Remove nss and nspr.

As there are plenty of other SSL implementations in this
distribution, nss is dropped.

diff --git a/nspr/nspr-config-vars.in b/nspr/nspr-config-vars.in
deleted file mode 100644 (file)
index ebf0aa4..0000000
--- a/nspr/nspr-config-vars.in
+++ /dev/null
@@ -1,2 +0,0 @@
-ldflags=@LDFLAGS@
-os_libs=@OS_LIBS@

diff --git a/nspr/nspr.nm b/nspr/nspr.nm
deleted file mode 100644 (file)
index c23b137..0000000
--- a/nspr/nspr.nm
+++ /dev/null
@@ -1,110 +0,0 @@
-###############################################################################
-# IPFire.org    - An Open Source Firewall Solution                            #
-# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
-###############################################################################
-
-name       = nspr
-version    = 4.8.9
-release    = 2
-
-groups     = System/Libraries
-url        = http://www.mozilla.org/projects/nspr/
-license    = MPLv1.1 or GPLv2+ or LGPLv2+
-summary    = Netscape Portable Runtime.
-
-description
-       NSPR provides platform independence for non-GUI operating system
-       facilities. These facilities include threads, thread synchronization,
-       normal file and network I/O, interval timing and calendar time, basic
-       memory management (malloc and free) and shared library linking.
-end
-
-source_dl  = ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v%{version}/src/
-
-build
-       requires
-               pkg-config
-       end
-
-       # Original nspr-config is not suitable for our distribution,
-       # because on different platforms it contains different dynamic content.
-       # Therefore we produce an adjusted copy of nspr-config that will be
-       # identical on all platforms.
-       # However, we need to use original nspr-config to produce some variables
-       # that go into nspr.pc for pkg-config.
-
-       prepare
-               cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{sources}
-
-               cp -vf %{DIR_APP}/mozilla/nsprpub/config/nspr-config.in \
-                       %{DIR_APP}/mozilla/nsprpub/config/nspr-config-pc.in
-               cp -vf %{DIR_SOURCE}/nspr-config-vars.in \
-                       %{DIR_APP}/mozilla/nsprpub/config/
-               cd %{DIR_APP}
-
-               %{MACRO_PATCHES}
-       end
-
-       if "%{DISTRO_ARCH}" == "x86_64"
-               configure_options += \
-                       --enable-64bit
-       end
-
-       if "%{DISTRO_ARCH}" == "armv7hl"
-               configure_options += \
-                       --enable-thumb2
-       end
-
-       configure_options += \
-               --includedir=/usr/include/nspr4 \
-               --enable-optimize="%{CFLAGS}" \
-               --disable-debug
-
-       build
-               %{DIR_APP}/mozilla/nsprpub/configure \
-                       %{configure_options}
-
-               make
-       end
-
-       install_cmds
-               mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}}
-               mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
-
-               cp -vf %{DIR_APP}/config/nspr-config-pc \
-                       %{BUILDROOT}/usr/bin/nspr-config
-
-               sed \
-                       -e "s,%libdir%,%{libdir},g" \
-                       -e "s,%prefix%,/usr,g" \
-                       -e "s,%exec_prefix%,/usr,g" \
-                       -e "s,%includedir%,/usr/include/nspr4,g" \
-                       -e "s,%NSPR_VERSION%,%{version},g" \
-                       -e "s,%FULL_NSPR_LIBS%,-L%{libdir} -lnspr4 -lplc4 -lplds4 -ldl -lpthread,g" \
-                       -e "s,%FULL_NSPR_CFLAGS%,-I/usr/include/nspr4,g" \
-                       < %{DIR_SOURCE}/nspr.pc.in \
-                       > %{BUILDROOT}%{libdir}/pkgconfig/nspr.pc
-
-               # Remove unneeded stuff
-               rm -rfv \
-                       %{BUILDROOT}/usr/bin/compile-et.pl \
-                       %{BUILDROOT}/usr/bin/prerr.properties \
-                       %{BUILDROOT}/usr/share/aclocal/nspr.m4 \
-                       %{BUILDROOT}/usr/include/nspr4/md
-       end
-end
-
-packages
-       package %{name}
-
-       package %{name}-devel
-               template DEVEL
-
-               # libs are not versioned.
-               files += !%{libdir}/*.so
-       end
-
-       package %{name}-debuginfo
-               template DEBUGINFO
-       end
-end

diff --git a/nspr/nspr.pc.in b/nspr/nspr.pc.in
deleted file mode 100644 (file)
index 1d8f4a0..0000000
--- a/nspr/nspr.pc.in
+++ /dev/null
@@ -1,10 +0,0 @@
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSPR
-Description: The Netscape Portable Runtime
-Version: %NSPR_VERSION%
-Libs: %FULL_NSPR_LIBS%
-Cflags: %FULL_NSPR_CFLAGS%

diff --git a/nspr/patches/nspr-config-pc.patch b/nspr/patches/nspr-config-pc.patch
deleted file mode 100644 (file)
index 24b1123..0000000
--- a/nspr/patches/nspr-config-pc.patch
+++ /dev/null
@@ -1,48 +0,0 @@
---- a/bmozilla/nsprpub/config/nspr-config-pc.in.x123   2005-05-11 02:53:41.000000000 +0200
-+++ b/mozilla/nsprpub/config/nspr-config-pc.in 2006-05-24 20:52:12.000000000 +0200
-@@ -98,7 +98,7 @@
-     includedir=@includedir@
- fi
- if test -z "$libdir"; then
--    libdir=@libdir@
-+    libdir=`pkg-config --variable=libdir nspr`
- fi
- 
- if test "$echo_prefix" = "yes"; then
-@@ -132,12 +132,12 @@
-       if test -n "$lib_nspr"; then
-       libdirs="$libdirs -lnspr${major_version}"
-       fi
--      os_ldflags="@LDFLAGS@"
-+      os_ldflags=`pkg-config --variable=ldflags nspr`
-       for i in $os_ldflags ; do
-       if echo $i | grep \^-L >/dev/null; then
-         libdirs="$libdirs $i"
-         fi
-       done
--      echo $libdirs @OS_LIBS@
-+      echo $libdirs `pkg-config --variable=os_libs nspr`
- fi      
- 
---- a/mozilla/nsprpub/configure.in.x123        2006-05-24 20:52:12.000000000 +0200
-+++ b/mozilla/nsprpub/configure.in     2006-05-24 20:53:53.000000000 +0200
-@@ -2667,6 +2667,8 @@
- config/nsprincl.mk
- config/nsprincl.sh
- config/nspr-config
-+config/nspr-config-pc
-+config/nspr-config-vars
- lib/Makefile 
- lib/ds/Makefile 
- lib/libc/Makefile 
---- a/mozilla/nsprpub/configure.x123   2006-05-24 20:52:12.000000000 +0200
-+++ b/mozilla/nsprpub/configure        2006-05-24 20:54:05.000000000 +0200
-@@ -5899,6 +5899,8 @@
- config/nsprincl.mk
- config/nsprincl.sh
- config/nspr-config
-+config/nspr-config-pc
-+config/nspr-config-vars
- lib/Makefile 
- lib/ds/Makefile 
- lib/libc/Makefile 

diff --git a/nss/PayPalEE.cert b/nss/PayPalEE.cert
deleted file mode 100644 (file)
index e49d8bd..0000000
Binary files a/nss/PayPalEE.cert and /dev/null differ

diff --git a/nss/cert8.db b/nss/cert8.db
deleted file mode 100644 (file)
index ac40a33..0000000
Binary files a/nss/cert8.db and /dev/null differ

diff --git a/nss/cert9.db b/nss/cert9.db
deleted file mode 100644 (file)
index 1763264..0000000
Binary files a/nss/cert9.db and /dev/null differ

diff --git a/nss/key3.db b/nss/key3.db
deleted file mode 100644 (file)
index 31e3975..0000000
Binary files a/nss/key3.db and /dev/null differ

diff --git a/nss/key4.db b/nss/key4.db
deleted file mode 100644 (file)
index 6bd60cb..0000000
Binary files a/nss/key4.db and /dev/null differ

