specs/n/nss/nss-vl.spec

%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}

%define _unpackaged_files_terminate_build 1

%define nspr_version 4.11
%define unsupported_tools_directory %{_libdir}/nss/unsupported-tools

# Produce .chk files for the final stripped binaries
#
# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
# against the freebl that we just built. This is necessary
# because the signing algorithm changed on 3.14 to DSA2 with SHA256
# whereas we previously signed with DSA and SHA1. We must Keep this line
# until all mock platforms have been updated.
# After %%{__os_install_post} we would add
# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
%define __spec_install_post \
    %{?__debug_package:%{__debug_install_post}} \
    %{__arch_install_post} \
    %{__os_install_post} \
    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
%{nil}


Summary:          Network Security Services
Name:             nss
Version:          3.21.1
Release:          3%{?_dist_release}
License:          MPLv1.1 or GPLv2+ or LGPLv2+
URL:              http://www.mozilla.org/projects/security/pki/nss/
Group:            System Environment/Libraries
Vendor:           Project Vine
Distribution:     Vine Linux

Source0:          %{name}-%{version}.tar.gz
Source1:          nss.pc.in
Source2:          nss-config.in
Source3:          blank-cert8.db
Source4:          blank-key3.db
Source5:          blank-secmod.db
Source6:          blank-cert9.db
Source7:          blank-key4.db
Source8:          system-pkcs11.txt
Source12:         %{name}-pem-20140125.tar.bz2
Source101:	  nss-util.pc.in
Source102:	  nss-util-config.in
Source103:        nss-softokn.pc.in
Source104:        nss-softokn-config.in

Patch2:           add-relro-linker-option.patch
Patch3:           renegotiate-transitional.patch
Patch6:           nss-enable-pem.patch
Patch16:          nss-539183.patch
Patch18:          nss-646045.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
Patch50:          iquote.patch
# As of nss-3.21 we compile NSS with -Werror.
# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
# This requires a cleanup of the PEM module as we have it here.
# TODO: submit a patch to the interim nss-pem upstream project
# The submission will be very different from this patch as
# cleanup there is already in progress there.
Patch51:          pem-compile-with-Werror.patch
Patch52:          Bug-1001841-disable-sslv2-libssl.patch
Patch53:          Bug-1001841-disable-sslv2-tests.patch
Patch54:          sslauth-no-v2.patch
Patch55:          enable-fips-when-system-is-in-fips-mode.patch
# rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
Patch56:          p-ignore-setpolicy.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
Patch62: nss-fix-deadlock-squash.patch
# Two patches from from rhel6.8 that are also needed for rhel-7
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373
Patch74: race.patch
Patch94: nss-3.16-token-init-race.patch
Patch99: ssl-server-min-key-sizes.patch
Patch100: fix-min-library-version-in-SSLVersionRange.patch
# Add support for sha384 tls cipher suites, dss cipher suites, and
# server-side dhe key exchange
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
Patch101: dhe-sha384-dss-support.patch
# TODO: From upstream review: For the client authentication case, should
# probably drop our hack of swapping between sha256 and sha384 and plan
# on implementing the fix we already have a patch for. What is that fix?
Patch102: client_auth_for_sha384_prf_support.patch
Patch103: nss-fix-client-auth-init-hashes.patch
Patch104: nss-map-oid-to-hashalg.patch
Patch105: nss-remove-bogus-assert.patch
Patch106: nss-old-pkcs11-num.patch
Patch107: nss-enable-384-cipher-tests.patch
Patch108: nss-sni-c-v-fix.patch
Patch109: nss-fix-signature-and-hash.patch
Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch

# Enable by default two additional ciphers and fix order of two tables 
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403
Patch112: rh1238290.patch
# Local: keep as long nss-softokn lacks support
Patch113: disable-extended-master-secret-with-old-softoken.patch
# extra tests needed
Patch114: tests-extra.patch
Patch115: nss-prevent-abi-issue.patch
Patch116: nss-tests-prevent-abi-issue.patch
Patch117: fix-nss-test-filtering.patch
Patch118: fix-allowed-sig-alg.patch
Patch119: nss-ssl-ssl3con-delete-duplicates.patch

