###############################################################################
name = dracut
-version = 010
-release = 5
+version = 016
+release = 1
arch = noarch
groups = System/Boot
dracut is a new, event-driven initramfs infrastructure based around udev.
end
-source_dl =
-sources = %{thisapp}.tar.bz2
+source_dl = http://www.kernel.org/pub/linux/utils/boot/dracut/
+sources = %{thisapp}.tar.xz
build
requires
docbook-xsl
end
+ dracutlibdir = %{prefix}/lib/dracut
+
install
make install DESTDIR=%{BUILDROOT} \
- sbindir=/sbin sysconfdir=/etc mandir=/usr/share/man
+ sysconfdir=/etc mandir=/usr/share/man
# Install local configuration.
mkdir -pv %{BUILDROOT}/etc/dracut.conf.d
cp -vf %{DIR_SOURCE}/ipfire.conf %{BUILDROOT}/etc/dracut.conf.d/ipfire.conf
+
+ # Save package version.
+ echo "%{name}-%{version}-%{release}" > \
+ %{BUILDROOT}%{dracutlibdir}/modules.d/10rpmversion/dracut-version
+
+ # Remove Gentoo specific module.
+ rm -rvf %{BUILDROOT}%{dracutlibdir}/modules.d/50gensplash
+
+ mkdir -pv %{BUILDROOT}/boot/dracut
+ mkdir -pv %{BUILDROOT}/var/lib/dracut/overlay
+ mkdir -pv %{BUILDROOT}/var/lib/initramfs
+ mkdir -pv %{BUILDROOT}%{localstatedir}/log
+ touch %{BUILDROOT}%{localstatedir}/log/dracut.log
+
+ mkdir -pv %{BUILDROOT}/etc/logrotate.d
+ install -m 0644 dracut.logrotate %{BUILDROOT}/etc/logrotate.d/dracut_log
end
end
end
files
- /usr/share/dracut/modules.d/40network
- /usr/share/dracut/modules.d/95fcoe
- /usr/share/dracut/modules.d/95iscsi
- /usr/share/dracut/modules.d/95nbd
- /usr/share/dracut/modules.d/95nfs
- /usr/share/dracut/modules.d/45ifcfg
- /usr/share/dracut/modules.d/95znet
+ /usr/lib/dracut/modules.d/40network
+ /usr/lib/dracut/modules.d/95fcoe
+ /usr/lib/dracut/modules.d/95iscsi
+ /usr/lib/dracut/modules.d/95nbd
+ /usr/lib/dracut/modules.d/95nfs
+ /usr/lib/dracut/modules.d/45ifcfg
+ /usr/lib/dracut/modules.d/95znet
end
end
-
package %{name}-utils
summary = Command line utils for dracut.
description = %{summary}
files
- /sbin/dracut-*
- /sbin/*initrd
+ /boot/dracut
+ /usr/bin/dracut-*
+ /usr/share/man/man8/dracut-*
+ /var/lib/dracut
end
end
end
###############################################################################
name = expect
-version = 5.43
+version = 5.45
release = 1
+thisapp = %{name}%{version}
groups = Development/Languages
url = http://expect.nist.gov/
summary = A program-script interaction and testing utility.
description
- xpect is a tcl application for automating and testing \
- interactive applications such as telnet, ftp, passwd, fsck, \
- rlogin, tip, etc. Expect makes it easy for a script to \
+ expect is a tcl application for automating and testing
+ interactive applications such as telnet, ftp, passwd, fsck,
+ rlogin, tip, etc. Expect makes it easy for a script to
control another program and interact with it.
end
-source_dl =
-sources = %{thisapp}.0.tar.gz
+source_dl = http://downloads.sourceforge.net/project/expect/Expect/%{version}/
build
requires
autoconf
automake
- tcl
+ tcl-devel
end
- configure_options = \
- --mandir=/usr/share/man \
- --with-tcl=/usr/lib \
- --with-tclinclude=/usr/include/ \
- --with-x=no \
+ prepare_cmds
+ aclocal
+ autoconf
+
+ cd testsuite
+ autoconf -I..
+ end
+
+ configure_options += \
+ --mandir=%{mandir} \
+ --with-tcl=%{libdir} \
+ --with-tclinclude=%{includedir} \
--enable-shared
test
make test
end
- install
- make install INSTALL_ROOT=%{BUILDROOT}
-
+ install_cmds
# remove cryptdir/decryptdir, as Linux has no crypt command
rm -f %{BUILDROOT}/usr/bin/{cryptdir,decryptdir}
rm -f %{BUILDROOT}/usr/share/man1/{cryptdir,decryptdir}.1*
packages
package %{name}
+
+ package %{name}-devel
+ template DEVEL
end
package %{name}-debuginfo
-diff -up expect-5.43/example/mkpasswd.random expect-5.43/example/mkpasswd
---- expect-5.43/example/mkpasswd.random 2004-12-07 00:38:21.000000000 +0100
-+++ expect-5.43/example/mkpasswd 2008-09-25 12:27:19.000000000 +0200
+diff -up expect-5.44.1.15/example/mkpasswd.orig expect-5.44.1.15/example/mkpasswd
+--- expect-5.44.1.15/example/mkpasswd.orig 2010-03-08 16:01:05.518378075 +0100
++++ expect-5.44.1.15/example/mkpasswd 2010-03-08 16:01:27.408388162 +0100
@@ -92,7 +92,14 @@ proc insert {pvar char} {
}
proc rand {m} {
- expr {int($m*rand())}
-+ set device /dev/urandom ;# /dev/random can block
++ set device /dev/urandom ;# /dev/random can block
+ set fileId [open $device r]
+ binary scan [read $fileId 4] i1 number
+ set clipped [expr $number % $m]
+++ /dev/null
-diff -up expect-5.43/configure.in.lib-spec expect-5.43/configure.in
---- expect-5.43/configure.in.lib-spec 2005-02-08 02:45:06.000000000 +0100
-+++ expect-5.43/configure.in 2008-09-25 12:23:26.000000000 +0200
-@@ -1141,7 +1141,7 @@ if test $ac_cv_sys_long_file_names = no;
- fi
-
- EXP_BUILD_LIB_SPEC="-L`pwd` -lexpect${EXP_LIB_VERSION}${DBGX}"
--EXP_LIB_SPEC="-L\${INSTALL_ROOT}\${exec_prefix}/lib -lexpect${EXP_LIB_VERSION}${DBGX}"
-+EXP_LIB_SPEC="-L\${libdir}/../.. -lexpect${EXP_LIB_VERSION}${DBGX}"
- EXP_UNSHARED_LIB_FILE=libexpect${EXP_LIB_VERSION}${DBGX}.a
-
- # The TCL_SHARED_LIB_SUFFIX macro below relies on the DBGX macro,
+++ /dev/null
-diff -up expect-5.43/Makefile.in.libdir expect-5.43/Makefile.in
---- expect-5.43/Makefile.in.libdir 2004-05-07 20:10:30.000000000 +0200
-+++ expect-5.43/Makefile.in 2008-09-25 12:24:08.000000000 +0200
-@@ -317,7 +317,7 @@ EXP_AND_TK_LIBS = $(LDFLAGS) @EXP_AND_TK
- CFLAGS_INT = $(MH_CFLAGS) $(CPPFLAGS) $(XCFLAGS)
-
- LIB_INSTALL_DIR = $(tcl_libdir)
--LIB_RUNTIME_DIR = $(tcl_libdir)
-+LIB_RUNTIME_DIR = $(subst $(INSTALL_ROOT),,$(tcl_libdir))
- # I don't understand why Tcl splits these up, but it does. LIB_RUNTIME_DIR
- # can appear as part of the LD_SEARCH_FLAGS inherited by configure.
-
--- /dev/null
+diff -up expect-5.44.1.15/exp_log.c.orig expect-5.44.1.15/exp_log.c
+--- expect-5.44.1.15/exp_log.c.orig 2010-03-08 15:45:20.581378309 +0100
++++ expect-5.44.1.15/exp_log.c 2010-03-08 15:45:38.838398279 +0100
+@@ -374,7 +374,7 @@ expDiagChannelOpen(interp,filename)
+ Tcl_DStringAppend(&tsdPtr->diagFilename,filename,-1);
+ }
+
+- tsdPtr->diagChannel = Tcl_OpenFileChannel(interp,newfilename,"a",0777);
++ tsdPtr->diagChannel = Tcl_OpenFileChannel(interp,newfilename,"a",0666);
+ if (!tsdPtr->diagChannel) {
+ Tcl_DStringFree(&tsdPtr->diagFilename);
+ return TCL_ERROR;
+++ /dev/null
-diff -Nur expect-5.43_old/configure expect-5.43_new/configure
---- expect-5.43_old/configure 2010-03-10 10:11:41.000000000 +0100
-+++ expect-5.43_new/configure 2010-03-10 10:12:01.000000000 +0100
-@@ -9,7 +9,7 @@
-
- # Defaults:
- ac_help=
--ac_default_prefix=/usr/local
-+ac_default_prefix=/usr
- # Any additions from configure.in:
- ac_help="$ac_help
- --enable-threads build with threads (not supported)"
--- /dev/null
+diff -up expect5.45/configure.in.orig expect5.45/configure.in
+--- expect5.45/configure.in.orig 2011-01-18 16:58:14.860806442 +0100
++++ expect5.45/configure.in 2011-01-18 16:58:30.378753210 +0100
+@@ -977,6 +977,7 @@ AC_SUBST(EXP_CC_SEARCH_FLAGS)
+ AC_SUBST(SETUID)
+ AC_SUBST(SETPGRP_VOID)
+ AC_SUBST(DEFAULT_STTY_ARGS)
++AC_SUBST(TCL_VERSION)
+ # Expect uses these from tclConfig.sh to make the main executable
+ AC_SUBST(TCL_DL_LIBS)
+ AC_SUBST(TCL_CC_SEARCH_FLAGS)
+diff -up expect5.45/Makefile.in.orig expect5.45/Makefile.in
+--- expect5.45/Makefile.in.orig 2011-01-18 16:58:37.787723824 +0100
++++ expect5.45/Makefile.in 2011-01-18 17:05:10.697636907 +0100
+@@ -121,8 +121,8 @@ includedir = @includedir@
+ DESTDIR =
+
+ PKG_DIR = $(PACKAGE_NAME)$(PACKAGE_VERSION)
+-pkgdatadir = $(datadir)/$(PKG_DIR)
+-pkglibdir = $(libdir)/$(PKG_DIR)
++pkgdatadir = $(datadir)/tcl@TCL_VERSION@/$(PKG_DIR)
++pkglibdir = $(libdir)/tcl@TCL_VERSION@/$(PKG_DIR)
+ pkgincludedir = $(includedir)/$(PKG_DIR)
+
+ top_builddir = .
+@@ -263,7 +263,7 @@ install-doc: doc
+ else true; fi ; \
+ done
+
+-test: binaries libraries
++test: binaries libraries pkgIndex.tcl-test
+ $(TCLSH) `@CYGPATH@ $(srcdir)/tests/all.tcl` $(TESTFLAGS)
+
+ shell: binaries libraries
+@@ -331,6 +331,11 @@ pkgIndex.tcl:
+ pkgIndex.tcl-hand:
+ (echo 'if {![package vsatisfies [package provide Tcl] @TCL_VERSION@]} {return}' ; \
+ echo 'package ifneeded Expect $(PACKAGE_VERSION) \
++ [list load [file join $$dir .. .. $(PKG_LIB_FILE)]]'\
++ ) > pkgIndex.tcl
++
++pkgIndex.tcl-test:
++ (echo 'package ifneeded Expect $(PACKAGE_VERSION) \
+ [list load [file join $$dir $(PKG_LIB_FILE)]]'\
+ ) > pkgIndex.tcl
+
+++ /dev/null
-Submitted By: LFS Book <lfs-book@linuxfromscratch.org>
-Date: 2003-10-05
-Initial Package Version: 5.38
-Origin: Redhat RPM (Patch by HJ Lu)
-Description: NA
-diff -uNr expect-5.38.orig/exp_chan.c expect-5.38/exp_chan.c
---- expect-5.38.orig/exp_chan.c 2002-02-12 13:00:55.000000000 +1100
-+++ expect-5.38/exp_chan.c 2003-03-01 10:36:18.000000000 +1100
-@@ -519,6 +519,7 @@
- esPtr->buffer = Tcl_NewStringObj("",0);
- Tcl_IncrRefCount(esPtr->buffer);
- esPtr->umsize = exp_default_match_max;
-+ esPtr->umsize_changed = exp_default_match_max_changed;
- /* this will reallocate object with an appropriate sized buffer */
- expAdjust(esPtr);
-
-diff -uNr expect-5.38.orig/exp_command.h expect-5.38/exp_command.h
---- expect-5.38.orig/exp_command.h 2002-04-08 08:57:20.000000000 +1000
-+++ expect-5.38/exp_command.h 2003-03-01 10:36:18.000000000 +1100
-@@ -25,6 +25,7 @@
- EXTERN char * exp_get_var _ANSI_ARGS_((Tcl_Interp *,char *));
-
- EXTERN int exp_default_match_max;
-+EXTERN int exp_default_match_max_changed;
- EXTERN int exp_default_parity;
- EXTERN int exp_default_rm_nulls;
-
-@@ -97,6 +98,7 @@
- int msize; /* # of bytes that buffer can hold (max) */
- int umsize; /* # of bytes (min) that is guaranteed to match */
- /* this comes from match_max command */
-+ int umsize_changed; /* is umsize changed by user? */
- int printed; /* # of bytes written to stdout (if logging on) */
- /* but not actually returned via a match yet */
- int echoed; /* additional # of bytes (beyond "printed" above) */
-diff -uNr expect-5.38.orig/expect.c expect-5.38/expect.c
---- expect-5.38.orig/expect.c 2002-04-08 09:00:33.000000000 +1000
-+++ expect-5.38/expect.c 2003-03-01 10:36:18.000000000 +1100
-@@ -41,8 +41,17 @@
- #include "tcldbg.h"
- #endif
-
-+/* The initial length is 2000. We increment it by 2000. The maximum
-+ is 8MB (0x800000). */
-+#define EXP_MATCH_MAX 2000
-+#define EXP_MATCH_INC 2000
-+#define EXP_MATCH_STEP_LIMIT 0x700000
-+#define EXP_MATCH_LIMIT 0x800000
-+#define EXP_MATCH_LIMIT_QUOTE "0x800000"
-+
- /* initial length of strings that we can guarantee patterns can match */
--int exp_default_match_max = 2000;
-+int exp_default_match_max = EXP_MATCH_MAX;
-+int exp_default_match_max_changed = 0;
- #define INIT_EXPECT_TIMEOUT_LIT "10" /* seconds */
- #define INIT_EXPECT_TIMEOUT 10 /* seconds */
- int exp_default_parity = TRUE;
-@@ -1618,6 +1627,76 @@
- return newsize;
- }
-
-+/* returns # of bytes until we see a newline at the end or EOF. */
-+/*ARGSUSED*/
-+static int
-+expReadNewLine(interp,esPtr,save_flags) /* INTL */
-+Tcl_Interp *interp;
-+ExpState *esPtr;
-+int save_flags;
-+{
-+ int size;
-+ int exp_size;
-+ int full_size;
-+ int count;
-+ char *str;
-+
-+ count = 0;
-+ for (;;) {
-+ exp_size = expSizeGet(esPtr);
-+
-+ /* When we reach the limit, we will only read one char at a
-+ time. */
-+ if (esPtr->umsize >= EXP_MATCH_STEP_LIMIT)
-+ size = TCL_UTF_MAX;
-+ else
-+ size = exp_size;
-+
-+ if (exp_size + TCL_UTF_MAX >= esPtr->msize) {
-+ if (esPtr->umsize >= EXP_MATCH_LIMIT) {
-+ expDiagLogU("WARNING: interact buffer is full. probably your program\r\n");
-+ expDiagLogU("is not interactive or has a very long output line. The\r\n");
-+ expDiagLogU("current limit is " EXP_MATCH_LIMIT_QUOTE ".\r\n");
-+ expDiagLogU("Dumping first half of buffer in order to continue\r\n");
-+ expDiagLogU("Recommend you enlarge the buffer.\r\n");
-+ exp_buffer_shuffle(interp,esPtr,save_flags,EXPECT_OUT,"expect");
-+ return count;
-+ }
-+ else {
-+ esPtr->umsize += EXP_MATCH_INC;
-+ expAdjust(esPtr);
-+ }
-+ }
-+
-+ full_size = esPtr->msize - (size / TCL_UTF_MAX);
-+ size = Tcl_ReadChars(esPtr->channel,
-+ esPtr->buffer,
-+ full_size,
-+ 1 /* append */);
-+ if (size > 0) {
-+ count += size;
-+ /* We try again if there are more to read and we haven't
-+ seen a newline at the end. */
-+ if (size == full_size) {
-+ str = Tcl_GetStringFromObj(esPtr->buffer, &size);
-+ if (str[size - 1] != '\n')
-+ continue;
-+ }
-+ }
-+ else {
-+ /* It is even trickier. We got an error from read. We have
-+ to recover from it. Let's make sure the size of
-+ buffer is correct. It can be corrupted. */
-+ str = Tcl_GetString(esPtr->buffer);
-+ Tcl_SetObjLength(esPtr->buffer, strlen(str));
-+ }
-+
-+ break;
-+ }
-+
-+ return count;
-+}
-+
- /* returns # of bytes read or (non-positive) error of form EXP_XXX */
- /* returns 0 for end of file */
- /* If timeout is non-zero, set an alarm before doing the read, else assume */
-@@ -1632,6 +1711,8 @@
- {
- int cc = EXP_TIMEOUT;
- int size = expSizeGet(esPtr);
-+ int full_size;
-+ int count;
-
- if (size + TCL_UTF_MAX >= esPtr->msize)
- exp_buffer_shuffle(interp,esPtr,save_flags,EXPECT_OUT,"expect");
-@@ -1648,11 +1729,43 @@
- }
- #endif
-
--
-+ /* FIXME: If we ask less than what is available in the tcl buffer
-+ when tcl has seen EOF, we will throw away the remaining data
-+ since the next read will get EOF. Since expect is line-oriented,
-+ we exand our buffer to get EOF or the next newline at the end of
-+ the input buffer. I don't know if it is the right fix. H.J. */
-+ count = 0;
-+ full_size = esPtr->msize - (size / TCL_UTF_MAX);
- cc = Tcl_ReadChars(esPtr->channel,
-- esPtr->buffer,
-- esPtr->msize - (size / TCL_UTF_MAX),
-- 1 /* append */);
-+ esPtr->buffer,
-+ full_size,
-+ 1 /* append */);
-+ if (cc > 0) {
-+ count += cc;
-+ /* It gets very tricky. There are more to read. We will expand
-+ our buffer and get EOF or a newline at the end unless the
-+ buffer length has been changed. */
-+ if (cc == full_size) {
-+ char *str;
-+ str = Tcl_GetStringFromObj(esPtr->buffer, &size);
-+ if (str[size - 1] != '\n') {
-+ if (esPtr->umsize_changed) {
-+ char buf[20]; /* big enough for 64bit int in hex. */
-+ snprintf(buf,sizeof(buf),"0x%x", esPtr->umsize);
-+ expDiagLogU("WARNING: interact buffer is not large enough to hold\r\n");
-+ expDiagLogU("all output. probably your program is not interactive or\r\n");
-+ expDiagLogU("has a very long output line. The current limit is ");
-+ expDiagLogU(buf);
-+ expDiagLogU(".\r\n");
-+ }
-+ else {
-+ cc = expReadNewLine(interp,esPtr,save_flags);
-+ if (cc > 0)
-+ count += cc;
-+ }
-+ }
-+ }
-+ }
- i_read_errno = errno;
-
- #ifdef SIMPLE_EVENT
-@@ -1673,7 +1786,7 @@
- }
- }
- #endif
-- return cc;
-+ return count > 0 ? count : cc;
- }
-
- /*
-@@ -2746,8 +2859,14 @@
- return(TCL_ERROR);
- }
-
-- if (Default) exp_default_match_max = size;
-- else esPtr->umsize = size;
-+ if (Default) {
-+ exp_default_match_max = size;
-+ exp_default_match_max_changed = 1;
-+ }
-+ else {
-+ esPtr->umsize = size;
-+ esPtr->umsize_changed = 1;
-+ }
-
- return(TCL_OK);
- }
+++ /dev/null
-Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
-Date: 2008-09-28
-Initial Package Version: 5.43
-Upstream status: Not Submitted
-Origin: LFS ticket 2126 (http://wiki.linuxfromscratch.org/lfs/ticket/2126)
- Bryan Kadzban <bryan@kadzban.is-a-geek.net>
-Description: Removes references to functions that Tcl 8.5 no longer exposes
- and correct other minor build problems WRT TCL-8.5.x.
