--- /dev/null
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+ cat <<EOF
+Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
+Options:
+ [--prefix[=DIR]]
+ [--exec-prefix[=DIR]]
+ [--includedir[=DIR]]
+ [--libdir[=DIR]]
+ [--version]
+ [--libs]
+ [--cflags]
+Dynamic Libraries:
+ softokn3 - Requires full dynamic linking
+ freebl3 - for internal use only (and glibc for self-integrity check)
+ nssdbm3 - for internal use only
+Dymamically linked
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ usage 1 1>&2
+fi
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss-softokn`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss-softokn`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+ echo $libdirs
+fi
+
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include $(PKGROOT)/Include
+
+PKG_NAME = nss-softokn
+PKG_VER = 3.12.8
+PKG_REL = 0
+
+PKG_MAINTAINER =
+PKG_GROUP = System/Libraries
+PKG_URL = http://www.mozilla.org/projects/security/pki/nss/
+PKG_LICENSE = MPLv1.1 or GPLv2+ or LGPLv2+
+PKG_SUMMARY = Network Security Services Softoken Module.
+
+PKG_BUILD_DEPS+= nspr-devel nss-util-devel perl pkg-config psmisc sqlite-devel \
+ zlib-devel
+
+define PKG_DESCRIPTION
+ Network Security Services Softoken Cryptographic Module.
+endef
+
+PKG_TARBALL = $(THISAPP)-stripped.tar.bz2
+
+PKG_PACKAGES += $(PKG_NAME_REAL)-devel
+
+PKG_DEPS-$(PKG_NAME_REAL)-devel += nss-util-devel
+
+# Mozilla does no versioning :(
+define PKG_FILES-$(PKG_NAME_REAL)-devel
+ /usr/bin/*-config
+ /usr/include
+ /usr/lib/libfreebl3.so
+ /usr/lib/pkgconfig
+endef
+
+## Define some global environment variables
+
+export FREEBL_NO_DEPEND=1
+export FREEBL_USE_PRELINK=1
+
+# Enable compiler optimizations and disable debugging code
+export BUILD_OPT=1
+export XCFLAGS=$(CFLAGS)
+
+export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+
+export NSPR_INCLUDE_DIR=/usr/include/nspr4
+export NSPR_LIB_DIR=/usr/lib
+
+export NSS_INCLUDE_DIR=/usr/include/nss3
+export NSS_LIB_DIR=/usr/lib
+
+export NSS_USE_SYSTEM_SQLITE=1
+
+define STAGE_BUILD
+ cd $(DIR_APP) && make -C ./mozilla/security/coreconf
+ cd $(DIR_APP) && make -C ./mozilla/security/dbm
+ cd $(DIR_APP) && make -C ./mozilla/security/nss
+endef
+
+define STAGE_INSTALL
+ -mkdir -pv $(BUILDROOT)/lib
+ -mkdir -pv $(BUILDROOT)/usr/include/nss3
+ -mkdir -pv $(BUILDROOT)/usr/{bin,lib}
+ -mkdir -pv $(BUILDROOT)/usr/lib/pkgconfig
+ -mkdir -pv $(BUILDROOT)/usr/lib/nss/unsupported-tools
+
+ install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libsoftokn3.so \
+ $(BUILDROOT)/usr/lib
+ install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libnssdbm3.so \
+ $(BUILDROOT)/usr/lib
+ install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libfreebl3.so \
+ $(BUILDROOT)/lib
+ ln -svf ../../lib/libfreebl3.so $(BUILDROOT)/usr/lib/libfreebl3.so
+
+ # Copy the binaries we ship as unsupported
+ install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/bin/shlibsign $(BUILDROOT)/usr/lib/nss/unsupported-tools
+
+ sed -e "s,@libdir@,/usr/lib,g" \
+ -e "s,@prefix@,/usr,g" \
+ -e "s,@exec_prefix@,/usr,g" \
+ -e "s,@includedir@,/usr/include/nss3,g" \
+ -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMAJOR" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
+ -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMINOR" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
