diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b386124 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/nss-util-3.34.0.tar.gz diff --git a/.nss-util.metadata b/.nss-util.metadata new file mode 100644 index 0000000..96a9507 --- /dev/null +++ b/.nss-util.metadata @@ -0,0 +1 @@ +a614a976a848d65b840e65a58d73529dffcf25d4 SOURCES/nss-util-3.34.0.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/hasht-dont-include-prtypes.patch b/SOURCES/hasht-dont-include-prtypes.patch new file mode 100644 index 0000000..2a2ee9b --- /dev/null +++ b/SOURCES/hasht-dont-include-prtypes.patch @@ -0,0 +1,11 @@ +diff -up ./nss/lib/util/hasht.h.prtypes ./nss/lib/util/hasht.h +--- ./nss/lib/util/hasht.h.prtypes 2013-11-23 21:23:12.729136309 -0800 ++++ ./nss/lib/util/hasht.h 2013-11-23 21:23:32.873289479 -0800 +@@ -5,7 +5,6 @@ + #ifndef _HASHT_H_ + #define _HASHT_H_ + +-#include "prtypes.h" + + /* Opaque objects */ + typedef struct SECHashObjectStr SECHashObject; diff --git a/SOURCES/nss-split-util.sh b/SOURCES/nss-split-util.sh new file mode 100755 index 0000000..b56debe --- /dev/null +++ b/SOURCES/nss-split-util.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Splits NSS into nss-util +# Takes as command line input the version of nss +# and assumes that a file nss-${nss_version}-stripped.tar.bz2 +# exits in the current directory + +set -e + +if test -z $1 +then + echo "usage: $0 nss-version" + exit +fi + +export name=nss +export version=$1 + +echo "Extracting ${name}-${version}.tar.gz" + +tar -xzf ${name}-${version}.tar.gz + +# the directory will be named ${name}-${version} + +nss_source_dir=${name}-${version} +util_dir=${name}-util-${version} +softokn_dir=${name}-softokn-${version} + +# make_nss_util +#------------------------------------------------- +# create the nss-util subset consisting of +# nss/dbm --- full directory +# nss/coreconf --- full directory +# nss --- top files only +# nss/lib --- top files only +# nss/lib/util --- full directory +#-------------------------------------------------- + +UTIL_WORK=${util_dir}-work +rm -rf ${UTIL_WORK} +mkdir ${UTIL_WORK} + +# copy everything +cp -a ${nss_source_dir} ${UTIL_WORK}/${util_dir} + +# remove subdirectories that we don't want +rm -rf ${UTIL_WORK}/${util_dir}/nss/cmd +rm -rf ${UTIL_WORK}/${util_dir}/nss/tests +rm -rf ${UTIL_WORK}/${util_dir}/nss/lib + +# start with an empty cmd lib directories to be filled selectively +mkdir ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/Makefile ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/manifest.mn ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/platlibs.mk ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/platrules.mk ${UTIL_WORK}/${util_dir}/nss/cmd + +mkdir ${UTIL_WORK}/${util_dir}/nss/lib +# copy some files at the top and the util subdirectory recursively +cp ${nss_source_dir}/nss/lib/Makefile ${UTIL_WORK}/${util_dir}/nss/lib +cp ${nss_source_dir}/nss/lib/manifest.mn ${UTIL_WORK}/${util_dir}/nss/lib +cp -a ${nss_source_dir}/nss/lib/util ${UTIL_WORK}/${util_dir}/nss/lib/util +pushd ${UTIL_WORK} +# the compressed tar ball for nss-util +tar -czf ../${name}-util-${version}.tar.gz ${util_dir} +popd + +# cleanup after ourselves +rm -fr ${nss_source_dir} +rm -fr ${UTIL_WORK} + + + diff --git