diff --git a/nss/nss-config.in b/nss/nss-config.in
deleted file mode 100644 (file)
index f8f893e..0000000
--- a/nss/nss-config.in
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
-       cat <<EOF
-Usage: nss-config [OPTIONS] [LIBRARIES]
-Options:
-       [--prefix[=DIR]]
-       [--exec-prefix[=DIR]]
-       [--includedir[=DIR]]
-       [--libdir[=DIR]]
-       [--version]
-       [--libs]
-       [--cflags]
-Dynamic Libraries:
-       nss
-       nssutil
-       ssl
-       smime
-EOF
-       exit $1
-}
-
-if test $# -eq 0; then
-       usage 1 1>&2
-fi
-
-lib_ssl=yes
-lib_smime=yes
-lib_nss=yes
-lib_nssutil=yes
-
-while test $# -gt 0; do
-  case "$1" in
-  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  case $1 in
-    --prefix=*)
-      prefix=$optarg
-      ;;
-    --prefix)
-      echo_prefix=yes
-      ;;
-    --exec-prefix=*)
-      exec_prefix=$optarg
-      ;;
-    --exec-prefix)
-      echo_exec_prefix=yes
-      ;;
-    --includedir=*)
-      includedir=$optarg
-      ;;
-    --includedir)
-      echo_includedir=yes
-      ;;
-    --libdir=*)
-      libdir=$optarg
-      ;;
-    --libdir)
-      echo_libdir=yes
-      ;;
-    --version)
-      echo ${major_version}.${minor_version}.${patch_version}
-      ;;
-    --cflags)
-      echo_cflags=yes
-      ;;
-    --libs)
-      echo_libs=yes
-      ;;
-    ssl)
-      lib_ssl=yes
-      ;;
-    smime)
-      lib_smime=yes
-      ;;
-    nss)
-      lib_nss=yes
-      ;;
-    nssutil)
-      lib_nssutil=yes
-      ;;
-    *)
-      usage 1 1>&2
-      ;;
-  esac
-  shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
-    exec_prefix=`pkg-config --variable=exec_prefix nss`
-fi
-if test -z "$includedir"; then
-    includedir=`pkg-config --variable=includedir nss`
-fi
-if test -z "$libdir"; then
-    libdir=`pkg-config --variable=libdir nss`
-fi
-
-if test "$echo_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
-    echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
-    echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
-    echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
-      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
-      if test -n "$lib_ssl"; then
-       libdirs="$libdirs -lssl${major_version}"
-      fi
-      if test -n "$lib_smime"; then
-       libdirs="$libdirs -lsmime${major_version}"
-      fi
-      if test -n "$lib_nss"; then
-       libdirs="$libdirs -lnss${major_version}"
-      fi
-      if test -n "$lib_nssutil"; then
-       libdirs="$libdirs -lnssutil${major_version}"
-      fi
-      echo $libdirs
-fi      
-

diff --git a/nss/nss-util-config.in b/nss/nss-util-config.in
deleted file mode 100644 (file)
index ef8751d..0000000
--- a/nss/nss-util-config.in
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/sh
-
-prefix=@prefix@
-
-major_version=@MOD_MAJOR_VERSION@
-minor_version=@MOD_MINOR_VERSION@
-patch_version=@MOD_PATCH_VERSION@
-
-usage()
-{
-       cat <<EOF
-Usage: nss-util-config [OPTIONS] [LIBRARIES]
-Options:
-       [--prefix[=DIR]]
-       [--exec-prefix[=DIR]]
-       [--includedir[=DIR]]
-       [--libdir[=DIR]]
-       [--version]
-       [--libs]
-       [--cflags]
-Dynamic Libraries:
-       nssutil
-EOF
-       exit $1
-}
-
-if test $# -eq 0; then
-       usage 1 1>&2
-fi
-
-lib_nssutil=yes
-
-while test $# -gt 0; do
-  case "$1" in
-  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  case $1 in
-    --prefix=*)
-      prefix=$optarg
-      ;;
-    --prefix)
-      echo_prefix=yes
-      ;;
-    --exec-prefix=*)
-      exec_prefix=$optarg
-      ;;
-    --exec-prefix)
-      echo_exec_prefix=yes
-      ;;
-    --includedir=*)
-      includedir=$optarg
-      ;;
-    --includedir)
-      echo_includedir=yes
-      ;;
-    --libdir=*)
-      libdir=$optarg
-      ;;
-    --libdir)
-      echo_libdir=yes
-      ;;
-    --version)
-      echo ${major_version}.${minor_version}.${patch_version}
-      ;;
-    --cflags)
-      echo_cflags=yes
-      ;;
-    --libs)
-      echo_libs=yes
-      ;;
-    *)
-      usage 1 1>&2
-      ;;
-  esac
-  shift
-done
-
-# Set variables that may be dependent upon other variables
-if test -z "$exec_prefix"; then
-    exec_prefix=`pkg-config --variable=exec_prefix nss-util`
-fi
-if test -z "$includedir"; then
-    includedir=`pkg-config --variable=includedir nss-util`
-fi
-if test -z "$libdir"; then
-    libdir=`pkg-config --variable=libdir nss-util`
-fi
-
-if test "$echo_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$echo_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$echo_includedir" = "yes"; then
-    echo $includedir
-fi
-
-if test "$echo_libdir" = "yes"; then
-    echo $libdir
-fi
-
-if test "$echo_cflags" = "yes"; then
-    echo -I$includedir
-fi
-
-if test "$echo_libs" = "yes"; then
-      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
-      if test -n "$lib_nssutil"; then
-       libdirs="$libdirs -lnssutil${major_version}"
-      fi
-      echo $libdirs
-fi      
-

diff --git a/nss/nss-util.pc.in b/nss/nss-util.pc.in
deleted file mode 100644 (file)
index 1310248..0000000
--- a/nss/nss-util.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS-UTIL
-Description: Network Security Services Utility Library
-Version: %NSSUTIL_VERSION%
-Requires: nspr >= %NSPR_VERSION%
-Libs: -L${libdir} -lnssutil3
-Cflags: -I${includedir}

diff --git a/nss/nss.nm b/nss/nss.nm
deleted file mode 100644 (file)
index af0a2cf..0000000
--- a/nss/nss.nm
+++ /dev/null
@@ -1,263 +0,0 @@
-###############################################################################
-# IPFire.org    - An Open Source Firewall Solution                            #
-# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
-###############################################################################
-
-name       = nss
-ver_major  = 3
-ver_minor  = 13
-ver_patch  = 1
-version    = %{ver_major}.%{ver_minor}.%{ver_patch}
-release    = 4
-
-maintainer = Stefan Schantl <stefan.schantl@ipfire.org>
-groups     = System/Libraries
-url        = http://www.mozilla.org/projects/security/pki/nss/
-license    = MPLv1.1 or GPLv2+ or LGPLv2+
-summary    = Network Security Services.
-
-description
-       Network Security Services (NSS) is a set of libraries designed to
-       support cross-platform development of security-enabled client and
-       server applications. Applications built with NSS can support SSL v2
-       and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
-       v3 certificates, and other security standards.
-end
-
-sources += \
-       %{name}-pem-20100809.tar.bz2
-
-source_dl  = ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_%{ver_major}_%{ver_minor}_%{ver_patch}_RTM/src/
-
-build
-       requires
-               chrpath
-               nspr-devel
-               perl
-               pkg-config
-               psmisc
-               sqlite-devel
-               zlib-devel
-       end
-
-       ## Define some global environment variables
-
-       export FREEBL_NO_DEPEND=1
-
-       # Enable compiler optimizations and disable debugging code
-       export BUILD_OPT=1
-       export XCFLAGS=%{CFLAGS}
-
-       # Allow the usage of system libraries.
-       export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
-       export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-
-       # Define where to find nspr header files and libraries.
-       export NSPR_INCLUDE_DIR=/usr/include/nspr4
-       export NSPR_LIB_DIR=%{libdir}
-
-       # Disable support for SHA224.
-       export NO_SHA224_AVAILABLE=1
-
-       # Use sqlite from system.
-       export NSS_USE_SYSTEM_SQLITE=1
-
-       if "%{DISTRO_ARCH}" == "x86_64"
-               export USE_64=1
-       end
-
-       prepare
-               # Extract tarball.
-               cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
-
-               # Extract pem tarball into nss directory.
-               cd %{DIR_APP} && %{MACRO_EXTRACT} %{DIR_DL}/%{name}-pem-20100809.tar.bz2
-
-               # Apply all patches
-               %{MACRO_PATCHES}
-       end
-
-       build
-               make -C ./mozilla/security/coreconf
-               make -C ./mozilla/security/dbm
-               make -C ./mozilla/security/nss
-       end
-
-       install
-               # We have to do the complete install stuff self.
-
-               # Create directory layout.
-               mkdir -pv %{BUILDROOT}/usr/include/nss3
-               mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}}
-               mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig
-               mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools
-
-               # Install all libraries.
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnss3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsspem.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsssysinit.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsmime3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libssl3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \
-                       %{BUILDROOT}%{libdir}
-               install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \
-                       %{BUILDROOT}/%{libdir}
-
-               # Install the empty NSS db files
-               mkdir -pv %{BUILDROOT}/etc/pki/nssdb
-               cp -vf %{DIR_SOURCE}/*.db %{BUILDROOT}/etc/pki/nssdb/
-               install -p -v -m 644 %{DIR_SOURCE}/system-pkcs11.txt \
-                       %{BUILDROOT}/etc/pki/nssdb/pkcs11.txt
-
-               # Copy the binaries we want
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/certutil %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/cmsutil %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/crlutil %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/modutil %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/pk12util %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/signtool %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/signver %{BUILDROOT}/usr/bin
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/ssltap %{BUILDROOT}/usr/bin
-               chrpath --delete %{BUILDROOT}/usr/bin/*
-
-               # Copy the binaries we ship as unsupported
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/atob %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/btoa %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/derdump %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/ocspclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/pp %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/selfserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/strsclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/symkeyutil %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/tstclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfyserv %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfychain %{BUILDROOT}%{libdir}/nss/unsupported-tools
-               chrpath --delete %{BUILDROOT}%{libdir}/nss/unsupported-tools/*
-
-               for file in nss-config nss-util-config; do
-                       sed -e "s,@libdir@,%{libdir},g" \
-                               -e "s,@prefix@,/usr,g" \
-                               -e "s,@exec_prefix@,/usr,g" \
-                               -e "s,@includedir@,/usr/include/nss3,g" \
-                               -e "s,@MOD_MAJOR_VERSION@,$(grep "#define.*NSS_VMAJOR" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \
-                               -e "s,@MOD_MINOR_VERSION@,$(grep "#define.*NSS_VMINOR" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \
-                               -e "s,@MOD_PATCH_VERSION@,$(grep "#define.*NSS_VPATCH" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \
-                               < %{DIR_SOURCE}/${file}.in \
-                               > %{BUILDROOT}/usr/bin/${file}
-                       chmod -v 755 %{BUILDROOT}/usr/bin/${file}
-               done
-
-               install -p -v -m 755 %{DIR_SOURCE}/setup-nsssysinit.sh %{BUILDROOT}/usr/bin
-
-               # Generate file for pkg-config.
-               for file in nss.pc nss-util.pc; do
-                       sed \
-                               -e "s,%libdir%,%{libdir},g" \
-                               -e "s,%prefix%,/usr,g" \
-                               -e "s,%exec_prefix%,/usr,g" \
-                               -e "s,%includedir%,/usr/include/nss3,g" \
-                               -e "s,%NSS_VERSION%,%{version},g" \
-                               -e "s,%NSPR_VERSION%,$(nspr-config --version),g" \
-                               < %{DIR_SOURCE}/${file}.in \
-                               > %{BUILDROOT}%{libdir}/pkgconfig/${file}
-               done
-
-               # Copy the include files we want
-               cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3
-               cp -vf mozilla/dist/private/nss/blapi.h %{BUILDROOT}/usr/include/nss3
-               chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h
-       end
-end
-
-packages
-       package %{name}
-
-       package %{name}-libs
-               template LIBS
-
-               requires
-                       nss-softokn=%{thisver}
-                       nss-softokn-freebl=%{thisver}
-               end
-
-               files
-                       %{libdir}/*.so
-               end
-       end
-
-       package %{name}-devel
-               template DEVEL
-
-               requires
-                       nspr-devel
-                       nss=%{thisver}
-               end
-
-               provides
-                       nss-util-devel = %{thisver}
-               end
-
-               # Mozilla does no versioning :(
-               files
-                       /usr/bin/*-config
-                       /usr/include
-                       %{libdir}/pkgconfig
-               end
-       end
-
-       package %{name}-softokn
-               summary = Network Security Services Softoken Module.
-               description
-                       Network Security Services Softoken Cryptographic Module.
-               end
-
-               requires = nss=%{thisver}
-
-               files
-                       %{libdir}/libnssdbm3.so
-                       %{libdir}/libsoftokn3.so
-                       %{libdir}/nss/unsupported-tools/shlibsign
-               end
-       end
-
-       package %{name}-softokn-freebl
-               summary = Freebl library for the Network Security Services.
-               description
-                       NSS Softoken Cryptographic Module Freelb Library.
-               end
-
-               requires
-                       nss=%{thisver}
-                       nss-softokn=%{thisver}
-               end
-
-               files = %{libdir}/libfreebl3.so
-       end
-
-       package %{name}-util
-               summary = Network Security Services Utilities Library.
-               description
-                       Utilities for Network Security Services and the Softoken module.
-               end
-
-               requires = nss=%{thisver}
-
-               files = %{libdir}/libnssutil3.so
-       end
-
-       package %{name}-debuginfo
-               template DEBUGINFO
-       end
-end

