Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 730158 Details for
Bug 918948
[RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Same as previous one - plus bring back -flst- source tar ball
nss.spec.changes.patch (text/plain), 21.30 KB, created by
Elio Maldonado Batiz
on 2013-04-01 03:03:32 UTC
(
hide
)
Description:
Same as previous one - plus bring back -flst- source tar ball
Filename:
MIME Type:
Creator:
Elio Maldonado Batiz
Created:
2013-04-01 03:03:32 UTC
Size:
21.30 KB
patch
obsolete
>diff --git a/nss.spec b/nss.spec >index dcf20b2..fba5f0b 100644 >--- a/nss.spec >+++ b/nss.spec >@@ -1,20 +1,45 @@ >-%global nspr_version 4.9.2 >+%global nspr_version 4.9.5 > %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools >-%global fips_source_version 3.11.5 >+%global fips_source_version 3.14.3 >+%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools >+%global saved_files_dir %{_libdir}/nss/saved >+ >+# Produce .chk files for the final stripped binaries >+# >+# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links >+# against the freebl that we just built. This is necessary >+# because the signing algorithm changed on 3.14 to DSA2 with SHA256 >+# whereas we previously signed with DSA and SHA1. We must keep this line >+# until all mock platforms have been updated. >+# After %%{__os_install_post} we would add >+# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} >+%define __spec_install_post \ >+ %{?__debug_package:%{__debug_install_post}} \ >+ export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \ >+ %{__arch_install_post} \ >+ %{__os_install_post} \ >+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ >+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ >+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \ >+%{nil} > > Summary: Network Security Services > Name: nss >-Version: 3.13.6 >+Version: 3.14.3 > Release: 2%{?dist} >-License: MPLv1.1 or GPLv2+ or LGPLv2+ >+License: MPLv2.0 > URL: http://www.mozilla.org/projects/security/pki/nss/ > Group: System Environment/Libraries > Requires: nspr >= %{nspr_version} > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > BuildRequires: nspr-devel >= %{nspr_version} >+BuildRequires: sqlite-devel >+BuildRequires: zlib-devel > BuildRequires: pkgconfig > BuildRequires: gawk > BuildRequires: zlib-devel >+# Need the assembler from binutils220 which supports intel-gcm instructions >+BuildRequires: binutils220 > Provides: mozilla-nss > Obsoletes: mozilla-nss > >@@ -31,30 +56,33 @@ Source2: nss-config.in > Source3: blank-cert8.db > Source4: blank-key3.db > Source5: blank-secmod.db >-Source7: fake-kstat.h >+Source6: blank-cert9.db >+Source7: blank-key4.db >+Source8: system-pkcs11.txt >+Source9: PayPalEE.cert >+# The to be fips validated softoken source tar ball - fbst stands for freebl-sofoken > Source10: %{name}-%{fips_source_version}-fbst-stripped.tar.gz >- >-Patch3: nss-use-netstat-hack.patch >-Patch5: nss-disable-build-freebl-softoken.patch >-Patch6: nss-tweak-header-exports.patch >-Patch7: nss-3.12.3-camelia.patch >-Patch8: nss-noseed.patch >-Patch9: nss-3.12.3-sqlite.patch >-Patch10: nss-disable-nonspr10.patch >-Patch11: nss-sha224blocklength.patch >-Patch13: nss-sslciphercount.patch >-Patch14: renegotiate-transitional.patch >-Patch15: nss-453577.patch >-Patch16: nss-704595.patch >-Patch17: nss-ssl-add-missing-defines.patch >+Source17: TestCA.ca.cert >+Source18: TestUser50.cert >+Source19: TestUser51.cert >+ >+Patch3: renegotiate-transitional.patch >+# This patch uses the gcc-iquote dir option documented at >+# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options >+# to