires: perl
|
||||
|
||||
%description softokn
|
||||
Network Security Services Softoken Cryptographic Module
|
||||
|
||||
%package softokn-freebl
|
||||
Summary: Freebl library for the Network Security Services
|
||||
Group: System Environment/Base
|
||||
Conflicts: nss < 3.12.2.99.3-5
|
||||
Conflicts: prelink < 0.4.3
|
||||
Conflicts: filesystem < 3
|
||||
|
||||
%description softokn-freebl
|
||||
NSS Softoken Cryptographic Module Freelb Library
|
||||
|
||||
Install the nss-softokn-freebl package if you need the freebl
|
||||
library.
|
||||
|
||||
%package softokn-freebl-devel
|
||||
Summary: Header and Library files for doing development with the Freebl library for NSS
|
||||
Group: System Environment/Base
|
||||
Provides: nss-softokn-freebl-static = %{version}-%{release}
|
||||
Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description softokn-freebl-devel
|
||||
NSS Softoken Cryptographic Module Freelb Library Development Tools
|
||||
This package supports special needs of some PKCS #11 module developers and
|
||||
is otherwise considered private to NSS. As such, the programming interfaces
|
||||
may change and the usual NSS binary compatibility commitments do not apply.
|
||||
Developers should rely only on the officially supported NSS public API.
|
||||
|
||||
%package softokn-devel
|
||||
Summary: Development libraries for Network Security Services
|
||||
Group: Development/Libraries
|
||||
Requires: nss-softokn%{?_isa} = %{version}-%{release}
|
||||
Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
|
||||
Requires: nspr-devel >= %{nspr_version}
|
||||
Requires: nss-util-devel >= %{nss_util_version}
|
||||
Requires: pkgconfig
|
||||
BuildRequires: nspr-devel >= %{nspr_version}
|
||||
|
||||
%description softokn-devel
|
||||
Header and library files for doing development with Network Security Services.
|
||||
|
||||
%package tools
|
||||
Summary: Tools for the Network Security Services
|
||||
Group: System Environment/Base
|
||||
|
@ -145,7 +278,6 @@ BuildRequires: xmlto
|
|||
%description devel
|
||||
Header and Library files for doing development with Network Security Services.
|
||||
|
||||
|
||||
%package pkcs11-devel
|
||||
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
|
||||
Group: Development/Libraries
|
||||
|
@ -175,12 +307,22 @@ low level services.