a/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch new file mode 100644 index 0000000..b631dbe --- /dev/null +++ b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch @@ -0,0 +1,14 @@ +diff -up ./nss/lib/util/pkcs11t.h.tls12_mechs ./nss/lib/util/pkcs11t.h +--- ./nss/lib/util/pkcs11t.h.tls12_mechs 2017-01-13 16:33:12.199107708 +0100 ++++ ./nss/lib/util/pkcs11t.h 2017-01-13 16:34:12.479625017 +0100 +@@ -1650,6 +1650,10 @@ typedef struct CK_TLS_MAC_PARAMS { + + typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + ++/* aliases for compatibility with prior release */ ++#define CK_TLS12_MAC_PARAMS CK_TLS_MAC_PARAMS ++#define CK_TLS12_MAC_PARAMS_PTR CK_TLS_MAC_PARAMS_PTR ++ + /* WTLS is new for version 2.20 */ + typedef struct CK_WTLS_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; diff --git a/SOURCES/nss-util-config.in b/SOURCES/nss-util-config.in new file mode 100644 index 0000000..ef8751d --- /dev/null +++ b/SOURCES/nss-util-config.in @@ -0,0 +1,118 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-util` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-util` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-util` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/SOURCES/nss-util-ecc-defaults.patch b/SOURCES/nss-util-ecc-defaults.patch new file mode 100644 index 0000000..f4cd5bb --- /dev/null +++ b/SOURCES/nss-util-ecc-defaults.patch @@ -0,0 +1,31 @@ +# HG changeset patch +# User Bob Relyea +# Date 1513864398 -3600 +# Thu Dec 21 14:53:18 2017 +0100 +# Node ID e577b1df8dabb31466cebad07fdbe0883290bede +# Parent 481de926f1fa18b7b62e80b59f28f2aef7ab3034 +Bug 1312142, Softoken still does not handle login state correctly for user db slots in FIPS mode, r=kaie + +diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c +--- a/lib/util/utilpars.c ++++ b/lib/util/utilpars.c +@@ -589,6 +589,7 @@ struct nssutilArgSlotFlagTable { + } + static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { + NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG), ++ NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG), + NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG), + NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG), + NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG), +diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h +--- a/lib/util/utilparst.h ++++ b/lib/util/utilparst.h +@@ -43,7 +43,7 @@ + #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \ + " askpw=any timeout=30})\"" + #define NSSUTIL_DEFAULT_SFTKN_FLAGS \ +- "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" ++ "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" + + #define NSSUTIL_DEFAULT_CIPHER_ORDER 0 + #define NSSUTIL_DEFAULT_TRUST_ORDER 50 diff --git a/SOURCES/nss-util.pc.in b/SOURCES/nss-util.pc.in new file mode 100644 index 0000000..1310248 --- /dev/null +++ b/SOURCES/nss-util.