diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a5df990 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/nss-util-3.44.tar.gz diff --git a/.nss-util.metadata b/.nss-util.metadata new file mode 100644 index 0000000..1aba32d --- /dev/null +++ b/.nss-util.metadata @@ -0,0 +1 @@ +0082a63b26f7cf067441ef6de90a1af9cc4e4e21 SOURCES/nss-util-3.44.tar.gz diff --git a/SOURCES/hasht-dont-include-prtypes.patch b/SOURCES/hasht-dont-include-prtypes.patch new file mode 100644 index 0000000..2a2ee9b --- /dev/null +++ b/SOURCES/hasht-dont-include-prtypes.patch @@ -0,0 +1,11 @@ +diff -up ./nss/lib/util/hasht.h.prtypes ./nss/lib/util/hasht.h +--- ./nss/lib/util/hasht.h.prtypes 2013-11-23 21:23:12.729136309 -0800 ++++ ./nss/lib/util/hasht.h 2013-11-23 21:23:32.873289479 -0800 +@@ -5,7 +5,6 @@ + #ifndef _HASHT_H_ + #define _HASHT_H_ + +-#include "prtypes.h" + + /* Opaque objects */ + typedef struct SECHashObjectStr SECHashObject; diff --git a/SOURCES/nss-split-util.sh b/SOURCES/nss-split-util.sh new file mode 100755 index 0000000..b56debe --- /dev/null +++ b/SOURCES/nss-split-util.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Splits NSS into nss-util +# Takes as command line input the version of nss +# and assumes that a file nss-${nss_version}-stripped.tar.bz2 +# exits in the current directory + +set -e + +if test -z $1 +then + echo "usage: $0 nss-version" + exit +fi + +export name=nss +export version=$1 + +echo "Extracting ${name}-${version}.tar.gz" + +tar -xzf ${name}-${version}.tar.gz + +# the directory will be named ${name}-${version} + +nss_source_dir=${name}-${version} +util_dir=${name}-util-${version} +softokn_dir=${name}-softokn-${version} + +# make_nss_util +#------------------------------------------------- +# create the nss-util subset consisting of +# nss/dbm --- full directory +# nss/coreconf --- full directory +# nss --- top files only +# nss/lib --- top files only +# nss/lib/util --- full directory +#-------------------------------------------------- + +UTIL_WORK=${util_dir}-work +rm -rf ${UTIL_WORK} +mkdir ${UTIL_WORK} + +# copy everything +cp -a ${nss_source_dir} ${UTIL_WORK}/${util_dir} + +# remove subdirectories that we don't want +rm -rf ${UTIL_WORK}/${util_dir}/nss/cmd +rm -rf ${UTIL_WORK}/${util_dir}/nss/tests +rm -rf ${UTIL_WORK}/${util_dir}/nss/lib + +# start with an empty cmd lib directories to be filled selectively +mkdir ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/Makefile ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/manifest.mn ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/platlibs.mk ${UTIL_WORK}/${util_dir}/nss/cmd +cp ${nss_source_dir}/nss/cmd/platrules.mk ${UTIL_WORK}/${util_dir}/nss/cmd + +mkdir ${UTIL_WORK}/${util_dir}/nss/lib +# copy some files at the top and the util subdirectory recursively +cp ${nss_source_dir}/nss/lib/Makefile ${UTIL_WORK}/${util_dir}/nss/lib +cp ${nss_source_dir}/nss/lib/manifest.mn ${UTIL_WORK}/${util_dir}/nss/lib +cp -a ${nss_source_dir}/nss/lib/util ${UTIL_WORK}/${util_dir}/nss/lib/util +pushd ${UTIL_WORK} +# the compressed tar ball for nss-util +tar -czf ../${name}-util-${version}.tar.gz ${util_dir} +popd + +# cleanup after ourselves +rm -fr ${nss_source_dir} +rm -fr ${UTIL_WORK} + + + diff --git a/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch new file mode 100644 index 0000000..b631dbe --- /dev/null +++ b/SOURCES/nss-util-3.19.1-tls12-mechanisms.patch @@ -0,0 +1,14 @@ +diff -up ./nss/lib/util/pkcs11t.h.tls12_mechs ./nss/lib/util/pkcs11t.h +--- ./nss/lib/util/pkcs11t.h.tls12_mechs 2017-01-13 16:33:12.199107708 +0100 ++++ ./nss/lib/util/pkcs11t.h 2017-01-13 16:34:12.479625017 +0100 +@@ -1650,6 +1650,10 @@ typedef struct CK_TLS_MAC_PARAMS { + + typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + ++/* aliases for compatibility with prior release */ ++#define CK_TLS12_MAC_PARAMS CK_TLS_MAC_PARAMS ++#define CK_TLS12_MAC_PARAMS_PTR CK_TLS_MAC_PARAMS_PTR ++ + /* WTLS is new for version 2.20 */ + typedef struct CK_WTLS_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; diff --git a/SOURCES/nss-util-config.in b/SOURCES/nss-util-config.in new file mode 100644 index 0000000..ef8751d --- /dev/null +++ b/SOURCES/nss-util-config.in @@ -0,0 +1,118 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-util` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-util` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-util` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/SOURCES/nss-util-fix-public-key-from-priv.patch b/SOURCES/nss-util-fix-public-key-from-priv.patch new file mode 100644 index 0000000..820c508 --- /dev/null +++ b/SOURCES/nss-util-fix-public-key-from-priv.patch @@ -0,0 +1,31 @@ +diff -up ./nss/lib/util/pkcs11n.h.pub_priv_mech ./nss/lib/util/pkcs11n.h +--- ./nss/lib/util/pkcs11n.h.pub_priv_mech 2019-06-05 09:59:18.446315784 -0700 ++++ ./nss/lib/util/pkcs11n.h 2019-06-05 10:15:13.388806330 -0700 +@@ -152,11 +152,6 @@ + #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) + #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) + +-/* IKE mechanism (to be proposed to PKCS #11 */ +-#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7) +-#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8) +-#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9) +-#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10) + + /* J-PAKE round 1 key generation mechanisms. + * +@@ -238,6 +233,15 @@ + + #define CKM_NSS_CHACHA20_CTR (CKM_NSS + 33) + ++/* IKE mechanism (to be proposed to PKCS #11 */ ++#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 34) ++#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 35) ++#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 36) ++#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 37) ++ ++/* Derive a public key from a bare private key */ ++#define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40) ++ + /* + * HISTORICAL: + * Do not attempt to use these. They are only used by NETSCAPE's internal diff --git a/SOURCES/nss-util-ike-patch.patch b/SOURCES/nss-util-ike-patch.patch new file mode 100644 index 0000000..0c38bfa --- /dev/null +++ b/SOURCES/nss-util-ike-patch.patch @@ -0,0 +1,131 @@ +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -147,16 +147,22 @@ + #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) + + /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ + #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) + #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) + #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) + #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) + ++/* IKE mechanism (to be proposed to PKCS #11 */ ++#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7) ++#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8) ++#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9) ++#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10) ++ + /* J-PAKE round 1 key generation mechanisms. + * + * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, + * CKA_NSS_JPAKE_SIGNERID + * Output key type: CKK_NSS_JPAKE_ROUND1 + * Output key class: CKO_PRIVATE_KEY + * Parameter type: CK_NSS_JPAKERound1Params + * +@@ -337,16 +343,82 @@ typedef struct CK_NSS_HKDFParams { + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_BBOOL bExpand; + CK_BYTE_PTR pInfo; + CK_ULONG ulInfoLen; + } CK_NSS_HKDFParams; + + /* ++ * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to ++ * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism. ++ * The fields of the structure