place the in-tree directories at the head of the list on list of directories >+# to be searched for for header files. This ensures a build even when system freebl >+# headers are older. Such is the case when we are starting a major update. >+# NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl headers. >+# Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it. >+Patch9: iquote.patch > Patch24: nss-nochktest.patch > Patch25: nss-ssl-cbc-random-iv-off-by-default.patch >-Patch30: Bug-797939-protect-against-calls-before-nss_init.patch >-# Though upstream moved the point compression constants from ec.h to blapit.h >-# we are still using freebl from 3.11.5. >-Patch31: pk11akey-must-include-ec-header.patch > Patch32: nss-ecc-certutil-820684.patch >-Patch33: Distrust-TURKTRUST-mis-issued-star.google.com.patch >+# Disabling them for now >+Patch40: nss-3.14.0.0-disble-ocsp-test.patch >+# Reverse the upstream patch to continue accepting sigantures with md5 by default >+Patch41: p-disable-md5-590364-reversed.patch >+ > > %description > Network Security Services (NSS) is a set of libraries designed to >@@ -105,95 +133,91 @@ low level services. > > %prep > %setup -q >-%setup -q -T -D -n %{name}-%{version} -a 10 >+%setup -q -T -D -n %{name}-%{fips_source_version} -a 10 >+ >+%{__cp} %{SOURCE9} -f ./mozilla/security/nss/tests/libpkix/certs >+%{__cp} %{SOURCE17} -f ./mozilla/security/nss/tests/libpkix/certs >+%{__cp} %{SOURCE18} -f ./mozilla/security/nss/tests/libpkix/certs >+%{__cp} %{SOURCE19} -f ./mozilla/security/nss/tests/libpkix/certs > > %define old_nss_lib %{name}-%{fips_source_version}/mozilla/security/nss/lib > %define new_nss_lib mozilla/security/nss/lib > >-# We need some files from the newer softoken for building the newer NSS, >-# in particular the softoken/pkcs11*.h files. >-mkdir %{new_nss_lib}/stnew >-mv -i %{new_nss_lib}/softoken/pkcs11*.h %{new_nss_lib}/stnew >-mv -i %{new_nss_lib}/softoken/secmodt.h %{new_nss_lib}/stnew >-mv -i %{new_nss_lib}/softoken/pk11init.h %{new_nss_lib}/stnew >+# When freebl/softokn get fips validated and if we have to rebase the rest of nss >+# while keeping the crypto at the last fips validated version, we'll bring back >+# some special steps to deal with two sources as we did befor franken, hopefully >+# as kindler and gentler fesion of what we had that before, the special handling >+# will be placed mostly on this section >+# >+# Keeping some of the old comments as a reminder >+ >+# We could need some files from the newer softoken for building the newer NSS, >+# mkdir %{new_nss_lib}/stnew >+# nothing needed at the moment >+# mkdir %{new_nss_lib}/fbnew >+ >+# May need to ensure we will not use anything else from the new freebl/softoken code >+# However, in order to build newer NSS we may need some exports >+# Finally remove the old headers and get them from the newer nss >+#rm -rf %{new_nss_lib}/softoken/someotherhader*.h >+#mv -i %{new_nss_lib}/stnew/someheader*.h %{new_nss_lib}/softoken >+#rmdir %{new_nss_lib}/stnew >+ >+# Some header files may move in the most recent NSS, >+# they would be contained in say cryptohi/pk11wrap directories of the old nss >+# or in freebl/softoken directories of the newer nss. >+# We need them to build the new nss freebl/loader.c and ... yyy > >-mkdir %{new_nss_lib}/fbnew >-mv -i %{new_nss_lib}/freebl/hasht.h %{new_nss_lib}/fbnew >-mv -i %{new_nss_lib}/freebl/sechash.h %{new_nss_lib}/fbnew >+# Ensure the newer NSS tree will not build code, except the loader >+# mv -i %{new_nss_lib}/freebl/loader.c %{new_nss_lib}/freebl/loader.c.save > >-# Ensure we will not use anything else