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-UTIL +Description: Network Security Services Utility Library +Version: %NSSUTIL_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -L${libdir} -lnssutil3 +Cflags: -I${includedir} diff --git a/SOURCES/pkcs1sig-include-prtypes.patch b/SOURCES/pkcs1sig-include-prtypes.patch new file mode 100644 index 0000000..99e1217 --- /dev/null +++ b/SOURCES/pkcs1sig-include-prtypes.patch @@ -0,0 +1,11 @@ +diff -up ./nss/lib/util/pkcs1sig.c.include_prtypes ./nss/lib/util/pkcs1sig.c +--- ./nss/lib/util/pkcs1sig.c.include_prtypes 2014-09-23 14:53:20.586600039 -0700 ++++ ./nss/lib/util/pkcs1sig.c 2014-09-23 14:56:14.569906021 -0700 +@@ -3,6 +3,7 @@ + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + ++#include "prtypes.h" + #include "pkcs1sig.h" + #include "hasht.h" + #include "secerr.h" diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec new file mode 100644 index 0000000..2bc4044 --- /dev/null +++ b/SPECS/nss-util.spec @@ -0,0 +1,548 @@ +%global nspr_version 4.17.0 +# adjust to the very latest build needed +%global nspr_build_version -1 + +Summary: Network Security Services Utilities Library +Name: nss-util +Version: 3.34.0 +Release: 2%{?dist} +License: MPLv2.0 +URL: http://www.mozilla.org/projects/security/pki/nss/ +Group: System Environment/Libraries +Requires: nspr >= %{nspr_version}%{nspr_build_version} +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: nspr-devel >= %{nspr_version}%{nspr_build_version} +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: gawk +BuildRequires: psmisc +BuildRequires: perl + +Source0: %{name}-%{version}.tar.gz +# The nss-util tar ball is a subset of nss-{version}.tar.gz. +# We use the nss-split-util.sh script for keeping only what we need +# nss-util is produced via via nss-split-util.sh {version} +# Detailed Steps: +# rhpkg clone nss-util +# cd nss-util +# Make the source tarball for nss-util out of the nss one: +# sh ./nss-split-util.sh ${version} +# A file named ${name}-${version}.tar.gz should appear +# ready to upload to the lookaside cache. +Source1: nss-split-util.sh +Source2: nss-util.pc.in +Source3: nss-util-config.in + +# Local patches +Patch2: hasht-dont-include-prtypes.patch +Patch7: pkcs1sig-include-prtypes.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 +Patch8: nss-util-3.19.1-tls12-mechanisms.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1312142 +Patch9: nss-util-ecc-defaults.patch + +%description +Utilities for Network Security Services and the Softoken module + +# We shouln't need to have a devel subpackage as util will be used in the +# context of nss or nss-softoken. keeping to please rpmlint. +# +%package devel +Summary: Development libraries for Network Security Services Utilities +Group: Development/Libraries +Requires: nss-util = %{version}-%{release} +Requires: nspr-devel >= %{nspr_version} +Requires: pkgconfig + +%description devel +Header and library files for doing development with Network Security Services. + + +%prep +%setup -q +%patch2 -p0 -b .prtypes +%patch7 -p0 -b .include_prtypes +%patch8 -p1 -b .tls12_mechs +pushd nss +%patch9 -p1 -b .ecc_defaults +popd + + +%build + +# Enable compiler optimizations and disable debugging code +BUILD_OPT=1 +export BUILD_OPT + +# Uncomment to disable optimizations +#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` +#export RPM_OPT_FLAGS + +# Generate symbolic info for debuggers +XCFLAGS=$RPM_OPT_FLAGS +export XCFLAGS + +PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + +export PKG_CONFIG_ALLOW_SYSTEM_LIBS +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS + +NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` +NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` + +export