Merge branch 'f16' into f15

- Patch coreconf/Linux.mk as done on RHEL 6.2

.gitignore

@@ -4,48 +4,5 @@ blank-secmod.db
 blank-cert9.db
 blank-key4.db
 PayPalEE.cert
-TestCA.ca.cert
-TestUser50.cert
-TestUser51.cert
-/PayPalRootCA.cert
-/PayPalICA.cert
-/nss-3.25.0.tar.gz
-/nss-3.26.0.tar.gz
-/nss-3.27.0.tar.gz
-/nss-3.27.2.tar.gz
-/nss-3.28.1.tar.gz
-/nss-3.29.0.tar.gz
-/nss-3.29.1.tar.gz
-/nss-3.30.0.tar.gz
-/nss-3.30.2.tar.gz
-/nss-3.31.0.tar.gz
-/nss-3.32.0.tar.gz
-/nss-3.32.1.tar.gz
-/nss-3.33.0.tar.gz
-/nss-3.34.0.tar.gz
-/nss-3.35.0.tar.gz
-/nss-3.36.0.tar.gz
-/nss-3.36.1.tar.gz
-/nss-3.37.1.tar.gz
-/nss-3.37.3.tar.gz
-/nss-3.38.0.tar.gz
-/nss-3.39.tar.gz
-/nss-3.40.1.tar.gz
-/nss-3.41.tar.gz
-/nss-3.42.tar.gz
-/nss-3.42.1.tar.gz
-/nss-3.43.tar.gz
-/nss-3.44.tar.gz
-/nss-3.44.1.tar.gz
-/nss-3.45.tar.gz
-/nss-3.46.tar.gz
-/nss-3.46.1.tar.gz
-/nss-3.47.tar.gz
-/nss-3.47.1.tar.gz
-/nss-3.48.tar.gz
-/nss-3.49.tar.gz
-/nss-3.49.2.tar.gz
-/nss-3.50.tar.gz
-/nss-3.51.tar.gz
-/nss-3.51.1.tar.gz
-/nss-3.52.tar.gz
+/nss-3.13.4-stripped.tar.bz2
+/nss-pem-20120402.tar.bz2

Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch

@@ -0,0 +1,27 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1	2011-10-19 17:41:09.148204402 -0700
++++ ./mozilla/security/nss/lib/nss/nssinit.c	2011-10-19 17:42:32.354416861 -0700
+@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
+ 	passwordRequired = pk11_password_required;
+     }
+ 
+-    /* we always try to initialize the modules */
+-    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
++    /* Skip the module init if we are already initted and we are trying
++     * to init with not noCertDB and noModDB */
++    if (!(isReallyInitted && noCertDB && noModDB)) {
++	/* we always try to initialize the modules */
++	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
+ 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
+ 		updateName, configName, configStrings, passwordRequired,
+ 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
+ 		(initContextPtr != NULL));
+ 
+-    if (rv != SECSuccess) {
+-	goto loser;
++	if (rv != SECSuccess) {
++	    goto loser;
++	}
+     }
+ 
+ 

Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch

@@ -0,0 +1,15 @@
+diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
+--- ./mozilla/security/nss/lib/nss/nssinit.c.800682	2012-03-07 17:34:50.846174813 -0800
++++ ./mozilla/security/nss/lib/nss/nssinit.c	2012-03-07 17:36:12.545753433 -0800
+@@ -1151,6 +1151,11 @@ SECStatus
+ NSS_Shutdown(void)
+ {
+     SECStatus rv;
++    /* make sure our lock and condition variable are initialized one and only
++     * one time */ 
++    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++	return SECFailure;
++    }
+     PZ_Lock(nssInitLock);
+ 
+     if (!nssIsInitted) {

STAGE2-nss

@@ -1,68 +0,0 @@
-#requires nspr
-#requires perl
-#requires nss-util
-#requires nss-softokn
-
-mcd $BUILDDIR/nss
-
-export BUILD_OPT=1
-export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
-export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-export NSPR_INCLUDE_DIR=/usr/include/nspr
-export NSPR_LIB_DIR=/usr/lib${SUFFIX}
-export NSS_USE_SYSTEM_SQLITE=1
-export NSS_BUILD_WITHOUT_SOFTOKEN=1
-export USE_SYSTEM_SOFTOKEN=1
-export SOFTOKEN_LIB_DIR=/usr/lib${SUFFIX}
-export NSSUTIL_INCLUDE_DIR=/usr/include/nss3
-export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX}
-export USE_SYSTEM_NSSUTIL=1
-export FREEBL_INCLUDE_DIR=/usr/include/nss3
-export FREEBL_LIB_DIR=/usr/lib${SUFFIX}
-export USE_SYSTEM_FREEBL=1
-export NSS_USE_SYSTEM_FREEBL=1
-export FREEBL_NO_DEPEND=1
-export IN_TREE_FREEBL_HEADERS_FIRST=1
-export NSS_BLTEST_NOT_AVAILABLE=1
-export NSS_NO_SSL2_NO_EXPORT=1
-export NSS_ECC_MORE_THAN_SUITE_B=1
-export NSS_NO_PKCS11_BYPASS=1
-#export NSDISTMODE="copy"
-
-if [ "$SUFFIX" = "64" ]; then
-  USE_64=1
-  export USE_64
-fi
-
-(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp nss/lib/ckfw/nssck.api dist/private/nss/)
-
-make -C $SRC/nss-3.*/nss/coreconf
-make -C $SRC/nss-3.*/nss/lib/dbm
-
-# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
-# need nss/verref.h which is exported privately, move it to where it can be found.
-(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp -a nss/verref.h dist/private/nss/)
-
-make -C $SRC/nss-3.*/nss
-cd $SRC/nss-3.*/nss/coreconf
-make install
-cd $SRC/nss-3.*/nss/lib/dbm
-make install
-cd $SRC/nss-3.*/nss
-make install
-# Copy the binary libraries we want
-NSSLIBS="libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so"
-# BOZO: temporarily disable FIPS140 support
-#NSSLIBCHKS="libnssdbm3.chk libfreebl3.chk libsoftokn3.chk"
-NSSLIBCHKS=""
-# END BOZO
-cd $SRC/nss-3.*
-for file in $NSSLIBS $NSSLIBCHKS
-do
-  install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/
-done
-# Copy the include files we want
-for file in $SRC/nss-*/dist/public/nss/*.h
-do
-  install -p -m 644 $file /usr/include/nss3/
-done