from the new freebl/softoken code >-rm -rf %{new_nss_lib}/freebl >-rm -rf %{new_nss_lib}/softoken >+# These may not build without freebl/softoken in the same tree >+#rm -rf mozilla/security/nss/cmd/sometool > >-# However, in order to build newer NSS we need some exports >-cp -a %{old_nss_lib}/freebl %{new_nss_lib} >-cp -a %{old_nss_lib}/softoken %{new_nss_lib} >+# It doesn't hurt to keep the nss sysinit directory >+# rm -rf mozilla/security/nss/lib/sysinit > >-# Finally remove the old pkcs11*.h and get them from the newer nss >-rm -rf %{new_nss_lib}/softoken/pkcs11*.h >-rm -rf %{new_nss_lib}/softoken/secmodt.h >-rm -rf %{new_nss_lib}/softoken/pk11init.h >+# Apply the patches to the NSS tree >+%patch3 -p0 -b .transitional >+# activate when doing a major update with new apis >+%patch9 -p0 -b .iquote > >-rm -rf %{new_nss_lib}/freebl/hasht.h >-rm -rf %{new_nss_lib}/freebl/sechash.h >+#%patch24 -p0 -b .nochktest >+%patch25 -p0 -b .cve-2011-3389 >+%patch32 -p0 -b .ecc_certutil >+%patch40 -p0 -b .noocsptest >+%patch41 -p0 -b .md5okay > >-mv -i %{new_nss_lib}/stnew/pkcs11*.h %{new_nss_lib}/softoken >-mv -i %{new_nss_lib}/stnew/secmodt.h %{new_nss_lib}/softoken >-mv -i %{new_nss_lib}/stnew/pk11init.h %{new_nss_lib}/softoken >+# Apply the patches to the tree where we build freebl/softoken >+#cd nss-%{fips_source_version} >+#%patch{somenumber -p0 -b .something >+# some other patching >+# %{__mkdir_p} mozilla/security/nss/lib/fake/ >+# of copying of special sources >+#cd .. > >-mv -i %{new_nss_lib}/fbnew/hasht.h %{new_nss_lib}/freebl >-mv -i %{new_nss_lib}/fbnew/sechash.h %{new_nss_lib}/freebl > >-rmdir %{new_nss_lib}/stnew >+%build > >-# Some header files got moved in the most recent NSS, >-# they are contained in cryptohi/pk11wrap directories of the old nss >-# or in freebl/softoken directories of the newer nss. >-# We need them to build the new nss freebl/loader.c and ... yyy >+# Pick up the assembler from binutils220 which supports intel-gcm instructions >+export PATH=/usr/libexec/binutils220:$PATH > >-# Ensure the newer NSS tree will not build code, except the loader >-mv -i %{new_nss_lib}/freebl/loader.c %{new_nss_lib}/freebl/loader.c.save >-rm -rf %{new_nss_lib}/freebl/*.c %{new_nss_lib}/freebl/*.s >-rm -rf %{new_nss_lib}/softoken/*.c %{new_nss_lib}/softoken/*.s >-mv -i %{new_nss_lib}/freebl/loader.c.save %{new_nss_lib}/freebl/loader.c >- >-# These currently don't build without freebl/softoken in the same tree >-rm -rf mozilla/security/nss/cmd/bltest >-rm -rf mozilla/security/nss/cmd/fipstest >-rm -rf mozilla/security/nss/cmd/certcgi >- >-# Remove the nss sysinit directory >-rm -rf mozilla/security/nss/lib/sysinit >- >-# Apply the patches to the newer NSS tree >-%patch5 -p0 -b .nofbst >-%patch6 -p0 -b .headerexports >-%patch7 -p0 -b .cam >-%patch8 -p0 -b .noseed >-%patch9 -p0 -b .sqlite >-%patch10 -p0 -b .nonspr10 >-%patch11 -p0 -b .sha224blocklength >-%patch13 -p0 -b .nsc >-%patch14 -p0 -b .transitional >-%patch15 -p0 -b .453577 >-%patch16 -p0 -b .704595 >-%patch17 -p0 -b .defines >-%patch24 -p0 -b .nochktest >-%patch25 -p0 -b .cve-2011-3389 >-%patch30 -p0 -b .797939 >-%patch31 -p0 -b .useoldheader >-%patch32 -p0 -b .ecc_certutil >-%patch33 -p0 -b .distrust >+# partial RELRO support as a security enhancement >+LDFLAGS+=-Wl,-z,relro >+export LDFLAGS > >-# Apply the patches to the tree where we build freebl/softoken >-cd nss-%{fips_source_version} >-%patch3 -p0 -b .use-netstat-hack >-%{__mkdir_p} mozilla/security/nss/lib/fake/ >-cp -i %{SOURCE7} mozilla/security/nss/lib/fake/kstat.h >-cd .. >+FREEBL_NO_DEPEND=1 >+export FREEBL_NO_DEPEND > >+# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets >+# copied to dist and the rpm install phase can find it >+# This due of the upstream changes to fix >+# https://bugzilla.mozilla.org/show_bug.cgi?id=717906 >+FREEBL_LOWHASH=1 >+export FREEBL_LOWHASH > >-%build >+FREEBL_USE_PRELINK=1 >+export FREEBL_USE_PRELINK > > # Enable compiler optimizations and disable debugging code > BUILD_OPT=1 >@@ -215,33 +239,39 @@ NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` > export NSPR_INCLUDE_DIR > export NSPR_LIB_DIR > >+export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss | sed 's/-I//'` >+export FREEBL_LIB_DIR=%{_libdir} >+export USE_SYSTEM_FREEBL=1 >+# prevents running the sha224 portion of the powerup selftest when testing >+#export NO_SHA224_AVAILABLE=1 >+ >+# We require a higher version than what's on rhel-5 >+#NSS_USE_SYSTEM_SQLITE=1 >+#export NSS_USE_SYSTEM_SQLITE > %ifarch x86_64 ppc64 ia64 s390x > USE_64=1 > export USE_64 > %endif > >-# NSS_ENABLE_ECC=1 >-# export NSS_ENABLE_ECC >+# uncomment if the iquote patch is activated >+export IN_TREE_FREEBL_HEADERS_FIRST=1 > > ##### first, build freebl and softokn shared libraries >- >-cd nss-%{fips_source_version} >+# currently ecc not supported by freebl >+unset NSS_ENABLE_ECC >+# Compile softoken plus needed support > %{__make} -C ./mozilla/security/coreconf > %{__make} -C ./mozilla/security/dbm >-%{__make} -C ./mozilla/security/nss export >-%{__make} -C ./mozilla/security/nss/lib/base >-%{__make} -C ./mozilla/security/nss/lib/util >-%{__make} -C ./mozilla/security/nss/lib/freebl >-touch ./mozilla/security/nss/lib/freebl/unix_rand.c >-rm -f ./mozilla/security/nss/lib/freebl/*/*/libfreebl3* >-rm -f ./mozilla/security/nss/lib/freebl/*/*/sysrand* >-USE_NETSTAT_HACK=1 %{__make} -C ./mozilla/security/nss/lib/freebl >-%{__make} -C ./mozilla/security/nss/lib/freebl install >-%{__make} -C ./mozilla/security/nss/lib/softoken >-%{__make} -C ./mozilla/security/nss/lib/softoken install >-cd .. >+%{__make} -C ./mozilla/security/nss > >+# stash away the bltest and fipstest to build them last >+# like we currently do for fedora -- not needed now >+#tar cf build_these_later.tar ./mozilla/security/nss/cmd/bltest ./mozilla/security/nss/cmd/fipstest >+#rm -rf ./mozilla/security/nss/cmd/bltest >+#rm -rf ./mozilla/security/nss/cmd/fipstest > >+ >+##### phase 2: build the rest of nss > # Allow pluggable ECC > NSS_ENABLE_ECC=1 > export NSS_ENABLE_ECC >@@ -252,9 +282,18 @@ export NSS_ECC_MORE_THAN_SUITE_B > > %{__make} -C ./mozilla/security/coreconf > %{__make} -C ./mozilla/security/dbm >-%{__make} -C ./mozilla/security/nss >+%{__make} -C ./mozilla/security/nss >+ >+##### phase 3: build bltest and fipstest -- not needed now >+#tar xf build_these_later.tar >+#unset NSS_ENABLE_ECC; %{__make} -C ./mozilla/security/nss/cmd/bltest >+#unset NSS_ENABLE_ECC; %{__make} -C ./mozilla/security/nss/cmd/fipstest >+#%{__make} -C ./mozilla/security/nss/lib/freebl install >+#%{__make} -C ./mozilla/security/nss/lib/softokn install >+#%{__rm} -f build_these_later.tar > > # Set up our package file >+# The nspr_version used here matches the ones nss has for its Requires. > %{__mkdir_p} ./mozilla/dist/pkgconfig > %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ > -e "s,%%prefix%%,%{_prefix},g" \ >@@ -284,6 +323,21 @@ export NSS_VPATCH > > chmod 755 ./mozilla/dist/pkgconfig/nss-config > >+%check >+ >+# Begin -- copied from the build section >+FREEBL_NO_DEPEND=1 >+export FREEBL_NO_DEPEND >+ >+BUILD_OPT=1 >+export BUILD_OPT >+ >+%ifarch x86_64 ppc64 ia64 s390x sparc64 >+USE_64=1 >+export USE_64 >+%endif >+# End -- copied from the build