+ -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*SOFTOKEN_VPATCH" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \
+ < $(DIR_SOURCE)/nss-softokn-config.in \
+ > $(BUILDROOT)/usr/bin/nss-softokn-config
+ chmod -v 755 $(BUILDROOT)/usr/bin/nss-softokn-config
+
+ # XXX need to fix this
+ sed \
+ -e "s,%libdir%,/usr/lib,g" \
+ -e "s,%prefix%,/usr,g" \
+ -e "s,%exec_prefix%,/usr,g" \
+ -e "s,%includedir%,/usr/include/nss3,g" \
+ -e "s,%NSS_VERSION%,$(PKG_VER),g" \
+ -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \
+ -e "s,%NSSUTIL_VERSION%,$$(nss-util-config --version),g" \
+ -e "s,%SOFTOKEN_VERSION%,$(PKG_VER),g" \
+ < $(DIR_SOURCE)/nss-softokn.pc.in \
+ > $(BUILDROOT)/usr/lib/pkgconfig/nss-softokn.pc
+
+ # Copy the include files we want
+ cp -vf $(DIR_APP)/mozilla/dist/public/nss/*.h $(BUILDROOT)/usr/include/nss3
+ cp -vf $(DIR_APP)/mozilla/dist/private/nss/blapi.h \
+ $(BUILDROOT)/usr/include/nss3
+ chmod -v 644 $(BUILDROOT)/usr/include/nss3/*.h
+endef
--- /dev/null
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS-SOFTOKN
+Description: Network Security Services Softoken PKCS #11 Module
+Version: %SOFTOKEN_VERSION%
+Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
+Libs: -lfreebl3 -lnssdbm3 -lsoftokn3
+Cflags: -I${includedir}
--- /dev/null
+%global nspr_version 4.8.6
+%global nss_name nss
+%global nss_util_version 3.12.8
+%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+%global saved_files_dir %{_libdir}/nss/saved
+
+# Produce .chk files for the final stripped binaries
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
+%{nil}
+
+Summary: Network Security Services Softoken Module
+Name: nss-softokn
+Version: 3.12.8
+Release: 2%{?dist}
+License: MPLv1.1 or GPLv2+ or LGPLv2+
+URL: http://www.mozilla.org/projects/security/pki/nss/
+Group: System Environment/Libraries
+Requires: nspr >= %{nspr_version}
+Requires: nss-util >= %{nss_util_version}
+Requires: nss-softokn-freebl%{_isa} >= %{version}
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: nspr-devel >= %{nspr_version}
+BuildRequires: nss-util-devel >= %{nss_util_version}
+BuildRequires: sqlite-devel
+BuildRequires: zlib-devel
+BuildRequires: pkgconfig
+BuildRequires: gawk
+BuildRequires: psmisc
+BuildRequires: perl
+
+Source0: %{name}-%{version}-stripped.tar.bz2
+# The nss-softokn tar ball is a subset of nss-{version}-stripped.tar.bz2,
+# Therefore we use the nss-split-softokn.sh script to keep only what we need.
+# Download the nss tarball via git from the nss propect and follow these
+# steps to make the tarball for nss-util out of the one for nss:
+# fedpkg clone nss
+# fedpkg clone nss-softokn
+# cd nss-softokn
+# cp ../../nss/devel/${version}-stripped.tar.bz2 .
+# sh ./nss-split-softokn.sh ${version}
+# A file named {name}-{version}-stripped.tar.bz2 should appear
+Source1: nss-split-softokn.sh
+Source2: nss-softokn.pc.in
+Source3: nss-softokn-config.in
+
+Patch2: nss-softokn-3.12.4-prelink.patch
+Patch3: nss-softokn-3.12.4-fips-fix.patch
+
+%description
+Network Security Services Softoken Cryptographic Module
+
+%package freebl
+Summary: Freebl library for the Network Security Services
+Group: System Environment/Base
+Conflicts: nss < 3.12.2.99.3-5
+Conflicts: prelink < 0.4.3
+
+%description freebl
+NSS Softoken Cryptographic Module Freelb Library
+
+Install the nss-softokn-freebl package if you need the freebl
+library.