# Local patches
Patch1002: hasht-dont-include-prtypes.patch
Patch1007: pkcs1sig-include-prtypes.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
Patch1008: nss-util-3.19.1-tls12-mechanisms.patch



BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:    nspr-devel >= %{nspr_version}
BuildRequires:    sqlite3-devel
BuildRequires:    zlib-devel
BuildRequires:    pkgconfig
BuildRequires:    gawk
BuildRequires:    psmisc
BuildRequires:    perl
Provides:         mozilla-nss
Obsoletes:        mozilla-nss
Requires:         nspr >= %{nspr_version}

%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.


%package tools
Summary:          Tools for the Network Security Services
Group:            System Environment/Base
Requires:         nss = %{version}-%{release}

%description tools
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

Install the nss-tools package if you need command-line tools to
manipulate the NSS certificate and key database.


%package devel
Summary:          Development libraries for Network Security Services
Group:            Development/Libraries
Requires:         nss = %{version}-%{release}
Requires:         nspr-devel >= %{nspr_version}
Provides:         mozilla-nss-devel
Obsoletes:        mozilla-nss-devel

%description devel
Header and Library files for doing development with Network Security Services.


%package pkcs11-devel
Summary:          Development libraries for PKCS #11 (Cryptoki) using NSS
Group:            Development/Libraries
Requires:         nss-devel = %{version}-%{release}

%description pkcs11-devel
Library files for developing PKCS #11 modules using basic NSS 
low level services.


## to build compat32 for x86_64 architecture support
%package -n compat32-%{name}
Summary:          Network Security Services
Group: System Environment/Libraries

%description -n compat32-%{name}
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.


%prep
%setup -q
%setup -q -T -D -n %{name}-%{version} -a 12

%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem
%patch16 -p0 -b .539183
pushd nss
%patch18 -p1 -b .646045
popd
%patch40 -p0 -b .noocsptest
%patch50 -p0 -b .iquote
%patch51 -p1 -b -Werror
pushd nss
%patch52 -p1 -b .disableSSL2libssl
%patch53 -p1 -b .disableSSL2tests
%patch54 -p1 -b .sslauth-no-v2
%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
%patch56 -p1 -b .1026677_ignore_set_policy
%patch62 -p1 -b .fix_deadlock
%patch99 -p1 -b .min_key_sizes
%patch100 -p0 -b .1171318
%patch101 -p1 -b .dhe_and_sha384
%patch102 -p1 -b .client_auth_prf
%patch112 -p1 -b .1238290
%patch113 -p1 -b .disable-ems
%patch114 -p1 -b .extra
%patch115 -p1 -b .abi_lib
%patch116 -p1 -b .abi_tests
%patch117 -p1 -b .test-filtering
%patch74 -p1 -b .race
popd
%patch94 -p0 -b .init-token-race
%patch103 -p0 -b .fix_client_auth_crash
%patch104 -p0 -b .use_oids
%patch105 -p0 -b .remove_bogus_assert
%patch106 -p0 -b .old_pkcs11_num
%patch107 -p0 -b .enable_384_cipher_tests
%patch108 -p0 -b .sni_c_v_fix
%patch109 -p0 -b .fix_signature_and_hash
%patch110 -p0 -b .no_ssl2
pushd nss
%patch118 -p1 -b .allowed-sig-alg
popd
%patch119 -p0 -b .delete_duplicates

%patch1002 -p0 -b .prtypes
%patch1007 -p0 -b .include_prtypes
%patch1008 -p1 -b .tls12_mechs


pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
for file in ${pemNeedsFromSoftoken}; do
    %{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
done
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf

pushd nss/tests/ssl
# Create versions of sslcov.txt and sslstress.txt that disable tests
# for SSL2 and EXPORT ciphers.
cat sslcov.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslcov.noSSL2orExport.txt
cat sslstress.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslstress.noSSL2orExport.txt
popd