have the following meanings: ++ * prfMechanism underlying MAC mechanism used to generate the prf. ++ * bHasSeedKey hSeed key is present. ++ * hSeedKey optional seed from key ++ * pSeedData optional seed from data. ++ * ulSeedDataLen length of optional seed data. ++ * If no seed data is present this value is NULL. ++ */ ++typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS { ++ CK_MECHANISM_TYPE prfMechanism; ++ CK_BBOOL bHasSeedKey; ++ CK_OBJECT_HANDLE hSeedKey; ++ CK_BYTE_PTR pSeedData; ++ CK_ULONG ulSeedDataLen; ++} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS; ++ ++/* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to ++ * the CKM_NSS_IKE_PRF_DERIVE mechanism. ++ * ++ * The fields of the structure have the following meanings: ++ * prfMechanism underlying MAC mechanism used to generate the prf. ++ * bRekey hNewKey is present. ++ * pNi Ni value ++ * ulNiLen length of Ni ++ * pNr Nr value ++ * ulNrLen length of Nr ++ * hNewKey New key value to drive the rekey. ++ */ ++typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS { ++ CK_MECHANISM_TYPE prfMechanism; ++ CK_BBOOL bDataAsKey; ++ CK_BBOOL bRekey; ++ CK_BYTE_PTR pNi; ++ CK_ULONG ulNiLen; ++ CK_BYTE_PTR pNr; ++ CK_ULONG ulNrLen; ++ CK_OBJECT_HANDLE hNewKey; ++} CK_NSS_IKE_PRF_DERIVE_PARAMS; ++ ++/* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters ++ * to the CKM_NSS_IKE_PRF_DERIVE mechanism. ++ * ++ * The fields of the structure have the following meanings: ++ * prfMechanism underlying MAC mechanism used to generate the prf. ++ * bRekey hNewKey is present. ++ * pCKYi CKYi value ++ * ulCKYiLen length of CKYi ++ * pCKYr CKYr value ++ * ulCKYrLen length of CKYr ++ * hNewKey New key value to drive the rekey. ++ */ ++typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS { ++ CK_MECHANISM_TYPE prfMechanism; ++ CK_BBOOL bHasPrevKey; ++ CK_OBJECT_HANDLE hKeygxy; ++ CK_OBJECT_HANDLE hPrevKey; ++ CK_BYTE_PTR pCKYi; ++ CK_ULONG ulCKYiLen; ++ CK_BYTE_PTR pCKYr; ++ CK_ULONG ulCKYrLen; ++ CK_BYTE keyNumber; ++} CK_NSS_IKE1_PRF_DERIVE_PARAMS; ++ ++/* + * Parameter for the TLS extended master secret key derivation mechanisms: + * + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH + * + * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash + * function used. For earlier versions of the PRF, set the prfHashMechanism + * value to CKM_TLS_PRF. +diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h +--- a/lib/util/pkcs11t.h ++++ b/lib/util/pkcs11t.h +@@ -877,16 +877,18 @@ typedef CK_ULONG CK_MECHANISM_TYPE; + #define CKM_AES_MAC_GENERAL 0x00001084 + #define CKM_AES_CBC_PAD 0x00001085 + /* new for v2.20 amendment 3 */ + #define CKM_AES_CTR 0x00001086 + /* new for v2.30 */ + #define CKM_AES_GCM 0x00001087 + #define CKM_AES_CCM 0x00001088 + #define CKM_AES_CTS 0x00001089 ++#define CKM_AES_XCBC_MAC 0x0000108C ++#define CKM_AES_XCBC_MAC_96 0x0000108D + + /* BlowFish and TwoFish are new for v2.20 */ + #define CKM_BLOWFISH_KEY_GEN 0x00001090 + #define CKM_BLOWFISH_CBC 0x00001091 + #define CKM_TWOFISH_KEY_GEN 0x00001092 + #define CKM_TWOFISH_CBC 0x00001093 + + /* Camellia is proposed for v2.20 Amendment 3 */ diff --git a/SOURCES/nss-util-sql-default.patch b/SOURCES/nss-util-sql-default.patch new file mode 100644 index 0000000..2d33460 --- /dev/null +++ b/SOURCES/nss-util-sql-default.patch @@ -0,0 +1,25 @@ +# HG changeset patch +# User Kai Engert +# Date 1511548994 -3600 +# Fri Nov 24 19:43:14 2017 +0100 +# Node ID b0658ed367633e505d38c0c0f63b801ddbbb21a4 +# Parent 807662e6ba57db5be05036511ac8634466ed473f +Bug 1377940, Change NSS default storage file format (currently DBM), when no prefix is given, to SQL, r=rrelyea, r=fkiefer + +diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c +--- a/lib/util/utilpars.c ++++ b/lib/util/utilpars.c +@@ -1110,12 +1110,8 @@ const char * + NSSDBType dbType; + PRBool checkEnvDefaultDB = PR_FALSE; + *appName = NULL; +-/* force the default */ +-#ifdef NSS_DISABLE_DBM ++ /* force the default */ + dbType = NSS_DB_TYPE_SQL; +-#else +- dbType = NSS_DB_TYPE_LEGACY; +-#endif + if (configdir == NULL) { + checkEnvDefaultDB = PR_TRUE; + } else if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) { diff --git a/SOURCES/nss-util.pc.in b/SOURCES/nss-util.pc.in new file mode 100644 index 0000000..1310248 --- /dev/null +++ b/SOURCES/nss-util.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-UTIL +Description: Network Security Services Utility Library +Version: %NSSUTIL_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -L${libdir} -lnssutil3 +Cflags: -I${includedir} diff --git a/SOURCES/pkcs1sig-include-prtypes.patch b/SOURCES/pkcs1sig-include-prtypes.patch new file mode 100644 index 0000000..99e1217 --- /dev/null +++ b/SOURCES/pkcs1sig-include-prtypes.patch @@ -0,0 +1,11 @@ +diff -up ./nss/lib/util/pkcs1sig.c.include_prtypes ./nss/lib/util/pkcs1sig.c +--- ./nss/lib/util/pkcs1sig.c.include_prtypes 2014-09-23 14:53:20.586600039 -0700 ++++ ./nss/lib/util/pkcs1sig.c 2014-09-23 14:56:14.569906021 -0700 +@@ -3,6 +3,7 @@ + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + ++#include "prtypes.h" + #include "pkcs1sig.h" + #include "hasht.h" + #include "secerr.h" diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec new file mode 100644 index 0000000..ab912b4 --- /dev/null +++ b/SPECS/nss-util.spec @@ -0,0 +1,586 @@ +%global nspr_version 4.21.0 +# adjust to the very latest build needed +%global nspr_build_version -1 +%global nss_util_version 3.44.0 + +# The upstream omits the trailing ".0", while we need it for +# consistency with the pkg-config version: +# https://bugzilla.redhat.com/show_bug.cgi?id=1578106 +%{lua: +rpm.define(string.format("nss_util_archive_version %s", + string.gsub(rpm.expand("%nss_util_version"), "(.*)%.0$", "%1"))) +} + +Summary: Network Security Services Utilities Library +Name: nss-util +Version: %{nss_util_version} +Release: 3%{?dist} +License: MPLv2.0 +URL: http://www.mozilla.org/projects/security/pki/nss/ +Group: System Environment/Libraries +Requires: nspr >= %{nspr_version}%{nspr_build_version} +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: nspr-devel >= %{nspr_version}%{nspr_build_version} +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: gawk +BuildRequires: psmisc +BuildRequires: perl + +Source0: %{name}-%{nss_util_archive_version}.tar.gz +# The nss-util tar ball is a subset of nss-{version}.tar.gz. +# We use the nss-split-util.sh script for keeping only what we need +# nss-util is produced via via nss-split-util.sh {version} +# Detailed Steps: +# rhpkg clone nss-util +# cd nss-util +# Make the source tarball for nss-util out of the nss one: +# sh ./nss-split-util.sh ${version} +# A file named ${name}-${version}.tar.gz should appear +# ready to upload to the lookaside cache. +Source1: nss-split-util.sh +Source2: nss-util.pc.in +Source3: nss-util-config.in + +# Local patches +Patch2: hasht-dont-include-prtypes.patch +Patch7: pkcs1sig-include-prtypes.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 +Patch8: nss-util-3.19.1-tls12-mechanisms.patch +# To revert the change in: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1377940 +Patch9: nss-util-sql-default.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1546229 +Patch10: nss-util-ike-patch.