+
+%package freebl-devel
+Summary: Header and Library files for doing development with the Freebl library for NSS
+Group: System Environment/Base
+Provides: nss-softokn-freebl-static = %{version}-%{release}
+Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
+
+%description freebl-devel
+NSS Softoken Cryptographic Module Freelb Library Development Tools
+
+%package devel
+Summary: Development libraries for Network Security Services
+Group: Development/Libraries
+Requires: nss-softokn%{?_isa} = %{version}-%{release}
+Requires: nspr-devel >= %{nspr_version}
+Requires: nss-util-devel >= %{nss_util_version}
+Requires: pkgconfig
+BuildRequires: nspr-devel >= %{nspr_version}
+BuildRequires: nss-util-devel >= %{nss_util_version}
+# require nss at least the version when we split via subpackages
+BuildRequires: nss-devel >= 3.12.2.99.3-11
+
+%description devel
+Header and Library files for doing development with Network Security Services.
+
+
+%prep
+%setup -q
+
+%patch2 -p0 -b .prelink
+%patch3 -p0 -b .fipsfix
+
+
+%build
+
+FREEBL_NO_DEPEND=1
+export FREEBL_NO_DEPEND
+
+FREEBL_USE_PRELINK=1
+export FREEBL_USE_PRELINK
+
+# Enable compiler optimizations and disable debugging code
+BUILD_OPT=1
+export BUILD_OPT
+
+# Generate symbolic info for debuggers
+XCFLAGS=$RPM_OPT_FLAGS
+export XCFLAGS
+
+PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+
+export PKG_CONFIG_ALLOW_SYSTEM_LIBS
+export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
+
+NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
+NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
+
+export NSPR_INCLUDE_DIR
+export NSPR_LIB_DIR
+
+NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
+NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'`
+
+export NSS_INCLUDE_DIR
+export NSS_LIB_DIR
+
+NSS_USE_SYSTEM_SQLITE=1
+export NSS_USE_SYSTEM_SQLITE
+
+%ifarch x86_64 ppc64 ia64 s390x sparc64
+USE_64=1
+export USE_64
+%endif
+
+# Compile softokn plus needed support
+%{__make} -C ./mozilla/security/coreconf
+%{__make} -C ./mozilla/security/dbm
+%{__make} -C ./mozilla/security/nss
+
+# Set up our package file
+# The nspr_version and nss_util_version globals used here
+# must match the ones nss-softokn has for its Requires.
+%{__mkdir_p} ./mozilla/dist/pkgconfig
+%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \
+ -e "s,%%prefix%%,%{_prefix},g" \
+ -e "s,%%exec_prefix%%,%{_prefix},g" \
+ -e "s,%%includedir%%,%{_includedir}/nss3,g" \
+ -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
+ -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
+ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
+ ./mozilla/dist/pkgconfig/nss-softokn.pc
+
+SOFTOKEN_VMAJOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
+SOFTOKEN_VMINOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
+SOFTOKEN_VPATCH=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
+
+export SOFTOKEN_VMAJOR
+export SOFTOKEN_VMINOR
+export SOFTOKEN_VPATCH
+
+%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
+ -e "s,@prefix@,%{_prefix},g" \
+ -e "s,@exec_prefix@,%{_prefix},g" \
+ -e "s,@includedir@,%{_includedir}/nss3,g" \
+ -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
+ -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
+ -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
+ > ./mozilla/dist/pkgconfig/nss-softokn-config
+
+chmod 755 ./mozilla/dist/pkgconfig/nss-softokn-config
+
+
+# enable the following line to force a test failure
+# find ./mozilla -name \*.chk | xargs rm -f
+
+#
+# We can't run a subset of the tests because the tools have
+# dependencies on nss libraries outside of softokn.
+# Let's leave this as a place holder.
+#
+
+
+%install
+
+%{__rm} -rf $RPM_BUILD_ROOT
+
+# There is no make install target so we'll do it ourselves.
