Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[nss] Update to 3.41, fixes jb#36180
  • Loading branch information
Marko Kenttälä committed Dec 21, 2018
1 parent ab6de8f commit 2e33772
Show file tree
Hide file tree
Showing 8 changed files with 86 additions and 97 deletions.
14 changes: 0 additions & 14 deletions nss-3.13.3-notimestamps.patch

This file was deleted.

Binary file removed nss-3.20.1.tar.gz
Binary file not shown.
Binary file added nss-3.41.tar.gz
Binary file not shown.
12 changes: 0 additions & 12 deletions nss-enable-pem.patch

This file was deleted.

Binary file added nss-pem-1.0.4.tar.xz
Binary file not shown.
6 changes: 6 additions & 0 deletions nss-pem.cmake
@@ -0,0 +1,6 @@
# Add external nss header locations
include_directories(../../dist/public/nss;../../dist/private/nss)
# Find the external library path for linking
execute_process(COMMAND find ${PROJECT_SOURCE_DIR}/../../dist -name libnssckfw.a OUTPUT_VARIABLE NSS_EXT_LIB_PATH)
get_filename_component(NSS_LIB_PATH ${NSS_EXT_LIB_PATH} DIRECTORY)
link_directories(${NSS_LIB_PATH})
64 changes: 26 additions & 38 deletions nss-sysinit-userdb-first.patch
@@ -1,54 +1,42 @@
diff -up ./nss/lib/sysinit/nsssysinit.c.603313 ./nss/lib/sysinit/nsssysinit.c
--- ./nss/lib/sysinit/nsssysinit.c.603313 2010-10-15 13:57:42.719738316 -0700
+++ ./nss/lib/sysinit/nsssysinit.c 2010-10-15 14:07:51.704637349 -0700
@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
--- nss/lib/sysinit/nsssysinit.c 2018-12-19 16:54:54.326850754 +0200
+++ nss/lib/sysinit/nsssysinit.c 2018-12-19 17:05:34.932687833 +0200
@@ -231,9 +231,19 @@
sysdb = getSystemDB();
userdb = getUserDB();

- /* Don't open root's user DB */
+ /* return a list of databases to open. First the system database */
+ if (sysdb) {
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS system database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS system database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+ sysdb, readonly, nssflags);
+ }
+
+ /* Next the user database, but not for root. */
if (userdb != NULL && !userIsRoot()) {
- /* return a list of databases to open. First the user Database */
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
- "NSS=\"trustOrder=75 %sflags=internal%s\"",
- userdb, stripped_parameters, nssflags,
- isFIPS ? ",FIPS" : "");
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
- /* return a list of databases to open. First the user Database */
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS User database\" "
@@ -252,17 +262,6 @@
userdb, stripped_parameters);
}

/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -283,17 +293,7 @@ get_list(char *filename, char *stripped_
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
- userdb, stripped_parameters);
- }
-
- /* now the system database (always read only unless it's root) */
- if (sysdb) {
- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
- "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+ userdb, stripped_parameters);
}
- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
- "NSS=\"trustOrder=80 %sflags=internal,critical\"",
- sysdb, readonly, nssflags);
- }
-
/* that was the last module */
module_list[next] = 0;

87 changes: 54 additions & 33 deletions nss.spec
Expand Up @@ -3,7 +3,7 @@

Summary: Network Security Services
Name: nss
Version: 3.20.1
Version: 3.41
Release: 1
License: MPLv2
URL: http://www.mozilla.org/projects/security/pki/nss/
Expand All @@ -30,13 +30,11 @@ Source7: blank-key4.db
Source8: system-pkcs11.txt
Source9: setup-nsssysinit.sh
Source11: nss-prelink.conf
Source12: %{name}-pem-20140125.tar.bz2
Source12: %{name}-pem-1.0.4.tar.xz

Patch1: nss-no-rpath.patch
Patch2: nss-nolocalsql.patch
Patch6: nss-enable-pem.patch
Patch8: nss-sysinit-userdb-first.patch
Patch9: nss-3.13.3-notimestamps.patch

%description
Network Security Services (NSS) is a set of libraries designed to
Expand Down Expand Up @@ -118,7 +116,7 @@ Group: Development/Libraries
Requires: nss-devel = %{version}-%{release}

%description pkcs11-devel
Library files for developing PKCS #11 modules using basic NSS
Library files for developing PKCS #11 modules using basic NSS
low level services.


Expand All @@ -128,9 +126,7 @@ low level services.