add-relro-linker-option.patch

@@ -0,0 +1,16 @@
+diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
+--- mozilla/security/coreconf/Linux.mk.relro	2010-08-12 18:32:29.000000000 -0700
++++ mozilla/security/coreconf/Linux.mk	2011-09-27 16:12:22.234743170 -0700
+@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
+ endif
+ endif
+ 
++# harden DSOs/executables a bit against exploits
++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
++DSO_LDOPTS+=-Wl,-z,relro
++LDFLAGS	+= -Wl,-z,relro
++endif
++
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+ 

builtins-nssckbi_1_88_rtm.patch

@@ -0,0 +1,637 @@
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188	2011-11-03 13:52:25.634021626 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c	2011-11-03 13:54:04.872021278 -0700
+@@ -35,7 +35,7 @@
+  *
+  * ***** END LICENSE BLOCK ***** */
+ #ifdef DEBUG
+-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $";
++static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $";
+ #endif /* DEBUG */
+ 
+ #ifndef BUILTINS_H
+@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
+ static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
+  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+ };
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
++ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
++ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
++ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
++ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
++};
+ #ifdef DEBUG
+ static const NSSItem nss_builtins_items_0 [] = {
+   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
+   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+   { (void *)"CVS ID", (PRUint32)7 },
+   { (void *)"NSS", (PRUint32)4 },
+-  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.13 $ $Date: 2011/09/02 19:39:06 $", (PRUint32)165 }
++  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.67.2.14 $ $Date: 2011/11/03 15:12:14 $", (PRUint32)165 }
+ };
+ #endif /* DEBUG */
+ static const NSSItem nss_builtins_items_1 [] = {
+@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
+   { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
+   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+ };
++static const NSSItem nss_builtins_items_340 [] = {
++  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
++"\162\151\143\150\051"
++, (PRUint32)101 },
++  { (void *)"0", (PRUint32)2 },
++  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++  { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++  { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
++"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
++"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
++"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
++"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
++"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
++"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
++"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
++"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
++"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
++"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
++"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
++"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
++"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
++"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
++"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
++"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
++"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
++"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
++"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
++"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
++"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
++"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
++"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
++"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
++"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
++"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
++"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
++"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
++"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
++"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
++"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
++"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
++"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
++"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
++"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
++"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
++"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
++"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
++"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
++"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
++"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
++"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
++"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
++"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
++"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
++"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
++"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
++"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
++"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
++"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
++"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
++"\131"
++, (PRUint32)977 }
++};
++static const NSSItem nss_builtins_items_341 [] = {
++  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++  { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
++"\214\071\131\117"
++, (PRUint32)20 },
++  { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
++, (PRUint32)16 },
++  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++  { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
++static const NSSItem nss_builtins_items_342 [] = {
++  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++  { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
++"\105\156\162\151\143\150\051"
++, (PRUint32)103 },
++  { (void *)"0", (PRUint32)2 },
++  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++  { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++  { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
++"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
++"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
++"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
++"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
++"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
++"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
++"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
++"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
++"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
++"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
++"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
++"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
++"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
++"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
++"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
++"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
++"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
++"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
++"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
++"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
++"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
++"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
++"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
++"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
++"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
++"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
++"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
++"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
++"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
++"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
++"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
++"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
++"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
++"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
++"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
++"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
++"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
++"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
++"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
++"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
++"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
++"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
++"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
++"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
++"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
++"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
++"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
++"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
++"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
++"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
++"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
++"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
++"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
++"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
++"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
++"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
++"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
++"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
++"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
++"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
++"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
++"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
++"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
++"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
++"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
++"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
++"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
++"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
++"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
++"\355\020\342\305"
++, (PRUint32)1236 }
++};
++static const NSSItem nss_builtins_items_343 [] = {
++  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++  { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
++"\005\155\061\046"
++, (PRUint32)20 },
++  { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
++, (PRUint32)16 },
++  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++  { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
++  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
+ 
+ builtinsInternalObject
+ nss_builtins_data[] = {
+@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
+   { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
+   { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
+   { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
+-  { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
++  { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
++  { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
++  { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
++  { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
++  { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
+ };
+ const PRUint32
+ #ifdef DEBUG
+-  nss_builtins_nObjects = 339+1;
++  nss_builtins_nObjects = 343+1;
+ #else
+-  nss_builtins_nObjects = 339;
++  nss_builtins_nObjects = 343;
+ #endif /* DEBUG */
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188	2011-11-03 13:52:50.979012198 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt	2011-11-03 13:54:37.485020788 -0700
+@@ -34,7 +34,7 @@
+ # the terms of any one of the MPL, the GPL or the LGPL.
+ #
+ # ***** END LICENSE BLOCK *****
+-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.13 $ $Date: 2011/09/02 19:39:06 $"
++CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.64.2.14 $ $Date: 2011/11/03 15:12:15 $"
+ 
+ #
+ # certdata.txt
+@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSC
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
+ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
++\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
++\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
++\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
++\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
++\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
++\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
++\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
++\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
++\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
++\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
++\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
++\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
++\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
++\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
++\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
++\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
++\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
++\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
++\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
++\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
++\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
++\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
++\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
++\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
++\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
++\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
++\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
++\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
++\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
++\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
++\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
++\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
++\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
++\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
++\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
++\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
++\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
++\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
++\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
++\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
++\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
++\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
++\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
++\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
++\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
++\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
++\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
++\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
++\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
++\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
++\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
++\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
++\131
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
++\214\071\131\117
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
++\105\156\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
++\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
++\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
++\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
++\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
++\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
++\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
++\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
++\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
++\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
++\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
++\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
++\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
++\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
++\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
++\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
++\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
++\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
++\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
++\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
++\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
++\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
++\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
++\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
++\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
++\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
++\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
++\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
++\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
++\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
++\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
++\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
++\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
++\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
++\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
++\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
++\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
++\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
++\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
++\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
++\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
++\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
++\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
++\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
++\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
++\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
++\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
++\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
++\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
++\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
++\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
++\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
++\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
++\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
++\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
++\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
++\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
++\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
++\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
++\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
++\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
++\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
++\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
++\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
++\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
++\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
++\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
++\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
++\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
++\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
++\355\020\342\305
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
++\005\155\061\046
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
+--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188	2011-11-03 13:53:16.192262303 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h	2011-11-03 13:54:48.182013245 -0700
+@@ -77,8 +77,8 @@
+  * of the comment in the CK_VERSION type definition.
+  */
+ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
+-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
+-#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
++#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
++#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
+ 
+ /* These version numbers detail the semantic changes to the ckfw engine. */
+ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