+
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_lib}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
+
+# Copy the binary libraries we want
+for file in libsoftokn3.so libnssdbm3.so
+do
+ %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+done
+
+# Because libcrypt depends on libfreebl3.so, it is special
+# so we install it in /lib{64}, keeping a symbolic link to it
+# back in /usr/lib{64} to keep everyone else working
+for file in libfreebl3.so
+do
+ %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib}
+ ln -sf ../../%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
+done
+
+# Make sure chk files can be found in both places
+for file in libfreebl3.chk
+do
+ ln -s ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
+done
+
+# Copy the binaries we ship as unsupported
+for file in shlibsign
+do
+ %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+done
+
+# Copy the include files we want
+for file in mozilla/dist/public/nss/*.h
+do
+ %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
+done
+
+# Copy a freebl include file we also want
+for file in mozilla/dist/private/nss/blapi.h
+do
+ %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
+done
+
+# Copy the static freebl library
+for file in libfreebl.a
+do
+%{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+done
+
+# Copy the package configuration files
+%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
+%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
+
+%clean
+%{__rm} -rf $RPM_BUILD_ROOT
+
+
+%post
+/sbin/ldconfig >/dev/null 2>/dev/null
+
+%postun
+/sbin/ldconfig >/dev/null 2>/dev/null
+
+%files
+%defattr(-,root,root)
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssdbm3.chk
+%{_libdir}/libsoftokn3.so
+%{_libdir}/libsoftokn3.chk
+# shared with nss-tools
+%dir %{_libdir}/nss
+%dir %{saved_files_dir}
+%dir %{unsupported_tools_directory}
+%{unsupported_tools_directory}/shlibsign
+
+%files freebl
+%defattr(-,root,root)
+/%{_lib}/libfreebl3.so
+/%{_lib}/libfreebl3.chk
+# and these symbolic links
+%{_libdir}/libfreebl3.so
+%{_libdir}/libfreebl3.chk
+
+%files freebl-devel
+%defattr(-,root,root)
+%{_libdir}/libfreebl.a
+%{_includedir}/nss3/blapi.h
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/pkgconfig/nss-softokn.pc
+%{_bindir}/nss-softokn-config
+
+# co-owned with nss
+%dir %{_includedir}/nss3
+#
+# The following headers are those exported public in
+# mozilla/security/nss/lib/freebl/manifest.mn and
+# mozilla/security/nss/lib/softoken/manifest.mn
+#
+# The following list is short because many headers, such as
+# the pkcs #11 ones, have been provided by nss-util-devel
+# which installed them before us.
+#
+%{_includedir}/nss3/blapit.h
+%{_includedir}/nss3/ecl-exp.h
+%{_includedir}/nss3/hasht.h
+%{_includedir}/nss3/sechash.h
+%{_includedir}/nss3/nsslowhash.h
+%{_includedir}/nss3/secmodt.h
+%{_includedir}/nss3/shsign.h
+
+%changelog
+* Wed Sep 29 2010 jkeating - 3.12.8-2
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 23 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-1
+- Update to 3.12.8
+- Adhere to static library packaging guidelines (#609613)
+- Fix nss-util-devel version dependency line
+- Shorten freebl and freebl subpackages descriptions
+
+* Sat Sep 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.99.4-1
+- NSS 3.12.8 RC0
+
+* Sat Sep 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7.99.3-2
+- Update the required version of nss-util to 3.12.7.99.3
+
+* Sat Sep 04 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7.99.3-1
+- NSS 3.12.8 Beta 3