diff --git a/nss/nss.pc.in b/nss/nss.pc.in
deleted file mode 100644 (file)
index dddf868..0000000
--- a/nss/nss.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=%prefix%
-exec_prefix=%exec_prefix%
-libdir=%libdir%
-includedir=%includedir%
-
-Name: NSS
-Description: Network Security Services
-Version: %NSS_VERSION%
-Requires: nspr >= %NSPR_VERSION%
-Libs: -lssl3 -lsmime3 -lnss3
-Cflags: -I${includedir}

diff --git a/nss/patches/0001-Bug-695011-PEM-logging.patch b/nss/patches/0001-Bug-695011-PEM-logging.patch
deleted file mode 100644 (file)
index 2693d7c..0000000
--- a/nss/patches/0001-Bug-695011-PEM-logging.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
-From: Elio Maldonado <emaldona@redhat.com>
-Date: Tue, 12 Apr 2011 09:31:48 -0700
-Subject: [PATCH] Bug 695011 PEM logging
-
-Use NSPR logging facilities for PEM logging to fix a segmenation violation
-caused when user cannot for write a log file created by root
----
- mozilla/security/nss/lib/ckfw/pem/ckpem.h |    7 ++++-
- mozilla/security/nss/lib/ckfw/pem/util.c  |   30 ++++++++++++++++------------
- 2 files changed, 22 insertions(+), 15 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
-index 839d40b..720525e 100644
---- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
-+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
-@@ -1,3 +1,6 @@
-+#ifndef CKPEM_H
-+#define CKPEM_H
-+
- #include "nssckmdt.h"
- #include "nssckfw.h"
- #include "ckfwtm.h"
-@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
- /* ptoken.c */
- NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
- 
-+/* util.c */
- void open_log();
--void close_log();
- void plog(const char *fmt, ...);
- 
--#define PEM_H 1
-+#endif /* CKPEM_H */
-diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
-index 853f418..fafb924 100644
---- a/mozilla/security/nss/lib/ckfw/pem/util.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
-@@ -41,6 +41,7 @@
- #include "prtime.h"
- #include "prlong.h"
- #include "prerror.h"
-+#include "prlog.h"
- #include "prprf.h"
- #include "plgetopt.h"
- #include "prenv.h"
-@@ -51,6 +52,9 @@
- #include "cryptohi.h"
- #include "secpkcs7.h"
- #include "secerr.h"
-+
-+#include "ckpem.h"
-+
- #include <stdarg.h>
- 
- #define CHUNK_SIZE  512
-@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
-     return -1;
- }
- 
--FILE *plogfile;
-+#ifdef DEBUG
-+#define LOGGING_BUFFER_SIZE 400
-+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
-+static const char *pemLogModuleName = "PEM";
-+static PRLogModuleInfo* pemLogModule;
-+#endif
- 
- void open_log()
- {
- #ifdef DEBUG
--    plogfile = fopen("/tmp/pkcs11.log", "a");
--#endif
-+    const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
- 
--    return;
--}
-+    pemLogModule = PR_NewLogModule(pemLogModuleName);
- 
--void close_log()
--{
--#ifdef DEBUG
--    fclose(plogfile);
-+    (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
-+    /* If false, the log file will remain what it was before */
- #endif
--    return;
- }
- 
- void plog(const char *fmt, ...)
- {
- #ifdef DEBUG
-+    char buf[LOGGING_BUFFER_SIZE];
-     va_list ap;
- 
-     va_start(ap, fmt);
--    vfprintf(plogfile, fmt, ap);
-+    PR_vsnprintf(buf, sizeof(buf), fmt, ap);
-     va_end(ap);
--
--    fflush(plogfile);
-+    PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
- #endif
- }
--- 
-1.7.4.2
-

diff --git a/nss/patches/0001-libnsspem-rhbz-734760.patch b/nss/patches/0001-libnsspem-rhbz-734760.patch
deleted file mode 100644 (file)
index 45b4024..0000000
--- a/nss/patches/0001-libnsspem-rhbz-734760.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
---- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760       2011-09-10 10:21:38.819248564 -0700
-+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c      2011-09-10 10:28:47.970083785 -0700
-@@ -1117,7 +1117,7 @@ pem_CreateObject
- 
-         nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
-         if (nobjs < 1)
--            return (NSSCKMDObject *) NULL;
-+            goto loser;
- 
-         objid = -1;
-         /* Brute force: find the id of the key, if any, in this slot */
-@@ -1176,7 +1176,7 @@ pem_CreateObject
- 
-         nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
-         if (nobjs < 1)
--            return (NSSCKMDObject *) NULL;
-+            goto loser;
- 
-         certDER.len = 0; /* in case there is no equivalent cert */
-         certDER.data = NULL;

diff --git a/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 b/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0
deleted file mode 100644 (file)
index 934ea30..0000000
--- a/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
---- mozilla/security/nss/lib/nss/nssinit.c.784672      2012-01-26 14:43:46.232357231 -0800
-+++ mozilla/security/nss/lib/nss/nssinit.c     2012-01-26 14:50:55.830512565 -0800
-@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+      return SECFailure;
-+    }
-+
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
-       PZ_Unlock(nssInitLock);
-@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+      return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
-       PZ_Unlock(nssInitLock);
-@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
- {
-     SECStatus rv = SECSuccess;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+      return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     /* If one or more threads are in the middle of init, wait for them
-      * to complete */

diff --git a/nss/patches/gnuc-minor-def-fix.patch b/nss/patches/gnuc-minor-def-fix.patch
deleted file mode 100644 (file)
index f210af2..0000000
--- a/nss/patches/gnuc-minor-def-fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h
---- nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo      2011-11-10 12:44:17.683967574 -0600
-+++ nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h 2011-11-10 12:44:24.146886778 -0600
-@@ -362,7 +362,7 @@ typedef CK_ULONG          CK_TRUST;
-  *  cast the resulting value to the deprecated type in the #define, thus
-  *  producting the warning when the #define is used.
-  */
--#if (__GNUC__  == 4) && (__GNUC_MINOR < 5)
-+#if (__GNUC__  == 4) && (__GNUC_MINOR__ < 5)
- /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
-  * is a gcc version issue rather than mac or ppc specific */
- typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));