bz784672-protect-against-calls-before-nss_init.patch

@@ -0,0 +1,40 @@
+diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
+--- mozilla/security/nss/lib/nss/nssinit.c.784672	2012-01-26 14:43:46.232357231 -0800
++++ mozilla/security/nss/lib/nss/nssinit.c	2012-01-26 14:50:55.830512565 -0800
+@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
+ {
+     int i;
+ 
++    /* make sure our lock and condition variable are initialized one and only
++     * one time */ 
++    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++	return SECFailure;
++    }
++
+     PZ_Lock(nssInitLock);
+     if (!NSS_IsInitialized()) {
+ 	PZ_Unlock(nssInitLock);
+@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
+ {
+     int i;
+ 
++    /* make sure our lock and condition variable are initialized one and only
++     * one time */ 
++    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++	return SECFailure;
++    }
+     PZ_Lock(nssInitLock);
+     if (!NSS_IsInitialized()) {
+ 	PZ_Unlock(nssInitLock);
+@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
+ {
+     SECStatus rv = SECSuccess;
+ 
++    /* make sure our lock and condition variable are initialized one and only
++     * one time */ 
++    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++	return SECFailure;
++    }
+     PZ_Lock(nssInitLock);
+     /* If one or more threads are in the middle of init, wait for them
+      * to complete */

cert8.db.xml

@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="cert8.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>cert8.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>cert8.db</refname>
-    <refpurpose>Legacy NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
-  <para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/cert8.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>

cert9.db.xml

@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="cert9.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>cert9.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>cert9.db</refname>
-    <refpurpose>NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
-  <para>This certificate database is the sqlite-based shared database with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/cert9.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>pkcs11.txt(5)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>

iquote.patch

@@ -1,13 +0,0 @@
-diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
---- nss/coreconf/location.mk.iquote	2017-07-27 16:09:32.000000000 +0200
-+++ nss/coreconf/location.mk	2017-09-06 13:23:14.633611555 +0200
-@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
-     SQLITE_LIB_NAME = sqlite3
- endif
- 
-+# Prefer in-tree headers over system headers
-+ifdef IN_TREE_FREEBL_HEADERS_FIRST
-+    INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
-+endif
-+
- MK_LOCATION = included

key3.db.xml

@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="key3.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>key3.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>key3.db</refname>
-    <refpurpose>Legacy NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
-  <para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which  which are the new sqlite-based shared database format with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/key3.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>

key4.db.xml

@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="key4.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>key4.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>key4.db</refname>
-    <refpurpose>NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>key4.db</emphasis> is an NSS key database.</para>
-  <para>This key database is the sqlite-based shared database format with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/key4.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>pkcs11.txt(5)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>

mozilla-crypto-strip.sh

@@ -0,0 +1,128 @@
+#!/bin/sh
+set -e
+
+if test -z $1
+then
+  echo "usage: $0 <input-tarball>"
+  exit
+fi
+
+ORIGDIR=`pwd`
+WORKDIR=nss_ecc_strip_working_dir
+EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'`
+BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'`
+COMPRESS=""
+
+if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2"
+then
+  COMPRESS="j"
+fi
+
+if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz"
+then
+  COMPRESS="z"
+fi
+
+if test "x$COMPRESS" = "x"
+then
+  echo "unable to process, input file $1 has unsupported extension"
+  exit
+fi
+
+echo "== extension is $EXTENSION - ok"
+echo "== new extension will be $JEXTENSION"
+echo "== cleaning old workdir $WORKDIR"
+
+rm -rf $WORKDIR
+mkdir $WORKDIR
+
+echo "== extracting input archive $1"
+tar -x -$COMPRESS -C $WORKDIR -f $1
+
+echo "changing into $WORKDIR"
+pushd $WORKDIR
+
+DIRCOUNT=`ls -1 | wc -l`
+if test $DIRCOUNT -ne 1
+then
+  echo "unable to process, $1 contains more than one toplevel directory"
+  exit
+fi
+
+TOPDIR=`ls -1`
+if test "x$TOPDIR" != "xmozilla"
+then
+  # try to deal with a single additional subdirectory above "mozilla"
+  echo "== skipping toplevel directory $TOPDIR"
+  cd $TOPDIR
+fi
+
+DIRCOUNT=`ls -1 | wc -l`
+if test $DIRCOUNT -ne 1
+then
+  echo "unable to process, $1 contains more than one second level directory"
+  exit
+fi
+
+SINGLEDIR=`ls -1`
+if test "x$SINGLEDIR" != "xmozilla"
+then
+  echo "unable to process, first or second level directory is not mozilla"
+  exit
+fi
+
+echo "== input archive accepted, now processing"
+
+REALFREEBLDIR=mozilla/security/nss/lib/freebl
+FREEBLDIR=./$REALFREEBLDIR
+
+rm -rf ./mozilla/security/nss/cmd/ecperf
+
+mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save
+rm -rf ${FREEBLDIR}/ecl/tests
+rm -rf ${FREEBLDIR}/ecl/CVS
+for i in ${FREEBLDIR}/ecl/* ; do
+echo clobbering $i
+ > $i
+done
+mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h
+
+for j in ${FREEBLDIR}/ec.*; do
+        echo unifdef $j
+        cat $j | \
+        awk    'BEGIN {ech=1; prt=0;} \
+                /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \
+                /^#[ \t]*if/ {if(ech < 1) ech--;} \
+                {if(ech>0) {;print $0};} \
+                /^#[ \t]*endif/ {if(ech < 1) ech++;} \
+                {if (prt && (ech<=0)) {;print $0}; } \
+                {if (ech>0) {prt=0;} } \
+                /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \
+        mv $j.hobbled $j
+done
+
+echo "== returning to original directory"
+popd
+
+JCOMPRESS=j
+JEXTENSION=.tar.bz2
+NEWARCHIVE=$BASE-stripped$JEXTENSION
+echo "== finally producing new archive $NEWARCHIVE"
+tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR
+
+echo "== all done, listing of old and new archive:"
+ls -l $1
+ls -l $NEWARCHIVE
+
+LISTING_DIR=""
+if test "x$TOPDIR" != "xmozilla"
+then
+  LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl"
+else
+  LISTING_DIR="$REALFREEBLDIR/ecl"
+fi
+
+echo "== FYI, producing listing of stripped dir in new archive"
+tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR
+
+