+
+* Mon Aug 30 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-3
+- Update BuildRequires on nspr-devel and nss-util-devel
+
+* Sat Aug 29 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-2
+- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch
+- Fix rpmlint warnings about macros in comments and changelog
+
+* Mon Aug 16 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.7-1
+- Update to 3.12.7
+- Fix build files to ensure nsslowhash.h is included in public headers
+
+* Tue Jun 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-3
+- Retagging
+
+* Mon Jun 07 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-2
+- Bump NVR to be greater than those for nss-softokn subpackages in F11 (rhbz#601407)
+
+* Sun Jun 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-23
+- Bump release number
+
+* Fri Jun 04 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-22
+- Cleanup changelog comments to avoid unwanted macro expansions
+
+* Wed Jun 02 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-21
+- Retagging
+
+* Wed Jun 02 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-20
+- Add %%{?_isa} to the requires in the devel packages (#596840)
+- Fix typo in the package description (#598295)
+- Update nspr version to 4.8.4
+
+* Sat May 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-19
+- Consider the system as not fips enabled when /proc/sys/crypto/fips_enabled isn't present (rhbz#590199)
+
+* Sat May 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-18
+- Fix Conflicts line to prevent update when prelink is not yet the right version (rhbz#590199)
+
+* Mon Apr 19 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-17
+- Updated prelink patch rhbz#504949
+
+* Wed Apr 15 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-16
+- allow prelink of softoken and freebl. Change the verify code to use
+ prelink -u if prelink is installed. Fix by Robert Relyea rhbz#504949
+
+* Mon Jan 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-15
+- Move libfreebl3.so and its .chk file to /lib{64} (rhbz#561544)
+
+* Mon Jan 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.4-13
+- Fix in nss-softokn-spec.in
+- Require nss-util >= 3.12.4
+
+* Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-12
+- Require nss-util 3.12.5
+
+* Fri Nov 20 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-11
+- export freebl devel tools (#538226)
+
+* Tue Sep 23 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-10
+- Fix paths in nss-softokn-prelink so signed libraries don't get touched, rhbz#524794
+
+* Thu Sep 17 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-9
+- Add nssdbm3.so to nss-softokn-prelink.conf, rhbz#524077
+
+* Thu Sep 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-8
+- Retagging for a chained build
+
+* Thu Sep 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-6
+- Don't list libraries in nss-softokn-config, dynamic linking required
+
+* Tue Sep 08 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-5
+- Installing shared libraries to %%{_libdir}
+
+* Sun Sep 06 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-4
+- Postuninstall scriptlet finishes quietly
+
+* Sat Sep 05 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-3
+- Remove symblic links to shared libraries from devel, rhbz#521155
+- Apply the nss-nolocalsql patch
+- No rpath-link in nss-softokn-config
+
+* Fri Sep 04 2009 serstring=Elio Maldonado<emaldona@redhat.cpm> - 3.12.4-2
+- Retagging to pick up the correct .cvsignore
+