NSPR_INCLUDE_DIR +export NSPR_LIB_DIR + +export NSS_USE_SYSTEM_SQLITE=1 + +export NSS_BUILD_UTIL_ONLY=1 + +# external tests are not suitable for nss-util and +# won't compile as they depend on ssl +export NSS_DISABLE_GTESTS=1 + +%ifnarch noarch +%if 0%{__isa_bits} == 64 +USE_64=1 +export USE_64 +%endif +%endif + +# make util +%{__make} -C ./nss/coreconf +%{__make} -C ./nss + +# Set up our package file +%{__mkdir_p} ./dist/pkgconfig +%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ + ./dist/pkgconfig/nss-util.pc + +NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` +NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` +NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` + +export NSSUTIL_VMAJOR +export NSSUTIL_VMINOR +export NSSUTIL_VPATCH + +%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ + > ./dist/pkgconfig/nss-util-config + +chmod 755 ./dist/pkgconfig/nss-util-config + + +%install + +%{__rm} -rf $RPM_BUILD_ROOT + +# There is no make install target so we'll do it ourselves. + +%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 +%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/nss3 +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} + +for file in libnssutil3.so +do + %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Copy the include files we want +# The util headers, the rest come from softokn and nss +for file in dist/public/nss/*.h +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy the template files we want +for file in dist/private/nss/templates.c +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +done + +# Copy the package configuration files +%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc +%{__install} -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config + +%clean +%{__rm} -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%{_libdir}/libnssutil3.so + +%files devel +%defattr(-,root,root) +# package configuration files +%{_libdir}/pkgconfig/nss-util.pc +%{_bindir}/nss-util-config + +# co-owned with nss +%dir %{_includedir}/nss3 +# these are marked as public export in nss/lib/util/manifest.mk +%{_includedir}/nss3/base64.h +%{_includedir}/nss3/ciferfam.h +%{_includedir}/nss3/eccutil.h +%{_includedir}/nss3/hasht.h +%{_includedir}/nss3/nssb64.h +%{_includedir}/nss3/nssb64t.h +%{_includedir}/nss3/nsslocks.h +%{_includedir}/nss3/nssilock.h +%{_includedir}/nss3/nssilckt.h +%{_includedir}/nss3/nssrwlk.h +%{_includedir}/nss3/nssrwlkt.h +%{_includedir}/nss3/nssutil.h +%{_includedir}/nss3/pkcs11.h +%{_includedir}/nss3/pkcs11f.h +%{_includedir}/nss3/pkcs11n.h +%{_includedir}/nss3/pkcs11p.h +%{_includedir}/nss3/pkcs11t.h +%{_includedir}/nss3/pkcs11u.h +%{_includedir}/nss3/pkcs11uri.h +%{_includedir}/nss3/pkcs1sig.h +%{_includedir}/nss3/portreg.h +%{_includedir}/nss3/secasn1.h +%{_includedir}/nss3/secasn1t.h +%{_includedir}/nss3/seccomon.h +%{_includedir}/nss3/secder.h +%{_includedir}/nss3/secdert.h +%{_includedir}/nss3/secdig.h +%{_includedir}/nss3/secdigt.h +%{_includedir}/nss3/secerr.h +%{_includedir}/nss3/secitem.h +%{_includedir}/nss3/secoid.h +%{_includedir}/nss3/secoidt.h +%{_includedir}/nss3/secport.h +%{_includedir}/nss3/utilmodt.h +%{_includedir}/nss3/utilpars.h +%{_includedir}/nss3/utilparst.h +%{_includedir}/nss3/utilrename.h +%{_includedir}/nss3/templates/templates.c + +%changelog +* Tue Jan 16 2018 Daiki Ueno - 3.34.0-2 +- Recognize "ECC" flag in slotFlags + +* Thu Nov 23 2017 Daiki Ueno - 3.34.0-1 +- Rebase to nss-3.34 + +* Mon Oct 30 2017 Daiki Ueno - 3.34.0-0.1.beta1 +- Rebase to nss-3.34-beta1 + +* Fri Oct 6 2017 Daiki Ueno - 3.33.0-1 +- Rebase to nss-3.33 + +* Mon May 15 2017 Daiki Ueno - 3.28.4-3 +- Backport patch to allow empty line at the end of policy file + +* Thu Apr 20 2017 Daiki Ueno - 3.28.4-2 +- Rebase to nss-3.28.4 + +* Thu Mar 9 2017 Daiki Ueno - 3.28.3-3 +- Backport necessary constant definitions + +* Thu Mar 2 2017 Daiki Ueno - 3.28.3-2 +- Rebase to nss-3.28.3 + +* Fri Feb 17 2017 Daiki Ueno - 3.28.2-1.1 +- Prevent ABI incompatibility of SECKEYECPublicKey structure + +* Fri Feb 10 2017 Daiki Ueno - 3.28.2-1.0 +- Rebase to nss-3.28.1 +- Remove upstreamed build-nss-util-only.patch +- Package new header eccutil.h + +* Mon Oct 24 2016 Daiki Ueno - 3.21.3-1 +- Rebase to nss-3.21.3 +- Remove patch for CVE-2016-1950, which is included in the release +- Related: Bug 1347908 + +* Mon Apr 18 2016 Elio Maldonado - 3.21.0-4 +- Manual merge from the rhel-7.2 branch +- Fix one alias for naming compatibility with prior release +- Remove an unused patch + +* Mon Feb 22 2016 Kai Engert - 3.21.0-3 +- Added upstream patch for CVE-2016-1950 + +* Thu Jan 28 2016 Elio Maldonado - 3.21.0-1 +- Rebase to nss-util from nss 3.21 +- Resolves: Bug 1297940 - Rebase RHEL 7.3 to NSS-util 3.21 in preparation for Firefox 45 + +* Fri Nov 20 2015 Elio Maldonado - 3.19.1-5 +- Merge security fix from the RHEL-7.1 branch +- Resolves: Bug 1269358 - CVE-2015-7182 CVE-2015-7181 + +* Thu Jul 16 2015 Elio Maldonado - 3.19.1-4 +- Add links to filed upstream bugs to better track patches in spec file + +* Thu Jun 18 2015 Elio Maldonado - 3.19.1-3 +- Remove unused patch + +* Thu Jun 18 2015 Elio Maldonado - 3.19.1-2 +- Add support for TLS 1.2 SHA384 per PKCS #11 v2.40 + +* Fri Jun 05 2015 Elio Maldonado - 3.19.1-1 +- Resolves: Bug 1228913: Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1] + +* Mon Mar 30 2015 Elio Maldonado - 3.18.0-1 +- Resolves: Bug 1200931 - [RHEL7.1] nss-util 3.18 rebase required for firefox 38 ESR + +* Thu Jan 22 2015 Elio Maldonado - 3.16.2.3-2 +- Bump the release number to be higher than the one for rhel-7.0 +- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 + +* Thu Nov 13 2014 Elio Maldonado - 3.16.2.3-1 +- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 + +* Tue Sep 23 2014 Elio Maldonado - 3.16.2-3 +- Resolves: bug 1145434 - CVE-2014-1568 + +* Tue Aug 05 2014 Peter Robinson 3.16.2-2 +- Generic 32/64 bit platform detection (fix ppc64le build) +- Resolves: Bug 1126244 - Ensure nss-util is built for 64 bit on ppc64le +- Fix contributed by Peter Robinson + +* Tue Jul 08 2014 Elio Maldonado - 3.16.2-1 +- Update to nss-3.16.2 +- Resolves: Bug 1103251 + +* Fri Jan 24 2014 Daniel Mach - 3.15.4-2 +- Mass rebuild 2014-01-24 + +* Sun Jan 19 2014 Elio Maldonado - 3.15.3-4 +- Update to nss-3.15.4 +- Modified the nss-split-util script to use the nss upstream pristine sources +- Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue [rhel-7.0] + +* Thu Jan 09 2014 Elio Maldonado - 3.15.3-3 +- Add the nss-util portion of a fix for a bug in