nofipstest.patch

@@ -0,0 +1,19 @@
+diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
+--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest	2011-12-03 22:54:40.969914919 -0800
++++ ./mozilla/security/nss/cmd/manifest.mn	2011-12-03 22:55:12.348505822 -0800
+@@ -54,7 +54,6 @@ DIRS = lib  \
+  dbtest \
+  derdump  \
+  digest  \
+- fipstest  \
+  makepqg  \
+  multinit \
+  ocspclnt  \
+@@ -84,6 +83,7 @@ DIRS = lib  \
+  $(NULL)
+ 
+ TEMPORARILY_DONT_BUILD = \
++ fipstest  \
+  $(NULL)
+ 
+ # rsaperf  \

nss-539183.patch

@@ -1,62 +1,27 @@
---- nss/cmd/httpserv/httpserv.c.539183	2016-05-21 18:31:39.879585420 -0700
-+++ nss/cmd/httpserv/httpserv.c	2016-05-21 18:37:22.374464057 -0700
-@@ -953,23 +953,23 @@
- getBoundListenSocket(unsigned short port)
- {
-     PRFileDesc *listen_sock;
-     int listenQueueDepth = 5 + (2 * maxThreads);
-     PRStatus prStatus;
-     PRNetAddr addr;
+diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
+--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183	2011-10-06 10:42:06.913919000 -0700
++++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	2011-10-06 10:43:14.858987000 -0700
+@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
      PRSocketOptionData opt;
++    PRUint16           socketDomain = PR_AF_INET;
  
 -    addr.inet.family = PR_AF_INET;
--    addr.inet.ip = PR_INADDR_ANY;
--    addr.inet.port = PR_htons(port);
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
 +    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
-+        errExit("PR_SetNetAddr");
++	errExit("PR_SetNetAddr");
 +    }
  
 -    listen_sock = PR_NewTCPSocket();
-+    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
-     if (listen_sock == NULL) {
--        errExit("PR_NewTCPSocket");
-+        errExit("PR_OpenTCPSockett");
-     }
- 
-     opt.option = PR_SockOpt_Nonblocking;
-     opt.value.non_blocking = PR_FALSE;
-     prStatus = PR_SetSocketOption(listen_sock, &opt);
-     if (prStatus < 0) {
-         PR_Close(listen_sock);
-         errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
---- nss/cmd/selfserv/selfserv.c.539183	2016-05-21 18:31:39.882585367 -0700
-+++ nss/cmd/selfserv/selfserv.c	2016-05-21 18:41:43.092801174 -0700
-@@ -1711,23 +1711,23 @@
- getBoundListenSocket(unsigned short port)
- {
-     PRFileDesc *listen_sock;
-     int listenQueueDepth = 5 + (2 * maxThreads);
-     PRStatus prStatus;
-     PRNetAddr addr;
-     PRSocketOptionData opt;
- 
--    addr.inet.family = PR_AF_INET;
--    addr.inet.ip = PR_INADDR_ANY;
--    addr.inet.port = PR_htons(port);
-+    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
-+        errExit("PR_SetNetAddr");
++    if (PR_GetEnv("NSS_USE_SDP")) {
++        socketDomain = PR_AF_INET_SDP;
 +    }
- 
--    listen_sock = PR_NewTCPSocket();
 +    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
      if (listen_sock == NULL) {
--        errExit("PR_NewTCPSocket");
+-	errExit("PR_NewTCPSocket");
 +        errExit("PR_OpenTCPSocket error");
      }
  
      opt.option = PR_SockOpt_Nonblocking;
-     opt.value.non_blocking = PR_FALSE;
-     prStatus = PR_SetSocketOption(listen_sock, &opt);
-     if (prStatus < 0) {
-         PR_Close(listen_sock);
-         errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");

nss-646045.patch

@@ -0,0 +1,34 @@
+diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
+--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot	2011-04-06 09:56:07.207701000 -0700
++++ ./mozilla/security/nss/tests/dbtests/dbtests.sh	2011-04-06 10:19:54.159552000 -0700
+@@ -201,6 +201,9 @@ dbtest_main()
+         cat $RONLY_DIR/* > /dev/null
+     fi
+ 
++    # skipping the next two tests when user is root,
++    # otherwise they would fail due to rooty powers
++    if [[ $EUID -ne 0 ]] then
+     ${BINDIR}/dbtest -d $RONLY_DIR
+     ret=$?
+     if [ $ret -ne 46 ]; then
+@@ -208,6 +211,10 @@ dbtest_main()
+     else
+       html_passed "Dbtest r/w didn't work in an readonly dir $ret" 
+     fi
++    else
++      html_passed "Skipping Dbtest r/w in a readonly dir because user is root" 
++    fi
++    if [[ $EUID -ne 0 ]] then
+     ${BINDIR}/certutil -D -n "TestUser" -d .
+     ret=$?
+     if [ $ret -ne 255 ]; then
+@@ -215,6 +222,9 @@ dbtest_main()
+     else
+         html_passed "Certutil didn't work in an readonly dir $ret"
+     fi
++    else
++      html_passed "Skipping Certutil delete cert in an readonly directory test because user is root" 
++    fi
+     
+     Echo "test opening the database ronly in a readonly directory"
+ 