+* Tue Sep 01 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.4-1
+- Update to 3.12.4
+- Fix logic on postun
+- Don't require sqlite
+
+* Mon Aug 31 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-24
+- Fixed test on %postun to avoid returning 1 when nss-softokn instances still remain
+
+* Sun Aug 30 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-23
+- Explicitly state via nss_util_version the nss-util version we require
+
+* Fri Aug 28 2009 Warren Togami <wtogami@redhat.com> - 3.12.3.99.3-22
+- caolan's nss-softokn.pc patch
+
+* Thu Aug 27 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-21
+- Bump the release number for a chained build of nss-util, nss-softokn and nss
+
+* Thu Aug 27 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-20
+- List freebl, nssdbm and softokn libraries in nss-softokn-config and nss-softokn.pc
+
+* Thu Aug 27 2009 Elio Maldonado@<emaldona@redhat.com> - 3.12.3.99.3-19
+- Determine NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR with a pkg-config query on nss-util
+- Remove the release 17 hack
+
+* Wed Aug 27 2009 Elio maldonado<emaldona@redhat.com> - 3.12.3.99.3-18
+- fix spurious executable permissions on nss-softokn.pc
+
+* Thu Aug 27 2009 Adel Gadllah <adel.gadllah@gmail.com> - 3.12.3.99.3-17
+- Add hack to fix build
+
+* Tue Aug 25 2009 Dennis Gilmore <dennis@ausil.us> - 3.12.3.99.3-16
+- only have a single Requires: line in the .pc file
+
+* Tue Aug 25 2009 Dennis Gilmore <dennis@ausil.us> - 3.12.3.99.3-12
+- bump to unique rpm nvr
+
+* Tue Aug 25 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.3.99.3-10
+- Build after nss with subpackages and new nss-util
+
+* Thu Aug 20 2009 Dennis Gilmore <dennis@ausil.us> 3.12.3.99.3-9
+- revert to shipping bits
+
+* Thu Aug 19 2009 Elio Maldonado <emaldona@redhat.com> 3.12.3.99.3-8.1
+- Disable installing until conflicts are relsoved
+
+* Thu Aug 19 2009 Elio Maldonado <emaldona@redhat.com> 3.12.3.99.3-8
+- Initial build
--- /dev/null
+diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips ./mozilla/security/nss/lib/freebl/nsslowhash.c
+--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips 2010-09-04 20:23:14.764313661 -0700
++++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2010-09-04 20:25:52.622313780 -0700
+@@ -275,7 +275,7 @@ static int nsslow_GetFIPSEnabled(void) {
+
+ f = fopen("/proc/sys/crypto/fips_enabled", "r");
+ if (!f)
+- return 1;
++ return 0;
+
+ size = fread(&d, 1, 1, f);
+ fclose(f);
--- /dev/null
+diff -up ./mozilla/security/nss/lib/freebl/Makefile.prelink ./mozilla/security/nss/lib/freebl/Makefile
+--- ./mozilla/security/nss/lib/freebl/Makefile.prelink 2010-09-04 14:13:58.846327263 -0700
++++ ./mozilla/security/nss/lib/freebl/Makefile 2010-09-04 14:15:11.544326993 -0700
+@@ -82,6 +82,12 @@ ifeq ($(FREEBL_NO_DEPEND),1)
+ else
+ MAPFILE_SOURCE = freebl.def
+ endif
++ifdef FREEBL_USE_PRELINK
++ DEFINES += -DFREEBL_USE_PRELINK
++endif
++ifdef FREEBL_PRELINK_COMMAND
++ DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
++endif
+ # NSS_X86 means the target is a 32-bits x86 CPU architecture
+ # NSS_X64 means the target is a 64-bits x64 CPU architecture
+ # NSS_X86_OR_X64 means the target is either x86 or x64
+diff -up ./mozilla/security/nss/lib/freebl/shvfy.c.prelink ./mozilla/security/nss/lib/freebl/shvfy.c
+--- ./mozilla/security/nss/lib/freebl/shvfy.c.prelink 2010-09-04 14:16:01.518326988 -0700
++++ ./mozilla/security/nss/lib/freebl/shvfy.c 2010-09-04 14:25:44.770326384 -0700
+@@ -48,6 +48,168 @@
+ #include "stdio.h"
+ #include "prmem.h"
+
++#ifdef FREEBL_USE_PRELINK