nss and nss-util +- Resolves: Bug 752980 - Support ECDSA via pluggable ECC in the nss package + +* Fri Dec 27 2013 Daniel Mach - 3.15.3-2 +- Mass rebuild 2013-12-27 + +* Mon Nov 25 2013 Elio Maldonado - 3.15.3-1 +- Update to NSS_3_15_3_RTM +- Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 + +* Tue Aug 06 2013 Elio Maldonado - 3.15.1-2 +- Remove an obsolete script and adjust sources numbering accordingly. + +* Fri Jul 26 2013 Elio Maldonado - 3.15.1-1 +- Update to NSS_3_15_1_RTM + +* Tue Jul 02 2013 Elio Maldonado - 3.15-2 +- Produce source tar ball from the unstripped nss source tar ball + +* Wed May 29 2013 Elio Maldonado - 3.15-1 +- Update to NSS_3_15_RTM + +* Fri Apr 19 2013 Elio Maldonado - 3.15-0.1.beta1.2 +- Don't include prtypes.h from hasht.t +- Resolves: rhbz#953277 - rawhide build of glibc fails due to fatal error from nss3/hasht.h + +* Fri Apr 05 2013 Elio Maldonado - 3.15.beta1-0.1.beta.1 +- Update to NSS_3_15_BETA1 +- Update spec file, patches, and helper scripts on account of a shallower source tree + +* Fri Feb 15 2013 Elio Maldonado - 3.14.3-1 +- Update to NSS_3_14_3_RTM +- Resolves: rhbz#909782 - specfile support for AArch64 + +* Sat Feb 02 2013 Elio Maldonado - 3.14.2-2 +- Retagging to prevent nvr update problems with f18 + +* Fri Feb 01 2013 Elio Maldonado - 3.14.2-1 +- Update to NSS_3_14_2_RTM + +* Thu Dec 27 2012 Elio Maldonado - 3.14.1-2 +- Install templates.c in /usr/includes/nss3/templates +- Fix bogus date warnings + +* Mon Dec 17 2012 Elio Maldonado - 3.14.1-1 +- Update to NSS_3_14_1_RTM + +* Sat Oct 27 2012 Elio Maldonado - 3.14-2 +- Update the license to MPLv2.0 + +* Mon Oct 22 2012 Elio Maldonado - 3.14-1 +- Update to NSS_3_14_RTM + +* Fri Oct 19 2012 Elio Maldonado - 3.14-0.1.rc1.1 +- Update to NSS_3_14_RC1 +- The hasht.h from now on is provided by nss-util-devel + +* Fri Jul 20 2012 Fedora Release Engineering - 3.13.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 20 2012 Elio Maldonado - 3.13.5-3 +- Resolves: rhbz#833529 - revert unwanted change to nss-util.pc.in + +* Tue Jun 19 2012 Elio Maldonado - 3.13.5-2 +- Resolves: rhbz#833529 - Remove space from Libs: line in nss-util.pc.in + +* Sat Jun 16 2012 Elio Maldonado - 3.13.5-1 +- Update to NSS_3_13_5_RTM + +* Sun Apr 08 2012 Elio Maldonado - 3.13.4-2 +- Resolves: Bug 805716 - Library needs partial RELRO support added +- Patch coreconf/Linux.mk as done on RHEL 6.2 + +* Fri Apr 06 2012 Elio Maldonado - 3.13.4-1 +- Update to NSS_3_13_4 + +* Sun Apr 01 2012 Elio Maldonado - 3.13.4-0.1.beta.1 +- Update to NSS_3_13_4_BETA1 +- Improve steps to splitting off util from the nss +- Add executable attribute to the splitting script + +* Tue Mar 27 2012 Elio Maldonado - 3.13.3-4 +- Resolves: Bug 805716 - Library needs partial RELRO support added + +* Fri Mar 16 2012 Elio Maldonado Batiz - 3.13.3-3 +- Update the release tag to be higher than in f16 + +* Fri Mar 09 2012 Elio Maldonado Batiz - 3.13.3-2 +- Require nspr 4.9 + +* Thu Mar 01 2012 Elio Maldonado Batiz - 3.13.1-4 +- Update to NSS_3_13_3_RTM + +* Fri Jan 13 2012 Fedora Release Engineering - 3.13.