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806 +Patch11: nss-util-fix-public-key-from-priv.patch + +%description +Utilities for Network Security Services and the Softoken module + +# We shouln't need to have a devel subpackage as util will be used in the +# context of nss or nss-softoken. keeping to please rpmlint. +# +%package devel +Summary: Development libraries for Network Security Services Utilities +Group: Development/Libraries +Requires: nss-util = %{version}-%{release} +Requires: nspr-devel >= %{nspr_version} +Requires: pkgconfig + +%description devel +Header and library files for doing development with Network Security Services. + + +%prep +%setup -q -n %{name}-%{nss_util_archive_version} +%patch2 -p0 -b .prtypes +%patch7 -p0 -b .include_prtypes +%patch8 -p1 -b .tls12_mechs +pushd nss +%patch9 -p1 -R -b .sql-default +%patch10 -p1 -b .ike_mechs +popd +%patch11 -p1 -b .pub_priv_mechs + + +%build + +# Enable compiler optimizations and disable debugging code +BUILD_OPT=1 +export BUILD_OPT + +# Uncomment to disable optimizations +#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` +#export RPM_OPT_FLAGS + +# Generate symbolic info for debuggers +XCFLAGS=$RPM_OPT_FLAGS +export XCFLAGS + +PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + +export PKG_CONFIG_ALLOW_SYSTEM_LIBS +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS + +NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` +NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` + +export NSPR_INCLUDE_DIR +export NSPR_LIB_DIR + +export NSS_USE_SYSTEM_SQLITE=1 + +export NSS_BUILD_UTIL_ONLY=1 + +# external tests are not suitable for nss-util and +# won't compile as they depend on ssl +export NSS_DISABLE_GTESTS=1 + +%ifnarch noarch +%if 0%{__isa_bits} == 64 +USE_64=1 +export USE_64 +%endif +%endif + +# make util +%{__make} -C ./nss/coreconf +%{__make} -C ./nss + +# Set up our package file +%{__mkdir_p} ./dist/pkgconfig +%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ + ./dist/pkgconfig/nss-util.pc + +NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` +NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` +NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` + +export NSSUTIL_VMAJOR +export NSSUTIL_VMINOR +export NSSUTIL_VPATCH + +%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ + > ./dist/pkgconfig/nss-util-config + +chmod 755 ./dist/pkgconfig/nss-util-config + + +%install + +%{__rm} -rf $RPM_BUILD_ROOT + +# There is no make install target so we'll do it ourselves. + +%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 +%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/nss3 +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} + +for file in libnssutil3.so +do + %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Copy the include files we want +# The util headers, the rest come from softokn and nss +for file in dist/public/nss/*.h +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy the template files we want +for file in dist/private/nss/templates.c +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates +done + +# Copy the package configuration files +%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc +%{__install} -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config + +%clean +%{__rm} -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%{_libdir}/libnssutil3.so + +%files devel +%defattr(-,root,root) +# package configuration files +%{_libdir}/pkgconfig/nss-util.pc +%{_bindir}/nss-util-config + +# co-owned with nss +%dir %{_includedir}/nss3 +# these are marked as public export in nss/lib/util/manifest.mk +%{_includedir}/nss3/base64.h +%{_includedir}/nss3/ciferfam.h +%{_includedir}/nss3/eccutil.h +%{_includedir}/nss3/hasht.h +%{_includedir}/nss3/nssb64.h +%{_includedir}/nss3/nssb64t.h +%{_includedir}/nss3/nsslocks.h +%{_includedir}/nss3/nssilock.h +%{_includedir}/nss3/nssilckt.h +%{_includedir}/nss3/nssrwlk.h +%{_includedir}/nss3/nssrwlkt.h +%{_includedir}/nss3/nssutil.h +%{_includedir}/nss3/pkcs11.h +%{_includedir}/nss3/pkcs11f.h +%{_includedir}/nss3/pkcs11n.h +%{_includedir}/nss3/pkcs11p.h +%{_includedir}/nss3/pkcs11t.h +%{_includedir}/nss3/pkcs11u.h +%{_includedir}/nss3/pkcs11uri.h +%{_includedir}/nss3/pkcs1sig.h +%{_includedir}/nss3/portreg.h +%{_includedir}/nss3/secasn1.h +%{_includedir}/nss3/secasn1t.h +%{_includedir}/nss3/seccomon.h +%{_includedir}/nss3/secder.h +%{_includedir}/nss3/secdert.h +%{_includedir}/nss3/secdig.h +%{_includedir}/nss3/secdigt.h +%{_includedir}/nss3/secerr.h +%{_includedir}/nss3/secitem.h +%{_includedir}/nss3/secoid.h +%{_includedir}/nss3/secoidt.h +%{_includedir}/nss3/secport.h +%{_includedir}/nss3/utilmodt.h +%{_includedir}/nss3/utilpars.h +%{_includedir}/nss3/utilparst.h +%{_includedir}/nss3/utilrename.h +%{_includedir}/nss3/templates/templates.c + +%changelog +* Wed Jun 5 2019 Bob Relyea - 3.44.0-3 +- Add pub from priv mechanism +- ike mechanisms should not overlap with JPAKE + +* Wed May 22 2019 Bob Relyea - 3.44.0-2 +- Add ike mechanisms + +* Wed May 15 2019 Daiki Ueno - 3.44.0-1 +- Rebase to NSS 3.44 + +* Thu Mar 21 2019 Daiki Ueno - 3.43.0-1 +- Rebase to NSS 3.43 + +* Mon Nov 12 2018 Bob Relyea - 3.36.0-2 +- Update the cert verify code to allow a new ipsec usage and follow RFC 4945 + +* Mon Mar 5 2018 Daiki Ueno - 3.36.0-1 +- Rebase to NSS 3.36 + +* Thu Mar 1 2018 Daiki Ueno - 3.36.0-0.1.beta +- Rebase to NSS 3.36 BETA + +* Tue Jan 16 2018 Daiki Ueno - 3.34.0-2 +- Recognize "ECC" flag in slotFlags + +* Thu Nov 23 2017 Daiki Ueno - 3.34.0-1 +- Rebase to nss-3.34 + +* Mon Oct 30 2017 Daiki Ueno - 3.34.0-0.1.beta1 +- Rebase to nss-3.34-beta1 + +* Fri Oct 6 2017 Daiki Ueno - 3.33.0-1 +- Rebase to nss-3.33 + +* Mon May 15 2017 Daiki Ueno - 3.28.4-3 +- Backport patch to allow empty line at the end of policy file + +* Thu Apr 20 2017 Daiki Ueno - 3.28.4-2 +- Rebase to nss-3.28.4 + +* Thu Mar 9 2017 Daiki Ueno - 3.28.3-3 +- Backport necessary constant definitions + +* Thu Mar 2 2017 Daiki Ueno - 3.28.3-2 +- Rebase to nss-3.28.3 + +* Fri Feb 17 2017 Daiki Ueno - 3.28.2-1.1 +- Prevent ABI incompatibility of SECKEYECPublicKey structure + +* Fri Feb 10 2017 Daiki Ueno - 3.28.2-1.0 +- Rebase to nss-3.28.1 +- Remove upstreamed build-nss-util-only.patch +- Package new header eccutil.h + +* Mon Oct 24 2016 Daiki Ueno - 3.21.3-1 +- Rebase to nss-3.21.3 +- Remove patch for CVE-2016-1950, which is included in the release +- Related: Bug 1347908 + +* Mon Apr 18 2016 Elio Maldonado - 3.21.0-4 +- Manual merge from the rhel-7.2 branch +- Fix one alias for naming compatibility with prior release +- Remove an unused patch + +* Mon Feb 22 2016 Kai Engert - 3.21.0-3 +- Added upstream patch for CVE-2016-1950 + +* Thu Jan 28 2016 Elio Maldonado - 3.21.0-1 +- Rebase to nss-util from nss 3.21 +- Resolves: Bug 1297940 - Rebase RHEL 7.3 to NSS-util 3.21 in preparation for Firefox 45 + +* Fri Nov 20 2015 Elio Maldonado - 3.19.1-5 +- Merge security fix from the RHEL-7.1 branch +- Resolves: Bug 1269358 - CVE-2015-7182 CVE-2015-7181 + +* Thu Jul 16 2015 Elio Maldonado - 3.19.1-4 +- Add links to filed upstream bugs to better track patches in spec file + +* Thu Jun 18 2015 Elio Maldonado - 3.19.1-3 +- Remove unused patch + +* Thu Jun 18 2015 Elio Maldonado - 3.19.1-2 +- Add support for TLS 1.2 SHA384 per PKCS #11 v2.40 + +* Fri Jun 05 2015 Elio Maldonado - 3.19.1-1 +- Resolves: Bug 1228913: Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1] + +* Mon Mar 30 2015 Elio Maldonado - 3.18.0-1 +- Resolves: Bug 1200931 - [RHEL7.1] nss-util 3.18 rebase required for firefox 38 ESR + +* Thu Jan 22 2015 Elio Maldonado - 3.16.2.3-2 +- Bump the release number to be higher than the one for rhel-7.0 +- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 + +* Thu