++#ifndef FREELB_PRELINK_COMMAND
++#define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -"
++#endif
++#include "private/pprio.h"
++
++#include <stdlib.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <sys/wait.h>
++#include <sys/stat.h>
++
++PRFileDesc *
++bl_OpenUnPrelink(const char *shName, int *pid)
++{
++ char *command= strdup(FREEBL_PRELINK_COMMAND);
++ char *argString = NULL;
++ char **argv = NULL;
++ char *shNameArg = NULL;
++ char *cp;
++ pid_t child;
++ int argc = 0, argNext = 0;
++ struct stat statBuf;
++ int pipefd[2] = {-1,-1};
++ int ret;
++
++ *pid = 0;
++
++ /* make sure the prelink command exists first. If not, fall back to
++ * just reading the file */
++ for (cp = command; *cp ; cp++) {
++ if (*cp == ' ') {
++ *cp++ = 0;
++ argString = cp;
++ break;
++ }
++ }
++ memset (&statBuf, 0, sizeof(statBuf));
++ /* stat the file, follow the link */
++ ret = stat(command, &statBuf);
++ if (ret < 0) {
++ free(command);
++ return PR_Open(shName, PR_RDONLY, 0);
++ }
++ /* file exits, make sure it's an executable */
++ if (!S_ISREG(statBuf.st_mode) ||
++ ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) {
++ free(command);
++ return PR_Open(shName, PR_RDONLY, 0);
++ }
++
++ /* OK, the prelink command exists and looks correct, use it */
++ /* build the arglist while we can still malloc */
++ /* count the args if any */
++ if (argString && *argString) {
++ /* argString may have leading spaces, strip them off*/
++ for (cp = argString; *cp && *cp == ' '; cp++);
++ argString = cp;
++ if (*cp) {
++ /* there is at least one arg.. */
++ argc = 1;
++ }
++
++ /* count the rest: Note there is no provision for escaped
++ * spaces here */
++ for (cp = argString; *cp ; cp++) {
++ if (*cp == ' ') {
++ while (*cp && *cp == ' ') cp++;
++ if (*cp) argc++;
++ }
++ }
++ }
++
++ /* add the additional args: argv[0] (command), shName, NULL*/
++ argc += 3;
++ argv = PORT_NewArray(char *, argc);
++ if (argv == NULL) {
++ goto loser;
++ }
++
++ /* fill in the arglist */
++ argv[argNext++] = command;
++ if (argString && *argString) {
++ argv[argNext++] = argString;
++ for (cp = argString; *cp; cp++) {
++ if (*cp == ' ') {
++ *cp++ = 0;
++ while (*cp && *cp == ' ') cp++;
++ if (*cp) argv[argNext++] = cp;
++ }
++ }
++ }
++ /* exec doesn't advertise taking const char **argv, do the paranoid
++ * copy */
++ shNameArg = strdup(shName);
++ if (shNameArg == NULL) {
++ goto loser;
++ }
++ argv[argNext++] = shNameArg;
++ argv[argNext++] = 0;
++
++ ret = pipe(pipefd);
++ if (ret < 0) {
++ goto loser;
++ }
++
++ /* use vfork() so we don't trigger the pthread_at_fork() handlers */
++ child = vfork();
++ if (child < 0) goto loser;
++ if (child == 0) {
++ /* set up the file descriptors */
++ close(0);
++ /* associate pipefd[1] with stdout */
++ if (pipefd[1] != 1) dup2(pipefd[1], 1);
++ close(2);
++ close(pipefd[0]);
++ /* should probably close the other file descriptors? */
++
++
++ execv(command, argv);
++ /* avoid at_exit() handlers */
++ _exit(1); /* shouldn't reach here except on an error */
++ }
++ close(pipefd[1]);
++ pipefd[1] = -1;
++
++ /* this is safe because either vfork() as full fork() semantics, and thus
++ * already has it's own address space, or because vfork() has paused
++ * the parent util the exec or exit */
++ free(command);
++ free(shNameArg);
++ PORT_Free(argv);
++
++ *pid = child;
++
++ return PR_ImportPipe(pipefd[0]);
++
++loser:
++ if (pipefd[0] != -1) {
++ close(pipefd[0]);
++ }
++ if (pipefd[1] != -1) {
++ close(pipefd[1]);
++ }
++ free(command);
++ free(shNameArg);
++ PORT_Free(argv);
++
++ return NULL;
++}
++
++void
++bl_CloseUnPrelink( PRFileDesc *file, int pid)
++{
++ /* close the file descriptor */
++ PR_Close(file);
++ /* reap the child */
++ if (pid) {
++ waitpid(pid, NULL, 0);
++ }
++}
++#endif
+
+ /* #define DEBUG_SHVERIFY 1 */
+
+@@ -117,6 +279,9 @@ BLAPI_SHVerify(const char *name, PRFuncP
+ SECStatus rv;
+ DSAPublicKey key;
+ int count;
++#ifdef FREEBL_USE_PRELINK
++ int pid = 0;
++#endif
+
+ PRBool result = PR_FALSE; /* if anything goes wrong,
+ * the signature does not verify */
+@@ -197,7 +362,11 @@ BLAPI_SHVerify(const char *name, PRFuncP
+ checkFD = NULL;
+
+ /* open our library file */
++#ifdef FREEBL_USE_PRELINK
++ shFD = bl_OpenUnPrelink(shName,&pid);
++#else
+ shFD = PR_Open(shName, PR_RDONLY, 0);
++#endif
+ if (shFD == NULL) {
+ #ifdef DEBUG_SHVERIFY
+ fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
+@@ -218,7 +387,11 @@ BLAPI_SHVerify(const char *name, PRFuncP
+ SHA1_Update(hashcx, buf, bytesRead);
+ count += bytesRead;
+ }
++#ifdef FREEBL_USE_PRELINK
++ bl_CloseUnPrelink(shFD, pid);
++#else
+ PR_Close(shFD);
++#endif
+ shFD = NULL;
+
+ SHA1_End(hashcx, hash.data, &hash.len, hash.len);
+diff -up ./mozilla/security/nss/lib/freebl/stubs.c.prelink ./mozilla/security/nss/lib/freebl/stubs.c
+--- ./mozilla/security/nss/lib/freebl/stubs.c.prelink 2010-09-04 14:26:27.454327120 -0700
++++ ./mozilla/security/nss/lib/freebl/stubs.c 2010-09-04 14:31:56.778327428 -0700
+@@ -69,6 +69,7 @@
+ #include <secport.h>
+ #include <secitem.h>
+ #include <blapi.h>
++#include <private/pprio.h>
+
+ #define FREEBL_NO_WEAK 1
+
+@@ -157,6 +158,8 @@ STUB_DECLARE(void,PR_Lock,(PRLock *lock)
+ STUB_DECLARE(PRLock *,PR_NewLock,(void));
+ STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags,
+ PRIntn mode));
++STUB_DECLARE(PRFileDesc *,PR_ImportFile,(PROsfd osfd));
++STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd));
+ STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
+ STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
+ PRSeekWhence whence));
+@@ -295,6 +298,34 @@ PR_Open_stub(const char *name, PRIntn fl
+ return (PRFileDesc *)lfd;
+ }
+
++extern PRFileDesc *
++PR_ImportFile_stub(PROsfd fd)
++{
++ int *lfd = NULL;
++
++ STUB_SAFE_CALL1(PR_ImportFile, fd);
++
++ lfd = PORT_New_stub(int);
++ if (lfd != NULL) {
++ *lfd = fd;
++ }
++ return (PRFileDesc *)lfd;
++}
++
++extern PRFileDesc *
++PR_ImportPipe_stub(PROsfd fd)
++{
++ int *lfd = NULL;
++
++ STUB_SAFE_CALL1(PR_ImportPipe, fd);
++
++ lfd = PORT_New_stub(int);
++ if (lfd != NULL) {
++ *lfd = fd;
++ }
++ return (PRFileDesc *)lfd;
++}
++
+ extern PRStatus
+ PR_Close_stub(PRFileDesc *fd)
+ {
+@@ -492,6 +523,8 @@ freebl_InitNSPR(void *lib)
+ {
+ STUB_FETCH_FUNCTION(PR_Free);
+ STUB_FETCH_FUNCTION(PR_Open);
++ STUB_FETCH_FUNCTION(PR_ImportFile);
++ STUB_FETCH_FUNCTION(PR_ImportPipe);
+ STUB_FETCH_FUNCTION(PR_Close);
+ STUB_FETCH_FUNCTION(PR_Read);
+ STUB_FETCH_FUNCTION(PR_Seek);
+diff -up ./mozilla/security/nss/lib/freebl/stubs.h.prelink ./mozilla/security/nss/lib/freebl/stubs.h
+--- ./mozilla/security/nss/lib/freebl/stubs.h.prelink 2010-09-04 14:26:41.822327256 -0700
++++ ./mozilla/security/nss/lib/freebl/stubs.h 2010-09-04 14:32:53.498540767 -0700
+@@ -78,6 +78,8 @@
+ #define PR_Lock PR_Lock_stub
+ #define PR_NewLock PR_NewLock_stub
+ #define PR_Open PR_Open_stub
++#define PR_ImportFile PR_ImportFile_stub
++#define PR_ImportPipe PR_ImportPipe_stub
+ #define PR_Read PR_Read_stub
+ #define PR_Seek PR_Seek_stub
+ #define PR_Sleep PR_Sleep_stub
projects / ipfire-3.x.git / commitdiff