-
-diff -Naur expect-5.43-orig/Dbg.c expect-5.43/Dbg.c
---- expect-5.43-orig/Dbg.c 2002-03-22 22:11:54.000000000 -0600
-+++ expect-5.43/Dbg.c 2008-08-24 01:30:15.000000000 -0500
-@@ -9,7 +9,7 @@
- */
-
- #include <stdio.h>
--
-+#include "expect_cf.h"
- #include "tcldbgcf.h"
- #if 0
- /* tclInt.h drags in stdlib. By claiming no-stdlib, force it to drag in */
-diff -Naur expect-5.43-orig/exp_inter.c expect-5.43/exp_inter.c
---- expect-5.43-orig/exp_inter.c 2004-08-17 21:03:00.000000000 -0500
-+++ expect-5.43/exp_inter.c 2008-08-24 01:28:59.000000000 -0500
-@@ -36,6 +36,7 @@
- #include <ctype.h>
-
- #include "tcl.h"
-+#include "tclInt.h"
- #include "string.h"
-
- #include "exp_tty_in.h"
-diff -Naur expect-5.43/exp_command.c expect-5.43-patched/exp_command.c
---- expect-5.43/exp_command.c 2004-08-20 13:18:01.000000000 -0400
-+++ expect-5.43-patched/exp_command.c 2008-01-12 11:42:45.000000000 -0500
-@@ -2265,6 +2265,8 @@
- /*NOTREACHED*/
- }
-
-+static struct exp_cmd_data cmd_data[];
-+
- /*ARGSUSED*/
- static int
- Exp_CloseObjCmd(clientData, interp, objc, objv)
-@@ -2311,12 +2313,23 @@
- /* Historical note: we used "close" long before there was a */
- /* Tcl builtin by the same name. */
-
-+ /* The code that registered this function as the handler for */
-+ /* the "close" command stored away the old handler in the */
-+ /* exp_cmd_data for the "close" command. */
-+
-+ struct exp_cmd_data *cmd_ptr;
- Tcl_CmdInfo info;
-+
-+ for(cmd_ptr = &cmd_data[0]; cmd_ptr->name; cmd_ptr++) {
-+ if(strncmp(cmd_ptr->name, "close", 5) == 0)
-+ break;
-+ }
-+
- Tcl_ResetResult(interp);
- if (0 == Tcl_GetCommandInfo(interp,"close",&info)) {
- info.clientData = 0;
- }
-- return(Tcl_CloseObjCmd(info.clientData,interp,objc_orig,objv_orig));
-+ return(cmd_ptr->old_objProc(info.clientData,interp,objc_orig,objv_orig));
- }
-
- if (chanName) {
-@@ -2961,7 +2974,10 @@
- /* if successful (i.e., TCL_RETURN is returned) */
- /* modify the result, so that we will handle it specially */
-
-- int result = Tcl_ReturnObjCmd(clientData,interp,objc,objv);
-+ Tcl_CmdInfo info;
-+ Tcl_GetCommandInfo(interp, "return", &info);
-+
-+ int result = info.objProc(clientData,interp,objc,objv);
- if (result == TCL_RETURN)
- result = EXP_TCL_RETURN;
- return result;
-@@ -3062,8 +3078,7 @@
-
- for (;c->name;c++) {
- /* if already defined, don't redefine */
-- if ((c->flags & EXP_REDEFINE) ||
-- !(Tcl_FindHashEntry(&globalNsPtr->cmdTable,c->name) ||
-+ if (!(Tcl_FindHashEntry(&globalNsPtr->cmdTable,c->name) ||
- Tcl_FindHashEntry(&currNsPtr->cmdTable,c->name))) {
- if (c->objproc)
- Tcl_CreateObjCommand(interp,c->name,
-@@ -3072,6 +3087,21 @@
- Tcl_CreateCommand(interp,c->name,c->proc,
- c->data,exp_deleteProc);
- }
-+ else if (c->flags & EXP_REDEFINE) { /* unless the REDEFINE flag is present */
-+ Tcl_CmdInfo info;
-+
-+ if (Tcl_GetCommandInfo(interp, c->name, &info)) {
-+ c->old_proc = info.proc;
-+ c->old_objProc = info.objProc;
-+ }
-+
-+ if (c->objproc)
-+ Tcl_CreateObjCommand(interp,c->name,
-+ c->objproc,c->data,exp_deleteObjProc);
-+ else
-+ Tcl_CreateCommand(interp,c->name,c->proc,
-+ c->data,exp_deleteProc);
-+ }
- if (!(c->name[0] == 'e' &&
- c->name[1] == 'x' &&
- c->name[2] == 'p')
-diff -Naur expect-5.43/exp_command.h expect-5.43-patched/exp_command.h
---- expect-5.43/exp_command.h 2008-01-12 11:44:11.000000000 -0500
-+++ expect-5.43-patched/exp_command.h 2008-01-12 11:26:05.000000000 -0500
-@@ -297,6 +297,8 @@
- Tcl_CmdProc *proc;
- ClientData data;
- int flags;
-+ Tcl_CmdProc *old_proc; /* these store the procedure for the old command, */
-+ Tcl_ObjCmdProc *old_objProc; /* if any */
- };
-
- EXTERN void exp_create_commands _ANSI_ARGS_((Tcl_Interp *,
--- /dev/null
+diff -up expect5.45/example/passmass.orig expect5.45/example/passmass
+--- expect5.45/example/passmass.orig 2011-07-27 16:09:31.013843393 +0200
++++ expect5.45/example/passmass 2011-07-27 16:10:55.667843578 +0200
+@@ -107,6 +107,10 @@ for {set i 0} {$i<$argc} {incr i} {
+ set login "ssh"
+ continue
+ } "-telnet" {
++ if {[file executable /usr/bin/telnet] == 0} {
++ send_user "It seems that telnet is not installed. Please install telnet in order to use the script with this option.\n"
++ exit 1
++ }
+ set login "telnet"
+ continue
+ } "-program" {
+diff -up expect5.45/example/weather.orig expect5.45/example/weather
+--- expect5.45/example/weather.orig 2011-07-27 15:49:57.878843862 +0200
++++ expect5.45/example/weather 2011-07-27 16:08:48.067843491 +0200
+@@ -33,6 +33,11 @@ set timeout 60
+
+ set env(TERM) vt100 ;# actual value doesn't matter, just has to be set
+
++if {[file executable /usr/bin/telnet] == 0} {
++ send_user "It seems that telnet is not installed. Please install telnet in order to use this script.\n"
++ exit 1
++}
++
+ spawn telnet rainmaker.wunderground.com 3000
+ while {1} {
+ expect timeout {
--- /dev/null
+diff -up expect5.45/expect.man.orig expect5.45/expect.man
+--- expect5.45/expect.man.orig 2011-09-06 13:15:57.081827720 +0200
++++ expect5.45/expect.man 2011-09-06 13:16:19.463826364 +0200
+@@ -173,7 +173,8 @@ way, use the
+ .B \-b
+ flag.
+ (When using Expectk, this option is specified as
+-.BR \-buffer .) Note that stdio-buffering may still take place however this shouldn't cause problems when reading from a fifo or stdin.
++.BR \-buffer .)
++Note that stdio-buffering may still take place however this shouldn't cause problems when reading from a fifo or stdin.
+ .PP
+ If the string "\-" is supplied as a filename, standard input is read instead.
+ (Use "./\-" to read from a file actually named "\-".)
--- /dev/null
+diff -up expect5.45/expect.c.orig expect5.45/expect.c
+--- expect5.45/expect.c.orig 2012-02-06 14:15:13.469490744 +0100
++++ expect5.45/expect.c 2012-02-06 14:16:23.596837896 +0100
+@@ -2363,7 +2363,12 @@ expMatchProcess(
+
+ /* "!e" means no case matched - transfer by default */
+ if (!e || e->transfer) {
+- int remainder = numchars-match;
++ int remainder;
++ if (match > numchars) {
++ match = numchars;
++ eo->matchlen = match;
++ }
++ remainder = numchars-match;
+ /* delete matched chars from input buffer */
+ esPtr->printed -= match;
+ if (numchars != 0) {
--- /dev/null
+diff -up expect5.45/example/mkpasswd.orig expect5.45/example/mkpasswd
+--- expect5.45/example/mkpasswd.orig 2011-03-16 13:23:23.125480017 +0100
++++ expect5.45/example/mkpasswd 2011-03-16 13:24:08.739353139 +0100
+@@ -202,7 +202,8 @@ if {[info exists user]} {
+ expect {
+ "assword*:" {
+ # some systems say "Password (again):"
+- send "$password\r"
++ send -- "$password\r"
++ # "--" because of passwords beginning with dash
+ exp_continue
+ }
+ }
--- /dev/null
+diff -up expect5.45/example/passmass.orig expect5.45/example/passmass
+--- expect5.45/example/passmass.orig 2011-09-06 13:04:41.439875491 +0200
++++ expect5.45/example/passmass 2011-09-06 13:04:54.663874571 +0200
+@@ -178,7 +178,7 @@ for {set i 0} {$i<$argc} {incr i} {
+ }
+
+ if ($su) {
+- send "su -\r"
++ send "/bin/su -\r"
+ expect -nocase "password:"
+ send "$password(old)\r"
+ expect "# "
name = ghostscript
version = 9.05
-release = 1
+release = 2
groups = Applications/Printing
url = http://ghostscript.com
requires
cups-devel
dbus-devel
+ expat-devel
glib2-devel
+ libidn-devel
libjpeg-devel
+ libpng-devel
libtiff-devel
libtool
libxml2-devel
name = glibc
version = 2.15
-release = 1
+release = 2
thisapp = %{name}-2.15-a316c1f
maintainer = Michael Tremer <michael.tremer@ipfire.org>
OPTIMIZED_KERNEL = 2.6.32
requires
- #audit-devel
+ audit-devel
autoconf
automake
- #gettext
+ gettext
kernel-headers>=%{OPTIMIZED_KERNEL}
libcap-devel
libselinux-devel
- #nss-devel
+ nss-devel
texinfo
end
--enable-kernel=%{OPTIMIZED_KERNEL} \
--with-selinux \
--disable-werror \
- --enable-bind-now
-# --enable-nss-crypt
+ --enable-bind-now \
+ --enable-nss-crypt
if "%{DISTRO_ARCH}" == "armv5tel"
# Disable hardware FP for ARM.
name = hdparm
version = 9.38
-release = 1
+release = 2
groups = Applications/Hardware
url = http://sourceforge.net/projects/hdparm/
build
build
- cd %{DIR_APP} && CFLAGS="%{CFLAGS}" make %{PARALELLIAMFLAGS} LDFLAGS=
+ CFLAGS="%{CFLAGS}" make %{PARALELLIAMFLAGS} \
+ STRIP=/bin/true LDFLAGS=
end
install
###############################################################################
name = htop
-version = 1.0
-release = 2
+version = 1.0.1
+release = 1
groups = Applications/System
url = http://htop.sourceforge.net/
summary = Interactive process viewer.
description
- htop is an interactive text-mode process viewer for Linux, similar to \
+ htop is an interactive text-mode process viewer for Linux, similar to
top(1).
end
--- /dev/null
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info@ipfire.org> #
+###############################################################################
+
+name = ipfire-logos
+version = 1
+release = 1
+arch = noarch
+
+maintainer = Michael Tremer <michael.tremer@ipfire.org>
+groups = Base System/Base
+url = http://www.ipfire.org
+license =
+summary = IPFire logos and images.
+
+description
+ This package contains several logos, fonts and artwork of the
+ IPFire distribution.
