[nss] Update to 3.41, fixes jb#36180

nss-3.13.3-notimestamps.patch

-Index: nss-3.20.1/nss/lib/ckfw/pem/ckpemver.c
-===================================================================
---- nss-3.20.1.orig/nss/lib/ckfw/pem/ckpemver.c
-+++ nss-3.20.1/nss/lib/ckfw/pem/ckpemver.c
-@@ -53,7 +53,7 @@
-  */
- const char __nss_ckpem_rcsid[] = "$Header: NSS Access to Flat Files in PEM format"
-         NSS_CKPEM_LIBRARY_VERSION _DEBUG_STRING
--        "  " __DATE__ " " __TIME__ " $";
-+        "  " "Built in OBS" " " "see rpm -q --info nss for more information" " $";
- const char __nss_ckcapi_sccsid[] = "@(#)NSS Access to Flag Files in PEM format "
-         NSS_CKPEM_LIBRARY_VERSION _DEBUG_STRING
--        "  " __DATE__ " " __TIME__;
-+        "  " "Built in OBS" " " "see rpm -q --info nss for more information";

nss-enable-pem.patch

-diff -up ./nss/lib/ckfw/manifest.mn.prepem ./nss/lib/ckfw/manifest.mn
---- ./nss/lib/ckfw/manifest.mn.prepem	2008-08-05 16:34:23.000000000 -0700
-+++ ./nss/lib/ckfw/manifest.mn	2008-08-05 16:34:30.000000000 -0700
-@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
- 
- CORE_DEPTH = ../..
- 
--DIRS = builtins 
-+DIRS = builtins pem
- 
- PRIVATE_EXPORTS = \
- 	ck.h		  \

nss-pem.cmake

+# Add external nss header locations
+include_directories(../../dist/public/nss;../../dist/private/nss)
+# Find the external library path for linking
+execute_process(COMMAND find ${PROJECT_SOURCE_DIR}/../../dist -name libnssckfw.a OUTPUT_VARIABLE NSS_EXT_LIB_PATH)
+get_filename_component(NSS_LIB_PATH ${NSS_EXT_LIB_PATH} DIRECTORY)
+link_directories(${NSS_LIB_PATH})

nss-sysinit-userdb-first.patch

-diff -up ./nss/lib/sysinit/nsssysinit.c.603313 ./nss/lib/sysinit/nsssysinit.c
---- ./nss/lib/sysinit/nsssysinit.c.603313	2010-10-15 13:57:42.719738316 -0700
-+++ ./nss/lib/sysinit/nsssysinit.c	2010-10-15 14:07:51.704637349 -0700
-@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
+--- nss/lib/sysinit/nsssysinit.c	2018-12-19 16:54:54.326850754 +0200
++++ nss/lib/sysinit/nsssysinit.c	2018-12-19 17:05:34.932687833 +0200
+@@ -231,9 +231,19 @@
      sysdb = getSystemDB();
      userdb = getUserDB();
  
@@ -9,46 +8,35 @@ diff -up ./nss/lib/sysinit/nsssysinit.c.603313 ./nss/lib/sysinit/nsssysinit.c
 +    /* return a list of databases to open. First the system database */
 +    if (sysdb) {
 +        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+	module_list[next++] = PR_smprintf(
-+	    "library= "
-+	    "module=\"NSS system database\" "
-+	    "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+	    "NSS=\"trustOrder=80 %sflags=internal,critical\"",
++        module_list[next++] = PR_smprintf(
++           "library= "
++           "module=\"NSS system database\" "
++           "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
++           "NSS=\"trustOrder=80 %sflags=internal,critical\"",
 +            sysdb, readonly, nssflags);
 +    }
 +
 +    /* Next the user database, but not for root. */
      if (userdb != NULL && !userIsRoot()) {
--	/* return a list of databases to open. First the user Database */
- 	module_list[next++] = PR_smprintf(
- 	    "library= "
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
--        "NSS=\"trustOrder=75 %sflags=internal%s\"",
--        userdb, stripped_parameters, nssflags,
--        isFIPS ? ",FIPS" : "");
-+            "NSS=\"trustOrder=75 %sflags=internal%s\"",
-+            userdb, stripped_parameters, nssflags,
-+            isFIPS ? ",FIPS" : "");
+-        /* return a list of databases to open. First the user Database */
+         module_list[next++] = PR_smprintf(
+             "library= "
+             "module=\"NSS User database\" "
+@@ -252,17 +262,6 @@
+             userdb, stripped_parameters);
+     }
  