nss-config.xml

@@ -1,132 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="nss-config">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>nss-config</refentrytitle>
-    <manvolnum>1</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>nss-config</refname>
-    <refpurpose>Return meta information about nss libraries</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>nss-config</command>
-      <arg><option>--prefix</option></arg>
-      <arg><option>--exec-prefix</option></arg>
-      <arg><option>--includedir</option></arg>
-      <arg><option>--libs</option></arg>
-      <arg><option>--cflags</option></arg>
-      <arg><option>--libdir</option></arg>
-      <arg><option>--version</option></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-<refsection id="description">
-    <title>Description</title>
-
-    <para><command>nss-config</command> is a shell scrip
-    tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
-
-  </refsection>
-  
-  <refsection>
-    <title>Options</title>
-    
-    <variablelist>
-      <varlistentry>
-        <term><option>--prefix</option></term>
-        <listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--exec-prefix</option></term>
-        <listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--includedir</option> <replaceable>count</replaceable></term>
-        <listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--version</option></term>
-        <listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--libs</option></term>
-        <listitem><simpara>returns the compiler linking flags.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--cflags</option></term>
-        <listitem><simpara>returns the compiler include flags.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--libdir</option></term>
-        <listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsection>
-
-  <refsection>
-    <title>Examples</title>
-
-    <para>The following example will query for both include path and linkage flags:
-    
-      <programlisting>
-        /usr/bin/nss-config --cflags --libs
-      </programlisting>
-
-    </para>
-
-   
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-
-    <para><filename>/usr/bin/nss-config</filename></para>
-
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>pkg-config(1)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss liraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>
-	Authors: Elio Maldonado &lt;emaldona@redhat.com>.
-    </para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-  </refsection>
-
-</refentry>
-

nss-enable-pem.patch

@@ -0,0 +1,12 @@
+diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
+@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
+ 
+ CORE_DEPTH = ../../..
+ 
+-DIRS = builtins 
++DIRS = builtins pem
+ 
+ PRIVATE_EXPORTS = \
+ 	ck.h		  \

nss-gcm-param-default-pkcs11v2.patch

@@ -1,21 +0,0 @@
-diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
---- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2	2020-05-13 13:44:11.312405744 -0700
-+++ ./lib/util/pkcs11n.h	2020-05-13 13:45:23.951723660 -0700
-@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
- typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
- 
- /* deprecated #defines. Drop in future NSS releases */
--#ifdef NSS_PKCS11_2_0_COMPAT
-+#ifndef NSS_PKCS11_3_0_STRICT
- 
- /* defines that were changed between NSS's PKCS #11 and the Oasis headers */
- #define CKF_EC_FP CKF_EC_F_P
-@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
- #define CKT_NETSCAPE_VALID CKT_NSS_VALID
- #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
- #else
--/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
-+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
- typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
- typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
- #endif

nss-kremlin-ppc64le.patch

@@ -1,31 +0,0 @@
-Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
-===================================================================
---- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
-+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
-@@ -56,9 +56,10 @@ typedef const char *Prims_string;
-     !defined(__clang__)
- #include <emmintrin.h>
- typedef __m128i FStar_UInt128_uint128;
--#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) &&           \
-+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
-     (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
--     (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
-+    (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
-+     defined(__s390x__))
- typedef unsigned __int128 FStar_UInt128_uint128;
- #elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
- typedef __uint128_t FStar_UInt128_uint128;
-Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
-===================================================================
---- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
-+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
-@@ -26,7 +26,8 @@
- 
- #if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
-     (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) ||             \
--     (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
-+    (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
-+     defined(__s390x__))
- 
- /* GCC + using native unsigned __int128 support */
- 

nss-p11-kit.config

@@ -1,4 +0,0 @@
-name=p11-kit-proxy
-library=p11-kit-proxy.so
-
-

nss-signtool-format.patch

@@ -1,94 +0,0 @@
-diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
---- a/cmd/modutil/install.c
-+++ b/cmd/modutil/install.c
-@@ -825,17 +825,20 @@ rm_dash_r(char *path)
- 
-         dir = PR_OpenDir(path);
-         if (!dir) {
-             return -1;
-         }
- 
-         /* Recursively delete all entries in the directory */
-         while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
--            sprintf(filename, "%s/%s", path, entry->name);
-+            if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
-+                PR_CloseDir(dir);
-+                return -1;
-+            }
-             if (rm_dash_r(filename)) {
-                 PR_CloseDir(dir);
-                 return -1;
-             }
-         }
- 
-         if (PR_CloseDir(dir) != PR_SUCCESS) {
-             return -1;
-diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
---- a/cmd/signtool/util.c
-+++ b/cmd/signtool/util.c
-@@ -132,17 +132,20 @@ rm_dash_r(char *path)
-         if (!dir) {
-             PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
-             errorCount++;
-             return -1;
-         }
- 
-         /* Recursively delete all entries in the directory */
-         while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
--            sprintf(filename, "%s/%s", path, entry->name);
-+            if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
-+                errorCount++;
-+                return -1;
-+            }
-             if (rm_dash_r(filename))
-                 return -1;
-         }
- 
-         if (PR_CloseDir(dir) != PR_SUCCESS) {
-             PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
-             errorCount++;
-             return -1;
-diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
---- a/lib/libpkix/pkix/util/pkix_list.c
-+++ b/lib/libpkix/pkix/util/pkix_list.c
-@@ -1530,17 +1530,17 @@ cleanup:
-  */
- PKIX_Error *
- PKIX_List_SetItem(
-         PKIX_List *list,
-         PKIX_UInt32 index,
-         PKIX_PL_Object *item,
-         void *plContext)
- {
--        PKIX_List *element;
-+        PKIX_List *element = NULL;
- 
-         PKIX_ENTER(LIST, "PKIX_List_SetItem");
-         PKIX_NULLCHECK_ONE(list);
- 
-         if (list->immutable){
-                 PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
-         }
- 
-diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
---- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
-+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
-@@ -102,17 +102,17 @@ cleanup:
-  */
- static PKIX_Error *
- pkix_pl_OID_Equals(
-         PKIX_PL_Object *first,
-         PKIX_PL_Object *second,
-         PKIX_Boolean *pResult,
-         void *plContext)
- {
--        PKIX_Int32 cmpResult;
-+        PKIX_Int32 cmpResult = 0;
- 
-         PKIX_ENTER(OID, "pkix_pl_OID_Equals");
-         PKIX_NULLCHECK_THREE(first, second, pResult);
- 
-         PKIX_CHECK(pkix_pl_OID_Comparator
-                     (first, second, &cmpResult, plContext),
-                     PKIX_OIDCOMPARATORFAILED);
- 