|
|||
%patch16 -p0 -b .539183
|
||||
%patch18 -p0 -b .646045
|
||||
# link pem against buildroot's freebl, essential when mixing and matching
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
%patch40 -p0 -b .noocsptest
|
||||
%patch47 -p0 -b .templates
|
||||
%patch48 -p0 -b .crypto
|
||||
%patch49 -p0 -b .skipthem
|
||||
%patch50 -p0 -b .iquote
|
||||
%patch55 -p0 -b .852023
|
||||
pushd nss
|
||||
%patch56 -p1 -b .1026677
|
||||
popd
|
||||
#%patch61 -p0 -b .ecc-lists
|
||||
%patch62 -p0 -b .1034409
|
||||
#%patch63 -p0 -b .1056036
|
||||
|
||||
#%patch103 -p0 -b .ecc_list
|
||||
|
||||
%patch211 -p0 -b .allow_level1
|
||||
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -201,6 +343,22 @@ done
|
|||
|
||||
%build
|
||||
|
||||
# partial RELRO support as a security enhancement
|
||||
LDFLAGS+=-Wl,-z,relro
|
||||
export LDFLAGS
|
||||
|
||||
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
||||
# copied to dist and the rpm install phase can find it
|
||||
# This due of the upstream changes to fix
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
||||
FREEBL_LOWHASH=1
|
||||
export FREEBL_LOWHASH
|
||||
|
||||
#FREEBL_USE_PRELINK=1
|
||||
#export FREEBL_USE_PRELINK
|
||||
|
||||
export NSS_NO_SSL2=1
|
||||
|
||||
NSS_NO_PKCS11_BYPASS=1
|
||||
export NSS_NO_PKCS11_BYPASS
|
||||
|
||||
|
@ -231,25 +389,19 @@ NSPR_LIB_DIR=%{_libdir}
|
|||
export NSPR_INCLUDE_DIR
|
||||
export NSPR_LIB_DIR
|
||||
|
||||
export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
|
||||
export NSSUTIL_LIB_DIR=%{_libdir}
|
||||
#export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
|
||||
#export NSSUTIL_LIB_DIR=%{_libdir}
|
||||
#export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
|
||||
#export FREEBL_LIB_DIR=%{_libdir}
|
||||
|
||||
export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
|
||||
export FREEBL_LIB_DIR=%{_libdir}
|
||||
export USE_SYSTEM_FREEBL=1
|
||||
export FREEBL_LIB_DIR=$RPM_BUILD_ROOT/%{_libdir}
|
||||
|
||||
#export USE_SYSTEM_FREEBL=1
|
||||
# FIXME choose one or the other style and submit a patch upstream
|
||||
# wtc has suggested using NSS_USE_SYSTEM_FREEBL
|
||||
export NSS_USE_SYSTEM_FREEBL=1
|
||||
|
||||
export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
|
||||
|
||||
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||
# use the system ones
|
||||
export USE_SYSTEM_NSSUTIL=1
|
||||
export USE_SYSTEM_SOFTOKEN=1
|
||||
|
||||
# tell the upstream build system what we are doing
|
||||
export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
||||
#export NSS_USE_SYSTEM_FREEBL=1
|
||||
#export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
|
||||
#export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||
|
||||
NSS_USE_SYSTEM_SQLITE=1
|
||||
export NSS_USE_SYSTEM_SQLITE
|
||||
|
@ -259,30 +411,15 @@ USE_64=1
|
|||
export USE_64
|
||||
%endif
|
||||
|
||||
# uncomment if the iquote patch is activated
|
||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
NSS_ENABLE_ECC=1
|
||||
export NSS_ENABLE_ECC
|
||||
|
||||
##### phase 1: remove util/freebl/softoken and low level tools
|
||||
#
|
||||
######## Remove freebl, softoken and util
|
||||
%{__rm} -rf ./mozilla/security/nss/lib/freebl
|
||||
%{__rm} -rf ./mozilla/security/nss/lib/softoken
|
||||
%{__rm} -rf ./mozilla/security/nss/lib/util
|
||||
######## Remove nss-softokn test tools
|
||||
%{__rm} -rf ./mozilla/security/nss/cmd/bltest
|
||||
%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
|
||||
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
|
||||
%{__make} -C ./nss export
|
||||
%{__make} -C ./nss/lib/freebl private_export
|
||||
%{__make} -C ./nss/lib/softoken private_export
|
||||
%{__make} -C ./nss/lib/util private_export
|
||||
|
||||
##### phase 2: build the rest of nss
|
||||
# nss supports pluggable ecc with more than suite-b
|
||||
NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
%{__make} -C ./nss
|
||||
unset NSS_BLTEST_NOT_AVAILABLE
|
||||
|
||||
# build the man pages clean
|
||||
pushd ./nss
|
||||
|
@ -293,6 +430,69 @@ popd
|
|||
%{__mkdir_p} ./dist/docs/nroff
|
||||
%{__cp} ./nss/doc/nroff/* ./dist/docs/nroff
|
||||
|
||||
# Set up our package file
|
||||
# The nspr_version and nss_util_version globals used here
|
||||
# must match the ones nss-softokn has for its Requires.
|
||||
%{__mkdir_p} ./dist/pkgconfig
|
||||
%{__cat} %{Source202} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
||||
-e "s,%%prefix%%,%{_prefix},g" \
|
||||
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
||||
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
|
||||
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
|
||||
./dist/pkgconfig/nss-softokn.pc
|
||||
|
||||
SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
|
||||
SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
|
||||
SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
|
||||
|
||||
export SOFTOKEN_VMAJOR
|
||||
export SOFTOKEN_VMINOR
|
||||
export SOFTOKEN_VPATCH
|
||||
|
||||
%{__cat} %{Source203} | sed -e "s,@libdir@,%{_libdir},g" \
|
||||
-e "s,@prefix@,%{_prefix},g" \
|
||||
-e "s,@exec_prefix@,%{_prefix},g" \
|
||||
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
||||
-e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
|
||||
-e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
|
||||
-e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
|
||||