Nov 13 2014 Elio Maldonado - 3.16.2.3-1 +- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 + +* Tue Sep 23 2014 Elio Maldonado - 3.16.2-3 +- Resolves: bug 1145434 - CVE-2014-1568 + +* Tue Aug 05 2014 Peter Robinson 3.16.2-2 +- Generic 32/64 bit platform detection (fix ppc64le build) +- Resolves: Bug 1126244 - Ensure nss-util is built for 64 bit on ppc64le +- Fix contributed by Peter Robinson + +* Tue Jul 08 2014 Elio Maldonado - 3.16.2-1 +- Update to nss-3.16.2 +- Resolves: Bug 1103251 + +* Fri Jan 24 2014 Daniel Mach - 3.15.4-2 +- Mass rebuild 2014-01-24 + +* Sun Jan 19 2014 Elio Maldonado - 3.15.3-4 +- Update to nss-3.15.4 +- Modified the nss-split-util script to use the nss upstream pristine sources +- Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue [rhel-7.0] + +* Thu Jan 09 2014 Elio Maldonado - 3.15.3-3 +- Add the nss-util portion of a fix for a bug in nss and nss-util +- Resolves: Bug 752980 - Support ECDSA via pluggable ECC in the nss package + +* Fri Dec 27 2013 Daniel Mach - 3.15.3-2 +- Mass rebuild 2013-12-27 + +* Mon Nov 25 2013 Elio Maldonado - 3.15.3-1 +- Update to NSS_3_15_3_RTM +- Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 + +* Tue Aug 06 2013 Elio Maldonado - 3.15.1-2 +- Remove an obsolete script and adjust sources numbering accordingly. + +* Fri Jul 26 2013 Elio Maldonado - 3.15.1-1 +- Update to NSS_3_15_1_RTM + +* Tue Jul 02 2013 Elio Maldonado - 3.15-2 +- Produce source tar ball from the unstripped nss source tar ball + +* Wed May 29 2013 Elio Maldonado - 3.15-1 +- Update to NSS_3_15_RTM + +* Fri Apr 19 2013 Elio Maldonado - 3.15-0.1.beta1.2 +- Don't include prtypes.h from hasht.t +- Resolves: rhbz#953277 - rawhide build of glibc fails due to fatal error from nss3/hasht.h + +* Fri Apr 05 2013 Elio Maldonado - 3.15.beta1-0.1.beta.1 +- Update to NSS_3_15_BETA1 +- Update spec file, patches, and helper scripts on account of a shallower source tree + +* Fri Feb 15 2013 Elio Maldonado - 3.14.3-1 +- Update to NSS_3_14_3_RTM +- Resolves: rhbz#909782 - specfile support for AArch64 + +* Sat Feb 02 2013 Elio Maldonado - 3.14.2-2 +- Retagging to prevent nvr update problems with f18 + +* Fri Feb 01 2013 Elio Maldonado - 3.14.2-1 +- Update to NSS_3_14_2_RTM + +* Thu Dec 27 2012 Elio Maldonado - 3.14.1-2 +- Install templates.c in /usr/includes/nss3/templates +- Fix bogus date warnings + +* Mon Dec 17 2012 Elio Maldonado - 3.14.1-1 +- Update to NSS_3_14_1_RTM + +* Sat Oct 27 2012 Elio Maldonado - 3.14-2 +- Update the license to MPLv2.0 + +* Mon Oct 22 2012 Elio Maldonado - 3.14-1 +- Update to NSS_3_14_RTM + +* Fri Oct 19 2012 Elio Maldonado - 3.14-0.1.rc1.1 +- Update to NSS_3_14_RC1 +- The hasht.h from now on is provided by nss-util-devel + +* Fri Jul 20 2012 Fedora Release Engineering - 3.13.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 20 2012 Elio Maldonado - 3.13.5-3 +- Resolves: rhbz#833529 - revert unwanted change to nss-util.pc.in + +* Tue Jun 19 2012 Elio Maldonado - 3.13.5-2 +- Resolves: rhbz#833529 - Remove space from Libs: line in nss-util.pc.in + +* Sat Jun 16 2012 Elio Maldonado - 3.13.5-1 +- Update to NSS_3_13_5_RTM + +* Sun Apr 08 2012 Elio Maldonado - 3.13.4-2 +- Resolves: Bug 805716 - Library needs partial RELRO support added +- Patch coreconf/Linux.mk as done on RHEL 6.2 + +* Fri Apr 06 2012 Elio Maldonado - 3.13.4-1 +- Update to NSS_3_13_4 + +* Sun Apr 01 2012 Elio Maldonado - 3.13.4-0.1.beta.1 +- Update to NSS_3_13_4_BETA1 +- Improve steps to splitting off util from the nss +- Add executable attribute to the splitting script + +* Tue Mar 27 2012 Elio Maldonado - 3.13.3-4 +- Resolves: Bug 805716 - Library needs partial RELRO support added + +* Fri Mar 16 2012 Elio Maldonado Batiz - 3.13.3-3 +- Update the release tag to be higher than in f16 + +* Fri Mar 09 2012 Elio Maldonado Batiz - 3.13.3-2 +- Require nspr 4.9 + +* Thu Mar 01 2012 Elio Maldonado Batiz - 3.13.1-4 +- Update to NSS_3_13_3_RTM + +* Fri Jan 13 2012 Fedora Release Engineering - 3.13.