nss-softokn-config.in

@@ -1,116 +0,0 @@
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
-	cat <<EOF
-Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
-Options:
-	[--prefix[=DIR]]
-	[--exec-prefix[=DIR]]
-	[--includedir[=DIR]]
-	[--libdir[=DIR]]
-	[--version]
-	[--libs]
-	[--cflags]
-Dynamic Libraries:
-	softokn3 - Requires full dynamic linking
-	freebl3  - for internal use only (and glibc for self-integrity check)
-	nssdbm3  - for internal use only
-Dymamically linked
-EOF
-	exit $1
-}
-
-if test $# -eq 0; then
-	usage 1 1>&2
-fi
-
-while test $# -gt 0; do
-  case "$1" in
-  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  case $1 in
-    --prefix=*)
-      prefix=$optarg
-      ;;
-    --prefix)
-      echo_prefix=yes
-      ;;
-    --exec-prefix=*)
-      exec_prefix=$optarg
-      ;;
-    --exec-prefix)
-      echo_exec_prefix=yes
-      ;;
-    --includedir=*)
-      includedir=$optarg
-      ;;
-    --includedir)
-      echo_includedir=yes
-      ;;
-    --libdir=*)
-      libdir=$optarg
-      ;;
-    --libdir)
-      echo_libdir=yes
-      ;;
-    --version)
-      echo ${major_version}.${minor_version}.${patch_version}
-      ;;
-    --cflags)
-      echo_cflags=yes
-      ;;
-    --libs)
-      echo_libs=yes
-      ;;
-    *)
-      usage 1 1>&2
-      ;;
-  esac
-  shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
-    exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
-fi
-if test -z "$includedir"; then
-    includedir=`pkg-config --variable=includedir nss-softokn`
-fi
-if test -z "$libdir"; then
-    libdir=`pkg-config --variable=libdir nss-softokn`
-fi
-
-if test "$echo_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
-    echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
-    echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
-    echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
-      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
-      echo $libdirs
-fi
-

nss-softokn-dracut-module-setup.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
-# ex: ts=8 sw=4 sts=4 et filetype=sh
-
-check() {
-    return 255
-}
-
-depends() {
-    return 0
-}
-
-install() {
-    local _dir
-
-    inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
-        libfreebl3.so
-}

nss-softokn-dracut.conf

@@ -1,3 +0,0 @@
-# turn on nss-softokn module
-
-add_dracutmodules+=" nss-softokn "

nss-softokn.pc.in

@@ -1,11 +0,0 @@
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS-SOFTOKN
-Description: Network Security Services Softoken PKCS #11 Module
-Version: %SOFTOKEN_VERSION%
-Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
-Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
-Cflags: -I${includedir}

nss-ssl-cbc-random-iv-off-by-default.patch

@@ -0,0 +1,25 @@
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible	2012-01-05 13:54:36.430389994 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-01-05 13:55:25.810750394 -0800
+@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+     3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+     PR_FALSE,   /* enableFalseStart   */
+-    PR_TRUE     /* cbcRandomIV        */
++    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
+ };
+ 
+ sslSessionIDLookupFunc  ssl_sid_lookup;
+@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ 	                PR_TRUE));
+ 	}
+ 	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+-	if (ev && ev[0] == '0') {
+-	    ssl_defaults.cbcRandomIV = PR_FALSE;
+-	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++	if (ev && ev[0] == '1') {
++	    ssl_defaults.cbcRandomIV = PR_TRUE;
++	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ 	}
+     }
+ #endif /* NSS_HAVE_GETENV */

nss-util-config.in

@@ -1,118 +0,0 @@
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
-	cat <<EOF
-Usage: nss-util-config [OPTIONS] [LIBRARIES]
-Options:
-	[--prefix[=DIR]]
-	[--exec-prefix[=DIR]]
-	[--includedir[=DIR]]
-	[--libdir[=DIR]]
-	[--version]
-	[--libs]
-	[--cflags]
-Dynamic Libraries:
-	nssutil
-EOF
-	exit $1
-}
-
-if test $# -eq 0; then
-	usage 1 1>&2
-fi
-
-lib_nssutil=yes
-
-while test $# -gt 0; do
-  case "$1" in
-  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  case $1 in
-    --prefix=*)
-      prefix=$optarg
-      ;;
-    --prefix)
-      echo_prefix=yes
-      ;;
-    --exec-prefix=*)
-      exec_prefix=$optarg
-      ;;
-    --exec-prefix)
-      echo_exec_prefix=yes
-      ;;
-    --includedir=*)
-      includedir=$optarg
-      ;;
-    --includedir)
-      echo_includedir=yes
-      ;;
-    --libdir=*)
-      libdir=$optarg
-      ;;
-    --libdir)
-      echo_libdir=yes
-      ;;
-    --version)
-      echo ${major_version}.${minor_version}.${patch_version}
-      ;;
-    --cflags)
-      echo_cflags=yes
-      ;;
-    --libs)
-      echo_libs=yes
-      ;;
-    *)
-      usage 1 1>&2
-      ;;
-  esac
-  shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
-    exec_prefix=`pkg-config --variable=exec_prefix nss-util`
-fi
-if test -z "$includedir"; then
-    includedir=`pkg-config --variable=includedir nss-util`
-fi
-if test -z "$libdir"; then
-    libdir=`pkg-config --variable=libdir nss-util`
-fi
-
-if test "$echo_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
-    echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
-    echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
-    echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
-      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
-      if test -n "$lib_nssutil"; then
-	libdirs="$libdirs -lnssutil${major_version}"
-      fi
-      echo $libdirs
-fi
-