> ./dist/pkgconfig/nss-softokn-config
|
||||
|
||||
chmod 755 ./dist/pkgconfig/nss-softokn-config
|
||||
|
||||
|
||||
# Set up our package file
|
||||
%{__mkdir_p} ./dist/pkgconfig
|
||||
%{__cat} %{Source102} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
||||
-e "s,%%prefix%%,%{_prefix},g" \
|
||||
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
||||
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
||||
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
|
||||
-e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
|
||||
./dist/pkgconfig/nss-util.pc
|
||||
|
||||
NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
|
||||
NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
|
||||
NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
|
||||
|
||||
export NSSUTIL_VMAJOR
|
||||
export NSSUTIL_VMINOR
|
||||
export NSSUTIL_VPATCH
|
||||
|
||||
%{__cat} %{Source103} | sed -e "s,@libdir@,%{_libdir},g" \
|
||||
-e "s,@prefix@,%{_prefix},g" \
|
||||
-e "s,@exec_prefix@,%{_prefix},g" \
|
||||
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
||||
-e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
|
||||
-e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
|
||||
-e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
|
||||
> ./dist/pkgconfig/nss-util-config
|
||||
|
||||
chmod 755 ./dist/pkgconfig/nss-util-config
|
||||
|
||||
|
||||
# Set up our package file
|
||||
# The nspr_version and nss_{util|softokn}_version globals used
|
||||
# here match the ones nss has for its Requires.
|
||||
|
@ -359,6 +559,10 @@ if [ $DISABLETEST -eq 1 ]; then
|
|||
fi
|
||||
|
||||
# Begin -- copied from the build section
|
||||
|
||||
# inform the ssl test scripts that SSL2 is disabled
|
||||
#export NSS_NO_SSL2=1
|
||||
|
||||
FREEBL_NO_DEPEND=1
|
||||
export FREEBL_NO_DEPEND
|
||||
|
||||
|
@ -370,7 +574,7 @@ USE_64=1
|
|||
export USE_64
|
||||
%endif
|
||||
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
#export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
|
||||
# needed for the fips manging test
|
||||
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||
|
@ -447,11 +651,15 @@ echo "test suite completed"
|
|||
# There is no make install target so we'll do it ourselves.
|
||||
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/nss3
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
|
||||
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
||||
|
@ -460,7 +668,7 @@ touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
|
|||
%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so
|
||||
|
||||
# Copy the binary libraries we want
|
||||
for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
for file in libsoftokn3.so libnssdbm3.so libfreebl3.so libnssutil3.so libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
@ -489,23 +697,43 @@ do
|
|||
done
|
||||
|
||||
# Copy the binaries we ship as unsupported
|
||||
for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
for file in bltest fipstest shlibsign atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
done
|
||||
|
||||
# Copy some freebl include files we also want
|
||||
for file in blapi.h alghmac.h
|
||||
do
|
||||
%{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||
done
|
||||
|
||||
# Copy the include files we want
|
||||
for file in dist/public/nss/*.h
|
||||
do
|
||||
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||
done
|
||||
|
||||
# Copy the static freebl library
|
||||
for file in libfreebl.a
|
||||
do
|
||||
%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
||||
# Copy the package configuration files
|
||||
%{__install} -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
|
||||
%{__install} -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
|
||||
|
||||
# Copy the template files we want
|
||||
for file in dist/private/nss/nssck.api
|
||||
for file in dist/private/nss/nssck.api dist/private/nss/templates.c
|
||||
do
|
||||
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
||||
done
|
||||
|
||||
# Copy the package configuration files
|
||||
%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
|
||||
%{__install} -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
|
||||
|
||||
# Copy the package configuration files
|
||||
%{__install} -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
|
||||
%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
|
||||
|
@ -729,8 +957,107 @@ fi
|
|||
%{_libdir}/libnssb.a
|
||||
%{_libdir}/libnssckfw.a
|
||||
|
||||
%files softokn
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libnssdbm3.so
|
||||
%{_libdir}/libnssdbm3.chk
|
||||
%{_libdir}/libsoftokn3.so
|
||||
%{_libdir}/libsoftokn3.chk
|
||||
# shared with nss-tools
|
||||
%dir %{_libdir}/nss
|
||||
%dir %{saved_files_dir}
|
||||
%dir %{unsupported_tools_directory}
|
||||
%{unsupported_tools_directory}/bltest
|
||||
%{unsupported_tools_directory}/fipstest
|
||||
%{unsupported_tools_directory}/shlibsign
|
||||
|
||||
%files softokn-freebl
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libfreebl3.so
|
||||
%{_libdir}/libfreebl3.chk
|
||||
|
||||
%files softokn-freebl-devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libfreebl.a
|
||||
%{_includedir}/nss3/blapi.h
|
||||
%{_includedir}/nss3/blapit.h
|
||||
%{_includedir}/nss3/alghmac.h
|
||||
|
||||
%files softokn-devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/pkgconfig/nss-softokn.pc