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 28 2011 Elio Maldonado - 3.13.1-2 +- Fix a gnuc def typo + +* Thu Nov 03 2011 Elio Maldonado - 3.13.1-1 +- Update to NSS_3_13_1_RTM + +* Sat Oct 15 2011 Elio Maldonado - 3.13-1 +- Update to NSS_3_13_RTM + +* Fri Oct 07 2011 Elio Maldonado - 3.13-0.1.rc0.1 +- Update to NSS_3_13_RC0 + +* Thu Sep 8 2011 Ville Skyttä - 3.12.11-2 +- Avoid %%post/un shell invocations and dependencies. + +* Tue Aug 09 2011 Elio Maldonado - 3.12.11-1 +- Update to NSS_3_12_11_RTM + +* Fri May 06 2011 Elio Maldonado - 3.12.10-1 +- Update to NSS_3_12_10_RTM + +* Mon Apr 25 2011 Elio Maldonado Batiz - 3.12.10-0.1.beta1 +- Update to NSS_3_12_10_BETA1 + +* Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Elio Maldonado - 3.12.9-1 +- Update to 3.12.9 + +* Mon Dec 27 2010 Elio Maldonado - 3.12.9-0.1beta2 +- Rebuilt according to fedora pre-release package naming guidelines + +* Fri Dec 10 2010 Elio Maldonado - 3.12.8.99.2-1 +- Update to NSS_3_12_9_BETA2 + +* Wed Dec 08 2010 Elio Maldonado - 3.12.8.99.1-1 +- Update to NSS_3_12_9_BETA1 + +* Wed Sep 29 2010 jkeating - 3.12.8-2 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Elio Maldonado - 3.12.8-1 +- Update to 3.12.8 + +* Sat Sep 18 2010 Elio Maldonado - 3.12.7.99.4-1 +- NSS 3.12.8 RC0 + +* Sat Sep 04 2010 Elio Maldonado - 3.12.7.99.3-1 +- NSS 3.12.8 Beta 3 + +* Sun Aug 29 2010 Elio Maldonado - 3.12.7-2 +- Define NSS_USE_SYSTEM_SQLITE and remove nolocalsql patch + +* Mon Aug 16 2010 Elio Maldonado - 3.12.7-1 +- Update to 3.12.7 + +* Fri Mar 05 2010 Elio Maldonado - 3.12.6-1 +- Update to 3.12.6 + +* Mon Jan 18 2010 Elio Maldonado - 3.12.5-2 +- Fix in nss-util-config.in + +* Thu Dec 03 2009 Elio Maldonado - 3.12.5-1 +- Update to 3.12.5 + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-8 +- Retagging for a chained build with nss-softokn and nss + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-5 +- Restoring -rpath-link to nss-util-config + +* Tue Sep 08 2009 Elio Maldonado - 3.12.4-4 +- Installing shared libraries to %%{_libdir} + +* Sat Sep 05 2009 Elio Maldonado - 3.12.4-3 +- Remove symbolic links to shared libraries from devel - 521155 +- Apply nss-nolocalsql patch subset for nss-util +- No rpath-link in nss-util-config + +* Fri Sep 04 2009 Elio Maldonado - 3.12.4-2 +- Retagging for a chained build + +* Thu Sep 03 2009 Elio Maldonado - 3.12.4-1 +- Update to 3.12.4 +- Don't require sqlite + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-15 +- Bump the release number for a chained build of nss-util, nss-softokn and nss + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-14 +- Cleanup nss-util-config.in + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-13 +- nss-util-devel doesn't require nss-devel + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-12 +- bump to unique nvr + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-11 +- Remove spurious executable permissions from nss-util-config +- Shorten some descriptions to keep rpmlint happy + +* Mon Aug 24 2009 Dennis Gilmore 3.12.3.99.3-10 +- dont include the headers in nss-util only in the -devel package +- nss-util-devel Requires nss-devel since its only providing a subset of the headers. + +* Thu Aug 20 2009 Dennis Gilmore 3.12.3.99.3-9 +- Provide nss-devel since we obsolete it + +* Wed Aug 19 2009 Elio Maldonado 3.12.3.99.3-8.1 +- nss-util-devel obsoletes nss-devel < 3.12.3.99.3-8 + +* Wed Aug 19 2009 Elio Maldonado 3.12.3.99.3-8 +- Initial build