nss-util.pc.in

@@ -1,11 +0,0 @@
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS-UTIL
-Description: Network Security Services Utility Library
-Version: %NSSUTIL_VERSION%
-Requires: nspr >= %NSPR_VERSION%
-Libs: -L${libdir} -lnssutil3
-Cflags: -I${includedir}

nss.pc.in

@@ -7,5 +7,5 @@ Name: NSS
 Description: Network Security Services
 Version: %NSS_VERSION%
 Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
-Libs: -L${libdir} -lssl3 -lsmime3 -lnss3
+Libs: -lssl3 -lsmime3 -lnss3
 Cflags: -I${includedir}

nsspem-use-system-freebl.patch

@@ -0,0 +1,93 @@
+diff -up ./mozilla/security/coreconf/Linux.mk.sytemfreebl ./mozilla/security/coreconf/Linux.mk
+--- ./mozilla/security/coreconf/Linux.mk.sytemfreebl	2011-12-03 22:07:23.924156119 -0800
++++ ./mozilla/security/coreconf/Linux.mk	2011-12-03 22:08:28.322328345 -0800
+@@ -182,6 +182,9 @@ endif
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+ 
++USE_SYSTEM_FREEBL = 1
++FREEBL_LIBS = -lfreebl3
++
+ # The -rpath '$$ORIGIN' linker option instructs this library to search for its
+ # dependencies in the same directory where it resides.
+ ifeq ($(BUILD_SUN_PKG), 1)
+diff -up ./mozilla/security/nss/lib/ckfw/pem/config.mk.extras ./mozilla/security/nss/lib/ckfw/pem/config.mk
+--- ./mozilla/security/nss/lib/ckfw/pem/config.mk.extras	2010-11-25 10:01:17.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/config.mk	2011-06-21 18:20:04.484985568 -0700
+@@ -41,6 +41,11 @@ CONFIG_CVS_ID = "@(#) $RCSfile: config.m
+ #  are specifed as dependencies within rules.mk.
+ #
+ 
++
++EXTRA_LIBS += \
++	$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
++	$(NULL)
++
+ TARGETS        = $(SHARED_LIBRARY)
+ LIBRARY        =
+ IMPORT_LIBRARY =
+@@ -69,3 +74,22 @@ ifeq ($(OS_TARGET),SunOS)
+ MKSHLIB += -R '$$ORIGIN'
+ endif
+ 
++# If a platform has a system nssutil, set USE_SYSTEM_NSSUTIL to 1 and
++# NSSUTIL_LIBS to the linker command-line arguments for the system nssutil
++# (for example, -lnssutil3 on fedora) in the platform's config file in coreconf.
++ifdef USE_SYSTEM_NSSUTIL
++OS_LIBS += $(NSSUTIL_LIBS)
++else
++NSSUTIL_LIBS = $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX)
++EXTRA_LIBS += $(NSSUTIL_LIBS)
++endif
++# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
++# FREEBL_LIBS to the linker command-line arguments for the system nssutil
++# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
++ifdef USE_SYSTEM_FREEBL
++OS_LIBS += $(FREEBL_LIBS)
++else
++FREEBL_LIBS = $(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX)
++EXTRA_LIBS += $(FREEBL_LIBS)
++endif
++
+diff -up ./mozilla/security/nss/lib/ckfw/pem/Makefile.extras ./mozilla/security/nss/lib/ckfw/pem/Makefile
+--- ./mozilla/security/nss/lib/ckfw/pem/Makefile.extras	2010-11-25 10:01:17.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/Makefile	2011-06-21 18:25:25.959136920 -0700
+@@ -43,8 +43,7 @@ include config.mk
+ EXTRA_LIBS = \
+ 	$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
+ 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+-	$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
+-	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
++	$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
+ 	$(NULL)
+ 
+ # can't do this in manifest.mn because OS_TARGET isn't defined there.
+@@ -56,6 +55,9 @@ EXTRA_LIBS += \
+ 	-lplc4 \
+ 	-lplds4 \
+ 	-lnspr4 \
++	-L$(NSSUTIL_LIB_DIR) \
++	-lnssutil3 \
++	-lfreebl3
+ 	$(NULL)
+ else 
+ EXTRA_SHARED_LIBS += \
+@@ -74,6 +76,9 @@ EXTRA_LIBS += \
+ 	-lplc4 \
+ 	-lplds4 \
+ 	-lnspr4 \
++	-L$(NSSUTIL_LIB_DIR) \
++	-lnssutil3 \
++	-lfreebl3 \
+ 	$(NULL)
+ endif
+ 
+diff -up ./mozilla/security/nss/lib/ckfw/pem/manifest.mn.extras ./mozilla/security/nss/lib/ckfw/pem/manifest.mn
+--- ./mozilla/security/nss/lib/ckfw/pem/manifest.mn.extras	2010-11-25 10:01:17.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/manifest.mn	2011-06-21 18:20:04.485985661 -0700
+@@ -65,4 +65,4 @@ REQUIRES = nspr
+ 
+ LIBRARY_NAME = nsspem
+ 
+-#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
++EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 -L$(NSS_LIB_DIR) -lnssutil3 -lfreebl3 -lsoftokn3