|
||||
%{_bindir}/nss-softokn-config
|
||||
|
||||
# co-owned with nss
|
||||
%dir %{_includedir}/nss3
|
||||
#
|
||||
# The following headers are those exported public in
|
||||
# nss/lib/freebl/manifest.mn and
|
||||
# nss/lib/softoken/manifest.mn
|
||||
#
|
||||
# The following list is short because many headers, such as
|
||||
# the pkcs #11 ones, have been provided by nss-util-devel
|
||||
# which installed them before us.
|
||||
#
|
||||
%{_includedir}/nss3/ecl-exp.h
|
||||
%{_includedir}/nss3/nsslowhash.h
|
||||
%{_includedir}/nss3/shsign.h
|
||||
|
||||
|
||||
%files util
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libnssutil3.so
|
||||
|
||||
%files util-devel
|
||||
%defattr(-,root,root)
|
||||
# package configuration files
|
||||
%{_libdir}/pkgconfig/nss-util.pc
|
||||
%{_bindir}/nss-util-config
|
||||
|
||||
# co-owned with nss
|
||||
%dir %{_includedir}/nss3
|
||||
# these are marked as public export in nss/lib/util/manifest.mk
|
||||
%{_includedir}/nss3/base64.h
|
||||
%{_includedir}/nss3/ciferfam.h
|
||||
%{_includedir}/nss3/hasht.h
|
||||
%{_includedir}/nss3/nssb64.h
|
||||
%{_includedir}/nss3/nssb64t.h
|
||||
%{_includedir}/nss3/nsslocks.h
|
||||
%{_includedir}/nss3/nssilock.h
|
||||
%{_includedir}/nss3/nssilckt.h
|
||||
%{_includedir}/nss3/nssrwlk.h
|
||||
%{_includedir}/nss3/nssrwlkt.h
|
||||
%{_includedir}/nss3/nssutil.h
|
||||
%{_includedir}/nss3/pkcs11.h
|
||||
%{_includedir}/nss3/pkcs11f.h
|
||||
%{_includedir}/nss3/pkcs11n.h
|
||||
%{_includedir}/nss3/pkcs11p.h
|
||||
%{_includedir}/nss3/pkcs11t.h
|
||||
%{_includedir}/nss3/pkcs11u.h
|
||||
%{_includedir}/nss3/portreg.h
|
||||
%{_includedir}/nss3/secasn1.h
|
||||
%{_includedir}/nss3/secasn1t.h
|
||||
%{_includedir}/nss3/seccomon.h
|
||||
%{_includedir}/nss3/secder.h
|
||||
%{_includedir}/nss3/secdert.h
|
||||
%{_includedir}/nss3/secdig.h
|
||||
%{_includedir}/nss3/secdigt.h
|
||||
%{_includedir}/nss3/secerr.h
|
||||
%{_includedir}/nss3/secitem.h
|
||||
%{_includedir}/nss3/secoid.h
|
||||
%{_includedir}/nss3/secoidt.h
|
||||
%{_includedir}/nss3/secport.h
|
||||
%{_includedir}/nss3/utilmodt.h
|
||||
%{_includedir}/nss3/utilpars.h
|
||||
%{_includedir}/nss3/utilparst.h
|
||||
%{_includedir}/nss3/utilrename.h
|
||||
%{_includedir}/nss3/templates/templates.c
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Apr 26 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-0.20140425.0
|
||||
- Test build for update to nss-3.16.1
|
||||
|
||||
* Tue Mar 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.0-1
|
||||
- Update to nss-3.16.0
|
||||
- Cleanup the copying of the tools man pages
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
|
||||
--- a/lib/ssl/sslsock.c
|
||||
+++ b/lib/ssl/sslsock.c
|
||||
@@ -1252,25 +1252,22 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt3
|
||||
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
NSS_SetDomesticPolicy(void)
|
||||
{
|
||||
- SECStatus status = SECSuccess;
|
||||
const PRUint16 *cipher;
|
||||
|
||||
for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
|
||||
- status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
|
||||
- if (status != SECSuccess)
|
||||
- break;
|
||||
+ SSL_SetPolicy(*cipher, SSL_ALLOWED);
|
||||
}
|
||||
- return status;
|
||||
+ return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
NSS_SetExportPolicy(void)
|
||||
{
|
||||
return NSS_SetDomesticPolicy();
|
||||
}
|
||||
|
2
sources
2
sources
|
@ -9,3 +9,5 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
|
|||
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
|
||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||
6a60df5c01f6c4ed8dbdbe85cf818a28 nss-3.16.0.tar.gz
|
||||
30f4665aea605d4f3d2be6713a3e2da6 nss-3.16.1.tar.gz
|
||||
af25066db4f9940c0845121039cde826 nss-pem-20140425.tar.bz2
|
||||
|
|
Loading…
Reference in New Issue