+end
+
+source_dl = http://source.ipfire.org/releases/%{name}/
+
+build
+ requires
+ ImageMagick
+ ghostscript
+ end
+end
+
+packages
+ package %{name}
+ provides = system-logos
+ end
+end
name = kmod
version = 5
-release = 1
+release = 2
+maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups = System/Kernel
url = http://modules.wiki.kernel.org/
license = GPLv2+
build
requires
- chrpath
xz-devel
zlib-devel
end
# The testsuite does generate lots of errors.
install_cmds
- # Remove RPATH from /bin/kmod
- chrpath --delete %{BUILDROOT}/bin/kmod
-
# Remove all man pages (because there are not corresponding
# binaries, yet).
rm -rvf %{BUILDROOT}%{mandir}
mkdir -pv %{BUILDROOT}/lib/modprobe.d
mkdir -pv %{BUILDROOT}%{sysconfdir}/modprobe.d
mkdir -pv %{BUILDROOT}%{sysconfdir}/depmod.d
+
+ mkdir -pv %{BUILDROOT}/sbin
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/modprobe
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/modinfo
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/insmod
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/rmmod
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/depmod
+ ln -svf ../bin/kmod %{BUILDROOT}/sbin/lsmod
+ ln -svf kmod %{BUILDROOT}/bin/lsmod
end
end
packages
package %{name}
+ provides = module-init-tools = 4.0-1
+ obsoletes = module-init-tools < 4.0-1
+ end
package %{name}-libs
template LIBS
###############################################################################
name = libvirt
-version = 0.9.6
-release = 2
+version = 0.9.9
+release = 1
maintainer = Ben Schweikert <ben.schweikert@ipfire.org>
groups = Applications/Virtualization
name = linux-firmware
version = 20110311
-release = 1
+release = 2
+arch = noarch
maintainer = Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
groups = System/Libraries
packages
package %{name}
- end
-
- package %{name}-debuginfo
- template DEBUGINFO
- end
end
+++ /dev/null
-# default modutils aliases
-alias binfmt-204 binfmt_aout
-alias binfmt-263 binfmt_aout
-alias binfmt-264 binfmt_aout
-alias binfmt-267 binfmt_aout
-alias binfmt-387 binfmt_aout
-alias block-major-1-* rd
-alias block-major-3-* ide-probe-mod
-alias block-major-8-* sd_mod
-alias block-major-9-* md
-alias block-major-11-* sr_mod
-alias block-major-13-* xd
-alias block-major-15-* cdu31a
-alias block-major-16-* gscd
-alias block-major-17-* optcd
-alias block-major-18-* sjcd
-alias block-major-20-* mcdx
-alias block-major-22-* ide-probe-mod
-alias block-major-23-* mcd
-alias block-major-24-* sonycd535
-alias block-major-25-* sbpcd
-alias block-major-26-* sbpcd
-alias block-major-27-* sbpcd
-alias block-major-29-* aztcd
-alias block-major-32-* cm206
-alias block-major-33-* ide-probe-mod
-alias block-major-34-* ide-probe-mod
-alias block-major-37-* ide-tape
-alias block-major-44-* ftl
-alias block-major-46-* pcd
-alias block-major-47-* pf
-alias block-major-56-* ide-probe-mod
-alias block-major-57-* ide-probe-mod
-alias block-major-88-* ide-probe-mod
-alias block-major-89-* ide-probe-mod
-alias block-major-90-* ide-probe-mod
-alias block-major-91-* ide-probe-mod
-alias block-major-93-* nftl
-alias block-major-113-* viocd
-alias char-major-4-* serial
-alias char-major-5-* serial
-alias char-major-9-* st
-alias char-major-10-2 msbusmouse
-alias char-major-10-3 atixlmouse
-alias char-major-10-135 rtc
-alias char-major-10-139 openprom
-alias char-major-10-157 applicom
-alias char-major-10-175 agpgart
-alias char-major-10-250 hci_vhci
-alias char-major-13-* input
-alias char-major-13-0 joydev
-alias char-major-13-32 mousedev
-alias char-major-19-* cyclades
-alias char-major-20-* cyclades
-alias char-major-22-* pcxx
-alias char-major-23-* pcxx
-alias char-major-27-* zftape
-alias char-major-34-* scc
-alias char-major-35-* tclmidi
-alias char-major-36-* netlink
-alias char-major-48-* riscom8
-alias char-major-49-* riscom8
-alias char-major-57-* esp
-alias char-major-58-* esp
-alias char-major-63-* kdebug
-alias char-major-90-* mtdchar
-alias char-major-96-* pt
-alias char-major-97-* pg
-alias char-major-107-* 3dfx
-alias char-major-109-* lvm-mod
-alias char-major-188-* usbserial
-alias char-major-200-* vxspec
-alias char-major-206-* osst
-alias char-major-216-* rfcomm
-alias dos msdos
-alias dummy0 dummy
-alias dummy1 dummy
-alias iso9660 isofs
-alias net-pf-1 unix
-alias net-pf-2 ipv4
-alias net-pf-17 af_packet
-alias netalias-2 ip_alias
-alias irlan0 irlan
-alias irda-dongle-0 tekram
-alias irda-dongle-1 esi
-alias irda-dongle-2 actisys
-alias irda-dongle-3 actisys
-alias irda-dongle-4 girbil
-alias irda-dongle-5 litelink
-alias irda-dongle-6 airport
-alias irda-dongle-7 old_belkin
-alias plip0 plip
-alias plip1 plip
-alias tunl0 ipip
-alias cipcb0 cipcb
-alias cipcb1 cipcb
-alias cipcb2 cipcb
-alias cipcb3 cipcb
-alias slip0 slip
-alias slip1 slip
-alias tty-ldisc-1 slip
-alias tty-ldisc-3 ppp_async
-alias tty-ldisc-11 irtty-sir
-alias tty-ldisc-14 ppp_synctty
-alias tty-ldisc-15 hci_uart
-alias ppp-compress-18 ppp_mppe
-install ppp-compress-21 /bin/true
-alias ppp-compress-24 ppp_deflate
-alias ppp-compress-26 ppp_deflate
-alias parport_lowlevel parport_pc
-alias usbdevfs usbcore
-alias xfrm-type-2-50 esp4
-alias xfrm-type-2-51 ah4
-alias xfrm-type-2-108 ipcomp
-alias xfrm-type-10-50 esp6
-alias xfrm-type-10-51 ah6
-alias xfrm-type-10-108 ipcomp6
-alias cipher_null crypto_null
-alias digest_null crypto_null
-alias compress_null crypto_null
-alias sha384 sha512
-install binfmt-0000 /bin/true
-install binfmt_misc /sbin/modprobe --first-time --ignore-install binfmt_misc && { /bin/mount -t binfmt_misc none /proc/sys/fs/binfmt_misc > /dev/null 2>&1 || :; }
-install nfsd /sbin/modprobe --first-time --ignore-install nfsd && { /bin/mount -t nfsd nfsd /proc/fs/nfsd > /dev/null 2>&1 || :; }
-install sunrpc /sbin/modprobe --first-time --ignore-install sunrpc && { /bin/mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs > /dev/null 2>&1 || :; }
-install char-major-10 /bin/true
-install char-major-10-1 /bin/true
-install dummy0 /sbin/modprobe -o dummy0 --ignore-install dummy
-install dummy1 /sbin/modprobe -o dummy1 --ignore-install dummy
-install net-pf-19 /bin/true
-install net-pf-3 /bin/true
-install net-pf-6 /bin/true
-install ov518_decomp { /sbin/modprobe ov511; } ; /sbin/modprobe --first-time --ignore-install ov518_decomp
-install scsi_hostadapter /bin/true
-install usbmouse /sbin/modprobe --first-time --ignore-install usbmouse && { /sbin/modprobe hid; /bin/true; }
-remove binfmt_misc { /bin/umount /proc/sys/fs/binfmt_misc > /dev/null 2>&1 || :; } ; /sbin/modprobe -r --first-time --ignore-remove binfmt_misc
-remove ov518_decomp /sbin/modprobe -r --first-time --ignore-remove ov518_decomp && { /sbin/modprobe -r ov511; /bin/true; }
-remove usbmouse { /sbin/modprobe -r hid; } ; /sbin/modprobe -r --first-time --ignore-remove usbmouse
-remove sunrpc { /bin/umount /var/lib/nfs/rpc_pipefs > /dev/null 2>&1 || :; } ; /sbin/modprobe -r --ignore-remove sunrpc
-remove nfsd { /bin/umount /proc/fs/nfsd > /dev/null 2>&1 || :; } ; /sbin/modprobe -r --first-time --ignore-remove nfsd
-
-
-alias usb-uhci uhci-hcd
-alias usb-ohci ohci-hcd
-alias uhci uhci-hcd
-
-alias char-major-116-* snd
-alias sound-service-*-0 snd-mixer-oss
-alias sound-service-*-1 snd-seq-oss
-alias sound-service-*-3 snd-pcm-oss
-alias sound-service-*-8 snd-seq-oss
-alias sound-service-*-12 snd-pcm-oss
-
-install sound-slot-* /sbin/modprobe snd-card-${MODPROBE_MODULE##sound[_-]slot[_-]}
-
-install snd-pcm /sbin/modprobe --ignore-install snd-pcm && /sbin/modprobe snd-pcm-oss && /sbin/modprobe snd-seq-device && /sbin/modprobe snd-seq-oss
-
-alias nfs4 nfs
-alias rpc_pipefs sunrpc
-alias rpc_svc_gss_pipefs sunrpc
-
-install eth1394 /bin/true
-
-install snd-emu10k1 /sbin/modprobe --ignore-install snd-emu10k1 && /sbin/modprobe snd-emu10k1-synth
-
-alias gre0 ip_gre
-alias char-major-89-* i2c-dev
+++ /dev/null
-###############################################################################
-# IPFire.org - An Open Source Firewall Solution #
-# Copyright (C) - IPFire Development Team <info@ipfire.org> #
-###############################################################################
-
-name = module-init-tools
-version = 3.16
-release = 3
-
-groups = System/Base
-url = http://ftp.kernel.org/pub/linux/utils/kernel/module-init-tools/
-license = GPLv2+
-summary = Kernel module management utilities.
-
-description
- The module-init-tools package includes various programs needed
- for automatic loading and unloading of modules under 2.6 and
- later kernels, as well as other module management programs.
- Device drivers and filesystems are two examples of loaded and
- unloaded modules.
-end
-
-source_dl = http://ftp.kernel.org/pub/linux/utils/kernel/module-init-tools/
-
-build
- requires
- docbook-utils
- zlib-devel
- end
-
- CFLAGS += -DCONFIG_NO_BACKWARDS_COMPAT=1
-
- configure_options += \
- --bindir=/bin \
- --sbindir=/sbin \
- --mandir=/usr/share/man \
- --enable-zlib-dynamic \
- --disable-static-utils
-
- install_cmds
- mkdir -pv %{BUILDROOT}/etc/modprobe.d
- cp -av %{DIR_SOURCE}/modprobe.d/* %{BUILDROOT}/etc/modprobe.d/
- end
-end
-
-packages
- package %{name}
-
- package %{name}-debuginfo
- template DEBUGINFO
- end
-end
+++ /dev/null
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
- cat <<EOF
-Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
-Options:
- [--prefix[=DIR]]
- [--exec-prefix[=DIR]]
- [--includedir[=DIR]]
- [--libdir[=DIR]]
- [--version]
- [--libs]
- [--cflags]
-Dynamic Libraries:
- softokn3 - Requires full dynamic linking
- freebl3 - for internal use only (and glibc for self-integrity check)
- nssdbm3 - for internal use only
-Dymamically linked
-EOF
- exit $1
-}
-
-if test $# -eq 0; then
- usage 1 1>&2
-fi
-
-while test $# -gt 0; do
- case "$1" in
- -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
- *) optarg= ;;
- esac
-
- case $1 in
- --prefix=*)
- prefix=$optarg
- ;;
- --prefix)
- echo_prefix=yes
- ;;
- --exec-prefix=*)
- exec_prefix=$optarg
- ;;
- --exec-prefix)
- echo_exec_prefix=yes
- ;;
- --includedir=*)
- includedir=$optarg
- ;;
- --includedir)
- echo_includedir=yes
- ;;
- --libdir=*)
- libdir=$optarg
- ;;
- --libdir)
- echo_libdir=yes
- ;;
- --version)
- echo ${major_version}.${minor_version}.${patch_version}
- ;;
- --cflags)
- echo_cflags=yes
- ;;
- --libs)
- echo_libs=yes
- ;;
- *)
- usage 1 1>&2
- ;;
- esac
- shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
- exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
-fi
-if test -z "$includedir"; then
- includedir=`pkg-config --variable=includedir nss-softokn`
-fi
-if test -z "$libdir"; then
- libdir=`pkg-config --variable=libdir nss-softokn`
-fi
-
-if test "$echo_prefix" = "yes"; then
- echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
- echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
- echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
- echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
- echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
- libdirs="-Wl,-rpath-link,$libdir -L$libdir"
- echo $libdirs
-fi
-
+++ /dev/null
-###############################################################################
-# IPFire.org - An Open Source Firewall Solution #
-# Copyright (C) - IPFire Development Team <info@ipfire.org> #
-###############################################################################
-
-name = nss-softokn
-version = 3.12.8
-release = 2
-
-groups = System/Libraries
-url = http://www.mozilla.org/projects/security/pki/nss/
-license = MPLv1.1 or GPLv2+ or LGPLv2+
-summary = Network Security Services Softoken Module.
-
-description
- Network Security Services Softoken Cryptographic Module.
-end
-
-source_dl =
-sources = %{thisapp}-stripped.tar.bz2
-
-build
- requires
- nspr-devel
- nss-util-devel
- perl
- pkg-config
- psmisc
- sqlite-devel
- zlib-devel
- end
-
- ## Define some global environment variables
- export FREEBL_NO_DEPEND=1
- export FREEBL_USE_PRELINK=1
-
- # Enable compiler optimizations and disable debugging code
- export BUILD_OPT=1
- export XCFLAGS=%{CFLAGS}
-
- export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
- export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-
- export NSPR_INCLUDE_DIR=/usr/include/nspr4
- export NSPR_LIB_DIR=%{libdir}
-
- export NSS_INCLUDE_DIR=/usr/include/nss3
- export NSS_LIB_DIR=%{libdir}
-
- export NSS_USE_SYSTEM_SQLITE=1
-
- if "%{DISTRO_ARCH}" == "x86_64"
- export USE_64=1
- end
-
- build
- make -C ./mozilla/security/coreconf
- make -C ./mozilla/security/dbm
- make -C ./mozilla/security/nss
- end
-
- install
- mkdir -pv %{BUILDROOT}/%{lib}
- mkdir -pv %{BUILDROOT}/usr/include/nss3
- mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}}
- mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
- mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools
-
- install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \
- %{BUILDROOT}%{libdir}
- install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \
- %{BUILDROOT}%{libdir}
- install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \
- %{BUILDROOT}/%{lib}
- ln -svf ../../%{lib}/libfreebl3.so %{BUILDROOT}%{libdir}/libfreebl3.so
-
- # Copy the binaries we ship as unsupported
- install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign \
- %{BUILDROOT}%{libdir}/nss/unsupported-tools
-
- sed -e "s,@libdir@,%{libdir},g" \
- -e "s,@prefix@,/usr,g" \
- -e "s,@exec_prefix@,/usr,g" \
- -e "s,@includedir@,/usr/include/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMAJOR" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
- -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMINOR" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
- -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*SOFTOKEN_VPATCH" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
- < %{DIR_SOURCE}/nss-softokn-config.in \
- > %{BUILDROOT}/usr/bin/nss-softokn-config
- chmod -v 755 %{BUILDROOT}/usr/bin/nss-softokn-config
-
- # XXX need to fix this
- sed \
- -e "s,%libdir%,%{libdir},g" \
- -e "s,%prefix%,/usr,g" \
- -e "s,%exec_prefix%,/usr,g" \
- -e "s,%includedir%,/usr/include/nss3,g" \
- -e "s,%NSS_VERSION%,%{version},g" \
- -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \
- -e "s,%NSSUTIL_VERSION%,$$(nss-util-config --version),g" \
- -e "s,%SOFTOKEN_VERSION%,%{version},g" \
- < %{DIR_SOURCE}/nss-softokn.pc.in \
- > %{BUILDROOT}%{libdir}/pkgconfig/nss-softokn.pc
-
- # Copy the include files we want
- cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3
- cp -vf mozilla/dist/private/nss/blapi.h \
- %{BUILDROOT}/usr/include/nss3
- chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h
- end
-end
-
-packages
- package %{name}
-
- package %{name}-devel
- template DEVEL
-
- requires
- nss-util-devel
- end
-
- # Mozilla does no versioning :(
- files
- /usr/bin/*-config
- /usr/include
- %{libdir}/libfreebl3.so
- %{libdir}/pkgconfig
- end
- end
-
- package %{name}-debuginfo
- template DEBUGINFO
- end
-end
+++ /dev/null
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS-SOFTOKN
-Description: Network Security Services Softoken PKCS #11 Module
-Version: %SOFTOKEN_VERSION%
-Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
-Libs: -lfreebl3 -lnssdbm3 -lsoftokn3
-Cflags: -I${includedir}
+++ /dev/null
-%global nspr_version 4.8.6
-%global nss_name nss
-%global nss_util_version 3.12.8
-%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
-%global saved_files_dir %{_libdir}/nss/saved
-
-# Produce .chk files for the final stripped binaries
-%define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
-%{nil}
-
-Summary: Network Security Services Softoken Module
-Name: nss-softokn
-Version: 3.12.8
-Release: 2%{?dist}
-License: MPLv1.1 or GPLv2+ or LGPLv2+
-URL: http://www.mozilla.org/projects/security/pki/nss/
-Group: System Environment/Libraries
-Requires: nspr >= %{nspr_version}
-Requires: nss-util >= %{nss_util_version}
-Requires: nss-softokn-freebl%{_isa} >= %{version}
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: nspr-devel >= %{nspr_version}
-BuildRequires: nss-util-devel >= %{nss_util_version}
-BuildRequires: sqlite-devel
-BuildRequires: zlib-devel
-BuildRequires: pkgconfig
-BuildRequires: gawk
-BuildRequires: psmisc
-BuildRequires: perl
-
-Source0: %{name}-%{version}-stripped.tar.bz2
-# The nss-softokn tar ball is a subset of nss-{version}-stripped.tar.bz2,
-# Therefore we use the nss-split-softokn.sh script to keep only what we need.
-# Download the nss tarball via git from the nss propect and follow these
-# steps to make the tarball for nss-util out of the one for nss:
-# fedpkg clone nss
-# fedpkg clone nss-softokn
-# cd nss-softokn
-# cp ../../nss/devel/${version}-stripped.tar.bz2 .
-# sh ./nss-split-softokn.sh ${version}
-# A file named {name}-{version}-stripped.tar.bz2 should appear
-Source1: nss-split-softokn.sh
-Source2: nss-softokn.pc.in
-Source3: nss-softokn-config.in
-
-Patch2: nss-softokn-3.12.4-prelink.patch
-Patch3: nss-softokn-3.12.4-fips-fix.patch
-
-%description
-Network Security Services Softoken Cryptographic Module
-
-%package freebl
-Summary: Freebl library for the Network Security Services
-Group: System Environment/Base
-Conflicts: nss < 3.12.2.99.3-5
-Conflicts: prelink < 0.4.3
-
-%description freebl
-NSS Softoken Cryptographic Module Freelb Library
-
-Install the nss-softokn-freebl package if you need the freebl
-library.
-
-%package freebl-devel
-Summary: Header and Library files for doing development with the Freebl library for NSS
-Group: System Environment/Base
-Provides: nss-softokn-freebl-static = %{version}-%{release}
-Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
-
-%description freebl-devel
-NSS Softoken Cryptographic Module Freelb Library Development Tools
-
-%package devel
-Summary: Development libraries for Network Security Services
-Group: Development/Libraries
-Requires: nss-softokn%{?_isa} = %{version}-%{release}
-Requires: nspr-devel >= %{nspr_version}
-Requires: nss-util-devel >= %{nss_util_version}
-Requires: pkgconfig
-BuildRequires: nspr-devel >= %{nspr_version}
-BuildRequires: nss-util-devel >= %{nss_util_version}
-# require nss at least the version when we split via subpackages
-BuildRequires: nss-devel >= 3.12.2.99.3-11
-
-%description devel
-Header and Library files for doing development with Network Security Services.