diff --git a/nss/patches/nofipstest.patch0 b/nss/patches/nofipstest.patch0
deleted file mode 100644 (file)
index 5f711be..0000000
--- a/nss/patches/nofipstest.patch0
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
---- ./mozilla/security/nss/cmd/manifest.mn.nofipstest  2011-12-03 22:54:40.969914919 -0800
-+++ ./mozilla/security/nss/cmd/manifest.mn     2011-12-03 22:55:12.348505822 -0800
-@@ -54,7 +54,6 @@ DIRS = lib  \
-  dbtest \
-  derdump  \
-  digest  \
-- fipstest  \
-  makepqg  \
-  multinit \
-  ocspclnt  \
-@@ -84,6 +83,7 @@ DIRS = lib  \
-  $(NULL)
- 
- TEMPORARILY_DONT_BUILD = \
-+ fipstest  \
-  $(NULL)
- 
- # rsaperf  \

diff --git a/nss/patches/nosha224.patch0 b/nss/patches/nosha224.patch0
deleted file mode 100644 (file)
index bd9d351..0000000
--- a/nss/patches/nosha224.patch0
+++ /dev/null
@@ -1,618 +0,0 @@
-diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
---- ./mozilla/security/coreconf/Linux.mk.nosha224      2011-12-04 22:03:47.295609957 -0800
-+++ ./mozilla/security/coreconf/Linux.mk       2011-12-04 22:03:47.301609957 -0800
-@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
- USE_SYSTEM_FREEBL = 1
- FREEBL_LIBS = -lfreebl3
- 
-+#
-+# Don't compile code that requires SHA224 if it isn't avilable
-+# Such is the case when system freebl/softokn is the 3.12 one
-+#
-+ifdef NO_SHA224_AVAILABLE
-+CFLAGS+=-DNO_SHA224_AVAILABLE
-+endif
-+
- # The -rpath '$$ORIGIN' linker option instructs this library to search for its
- # dependencies in the same directory where it resides.
- ifeq ($(BUILD_SUN_PKG), 1)
-diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
---- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224     2011-09-16 12:16:50.000000000 -0700
-+++ ./mozilla/security/nss/cmd/bltest/blapitest.c      2011-12-04 22:03:47.302609957 -0800
-@@ -686,7 +686,9 @@ typedef enum {
-     bltestMD2,                  /* Hash algorithms       */
-     bltestMD5,                  /* .                     */
-     bltestSHA1,           /* .                           */
-+#ifndef NO_SHA224_AVAILABLE
-     bltestSHA224,         /* .                           */
-+#endif
-     bltestSHA256,         /* .                           */
-     bltestSHA384,         /* .                           */
-     bltestSHA512,         /* .                           */
-@@ -721,7 +723,9 @@ static char *mode_strings[] =
-     "md2",
-     "md5",
-     "sha1",
-+#ifndef NO_SHA224_AVAILABLE
-     "sha224",
-+#endif
-     "sha256",
-     "sha384",
-     "sha512",
-@@ -1761,6 +1765,7 @@ finish:
-     return rv;
- }
- 
-+#ifndef NO_SHA224_AVAILABLE
- SECStatus
- SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
- {
-@@ -1800,6 +1805,7 @@ finish:
-     SHA224_DestroyContext(cx, PR_TRUE);
-     return rv;
- }
-+#endif
- 
- SECStatus
- SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
-@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
-       cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
-       return SECSuccess;
-       break;
-+#ifndef NO_SHA224_AVAILABLE
-     case bltestSHA224:
-       restart = cipherInfo->params.hash.restart;
-       SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
-       cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart 
-                                                 : SHA224_HashBuf;
-       return SECSuccess;
-+#endif
-       break;
-     case bltestSHA256:
-       restart = cipherInfo->params.hash.restart;
-@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
-     case bltestMD2: /* hash contexts are ephemeral */
-     case bltestMD5:
-     case bltestSHA1:
-+#ifndef NO_SHA224_AVAILABLE
-     case bltestSHA224:
-+#endif
-     case bltestSHA256:
-     case bltestSHA384:
-     case bltestSHA512:
-@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
-     case bltestMD2:
-     case bltestMD5:
-     case bltestSHA1:
-+#ifndef NO_SHA224_AVAILABLE
-     case bltestSHA224:
-+#endif
-     case bltestSHA256:
-     case bltestSHA384:
-     case bltestSHA512:
-diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
---- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224      2010-12-06 09:22:49.000000000 -0800
-+++ ./mozilla/security/nss/cmd/chktest/chktest.c       2011-12-04 22:03:47.304609957 -0800
-@@ -41,6 +41,10 @@
- #include "blapi.h"
- #include "secutil.h"
- 
-+#ifdef NO_SHA224_AVAILABLE
-+PRBool BLAPI_SHVerifyFile(const char *shName);
-+#endif
-+
- static int Usage()
- {
-     fprintf(stderr, "Usage:  chktest <full-path-to-shared-library>\n");
-diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
---- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224  2011-10-22 07:35:41.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/secutil.c   2011-12-04 22:03:47.305609957 -0800
-@@ -86,6 +86,14 @@ static char consoleName[] =  {
- #include "nssutil.h"
- #include "ssl.h"
- 
-+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
-+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
-+ * but invisible here for some reason
-+ */
-+#ifndef CERTDB_TERMINAL_RECORD
-+#define CERTDB_TERMINAL_RECORD        (1<<0)
-+#endif
-+
- 
- void 
- SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
-@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
-     { 0 }
- };
- 
-+/* if no sha224 then no psapss either */
-+#ifndef NO_SHA224_AVAILABLE
- void
- secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
- {
-@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
-     }
-     PORT_FreeArena(pool, PR_FALSE);
- }
-+#endif
- 
- void
- secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
-@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
-       return;
-     }
- 
-+#ifndef NO_SHA224_AVAILABLE
-     if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-       secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
-       return;
-     }
-+#endif
- 
-     if (a->parameters.len == 0
-       || (a->parameters.len == 2
-@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
-           hashAlgTag = SEC_OID_MD5;
-       } else if (!PL_strcmp(alg, "SHA1")) {
-           hashAlgTag = SEC_OID_SHA1;
-+#ifndef NO_SHA224_AVAILABLE
-       } else if (!PL_strcmp(alg, "SHA224")) {
-           hashAlgTag = SEC_OID_SHA224;
-+#endif
-       } else if (!PL_strcmp(alg, "SHA256")) {
-           hashAlgTag = SEC_OID_SHA256;
-       } else if (!PL_strcmp(alg, "SHA384")) {
-diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
---- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224    2011-12-04 22:07:27.230604899 -0800
-+++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c     2011-12-04 22:10:06.365601241 -0800
-@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
- 
-     mech_str digestMechs[] = {
-         {CKM_SHA_1, "CKM_SHA_1 "},
-+#ifndef NO_SHA224_AVAILABLE
-         {CKM_SHA224, "CKM_SHA224"},
-+#endif
-         {CKM_SHA256, "CKM_SHA256"},
-         {CKM_SHA384, "CKM_SHA384"},
-         {CKM_SHA512, "CKM_SHA512"}
-     };
-     mech_str hmacMechs[] = {
-         {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"}, 
-+#ifndef NO_SHA224_AVAILABLE
-         {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
-+#endif
-         {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
-         {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
-         {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
-     };
-     mech_str sigRSAMechs[] = {
-         {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"}, 
-+#ifndef NO_SHA224_AVAILABLE
-         {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
-+#endif
-         {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
-         {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
-         {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
-diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
---- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224     2011-06-21 15:47:54.000000000 -0700
-+++ ./mozilla/security/nss/lib/cryptohi/sechash.c      2011-12-04 22:03:47.306609957 -0800
-@@ -91,10 +91,12 @@ sha1_NewContext(void) {
-       return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
- }
- 
-+#ifndef NO_SHA224_AVAILABLE
- static void *
- sha224_NewContext(void) {
-       return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
- }
-+#endif
- 
- static void *
- sha256_NewContext(void) {
-@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
-     SHA512_BLOCK_LENGTH,
-     HASH_AlgSHA512
-   },
-+#ifndef NO_SHA224_AVAILABLE
-   { SHA224_LENGTH,
-     (void * (*)(void)) sha224_NewContext,
-     (void * (*)(void *)) PK11_CloneContext,
-@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
-     SHA224_BLOCK_LENGTH,
-     HASH_AlgSHA224
-   },
-+#endif
- };
- 
- const SECHashObject * 
-@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
-     case SEC_OID_MD2:  ht = HASH_AlgMD2;    break;
-     case SEC_OID_MD5:  ht = HASH_AlgMD5;    break;
-     case SEC_OID_SHA1:         ht = HASH_AlgSHA1;   break;
-+#ifndef NO_SHA224_AVAILABLE
-     case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
-+#endif
-     case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
-     case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
-     case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
-@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
-     /* no oid exists for HMAC_MD2 */
-     /* NSS does not define a oid for HMAC_MD4 */
-     case SEC_OID_HMAC_SHA1:   hashOid = SEC_OID_SHA1;   break;
-+#ifndef NO_SHA224_AVAILABLE
-     case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
-+#endif
-     case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
-     case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
-     case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
-@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
-     /* no oid exists for HMAC_MD2 */
-     /* NSS does not define a oid for HMAC_MD4 */
-     case SEC_OID_SHA1:   hmacOid = SEC_OID_HMAC_SHA1;   break;
-+#ifndef NO_SHA224_AVAILABLE
-     case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
-+#endif
-     case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
-     case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
-     case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
-diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
---- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224      2011-10-22 07:35:42.000000000 -0700
-+++ ./mozilla/security/nss/lib/cryptohi/seckey.c       2011-12-04 22:03:47.307609957 -0800
-@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
-       * should be handing us a cipher type */
-       case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
-       case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-+#ifndef NO_SHA224_AVAILABLE
-       case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-+#endif
-       case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-       case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-       case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
---- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224      2011-10-22 07:35:42.000000000 -0700
-+++ ./mozilla/security/nss/lib/cryptohi/secvfy.c       2011-12-04 22:03:47.307609957 -0800
-@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
-       case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
-         *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
-       break;
--
-+#ifndef NO_SHA224_AVAILABLE
-       case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-       case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-       *hashalg = SEC_OID_SHA224;
-       break;
-+#endif
-       case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-       case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-       *hashalg = SEC_OID_SHA256;
-@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
-       len = SECKEY_PublicKeyStrength(key);
-       if (len < 28) { /* 28 bytes == 224 bits */
-           *hashalg = SEC_OID_SHA1;
-+#ifndef NO_SHA224_AVAILABLE
-       } else if (len < 32) { /* 32 bytes == 256 bits */
-           *hashalg = SEC_OID_SHA224;
-+#endif
-       } else if (len < 48) { /* 48 bytes == 384 bits */
-           *hashalg = SEC_OID_SHA256;
-       } else if (len < 64) { /* 48 bytes == 512 bits */
-@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
-       case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-       case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
-       case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
-+#ifndef NO_SHA224_AVAILABLE
-       case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-+#endif
-       case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-       case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-       case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