- 	/* now open the user's defined PKCS #11 modules */
- 	/* skip the local user DB entry */
-@@ -283,17 +293,7 @@ get_list(char *filename, char *stripped_
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s\" "
- 	    "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", 
--		userdb, stripped_parameters);
--	}
--
 -    /* now the system database (always read only unless it's root) */
 -    if (sysdb) {
--	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
--	    module_list[next++] = PR_smprintf(
--	      "library= "
--	      "module=\"NSS system database\" "
--	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
--	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
-+            userdb, stripped_parameters);
-     }
- 
+-        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+-        module_list[next++] = PR_smprintf(
+-            "library= "
+-            "module=\"NSS system database\" "
+-            "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-            "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+-            sysdb, readonly, nssflags);
+-    }
+-
      /* that was the last module */
+     module_list[next] = 0;
+ 

nss.spec

@@ -3,7 +3,7 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.20.1
+Version:          3.41
 Release:          1
 License:          MPLv2
 URL:              http://www.mozilla.org/projects/security/pki/nss/
@@ -30,13 +30,11 @@ Source7:          blank-key4.db
 Source8:          system-pkcs11.txt
 Source9:          setup-nsssysinit.sh
 Source11:         nss-prelink.conf
-Source12:         %{name}-pem-20140125.tar.bz2
+Source12:         %{name}-pem-1.0.4.tar.xz
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-nolocalsql.patch
-Patch6:           nss-enable-pem.patch
 Patch8:           nss-sysinit-userdb-first.patch
-Patch9:           nss-3.13.3-notimestamps.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -118,7 +116,7 @@ Group:            Development/Libraries
 Requires:         nss-devel = %{version}-%{release}
 
 %description pkcs11-devel
-Library files for developing PKCS #11 modules using basic NSS 
+Library files for developing PKCS #11 modules using basic NSS
 low level services.
 
 
@@ -128,9 +126,7 @@ low level services.
 
 %patch1 -p0
 %patch2 -p0
-%patch6 -p0 -b .libpem
 %patch8 -p0 -b .rh603313
-%patch9 -p1 -b .timestamping
 
 %build
 
@@ -162,34 +158,49 @@ export USE_64=1
 
 %{__make} -C ./nss
 
-
-# Produce .chk files for the final stripped binaries
-%define __spec_install_post \
-    %{?__debug_package:%{__debug_install_post}} \
-    %{__arch_install_post} \
-    %{__os_install_post} \
-    LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
-    LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
-%{nil}
-
-%install
-
 # Set up our package file
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+%{__mkdir_p} dist/%{_libdir}/pkgconfig
 %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
                           -e "s,%%prefix%%,%{_prefix},g" \
                           -e "s,%%exec_prefix%%,%{_prefix},g" \
                           -e "s,%%includedir%%,%{_includedir}/nss3,g" \
                           -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
                           -e "s,%%NSS_VERSION%%,%{version},g" > \
-                          $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
+                          dist/%{_libdir}/pkgconfig/nss.pc
+
+# PEM plugin
+%{__mkdir_p} nss-pem-1.0.4/build
+cd nss-pem-1.0.4/build
+PKG_CONFIG_PATH=$PWD/../../dist/%{_libdir}/pkgconfig cmake -DCMAKE_PROJECT_libnsspem_INCLUDE=../../nss-pem.cmake ../src
+make
+
+%install
+export FREEBL_NO_DEPEND=1
+export FREEBL_LOWHASH=1
+export BUILD_OPT=1
+export XCFLAGS=$RPM_OPT_FLAGS
+export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
+export NSPR_LIB_DIR=%{_libdir}
+export USE_SYSTEM_ZLIB=1
+export NSS_USE_SYSTEM_SQLITE=1
+%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
+export USE_64=1
+%endif
+
+# This will do the signing
+%{__make} -C ./nss install
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
+%{__install} -m 644 dist/*OPT.OBJ/lib/libfreebl3.chk $RPM_BUILD_ROOT/%{_libdir}
+%{__install} -m 644 dist/*OPT.OBJ/lib/libsoftokn3.chk $RPM_BUILD_ROOT/%{_libdir}
 
 NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
 NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
 NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
 
-export NSS_VMAJOR 
-export NSS_VMINOR 
+export NSS_VMAJOR
+export NSS_VMINOR
 export NSS_VPATCH
 
 %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
@@ -215,10 +226,10 @@ install -m 755 %{SOURCE9} $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
 
 # Copy the binary libraries we want
 for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
-            libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so \
+            libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so \
             libnsssysinit.so
 do
-  %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+  %{__install} -m 755 dist/*OPT.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
 
 # Install the empty NSS db files
@@ -238,19 +249,19 @@ done
 # Copy the development libraries we want
 for file in libcrmf.a libnssb.a libnssckfw.a
 do
-  %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+  %{__install} -m 644 dist/*OPT.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
 
 # Copy the binaries we want
 for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
 do
-  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
+  %{__install} -m 755 dist/*OPT.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
 done
 
 # Copy the binaries we ship as unsupported
 for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
 do
-  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+  %{__install} -m 755 dist/*OPT.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
 
 # Copy the include files we want
@@ -259,12 +270,19 @@ do
   %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
 done
 
+# pem
+%{__install} -m 755 nss-pem-1.0.4/build/libnsspem.so $RPM_BUILD_ROOT/%{_libdir}
+%{__install} -m 644 nss-pem-1.0.4/src/nsspem.h $RPM_BUILD_ROOT/%{_includedir}/nss3
+
+# pkgconfig
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+%{__install} -m 644 dist/%{_libdir}/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
 
 %clean
 %{__rm} -rf $RPM_BUILD_ROOT
 
 
-%post -p /sbin/ldconfig 
+%post -p /sbin/ldconfig
 
 
 %postun  -p /sbin/ldconfig
@@ -345,7 +363,7 @@ done
 %{_bindir}/nss-config
 
 %dir %{_includedir}/nss3
-%{_includedir}/nss3/base64.h
+%{_includedir}/nss3/*
 %{_includedir}/nss3/blapit.h
 %{_includedir}/nss3/cert.h
 %{_includedir}/nss3/certdb.h
@@ -377,7 +395,7 @@ done
 %{_includedir}/nss3/nssilock.h
 %{_includedir}/nss3/nsslocks.h
 %{_includedir}/nss3/nsslowhash.h
-%{_includedir}/nss3/nsspem.h
+#{_includedir}/nss3/nsspem.h
 %{_includedir}/nss3/nssrwlk.h
 %{_includedir}/nss3/nssrwlkt.h
 %{_includedir}/nss3/nssutil.h
@@ -431,6 +449,11 @@ done
 %{_includedir}/nss3/utilmodt.h
 %{_includedir}/nss3/utilpars.h
 %{_includedir}/nss3/utilparst.h
+%{_includedir}/nss3/eccutil.h
+%{_includedir}/nss3/lowkeyi.h
+%{_includedir}/nss3/lowkeyti.h
+%{_includedir}/nss3/pkcs11uri.h
+%{_includedir}/nss3/sslexp.h
 
 %files pkcs11-devel
 %defattr(-, root, root,-)
@@ -446,5 +469,3 @@ done
 %{_includedir}/nss3/nssckt.h
 %{_libdir}/libnssb.a
 %{_libdir}/libnssckfw.a
-
-