%build

export NSS_NO_SSL2=1

NSS_NO_PKCS11_BYPASS=1
export NSS_NO_PKCS11_BYPASS

# partial RELRO support as a security enhancement
#LDFLAGS+=-Wl,-z,relro
#export LDFLAGS

FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND

# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
# copied to dist and the rpm install phase can find it
# This due of the upstream changes to fix
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
FREEBL_LOWHASH=1
export FREEBL_LOWHASH

# Enable compiler optimizations and disable debugging code
BUILD_OPT=1
export BUILD_OPT

# Generate symbolic info for debuggers
XCFLAGS=$RPM_OPT_FLAGS
export XCFLAGS

PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1

export PKG_CONFIG_ALLOW_SYSTEM_LIBS
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS

NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`

export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR

#export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
#export FREEBL_LIB_DIR=%{_libdir}
export USE_SYSTEM_FREEBL=0

NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE

export USE_SYSTEM_ZLIB=1
export ZLIB_LIBS=%{_libdir}

%ifarch x86_64 ppc64 ia64 s390x
USE_64=1
export USE_64
%endif

# uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1

#export NSS_BLTEST_NOT_AVAILABLE=1
# 
#%{__make} -C ./nss/coreconf
#%{__make} -C ./nss/lib/dbm
%{__make} -C ./nss


%install

# There is no make install target so we'll do it ourselves.

%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig

# Copy the binary libraries we want
for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
            libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so
do
  %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done

# Install the empty NSS db files
# Legacy db
%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
%{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
%{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
%{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
# Shared db
%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt


# Copy the development libraries we want
for file in libcrmf.a libnssb.a libnssckfw.a
do
  %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done

# Copy the binaries we want
for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
do
  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
done

# Copy the binaries we ship as unsupported
for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
do
  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done

# Copy the include files
for file in dist/public/nss/*.h
do
  %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
done

# Copy some freebl include files we also want
for file in blapi.h alghmac.h
do
  %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done

# Copy the static freebl library
for file in libfreebl.a
do
%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done

# Set up our package file
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
                          -e "s,%%prefix%%,%{_prefix},g" \
                          -e "s,%%exec_prefix%%,%{_prefix},g" \
                          -e "s,%%includedir%%,%{_includedir}/nss3,g" \
                          -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
                          -e "s,%%NSS_VERSION%%,%{version},g" \
                          -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
                          $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc

NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`

export NSS_VMAJOR 
export NSS_VMINOR 
export NSS_VPATCH

%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
%{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
                          -e "s,@prefix@,%{_prefix},g" \
                          -e "s,@exec_prefix@,%{_prefix},g" \
                          -e "s,@includedir@,%{_includedir}/nss3,g" \
                          -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
                          -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
                          -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
                          > $RPM_BUILD_ROOT/%{_bindir}/nss-config

chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config

%{__cat} %{SOURCE101} | sed -e "s,%%libdir%%,%{_libdir},g" \
                          -e "s,%%prefix%%,%{_prefix},g" \
                          -e "s,%%exec_prefix%%,%{_prefix},g" \
                          -e "s,%%includedir%%,%{_includedir}/nss3,g" \
                          -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
                          -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
                          $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc

NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`

export NSSUTIL_VMAJOR 
export NSSUTIL_VMINOR 
export NSSUTIL_VPATCH

%{__cat} %{SOURCE102} | sed -e "s,@libdir@,%{_libdir},g" \
                          -e "s,@prefix@,%{_prefix},g" \
                          -e "s,@exec_prefix@,%{_prefix},g" \
                          -e "s,@includedir@,%{_includedir}/nss3,g" \
                          -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
                          -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
                          -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
                          > $RPM_BUILD_ROOT/%{_bindir}/nss-util-config

chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config

%{__cat} %{SOURCE103} | sed -e "s,%%libdir%%,%{_libdir},g" \
                          -e "s,%%prefix%%,%{_prefix},g" \
                          -e "s,%%exec_prefix%%,%{_prefix},g" \
                          -e "s,%%includedir%%,%{_includedir}/nss3,g" \
                          -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
                          -e "s,%%NSSUTIL_VERSION%%,%{version},g" \
                          -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
                          $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc

SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`

export SOFTOKEN_VMAJOR
export SOFTOKEN_VMINOR
export SOFTOKEN_VPATCH

%{__cat} %{SOURCE104} | sed -e "s,@libdir@,%{_libdir},g" \
                          -e "s,@prefix@,%{_prefix},g" \
                          -e "s,@exec_prefix@,%{_prefix},g" \
                          -e "s,@includedir@,%{_includedir}/nss3,g" \
                          -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
                          -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
                          -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
                          > $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config

chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config


%clean
%{__rm} -rf $RPM_BUILD_ROOT


%post
/sbin/ldconfig >/dev/null 2>/dev/null

%postun
/sbin/ldconfig >/dev/null 2>/dev/null


%files
%defattr(-,root,root)
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libnssdbm3.so
%{_libdir}/libssl3.so
%{_libdir}/libsmime3.so
%{_libdir}/libsoftokn3.so
%{_libdir}/libnssckbi.so
%{_libdir}/libnsspem.so
%{_libdir}/libfreebl3.so
%{unsupported_tools_directory}/shlibsign
%{_libdir}/libfreebl3.chk
%{_libdir}/libnssdbm3.chk
%{_libdir}/libsoftokn3.chk
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt

%files tools
%defattr(-,root,root)
%{_bindir}/certutil
%{_bindir}/cmsutil
%{_bindir}/crlutil
%{_bindir}/modutil
%{_bindir}/pk12util
%{_bindir}/signtool
%{_bindir}/signver
%{_bindir}/ssltap
%{unsupported_tools_directory}/atob
%{unsupported_tools_directory}/btoa
%{unsupported_tools_directory}/derdump
%{unsupported_tools_directory}/ocspclnt
%{unsupported_tools_directory}/pp
%{unsupported_tools_directory}/selfserv
%{unsupported_tools_directory}/strsclnt
%{unsupported_tools_directory}/symkeyutil
%{unsupported_tools_directory}/tstclnt
%{unsupported_tools_directory}/vfyserv
%{unsupported_tools_directory}/vfychain


%files devel
%defattr(-,root,root)
%{_libdir}/libcrmf.a
%{_libdir}/libfreebl.a
%{_libdir}/pkgconfig/nss.pc
%{_libdir}/pkgconfig/nss-softokn.pc
%{_libdir}/pkgconfig/nss-util.pc
%{_bindir}/nss-config
%{_bindir}/nss-softokn-config
%{_bindir}/nss-util-config

%dir %{_includedir}/nss3
%{_includedir}/nss3/alghmac.h
%{_includedir}/nss3/base64.h
%{_includedir}/nss3/blapi.h
%{_includedir}/nss3/blapit.h
%{_includedir}/nss3/cert.h
%{_includedir}/nss3/certdb.h
%{_includedir}/nss3/certt.h
%{_includedir}/nss3/ciferfam.h
%{_includedir}/nss3/cmmf.h
%{_includedir}/nss3/cmmft.h
%{_includedir}/nss3/cms.h
%{_includedir}/nss3/cmsreclist.h
%{_includedir}/nss3/cmst.h
%{_includedir}/nss3/crmf.h
%{_includedir}/nss3/crmft.h
%{_includedir}/nss3/cryptohi.h
%{_includedir}/nss3/cryptoht.h
%{_includedir}/nss3/ecl-exp.h
%{_includedir}/nss3/hasht.h
%{_includedir}/nss3/jar-ds.h
%{_includedir}/nss3/jar.h
%{_includedir}/nss3/jarfile.h
%{_includedir}/nss3/key.h
%{_includedir}/nss3/keyhi.h
%{_includedir}/nss3/keyt.h
%{_includedir}/nss3/keythi.h
%{_includedir}/nss3/nss.h
%{_includedir}/nss3/nssb64.h
%{_includedir}/nss3/nssb64t.h
%{_includedir}/nss3/nssckbi.h
%{_includedir}/nss3/nssilckt.h
%{_includedir}/nss3/nssilock.h
%{_includedir}/nss3/nsslocks.h
%{_includedir}/nss3/nsslowhash.h
%{_includedir}/nss3/nsspem.h
%{_includedir}/nss3/nssrwlk.h
%{_includedir}/nss3/nssrwlkt.h
%{_includedir}/nss3/nssutil.h
%{_includedir}/nss3/ocsp.h
%{_includedir}/nss3/ocspt.h
%{_includedir}/nss3/p12.h
%{_includedir}/nss3/p12plcy.h
%{_includedir}/nss3/p12t.h
%{_includedir}/nss3/pk11func.h
%{_includedir}/nss3/pk11pqg.h
%{_includedir}/nss3/pk11priv.h
%{_includedir}/nss3/pk11pub.h
%{_includedir}/nss3/pk11sdr.h
%{_includedir}/nss3/pkcs11.h
%{_includedir}/nss3/pkcs11f.h
%{_includedir}/nss3/pkcs11n.h
%{_includedir}/nss3/pkcs11p.h
%{_includedir}/nss3/pkcs11t.h
%{_includedir}/nss3/pkcs11u.h
%{_includedir}/nss3/pkcs12.h
%{_includedir}/nss3/pkcs12t.h
%{_includedir}/nss3/pkcs7t.h
%{_includedir}/nss3/pkcs1sig.h
%{_includedir}/nss3/portreg.h
%{_includedir}/nss3/preenc.h
%{_includedir}/nss3/secasn1.h
%{_includedir}/nss3/secasn1t.h
%{_includedir}/nss3/seccomon.h
%{_includedir}/nss3/secder.h
%{_includedir}/nss3/secdert.h
%{_includedir}/nss3/secdig.h
%{_includedir}/nss3/secdigt.h
%{_includedir}/nss3/secerr.h
%{_includedir}/nss3/sechash.h
%{_includedir}/nss3/secitem.h
%{_includedir}/nss3/secmime.h
%{_includedir}/nss3/secmod.h
%{_includedir}/nss3/secmodt.h
%{_includedir}/nss3/secoid.h
%{_includedir}/nss3/secoidt.h
%{_includedir}/nss3/secpkcs5.h
%{_includedir}/nss3/secpkcs7.h
%{_includedir}/nss3/secport.h
%{_includedir}/nss3/shsign.h
%{_includedir}/nss3/smime.h
%{_includedir}/nss3/ssl.h
%{_includedir}/nss3/sslerr.h
%{_includedir}/nss3/sslproto.h
%{_includedir}/nss3/sslt.h
%{_includedir}/nss3/utilrename.h
%{_includedir}/nss3/utilmodt.h
%{_includedir}/nss3/utilpars.h
%{_includedir}/nss3/utilparst.h
	 

%files pkcs11-devel
%defattr(-, root, root)
%{_includedir}/nss3/nssbase.h
%{_includedir}/nss3/nssbaset.h
%{_includedir}/nss3/nssckepv.h
%{_includedir}/nss3/nssckft.h
%{_includedir}/nss3/nssckfw.h
%{_includedir}/nss3/nssckfwc.h
%{_includedir}/nss3/nssckfwt.h
%{_includedir}/nss3/nssckg.h
%{_includedir}/nss3/nssckmdt.h
%{_includedir}/nss3/nssckt.h
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a


## to build compat32 for x86_64 architecture support
%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root)
%{_libdir}/*.so
%ghost %{_libdir}/libsoftokn3.chk
%ghost %{_libdir}/libfreebl3.chk
%{unsupported_tools_directory}/shlibsign
%endif


%changelog
* Mon Jun 20 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.21.1-3
- added libfreebl.a.

* Mon Jun 20 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.21.1-2
- enabled softokn and freebl.
- dropped Patch47 and Patch49.

* Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.21.1-1
- update to 3.21.1
- import patches from centos package

* Thu Jun 12 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 3.16.1-1
- update to 3.16.1

* Thu Apr 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.3-1
- update to 3.14.3
- import patches from fedora package

* Wed Jan 09 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.1-1
- update to 3.14.1

* Sat Sep 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.6-2
- add Source101 (nss-util.pc.in)
- add Source102 (nss-util-config.in)

* Mon Sep 03 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.6-1
- new upstream release 

* Sun Mar 18 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.3-1
- new upstream release

* Thu Dec 22 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-2
- fix nss.pc

* Wed Dec 21 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-1
- new upstream release

* Fri Sep 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.11-1
- new upstram release

* Wed Jun 01 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.10-1
- update to 3.12.10

* Tue Mar 29 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.9-1
- update to 3.12.9.with.ckbi.1.82
- update nss-pem source
- define NSS_USE_SYSTEM_SQLITE, remove unneeded Patch2

* Thu Sep 23 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.12.6-2
- rebuild with rpm-4.8.1 for pkg-config file

* Wed Apr  7 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 3.12.6-1
- new upstream release
- update nss-pem Source12 to 20091210 (from 3.12.6-2.fc14)

* Sat Jan 23 2010 NAKAMURA Kenta <kenta@vinelinux.org> 3.12.5-2
- built with FREEBL_NO_DEPEND environmental variable to include nsslowhash.h

* Sat Jan 09 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.5-1
- new upstream release

* Mon Jul 06 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-4
- rebuild to fix the package built with broken environment.

* Sun Jul 05 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-3
- fixed %%files for compat32

* Sat Jul 04 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-2
- added compat32 subpackages

* Wed Apr 22 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-1
- new upstream release

* Wed Jul 02 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12-1
- new upstream release

* Fri May 18 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 3.11.4-0vl1
- initial build for Vine Linux

* Fri Mar 02 2007 Kai Engert <kengert@redhat.com> - 3.11.5-2
- Fix rhbz#230545, failure to enable FIPS mode
- Fix rhbz#220542, make NSS more tolerant of resets when in the 
  middle of prompting for a user password.

* Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-1
- Update to 3.11.5
- This update fixes two security vulnerabilities with SSL 2
- Do not use -rpath link option
- Added several unsupported tools to tools package

* Tue Jan  9 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-4
- disable ECC, cleanout dead code

* Tue Nov 28 2006 Kai Engert <kengert@redhat.com> - 3.11.4-1
- Update to 3.11.4

* Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-2
- Revert the attempt to require latest NSPR, as it is not yet available
  in the build infrastructure.

* Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-1
- Update to 3.11.3

* Thu Aug 03 2006 Kai Engert <kengert@redhat.com> - 3.11.2-2
- Add /etc/pki/nssdb

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.11.2-1.1
- rebuild

* Fri Jun 30 2006 Kai Engert <kengert@redhat.com> - 3.11.2-1
- Update to 3.11.2
- Enable executable bit on shared libs, also fixes debug info.

* Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 3.11.1-2
- Enable Elliptic Curve Cryptography (ECC)

* Fri May 26 2006 Kai Engert <kengert@redhat.com> - 3.11.1-1
- Update to 3.11.1
- Include upstream patch to limit curves

* Wed Feb 15 2006 Kai Engert <kengert@redhat.com> - 3.11-4
- add --noexecstack when compiling assembler on x86_64

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.2
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes

* Thu Jan 19 2006 Ray Strode <rstrode@redhat.com> 3.11-3
- rebuild

* Fri Dec 16 2005 Christopher Aillon <caillon@redhat.com> 3.11-2
- Update file list for the devel packages

* Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-1
- Update to 3.11

* Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs.2
- Add patch to allow building on ppc*
- Update the pkgconfig file to Require nspr

* Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs
- Initial import into Fedora Core, based on a CVS snapshot of
  the NSS_3_11_RTM tag
- Fix up the pkcs11-devel subpackage to contain the proper headers
- Build with RPM_OPT_FLAGS
- No need to have rpath of /usr/lib in the pc file

* Thu Dec 15 2005 Kai Engert <kengert@redhat.com>
- Adressed review comments by Wan-Teh Chang, Bob Relyea,
  Christopher Aillon.

* Sat Jul  9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1
- Initial build