pkcs11.txt.xml

@@ -1,56 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="pkcs11.txt">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>pkcs11.txt</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>pkcs11.txt</refname>
-    <refpurpose>NSS PKCS #11 module configuration file</refpurpose>
-  </refnamediv>
-
-  <refsection id="description">
-    <title>Description</title>
-    <para>
-The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
-    </para>
-    <para>
-For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
-    </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-  </refsection>
-
-</refentry>
-

renegotiate-transitional.patch

@@ -0,0 +1,12 @@
+diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c
+--- mozilla/security/nss/lib/ssl/sslsock.c.transitional	2011-10-06 10:37:47.156659000 -0700
++++ mozilla/security/nss/lib/ssl/sslsock.c	2011-10-06 10:38:32.276704000 -0700
+@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,   /* noLocks            */
+     PR_FALSE,   /* enableSessionTickets */
+     PR_FALSE,   /* enableDeflate      */
+-    2,          /* enableRenegotiation (default: requires extension) */
++    3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+     PR_FALSE,   /* enableFalseStart   */
+     PR_TRUE     /* cbcRandomIV        */

secmod.db.xml

@@ -1,63 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="secmod.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>secmod.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>secmod.db</refname>
-    <refpurpose>Legacy NSS security modules database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
-  <para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
-  </para>
-  <para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
-  </para>
-  <para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/secmod.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>

setup-nsssysinit.xml

@@ -1,106 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="setup-nsssysinit">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>setup-nsssysinit</refentrytitle>
-    <manvolnum>1</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>setup-nsssysinit</refname>
-    <refpurpose>Query or enable the nss-sysinit module</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>setup-nsssysinit</command>
-      <arg><option>on</option></arg>
-      <arg><option>off</option></arg>
-      <arg><option>status</option></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><command>setup-nsssysinit</command> is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. </para>
-  <para>Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
-  </para>
-  </refsection>
-  
-  <refsection>
-    <title>Options</title>
-    
-    <variablelist>
-      <varlistentry>
-        <term><option>on</option></term>
-        <listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>off</option></term>
-        <listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>status</option></term>
-        <listitem><simpara>returns whether nss-syinit is enabled or not.</simpara></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsection>
-
-  <refsection>
-    <title>Examples</title>
-
-    <para>The following example will query for the status of nss-sysinit:
-      <programlisting>
-        /usr/bin/setup-nsssysinit status
-      </programlisting>
-    </para>
-
-    <para>The following example, when run as superuser, will turn on nss-sysinit:
-      <programlisting>
-        /usr/bin/setup-nsssysinit on
-      </programlisting>
-    </para>
-
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/usr/bin/setup-nsssysinit</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>pkg-config(1)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-  </refsection>
-
-</refentry>
-

sources

@@ -1,6 +1,8 @@
-SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
-SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
-SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
-SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
-SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
+a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
+9315689bbd9f28ceebd47894f99fccbd  blank-key3.db
+73bc040a0542bba387e6dd7fb9fd7d23  blank-secmod.db
+691e663ccc07b7a1eaa6f088e03bf8e2  blank-cert9.db
+2ec9e0606ba40fe65196545564b7cc2a  blank-key4.db
+bf47cecad861efa77d1488ad4a73cb5b  PayPalEE.cert
+d19159b7f91b94afaf7fa78bba006c13  nss-pem-20120402.tar.bz2
+74bbd7b520179c2e226a021fba8ff365  nss-3.13.4-stripped.tar.bz2

tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
-#   Description: NSS tools should not use SHA1 by default when
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     NSS tools should not use SHA1 by default when" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          nss openssl" >> $(METADATA)
-	@echo "Requires:        nss nss-tools openssl" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
-Description: NSS tools should not use SHA1 by default when
-Author: Hubert Kario <hkario@redhat.com>
-Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates

tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh

@@ -1,125 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
-#   Description: NSS tools should not use SHA1 by default when
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="nss"
-PACKAGES="nss openssl"
-DBDIR="nssdb"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm --all
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "mkdir nssdb"
-        rlRun "certutil -N -d $DBDIR --empty-password"
-        rlLogInfo "Create a JAR file"
-        rlRun "mkdir java-dir"
-        rlRun "pushd java-dir"
-        rlRun "mkdir META-INF mypackage"
-        rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
-        rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
-        #rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
-        rlRun "popd"
-        #rlRun "mv java-dir/package.jar ."
-    rlPhaseEnd
-
-    rlPhaseStartTest "Self signing certificates"
-        rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
-        rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
-        rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-    rlPhaseEnd
-
-    rlPhaseStartTest "Signing certificates"
-        rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
-        rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
-        rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-    rlPhaseEnd
-
-    rlPhaseStartTest "Certificate request"
-        rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
-        rlRun "mkdir srv2db"
-        rlRun "certutil -d srv2db -N --empty-password"
-        rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
-        rlRun -s "openssl req -noout -text -in srv2.req"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-        rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
-        rlRun -s "openssl x509 -in srv2.crt -noout -text"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-        rlRun "rm -rf srv2db"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Certificate request with SHA1"
-        rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
-        rlRun "mkdir srv2db"
-        rlRun "certutil -d srv2db -N --empty-password"
-        rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
-        rlRun -s "openssl req -noout -text -in srv2.req"
-        rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
-        rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
-        rlRun -s "openssl x509 -in srv2.crt -noout -text"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-        rlRun "rm -rf srv2db"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Signing CMS messages"
-        rlRun "echo 'This is a document' > document.txt"
-        rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
-        rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
-        rlAssertGrep "algorithm: sha256" $rlRun_LOG
-        rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
-    rlPhaseEnd
-
-    rlPhaseStartTest "CRL signing"
-        rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
-        rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
-        rlRun "echo addext crlNumber 0 1245 >>script"
-        rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
-        rlRun "echo addext reasonCode 0 0 >>script"
-        rlRun "cat script"
-        rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
-        rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
-        rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
-        rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/tests.yml

@@ -1,12 +0,0 @@
----
-# This first play always runs on the local staging system
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    tests:
-    - NSS-tools-should-not-use-SHA1-by-default-when
-    required_packages:
-    - nss-tools
-    - nss