-       *encalg = SEC_OID_MISSI_DSS;
-       break;
-       case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
-+#ifndef NO_SHA224_AVAILABLE
-       case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-+#endif
-       case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-       case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
-       case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
-diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
---- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/blapi.h  2011-12-04 22:03:47.308609957 -0800
-@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
- extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
- 
- /******************************************/
--
-+#ifndef NO_SHA224_AVAILABLE
- extern SHA224Context *SHA224_NewContext(void);
- extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
- extern void SHA224_Begin(SHA224Context *cx);
-@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
- extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
- extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
- extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
-+#endif
- 
- /******************************************/
- 
-diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
---- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224      2011-10-04 15:05:53.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/ldvector.c       2011-12-04 22:03:47.309609957 -0800
-@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
-     JPAKE_Verify,
-     JPAKE_Round2,
-     JPAKE_Final,
--
-+#ifndef NO_SHA224_AVAILABLE
-     /* End of Version 3.012 */
- 
-     TLS_P_hash,
-@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
-     SHA224_Resurrect,
-     SHA224_Clone,
-     BLAPI_SHVerifyFile
--
-+#endif
-     /* End of Version 3.013 */
- };
- 
-diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224    2010-09-09 17:42:36.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c     2011-12-04 22:03:47.309609957 -0800
-@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
-                              0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
-                              0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
-                              0xe0,0x68,0x47,0x7a};
--
-+#ifndef NO_SHA224_AVAILABLE
-     /* SHA-224 Known Digest Message (224-bits). */
-     static const PRUint8 sha224_known_digest[] = {
-         0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb, 
-         0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
-         0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
-         0x9a,0xb8,0x98,0x4e};
--
-+#endif
-     /* SHA-256 Known Digest Message (256-bits). */
-     static const PRUint8 sha256_known_digest[] = {
-         0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
-@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
-         ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
-                        SHA1_LENGTH ) != 0 ) )
-         return( CKR_DEVICE_ERROR );
--
-+#ifndef NO_SHA224_AVAILABLE
-     /***************************************************/
-     /* SHA-224 Single-Round Known Answer Hashing Test. */
-     /***************************************************/
-@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
-         ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
-                        SHA224_LENGTH ) != 0 ) )
-         return( CKR_DEVICE_ERROR );
--
-+#endif
-     /***************************************************/
-     /* SHA-256 Single-Round Known Answer Hashing Test. */
-     /***************************************************/
-diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
---- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224       2010-08-17 22:55:47.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/rawhash.c        2011-12-04 22:03:47.309609957 -0800
-@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
-     SHA512_BLOCK_LENGTH,
-     HASH_AlgSHA512
-   },
-+#ifndef NO_SHA224_AVAILABLE
-   { SHA224_LENGTH,
-     (void * (*)(void)) SHA224_NewContext,
-     (void * (*)(void *)) null_hash_clone_context,
-@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
-     SHA224_BLOCK_LENGTH,
-     HASH_AlgSHA224
-   },
-+#endif
- };
- 
- const SECHashObject *
-diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
---- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224        2011-09-14 10:48:03.000000000 -0700
-+++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
-@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
-     memcpy(dest, src, sizeof *dest);
- }
- 
-+#ifndef NO_SHA224_AVAILABLE
- /* ============= SHA224 implementation ================================== */
- 
- /* SHA-224 initial hash values */
-@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
- {
-     SHA256_Clone(dest, src);
- }
--
-+#endif
- 
- /* ======= SHA512 and SHA384 common constants and defines ================= */
- 
-diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
---- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224    2011-03-29 08:12:43.000000000 -0700
-+++ ./mozilla/security/nss/lib/softoken/fipstest.c     2011-12-04 22:03:47.311609956 -0800
-@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
-         0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, 
-         0x5d, 0x0e, 0x1e, 0x11};
- 
-+#ifndef NO_SHA224_AVAILABLE
-     /* known SHA224 hmac (28 bytes) */
-     static const PRUint8 known_SHA224_hmac[] = {
-         0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, 
-         0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
-         0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
-         0x9a, 0xb8, 0x98, 0x4e};
-+#endif
- 
-     /* known SHA256 hmac (32 bytes) */
-     static const PRUint8 known_SHA256_hmac[] = {
-@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
-     /* HMAC SHA-224 Single-Round Known Answer Test.    */
-     /***************************************************/
- 
-+#ifndef NO_SHA224_AVAILABLE
-     hmac_status = sftk_fips_HMAC(hmac_computed, 
-                                  HMAC_known_secret_key,
-                                  HMAC_known_secret_key_length,
-@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
-         ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
-                        SHA224_LENGTH ) != 0 ) )
-         return( CKR_DEVICE_ERROR );
-+#endif
- 
-     /***************************************************/
-     /* HMAC SHA-256 Single-Round Known Answer Test.    */
-@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
-                              0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
-                              0xe0,0x68,0x47,0x7a};
- 
-+#ifndef NO_SHA224_AVAILABLE
-     /* SHA-224 Known Digest Message (224-bits). */
-     static const PRUint8 sha224_known_digest[] = {
-         0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
-         0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, 
-         0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, 
-         0x8e,0x08,0xe5,0xcb};
-+#endif
- 
-     /* SHA-256 Known Digest Message (256-bits). */
-     static const PRUint8 sha256_known_digest[] = {
-@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
-     /* SHA-224 Single-Round Known Answer Hashing Test. */
-     /***************************************************/
- 
-+#ifndef NO_SHA224_AVAILABLE
-     sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
-                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
- 
-@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
-         ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
-                        SHA224_LENGTH ) != 0 ) )
-         return( CKR_DEVICE_ERROR );
-+#endif
- 
-     /***************************************************/
-     /* SHA-256 Single-Round Known Answer Hashing Test. */
-diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
---- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224     2011-09-21 11:49:16.000000000 -0700
-+++ ./mozilla/security/nss/lib/softoken/pkcs11c.c      2011-12-04 22:03:47.313609956 -0800
-@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
-     INIT_MECH(CKM_MD2,    MD2)
-     INIT_MECH(CKM_MD5,    MD5)
-     INIT_MECH(CKM_SHA_1,  SHA1)
-+#ifndef NO_SHA224_AVAILABLE
-     INIT_MECH(CKM_SHA224, SHA224)
-+#endif
-     INIT_MECH(CKM_SHA256, SHA256)
-     INIT_MECH(CKM_SHA384, SHA384)
-     INIT_MECH(CKM_SHA512, SHA512)
-@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
- DOSUB(MD2)
- DOSUB(MD5)
- DOSUB(SHA1)
-+#ifndef NO_SHA224_AVAILABLE
- DOSUB(SHA224)
-+#endif
- DOSUB(SHA256)
- DOSUB(SHA384)
- DOSUB(SHA512)
-@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
-     INIT_RSA_SIGN_MECH(MD5)
-     INIT_RSA_SIGN_MECH(MD2)
-     INIT_RSA_SIGN_MECH(SHA1)
-+#ifndef NO_SHA224_AVAILABLE
-     INIT_RSA_SIGN_MECH(SHA224)
-+#endif
-     INIT_RSA_SIGN_MECH(SHA256)
-     INIT_RSA_SIGN_MECH(SHA384)
-     INIT_RSA_SIGN_MECH(SHA512)
-@@ -2131,7 +2137,9 @@ finish_rsa:
- 
-     INIT_HMAC_MECH(MD2)
-     INIT_HMAC_MECH(MD5)
-+#ifndef NO_SHA224_AVAILABLE
-     INIT_HMAC_MECH(SHA224)
-+#endif
-     INIT_HMAC_MECH(SHA256)
-     INIT_HMAC_MECH(SHA384)
-     INIT_HMAC_MECH(SHA512)
-@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
-     INIT_RSA_VFY_MECH(MD5) 
-     INIT_RSA_VFY_MECH(MD2) 
-     INIT_RSA_VFY_MECH(SHA1) 
-+#ifndef NO_SHA224_AVAILABLE
-     INIT_RSA_VFY_MECH(SHA224)
-+#endif
-     INIT_RSA_VFY_MECH(SHA256) 
-     INIT_RSA_VFY_MECH(SHA384) 
-     INIT_RSA_VFY_MECH(SHA512) 
-@@ -2626,7 +2636,9 @@ finish_rsa:
- 
-     INIT_HMAC_MECH(MD2)
-     INIT_HMAC_MECH(MD5)
-+#ifndef NO_SHA224_AVAILABLE
-     INIT_HMAC_MECH(SHA224)
-+#endif
-     INIT_HMAC_MECH(SHA256)
-     INIT_HMAC_MECH(SHA384)
-     INIT_HMAC_MECH(SHA512)
-diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
---- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224      2011-01-21 16:12:04.000000000 -0800
-+++ ./mozilla/security/nss/lib/softoken/pkcs11.c       2011-12-04 22:03:47.316609956 -0800
-@@ -311,8 +311,10 @@ static const struct mechanismList mechan
-                                CKF_SN_VR},    PR_TRUE},
-      {CKM_SHA1_RSA_PKCS,      {RSA_MIN_MODULUS_BITS,CK_MAX,
-                                CKF_SN_VR},    PR_TRUE},
-+#ifndef NO_SHA224_AVAILABLE
-      {CKM_SHA224_RSA_PKCS,    {RSA_MIN_MODULUS_BITS,CK_MAX,
-                                CKF_SN_VR},    PR_TRUE},
-+#endif
-      {CKM_SHA256_RSA_PKCS,    {RSA_MIN_MODULUS_BITS,CK_MAX,
-                                CKF_SN_VR},    PR_TRUE},
-      {CKM_SHA384_RSA_PKCS,    {RSA_MIN_MODULUS_BITS,CK_MAX,
-@@ -401,9 +403,11 @@ static const struct mechanismList mechan
-      {CKM_SHA_1,              {0,   0, CKF_DIGEST},           PR_FALSE},
-      {CKM_SHA_1_HMAC,         {1, 128, CKF_SN_VR},            PR_TRUE},
-      {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR},            PR_TRUE},
-+#ifndef NO_SHA224_AVAILABLE
-      {CKM_SHA224,             {0,   0, CKF_DIGEST},           PR_FALSE},
-      {CKM_SHA224_HMAC,                {1, 128, CKF_SN_VR},            PR_TRUE},
-      {CKM_SHA224_HMAC_GENERAL,        {1, 128, CKF_SN_VR},            PR_TRUE},
-+#endif
-      {CKM_SHA256,             {0,   0, CKF_DIGEST},           PR_FALSE},
-      {CKM_SHA256_HMAC,                {1, 128, CKF_SN_VR},            PR_TRUE},
-      {CKM_SHA256_HMAC_GENERAL,        {1, 128, CKF_SN_VR},            PR_TRUE},
-diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
---- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224    2011-10-22 07:35:43.000000000 -0700
-+++ ./mozilla/security/nss/lib/softoken/rsawrapr.c     2011-12-04 22:03:47.316609956 -0800
-@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
-         case CKM_SHA_1:
-         case CKG_MGF1_SHA1:
-           return HASH_AlgSHA1;
-+#ifndef NO_SHA224_AVAILABLE
-         case CKM_SHA224:
-         case CKG_MGF1_SHA224:
-           return HASH_AlgSHA224;
-+#endif
-         case CKM_SHA256:
-         case CKG_MGF1_SHA256:
-           return HASH_AlgSHA256;
-diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
---- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224    2010-08-17 22:57:05.000000000 -0700
-+++ ./mozilla/security/nss/tests/cipher/cipher.txt     2011-12-04 22:03:47.317609956 -0800
-@@ -73,7 +73,6 @@
-       0       md2_-H          MD2_Hash
-       0       md5_-H          MD5_Hash
-       0       sha1_-H         SHA1_Hash
--      0       sha224_-H       SHA224_Hash
-       0       sha256_-H       SHA256_Hash
-       0       sha384_-H       SHA384_Hash
-       0       sha512_-H       SHA512_Hash