section >+ > # enable the following line to force a test failure > # find ./mozilla -name \*.chk | xargs rm -f > >@@ -299,7 +353,7 @@ chmod 755 ./mozilla/dist/pkgconfig/nss-config > # avoid weird quoting we'll require that no spaces are being used. > > SPACEISBAD=`find ./mozilla/security/nss/tests | grep -c ' '` ||: >-if [ SPACEISBAD -ne 0 ]; then >+if [ $SPACEISBAD -ne 0 ]; then > echo "error: filenames containing space are not supported (xargs)" > exit 1 > fi >@@ -323,11 +377,18 @@ rm -rf ./mozilla/tests_results > cd ./mozilla/security/nss/tests/ > # all.sh is the test suite script > >-# Disabling tests until we update to softokn 3.12.4 >-%global nss_cycles " " >-%global nss_tests " " >-%global nss_ssl_tests " " >-%global nss_ssl_run " " >+# tests >+# % global nss_cycles "standard pkix upgradedb sharedb" >+# % global nss_tests "cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains" >+# % global nss_ssl_tests "crl bypass_normal normal_bypass normal_fips fips_normal iopr" >+# % global nss_ssl_run "cov auth stress" >+ >+# Disable some tests for faster turnaround when testing packaging >+%global nss_cycles "standard pkix upgradedb sharedb" >+%global nss_tests "cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains" >+%global nss_ssl_tests "crl normal_fips fips_normal iopr" >+%global nss_ssl_run "cov auth stress" >+ > > HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh > >@@ -352,14 +413,15 @@ echo "test suite completed" > %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 > %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} > %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} >+%{__mkdir_p} $RPM_BUILD_ROOT/%{_lib} > %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} > %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig >+%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir} > > # Copy the binary libraries we want >-for file in libsoftokn3.so libfreebl3.so >+for file in libsoftokn3.so libfreebl3.so libnssdbm3.so > do >- %{__install} -p -m 755 nss-%{fips_source_version}/mozilla/dist/*.OBJ/lib/$file \ >- $RPM_BUILD_ROOT/%{_libdir} >+ %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} > done > > # Copy the binary libraries we want >@@ -369,17 +431,23 @@ do > done > > # These ghost files will be generated in the post step >-touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk >-touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk >+# Not needed with the new __spec_install_post sriptlet >+#touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk >+#touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk > > # Install the empty NSS db files > %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb >+# Legacy db > %{__install} -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db > %{__install} -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db > %{__install} -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db >+# Shared db >+%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db >+%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db >+%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt > > # Copy the development libraries we want >-for file in libcrmf.a libnssb.a libnssckfw.a >+for file in libcrmf.a libnssb.a libnssckfw.a libfreebl.a > do > %{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} > done >@@ -396,21 +464,18 @@ do > %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} > done > >-# Copy the include files we want from freebl/softoken sources >-# and remove those files from the other area >-for file in blapit.h shsign.h ecl-exp.h >-do >- %{__install} -p -m 