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 28 2011 Elio Maldonado - 3.13.1-2 +- Fix a gnuc def typo + +* Thu Nov 03 2011 Elio Maldonado - 3.13.1-1 +- Update to NSS_3_13_1_RTM + +* Sat Oct 15 2011 Elio Maldonado - 3.13-1 +- Update to NSS_3_13_RTM + +* Fri Oct 07 2011 Elio Maldonado - 3.13-0.1.rc0.1 +- Update to NSS_3_13_RC0 + +* Thu Sep 8 2011 Ville Skyttä - 3.12.11-2 +- Avoid %%post/un shell invocations and dependencies. + +* Tue Aug 09 2011 Elio Maldonado - 3.12.11-1 +- Update to NSS_3_12_11_RTM + +* Fri May 06 2011 Elio Maldonado - 3.12.10-1 +- Update to NSS_3_12_10_RTM + +* Mon Apr 25 2011 Elio Maldonado Batiz - 3.12.10-0.1.beta1 +- Update to NSS_3_12_10_BETA1 + +* Tue Feb 08 2011 Fedora Release Engineering - 3.12.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Elio Maldonado - 3.12.9-1 +- Update to 3.12.9 + +* Mon Dec 27 2010 Elio Maldonado - 3.12.9-0.1beta2 +- Rebuilt according to fedora pre-release package naming guidelines + +* Fri Dec 10 2010 Elio Maldonado - 3.12.8.99.2-1 +- Update to NSS_3_12_9_BETA2 + +* Wed Dec 08 2010 Elio Maldonado - 3.12.8.99.1-1 +- Update to NSS_3_12_9_BETA1 + +* Wed Sep 29 2010 jkeating - 3.12.8-2 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Elio Maldonado - 3.12.8-1 +- Update to 3.12.8 + +* Sat Sep 18 2010 Elio Maldonado - 3.12.7.99.4-1 +- NSS 3.12.8 RC0 + +* Sat Sep 04 2010 Elio Maldonado - 3.12.7.99.3-1 +- NSS 3.12.8 Beta 3 + +* Sun Aug 29 2010 Elio Maldonado - 3.12.7-2 +- Define NSS_USE_SYSTEM_SQLITE and remove nolocalsql patch + +* Mon Aug 16 2010 Elio Maldonado - 3.12.7-1 +- Update to 3.12.7 + +* Fri Mar 05 2010 Elio Maldonado - 3.12.6-1 +- Update to 3.12.6 + +* Mon Jan 18 2010 Elio Maldonado - 3.12.5-2 +- Fix in nss-util-config.in + +* Thu Dec 03 2009 Elio Maldonado - 3.12.5-1 +- Update to 3.12.5 + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-8 +- Retagging for a chained build with nss-softokn and nss + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-5 +- Restoring -rpath-link to nss-util-config + +* Tue Sep 08 2009 Elio Maldonado - 3.12.4-4 +- Installing shared libraries to %%{_libdir} + +* Sat Sep 05 2009 Elio Maldonado - 3.12.4-3 +- Remove symbolic links to shared libraries from devel - 521155 +- Apply nss-nolocalsql patch subset for nss-util +- No rpath-link in nss-util-config + +* Fri Sep 04 2009 Elio Maldonado - 3.12.4-2 +- Retagging for a chained build + +* Thu Sep 03 2009 Elio Maldonado - 3.12.4-1 +- Update to 3.12.4 +- Don't require sqlite + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-15 +- Bump the release number for a chained build of nss-util, nss-softokn and nss + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-14 +- Cleanup nss-util-config.in + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-13 +- nss-util-devel doesn't require nss-devel + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-12 +- bump to unique nvr + +* Wed Aug 26 2009 Elio Maldonado - 3.12.3.99.3-11 +- Remove spurious executable permissions from nss-util-config +- Shorten some descriptions to keep rpmlint happy + +* Mon Aug 24 2009 Dennis Gilmore 3.12.3.99.3-10 +- dont include the headers in nss-util only in the -devel package +- nss-util-devel Requires nss-devel since its only providing a subset of the headers. + +* Thu Aug 20 2009 Dennis Gilmore 3.12.3.99.3-9 +- Provide nss-devel since we obsolete it + +* Wed Aug 19 2009 Elio Maldonado 3.12.3.99.3-8.1 +- nss-util-devel obsoletes nss-devel < 3.12.3.99.3-8 + +* Wed Aug 19 2009 Elio Maldonado 3.12.3.99.3-8 +- Initial build