[nss] Update to version 3.49. Fixes JB#48386

Update nss to upstream version 3.49. Spec updated and nss added as submodule.
Nss-pem moved to it's own project. Added nss-softoken and nss-util packages.

.gitmodules

+[submodule "nss"]
+	path = nss
+	url = https://git.sailfishos.org/mirror/nss

nss @ ffdd7722

+Subproject commit ffdd7722592e0d0a5e6f15d06876b9c336f8acf2

nss-pem.cmake

-# Add external nss header locations
-include_directories(../../dist/public/nss;../../dist/private/nss)
-# Find the external library path for linking
-execute_process(COMMAND find ${PROJECT_SOURCE_DIR}/../../dist -name libnssckfw.a OUTPUT_VARIABLE NSS_EXT_LIB_PATH)
-get_filename_component(NSS_LIB_PATH ${NSS_EXT_LIB_PATH} DIRECTORY)
-link_directories(${NSS_LIB_PATH})

rpm/cert8.db.xml

+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="cert8.db">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Network Security Services</title>
+    <productname>nss</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>cert8.db</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>cert8.db</refname>
+    <refpurpose>Legacy NSS certificate database</refpurpose>
+  </refnamediv>
+
+<refsection id="description">
+    <title>Description</title>
+    <para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
+  <para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
+  </para>
+  </refsection>
+
+  <refsection>
+    <title>Files</title>
+    <para><filename>/etc/pki/nssdb/cert8.db</filename></para>
+  </refsection>
+
+  <refsection>
+    <title>See also</title>
+    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
+  </refsection>
+
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+
+  </refsection>
+
+
+</refentry>

rpm/cert9.db.xml

+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="cert9.db">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Network Security Services</title>
+    <productname>nss</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>cert9.db</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>cert9.db</refname>
+    <refpurpose>NSS certificate database</refpurpose>
+  </refnamediv>
+
+<refsection id="description">
+    <title>Description</title>
+    <para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
+  <para>This certificate database is the sqlite-based shared database with support for concurrent access.
+  </para>
+  </refsection>
+
+  <refsection>
+    <title>Files</title>
+    <para><filename>/etc/pki/nssdb/cert9.db</filename></para>
+  </refsection>
+
+  <refsection>
+    <title>See also</title>
+    <para>pkcs11.txt(5)</para>
+  </refsection>
+
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+
+  </refsection>
+
+
+</refentry>

rpm/key3.db.xml

+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="key3.db">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Network Security Services</title>
+    <productname>nss</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>key3.db</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>key3.db</refname>
+    <refpurpose>Legacy NSS certificate database</refpurpose>
+  </refnamediv>
+
+<refsection id="description">
+    <title>Description</title>
+    <para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
+  <para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which  which are the new sqlite-based shared database format with support for concurrent access.
+  </para>
+  </refsection>
+
+  <refsection>
+    <title>Files</title>
+    <para><filename>/etc/pki/nssdb/key3.db</filename></para>
+  </refsection>
+
+  <refsection>
+    <title>See also</title>
+    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
+  </refsection>
+
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+
+  </refsection>
+
+
+</refentry>

rpm/key4.db.xml

+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="key4.db">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Network Security Services</title>
+    <productname>nss</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>key4.db</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>key4.db</refname>
+    <refpurpose>NSS certificate database</refpurpose>
+  </refnamediv>
+
+<refsection id="description">
+    <title>Description</title>
+    <para><emphasis>key4.db</emphasis> is an NSS key database.</para>
+  <para>This key database is the sqlite-based shared database format with support for concurrent access.
+  </para>
+  </refsection>
+
+  <refsection>
+    <title>Files</title>
+    <para><filename>/etc/pki/nssdb/key4.db</filename></para>
+  </refsection>
+
+  <refsection>
+    <title>See also</title>
+    <para>pkcs11.txt(5)</para>
+  </refsection>
+
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+
+  </refsection>
+
+
+</refentry>

rpm/nss-3.47-ike-fix.patch

+diff -up ./nss/lib/softoken/pkcs11.c.ike_fix ./nss/lib/softoken/pkcs11.c
+--- ./nss/lib/softoken/pkcs11.c.ike_fix	2019-11-04 10:15:08.022176945 -0800
++++ ./nss/lib/softoken/pkcs11.c	2019-11-04 10:17:35.396733750 -0800
+@@ -330,7 +330,7 @@ static const struct mechanismList mechan
+     { CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
+     { CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
+     { CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
+-    { CKM_AES_XCBC_MAC_96, { 16, 16, CKF_SN_VR }, PR_TRUE },
++    { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE },
+     { CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
+     /* ------------------------- Camellia Operations --------------------- */
+     { CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
+@@ -518,7 +518,8 @@ static const struct mechanismList mechan
+     /* --------------------IPSEC ----------------------- */
+     { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
+     { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
+-    { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
++    { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
++    { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
+ };
+ static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
+ 