-
-
-%prep
-%setup -q
-
-%patch2 -p0 -b .prelink
-%patch3 -p0 -b .fipsfix
-
-
-%build
-
-FREEBL_NO_DEPEND=1
-export FREEBL_NO_DEPEND
-
-FREEBL_USE_PRELINK=1
-export FREEBL_USE_PRELINK
-
-# Enable compiler optimizations and disable debugging code
-BUILD_OPT=1
-export BUILD_OPT
-
-# Generate symbolic info for debuggers
-XCFLAGS=$RPM_OPT_FLAGS
-export XCFLAGS
-
-PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
-PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-
-export PKG_CONFIG_ALLOW_SYSTEM_LIBS
-export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
-
-NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
-NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
-
-export NSPR_INCLUDE_DIR
-export NSPR_LIB_DIR
-
-NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
-NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'`
-
-export NSS_INCLUDE_DIR
-export NSS_LIB_DIR
-
-NSS_USE_SYSTEM_SQLITE=1
-export NSS_USE_SYSTEM_SQLITE
-
-%ifarch x86_64 ppc64 ia64 s390x sparc64
-USE_64=1
-export USE_64
-%endif
-
-# Compile softokn plus needed support
-%{__make} -C ./mozilla/security/coreconf
-%{__make} -C ./mozilla/security/dbm
-%{__make} -C ./mozilla/security/nss
-
-# Set up our package file
-# The nspr_version and nss_util_version globals used here
-# must match the ones nss-softokn has for its Requires.
-%{__mkdir_p} ./mozilla/dist/pkgconfig
-%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \
- -e "s,%%prefix%%,%{_prefix},g" \
- -e "s,%%exec_prefix%%,%{_prefix},g" \
- -e "s,%%includedir%%,%{_includedir}/nss3,g" \
- -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
- -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
- ./mozilla/dist/pkgconfig/nss-softokn.pc
-
-SOFTOKEN_VMAJOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
-SOFTOKEN_VMINOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
-SOFTOKEN_VPATCH=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
-
-export SOFTOKEN_VMAJOR
-export SOFTOKEN_VMINOR
-export SOFTOKEN_VPATCH
-
-%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
- -e "s,@prefix@,%{_prefix},g" \
- -e "s,@exec_prefix@,%{_prefix},g" \
- -e "s,@includedir@,%{_includedir}/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
- -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
- -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
- > ./mozilla/dist/pkgconfig/nss-softokn-config
-
-chmod 755 ./mozilla/dist/pkgconfig/nss-softokn-config
-
-
-# enable the following line to force a test failure
-# find ./mozilla -name \*.chk | xargs rm -f
-
-#
-# We can't run a subset of the tests because the tools have
-# dependencies on nss libraries outside of softokn.
-# Let's leave this as a place holder.
-#
-
-
-%install
-
-%{__rm} -rf $RPM_BUILD_ROOT
-
-# There is no make install target so we'll do it ourselves.
-
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_lib}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
-%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
-
-# Copy the binary libraries we want
-for file in libsoftokn3.so libnssdbm3.so
-do
- %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
-done
-
-# Because libcrypt depends on libfreebl3.so, it is special
-# so we install it in /lib{64}, keeping a symbolic link to it
-# back in /usr/lib{64} to keep everyone else working
-for file in libfreebl3.so
-do
- %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib}
- ln -sf ../../%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
-done
-
-# Make sure chk files can be found in both places
-for file in libfreebl3.chk
-do
- ln -s ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
-done
-
-# Copy the binaries we ship as unsupported
-for file in shlibsign
-do
- %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
-done
-
-# Copy the include files we want
-for file in mozilla/dist/public/nss/*.h
-do
- %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
-done
-
-# Copy a freebl include file we also want
-for file in mozilla/dist/private/nss/blapi.h
-do
- %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
-done
-
-# Copy the static freebl library
-for file in libfreebl.a
-do
-%{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
-done
-
-# Copy the package configuration files
-%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
-%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
-
-%clean
-%{__rm} -rf $RPM_BUILD_ROOT
-
-
-%post
-/sbin/ldconfig >/dev/null 2>/dev/null
-
-%postun
-/sbin/ldconfig >/dev/null 2>/dev/null
-
-%files
-%defattr(-,root,root)
-%{_libdir}/libnssdbm3.so
-%{_libdir}/libnssdbm3.chk
-%{_libdir}/libsoftokn3.so
-%{_libdir}/libsoftokn3.chk
-# shared with nss-tools
-%dir %{_libdir}/nss
-%dir %{saved_files_dir}
-%dir %{unsupported_tools_directory}
-%{unsupported_tools_directory}/shlibsign
-
-%files freebl
-%defattr(-,root,root)
-/%{_lib}/libfreebl3.so
-/%{_lib}/libfreebl3.chk
-# and these symbolic links
-%{_libdir}/libfreebl3.so
-%{_libdir}/libfreebl3.chk
-
-%files freebl-devel
-%defattr(-,root,root)
-%{_libdir}/libfreebl.a
-%{_includedir}/nss3/blapi.h
-
-%files devel
-%defattr(-,root,root)
-%{_libdir}/pkgconfig/nss-softokn.pc
-%{_bindir}/nss-softokn-config
-
-# co-owned with nss
-%dir %{_includedir}/nss3
-#
-# The following headers are those exported public in
-# mozilla/security/nss/lib/freebl/manifest.mn and
-# mozilla/security/nss/lib/softoken/manifest.mn
-#
-# The following list is short because many headers, such as
-# the pkcs #11 ones, have been provided by nss-util-devel
-# which installed them before us.
-#
-%{_includedir}/nss3/blapit.h
-%{_includedir}/nss3/ecl-exp.h
-%{_includedir}/nss3/hasht.h
-%{_includedir}/nss3/sechash.h
-%{_includedir}/nss3/nsslowhash.h
-%{_includedir}/nss3/secmodt.h
-%{_includedir}/nss3/shsign.h
-
-%changelog
-* Wed Sep 29 2010 jkeating - 3.12.8-2
-- Rebuilt for gcc bug 634757
-
-* Thu Sep 23 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-1
-- Update to 3.12.8
-- Adhere to static library packaging guidelines (#609613)
-- Fix nss-util-devel version dependency line
-- Shorten freebl and freebl subpackages descriptions
-
-* Sat Sep 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.99.4-1
-- NSS 3.12.8 RC0
-
-* Sat Sep 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7.99.3-2
-- Update the required version of nss-util to 3.12.7.99.3
-
-* Sat Sep 04 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7.99.3-1
-- NSS 3.12.8 Beta 3
-
-* Mon Aug 30 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-3
-- Update BuildRequires on nspr-devel and nss-util-devel
-
-* Sat Aug 29 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-2
-- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch
-- Fix rpmlint warnings about macros in comments and changelog
-
-* Mon Aug 16 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-1
-- Update to 3.12.7
-- Fix build files to ensure nsslowhash.h is included in public headers
-
-* Tue Jun 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-3
-- Retagging
-
-* Mon Jun 07 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-2
-- Bump NVR to be greater than those for nss-softokn subpackages in F11 (rhbz#601407)
-
-* Sun Jun 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-23
-- Bump release number
-
-* Fri Jun 04 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-22
-- Cleanup changelog comments to avoid unwanted macro expansions
-
-* Wed Jun 02 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-21
-- Retagging
-
-* Wed Jun 02 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-20
-- Add %%{?_isa} to the requires in the devel packages (#596840)
-- Fix typo in the package description (#598295)
-- Update nspr version to 4.8.4
-
-* Sat May 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-19
-- Consider the system as not fips enabled when /proc/sys/crypto/fips_enabled isn't present (rhbz#590199)
-
-* Sat May 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-18
-- Fix Conflicts line to prevent update when prelink is not yet the right version (rhbz#590199)
-
-* Mon Apr 19 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-17
-- Updated prelink patch rhbz#504949
-
-* Wed Apr 15 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-16
-- allow prelink of softoken and freebl. Change the verify code to use
- prelink -u if prelink is installed. Fix by Robert Relyea rhbz#504949
-
-* Mon Jan 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-15
-- Move libfreebl3.so and its .chk file to /lib{64} (rhbz#561544)
-
-* Mon Jan 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-13
-- Fix in nss-softokn-spec.in
-- Require nss-util >= 3.12.4
-
-* Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-12
-- Require nss-util 3.12.5
-
-* Fri Nov 20 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-11
-- export freebl devel tools (#538226)
-
-* Tue Sep 23 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-10
-- Fix paths in nss-softokn-prelink so signed libraries don't get touched, rhbz#524794
-
-* Thu Sep 17 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-9
-- Add nssdbm3.so to nss-softokn-prelink.conf, rhbz#524077
-
-* Thu Sep 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-8
-- Retagging for a chained build
-
-* Thu Sep 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-6
-- Don't list libraries in nss-softokn-config, dynamic linking required
-
-* Tue Sep 08 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-5
-- Installing shared libraries to %%{_libdir}
-
-* Sun Sep 06 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-4
-- Postuninstall scriptlet finishes quietly
-
-* Sat Sep 05 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-3
-- Remove symblic links to shared libraries from devel, rhbz#521155
-- Apply the nss-nolocalsql patch
-- No rpath-link in nss-softokn-config
-
-* Fri Sep 04 2009 serstring=Elio Maldonado<emaldona@redhat.cpm> - 3.12.4-2
-- Retagging to pick up the correct .cvsignore
-
-* Tue Sep 01 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-1
-- Update to 3.12.4
-- Fix logic on postun
-- Don't require sqlite
-
-* Mon Aug 31 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-24
-- Fixed test on %postun to avoid returning 1 when nss-softokn instances still remain
-
-* Sun Aug 30 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-23
-- Explicitly state via nss_util_version the nss-util version we require
-
-* Fri Aug 28 2009 Warren Togami <wtogami@redhat.com> - 3.12.3.99.3-22
-- caolan's nss-softokn.pc patch
-
-* Thu Aug 27 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-21
-- Bump the release number for a chained build of nss-util, nss-softokn and nss
-
-* Thu Aug 27 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-20
-- List freebl, nssdbm and softokn libraries in nss-softokn-config and nss-softokn.pc
-
-* Thu Aug 27 2009 Elio Maldonado@<emaldona@redhat.com> - 3.12.3.99.3-19
-- Determine NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR with a pkg-config query on nss-util
-- Remove the release 17 hack
-
-* Wed Aug 27 2009 Elio maldonado<emaldona@redhat.com> - 3.12.3.99.3-18
-- fix spurious executable permissions on nss-softokn.pc
-
-* Thu Aug 27 2009 Adel Gadllah <adel.gadllah@gmail.com> - 3.12.3.99.3-17
-- Add hack to fix build
-
-* Tue Aug 25 2009 Dennis Gilmore <dennis@ausil.us> - 3.12.3.99.3-16
-- only have a single Requires: line in the .pc file
-
-* Tue Aug 25 2009 Dennis Gilmore <dennis@ausil.us> - 3.12.3.99.3-12
-- bump to unique rpm nvr
-
-* Tue Aug 25 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-10
-- Build after nss with subpackages and new nss-util
-
-* Thu Aug 20 2009 Dennis Gilmore <dennis@ausil.us> 3.12.3.99.3-9
-- revert to shipping bits
-
-* Thu Aug 19 2009 Elio Maldonado <emaldona@redhat.com> 3.12.3.99.3-8.1
-- Disable installing until conflicts are relsoved
-
-* Thu Aug 19 2009 Elio Maldonado <emaldona@redhat.com> 3.12.3.99.3-8
-- Initial build
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips ./mozilla/security/nss/lib/freebl/nsslowhash.c
---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips 2010-09-04 20:23:14.764313661 -0700
-+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2010-09-04 20:25:52.622313780 -0700
-@@ -275,7 +275,7 @@ static int nsslow_GetFIPSEnabled(void) {
-
- f = fopen("/proc/sys/crypto/fips_enabled", "r");
- if (!f)
-- return 1;
-+ return 0;
-
- size = fread(&d, 1, 1, f);
- fclose(f);
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/freebl/Makefile.prelink ./mozilla/security/nss/lib/freebl/Makefile
---- ./mozilla/security/nss/lib/freebl/Makefile.prelink 2010-09-04 14:13:58.846327263 -0700
-+++ ./mozilla/security/nss/lib/freebl/Makefile 2010-09-04 14:15:11.544326993 -0700
-@@ -82,6 +82,12 @@ ifeq ($(FREEBL_NO_DEPEND),1)
- else
- MAPFILE_SOURCE = freebl.def
- endif
-+ifdef FREEBL_USE_PRELINK
-+ DEFINES += -DFREEBL_USE_PRELINK
-+endif
-+ifdef FREEBL_PRELINK_COMMAND
-+ DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
-+endif
- # NSS_X86 means the target is a 32-bits x86 CPU architecture
- # NSS_X64 means the target is a 64-bits x64 CPU architecture
- # NSS_X86_OR_X64 means the target is either x86 or x64
-diff -up ./mozilla/security/nss/lib/freebl/shvfy.c.prelink ./mozilla/security/nss/lib/freebl/shvfy.c
---- ./mozilla/security/nss/lib/freebl/shvfy.c.prelink 2010-09-04 14:16:01.518326988 -0700
-+++ ./mozilla/security/nss/lib/freebl/shvfy.c 2010-09-04 14:25:44.770326384 -0700
-@@ -48,6 +48,168 @@
- #include "stdio.h"
- #include "prmem.h"
-
-+#ifdef FREEBL_USE_PRELINK
-+#ifndef FREELB_PRELINK_COMMAND
-+#define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -"
-+#endif
-+#include "private/pprio.h"
-+
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <sys/wait.h>
-+#include <sys/stat.h>
-+
-+PRFileDesc *
-+bl_OpenUnPrelink(const char *shName, int *pid)
-+{
-+ char *command= strdup(FREEBL_PRELINK_COMMAND);
-+ char *argString = NULL;
-+ char **argv = NULL;
-+ char *shNameArg = NULL;
-+ char *cp;
-+ pid_t child;
-+ int argc = 0, argNext = 0;
-+ struct stat statBuf;
-+ int pipefd[2] = {-1,-1};
-+ int ret;
-+
-+ *pid = 0;
-+
-+ /* make sure the prelink command exists first. If not, fall back to
-+ * just reading the file */
-+ for (cp = command; *cp ; cp++) {
-+ if (*cp == ' ') {
-+ *cp++ = 0;
-+ argString = cp;
-+ break;
-+ }
-+ }
-+ memset (&statBuf, 0, sizeof(statBuf));
-+ /* stat the file, follow the link */
-+ ret = stat(command, &statBuf);
-+ if (ret < 0) {
-+ free(command);
-+ return PR_Open(shName, PR_RDONLY, 0);
-+ }
-+ /* file exits, make sure it's an executable */
-+ if (!S_ISREG(statBuf.st_mode) ||
-+ ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) {
-+ free(command);
-+ return PR_Open(shName, PR_RDONLY, 0);
-+ }
-+
-+ /* OK, the prelink command exists and looks correct, use it */
-+ /* build the arglist while we can still malloc */
-+ /* count the args if any */
-+ if (argString && *argString) {
-+ /* argString may have leading spaces, strip them off*/
-+ for (cp = argString; *cp && *cp == ' '; cp++);
-+ argString = cp;
-+ if (*cp) {
-+ /* there is at least one arg.. */
-+ argc = 1;
-+ }
-+
-+ /* count the rest: Note there is no provision for escaped
-+ * spaces here */
-+ for (cp = argString; *cp ; cp++) {
-+ if (*cp == ' ') {
-+ while (*cp && *cp == ' ') cp++;
-+ if (*cp) argc++;
-+ }
-+ }
-+ }
-+
-+ /* add the additional args: argv[0] (command), shName, NULL*/
-+ argc += 3;
-+ argv = PORT_NewArray(char *, argc);
-+ if (argv == NULL) {
-+ goto loser;
-+ }
-+
-+ /* fill in the arglist */
-+ argv[argNext++] = command;
-+ if (argString && *argString) {
-+ argv[argNext++] = argString;
-+ for (cp = argString; *cp; cp++) {
-+ if (*cp == ' ') {
-+ *cp++ = 0;
-+ while (*cp && *cp == ' ') cp++;
-+ if (*cp) argv[argNext++] = cp;
-+ }
-+ }
-+ }
-+ /* exec doesn't advertise taking const char **argv, do the paranoid
-+ * copy */
-+ shNameArg = strdup(shName);
-+ if (shNameArg == NULL) {
-+ goto loser;
-+ }