%patch1 -p0
%patch2 -p0
%patch6 -p0 -b .libpem
%patch8 -p0 -b .rh603313
%patch9 -p1 -b .timestamping

%build

Expand Down Expand Up @@ -162,34 +158,49 @@ export USE_64=1

%{__make} -C ./nss


# Produce .chk files for the final stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
%{nil}

%install

# Set up our package file
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__mkdir_p} dist/%{_libdir}/pkgconfig
%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSS_VERSION%%,%{version},g" > \
$RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
dist/%{_libdir}/pkgconfig/nss.pc

# PEM plugin
%{__mkdir_p} nss-pem-1.0.4/build
cd nss-pem-1.0.4/build
PKG_CONFIG_PATH=$PWD/../../dist/%{_libdir}/pkgconfig cmake -DCMAKE_PROJECT_libnsspem_INCLUDE=../../nss-pem.cmake ../src
make

%install
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export BUILD_OPT=1
export XCFLAGS=$RPM_OPT_FLAGS
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
export NSPR_LIB_DIR=%{_libdir}
export USE_SYSTEM_ZLIB=1
export NSS_USE_SYSTEM_SQLITE=1
%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
export USE_64=1
%endif

# This will do the signing
%{__make} -C ./nss install
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
%{__install} -m 644 dist/*OPT.OBJ/lib/libfreebl3.chk $RPM_BUILD_ROOT/%{_libdir}
%{__install} -m 644 dist/*OPT.OBJ/lib/libsoftokn3.chk $RPM_BUILD_ROOT/%{_libdir}

NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`

export NSS_VMAJOR
export NSS_VMINOR
export NSS_VMAJOR
export NSS_VMINOR
export NSS_VPATCH

%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
Expand All @@ -215,10 +226,10 @@ install -m 755 %{SOURCE9} $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh

# Copy the binary libraries we want
for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so \
libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so \
libnsssysinit.so
do
%{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
%{__install} -m 755 dist/*OPT.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done

# Install the empty NSS db files
Expand All @@ -238,19 +249,19 @@ done
# Copy the development libraries we want
for file in libcrmf.a libnssb.a libnssckfw.a
do
%{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
%{__install} -m 644 dist/*OPT.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done

# Copy the binaries we want
for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
do
%{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
%{__install} -m 755 dist/*OPT.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
done

# Copy the binaries we ship as unsupported
for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
do
%{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
%{__install} -m 755 dist/*OPT.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done

# Copy the include files we want
Expand All @@ -259,12 +270,19 @@ do
%{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
done

# pem
%{__install} -m 755 nss-pem-1.0.4/build/libnsspem.so $RPM_BUILD_ROOT/%{_libdir}
%{__install} -m 644 nss-pem-1.0.4/src/nsspem.h $RPM_BUILD_ROOT/%{_includedir}/nss3

# pkgconfig
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__install} -m 644 dist/%{_libdir}/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig

%clean
%{__rm} -rf $RPM_BUILD_ROOT


%post -p /sbin/ldconfig
%post -p /sbin/ldconfig


%postun -p /sbin/ldconfig
Expand Down Expand Up @@ -345,7 +363,7 @@ done
%{_bindir}/nss-config

%dir %{_includedir}/nss3
%{_includedir}/nss3/base64.h
%{_includedir}/nss3/*
%{_includedir}/nss3/blapit.h
%{_includedir}/nss3/cert.h
%{_includedir}/nss3/certdb.h
Expand Down Expand Up @@ -377,7 +395,7 @@ done
%{_includedir}/nss3/nssilock.h
%{_includedir}/nss3/nsslocks.h
%{_includedir}/nss3/nsslowhash.h
%{_includedir}/nss3/nsspem.h
#{_includedir}/nss3/nsspem.h
%{_includedir}/nss3/nssrwlk.h
%{_includedir}/nss3/nssrwlkt.h
%{_includedir}/nss3/nssutil.h
Expand Down Expand Up @@ -431,6 +449,11 @@ done
%{_includedir}/nss3/utilmodt.h
%{_includedir}/nss3/utilpars.h
%{_includedir}/nss3/utilparst.h
%{_includedir}/nss3/eccutil.h
%{_includedir}/nss3/lowkeyi.h
%{_includedir}/nss3/lowkeyti.h
%{_includedir}/nss3/pkcs11uri.h
%{_includedir}/nss3/sslexp.h

%files pkcs11-devel
%defattr(-, root, root,-)
Expand All @@ -446,5 +469,3 @@ done
%{_includedir}/nss3/nssckt.h
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a


0 comments on commit 2e33772

Please sign in to comment.