644 nss-%{fips_source_version}/mozilla/dist/public/nss/$file \ >- $RPM_BUILD_ROOT/%{_includedir}/nss3 >- rm mozilla/dist/public/nss/$file >-done >- > # Copy the include files we want > for file in mozilla/dist/public/nss/*.h > do > %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 > done > >+# Copy the include files we glibc needs from private >+for file in mozilla/dist/private/nss/blapi.h mozilla/dist/private/nss/alghmac.h >+do >+ %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 >+done >+ > # Install the saved package configuration files > %{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc > %{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config >@@ -419,10 +484,7 @@ done > %{__rm} -rf $RPM_BUILD_ROOT > > >-%post >-/sbin/ldconfig >-%{unsupported_tools_directory}/shlibsign -i %{_libdir}/libsoftokn3.so >/dev/null 2>/dev/null || : >-%{unsupported_tools_directory}/shlibsign -i %{_libdir}/libfreebl3.so >/dev/null 2>/dev/null || : >+%post -p /sbin/ldconfig > > > %postun -p /sbin/ldconfig >@@ -430,21 +492,27 @@ done > > %files > %defattr(-,root,root) >+%{_libdir}/libnssdbm3.so >+%{_libdir}/libnssdbm3.chk >+%{_libdir}/libsoftokn3.so >+%{_libdir}/libsoftokn3.chk > %{_libdir}/libnss3.so > %{_libdir}/libnssutil3.so > %{_libdir}/libssl3.so > %{_libdir}/libsmime3.so >-%{_libdir}/libsoftokn3.so > %{_libdir}/libnssckbi.so > %{_libdir}/libfreebl3.so > %{unsupported_tools_directory}/shlibsign >-%ghost %{_libdir}/libsoftokn3.chk >-%ghost %{_libdir}/libfreebl3.chk >+#%ghost %{_libdir}/libsoftokn3.chk >+#%ghost %{_libdir}/libfreebl3.chk > %dir %{unsupported_tools_directory} > %dir %{_sysconfdir}/pki/nssdb > %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db > %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db > %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db >+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db >+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db >+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt > > %files tools > %defattr(-,root,root) >@@ -471,6 +539,10 @@ done > > %files devel > %defattr(-,root,root) >+%{_libdir}/libfreebl.a >+%{_includedir}/nss3/blapi.h >+%{_includedir}/nss3/blapit.h >+%{_includedir}/nss3/alghmac.h > %{_libdir}/libcrmf.a > %{_libdir}/pkgconfig/nss.pc > %{_bindir}/nss-config >@@ -500,6 +572,7 @@ done > %{_includedir}/nss3/keyhi.h > %{_includedir}/nss3/keyt.h > %{_includedir}/nss3/keythi.h >+%{_includedir}/nss3/nsslowhash.h > %{_includedir}/nss3/nss.h > %{_includedir}/nss3/nssb64.h > %{_includedir}/nss3/nssb64t.h >@@ -555,6 +628,9 @@ done > %{_includedir}/nss3/sslerr.h > %{_includedir}/nss3/sslproto.h > %{_includedir}/nss3/sslt.h >+%{_includedir}/nss3/utilmodt.h >+%{_includedir}/nss3/utilpars.h >+%{_includedir}/nss3/utilparst.h > %{_includedir}/nss3/utilrename.h > > >@@ -575,6 +651,15 @@ done > > > %changelog >+* Mon Apr 01 2013 Elio Maldonado - 3.14.3-2 >+- Restore the freebl-softoken source tar ball updated to 3.14.3 >+- Renumbering of some sources for clarity >+- Resolves: rhbz#918948 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue >+ >+* Sat Mar 30 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1 >+- Update to NSS_3_14_3_RTM >+- Resolves: rhbz#918948 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue >+ > * Thu Jan 10 2013 Elio Maldonado <emaldona@redhat.com> - 3.13.6-2 > - Resolves: rhbz#891150 - Dis-trust TURKTRUST mis-issued *.google.com certificate > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=730158">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
rrelyea
: review-
Actions:
View
|
Diff
Attachments on
bug 918948
:
718353
| 730158