-+ argv[argNext++] = shNameArg;
-+ argv[argNext++] = 0;
-+
-+ ret = pipe(pipefd);
-+ if (ret < 0) {
-+ goto loser;
-+ }
-+
-+ /* use vfork() so we don't trigger the pthread_at_fork() handlers */
-+ child = vfork();
-+ if (child < 0) goto loser;
-+ if (child == 0) {
-+ /* set up the file descriptors */
-+ close(0);
-+ /* associate pipefd[1] with stdout */
-+ if (pipefd[1] != 1) dup2(pipefd[1], 1);
-+ close(2);
-+ close(pipefd[0]);
-+ /* should probably close the other file descriptors? */
-+
-+
-+ execv(command, argv);
-+ /* avoid at_exit() handlers */
-+ _exit(1); /* shouldn't reach here except on an error */
-+ }
-+ close(pipefd[1]);
-+ pipefd[1] = -1;
-+
-+ /* this is safe because either vfork() as full fork() semantics, and thus
-+ * already has it's own address space, or because vfork() has paused
-+ * the parent util the exec or exit */
-+ free(command);
-+ free(shNameArg);
-+ PORT_Free(argv);
-+
-+ *pid = child;
-+
-+ return PR_ImportPipe(pipefd[0]);
-+
-+loser:
-+ if (pipefd[0] != -1) {
-+ close(pipefd[0]);
-+ }
-+ if (pipefd[1] != -1) {
-+ close(pipefd[1]);
-+ }
-+ free(command);
-+ free(shNameArg);
-+ PORT_Free(argv);
-+
-+ return NULL;
-+}
-+
-+void
-+bl_CloseUnPrelink( PRFileDesc *file, int pid)
-+{
-+ /* close the file descriptor */
-+ PR_Close(file);
-+ /* reap the child */
-+ if (pid) {
-+ waitpid(pid, NULL, 0);
-+ }
-+}
-+#endif
-
- /* #define DEBUG_SHVERIFY 1 */
-
-@@ -117,6 +279,9 @@ BLAPI_SHVerify(const char *name, PRFuncP
- SECStatus rv;
- DSAPublicKey key;
- int count;
-+#ifdef FREEBL_USE_PRELINK
-+ int pid = 0;
-+#endif
-
- PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
-@@ -197,7 +362,11 @@ BLAPI_SHVerify(const char *name, PRFuncP
- checkFD = NULL;
-
- /* open our library file */
-+#ifdef FREEBL_USE_PRELINK
-+ shFD = bl_OpenUnPrelink(shName,&pid);
-+#else
- shFD = PR_Open(shName, PR_RDONLY, 0);
-+#endif
- if (shFD == NULL) {
- #ifdef DEBUG_SHVERIFY
- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
-@@ -218,7 +387,11 @@ BLAPI_SHVerify(const char *name, PRFuncP
- SHA1_Update(hashcx, buf, bytesRead);
- count += bytesRead;
- }
-+#ifdef FREEBL_USE_PRELINK
-+ bl_CloseUnPrelink(shFD, pid);
-+#else
- PR_Close(shFD);
-+#endif
- shFD = NULL;
-
- SHA1_End(hashcx, hash.data, &hash.len, hash.len);
-diff -up ./mozilla/security/nss/lib/freebl/stubs.c.prelink ./mozilla/security/nss/lib/freebl/stubs.c
---- ./mozilla/security/nss/lib/freebl/stubs.c.prelink 2010-09-04 14:26:27.454327120 -0700
-+++ ./mozilla/security/nss/lib/freebl/stubs.c 2010-09-04 14:31:56.778327428 -0700
-@@ -69,6 +69,7 @@
- #include <secport.h>
- #include <secitem.h>
- #include <blapi.h>
-+#include <private/pprio.h>
-
- #define FREEBL_NO_WEAK 1
-
-@@ -157,6 +158,8 @@ STUB_DECLARE(void,PR_Lock,(PRLock *lock)
- STUB_DECLARE(PRLock *,PR_NewLock,(void));
- STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags,
- PRIntn mode));
-+STUB_DECLARE(PRFileDesc *,PR_ImportFile,(PROsfd osfd));
-+STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd));
- STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
- STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
- PRSeekWhence whence));
-@@ -295,6 +298,34 @@ PR_Open_stub(const char *name, PRIntn fl
- return (PRFileDesc *)lfd;
- }
-
-+extern PRFileDesc *
-+PR_ImportFile_stub(PROsfd fd)
-+{
-+ int *lfd = NULL;
-+
-+ STUB_SAFE_CALL1(PR_ImportFile, fd);
-+
-+ lfd = PORT_New_stub(int);
-+ if (lfd != NULL) {
-+ *lfd = fd;
-+ }
-+ return (PRFileDesc *)lfd;
-+}
-+
-+extern PRFileDesc *
-+PR_ImportPipe_stub(PROsfd fd)
-+{
-+ int *lfd = NULL;
-+
-+ STUB_SAFE_CALL1(PR_ImportPipe, fd);
-+
-+ lfd = PORT_New_stub(int);
-+ if (lfd != NULL) {
-+ *lfd = fd;
-+ }
-+ return (PRFileDesc *)lfd;
-+}
-+
- extern PRStatus
- PR_Close_stub(PRFileDesc *fd)
- {
-@@ -492,6 +523,8 @@ freebl_InitNSPR(void *lib)
- {
- STUB_FETCH_FUNCTION(PR_Free);
- STUB_FETCH_FUNCTION(PR_Open);
-+ STUB_FETCH_FUNCTION(PR_ImportFile);
-+ STUB_FETCH_FUNCTION(PR_ImportPipe);
- STUB_FETCH_FUNCTION(PR_Close);
- STUB_FETCH_FUNCTION(PR_Read);
- STUB_FETCH_FUNCTION(PR_Seek);
-diff -up ./mozilla/security/nss/lib/freebl/stubs.h.prelink ./mozilla/security/nss/lib/freebl/stubs.h
---- ./mozilla/security/nss/lib/freebl/stubs.h.prelink 2010-09-04 14:26:41.822327256 -0700
-+++ ./mozilla/security/nss/lib/freebl/stubs.h 2010-09-04 14:32:53.498540767 -0700
-@@ -78,6 +78,8 @@
- #define PR_Lock PR_Lock_stub
- #define PR_NewLock PR_NewLock_stub
- #define PR_Open PR_Open_stub
-+#define PR_ImportFile PR_ImportFile_stub
-+#define PR_ImportPipe PR_ImportPipe_stub
- #define PR_Read PR_Read_stub
- #define PR_Seek PR_Seek_stub
- #define PR_Sleep PR_Sleep_stub
+++ /dev/null
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
- cat <<EOF
-Usage: nss-util-config [OPTIONS] [LIBRARIES]
-Options:
- [--prefix[=DIR]]
- [--exec-prefix[=DIR]]
- [--includedir[=DIR]]
- [--libdir[=DIR]]
- [--version]
- [--libs]
- [--cflags]
-Dynamic Libraries:
- nssutil
-EOF
- exit $1
-}
-
-if test $# -eq 0; then
- usage 1 1>&2
-fi
-
-lib_nssutil=yes
-
-while test $# -gt 0; do
- case "$1" in
- -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
- *) optarg= ;;
- esac
-
- case $1 in
- --prefix=*)
- prefix=$optarg
- ;;
- --prefix)
- echo_prefix=yes
- ;;
- --exec-prefix=*)
- exec_prefix=$optarg
- ;;
- --exec-prefix)
- echo_exec_prefix=yes
- ;;
- --includedir=*)
- includedir=$optarg
- ;;
- --includedir)
- echo_includedir=yes
- ;;
- --libdir=*)
- libdir=$optarg
- ;;
- --libdir)
- echo_libdir=yes
- ;;
- --version)
- echo ${major_version}.${minor_version}.${patch_version}
- ;;
- --cflags)
- echo_cflags=yes
- ;;
- --libs)
- echo_libs=yes
- ;;
- *)
- usage 1 1>&2
- ;;
- esac
- shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
- exec_prefix=`pkg-config --variable=exec_prefix nss-util`
-fi
-if test -z "$includedir"; then
- includedir=`pkg-config --variable=includedir nss-util`
-fi
-if test -z "$libdir"; then
- libdir=`pkg-config --variable=libdir nss-util`
-fi
-
-if test "$echo_prefix" = "yes"; then
- echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
- echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
- echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
- echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
- echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
- libdirs="-Wl,-rpath-link,$libdir -L$libdir"
- if test -n "$lib_nssutil"; then
- libdirs="$libdirs -lnssutil${major_version}"
- fi
- echo $libdirs
-fi
-
+++ /dev/null
-###############################################################################
-# IPFire.org - An Open Source Firewall Solution #
-# Copyright (C) - IPFire Development Team <info@ipfire.org> #
-###############################################################################
-
-name = nss-util
-version = 3.12.8
-release = 1
-
-groups = System/Libraries
-url = http://www.mozilla.org/projects/security/pki/nss/
-license = MPLv1.1 or GPLv2+ or LGPLv2+
-summary = Network Security Services Utilities Library.
-
-description
- Utilities for Network Security Services and the Softoken module.
-end
-
-source_dl =
-sources = %{thisapp}.tar.bz2
-
-build
- requires
- nspr-devel
- perl
- pkg-config
- psmisc
- zlib-devel
- end
-
- ## Define some global environment variables
- # Enable compiler optimizations and disable debugging code
- export BUILD_OPT=1
- export XCFLAGS=%{CFLAGS}
-
- export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
- export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-
- export NSPR_INCLUDE_DIR=/usr/include/nspr4
- export NSPR_LIB_DIR=%{libdir}
-
- export NSS_INCLUDE_DIR=/usr/include/nss3
- export NSS_LIB_DIR=%{libdir}
-
- export NSS_USE_SYSTEM_SQLITE=1
-
- if "%{DISTRO_ARCH}" == "x86_64"
- export USE_64=1
- end
-
- build
- make -C ./mozilla/security/coreconf
- make -C ./mozilla/security/nss
- end
-
- install
- mkdir -pv %{BUILDROOT}/usr/bin
- mkdir -pv %{BUILDROOT}/usr/include/nss3
- mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
-
- install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \
- %{BUILDROOT}%{libdir}
-
- sed -e "s,@libdir@,%{libdir},g" \
- -e "s,@prefix@,/usr,g" \
- -e "s,@exec_prefix@,/usr,g" \
- -e "s,@includedir@,/usr/include/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*NSSUTIL_VMAJOR" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \
- -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*NSSUTIL_VMINOR" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \
- -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*NSSUTIL_VPATCH" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \
- < %{DIR_SOURCE}/nss-util-config.in \
- > %{BUILDROOT}/usr/bin/nss-util-config
- chmod -v 755 %{BUILDROOT}/usr/bin/nss-util-config
-
- sed \
- -e "s,%libdir%,%{libdir},g" \
- -e "s,%prefix%,/usr,g" \
- -e "s,%exec_prefix%,/usr,g" \
- -e "s,%includedir%,/usr/include/nss3,g" \
- -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \
- -e "s,%NSSUTIL_VERSION%,%{name},g" \
- < %{DIR_SOURCE}/nss-util.pc.in \
- > %{BUILDROOT}%{libdir}/pkgconfig/nss-util.pc
-
- # The util headers, the rest come from softokn and nss
- cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3
- chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h
- end
-end
-
-packages
- package %{name}
-
- package %{name}-devel
- template DEVEL
-
- requires
- %{name}
- end
-
- # Mozilla does no versioning :(
- files
- /usr/bin/*-config
- /usr/include
- %{libdir}/pkgconfig
- end
- end
-
- package %{name}-debuginfo
- template DEBUGINFO
- end
-end
+++ /dev/null
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS-UTIL
-Description: Network Security Services Utility Library
-Version: %NSSUTIL_VERSION%
-Requires: nspr >= %NSPR_VERSION%
-Libs: -lnssutil3
-Cflags: -I${includedir}
###############################################################################
name = nss
-version = 3.12.8
-release = 4
+version = 3.13.1
+release = 2
groups = System/Libraries
url = http://www.mozilla.org/projects/security/pki/nss/
v3 certificates, and other security standards.
end
-source_dl =
-sources
- %{thisapp}-stripped.tar.bz2
+sources += \
%{name}-pem-20100809.tar.bz2
-end
build
requires
chrpath
nspr-devel
- nss-softokn-devel
- nss-util-devel
perl
pkg-config
psmisc
export BUILD_OPT=1
export XCFLAGS=%{CFLAGS}
+ # Allow the usage of system libraries.
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+ # Define where to find nspr header files and libraries.
export NSPR_INCLUDE_DIR=/usr/include/nspr4
export NSPR_LIB_DIR=%{libdir}
- export NSS_INCLUDE_DIR=/usr/include/nss3
- export NSS_LIB_DIR=%{libdir}
+ # Disable support for SHA224.
+ export NO_SHA224_AVAILABLE=1
+ # Use sqlite from system.
export NSS_USE_SYSTEM_SQLITE=1
if "%{DISTRO_ARCH}" == "x86_64"
end
prepare
- # Extract tarball
- cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}-stripped.tar.bz2
+ # Extract tarball.
+ cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
- # Extract tarball into nss directory.
+ # Extract pem tarball into nss directory.
cd %{DIR_APP} && %{MACRO_EXTRACT} %{DIR_DL}/%{name}-pem-20100809.tar.bz2
# Apply all patches
%{MACRO_PATCHES}
-
- cp -vf %{DIR_SOURCE}/PayPalEE.cert \
- %{DIR_APP}/mozilla/security/nss/tests/libpkix/certs
end
build
end
install
+ # We have to do the complete install stuff self.
+
+ # Create directory layout.
mkdir -pv %{BUILDROOT}/usr/include/nss3
mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}}
mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ # Install all libraries.
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnss3.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsssysinit.so \
%{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \
+ %{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsmime3.so \
%{BUILDROOT}%{libdir}
install -p -v -m 755 mozilla/dist/*.OBJ/lib/libssl3.so \
%{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \
+ %{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \
+ %{BUILDROOT}%{libdir}
+ install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \
+ %{BUILDROOT}/%{libdir}
# Install the empty NSS db files
mkdir -pv %{BUILDROOT}/etc/pki/nssdb
install -p -v -m 755 mozilla/dist/*.OBJ/bin/ocspclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/pp %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/selfserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/strsclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/symkeyutil %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/tstclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfyserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfychain %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ chrpath --delete %{BUILDROOT}%{libdir}/nss/unsupported-tools/*
sed -e "s,@libdir@,%{libdir},g" \
-e "s,@prefix@,/usr,g" \
install -p -v -m 755 %{DIR_SOURCE}/setup-nsssysinit.sh %{BUILDROOT}/usr/bin
- # Set up our package file
- # The nspr_version and nss_{util|softokn}_version globals used
- # here match the ones nss has for its Requires.
-
- # XXX need to fix this
+ # Generate file for pkg-config.
sed \
-e "s,%libdir%,%{libdir},g" \
-e "s,%prefix%,/usr,g" \
-e "s,%includedir%,/usr/include/nss3,g" \
-e "s,%NSS_VERSION%,%{version},g" \
-e "s,%NSPR_VERSION%,$(nspr-config --version),g" \
- -e "s,%NSSUTIL_VERSION%,$(nss-util-config --version),g" \
- -e "s,%SOFTOKEN_VERSION%,$(nss-softokn-config --version),g" \
< %{DIR_SOURCE}/nss.pc.in \
> %{BUILDROOT}%{libdir}/pkgconfig/nss.pc
# Copy the include files we want
cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3
+ cp -vf mozilla/dist/private/nss/blapi.h %{BUILDROOT}/usr/include/nss3
chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h
-
- # remove the nss-util-devel headers
- cd %{BUILDROOT}/usr/include/nss3 && rm -vf \
- base64.h \
- ciferfam.h \
- nssb64.h \
- nssb64t.h \
- nsslocks.h \
- nssilock.h \
- nssilckt.h \
- nssrwlk.h \
- nssrwlkt.h \
- nssutil.h \
- pkcs11{,f,n,p,t,u}.h \
- portreg.h \
- secasn1.h \
- secasn1t.h \
- seccomon.h \
- secder.h \
- secdert.h \
- secdig.h \
- secdigt.h \
- secerr.h \
- secitem.h \
- secoid.h \
- secoidt.h \
- secport.h \
- utilrename.h
-
- # remove header shipped in nss-softokn-devel
- cd %{BUILDROOT}/usr/include/nss3 && rm -vf \
- blapit.h \
- ecl-exp.h \
- hasht.h \
- sechash.h \
- secmodt.h \
- shsign.h \
- nsslowhash.h
end
end
requires
nspr-devel
- %{name}
- nss-softokn-devel
- nss-util-devel
+ nss=%{thisver}
end
# Mozilla does no versioning :(
end
end
+ package %{name}-softokn
+ summary = Network Security Services Softoken Module.
+ description
+ Network Security Services Softoken Cryptographic Module.
+ end
+
+ requires = nss=%{thisver}
+
+ files
+ %{libdir}/libnssdbm3.so
+ %{libdir}/libsoftokn3.so
+ %{libdir}/nss/unsupported-tools/shlibsign
+ end
+ end
+
+ package %{name}-softokn-freebl
+ summary = Freebl library for the Network Security Services.
+ description
+ NSS Softoken Cryptographic Module Freelb Library.
+ end
+
+ requires
+ nss=%{thisver}
+ nss-softokn=%{thisver}
+ end
+
+ files = %{libdir}/libfreebl3.so
+ end
+
+ package %{name}-util
+ summary = Network Security Services Utilities Library.
+ description
+ Utilities for Network Security Services and the Softoken module.
+ end
+
+ requires = nss=%{thisver}
+
+ files = %{libdir}/libnssutil3.so
+ end
+
package %{name}-debuginfo
template DEBUGINFO
end
Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
-Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
+Requires: nspr >= %NSPR_VERSION%
Libs: -lssl3 -lsmime3 -lnss3
Cflags: -I${includedir}
+++ /dev/null
-From 8bd0a0427e034262ff982fed98ca5e8c623165db Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 12 Jul 2010 16:31:01 -0600
-Subject: [PATCH] Add support for PKCS#8 encoded private keys
-
-The code supports PKCS#1 encoded RSA private keys that begin with the
-BEGIN RSA PRIVATE KEY header in PEM files. This patch adds support for
-RSA private keys encoded in PEM files that begin with the header
-BEGIN PRIVATE KEY which are in PKCS#8 format.
----
- prsa.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++------------------
- util.c | 3 +-
- 2 files changed, 110 insertions(+), 43 deletions(-)
-
-diff --git a/prsa.c b/prsa.c
-index 5b2f379..8d4fb92 100644
---- a/mozilla/security/nss/lib/ckfw/pem/prsa.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/prsa.c
-@@ -63,6 +63,35 @@ const SEC_ASN1Template pem_RSAPrivateKeyTemplate[] = {
- {0}
- };
-
-+static const SEC_ASN1Template pem_AttributeTemplate[] = {
-+ { SEC_ASN1_SEQUENCE,
-+ 0, NULL, sizeof(NSSLOWKEYAttribute) },
-+ { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) },
-+ { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(NSSLOWKEYAttribute, attrValue),
-+ SEC_ASN1_SUB(SEC_AnyTemplate) },
-+ { 0 }
-+};
-+
-+static const SEC_ASN1Template pem_SetOfAttributeTemplate[] = {
-+ { SEC_ASN1_SET_OF, 0, pem_AttributeTemplate },
-+};
-+
-+const SEC_ASN1Template pem_PrivateKeyInfoTemplate[] = {
-+ { SEC_ASN1_SEQUENCE,
-+ 0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) },
-+ { SEC_ASN1_INTEGER,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,version) },
-+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,algorithm),
-+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
-+ { SEC_ASN1_OCTET_STRING,
-+ offsetof(NSSLOWKEYPrivateKeyInfo,privateKey) },
-+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
-+ offsetof(NSSLOWKEYPrivateKeyInfo, attributes),
-+ pem_SetOfAttributeTemplate },
-+ { 0 }
-+};
-+
- /* Declarations */
- SECStatus pem_RSA_Sign(pemLOWKEYPrivateKey * key, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
-@@ -116,6 +145,79 @@ pem_DestroyPrivateKey(pemLOWKEYPrivateKey * privk)
- nss_ZFreeIf(privk);
- }
-
-+/* decode and parse the rawkey into the lpk structure */
-+static pemLOWKEYPrivateKey *
-+pem_getPrivateKey(PLArenaPool *arena, SECItem *rawkey, CK_RV * pError, NSSItem *modulus)
-+{
-+ pemLOWKEYPrivateKey *lpk = NULL;
-+ SECStatus rv = SECFailure;
-+ NSSLOWKEYPrivateKeyInfo *pki = NULL;
-+ SECItem *keysrc = NULL;
-+
-+ /* make sure SECOID is initialized - not sure why we have to do this outside of nss_Init */
-+ if (SECSuccess != (rv = SECOID_Init())) {
-+ *pError = CKR_GENERAL_ERROR;
-+ return NULL; /* wha???? */
-+ }
-+
-+ pki = (NSSLOWKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
-+ sizeof(NSSLOWKEYPrivateKeyInfo));
-+ if(!pki) {
-+ *pError = CKR_HOST_MEMORY;
-+ goto done;
-+ }
-+
-+ /* let's first see if this is a "raw" RSA private key or an RSA private key in PKCS#8 format */
-+ rv = SEC_ASN1DecodeItem(arena, pki, pem_PrivateKeyInfoTemplate, rawkey);
-+ if (rv != SECSuccess) {
-+ /* not PKCS#8 - assume it's a "raw" RSA private key */
-+ keysrc = rawkey;
-+ } else if (SECOID_GetAlgorithmTag(&pki->algorithm) == SEC_OID_PKCS1_RSA_ENCRYPTION) {
-+ keysrc = &pki->privateKey;
-+ } else { /* unsupported */
-+ *pError = CKR_FUNCTION_NOT_SUPPORTED;
-+ goto done;
-+ }
-+
-+ lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-+ sizeof(pemLOWKEYPrivateKey));
-+ if (lpk == NULL) {
-+ *pError = CKR_HOST_MEMORY;
-+ goto done;
-+ }
-+
-+ lpk->arena = arena;
-+ lpk->keyType = pemLOWKEYRSAKey;
-+ prepare_low_rsa_priv_key_for_asn1(lpk);
-+
-+ /* I don't know what this is supposed to accomplish. We free the old
-+ modulus data and set it again, making a copy of the new data.
-+ But we just allocated a new empty key structure above with
-+ nss_ZAlloc. So lpk->u.rsa.modulus.data is NULL and
-+ lpk->u.rsa.modulus.len. If the intention is to free the old
-+ modulus data, why not just set it to NULL after freeing? Why
-+ go through this unnecessary and confusing copying code?
-+ */
-+ if (modulus) {
-+ nss_ZFreeIf(modulus->data);
-+ modulus->data = (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-+ modulus->size = lpk->u.rsa.modulus.len;
-+ nsslibc_memcpy(modulus->data, lpk->u.rsa.modulus.data,
-+ lpk->u.rsa.modulus.len);
-+ }
-+
-+ /* decode the private key and any algorithm parameters */
-+ rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-+ keysrc);
-+
-+ if (rv != SECSuccess) {
-+ goto done;
-+ }
-+
-+done:
-+ return lpk;
-+}
-+
- void
- pem_PopulateModulusExponent(pemInternalObject * io)
- {
-@@ -123,7 +225,7 @@ pem_PopulateModulusExponent(pemInternalObject * io)
- const NSSItem *keyType = pem_FetchAttribute(io, CKA_KEY_TYPE);
- pemLOWKEYPrivateKey *lpk = NULL;
- PLArenaPool *arena;
-- SECStatus rv;
-+ CK_RV pError = 0;
-
- /* make sure we have the right objects */
- if (((const NSSItem *) NULL == classItem) ||
-@@ -140,26 +242,12 @@ pem_PopulateModulusExponent(pemInternalObject * io)
- return;
- }
-
-- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-- sizeof(pemLOWKEYPrivateKey));
-+ lpk = pem_getPrivateKey(arena, io->u.key.key.privateKey, &pError, NULL);
- if (lpk == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- return;
- }
-
-- lpk->arena = arena;
-- lpk->keyType = pemLOWKEYRSAKey;
-- prepare_low_rsa_priv_key_for_asn1(lpk);
--
-- /* decode the private key and any algorithm parameters */
-- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-- io->u.key.key.privateKey);
--
-- if (rv != SECSuccess) {
-- PORT_FreeArena(arena, PR_FALSE);
-- return;
-- }
--
- nss_ZFreeIf(io->u.key.key.modulus.data);
- io->u.key.key.modulus.data =
- (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-@@ -252,13 +340,6 @@ pem_mdCryptoOperationRSAPriv_Create
- pemInternalCryptoOperationRSAPriv *iOperation;
- pemLOWKEYPrivateKey *lpk = NULL;
- PLArenaPool *arena;
-- SECStatus rv;
--
-- arena = PORT_NewArena(2048);
-- if (!arena) {
-- *pError = CKR_HOST_MEMORY;
-- return (NSSCKMDCryptoOperation *) NULL;
-- }
-
- /* make sure we have the right objects */
- if (((const NSSItem *) NULL == classItem) ||
-@@ -271,30 +352,15 @@ pem_mdCryptoOperationRSAPriv_Create
- return (NSSCKMDCryptoOperation *) NULL;
- }
-
-- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL,
-- sizeof (pemLOWKEYPrivateKey));
-- if (lpk == NULL) {
-+ arena = PORT_NewArena(2048);
-+ if (!arena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDCryptoOperation *) NULL;
- }
-- lpk->arena = arena;
-- lpk->keyType = pemLOWKEYRSAKey;
-- prepare_low_rsa_priv_key_for_asn1(lpk);
-
-- nss_ZFreeIf(iKey->u.key.key.modulus.data);
-- iKey->u.key.key.modulus.data =
-- (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len);
-- iKey->u.key.key.modulus.size = lpk->u.rsa.modulus.len;
-- nsslibc_memcpy(iKey->u.key.key.modulus.data, lpk->u.rsa.modulus.data,
-- lpk->u.rsa.modulus.len);
--
-- /* decode the private key and any algorithm parameters */
-- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-- iKey->u.key.key.privateKey);
--
-- if (rv != SECSuccess) {
-+ lpk = pem_getPrivateKey(arena, iKey->u.key.key.privateKey, pError, &iKey->u.key.key.modulus);
-+ if (lpk == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
-- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDCryptoOperation *) NULL;
- }
-
-diff --git a/util.c b/util.c
-index a6ca094..d02ee87 100644
---- a/mozilla/security/nss/lib/ckfw/pem/util.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
-@@ -164,7 +164,8 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
- int key = 0;
- while ((asc) && ((body = strstr(asc, "-----BEGIN")) != NULL)) {
- key = 0;
-- if (strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) {
-+ if ((strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) ||
-+ (strncmp(body, "-----BEGIN PRIVATE KEY", 21) == 0)) {
- key = 1;
- c = body;
- body = strchr(body, '\n');
---
-1.5.5.6
-
--- /dev/null
+From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
+From: Elio Maldonado <emaldona@redhat.com>
+Date: Tue, 12 Apr 2011 09:31:48 -0700
+Subject: [PATCH] Bug 695011 PEM logging
+
+Use NSPR logging facilities for PEM logging to fix a segmenation violation
+caused when user cannot for write a log file created by root
+---
+ mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
+ mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
+ 2 files changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+index 839d40b..720525e 100644
+--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
++++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
+@@ -1,3 +1,6 @@
++#ifndef CKPEM_H
++#define CKPEM_H
++
+ #include "nssckmdt.h"
+ #include "nssckfw.h"
+ #include "ckfwtm.h"
+@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
+ /* ptoken.c */
+ NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
+
++/* util.c */
+ void open_log();
+-void close_log();
+ void plog(const char *fmt, ...);
+
+-#define PEM_H 1
++#endif /* CKPEM_H */
+diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
+index 853f418..fafb924 100644
+--- a/mozilla/security/nss/lib/ckfw/pem/util.c
++++ b/mozilla/security/nss/lib/ckfw/pem/util.c
+@@ -41,6 +41,7 @@
+ #include "prtime.h"
+ #include "prlong.h"
+ #include "prerror.h"
++#include "prlog.h"
+ #include "prprf.h"
+ #include "plgetopt.h"
+ #include "prenv.h"
+@@ -51,6 +52,9 @@
+ #include "cryptohi.h"
+ #include "secpkcs7.h"
+ #include "secerr.h"
++
++#include "ckpem.h"
++
+ #include <stdarg.h>
+
+ #define CHUNK_SIZE 512
+@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
+ return -1;
+ }
+
+-FILE *plogfile;
++#ifdef DEBUG
++#define LOGGING_BUFFER_SIZE 400
++#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
++static const char *pemLogModuleName = "PEM";
++static PRLogModuleInfo* pemLogModule;
++#endif
+
+ void open_log()
+ {
+ #ifdef DEBUG
+- plogfile = fopen("/tmp/pkcs11.log", "a");
+-#endif
++ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
+
+- return;
+-}
++ pemLogModule = PR_NewLogModule(pemLogModuleName);
+
+-void close_log()
+-{
+-#ifdef DEBUG
+- fclose(plogfile);
++ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
++ /* If false, the log file will remain what it was before */
+ #endif
+- return;
+ }
+
+ void plog(const char *fmt, ...)
+ {
+ #ifdef DEBUG
++ char buf[LOGGING_BUFFER_SIZE];
+ va_list ap;
+
+ va_start(ap, fmt);
+- vfprintf(plogfile, fmt, ap);
++ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+-
+- fflush(plogfile);
++ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
+ #endif
+ }
+--
+1.7.4.2
+
+++ /dev/null
-From 9b7334b61cf3277e5eb48b716f6719b4636e2572 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 12 Jul 2010 17:21:01 -0600
-Subject: [PATCH] Do not define SEC_SkipTemplate
-
-Building NSS with PEM support gives an error in pbobject due to multiple
-definitions of SEC_SkipTemplate. This is already defined in libnssutil
----
- pobject.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/pobject.c b/pobject.c
-index 81b9028..48f5e78 100644
---- a/mozilla/security/nss/lib/ckfw/pem/pobject.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/pobject.c
-@@ -172,6 +172,8 @@ static const NSSItem pem_trusted = {
- (void *) &ckt_netscape_trusted, (PRUint32) sizeof(CK_TRUST)
- };
-
-+/* SEC_SkipTemplate is already defined and exported by libnssutil */
-+#ifdef SEC_SKIP_TEMPLATE
- /*
- * Template for skipping a subitem.
- *
-@@ -182,6 +184,7 @@ static const NSSItem pem_trusted = {
- const SEC_ASN1Template SEC_SkipTemplate[] = {
- {SEC_ASN1_SKIP}
- };
-+#endif
-
- /*
- * Find the subjectName in a DER encoded certificate
---
-1.5.5.6
-
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700
+@@ -1117,7 +1117,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ objid = -1;
+ /* Brute force: find the id of the key, if any, in this slot */
+@@ -1176,7 +1176,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
+ certDER.data = NULL;
--- /dev/null
+diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
+--- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800
++++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800
+@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
+ {
+ int i;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
++
+ PZ_Lock(nssInitLock);
+ if (!NSS_IsInitialized()) {
+ PZ_Unlock(nssInitLock);
+@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
+ {
+ int i;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+ if (!NSS_IsInitialized()) {
+ PZ_Unlock(nssInitLock);
+@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
+ {
+ SECStatus rv = SECSuccess;
+
++ /* make sure our lock and condition variable are initialized one and only
++ * one time */
++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
++ return SECFailure;
++ }
+ PZ_Lock(nssInitLock);
+ /* If one or more threads are in the middle of init, wait for them
+ * to complete */
--- /dev/null
+diff -up nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h
+--- nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo 2011-11-10 12:44:17.683967574 -0600
++++ nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h 2011-11-10 12:44:24.146886778 -0600
+@@ -362,7 +362,7 @@ typedef CK_ULONG CK_TRUST;
+ * cast the resulting value to the deprecated type in the #define, thus
+ * producting the warning when the #define is used.
+ */
+-#if (__GNUC__ == 4) && (__GNUC_MINOR < 5)
++#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
+ /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
+ * is a gcc version issue rather than mac or ppc specific */
+ typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
--- /dev/null
+diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
+--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800
++++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800
+@@ -54,7 +54,6 @@ DIRS = lib \
+ dbtest \
+ derdump \
+ digest \
+- fipstest \
+ makepqg \
+ multinit \
+ ocspclnt \
+@@ -84,6 +83,7 @@ DIRS = lib \
+ $(NULL)
+
+ TEMPORARILY_DONT_BUILD = \
++ fipstest \
+ $(NULL)
+
+ # rsaperf \
--- /dev/null
+diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
+--- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800
++++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800
+@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
+ USE_SYSTEM_FREEBL = 1
+ FREEBL_LIBS = -lfreebl3
+
++#
++# Don't compile code that requires SHA224 if it isn't avilable
++# Such is the case when system freebl/softokn is the 3.12 one
++#
++ifdef NO_SHA224_AVAILABLE
++CFLAGS+=-DNO_SHA224_AVAILABLE
++endif
++
+ # The -rpath '$$ORIGIN' linker option instructs this library to search for its
+ # dependencies in the same directory where it resides.
+ ifeq ($(BUILD_SUN_PKG), 1)
+diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
+--- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700
++++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800
+@@ -686,7 +686,9 @@ typedef enum {
+ bltestMD2, /* Hash algorithms */
+ bltestMD5, /* . */
+ bltestSHA1, /* . */
++#ifndef NO_SHA224_AVAILABLE
+ bltestSHA224, /* . */
++#endif
+ bltestSHA256, /* . */
+ bltestSHA384, /* . */
+ bltestSHA512, /* . */
+@@ -721,7 +723,9 @@ static char *mode_strings[] =
+ "md2",
+ "md5",
+ "sha1",
++#ifndef NO_SHA224_AVAILABLE
+ "sha224",
++#endif
+ "sha256",
+ "sha384",
+ "sha512",
+@@ -1761,6 +1765,7 @@ finish:
+ return rv;
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ SECStatus
+ SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+ {
+@@ -1800,6 +1805,7 @@ finish:
+ SHA224_DestroyContext(cx, PR_TRUE);
+ return rv;
+ }
++#endif
+
+ SECStatus
+ SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
+@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
+ cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
+ return SECSuccess;
+ break;
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
+ cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
+ : SHA224_HashBuf;
+ return SECSuccess;
++#endif
+ break;
+ case bltestSHA256:
+ restart = cipherInfo->params.hash.restart;
+@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
+ case bltestMD2: /* hash contexts are ephemeral */
+ case bltestMD5:
+ case bltestSHA1:
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
++#endif
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
+ case bltestMD2:
+ case bltestMD5:
+ case bltestSHA1:
++#ifndef NO_SHA224_AVAILABLE
+ case bltestSHA224:
++#endif
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
+--- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800
++++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800
+@@ -41,6 +41,10 @@
+ #include "blapi.h"
+ #include "secutil.h"
+
++#ifdef NO_SHA224_AVAILABLE
++PRBool BLAPI_SHVerifyFile(const char *shName);
++#endif
++
+ static int Usage()
+ {
+ fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
+diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
+--- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700
++++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800
+@@ -86,6 +86,14 @@ static char consoleName[] = {
+ #include "nssutil.h"
+ #include "ssl.h"
+
++/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
++ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
++ * but invisible here for some reason
++ */
++#ifndef CERTDB_TERMINAL_RECORD
++#define CERTDB_TERMINAL_RECORD (1<<0)
++#endif
++
+
+ void
+ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
+@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
+ { 0 }
+ };
+
++/* if no sha224 then no psapss either */
++#ifndef NO_SHA224_AVAILABLE
+ void
+ secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
+ {
+@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
+ }
+ PORT_FreeArena(pool, PR_FALSE);
+ }
++#endif
+
+ void
+ secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
+@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
+ return;
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+ secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
+ return;
+ }
++#endif
+
+ if (a->parameters.len == 0
+ || (a->parameters.len == 2
+@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
+ hashAlgTag = SEC_OID_MD5;
+ } else if (!PL_strcmp(alg, "SHA1")) {
+ hashAlgTag = SEC_OID_SHA1;
++#ifndef NO_SHA224_AVAILABLE
+ } else if (!PL_strcmp(alg, "SHA224")) {
+ hashAlgTag = SEC_OID_SHA224;
++#endif
+ } else if (!PL_strcmp(alg, "SHA256")) {
+ hashAlgTag = SEC_OID_SHA256;
+ } else if (!PL_strcmp(alg, "SHA384")) {
+diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
+--- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800
++++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800
+@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
+
+ mech_str digestMechs[] = {
+ {CKM_SHA_1, "CKM_SHA_1 "},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224, "CKM_SHA224"},
++#endif
+ {CKM_SHA256, "CKM_SHA256"},
+ {CKM_SHA384, "CKM_SHA384"},
+ {CKM_SHA512, "CKM_SHA512"}
+ };
+ mech_str hmacMechs[] = {
+ {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
++#endif
+ {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
+ {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
+ {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
+ };
+ mech_str sigRSAMechs[] = {
+ {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
++#endif
+ {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
+ {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
+ {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
+diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
+--- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800
+@@ -91,10 +91,12 @@ sha1_NewContext(void) {
+ return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ static void *
+ sha224_NewContext(void) {
+ return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
+ }
++#endif
+
+ static void *
+ sha256_NewContext(void) {
+@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512
+ },
++#ifndef NO_SHA224_AVAILABLE
+ { SHA224_LENGTH,
+ (void * (*)(void)) sha224_NewContext,
+ (void * (*)(void *)) PK11_CloneContext,
+@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224
+ },
++#endif
+ };
+
+ const SECHashObject *
+@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
+ case SEC_OID_MD2: ht = HASH_AlgMD2; break;
+ case SEC_OID_MD5: ht = HASH_AlgMD5; break;
+ case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
++#endif
+ case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
+ case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
+ case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
+@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
++#endif
+ case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
+ case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
+ case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
+@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
+ /* no oid exists for HMAC_MD2 */
+ /* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
++#endif
+ case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
+ case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
+ case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
+diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
+--- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800
+@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
+ * should be handing us a cipher type */
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
++#endif
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
+--- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700
++++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800
+@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
+ break;
+-
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA224;
+ break;
++#endif
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ *hashalg = SEC_OID_SHA256;
+@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ len = SECKEY_PublicKeyStrength(key);
+ if (len < 28) { /* 28 bytes == 224 bits */
+ *hashalg = SEC_OID_SHA1;
++#ifndef NO_SHA224_AVAILABLE
+ } else if (len < 32) { /* 32 bytes == 256 bits */
+ *hashalg = SEC_OID_SHA224;
++#endif
+ } else if (len < 48) { /* 48 bytes == 384 bits */
+ *hashalg = SEC_OID_SHA256;
+ } else if (len < 64) { /* 48 bytes == 512 bits */
+@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+ case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
++#endif
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
+ *encalg = SEC_OID_MISSI_DSS;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
++#ifndef NO_SHA224_AVAILABLE
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
++#endif
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
+--- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800
+@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
+ extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
+
+ /******************************************/
+-
++#ifndef NO_SHA224_AVAILABLE
+ extern SHA224Context *SHA224_NewContext(void);
+ extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
+ extern void SHA224_Begin(SHA224Context *cx);
+@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
+ extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
+ extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
+ extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
++#endif
+
+ /******************************************/
+
+diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
+--- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800
+@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
+ JPAKE_Verify,
+ JPAKE_Round2,
+ JPAKE_Final,
+-
++#ifndef NO_SHA224_AVAILABLE
+ /* End of Version 3.012 */
+
+ TLS_P_hash,
+@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
+ SHA224_Resurrect,
+ SHA224_Clone,
+ BLAPI_SHVerifyFile
+-
++#endif
+ /* End of Version 3.013 */
+ };
+
+diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
+--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800
+@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
+ 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
+ 0xe0,0x68,0x47,0x7a};
+-
++#ifndef NO_SHA224_AVAILABLE
+ /* SHA-224 Known Digest Message (224-bits). */
+ static const PRUint8 sha224_known_digest[] = {
+ 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
+ 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
+ 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
+ 0x9a,0xb8,0x98,0x4e};
+-
++#endif
+ /* SHA-256 Known Digest Message (256-bits). */
+ static const PRUint8 sha256_known_digest[] = {
+ 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
+@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
+ SHA1_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
+-
++#ifndef NO_SHA224_AVAILABLE
+ /***************************************************/
+ /* SHA-224 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
+-
++#endif
+ /***************************************************/
+ /* SHA-256 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
+--- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800
+@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512
+ },
++#ifndef NO_SHA224_AVAILABLE
+ { SHA224_LENGTH,
+ (void * (*)(void)) SHA224_NewContext,
+ (void * (*)(void *)) null_hash_clone_context,
+@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224
+ },
++#endif
+ };
+
+ const SECHashObject *
+diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
+--- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700
++++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
+@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
+ memcpy(dest, src, sizeof *dest);
+ }
+
++#ifndef NO_SHA224_AVAILABLE
+ /* ============= SHA224 implementation ================================== */
+
+ /* SHA-224 initial hash values */
+@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
+ {
+ SHA256_Clone(dest, src);
+ }
+-
++#endif
+
+ /* ======= SHA512 and SHA384 common constants and defines ================= */
+
+diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
+--- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800
+@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
+ 0x5d, 0x0e, 0x1e, 0x11};
+
++#ifndef NO_SHA224_AVAILABLE
+ /* known SHA224 hmac (28 bytes) */
+ static const PRUint8 known_SHA224_hmac[] = {
+ 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
+ 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
+ 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
+ 0x9a, 0xb8, 0x98, 0x4e};
++#endif
+
+ /* known SHA256 hmac (32 bytes) */
+ static const PRUint8 known_SHA256_hmac[] = {
+@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ /* HMAC SHA-224 Single-Round Known Answer Test. */
+ /***************************************************/
+
++#ifndef NO_SHA224_AVAILABLE
+ hmac_status = sftk_fips_HMAC(hmac_computed,
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
+ ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
++#endif
+
+ /***************************************************/
+ /* HMAC SHA-256 Single-Round Known Answer Test. */
+@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
+ 0xe0,0x68,0x47,0x7a};
+
++#ifndef NO_SHA224_AVAILABLE
+ /* SHA-224 Known Digest Message (224-bits). */
+ static const PRUint8 sha224_known_digest[] = {
+ 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
+ 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
+ 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
+ 0x8e,0x08,0xe5,0xcb};
++#endif
+
+ /* SHA-256 Known Digest Message (256-bits). */
+ static const PRUint8 sha256_known_digest[] = {
+@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ /* SHA-224 Single-Round Known Answer Hashing Test. */
+ /***************************************************/
+
++#ifndef NO_SHA224_AVAILABLE
+ sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+
+@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
+ ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
+ SHA224_LENGTH ) != 0 ) )
+ return( CKR_DEVICE_ERROR );
++#endif
+
+ /***************************************************/
+ /* SHA-256 Single-Round Known Answer Hashing Test. */
+diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
+--- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800
+@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
+ INIT_MECH(CKM_MD2, MD2)
+ INIT_MECH(CKM_MD5, MD5)
+ INIT_MECH(CKM_SHA_1, SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_MECH(CKM_SHA224, SHA224)
++#endif
+ INIT_MECH(CKM_SHA256, SHA256)
+ INIT_MECH(CKM_SHA384, SHA384)
+ INIT_MECH(CKM_SHA512, SHA512)
+@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
+ DOSUB(MD2)
+ DOSUB(MD5)
+ DOSUB(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ DOSUB(SHA224)
++#endif
+ DOSUB(SHA256)
+ DOSUB(SHA384)
+ DOSUB(SHA512)
+@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
+ INIT_RSA_SIGN_MECH(MD5)
+ INIT_RSA_SIGN_MECH(MD2)
+ INIT_RSA_SIGN_MECH(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_RSA_SIGN_MECH(SHA224)
++#endif
+ INIT_RSA_SIGN_MECH(SHA256)
+ INIT_RSA_SIGN_MECH(SHA384)
+ INIT_RSA_SIGN_MECH(SHA512)
+@@ -2131,7 +2137,9 @@ finish_rsa:
+
+ INIT_HMAC_MECH(MD2)
+ INIT_HMAC_MECH(MD5)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_HMAC_MECH(SHA224)
++#endif
+ INIT_HMAC_MECH(SHA256)
+ INIT_HMAC_MECH(SHA384)
+ INIT_HMAC_MECH(SHA512)
+@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
+ INIT_RSA_VFY_MECH(MD5)
+ INIT_RSA_VFY_MECH(MD2)
+ INIT_RSA_VFY_MECH(SHA1)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_RSA_VFY_MECH(SHA224)
++#endif
+ INIT_RSA_VFY_MECH(SHA256)
+ INIT_RSA_VFY_MECH(SHA384)
+ INIT_RSA_VFY_MECH(SHA512)
+@@ -2626,7 +2636,9 @@ finish_rsa:
+
+ INIT_HMAC_MECH(MD2)
+ INIT_HMAC_MECH(MD5)
++#ifndef NO_SHA224_AVAILABLE
+ INIT_HMAC_MECH(SHA224)
++#endif
+ INIT_HMAC_MECH(SHA256)
+ INIT_HMAC_MECH(SHA384)
+ INIT_HMAC_MECH(SHA512)
+diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
+--- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800
++++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800
+@@ -311,8 +311,10 @@ static const struct mechanismList mechan
+ CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
++#endif
+ {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+ CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
+@@ -401,9 +403,11 @@ static const struct mechanismList mechan
+ {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
++#ifndef NO_SHA224_AVAILABLE
+ {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
++#endif
+ {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE},
+ {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
+ {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
+diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
+--- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700
++++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800
+@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
+ case CKM_SHA_1:
+ case CKG_MGF1_SHA1:
+ return HASH_AlgSHA1;
++#ifndef NO_SHA224_AVAILABLE
+ case CKM_SHA224:
+ case CKG_MGF1_SHA224:
+ return HASH_AlgSHA224;
++#endif
+ case CKM_SHA256:
+ case CKG_MGF1_SHA256:
+ return HASH_AlgSHA256;
+diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
+--- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700
++++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800
+@@ -73,7 +73,6 @@
+ 0 md2_-H MD2_Hash
+ 0 md5_-H MD5_Hash
+ 0 sha1_-H SHA1_Hash
+- 0 sha224_-H SHA224_Hash
+ 0 sha256_-H SHA256_Hash
+ 0 sha384_-H SHA384_Hash
+ 0 sha512_-H SHA512_Hash
--- /dev/null
+diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
+--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700
++++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700
+@@ -201,6 +201,9 @@ dbtest_main()
+ cat $RONLY_DIR/* > /dev/null
+ fi
+
++ # skipping the next two tests when user is root,
++ # otherwise they would fail due to rooty powers
++ if [[ $EUID -ne 0 ]] then
+ ${BINDIR}/dbtest -d $RONLY_DIR
+ ret=$?
+ if [ $ret -ne 46 ]; then
+@@ -208,6 +211,10 @@ dbtest_main()
+ else
+ html_passed "Dbtest r/w didn't work in an readonly dir $ret"
+ fi
++ else
++ html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
++ fi
++ if [[ $EUID -ne 0 ]] then
+ ${BINDIR}/certutil -D -n "TestUser" -d .
+ ret=$?
+ if [ $ret -ne 255 ]; then
+@@ -215,6 +222,9 @@ dbtest_main()
+ else
+ html_passed "Certutil didn't work in an readonly dir $ret"
+ fi
++ else
++ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root"
++ fi
+
+ Echo "test opening the database ronly in a readonly directory"
+
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 16:29:17.081000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 08:11:57.000000000 -0700
+@@ -35,7 +35,7 @@
+ *
+ * ***** END LICENSE BLOCK ***** */
+ #ifdef DEBUG
+-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $";
++static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $";
+ #endif /* DEBUG */
+
+ #ifndef BUILTINS_H
+@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
+ static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ };
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
++};
++static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
++};
+ #ifdef DEBUG
+ static const NSSItem nss_builtins_items_0 [] = {
+ { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"CVS ID", (PRUint32)7 },
+ { (void *)"NSS", (PRUint32)4 },
+- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 }
++ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 }
+ };
+ #endif /* DEBUG */
+ static const NSSItem nss_builtins_items_1 [] = {
+@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+ };
++static const NSSItem nss_builtins_items_340 [] = {
++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
++"\162\151\143\150\051"
++, (PRUint32)101 },
++ { (void *)"0", (PRUint32)2 },
++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
++"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
++"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
++"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
++"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
++"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
++"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
++"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
++"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
++"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
++"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
++"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
++"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
++"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
++"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
++"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
++"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
++"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
++"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
++"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
++"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
++"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
++"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
++"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
++"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
++"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
++"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
++"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
++"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
++"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
++"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
++"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
++"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
++"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
++"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
++"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
++"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
++"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
++"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
++"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
++"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
++"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
++"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
++"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
++"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
++"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
++"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
++"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
++"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
++"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
++"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
++"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
++"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
++"\131"
++, (PRUint32)977 }
++};
++static const NSSItem nss_builtins_items_341 [] = {
++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
++ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
++"\214\071\131\117"
++, (PRUint32)20 },
++ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
++, (PRUint32)16 },
++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
++"\141\154\040\122\157\157\164"
++, (PRUint32)119 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
++static const NSSItem nss_builtins_items_342 [] = {
++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
++ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
++"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
++"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
++"\105\156\162\151\143\150\051"
++, (PRUint32)103 },
++ { (void *)"0", (PRUint32)2 },
++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
++"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
++"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
++"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
++"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
++"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
++"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
++"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
++"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
++"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
++"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
++"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
++"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
++"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
++"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
++"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
++"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
++"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
++"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
++"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
++"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
++"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
++"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
++"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
++"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
++"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
++"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
++"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
++"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
++"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
++"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
++"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
++"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
++"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
++"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
++"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
++"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
++"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
++"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
++"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
++"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
++"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
++"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
++"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
++"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
++"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
++"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
++"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
++"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
++"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
++"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
++"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
++"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
++"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
++"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
++"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
++"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
++"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
++"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
++"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
++"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
++"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
++"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
++"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
++"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
++"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
++"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
++"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
++"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
++"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
++"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
++"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
++"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
++"\355\020\342\305"
++, (PRUint32)1236 }
++};
++static const NSSItem nss_builtins_items_343 [] = {
++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
++ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
++"\005\155\061\046"
++, (PRUint32)20 },
++ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
++, (PRUint32)16 },
++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
++"\040\050\062\060\064\070\051"
++, (PRUint32)183 },
++ { (void *)"\002\006\007\377\377\377\377\377"
++, (PRUint32)8 },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
++};
+
+ builtinsInternalObject
+ nss_builtins_data[] = {
+@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
+ { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
+ { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
+ { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
+- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
++ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
++ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
++ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
++ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
++ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
+ };
+ const PRUint32
+ #ifdef DEBUG
+- nss_builtins_nObjects = 339+1;
++ nss_builtins_nObjects = 343+1;
+ #else
+- nss_builtins_nObjects = 339;
++ nss_builtins_nObjects = 343;
+ #endif /* DEBUG */
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 16:29:42.293000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 08:11:58.000000000 -0700
+@@ -34,7 +34,7 @@
+ # the terms of any one of the MPL, the GPL or the LGPL.
+ #
+ # ***** END LICENSE BLOCK *****
+-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $"
++CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $"
+
+ #
+ # certdata.txt
+@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
++\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
++\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
++\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
++\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
++\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
++\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
++\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
++\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
++\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
++\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
++\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
++\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
++\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
++\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
++\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
++\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
++\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
++\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
++\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
++\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
++\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
++\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
++\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
++\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
++\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
++\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
++\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
++\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
++\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
++\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
++\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
++\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
++\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
++\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
++\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
++\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
++\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
++\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
++\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
++\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
++\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
++\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
++\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
++\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
++\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
++\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
++\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
++\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
++\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
++\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
++\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
++\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
++\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
++\131
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
++\214\071\131\117
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
++\141\154\040\122\157\157\164
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
++#
++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++#
++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
++CKA_SUBJECT MULTILINE_OCTAL
++\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
++\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
++\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
++\105\156\162\151\143\150\051
++END
++CKA_ID UTF8 "0"
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_VALUE MULTILINE_OCTAL
++\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
++\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
++\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
++\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
++\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
++\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
++\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
++\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
++\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
++\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
++\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
++\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
++\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
++\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
++\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
++\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
++\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
++\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
++\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
++\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
++\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
++\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
++\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
++\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
++\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
++\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
++\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
++\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
++\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
++\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
++\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
++\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
++\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
++\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
++\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
++\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
++\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
++\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
++\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
++\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
++\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
++\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
++\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
++\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
++\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
++\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
++\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
++\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
++\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
++\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
++\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
++\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
++\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
++\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
++\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
++\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
++\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
++\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
++\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
++\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
++\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
++\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
++\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
++\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
++\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
++\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
++\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
++\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
++\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
++\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
++\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
++\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
++\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
++\355\020\342\305
++END
++
++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
++CKA_TOKEN CK_BBOOL CK_TRUE
++CKA_PRIVATE CK_BBOOL CK_FALSE
++CKA_MODIFIABLE CK_BBOOL CK_FALSE
++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
++CKA_CERT_SHA1_HASH MULTILINE_OCTAL
++\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
++\005\155\061\046
++END
++CKA_CERT_MD5_HASH MULTILINE_OCTAL
++\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
++END
++CKA_ISSUER MULTILINE_OCTAL
++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
++\040\050\062\060\064\070\051
++END
++CKA_SERIAL_NUMBER MULTILINE_OCTAL
++\002\006\007\377\377\377\377\377
++END
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
++
+diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
+--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700
+@@ -77,8 +77,8 @@
+ * of the comment in the CK_VERSION type definition.
