|
@@ -1,11 +1,11 @@
|
|
|
%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
|
|
|
|
|
|
-%define nspr_version 4.9
|
|
|
+%define nspr_version 4.9.6
|
|
|
%define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
|
|
|
|
|
Summary: Network Security Services
|
|
|
Name: nss
|
|
|
-Version: 3.14.1
|
|
|
+Version: 3.14.3
|
|
|
Release: 1%{?_dist_release}
|
|
|
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
|
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
|
@@ -21,8 +21,24 @@ Source12: %{name}-pem-20120811.tar.bz2
|
|
|
Source101: nss-util.pc.in
|
|
|
Source102: nss-util-config.in
|
|
|
|
|
|
-#Patch1: nss-no-rpath.patch
|
|
|
+Patch2: add-relro-linker-option.patch
|
|
|
+Patch3: renegotiate-transitional.patch
|
|
|
Patch6: nss-enable-pem.patch
|
|
|
+Patch16: nss-539183.patch
|
|
|
+Patch18: nss-646045.patch
|
|
|
+# must statically link pem against the freebl in the buildroot
|
|
|
+# Needed only when freebl on tree has new APIS
|
|
|
+#Patch25: nsspem-use-system-freebl.patch
|
|
|
+# This patch is currently meant for stable branches
|
|
|
+Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
|
|
+# Prevent users from trying to enable ssl pkcs11 bypass
|
|
|
+Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
|
|
|
+# TODO: Remove this patch when the ocsp test are fixed
|
|
|
+Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
|
|
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
|
|
|
+Patch43: no-softoken-freebl-tests.patch
|
|
|
+Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
|
|
|
+Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
|
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
BuildRequires: nspr-devel >= %{nspr_version}
|
|
@@ -96,20 +112,29 @@ v3 certificates, and other security standards.
|
|
|
%prep
|
|
|
%setup -q
|
|
|
%setup -q -T -D -n %{name}-%{version} -a 12
|
|
|
-#%patch1 -p0
|
|
|
+
|
|
|
+%patch2 -p0 -b .relro
|
|
|
+%patch3 -p0 -b .transitional
|
|
|
%patch6 -p0 -b .libpem
|
|
|
+%patch16 -p0 -b .539183
|
|
|
+%patch18 -p0 -b .646045
|
|
|
+# link pem against buildroot's freebl, essential when mixing and matching
|
|
|
+#%patch25 -p0 -b .systemfreebl
|
|
|
+# activate for stable and beta branches
|
|
|
+#%patch29 -p0 -b .cbcrandomivoff
|
|
|
+%patch39 -p1 -b .nobypass
|
|
|
+%patch40 -p1 -b .noocsptest
|
|
|
+%patch43 -p0 -b .nosoftokentests
|
|
|
+%patch44 -p1 -b .syncupwithupstream
|
|
|
+%patch45 -p0 -b .notrash
|
|
|
|
|
|
%build
|
|
|
|
|
|
-FREEBL_NO_DEPEND=1
|
|
|
-export FREEBL_NO_DEPEND
|
|
|
+#NSS_NO_PKCS11_BYPASS=1
|
|
|
+#export NSS_NO_PKCS11_BYPASS
|
|
|
|
|
|
-# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
|
|
-# copied to dist and the rpm install phase can find it
|
|
|
-# This due of the upstream changes to fix
|
|
|
-# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
|
|
-FREEBL_LOWHASH=1
|
|
|
-export FREEBL_LOWHASH
|
|
|
+#FREEBL_NO_DEPEND=1
|
|
|
+#export FREEBL_NO_DEPEND
|
|
|
|
|
|
# Enable compiler optimizations and disable debugging code
|
|
|
BUILD_OPT=1
|
|
@@ -119,9 +144,6 @@ export BUILD_OPT
|
|
|
XCFLAGS=$RPM_OPT_FLAGS
|
|
|
export XCFLAGS
|
|
|
|
|
|
-#export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
|
|
-#export NSPR_LIB_DIR=`nspr-config --libdir`
|
|
|
-
|
|
|
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
|
|
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
|
|
|
|
@@ -134,14 +156,19 @@ NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
|
|
|
export NSPR_INCLUDE_DIR
|
|
|
export NSPR_LIB_DIR
|
|
|
|
|
|
+export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
|
|
|
+export FREEBL_LIB_DIR=%{_libdir}
|
|
|
+export USE_SYSTEM_FREEBL=1
|
|
|
+
|
|
|
+NSS_USE_SYSTEM_SQLITE=1
|
|
|
+export NSS_USE_SYSTEM_SQLITE
|
|
|
+
|
|
|
%ifarch x86_64 ppc64 ia64 s390x
|
|
|
USE_64=1
|
|
|
export USE_64
|
|
|
%endif
|
|
|
|
|
|
-NSS_USE_SYSTEM_SQLITE=1
|
|
|
-export NSS_USE_SYSTEM_SQLITE
|
|
|
-
|
|
|
+#
|
|
|
%{__make} -C ./mozilla/security/coreconf
|
|
|
%{__make} -C ./mozilla/security/dbm
|
|
|
%{__make} -C ./mozilla/security/nss
|
|
@@ -209,9 +236,11 @@ chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
|
|
|
# There is no make install target so we'll do it ourselves.
|
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
|
|
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
|
|
|
|
|
# Copy the binary libraries we want
|
|
|
for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
|
|
@@ -435,6 +464,10 @@ done
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Thu Apr 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.3-1
|
|
|
+- update to 3.24.3
|
|
|
+- import patches from fedora package
|
|
|
+
|
|
|
* Wed Jan 09 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.1-1
|
|
|
- update to 3.14.1
|
|
|
|
|
@@ -570,5 +603,5 @@ done
|
|
|
- Adressed review comments by Wan-Teh Chang, Bob Relyea,
|
|
|
Christopher Aillon.
|
|
|
|
|
|
-* Tue Jul 9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1
|
|
|
+* Sat Jul 9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1
|
|
|
- Initial build
|