diff --git a/nss/patches/nss-646045.patch0 b/nss/patches/nss-646045.patch0
deleted file mode 100644 (file)
index 5492127..0000000
--- a/nss/patches/nss-646045.patch0
+++ /dev/null
@@ -1,34 +0,0 @@
-diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh
---- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot     2011-04-06 09:56:07.207701000 -0700
-+++ ./mozilla/security/nss/tests/dbtests/dbtests.sh    2011-04-06 10:19:54.159552000 -0700
-@@ -201,6 +201,9 @@ dbtest_main()
-         cat $RONLY_DIR/* > /dev/null
-     fi
- 
-+    # skipping the next two tests when user is root,
-+    # otherwise they would fail due to rooty powers
-+    if [[ $EUID -ne 0 ]] then
-     ${BINDIR}/dbtest -d $RONLY_DIR
-     ret=$?
-     if [ $ret -ne 46 ]; then
-@@ -208,6 +211,10 @@ dbtest_main()
-     else
-       html_passed "Dbtest r/w didn't work in an readonly dir $ret" 
-     fi
-+    else
-+      html_passed "Skipping Dbtest r/w in a readonly dir because user is root" 
-+    fi
-+    if [[ $EUID -ne 0 ]] then
-     ${BINDIR}/certutil -D -n "TestUser" -d .
-     ret=$?
-     if [ $ret -ne 255 ]; then
-@@ -215,6 +222,9 @@ dbtest_main()
-     else
-         html_passed "Certutil didn't work in an readonly dir $ret"
-     fi
-+    else
-+      html_passed "Skipping Certutil delete cert in an readonly directory test because user is root" 
-+    fi
-     
-     Echo "test opening the database ronly in a readonly directory"
- 