rpm/nss-3.49-neon-build-fixes.patch

+# HG changeset patch
+# User Mike Hommey <mh@glandium.org>
+# Date 1578673372 -3600
+#      Fri Jan 10 17:22:52 2020 +0100
+# Node ID 9c359d019d333282476ffeec3dab819cfdcf127e
+# Parent  4921046404f197526969a6b79f19c136469e69f8
+Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms.
+
+Summary:
+Despite the code having runtime detection of NEON and crypto extensions,
+the optimized code using those instructions is disabled at build time on
+platforms where the compiler doesn't enable NEON by default of with the
+flags it's given for the caller code.
+
+In the case of gcm, this goes as far as causing a build error.
+
+What is needed is for the optimized code to be enabled in every case,
+letting the caller code choose whether to use that code based on the
+existing runtime checks.
+
+But this can't be simply done either, because those optimized parts of
+the code need to be built with NEON enabled, unconditionally, but that
+is not compatible with platforms using the softfloat ABI. For those,
+we need to use the softfp ABI, which is compatible. However, the softfp
+ABI is not compatible with the hardfp ABI, so we also can't
+unconditionally use the softfp ABI, so we do so only when the compiler
+targets the softfloat ABI, which confusingly enough is advertized via
+the `__SOFTFP__` define.
+
+Reviewers: jcj!
+
+Bug #: 1608327
+
+Differential Revision: https://phabricator.services.mozilla.com/D59451
+
+diff --git ./nss/lib/freebl/Makefile ./nss/lib/freebl/Makefile
+--- ./nss/lib/freebl/Makefile
++++ ./nss/lib/freebl/Makefile
+@@ -781,8 +781,12 @@ ifdef INTEL_GCM_CLANG_CL
+ endif
+ 
+ ifeq ($(CPU_ARCH),arm)
+-$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8
+-$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon
++# When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when
++# enabling NEON for these objects.
++# Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI.
++USES_SOFTFLOAT_ABI := $(shell $(CC) -o - -E -dM - $(CFLAGS) < /dev/null | grep __SOFTFP__ > /dev/null && echo 1)
++$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
++$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+ endif
+ ifeq ($(CPU_ARCH),aarch64)
+ $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+diff --git ./nss/lib/freebl/aes-armv8.c ./nss/lib/freebl/aes-armv8.c
+--- ./nss/lib/freebl/aes-armv8.c
++++ ./nss/lib/freebl/aes-armv8.c
+@@ -8,7 +8,7 @@
+ #if ((defined(__clang__) ||                                         \
+       (defined(__GNUC__) && defined(__GNUC_MINOR__) &&              \
+        (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 8)))) && \
+-     (defined(__ARM_NEON) || defined(__ARM_NEON__)))
++     defined(IS_LITTLE_ENDIAN))
+ 
+ #ifndef __ARM_FEATURE_CRYPTO
+ #error "Compiler option is invalid"
+diff --git ./nss/lib/freebl/freebl.gyp ./nss/lib/freebl/freebl.gyp
+--- ./nss/lib/freebl/freebl.gyp
++++ ./nss/lib/freebl/freebl.gyp
+@@ -126,10 +126,12 @@
+         '<(DEPTH)/exports.gyp:nss_exports'
+       ],
+       'cflags': [
+-        '-mfpu=neon'
++        '-mfpu=neon',
++        '<@(softfp_cflags)',
+       ],
+       'cflags_mozilla': [
+-        '-mfpu=neon'
++        '-mfpu=neon',
++        '<@(softfp_cflags)',
+       ]
+     },
+     {
+@@ -179,11 +181,13 @@
+         [ 'target_arch=="arm"', {
+           'cflags': [
+             '-march=armv8-a',
+-            '-mfpu=crypto-neon-fp-armv8'
++            '-mfpu=crypto-neon-fp-armv8',
++            '<@(softfp_cflags)',
+           ],
+           'cflags_mozilla': [
+             '-march=armv8-a',
+-            '-mfpu=crypto-neon-fp-armv8'
++            '-mfpu=crypto-neon-fp-armv8',
++            '<@(softfp_cflags)',
+           ],
+         }, 'target_arch=="arm64" or target_arch=="aarch64"', {
+           'cflags': [
+@@ -533,6 +537,11 @@
+       }, {
+         'have_int128_support%': 0,
+       }],
++      [ 'target_arch=="arm"', {
++        # When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when enabling NEON for these objects.
++        # Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI.
++        'softfp_cflags': '<!(${CC:-cc} -o - -E -dM - ${CFLAGS} < /dev/null | grep __SOFTFP__ > /dev/null && echo -mfloat-abi=softfp || true)',
++      }],
+     ],
+   }
+ }
+diff --git ./nss/lib/freebl/gcm-arm32-neon.c ./nss/lib/freebl/gcm-arm32-neon.c
+--- ./nss/lib/freebl/gcm-arm32-neon.c
++++ ./nss/lib/freebl/gcm-arm32-neon.c
+@@ -11,7 +11,7 @@
+ #include "secerr.h"
+ #include "prtypes.h"
+ 
+-#if defined(__ARM_NEON__) || defined(__ARM_NEON)
++#if defined(IS_LITTLE_ENDIAN)
+ 
+ #include <arm_neon.h>
+ 
+@@ -199,4 +199,4 @@ gcm_HashZeroX_hw(gcmHashContext *ghash)
+     return SECSuccess;
+ }
+ 
+-#endif /* __ARM_NEON__ || __ARM_NEON */
++#endif /* IS_LITTLE_ENDIAN */
+diff --git ./nss/lib/freebl/gcm.c ./nss/lib/freebl/gcm.c
+--- ./nss/lib/freebl/gcm.c
++++ ./nss/lib/freebl/gcm.c
+@@ -21,11 +21,8 @@
+ #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \
+     (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6)
+ #define USE_ARM_GCM
+-#elif defined(__arm__) && defined(IS_LITTLE_ENDIAN) && \
+-    (defined(__ARM_NEON__) || defined(__ARM_NEON))
+-/* We don't test on big endian platform, so disable this on big endian.
+- * Also, we don't check whether compiler support NEON well, so this uses
+- * that compiler uses -mfpu=neon only. */
++#elif defined(__arm__) && defined(IS_LITTLE_ENDIAN)
++/* We don't test on big endian platform, so disable this on big endian. */
+ #define USE_ARM_GCM
+ #endif
+ 
+diff --git ./nss/lib/freebl/rijndael.c ./nss/lib/freebl/rijndael.c
+--- ./nss/lib/freebl/rijndael.c
++++ ./nss/lib/freebl/rijndael.c
+@@ -20,8 +20,7 @@
+ #include "gcm.h"
+ #include "mpi.h"
+ 
+-#if (!defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)) || \
+-    (defined(__arm__) && !defined(__ARM_NEON) && !defined(__ARM_NEON__))
++#if !defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)
+ // not test yet on big endian platform of arm
+ #undef USE_HW_AES
+ #endif