+ */
+ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
+-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
+-#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
++#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
++#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
+
+ /* These version numbers detail the semantic changes to the ckfw engine. */
+ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
---- a/mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
-+++ b/mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
+--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
++++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
--- /dev/null
+diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
+--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-01-30 16:14:41.179494528 -0500
++++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-01-30 16:14:48.287424482 -0500
+@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags;
+ #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+
+ #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
+-"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
++"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
+
+ #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
+ #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
+@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ PR_FALSE, /* enableFalseStart */
+- PR_TRUE /* cbcRandomIV */
++ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
+ };
+
+ sslSessionIDLookupFunc ssl_sid_lookup;
+@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ PR_TRUE));
+ }
+ ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+- if (ev && ev[0] == '0') {
+- ssl_defaults.cbcRandomIV = PR_FALSE;
+- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
++ if (ev && ev[0] == '1') {
++ ssl_defaults.cbcRandomIV = PR_TRUE;
++ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+ }
+ }
+ #endif /* NSS_HAVE_GETENV */
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700
-@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
- sysdb = getSystemDB();
- userdb = getUserDB();
-
-- /* Don't open root's user DB */
-+ /* return a list of databases to open. First the system database. */
-+ if (sysdb) {
-+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+ module_list[next++] = PR_smprintf(
-+ "library= "
-+ "module=\"NSS system database\" "
-+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-+ }
-+
-+ /* Next the user database, but not for root. */
- if (userdb != NULL && !userIsRoot()) {
-- /* return a list of databases to open. First the user Database */
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS User database\" "
-@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
- userdb, stripped_parameters);
- }
-
--#if 0
-- /* This doesn't actually work. If we register
-- both this and the sysdb (in either order)
-- then only one of them actually shows up */
--
-- /* Using a NULL filename as a Boolean flag to
-- * prevent registering both an application-defined
-- * db and the system db. rhbz #546211.
-- */
-- PORT_Assert(filename);
-- if (sysdb && PL_CompareStrings(filename, sysdb))
-- filename = NULL;
-- else if (userdb && PL_CompareStrings(filename, userdb))
-- filename = NULL;
--
-- if (filename && !userIsRoot()) {
-- module_list[next++] = PR_smprintf(
-- "library= "
-- "module=\"NSS database\" "
-- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
-- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-- }
--#endif
--
-- /* now the system database (always read only unless it's root) */
-- if (sysdb) {
-- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-- module_list[next++] = PR_smprintf(
-- "library= "
-- "module=\"NSS system database\" "
-- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-- }
--
- /* that was the last module */
- module_list[next] = 0;
-
+++ /dev/null
-diff -up a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 b/mozilla/security/nss/lib/ckfw/pem/pinst.c
---- a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700
-+++ b/mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700
-@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c
- buf = issuer->data + issuer->len;
-
- /* only wanted issuer/SN */
-- if (valid == NULL) {
-+ if (subject == NULL || valid == NULL || subjkey == NULL) {
- return SECSuccess;
- }
- /* validity */
-@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass,
- memset(&o->u.trust, 0, sizeof(o->u.trust));
- break;
- }
-+
-+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
-+ if (o->nickname == NULL)
-+ goto fail;
-+ strcpy(o->nickname, nickname);
-+
-+ sprintf(id, "%d", objid);
-+ len = strlen(id) + 1; /* zero terminate */
-+ o->id.data = (void *) nss_ZAlloc(NULL, len);
-+ if (o->id.data == NULL)
-+ goto fail;
-+ (void) nsslibc_memcpy(o->id.data, id, len);
-+ o->id.size = len;
-+
- o->objClass = objClass;
- o->type = type;
- o->slotID = slotID;
-+
- o->derCert = nss_ZNEW(NULL, SECItem);
-+ if (o->derCert == NULL)
-+ goto fail;
- o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len);
-+ if (o->derCert->data == NULL)
-+ goto fail;
- o->derCert->len = certDER->len;
- nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len);
-
- switch (objClass) {
- case CKO_CERTIFICATE:
- case CKO_NETSCAPE_TRUST:
-- GetCertFields(o->derCert->data,
-- o->derCert->len, &issuer, &serial,
-- &derSN, &subject, &valid, &subjkey);
-+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len,
-+ &issuer, &serial, &derSN, &subject,
-+ &valid, &subjkey))
-+ goto fail;
-
- o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len);
-+ if (o->u.cert.subject.data == NULL)
-+ goto fail;
- o->u.cert.subject.size = subject.len;
- nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len);
-
- o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len);
-+ if (o->u.cert.issuer.data == NULL) {
-+ nss_ZFreeIf(o->u.cert.subject.data);
-+ goto fail;
-+ }
- o->u.cert.issuer.size = issuer.len;
- nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len);
-
- o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len);
-+ if (o->u.cert.serial.data == NULL) {
-+ nss_ZFreeIf(o->u.cert.issuer.data);
-+ nss_ZFreeIf(o->u.cert.subject.data);
-+ goto fail;
-+ }
- o->u.cert.serial.size = serial.len;
- nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len);
- break;
- case CKO_PRIVATE_KEY:
- o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem);
-+ if (o->u.key.key.privateKey == NULL)
-+ goto fail;
- o->u.key.key.privateKey->data =
- (void *) nss_ZAlloc(NULL, keyDER->len);
-+ if (o->u.key.key.privateKey->data == NULL) {
-+ nss_ZFreeIf(o->u.key.key.privateKey);
-+ goto fail;
-+ }
- o->u.key.key.privateKey->len = keyDER->len;
- nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data,
- keyDER->len);
- }
-
-- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
-- strcpy(o->nickname, nickname);
--
-- sprintf(id, "%d", objid);
--
-- len = strlen(id) + 1; /* zero terminate */
-- o->id.data = (void *) nss_ZAlloc(NULL, len);
-- (void) nsslibc_memcpy(o->id.data, id, len);
-- o->id.size = len;
-
- return o;
-+
-+fail:
-+ if (o) {
-+ if (o->derCert) {
-+ nss_ZFreeIf(o->derCert->data);
-+ nss_ZFreeIf(o->derCert);
-+ }
-+ nss_ZFreeIf(o->id.data);
-+ nss_ZFreeIf(o->nickname);
-+ nss_ZFreeIf(o);
-+ }
-+ return NULL;
- }
-
- pemInternalObject *
-@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
- /* object not found, we need to create it */
- pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
- filename, objid, slotID);
-+ if (io == NULL)
-+ return NULL;
-
- io->gobjIndex = count;
-
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-12-12 09:44:40.437096761 -0800
+@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+ if (io == NULL)
+ return NULL;
+
++ /* initialize pointers to functions */
++ pem_CreateMDObject(NULL, io, NULL);
++
+ io->gobjIndex = count;
+
+ /* add object to global array */
--- /dev/null
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700
+@@ -1179,6 +1179,7 @@ pem_CreateObject
+ return (NSSCKMDObject *) NULL;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
++ certDER.data = NULL;
+
+ objid = -1;
+ for (i = 0; i < pem_nobjs; i++) {
--- /dev/null
+--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
++++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
+@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+ size += PEM_ITEM_CHUNK;
+ }
+ gobj[count] = io;
+ count++;
+ pem_nobjs++;
+
+ io->refCount ++;
+ return io;
+ }
+
+ CK_RV
+ AddCertificate(char *certfile, char *keyfile, PRBool cacert,
+ CK_SLOT_ID slotID)
+ {
+ pemInternalObject *o;
+- SECItem certDER;
+ CK_RV error = 0;
+ int objid, i;
+ int nobjs = 0;
+ SECItem **objs = NULL;
+ char *ivstring = NULL;
+ int cipher;
+
+- certDER.data = NULL;
+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs <= 0) {
+ nss_ZFreeIf(objs);
+ return CKR_GENERAL_ERROR;
+ }
+
+ /* For now load as many certs as are in the file for CAs only */
+ if (cacert) {
+ for (i = 0; i < nobjs; i++) {
+ char nickname[1024];
+ objid = pem_nobjs + 1;
+
+ snprintf(nickname, 1024, "%s - %d", certfile, i);
+
+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
+@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
+ loser:
+ nss_ZFreeIf(objs);
+ nss_ZFreeIf(o);
+ return error;
+ }
+
+ CK_RV
+ pem_Initialize
+ (
+ NSSCKMDInstance * mdInstance,
+ NSSCKFWInstance * fwInstance,
+ NSSUTF8 * configurationData
+ )
+ {
+ CK_RV rv;
+- /* parse the initialization string and initialize CRLInstances */
++ /* parse the initialization string */
+ char **certstrings = NULL;
++ char *modparms = NULL;
+ PRInt32 numcerts = 0;
+ PRBool status, error = PR_FALSE;
+ int i;
++ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
++
++ if (!fwInstance) return CKR_ARGUMENTS_BAD;
++
++ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
++ if (modArgs &&
++ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
++ return CKR_CANT_LOCK;
++ }
+
+ if (pemInitialized) {
+ return CKR_OK;
+ }
++
+ RNG_RNGInit();
+
+ open_log();
+
+ plog("pem_Initialize\n");
+
+- unsigned char *modparms = NULL;
+- if (!fwInstance) {
+- return CKR_ARGUMENTS_BAD;
+- }
+-
+- CK_C_INITIALIZE_ARGS_PTR modArgs =
+- NSSCKFWInstance_GetInitArgs(fwInstance);
+ if (!modArgs || !modArgs->LibraryParameters) {
+ goto done;
+ }
+- modparms = (unsigned char *) modArgs->LibraryParameters;
++ modparms = (char *) modArgs->LibraryParameters;
+ plog("Initialized with %s\n", modparms);
+
+ /*
+ * The initialization string format is a space-delimited file of
+ * pairs of paths which are delimited by a semi-colon. The first
+ * entry of the pair is the path to the certificate file. The
+ * second is the path to the key file.
+ *
+ * CA certificates do not need the semi-colon.
+ *
+ * Example:
+ * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
+ *
+ */
+ status =
+- pem_ParseString((const char *) modparms, ' ', &numcerts,
++ pem_ParseString(modparms, ' ', &numcerts,
+ &certstrings);
+ if (status == PR_FALSE) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ for (i = 0; i < numcerts && error != PR_TRUE; i++) {
+ char *cert = certstrings[i];
+ PRInt32 attrcount = 0;
+ char **certattrs = NULL;
+ status = pem_ParseString(cert, ';', &attrcount, &certattrs);
+ if (status == PR_FALSE) {
+ error = PR_TRUE;
+ break;
+ }
+
+++ /dev/null
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
---- a/mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
-@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* noLocks */
- PR_FALSE, /* enableSessionTickets */
- PR_FALSE, /* enableDeflate */
-- 2, /* enableRenegotiation (default: requires extension) */
-+ 3, /* enableRenegotiation (default: transitional) */
- PR_FALSE, /* requireSafeNegotiation */
- PR_FALSE, /* enableFalseStart */
- };
--- /dev/null
+diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c
+--- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700
++++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700
+@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* noLocks */
+ PR_FALSE, /* enableSessionTickets */
+ PR_FALSE, /* enableDeflate */
+- 2, /* enableRenegotiation (default: requires extension) */
++ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ PR_FALSE, /* enableFalseStart */
+ PR_TRUE /* cbcRandomIV */
--- /dev/null
+diff -up tcl8.5.6/generic/tclPort.h.old tcl8.5.6/generic/tclPort.h
+--- tcl8.5.6/generic/tclPort.h.old 2009-02-09 16:40:08.000000000 +0100
++++ tcl8.5.6/generic/tclPort.h 2009-02-09 16:40:26.000000000 +0100
+@@ -24,7 +24,7 @@
+ #endif
+ #include "tcl.h"
+ #if !defined(_WIN32)
+-# include "tclUnixPort.h"
++# include "../unix/tclUnixPort.h"
+ #endif
+
+ #if defined(__CYGWIN__)
+diff -up tcl8.5.6/generic/tclInt.h.bbb tcl8.5.6/generic/tclInt.h
+--- tcl8.5.6/generic/tclInt.h.bbb 2008-11-14 01:22:39.000000000 +0100
++++ tcl8.5.6/generic/tclInt.h 2009-02-11 13:05:13.000000000 +0100
+@@ -2773,7 +2773,7 @@ MODULE_SCOPE void TclClockInit(Tcl_Inter
+ MODULE_SCOPE int TclClockOldscanObjCmd(
+ ClientData clientData, Tcl_Interp *interp,
+ int objc, Tcl_Obj *const objv[]);
+-MODULE_SCOPE int Tcl_CloseObjCmd(ClientData clientData,
++extern int Tcl_CloseObjCmd(ClientData clientData,
+ Tcl_Interp *interp, int objc,
+ Tcl_Obj *const objv[]);
+ MODULE_SCOPE int Tcl_ConcatObjCmd(ClientData clientData,
+@@ -2934,7 +2934,7 @@ MODULE_SCOPE int Tcl_RegsubObjCmd(Client
+ MODULE_SCOPE int Tcl_RenameObjCmd(ClientData clientData,
+ Tcl_Interp *interp, int objc,
+ Tcl_Obj *const objv[]);
+-MODULE_SCOPE int Tcl_ReturnObjCmd(ClientData clientData,
++extern int Tcl_ReturnObjCmd(ClientData clientData,
+ Tcl_Interp *interp, int objc,
+ Tcl_Obj *const objv[]);
+ MODULE_SCOPE int Tcl_ScanObjCmd(ClientData clientData,
###############################################################################
name = tcl
-version = 8.5.10
-release = 2
+major_ver = 8.5
+version = %{major_ver}.11
+release = 1
+thisapp = tcl%{version}
groups = Development/Languages
url = http://tcl.sourceforge.net/
applications, protocols, devices, and frameworks.
end
-source_dl = http://downloads.sourceforge.net/project/%{name}/%{name}/%{thisapp}
+source_dl = http://downloads.sourceforge.net/project/%{name}/Tcl/%{version}/
sources = tcl%{version}-src.tar.gz
build
requires
- perl>=5.14.2-9.ip3
autoconf
automake
+ perl >= 5.14.2-9.ip3
end
- DIR_APP = %{DIR_SRC}/tcl%{version}/unix
CFLAGS += -DTCL_NO_STACK_CHECK=1
+ make_extra = TCL_LIBRARY=%{datadir}/%{name}%{major_ver}
- configure_options +=\
+ configure_options += \
+ --disable-threads \
+ --enable-symbols \
--enable-shared
- prepare
- cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/${source}/%{sources}
- cd %{DIR_APP} && cd ..
+ prepare_cmds
+ cd unix && autoconf
+ end
- %{MACRO_PATCHES}
+ build
+ cd unix
+ ./configure \
+ %{configure_options}
- cd %{DIR_APP} && autoconf
+ make %{PARALLELISMFLAGS} %{make_extra}
end
- test
- # Skip remote tests http, httpold and socket.
- # Also skip unixInit-1.1. This test fails because "kill -PIPE"
- # will be executed and we don't support that.
- make test TESTFLAGS="-skip 'http* socket* unixInit-1.1'"
+ install
+ cd unix
+ make install %{make_extra} INSTALL_ROOT=%{BUILDROOT}
+ cd ..
+
+ ln -svf tclsh%{major_ver} %{BUILDROOT}/usr/bin/tclsh
+
+ # for linking with -lib%{name}
+ ln -svf lib%{name}%{major_ver}.so %{BUILDROOT}%{libdir}/lib%{name}.so
+
+ # paths don't look at /usr/lib for efficiency, so we symlink into tcl8.5 for now
+ mkdir -pv %{BUILDROOT}%{libdir}/%{name}%{major_ver}
+ ln -svf ../%{name}Config.sh %{BUILDROOT}%{libdir}/%{name}%{major_ver}/%{name}Config.sh
+
+ mkdir -pv %{BUILDROOT}%{includedir}/%{name}-private/{generic,unix}
+ find generic unix -name "*.h" -exec cp -p '{}' %{BUILDROOT}%{includedir}/%{name}-private/'{}' ';'
+ (
+ cd %{BUILDROOT}%{includedir}
+ for i in *.h; do
+ [ -f %{BUILDROOT}%{includedir}/%{name}-private/generic/${i} ] && ln -sf ../../${i} \
+ %{BUILDROOT}%{includedir}/%{name}-private/generic;
+ done
+ )
+
+ # remove buildroot traces
+ sed -i -e "s|$PWD/unix|%{libdir}|; s|$PWD|%{includedir}/%{name}-private|" %{BUILDROOT}%{libdir}/%{name}Config.sh
+ rm -rf %{BUILDROOT}%{datadir}/%{name}%{major_ver}/ldAix
end
- install_cmds
- cd %{DIR_APP} && make install-private-headers DESTDIR=%{BUILDROOT}
- ln -sf tclsh8.5 %{BUILDROOT}/usr/bin/tclsh
+ # Keep libtclstub*.a.
+ keep_libraries
+ %{libdir}/lib%{name}stub%{major_ver}.a
end
end
packages
package %{name}
+ package %{name}-devel
+ template DEVEL
+ end
+
package %{name}-debuginfo
template DEBUGINFO
end