diff --git a/nss/patches/nss-ckbi-1.88.rtm.patch0 b/nss/patches/nss-ckbi-1.88.rtm.patch0
deleted file mode 100644 (file)
index c6de789..0000000
--- a/nss/patches/nss-ckbi-1.88.rtm.patch0
+++ /dev/null
@@ -1,637 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c
---- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188        2011-11-03 16:29:17.081000000 -0700
-+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c        2011-11-03 08:11:57.000000000 -0700
-@@ -35,7 +35,7 @@
-  *
-  * ***** END LICENSE BLOCK ***** */
- #ifdef DEBUG
--static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $";
-+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $";
- #endif /* DEBUG */
- 
- #ifndef BUILTINS_H
-@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built
- static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
-  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
- };
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
-+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
-+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
-+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = {
-+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-+};
-+static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = {
-+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
-+};
- #ifdef DEBUG
- static const NSSItem nss_builtins_items_0 [] = {
-   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_
-   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-   { (void *)"CVS ID", (PRUint32)7 },
-   { (void *)"NSS", (PRUint32)4 },
--  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 }
-+  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 }
- };
- #endif /* DEBUG */
- static const NSSItem nss_builtins_items_1 [] = {
-@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_
-   { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
- };
-+static const NSSItem nss_builtins_items_340 [] = {
-+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
-+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-+  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
-+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
-+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
-+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
-+"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151"
-+"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156"
-+"\162\151\143\150\051"
-+, (PRUint32)101 },
-+  { (void *)"0", (PRUint32)2 },
-+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
-+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
-+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
-+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
-+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
-+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
-+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
-+"\141\154\040\122\157\157\164"
-+, (PRUint32)119 },
-+  { (void *)"\002\006\007\377\377\377\377\377"
-+, (PRUint32)8 },
-+  { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007"
-+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
-+"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023"
-+"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124"
-+"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060"
-+"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145"
-+"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163"
-+"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023"
-+"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
-+"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060"
-+"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062"
-+"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060"
-+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
-+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
-+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
-+"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003"
-+"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145"
-+"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051"
-+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
-+"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144"
-+"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376"
-+"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312"
-+"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225"
-+"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152"
-+"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173"
-+"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335"
-+"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177"
-+"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001"
-+"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035"
-+"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134"
-+"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001"
-+"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005"
-+"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142"
-+"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164"
-+"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056"
-+"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003"
-+"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006"
-+"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061"
-+"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026"
-+"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157"
-+"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023"
-+"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040"
-+"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061"
-+"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171"
-+"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040"
-+"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004"
-+"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072"
-+"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165"
-+"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103"
-+"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060"
-+"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027"
-+"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015"
-+"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
-+"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005"
-+"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325"
-+"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377"
-+"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222"
-+"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113"
-+"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362"
-+"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305"
-+"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143"
-+"\131"
-+, (PRUint32)977 }
-+};
-+static const NSSItem nss_builtins_items_341 [] = {
-+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 },
-+  { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025"
-+"\214\071\131\117"
-+, (PRUint32)20 },
-+  { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152"
-+, (PRUint32)16 },
-+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
-+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157"
-+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125"
-+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165"
-+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156"
-+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105"
-+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142"
-+"\141\154\040\122\157\157\164"
-+, (PRUint32)119 },
-+  { (void *)"\002\006\007\377\377\377\377\377"
-+, (PRUint32)8 },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-+};
-+static const NSSItem nss_builtins_items_342 [] = {
-+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
-+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-+  { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061"
-+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145"
-+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017"
-+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061"
-+"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151"
-+"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050"
-+"\105\156\162\151\143\150\051"
-+, (PRUint32)103 },
-+  { (void *)"0", (PRUint32)2 },
-+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
-+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
-+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
-+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
-+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
-+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
-+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
-+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
-+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
-+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
-+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
-+"\040\050\062\060\064\070\051"
-+, (PRUint32)183 },
-+  { (void *)"\002\006\007\377\377\377\377\377"
-+, (PRUint32)8 },
-+  { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007"
-+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001"
-+"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012"
-+"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060"
-+"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162"
-+"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070"
-+"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056"
-+"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061"
-+"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071"
-+"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114"
-+"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023"
-+"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162"
-+"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157"
-+"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061"
-+"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065"
-+"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060"
-+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003"
-+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144"
-+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013"
-+"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003"
-+"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145"
-+"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143"
-+"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015"
-+"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202"
-+"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065"
-+"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140"
-+"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026"
-+"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313"
-+"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336"
-+"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245"
-+"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044"
-+"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167"
-+"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026"
-+"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166"
-+"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063"
-+"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312"
-+"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364"
-+"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046"
-+"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150"
-+"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205"
-+"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060"
-+"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006"
-+"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001"
-+"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006"
-+"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005"
-+"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006"
-+"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006"
-+"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072"
-+"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156"
-+"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006"
-+"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005"
-+"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167"
-+"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171"
-+"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004"
-+"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072"
-+"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145"
-+"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003"
-+"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060"
-+"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321"
-+"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160"
-+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003"
-+"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153"
-+"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003"
-+"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001"
-+"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014"
-+"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063"
-+"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142"
-+"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264"
-+"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251"
-+"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330"
-+"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327"
-+"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013"
-+"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113"
-+"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227"
-+"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100"
-+"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247"
-+"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011"
-+"\355\020\342\305"
-+, (PRUint32)1236 }
-+};
-+static const NSSItem nss_builtins_items_343 [] = {
-+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-+  { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 },
-+  { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151"
-+"\005\155\061\046"
-+, (PRUint32)20 },
-+  { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362"
-+, (PRUint32)16 },
-+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
-+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
-+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
-+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143"
-+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
-+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
-+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105"
-+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
-+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
-+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151"
-+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
-+"\040\050\062\060\064\070\051"
-+, (PRUint32)183 },
-+  { (void *)"\002\006\007\377\377\377\377\377"
-+, (PRUint32)8 },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
-+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-+};
- 
- builtinsInternalObject
- nss_builtins_data[] = {
-@@ -22944,11 +23216,15 @@ nss_builtins_data[] = {
-   { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
-   { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
-   { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
--  { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
-+  { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
-+  { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
-+  { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} },
-+  { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} },
-+  { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} }
- };
- const PRUint32
- #ifdef DEBUG
--  nss_builtins_nObjects = 339+1;
-+  nss_builtins_nObjects = 343+1;
- #else
--  nss_builtins_nObjects = 339;
-+  nss_builtins_nObjects = 343;
- #endif /* DEBUG */
-diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt
---- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188      2011-11-03 16:29:42.293000000 -0700
-+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt      2011-11-03 08:11:58.000000000 -0700
-@@ -34,7 +34,7 @@
- # the terms of any one of the MPL, the GPL or the LGPL.
- #
- # ***** END LICENSE BLOCK *****
--CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $"
-+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $"
- 
- #
- # certdata.txt
-@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
- CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-+
-+#
-+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-+#
-+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-+CKA_SUBJECT MULTILINE_OCTAL
-+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
-+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
-+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
-+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
-+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
-+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
-+\162\151\143\150\051
-+END
-+CKA_ID UTF8 "0"
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
-+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
-+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
-+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
-+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
-+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
-+\141\154\040\122\157\157\164
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\006\007\377\377\377\377\377
-+END
-+CKA_VALUE MULTILINE_OCTAL
-+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
-+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
-+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
-+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
-+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
-+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
-+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
-+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
-+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
-+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
-+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
-+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
-+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
-+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
-+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
-+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
-+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
-+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
-+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
-+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
-+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
-+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
-+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
-+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
-+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
-+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
-+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
-+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
-+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
-+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
-+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
-+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
-+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
-+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
-+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
-+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
-+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
-+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
-+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
-+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
-+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
-+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
-+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
-+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
-+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
-+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
-+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
-+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
-+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
-+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
-+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
-+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
-+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
-+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
-+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
-+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
-+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
-+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
-+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
-+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
-+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
-+\131
-+END
-+
-+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
-+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
-+\214\071\131\117
-+END
-+CKA_CERT_MD5_HASH MULTILINE_OCTAL
-+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
-+END
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
-+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
-+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
-+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
-+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
-+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
-+\141\154\040\122\157\157\164
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\006\007\377\377\377\377\377
-+END
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-+
-+#
-+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-+#
-+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-+CKA_SUBJECT MULTILINE_OCTAL
-+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
-+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
-+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
-+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
-+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
-+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
-+\105\156\162\151\143\150\051
-+END
-+CKA_ID UTF8 "0"
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
-+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
-+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
-+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
-+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
-+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
-+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
-+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
-+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
-+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
-+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-+\040\050\062\060\064\070\051
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\006\007\377\377\377\377\377
-+END
-+CKA_VALUE MULTILINE_OCTAL
-+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
-+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
-+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
-+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
-+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
-+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
-+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
-+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
-+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
-+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
-+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
-+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
-+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
-+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
-+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
-+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
-+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
-+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
-+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
-+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
-+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
-+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
-+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
-+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
-+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
-+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
-+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
-+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
-+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
-+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
-+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
-+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
-+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
-+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
-+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
-+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
-+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
-+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
-+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
-+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
-+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
-+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
-+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
-+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
-+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
-+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
-+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
-+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
-+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
-+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
-+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
-+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
-+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
-+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
-+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
-+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
-+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
-+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
-+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
-+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
-+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
-+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
-+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
-+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
-+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
-+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
-+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
-+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
-+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
-+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
-+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
-+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
-+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
-+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
-+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
-+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
-+\355\020\342\305
-+END
-+
-+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-+CKA_TOKEN CK_BBOOL CK_TRUE
-+CKA_PRIVATE CK_BBOOL CK_FALSE
-+CKA_MODIFIABLE CK_BBOOL CK_FALSE
-+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
-+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
-+\005\155\061\046
-+END
-+CKA_CERT_MD5_HASH MULTILINE_OCTAL
-+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
-+END
-+CKA_ISSUER MULTILINE_OCTAL
-+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
-+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
-+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
-+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
-+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
-+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
-+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
-+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
-+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
-+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
-+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-+\040\050\062\060\064\070\051
-+END
-+CKA_SERIAL_NUMBER MULTILINE_OCTAL
-+\002\006\007\377\377\377\377\377
-+END
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-+
-diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
---- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700
-+++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700
-@@ -77,8 +77,8 @@
-  * of the comment in the CK_VERSION type definition.
-  */
- #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
--#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87
--#define NSS_BUILTINS_LIBRARY_VERSION "1.87"
-+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88
-+#define NSS_BUILTINS_LIBRARY_VERSION "1.88"
- 
- /* These version numbers detail the semantic changes to the ckfw engine. */
- #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

diff --git a/nss/patches/nss-enable-pem.patch0 b/nss/patches/nss-enable-pem.patch0
deleted file mode 100644 (file)
index 665a148..0000000
--- a/nss/patches/nss-enable-pem.patch0
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
---- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
-+++ ./mozilla/security/nss/lib/ckfw/manifest.mn        2008-08-05 16:34:30.000000000 -0700
-@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
- 
- CORE_DEPTH = ../../..
- 
--DIRS = builtins 
-+DIRS = builtins pem
- 
- PRIVATE_EXPORTS = \
-       ck.h              \

diff --git a/nss/patches/nss-fix-gcc47-secmodt.patch0 b/nss/patches/nss-fix-gcc47-secmodt.patch0
deleted file mode 100644 (file)
index 361555e..0000000
--- a/nss/patches/nss-fix-gcc47-secmodt.patch0
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
---- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47        2012-01-30 16:14:41.179494528 -0500
-+++ ./mozilla/security/nss/lib/softoken/secmodt.h      2012-01-30 16:14:48.287424482 -0500
-@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags;
- #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
- 
- #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
--"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
-+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
- 
- #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
- #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)

diff --git a/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 b/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0
deleted file mode 100644 (file)
index 28dfa48..0000000
--- a/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
---- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible        2012-01-05 13:54:36.430389994 -0800
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c   2012-01-05 13:55:25.810750394 -0800
-@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
-     3,          /* enableRenegotiation (default: transitional) */
-     PR_FALSE,   /* requireSafeNegotiation */
-     PR_FALSE,   /* enableFalseStart   */
--    PR_TRUE     /* cbcRandomIV        */
-+    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
- };
- 
- sslSessionIDLookupFunc  ssl_sid_lookup;
-@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
-                       PR_TRUE));
-       }
-       ev = getenv("NSS_SSL_CBC_RANDOM_IV");
--      if (ev && ev[0] == '0') {
--          ssl_defaults.cbcRandomIV = PR_FALSE;
--          SSL_TRACE(("SSL: cbcRandomIV set to 0"));
-+      if (ev && ev[0] == '1') {
-+          ssl_defaults.cbcRandomIV = PR_TRUE;
-+          SSL_TRACE(("SSL: cbcRandomIV set to 1"));
-       }
-     }
- #endif /* NSS_HAVE_GETENV */

diff --git a/nss/patches/nsspem-bz754771.patch0 b/nss/patches/nsspem-bz754771.patch0
deleted file mode 100644 (file)
index 1e64a42..0000000
--- a/nss/patches/nsspem-bz754771.patch0
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
---- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800
-+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c        2011-12-12 09:44:40.437096761 -0800
-@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
-     if (io == NULL)
-         return NULL;
- 
-+    /* initialize pointers to functions */
-+    pem_CreateMDObject(NULL, io, NULL);
-+
-     io->gobjIndex = count;
- 
-     /* add object to global array */

diff --git a/nss/patches/nsspem-createobject-initialize-pointer.patch0 b/nss/patches/nsspem-createobject-initialize-pointer.patch0
deleted file mode 100644 (file)
index cdfdea3..0000000
--- a/nss/patches/nsspem-createobject-initialize-pointer.patch0
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
---- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338       2010-11-25 10:49:27.000000000 -0800
-+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c      2011-09-10 10:16:58.752726964 -0700
-@@ -1179,6 +1179,7 @@ pem_CreateObject
-             return (NSSCKMDObject *) NULL;
- 
-         certDER.len = 0; /* in case there is no equivalent cert */
-+        certDER.data = NULL;
- 
-         objid = -1;
-         for (i = 0; i < pem_nobjs; i++) {

diff --git a/nss/patches/nsspem-init-inform-not-thread-safe.patch0 b/nss/patches/nsspem-init-inform-not-thread-safe.patch0
deleted file mode 100644 (file)
index 2df4fbe..0000000
--- a/nss/patches/nsspem-init-inform-not-thread-safe.patch0
+++ /dev/null
@@ -1,129 +0,0 @@
---- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410   2010-11-25 11:51:52.000000000 -0800
-+++ mozilla/security/nss/lib/ckfw/pem/pinst.c  2011-09-13 16:59:49.325215540 -0700
-@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
-         size += PEM_ITEM_CHUNK;
-     }
-     gobj[count] = io;
-     count++;
-     pem_nobjs++;
- 
-     io->refCount ++;
-     return io;
- }
- 
- CK_RV
- AddCertificate(char *certfile, char *keyfile, PRBool cacert,
-                CK_SLOT_ID slotID)
- {
-     pemInternalObject *o;
--    SECItem certDER;
-     CK_RV error = 0;
-     int objid, i;
-     int nobjs = 0;
-     SECItem **objs = NULL;
-     char *ivstring = NULL;
-     int cipher;
- 
--    certDER.data = NULL;
-     nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
-     if (nobjs <= 0) {
-         nss_ZFreeIf(objs);
-         return CKR_GENERAL_ERROR;
-     }
- 
-     /* For now load as many certs as are in the file for CAs only */
-     if (cacert) {
-         for (i = 0; i < nobjs; i++) {
-             char nickname[1024];
-             objid = pem_nobjs + 1;
- 
-             snprintf(nickname, 1024, "%s - %d", certfile, i);
- 
-             o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
-@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
-   loser:
-     nss_ZFreeIf(objs);
-     nss_ZFreeIf(o);
-     return error;
- }
- 
- CK_RV
- pem_Initialize
- (
-     NSSCKMDInstance * mdInstance,
-     NSSCKFWInstance * fwInstance,
-     NSSUTF8 * configurationData
- )
- {
-     CK_RV rv;
--    /* parse the initialization string and initialize CRLInstances */
-+    /* parse the initialization string */
-     char **certstrings = NULL;
-+    char *modparms = NULL;
-     PRInt32 numcerts = 0;
-     PRBool status, error = PR_FALSE;
-     int i;
-+    CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
-+
-+    if (!fwInstance) return CKR_ARGUMENTS_BAD;
-+
-+    modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
-+    if (modArgs &&
-+       ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
-+        return CKR_CANT_LOCK;
-+    }
- 
-     if (pemInitialized) {
-         return CKR_OK;
-     }
-+
-     RNG_RNGInit();
- 
-     open_log();
- 
-     plog("pem_Initialize\n");
- 
--    unsigned char *modparms = NULL;
--    if (!fwInstance) {
--        return CKR_ARGUMENTS_BAD;
--    }
--
--    CK_C_INITIALIZE_ARGS_PTR modArgs =
--        NSSCKFWInstance_GetInitArgs(fwInstance);
-     if (!modArgs || !modArgs->LibraryParameters) {
-         goto done;
-     }
--    modparms = (unsigned char *) modArgs->LibraryParameters;
-+    modparms = (char *) modArgs->LibraryParameters;
-     plog("Initialized with %s\n", modparms);
- 
-     /*
-      * The initialization string format is a space-delimited file of
-      * pairs of paths which are delimited by a semi-colon. The first
-      * entry of the pair is the path to the certificate file. The
-      * second is the path to the key file.
-      *
-      * CA certificates do not need the semi-colon.
-      *
-      * Example:
-      *  /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
-      *
-      */
-     status =
--        pem_ParseString((const char *) modparms, ' ', &numcerts,
-+        pem_ParseString(modparms, ' ', &numcerts,
-                         &certstrings);
-     if (status == PR_FALSE) {
-         return CKR_ARGUMENTS_BAD;
-     }
- 
-     for (i = 0; i < numcerts && error != PR_TRUE; i++) {
-         char *cert = certstrings[i];
-         PRInt32 attrcount = 0;
-         char **certattrs = NULL;
-         status = pem_ParseString(cert, ';', &attrcount, &certattrs);
-         if (status == PR_FALSE) {
-             error = PR_TRUE;
-             break;
-         }
- 

diff --git a/nss/patches/renegotiate-transitional.patch0 b/nss/patches/renegotiate-transitional.patch0
deleted file mode 100644 (file)
index 989491d..0000000
--- a/nss/patches/renegotiate-transitional.patch0
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c
---- mozilla/security/nss/lib/ssl/sslsock.c.transitional        2011-10-06 10:37:47.156659000 -0700
-+++ mozilla/security/nss/lib/ssl/sslsock.c     2011-10-06 10:38:32.276704000 -0700
-@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = {
-     PR_FALSE,   /* noLocks            */
-     PR_FALSE,   /* enableSessionTickets */
-     PR_FALSE,   /* enableDeflate      */
--    2,          /* enableRenegotiation (default: requires extension) */
-+    3,          /* enableRenegotiation (default: transitional) */
-     PR_FALSE,   /* requireSafeNegotiation */
-     PR_FALSE,   /* enableFalseStart   */
-     PR_TRUE     /* cbcRandomIV        */

diff --git a/nss/secmod.db b/nss/secmod.db
deleted file mode 100644 (file)
index 9a02807..0000000
Binary files a/nss/secmod.db and /dev/null differ

diff --git a/nss/setup-nsssysinit.sh b/nss/setup-nsssysinit.sh
deleted file mode 100755 (executable)
index 8e1f5f7..0000000
--- a/nss/setup-nsssysinit.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-#
-# Turns on or off the nss-sysinit module db by editing the
-# global PKCS #11 congiguration file. Displays the status.
-#
-# This script can be invoked by the user as super user.
-# It is invoked at nss-sysinit post install time with argument on.
-#
-usage()
-{
-  cat <<EOF
-Usage: setup-nsssysinit [on|off]
-  on     - turns on nsssysinit
-  off    - turns off nsssysinit
-  status - reports whether nsssysinit is turned on or off
-EOF
-  exit $1
-}
-
-# validate
-if [ $# -eq 0 ]; then
-  usage 1 1>&2
-fi
-
-# the system-wide configuration file
-p11conf="/etc/pki/nssdb/pkcs11.txt"
-# must exist, otherwise report it and exit with failure
-if [ ! -f $p11conf ]; then
-  echo "Could not find ${p11conf}"
-  exit 1
-fi
-
-# check if nsssysinit is currently enabled or disabled
-sysinit_enabled()
-{
-  grep -q '^library=libnsssysinit' ${p11conf}
-}
-
-umask 022
-case "$1" in
-  on | ON )
-    if sysinit_enabled; then 
-      exit 0 
-    fi
-    cat ${p11conf} | \
-    sed -e 's/^library=$/library=libnsssysinit.so/' \
-        -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
-        ${p11conf}.on
-    mv ${p11conf}.on ${p11conf}
-    ;;
-  off | OFF )
-    if ! sysinit_enabled; then
-      exit 0
-    fi
-    cat ${p11conf} | \
-    sed -e 's/^library=libnsssysinit.so/library=/' \
-        -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
-        ${p11conf}.off
-    mv ${p11conf}.off ${p11conf}
-    ;;
-  status )
-    echo -n 'NSS sysinit is '
-    sysinit_enabled && echo 'enabled' || echo 'disabled'
-    ;;
-  * )
-    usage 1 1>&2
-    ;;
-esac

diff --git a/nss/system-pkcs11.txt b/nss/system-pkcs11.txt
deleted file mode 100644 (file)
index c2f5704..0000000
--- a/nss/system-pkcs11.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-library=libnsssysinit.so
-name=NSS Internal PKCS #11 Module
-parameters=configdir='sql:/etc/pki/nssdb'  certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
-NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
-