rpm/nss-config.xml

+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="nss-config">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Network Security Services</title>
+    <productname>nss</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>nss-config</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>nss-config</refname>
+    <refpurpose>Return meta information about nss libraries</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>nss-config</command>
+      <arg><option>--prefix</option></arg>
+      <arg><option>--exec-prefix</option></arg>
+      <arg><option>--includedir</option></arg>
+      <arg><option>--libs</option></arg>
+      <arg><option>--cflags</option></arg>
+      <arg><option>--libdir</option></arg>
+      <arg><option>--version</option></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+<refsection id="description">
+    <title>Description</title>
+
+    <para><command>nss-config</command> is a shell scrip
+    tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
+
+  </refsection>
+  
+  <refsection>
+    <title>Options</title>
+    
+    <variablelist>
+      <varlistentry>
+        <term><option>--prefix</option></term>
+        <listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--exec-prefix</option></term>
+        <listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--includedir</option> <replaceable>count</replaceable></term>
+        <listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--version</option></term>
+        <listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--libs</option></term>
+        <listitem><simpara>returns the compiler linking flags.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--cflags</option></term>
+        <listitem><simpara>returns the compiler include flags.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--libdir</option></term>
+        <listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+  <refsection>
+    <title>Examples</title>
+
+    <para>The following example will query for both include path and linkage flags:
+    
+      <programlisting>
+        /usr/bin/nss-config --cflags --libs
+      </programlisting>
+
+    </para>
+
+   
+  </refsection>
+
+  <refsection>
+    <title>Files</title>
+
+    <para><filename>/usr/bin/nss-config</filename></para>
+
+  </refsection>
+
+  <refsection>
+    <title>See also</title>
+    <para>pkg-config(1)</para>
+  </refsection>
+
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The nss liraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
+

rpm/nss-p11-kit.config

+name=p11-kit-proxy
+library=p11-kit-proxy.so
+
+

rpm/nss-softokn-config.in

+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
+Options:
+	[--prefix[=DIR]]
+	[--exec-prefix[=DIR]]
+	[--includedir[=DIR]]
+	[--libdir[=DIR]]
+	[--version]
+	[--libs]
+	[--cflags]
+Dynamic Libraries:
+	softokn3 - Requires full dynamic linking
+	freebl3  - for internal use only (and glibc for self-integrity check)
+	nssdbm3  - for internal use only
+Dymamically linked
+EOF
+	exit $1
+}
+
+if test $# -eq 0; then
+	usage 1 1>&2
+fi
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
+fi
+if test -z "$includedir"; then
+    includedir=`pkg-config --variable=includedir nss-softokn`
+fi
+if test -z "$libdir"; then
+    libdir=`pkg-config --variable=libdir nss-softokn`
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+      echo $libdirs
+fi
+

rpm/nss-softokn-dracut-module-setup.sh

+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+check() {
+    return 255
+}
+
+depends() {
+    return 0
+}
+
+install() {
+    local _dir
+
+    inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
+        libfreebl3.so
+}

rpm/nss-softokn-dracut.conf

+# turn on nss-softokn module
+
+add_dracutmodules+=" nss-softokn "

rpm/nss-util-config.in

+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-util-config [OPTIONS] [LIBRARIES]
+Options: