This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via d34edaf5c15e13330a5fa8bde00f9f3ddd47fe19 (commit) via 4bda3d1f9a856a6673773a4ea5f6ef6c2f8db709 (commit) via 1bf1539ed21bf029b450117c992e9ff207e17b8f (commit) via 221945a52c3b2e00a8ce5006dbaad60755a58531 (commit) via a53e38ce7f2a4448937d9812076e32df6104cd29 (commit) via 09c1d1a921bb92bb90b325c63035b722ca8fc9c7 (commit) via f81a1d0ac6102eee57464bed375d4aa51f869331 (commit) from 743186103f1513088a85625ba03a0eabcd5b4fc6 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit d34edaf5c15e13330a5fa8bde00f9f3ddd47fe19 Merge: 4bda3d1 221945a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 12 19:17:24 2013 +0100
Merge remote-tracking branch 'ms/remove-nss'
commit 4bda3d1f9a856a6673773a4ea5f6ef6c2f8db709 Merge: ef8980a 1bf1539 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 12 19:16:57 2013 +0100
Merge remote-tracking branch 'stevee/libXcomposite'
commit 1bf1539ed21bf029b450117c992e9ff207e17b8f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 12 19:13:20 2013 +0100
libXcomposite: New package.
commit 221945a52c3b2e00a8ce5006dbaad60755a58531 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 10 23:13:16 2013 +0100
apr-util: Don't link against nss.
Also fix packaging the openssl package and update to libdb (was db4).
commit a53e38ce7f2a4448937d9812076e32df6104cd29 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 10 23:08:58 2013 +0100
curl: Use openssl instead of nss.
nss is removed from the distribution.
commit 09c1d1a921bb92bb90b325c63035b722ca8fc9c7 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 10 23:08:15 2013 +0100
glibc: Don't link against nss.
nss is removed from the distribution.
commit f81a1d0ac6102eee57464bed375d4aa51f869331 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 10 22:58:07 2013 +0100
Remove nss and nspr.
As there are plenty of other SSL implementations in this distribution, nss is dropped.
-----------------------------------------------------------------------
Summary of changes: apr-util/apr-util.nm | 27 +- curl/curl.nm | 8 +- glibc/glibc.nm | 4 +- .../libXcomposite.nm | 8 +- nspr/nspr-config-vars.in | 2 - nspr/nspr.nm | 110 ---- nspr/nspr.pc.in | 10 - nspr/patches/nspr-config-pc.patch | 48 -- nss/PayPalEE.cert | Bin 1483 -> 0 bytes nss/cert8.db | Bin 65536 -> 0 bytes nss/cert9.db | Bin 9216 -> 0 bytes nss/key3.db | Bin 16384 -> 0 bytes nss/key4.db | Bin 11264 -> 0 bytes nss/nss-config.in | 145 ----- nss/nss-util-config.in | 118 ---- nss/nss-util.pc.in | 11 - nss/nss.nm | 263 --------- nss/nss.pc.in | 11 - nss/patches/0001-Bug-695011-PEM-logging.patch | 107 ---- nss/patches/0001-libnsspem-rhbz-734760.patch | 21 - ...72-protect-against-calls-before-nss_init.patch0 | 40 -- nss/patches/gnuc-minor-def-fix.patch | 12 - nss/patches/nofipstest.patch0 | 19 - nss/patches/nosha224.patch0 | 618 -------------------- nss/patches/nss-646045.patch0 | 34 -- nss/patches/nss-ckbi-1.88.rtm.patch0 | 637 --------------------- nss/patches/nss-enable-pem.patch0 | 12 - nss/patches/nss-fix-gcc47-secmodt.patch0 | 12 - .../nss-ssl-cbc-random-iv-off-by-default.patch0 | 25 - nss/patches/nsspem-bz754771.patch0 | 13 - .../nsspem-createobject-initialize-pointer.patch0 | 11 - .../nsspem-init-inform-not-thread-safe.patch0 | 129 ----- nss/patches/renegotiate-transitional.patch0 | 12 - nss/secmod.db | Bin 16384 -> 0 bytes nss/setup-nsssysinit.sh | 68 --- nss/system-pkcs11.txt | 5 - 36 files changed, 19 insertions(+), 2521 deletions(-) copy libXdamage/libXdamage.nm => libXcomposite/libXcomposite.nm (85%) delete mode 100644 nspr/nspr-config-vars.in delete mode 100644 nspr/nspr.nm delete mode 100644 nspr/nspr.pc.in delete mode 100644 nspr/patches/nspr-config-pc.patch delete mode 100644 nss/PayPalEE.cert delete mode 100644 nss/cert8.db delete mode 100644 nss/cert9.db delete mode 100644 nss/key3.db delete mode 100644 nss/key4.db delete mode 100644 nss/nss-config.in delete mode 100644 nss/nss-util-config.in delete mode 100644 nss/nss-util.pc.in delete mode 100644 nss/nss.nm delete mode 100644 nss/nss.pc.in delete mode 100644 nss/patches/0001-Bug-695011-PEM-logging.patch delete mode 100644 nss/patches/0001-libnsspem-rhbz-734760.patch delete mode 100644 nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 delete mode 100644 nss/patches/gnuc-minor-def-fix.patch delete mode 100644 nss/patches/nofipstest.patch0 delete mode 100644 nss/patches/nosha224.patch0 delete mode 100644 nss/patches/nss-646045.patch0 delete mode 100644 nss/patches/nss-ckbi-1.88.rtm.patch0 delete mode 100644 nss/patches/nss-enable-pem.patch0 delete mode 100644 nss/patches/nss-fix-gcc47-secmodt.patch0 delete mode 100644 nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 delete mode 100644 nss/patches/nsspem-bz754771.patch0 delete mode 100644 nss/patches/nsspem-createobject-initialize-pointer.patch0 delete mode 100644 nss/patches/nsspem-init-inform-not-thread-safe.patch0 delete mode 100644 nss/patches/renegotiate-transitional.patch0 delete mode 100644 nss/secmod.db delete mode 100755 nss/setup-nsssysinit.sh delete mode 100644 nss/system-pkcs11.txt
Difference in files: diff --git a/apr-util/apr-util.nm b/apr-util/apr-util.nm index a4632da..7cc97fb 100644 --- a/apr-util/apr-util.nm +++ b/apr-util/apr-util.nm @@ -5,7 +5,7 @@
name = apr-util version = 1.4.1 -release = 2 +release = 3
groups = System/Libraries url = http://apr.apache.org/ @@ -23,11 +23,10 @@ source_dl = http://www.apache.org/dist/apr/ build requires autoconf - db4-devel + libdb-devel expat-devel libapr-devel libuuid-devel - nss-devel openssl-devel end
@@ -35,8 +34,7 @@ build --with-apr=/usr \ --with-berkeley-db \ --with-crypto \ - --with-openssl \ - --with-nss + --with-openssl
install_cmds # Remove unneeded file. @@ -47,25 +45,22 @@ end packages package %{name}
- package %{name}-nss - summary = APR utility library NSS crytpo support. - description = %{summary} - - requires = apr-util=%{thisver} - - files = /usr/lib/apr-util*/apr_crypto_nss* - end - package %{name}-openssl summary = APR utility library OpenSSL crytpo support. description = %{summary}
- requires = apr-util=%{thisver} + requires + apr-util = %{thisver} + end
- files = /usr/lib/apr-util*/apr_crypto_openssl* + files = %{libdir}/apr-util*/apr_crypto_openssl* end
package %{name}-devel template DEVEL end + + package %{name}-debuginfo + template DEBUGINFO + end end diff --git a/curl/curl.nm b/curl/curl.nm index dd48eed..4581431 100644 --- a/curl/curl.nm +++ b/curl/curl.nm @@ -5,7 +5,7 @@
name = curl version = 7.24.0 -release = 3 +release = 4
groups = Application/Internet url = http://www.curl.haxx.se/ @@ -31,7 +31,6 @@ build libssh2-devel libtool-devel net-tools - nss-devel openldap-devel zlib-devel end @@ -42,12 +41,11 @@ build --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt \ --with-libidn \ --with-libssh2 \ - --with-nss \ + --with-ssl \ --enable-ldaps \ --enable-ipv6 \ --enable-manual \ - --enable-threaded-resolver \ - --without-ssl + --enable-threaded-resolver
prepare_cmds autoreconf -vfi diff --git a/glibc/glibc.nm b/glibc/glibc.nm index 1c532fb..3ad812b 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -5,7 +5,7 @@
name = glibc version = 2.17 -release = 2 +release = 3
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Base @@ -38,7 +38,6 @@ build kernel-headers >= %{OPTIMIZED_KERNEL} libcap-devel libselinux-devel - nss-devel texinfo end
@@ -95,7 +94,6 @@ build --with-selinux \ --disable-werror \ --enable-bind-now \ - --enable-nss-crypt \ --enable-obsolete-rpc \ --with-bugurl=http://bugtracker.ipfire.org
diff --git a/libXcomposite/libXcomposite.nm b/libXcomposite/libXcomposite.nm new file mode 100644 index 0000000..ad9734f --- /dev/null +++ b/libXcomposite/libXcomposite.nm @@ -0,0 +1,44 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = libXcomposite +version = 0.4.4 +release = 1 + +maintainer = Stefan Schantl stefan.schantl@ipfire.org +groups = X/Libraries +url = http://www.x.org/ +license = MIT +summary = X Composite extension library. + +description + X.Org X11 libXcomposite runtime library. +end + +source_dl = http://ftp.x.org/pub/individual/lib/ + +build + requires + libX11-devel + libXfixes-devel + pkg-config + xorg-x11-proto-devel + end + + configure_options += \ + --disable-static +end + +packages + package %{name} + + package %{name}-devel + template DEVEL + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/nspr/nspr-config-vars.in b/nspr/nspr-config-vars.in deleted file mode 100644 index ebf0aa4..0000000 --- a/nspr/nspr-config-vars.in +++ /dev/null @@ -1,2 +0,0 @@ -ldflags=@LDFLAGS@ -os_libs=@OS_LIBS@ diff --git a/nspr/nspr.nm b/nspr/nspr.nm deleted file mode 100644 index c23b137..0000000 --- a/nspr/nspr.nm +++ /dev/null @@ -1,110 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = nspr -version = 4.8.9 -release = 2 - -groups = System/Libraries -url = http://www.mozilla.org/projects/nspr/ -license = MPLv1.1 or GPLv2+ or LGPLv2+ -summary = Netscape Portable Runtime. - -description - NSPR provides platform independence for non-GUI operating system - facilities. These facilities include threads, thread synchronization, - normal file and network I/O, interval timing and calendar time, basic - memory management (malloc and free) and shared library linking. -end - -source_dl = ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v%{version}/src/ - -build - requires - pkg-config - end - - # Original nspr-config is not suitable for our distribution, - # because on different platforms it contains different dynamic content. - # Therefore we produce an adjusted copy of nspr-config that will be - # identical on all platforms. - # However, we need to use original nspr-config to produce some variables - # that go into nspr.pc for pkg-config. - - prepare - cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{sources} - - cp -vf %{DIR_APP}/mozilla/nsprpub/config/nspr-config.in \ - %{DIR_APP}/mozilla/nsprpub/config/nspr-config-pc.in - cp -vf %{DIR_SOURCE}/nspr-config-vars.in \ - %{DIR_APP}/mozilla/nsprpub/config/ - cd %{DIR_APP} - - %{MACRO_PATCHES} - end - - if "%{DISTRO_ARCH}" == "x86_64" - configure_options += \ - --enable-64bit - end - - if "%{DISTRO_ARCH}" == "armv7hl" - configure_options += \ - --enable-thumb2 - end - - configure_options += \ - --includedir=/usr/include/nspr4 \ - --enable-optimize="%{CFLAGS}" \ - --disable-debug - - build - %{DIR_APP}/mozilla/nsprpub/configure \ - %{configure_options} - - make - end - - install_cmds - mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}} - mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig - - cp -vf %{DIR_APP}/config/nspr-config-pc \ - %{BUILDROOT}/usr/bin/nspr-config - - sed \ - -e "s,%libdir%,%{libdir},g" \ - -e "s,%prefix%,/usr,g" \ - -e "s,%exec_prefix%,/usr,g" \ - -e "s,%includedir%,/usr/include/nspr4,g" \ - -e "s,%NSPR_VERSION%,%{version},g" \ - -e "s,%FULL_NSPR_LIBS%,-L%{libdir} -lnspr4 -lplc4 -lplds4 -ldl -lpthread,g" \ - -e "s,%FULL_NSPR_CFLAGS%,-I/usr/include/nspr4,g" \ - < %{DIR_SOURCE}/nspr.pc.in \ - > %{BUILDROOT}%{libdir}/pkgconfig/nspr.pc - - # Remove unneeded stuff - rm -rfv \ - %{BUILDROOT}/usr/bin/compile-et.pl \ - %{BUILDROOT}/usr/bin/prerr.properties \ - %{BUILDROOT}/usr/share/aclocal/nspr.m4 \ - %{BUILDROOT}/usr/include/nspr4/md - end -end - -packages - package %{name} - - package %{name}-devel - template DEVEL - - # libs are not versioned. - files += !%{libdir}/*.so - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/nspr/nspr.pc.in b/nspr/nspr.pc.in deleted file mode 100644 index 1d8f4a0..0000000 --- a/nspr/nspr.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSPR -Description: The Netscape Portable Runtime -Version: %NSPR_VERSION% -Libs: %FULL_NSPR_LIBS% -Cflags: %FULL_NSPR_CFLAGS% diff --git a/nspr/patches/nspr-config-pc.patch b/nspr/patches/nspr-config-pc.patch deleted file mode 100644 index 24b1123..0000000 --- a/nspr/patches/nspr-config-pc.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- a/bmozilla/nsprpub/config/nspr-config-pc.in.x123 2005-05-11 02:53:41.000000000 +0200 -+++ b/mozilla/nsprpub/config/nspr-config-pc.in 2006-05-24 20:52:12.000000000 +0200 -@@ -98,7 +98,7 @@ - includedir=@includedir@ - fi - if test -z "$libdir"; then -- libdir=@libdir@ -+ libdir=`pkg-config --variable=libdir nspr` - fi - - if test "$echo_prefix" = "yes"; then -@@ -132,12 +132,12 @@ - if test -n "$lib_nspr"; then - libdirs="$libdirs -lnspr${major_version}" - fi -- os_ldflags="@LDFLAGS@" -+ os_ldflags=`pkg-config --variable=ldflags nspr` - for i in $os_ldflags ; do - if echo $i | grep ^-L >/dev/null; then - libdirs="$libdirs $i" - fi - done -- echo $libdirs @OS_LIBS@ -+ echo $libdirs `pkg-config --variable=os_libs nspr` - fi - ---- a/mozilla/nsprpub/configure.in.x123 2006-05-24 20:52:12.000000000 +0200 -+++ b/mozilla/nsprpub/configure.in 2006-05-24 20:53:53.000000000 +0200 -@@ -2667,6 +2667,8 @@ - config/nsprincl.mk - config/nsprincl.sh - config/nspr-config -+config/nspr-config-pc -+config/nspr-config-vars - lib/Makefile - lib/ds/Makefile - lib/libc/Makefile ---- a/mozilla/nsprpub/configure.x123 2006-05-24 20:52:12.000000000 +0200 -+++ b/mozilla/nsprpub/configure 2006-05-24 20:54:05.000000000 +0200 -@@ -5899,6 +5899,8 @@ - config/nsprincl.mk - config/nsprincl.sh - config/nspr-config -+config/nspr-config-pc -+config/nspr-config-vars - lib/Makefile - lib/ds/Makefile - lib/libc/Makefile diff --git a/nss/PayPalEE.cert b/nss/PayPalEE.cert deleted file mode 100644 index e49d8bd..0000000 Binary files a/nss/PayPalEE.cert and /dev/null differ diff --git a/nss/cert8.db b/nss/cert8.db deleted file mode 100644 index ac40a33..0000000 Binary files a/nss/cert8.db and /dev/null differ diff --git a/nss/cert9.db b/nss/cert9.db deleted file mode 100644 index 1763264..0000000 Binary files a/nss/cert9.db and /dev/null differ diff --git a/nss/key3.db b/nss/key3.db deleted file mode 100644 index 31e3975..0000000 Binary files a/nss/key3.db and /dev/null differ diff --git a/nss/key4.db b/nss/key4.db deleted file mode 100644 index 6bd60cb..0000000 Binary files a/nss/key4.db and /dev/null differ diff --git a/nss/nss-config.in b/nss/nss-config.in deleted file mode 100644 index f8f893e..0000000 --- a/nss/nss-config.in +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/sh - -prefix=@prefix@ - -major_version=@MOD_MAJOR_VERSION@ -minor_version=@MOD_MINOR_VERSION@ -patch_version=@MOD_PATCH_VERSION@ - -usage() -{ - cat <<EOF -Usage: nss-config [OPTIONS] [LIBRARIES] -Options: - [--prefix[=DIR]] - [--exec-prefix[=DIR]] - [--includedir[=DIR]] - [--libdir[=DIR]] - [--version] - [--libs] - [--cflags] -Dynamic Libraries: - nss - nssutil - ssl - smime -EOF - exit $1 -} - -if test $# -eq 0; then - usage 1 1>&2 -fi - -lib_ssl=yes -lib_smime=yes -lib_nss=yes -lib_nssutil=yes - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --includedir=*) - includedir=$optarg - ;; - --includedir) - echo_includedir=yes - ;; - --libdir=*) - libdir=$optarg - ;; - --libdir) - echo_libdir=yes - ;; - --version) - echo ${major_version}.${minor_version}.${patch_version} - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - ssl) - lib_ssl=yes - ;; - smime) - lib_smime=yes - ;; - nss) - lib_nss=yes - ;; - nssutil) - lib_nssutil=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -# Set variables that may be dependent upon other variables -if test -z "$exec_prefix"; then - exec_prefix=`pkg-config --variable=exec_prefix nss` -fi -if test -z "$includedir"; then - includedir=`pkg-config --variable=includedir nss` -fi -if test -z "$libdir"; then - libdir=`pkg-config --variable=libdir nss` -fi - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_includedir" = "yes"; then - echo $includedir -fi - -if test "$echo_libdir" = "yes"; then - echo $libdir -fi - -if test "$echo_cflags" = "yes"; then - echo -I$includedir -fi - -if test "$echo_libs" = "yes"; then - libdirs="-Wl,-rpath-link,$libdir -L$libdir" - if test -n "$lib_ssl"; then - libdirs="$libdirs -lssl${major_version}" - fi - if test -n "$lib_smime"; then - libdirs="$libdirs -lsmime${major_version}" - fi - if test -n "$lib_nss"; then - libdirs="$libdirs -lnss${major_version}" - fi - if test -n "$lib_nssutil"; then - libdirs="$libdirs -lnssutil${major_version}" - fi - echo $libdirs -fi - diff --git a/nss/nss-util-config.in b/nss/nss-util-config.in deleted file mode 100644 index ef8751d..0000000 --- a/nss/nss-util-config.in +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/sh - -prefix=@prefix@ - -major_version=@MOD_MAJOR_VERSION@ -minor_version=@MOD_MINOR_VERSION@ -patch_version=@MOD_PATCH_VERSION@ - -usage() -{ - cat <<EOF -Usage: nss-util-config [OPTIONS] [LIBRARIES] -Options: - [--prefix[=DIR]] - [--exec-prefix[=DIR]] - [--includedir[=DIR]] - [--libdir[=DIR]] - [--version] - [--libs] - [--cflags] -Dynamic Libraries: - nssutil -EOF - exit $1 -} - -if test $# -eq 0; then - usage 1 1>&2 -fi - -lib_nssutil=yes - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --includedir=*) - includedir=$optarg - ;; - --includedir) - echo_includedir=yes - ;; - --libdir=*) - libdir=$optarg - ;; - --libdir) - echo_libdir=yes - ;; - --version) - echo ${major_version}.${minor_version}.${patch_version} - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -# Set variables that may be dependent upon other variables -if test -z "$exec_prefix"; then - exec_prefix=`pkg-config --variable=exec_prefix nss-util` -fi -if test -z "$includedir"; then - includedir=`pkg-config --variable=includedir nss-util` -fi -if test -z "$libdir"; then - libdir=`pkg-config --variable=libdir nss-util` -fi - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_includedir" = "yes"; then - echo $includedir -fi - -if test "$echo_libdir" = "yes"; then - echo $libdir -fi - -if test "$echo_cflags" = "yes"; then - echo -I$includedir -fi - -if test "$echo_libs" = "yes"; then - libdirs="-Wl,-rpath-link,$libdir -L$libdir" - if test -n "$lib_nssutil"; then - libdirs="$libdirs -lnssutil${major_version}" - fi - echo $libdirs -fi - diff --git a/nss/nss-util.pc.in b/nss/nss-util.pc.in deleted file mode 100644 index 1310248..0000000 --- a/nss/nss-util.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSS-UTIL -Description: Network Security Services Utility Library -Version: %NSSUTIL_VERSION% -Requires: nspr >= %NSPR_VERSION% -Libs: -L${libdir} -lnssutil3 -Cflags: -I${includedir} diff --git a/nss/nss.nm b/nss/nss.nm deleted file mode 100644 index af0a2cf..0000000 --- a/nss/nss.nm +++ /dev/null @@ -1,263 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = nss -ver_major = 3 -ver_minor = 13 -ver_patch = 1 -version = %{ver_major}.%{ver_minor}.%{ver_patch} -release = 4 - -maintainer = Stefan Schantl stefan.schantl@ipfire.org -groups = System/Libraries -url = http://www.mozilla.org/projects/security/pki/nss/ -license = MPLv1.1 or GPLv2+ or LGPLv2+ -summary = Network Security Services. - -description - Network Security Services (NSS) is a set of libraries designed to - support cross-platform development of security-enabled client and - server applications. Applications built with NSS can support SSL v2 - and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 - v3 certificates, and other security standards. -end - -sources += \ - %{name}-pem-20100809.tar.bz2 - -source_dl = ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_%{ver_major}_%{ver_minor}_%{ver_patch}_RTM/src/ - -build - requires - chrpath - nspr-devel - perl - pkg-config - psmisc - sqlite-devel - zlib-devel - end - - ## Define some global environment variables - - export FREEBL_NO_DEPEND=1 - - # Enable compiler optimizations and disable debugging code - export BUILD_OPT=1 - export XCFLAGS=%{CFLAGS} - - # Allow the usage of system libraries. - export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 - export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 - - # Define where to find nspr header files and libraries. - export NSPR_INCLUDE_DIR=/usr/include/nspr4 - export NSPR_LIB_DIR=%{libdir} - - # Disable support for SHA224. - export NO_SHA224_AVAILABLE=1 - - # Use sqlite from system. - export NSS_USE_SYSTEM_SQLITE=1 - - if "%{DISTRO_ARCH}" == "x86_64" - export USE_64=1 - end - - prepare - # Extract tarball. - cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz - - # Extract pem tarball into nss directory. - cd %{DIR_APP} && %{MACRO_EXTRACT} %{DIR_DL}/%{name}-pem-20100809.tar.bz2 - - # Apply all patches - %{MACRO_PATCHES} - end - - build - make -C ./mozilla/security/coreconf - make -C ./mozilla/security/dbm - make -C ./mozilla/security/nss - end - - install - # We have to do the complete install stuff self. - - # Create directory layout. - mkdir -pv %{BUILDROOT}/usr/include/nss3 - mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}} - mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig - mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools - - # Install all libraries. - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnss3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsspem.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsssysinit.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsmime3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libssl3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \ - %{BUILDROOT}/%{libdir} - - # Install the empty NSS db files - mkdir -pv %{BUILDROOT}/etc/pki/nssdb - cp -vf %{DIR_SOURCE}/*.db %{BUILDROOT}/etc/pki/nssdb/ - install -p -v -m 644 %{DIR_SOURCE}/system-pkcs11.txt \ - %{BUILDROOT}/etc/pki/nssdb/pkcs11.txt - - # Copy the binaries we want - install -p -v -m 755 mozilla/dist/*.OBJ/bin/certutil %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/cmsutil %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/crlutil %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/modutil %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/pk12util %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/signtool %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/signver %{BUILDROOT}/usr/bin - install -p -v -m 755 mozilla/dist/*.OBJ/bin/ssltap %{BUILDROOT}/usr/bin - chrpath --delete %{BUILDROOT}/usr/bin/* - - # Copy the binaries we ship as unsupported - install -p -v -m 755 mozilla/dist/*.OBJ/bin/atob %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/btoa %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/derdump %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/ocspclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/pp %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/selfserv %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/strsclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/symkeyutil %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/tstclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfyserv %{BUILDROOT}%{libdir}/nss/unsupported-tools - install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfychain %{BUILDROOT}%{libdir}/nss/unsupported-tools - chrpath --delete %{BUILDROOT}%{libdir}/nss/unsupported-tools/* - - for file in nss-config nss-util-config; do - sed -e "s,@libdir@,%{libdir},g" \ - -e "s,@prefix@,/usr,g" \ - -e "s,@exec_prefix@,/usr,g" \ - -e "s,@includedir@,/usr/include/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$(grep "#define.*NSS_VMAJOR" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \ - -e "s,@MOD_MINOR_VERSION@,$(grep "#define.*NSS_VMINOR" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \ - -e "s,@MOD_PATCH_VERSION@,$(grep "#define.*NSS_VPATCH" mozilla/security/nss/lib/nss/nss.h | awk '{print $3}'),g" \ - < %{DIR_SOURCE}/${file}.in \ - > %{BUILDROOT}/usr/bin/${file} - chmod -v 755 %{BUILDROOT}/usr/bin/${file} - done - - install -p -v -m 755 %{DIR_SOURCE}/setup-nsssysinit.sh %{BUILDROOT}/usr/bin - - # Generate file for pkg-config. - for file in nss.pc nss-util.pc; do - sed \ - -e "s,%libdir%,%{libdir},g" \ - -e "s,%prefix%,/usr,g" \ - -e "s,%exec_prefix%,/usr,g" \ - -e "s,%includedir%,/usr/include/nss3,g" \ - -e "s,%NSS_VERSION%,%{version},g" \ - -e "s,%NSPR_VERSION%,$(nspr-config --version),g" \ - < %{DIR_SOURCE}/${file}.in \ - > %{BUILDROOT}%{libdir}/pkgconfig/${file} - done - - # Copy the include files we want - cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3 - cp -vf mozilla/dist/private/nss/blapi.h %{BUILDROOT}/usr/include/nss3 - chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h - end -end - -packages - package %{name} - - package %{name}-libs - template LIBS - - requires - nss-softokn=%{thisver} - nss-softokn-freebl=%{thisver} - end - - files - %{libdir}/*.so - end - end - - package %{name}-devel - template DEVEL - - requires - nspr-devel - nss=%{thisver} - end - - provides - nss-util-devel = %{thisver} - end - - # Mozilla does no versioning :( - files - /usr/bin/*-config - /usr/include - %{libdir}/pkgconfig - end - end - - package %{name}-softokn - summary = Network Security Services Softoken Module. - description - Network Security Services Softoken Cryptographic Module. - end - - requires = nss=%{thisver} - - files - %{libdir}/libnssdbm3.so - %{libdir}/libsoftokn3.so - %{libdir}/nss/unsupported-tools/shlibsign - end - end - - package %{name}-softokn-freebl - summary = Freebl library for the Network Security Services. - description - NSS Softoken Cryptographic Module Freelb Library. - end - - requires - nss=%{thisver} - nss-softokn=%{thisver} - end - - files = %{libdir}/libfreebl3.so - end - - package %{name}-util - summary = Network Security Services Utilities Library. - description - Utilities for Network Security Services and the Softoken module. - end - - requires = nss=%{thisver} - - files = %{libdir}/libnssutil3.so - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/nss/nss.pc.in b/nss/nss.pc.in deleted file mode 100644 index dddf868..0000000 --- a/nss/nss.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSS -Description: Network Security Services -Version: %NSS_VERSION% -Requires: nspr >= %NSPR_VERSION% -Libs: -lssl3 -lsmime3 -lnss3 -Cflags: -I${includedir} diff --git a/nss/patches/0001-Bug-695011-PEM-logging.patch b/nss/patches/0001-Bug-695011-PEM-logging.patch deleted file mode 100644 index 2693d7c..0000000 --- a/nss/patches/0001-Bug-695011-PEM-logging.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001 -From: Elio Maldonado emaldona@redhat.com -Date: Tue, 12 Apr 2011 09:31:48 -0700 -Subject: [PATCH] Bug 695011 PEM logging - -Use NSPR logging facilities for PEM logging to fix a segmenation violation -caused when user cannot for write a log file created by root ---- - mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++- - mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------ - 2 files changed, 22 insertions(+), 15 deletions(-) - -diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h -index 839d40b..720525e 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h -+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h -@@ -1,3 +1,6 @@ -+#ifndef CKPEM_H -+#define CKPEM_H -+ - #include "nssckmdt.h" - #include "nssckfw.h" - #include "ckfwtm.h" -@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk); - /* ptoken.c */ - NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError); - -+/* util.c */ - void open_log(); --void close_log(); - void plog(const char *fmt, ...); - --#define PEM_H 1 -+#endif /* CKPEM_H */ -diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c -index 853f418..fafb924 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/util.c -+++ b/mozilla/security/nss/lib/ckfw/pem/util.c -@@ -41,6 +41,7 @@ - #include "prtime.h" - #include "prlong.h" - #include "prerror.h" -+#include "prlog.h" - #include "prprf.h" - #include "plgetopt.h" - #include "prenv.h" -@@ -51,6 +52,9 @@ - #include "cryptohi.h" - #include "secpkcs7.h" - #include "secerr.h" -+ -+#include "ckpem.h" -+ - #include <stdarg.h> - - #define CHUNK_SIZE 512 -@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, - return -1; - } - --FILE *plogfile; -+#ifdef DEBUG -+#define LOGGING_BUFFER_SIZE 400 -+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log" -+static const char *pemLogModuleName = "PEM"; -+static PRLogModuleInfo* pemLogModule; -+#endif - - void open_log() - { - #ifdef DEBUG -- plogfile = fopen("/tmp/pkcs11.log", "a"); --#endif -+ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE"); - -- return; --} -+ pemLogModule = PR_NewLogModule(pemLogModuleName); - --void close_log() --{ --#ifdef DEBUG -- fclose(plogfile); -+ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE); -+ /* If false, the log file will remain what it was before */ - #endif -- return; - } - - void plog(const char *fmt, ...) - { - #ifdef DEBUG -+ char buf[LOGGING_BUFFER_SIZE]; - va_list ap; - - va_start(ap, fmt); -- vfprintf(plogfile, fmt, ap); -+ PR_vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); -- -- fflush(plogfile); -+ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf)); - #endif - } --- -1.7.4.2 - diff --git a/nss/patches/0001-libnsspem-rhbz-734760.patch b/nss/patches/0001-libnsspem-rhbz-734760.patch deleted file mode 100644 index 45b4024..0000000 --- a/nss/patches/0001-libnsspem-rhbz-734760.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c ---- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700 -+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700 -@@ -1117,7 +1117,7 @@ pem_CreateObject - - nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); - if (nobjs < 1) -- return (NSSCKMDObject *) NULL; -+ goto loser; - - objid = -1; - /* Brute force: find the id of the key, if any, in this slot */ -@@ -1176,7 +1176,7 @@ pem_CreateObject - - nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */); - if (nobjs < 1) -- return (NSSCKMDObject *) NULL; -+ goto loser; - - certDER.len = 0; /* in case there is no equivalent cert */ - certDER.data = NULL; diff --git a/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 b/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 deleted file mode 100644 index 934ea30..0000000 --- a/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 +++ /dev/null @@ -1,40 +0,0 @@ -diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c ---- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800 -+++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800 -@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF - { - int i; - -+ /* make sure our lock and condition variable are initialized one and only -+ * one time */ -+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { -+ return SECFailure; -+ } -+ - PZ_Lock(nssInitLock); - if (!NSS_IsInitialized()) { - PZ_Unlock(nssInitLock); -@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc - { - int i; - -+ /* make sure our lock and condition variable are initialized one and only -+ * one time */ -+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { -+ return SECFailure; -+ } - PZ_Lock(nssInitLock); - if (!NSS_IsInitialized()) { - PZ_Unlock(nssInitLock); -@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont - { - SECStatus rv = SECSuccess; - -+ /* make sure our lock and condition variable are initialized one and only -+ * one time */ -+ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { -+ return SECFailure; -+ } - PZ_Lock(nssInitLock); - /* If one or more threads are in the middle of init, wait for them - * to complete */ diff --git a/nss/patches/gnuc-minor-def-fix.patch b/nss/patches/gnuc-minor-def-fix.patch deleted file mode 100644 index f210af2..0000000 --- a/nss/patches/gnuc-minor-def-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h ---- nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo 2011-11-10 12:44:17.683967574 -0600 -+++ nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h 2011-11-10 12:44:24.146886778 -0600 -@@ -362,7 +362,7 @@ typedef CK_ULONG CK_TRUST; - * cast the resulting value to the deprecated type in the #define, thus - * producting the warning when the #define is used. - */ --#if (__GNUC__ == 4) && (__GNUC_MINOR < 5) -+#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) - /* The mac doesn't like the friendlier deprecate messages. I'm assuming this - * is a gcc version issue rather than mac or ppc specific */ - typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); diff --git a/nss/patches/nofipstest.patch0 b/nss/patches/nofipstest.patch0 deleted file mode 100644 index 5f711be..0000000 --- a/nss/patches/nofipstest.patch0 +++ /dev/null @@ -1,19 +0,0 @@ -diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn ---- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800 -+++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800 -@@ -54,7 +54,6 @@ DIRS = lib \ - dbtest \ - derdump \ - digest \ -- fipstest \ - makepqg \ - multinit \ - ocspclnt \ -@@ -84,6 +83,7 @@ DIRS = lib \ - $(NULL) - - TEMPORARILY_DONT_BUILD = \ -+ fipstest \ - $(NULL) - - # rsaperf \ diff --git a/nss/patches/nosha224.patch0 b/nss/patches/nosha224.patch0 deleted file mode 100644 index bd9d351..0000000 --- a/nss/patches/nosha224.patch0 +++ /dev/null @@ -1,618 +0,0 @@ -diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk ---- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800 -+++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800 -@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3 - USE_SYSTEM_FREEBL = 1 - FREEBL_LIBS = -lfreebl3 - -+# -+# Don't compile code that requires SHA224 if it isn't avilable -+# Such is the case when system freebl/softokn is the 3.12 one -+# -+ifdef NO_SHA224_AVAILABLE -+CFLAGS+=-DNO_SHA224_AVAILABLE -+endif -+ - # The -rpath '$$ORIGIN' linker option instructs this library to search for its - # dependencies in the same directory where it resides. - ifeq ($(BUILD_SUN_PKG), 1) -diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c ---- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700 -+++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800 -@@ -686,7 +686,9 @@ typedef enum { - bltestMD2, /* Hash algorithms */ - bltestMD5, /* . */ - bltestSHA1, /* . */ -+#ifndef NO_SHA224_AVAILABLE - bltestSHA224, /* . */ -+#endif - bltestSHA256, /* . */ - bltestSHA384, /* . */ - bltestSHA512, /* . */ -@@ -721,7 +723,9 @@ static char *mode_strings[] = - "md2", - "md5", - "sha1", -+#ifndef NO_SHA224_AVAILABLE - "sha224", -+#endif - "sha256", - "sha384", - "sha512", -@@ -1761,6 +1765,7 @@ finish: - return rv; - } - -+#ifndef NO_SHA224_AVAILABLE - SECStatus - SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) - { -@@ -1800,6 +1805,7 @@ finish: - SHA224_DestroyContext(cx, PR_TRUE); - return rv; - } -+#endif - - SECStatus - SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo, - cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; - return SECSuccess; - break; -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, -@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo, - cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart - : SHA224_HashBuf; - return SECSuccess; -+#endif - break; - case bltestSHA256: - restart = cipherInfo->params.hash.restart; -@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf - case bltestMD2: /* hash contexts are ephemeral */ - case bltestMD5: - case bltestSHA1: -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: -+#endif - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: -@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar - case bltestMD2: - case bltestMD5: - case bltestSHA1: -+#ifndef NO_SHA224_AVAILABLE - case bltestSHA224: -+#endif - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: -diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c ---- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800 -+++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800 -@@ -41,6 +41,10 @@ - #include "blapi.h" - #include "secutil.h" - -+#ifdef NO_SHA224_AVAILABLE -+PRBool BLAPI_SHVerifyFile(const char *shName); -+#endif -+ - static int Usage() - { - fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n"); -diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c ---- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700 -+++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800 -@@ -86,6 +86,14 @@ static char consoleName[] = { - #include "nssutil.h" - #include "ssl.h" - -+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included -+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h -+ * but invisible here for some reason -+ */ -+#ifndef CERTDB_TERMINAL_RECORD -+#define CERTDB_TERMINAL_RECORD (1<<0) -+#endif -+ - - void - SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) -@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[] - { 0 } - }; - -+/* if no sha224 then no psapss either */ -+#ifndef NO_SHA224_AVAILABLE - void - secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level) - { -@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte - } - PORT_FreeArena(pool, PR_FALSE); - } -+#endif - - void - secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level) -@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo - return; - } - -+#ifndef NO_SHA224_AVAILABLE - if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { - secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1); - return; - } -+#endif - - if (a->parameters.len == 0 - || (a->parameters.len == 2 -@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char - hashAlgTag = SEC_OID_MD5; - } else if (!PL_strcmp(alg, "SHA1")) { - hashAlgTag = SEC_OID_SHA1; -+#ifndef NO_SHA224_AVAILABLE - } else if (!PL_strcmp(alg, "SHA224")) { - hashAlgTag = SEC_OID_SHA224; -+#endif - } else if (!PL_strcmp(alg, "SHA256")) { - hashAlgTag = SEC_OID_SHA256; - } else if (!PL_strcmp(alg, "SHA384")) { -diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c ---- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800 -+++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800 -@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR - - mech_str digestMechs[] = { - {CKM_SHA_1, "CKM_SHA_1 "}, -+#ifndef NO_SHA224_AVAILABLE - {CKM_SHA224, "CKM_SHA224"}, -+#endif - {CKM_SHA256, "CKM_SHA256"}, - {CKM_SHA384, "CKM_SHA384"}, - {CKM_SHA512, "CKM_SHA512"} - }; - mech_str hmacMechs[] = { - {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"}, -+#ifndef NO_SHA224_AVAILABLE - {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"}, -+#endif - {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"}, - {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"}, - {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"} - }; - mech_str sigRSAMechs[] = { - {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"}, -+#ifndef NO_SHA224_AVAILABLE - {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"}, -+#endif - {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"}, - {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"}, - {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"} -diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c ---- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700 -+++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800 -@@ -91,10 +91,12 @@ sha1_NewContext(void) { - return (void *) PK11_CreateDigestContext(SEC_OID_SHA1); - } - -+#ifndef NO_SHA224_AVAILABLE - static void * - sha224_NewContext(void) { - return (void *) PK11_CreateDigestContext(SEC_OID_SHA224); - } -+#endif - - static void * - sha256_NewContext(void) { -@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = { - SHA512_BLOCK_LENGTH, - HASH_AlgSHA512 - }, -+#ifndef NO_SHA224_AVAILABLE - { SHA224_LENGTH, - (void * (*)(void)) sha224_NewContext, - (void * (*)(void *)) PK11_CloneContext, -@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = { - SHA224_BLOCK_LENGTH, - HASH_AlgSHA224 - }, -+#endif - }; - - const SECHashObject * -@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO - case SEC_OID_MD2: ht = HASH_AlgMD2; break; - case SEC_OID_MD5: ht = HASH_AlgMD5; break; - case SEC_OID_SHA1: ht = HASH_AlgSHA1; break; -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_SHA224: ht = HASH_AlgSHA224; break; -+#endif - case SEC_OID_SHA256: ht = HASH_AlgSHA256; break; - case SEC_OID_SHA384: ht = HASH_AlgSHA384; break; - case SEC_OID_SHA512: ht = HASH_AlgSHA512; break; -@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag - /* no oid exists for HMAC_MD2 */ - /* NSS does not define a oid for HMAC_MD4 */ - case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break; -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break; -+#endif - case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break; - case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break; - case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break; -@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag - /* no oid exists for HMAC_MD2 */ - /* NSS does not define a oid for HMAC_MD4 */ - case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break; -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break; -+#endif - case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break; - case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break; - case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break; -diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c ---- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700 -+++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800 -@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) { - * should be handing us a cipher type */ - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: -+#endif - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: -diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c ---- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700 -+++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800 -@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey * - case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: - *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ - break; -- -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - *hashalg = SEC_OID_SHA224; - break; -+#endif - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - *hashalg = SEC_OID_SHA256; -@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey * - len = SECKEY_PublicKeyStrength(key); - if (len < 28) { /* 28 bytes == 224 bits */ - *hashalg = SEC_OID_SHA1; -+#ifndef NO_SHA224_AVAILABLE - } else if (len < 32) { /* 32 bytes == 256 bits */ - *hashalg = SEC_OID_SHA224; -+#endif - } else if (len < 48) { /* 48 bytes == 384 bits */ - *hashalg = SEC_OID_SHA256; - } else if (len < 64) { /* 48 bytes == 512 bits */ -@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: - case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: -+#endif - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: -@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * - *encalg = SEC_OID_MISSI_DSS; - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: -+#ifndef NO_SHA224_AVAILABLE - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: -+#endif - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: -diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h ---- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800 -@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi - extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); - - /******************************************/ -- -+#ifndef NO_SHA224_AVAILABLE - extern SHA224Context *SHA224_NewContext(void); - extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit); - extern void SHA224_Begin(SHA224Context *cx); -@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S - extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space); - extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg); - extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src); -+#endif - - /******************************************/ - -diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c ---- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800 -@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect - JPAKE_Verify, - JPAKE_Round2, - JPAKE_Final, -- -+#ifndef NO_SHA224_AVAILABLE - /* End of Version 3.012 */ - - TLS_P_hash, -@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect - SHA224_Resurrect, - SHA224_Clone, - BLAPI_SHVerifyFile -- -+#endif - /* End of Version 3.013 */ - }; - -diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c ---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800 -@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void ) - 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, - 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, - 0xe0,0x68,0x47,0x7a}; -- -+#ifndef NO_SHA224_AVAILABLE - /* SHA-224 Known Digest Message (224-bits). */ - static const PRUint8 sha224_known_digest[] = { - 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb, - 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8, - 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64, - 0x9a,0xb8,0x98,0x4e}; -- -+#endif - /* SHA-256 Known Digest Message (256-bits). */ - static const PRUint8 sha256_known_digest[] = { - 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, -@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) - ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, - SHA1_LENGTH ) != 0 ) ) - return( CKR_DEVICE_ERROR ); -- -+#ifndef NO_SHA224_AVAILABLE - /***************************************************/ - /* SHA-224 Single-Round Known Answer Hashing Test. */ - /***************************************************/ -@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) - ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, - SHA224_LENGTH ) != 0 ) ) - return( CKR_DEVICE_ERROR ); -- -+#endif - /***************************************************/ - /* SHA-256 Single-Round Known Answer Hashing Test. */ - /***************************************************/ -diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c ---- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800 -@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[] - SHA512_BLOCK_LENGTH, - HASH_AlgSHA512 - }, -+#ifndef NO_SHA224_AVAILABLE - { SHA224_LENGTH, - (void * (*)(void)) SHA224_NewContext, - (void * (*)(void *)) null_hash_clone_context, -@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[] - SHA224_BLOCK_LENGTH, - HASH_AlgSHA224 - }, -+#endif - }; - - const SECHashObject * -diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c ---- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700 -+++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800 -@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S - memcpy(dest, src, sizeof *dest); - } - -+#ifndef NO_SHA224_AVAILABLE - /* ============= SHA224 implementation ================================== */ - - /* SHA-224 initial hash values */ -@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S - { - SHA256_Clone(dest, src); - } -- -+#endif - - /* ======= SHA512 and SHA384 common constants and defines ================= */ - -diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c ---- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700 -+++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800 -@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) - 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, - 0x5d, 0x0e, 0x1e, 0x11}; - -+#ifndef NO_SHA224_AVAILABLE - /* known SHA224 hmac (28 bytes) */ - static const PRUint8 known_SHA224_hmac[] = { - 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, - 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8, - 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64, - 0x9a, 0xb8, 0x98, 0x4e}; -+#endif - - /* known SHA256 hmac (32 bytes) */ - static const PRUint8 known_SHA256_hmac[] = { -@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) - /* HMAC SHA-224 Single-Round Known Answer Test. */ - /***************************************************/ - -+#ifndef NO_SHA224_AVAILABLE - hmac_status = sftk_fips_HMAC(hmac_computed, - HMAC_known_secret_key, - HMAC_known_secret_key_length, -@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) - ( PORT_Memcmp( hmac_computed, known_SHA224_hmac, - SHA224_LENGTH ) != 0 ) ) - return( CKR_DEVICE_ERROR ); -+#endif - - /***************************************************/ - /* HMAC SHA-256 Single-Round Known Answer Test. */ -@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void ) - 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, - 0xe0,0x68,0x47,0x7a}; - -+#ifndef NO_SHA224_AVAILABLE - /* SHA-224 Known Digest Message (224-bits). */ - static const PRUint8 sha224_known_digest[] = { - 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, - 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, - 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, - 0x8e,0x08,0xe5,0xcb}; -+#endif - - /* SHA-256 Known Digest Message (256-bits). */ - static const PRUint8 sha256_known_digest[] = { -@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) - /* SHA-224 Single-Round Known Answer Hashing Test. */ - /***************************************************/ - -+#ifndef NO_SHA224_AVAILABLE - sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, - FIPS_KNOWN_HASH_MESSAGE_LENGTH ); - -@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) - ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, - SHA224_LENGTH ) != 0 ) ) - return( CKR_DEVICE_ERROR ); -+#endif - - /***************************************************/ - /* SHA-256 Single-Round Known Answer Hashing Test. */ -diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c ---- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700 -+++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800 -@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h - INIT_MECH(CKM_MD2, MD2) - INIT_MECH(CKM_MD5, MD5) - INIT_MECH(CKM_SHA_1, SHA1) -+#ifndef NO_SHA224_AVAILABLE - INIT_MECH(CKM_SHA224, SHA224) -+#endif - INIT_MECH(CKM_SHA256, SHA256) - INIT_MECH(CKM_SHA384, SHA384) - INIT_MECH(CKM_SHA512, SHA512) -@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co - DOSUB(MD2) - DOSUB(MD5) - DOSUB(SHA1) -+#ifndef NO_SHA224_AVAILABLE - DOSUB(SHA224) -+#endif - DOSUB(SHA256) - DOSUB(SHA384) - DOSUB(SHA512) -@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe - INIT_RSA_SIGN_MECH(MD5) - INIT_RSA_SIGN_MECH(MD2) - INIT_RSA_SIGN_MECH(SHA1) -+#ifndef NO_SHA224_AVAILABLE - INIT_RSA_SIGN_MECH(SHA224) -+#endif - INIT_RSA_SIGN_MECH(SHA256) - INIT_RSA_SIGN_MECH(SHA384) - INIT_RSA_SIGN_MECH(SHA512) -@@ -2131,7 +2137,9 @@ finish_rsa: - - INIT_HMAC_MECH(MD2) - INIT_HMAC_MECH(MD5) -+#ifndef NO_SHA224_AVAILABLE - INIT_HMAC_MECH(SHA224) -+#endif - INIT_HMAC_MECH(SHA256) - INIT_HMAC_MECH(SHA384) - INIT_HMAC_MECH(SHA512) -@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h - INIT_RSA_VFY_MECH(MD5) - INIT_RSA_VFY_MECH(MD2) - INIT_RSA_VFY_MECH(SHA1) -+#ifndef NO_SHA224_AVAILABLE - INIT_RSA_VFY_MECH(SHA224) -+#endif - INIT_RSA_VFY_MECH(SHA256) - INIT_RSA_VFY_MECH(SHA384) - INIT_RSA_VFY_MECH(SHA512) -@@ -2626,7 +2636,9 @@ finish_rsa: - - INIT_HMAC_MECH(MD2) - INIT_HMAC_MECH(MD5) -+#ifndef NO_SHA224_AVAILABLE - INIT_HMAC_MECH(SHA224) -+#endif - INIT_HMAC_MECH(SHA256) - INIT_HMAC_MECH(SHA384) - INIT_HMAC_MECH(SHA512) -diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c ---- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800 -+++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800 -@@ -311,8 +311,10 @@ static const struct mechanismList mechan - CKF_SN_VR}, PR_TRUE}, - {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, - CKF_SN_VR}, PR_TRUE}, -+#ifndef NO_SHA224_AVAILABLE - {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, - CKF_SN_VR}, PR_TRUE}, -+#endif - {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, - CKF_SN_VR}, PR_TRUE}, - {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, -@@ -401,9 +403,11 @@ static const struct mechanismList mechan - {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE}, - {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, -+#ifndef NO_SHA224_AVAILABLE - {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE}, - {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, -+#endif - {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE}, - {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, -diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c ---- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700 -+++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800 -@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY - case CKM_SHA_1: - case CKG_MGF1_SHA1: - return HASH_AlgSHA1; -+#ifndef NO_SHA224_AVAILABLE - case CKM_SHA224: - case CKG_MGF1_SHA224: - return HASH_AlgSHA224; -+#endif - case CKM_SHA256: - case CKG_MGF1_SHA256: - return HASH_AlgSHA256; -diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt ---- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700 -+++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800 -@@ -73,7 +73,6 @@ - 0 md2_-H MD2_Hash - 0 md5_-H MD5_Hash - 0 sha1_-H SHA1_Hash -- 0 sha224_-H SHA224_Hash - 0 sha256_-H SHA256_Hash - 0 sha384_-H SHA384_Hash - 0 sha512_-H SHA512_Hash diff --git a/nss/patches/nss-646045.patch0 b/nss/patches/nss-646045.patch0 deleted file mode 100644 index 5492127..0000000 --- a/nss/patches/nss-646045.patch0 +++ /dev/null @@ -1,34 +0,0 @@ -diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh ---- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700 -+++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700 -@@ -201,6 +201,9 @@ dbtest_main() - cat $RONLY_DIR/* > /dev/null - fi - -+ # skipping the next two tests when user is root, -+ # otherwise they would fail due to rooty powers -+ if [[ $EUID -ne 0 ]] then - ${BINDIR}/dbtest -d $RONLY_DIR - ret=$? - if [ $ret -ne 46 ]; then -@@ -208,6 +211,10 @@ dbtest_main() - else - html_passed "Dbtest r/w didn't work in an readonly dir $ret" - fi -+ else -+ html_passed "Skipping Dbtest r/w in a readonly dir because user is root" -+ fi -+ if [[ $EUID -ne 0 ]] then - ${BINDIR}/certutil -D -n "TestUser" -d . - ret=$? - if [ $ret -ne 255 ]; then -@@ -215,6 +222,9 @@ dbtest_main() - else - html_passed "Certutil didn't work in an readonly dir $ret" - fi -+ else -+ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root" -+ fi - - Echo "test opening the database ronly in a readonly directory" - diff --git a/nss/patches/nss-ckbi-1.88.rtm.patch0 b/nss/patches/nss-ckbi-1.88.rtm.patch0 deleted file mode 100644 index c6de789..0000000 --- a/nss/patches/nss-ckbi-1.88.rtm.patch0 +++ /dev/null @@ -1,637 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c ---- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 16:29:17.081000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 08:11:57.000000000 -0700 -@@ -35,7 +35,7 @@ - * - * ***** END LICENSE BLOCK ***** */ - #ifdef DEBUG --static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $"; -+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $"; - #endif /* DEBUG */ - - #ifndef BUILTINS_H -@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built - static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED - }; -+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = { -+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE -+}; -+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = { -+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED -+}; -+static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = { -+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE -+}; -+static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = { -+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED -+}; - #ifdef DEBUG - static const NSSItem nss_builtins_items_0 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_ - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"CVS ID", (PRUint32)7 }, - { (void *)"NSS", (PRUint32)4 }, -- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 } -+ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 } - }; - #endif /* DEBUG */ - static const NSSItem nss_builtins_items_1 [] = { -@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_ - { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } - }; -+static const NSSItem nss_builtins_items_340 [] = { -+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, -+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, -+ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061" -+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" -+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" -+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" -+"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151" -+"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156" -+"\162\151\143\150\051" -+, (PRUint32)101 }, -+ { (void *)"0", (PRUint32)2 }, -+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" -+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" -+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" -+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" -+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" -+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" -+"\141\154\040\122\157\157\164" -+, (PRUint32)119 }, -+ { (void *)"\002\006\007\377\377\377\377\377" -+, (PRUint32)8 }, -+ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007" -+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" -+"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023" -+"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124" -+"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060" -+"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145" -+"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163" -+"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023" -+"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" -+"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060" -+"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062" -+"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060" -+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" -+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" -+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" -+"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003" -+"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145" -+"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051" -+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001" -+"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144" -+"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376" -+"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312" -+"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225" -+"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152" -+"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173" -+"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335" -+"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177" -+"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001" -+"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035" -+"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134" -+"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001" -+"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005" -+"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142" -+"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164" -+"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056" -+"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003" -+"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006" -+"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061" -+"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026" -+"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157" -+"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023" -+"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" -+"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061" -+"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171" -+"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040" -+"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004" -+"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072" -+"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165" -+"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103" -+"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060" -+"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027" -+"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015" -+"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201" -+"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005" -+"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325" -+"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377" -+"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222" -+"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113" -+"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362" -+"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305" -+"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143" -+"\131" -+, (PRUint32)977 } -+}; -+static const NSSItem nss_builtins_items_341 [] = { -+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, -+ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025" -+"\214\071\131\117" -+, (PRUint32)20 }, -+ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152" -+, (PRUint32)16 }, -+ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -+"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" -+"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" -+"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" -+"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" -+"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" -+"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" -+"\141\154\040\122\157\157\164" -+, (PRUint32)119 }, -+ { (void *)"\002\006\007\377\377\377\377\377" -+, (PRUint32)8 }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -+}; -+static const NSSItem nss_builtins_items_342 [] = { -+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, -+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, -+ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061" -+"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" -+"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" -+"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" -+"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151" -+"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050" -+"\105\156\162\151\143\150\051" -+, (PRUint32)103 }, -+ { (void *)"0", (PRUint32)2 }, -+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" -+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" -+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" -+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" -+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" -+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" -+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" -+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" -+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" -+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" -+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" -+"\040\050\062\060\064\070\051" -+, (PRUint32)183 }, -+ { (void *)"\002\006\007\377\377\377\377\377" -+, (PRUint32)8 }, -+ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007" -+"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" -+"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012" -+"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060" -+"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162" -+"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070" -+"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056" -+"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061" -+"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071" -+"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114" -+"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023" -+"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162" -+"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157" -+"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061" -+"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065" -+"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060" -+"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" -+"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" -+"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" -+"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003" -+"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145" -+"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143" -+"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015" -+"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202" -+"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065" -+"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140" -+"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026" -+"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313" -+"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336" -+"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245" -+"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044" -+"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167" -+"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026" -+"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166" -+"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063" -+"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312" -+"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364" -+"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046" -+"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150" -+"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205" -+"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060" -+"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006" -+"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001" -+"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006" -+"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005" -+"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006" -+"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006" -+"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072" -+"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156" -+"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006" -+"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005" -+"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167" -+"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171" -+"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004" -+"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072" -+"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145" -+"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003" -+"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060" -+"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321" -+"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160" -+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003" -+"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153" -+"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003" -+"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001" -+"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014" -+"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063" -+"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142" -+"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264" -+"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251" -+"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330" -+"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327" -+"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013" -+"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113" -+"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227" -+"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100" -+"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247" -+"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011" -+"\355\020\342\305" -+, (PRUint32)1236 } -+}; -+static const NSSItem nss_builtins_items_343 [] = { -+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, -+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, -+ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, -+ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151" -+"\005\155\061\046" -+, (PRUint32)20 }, -+ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362" -+, (PRUint32)16 }, -+ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" -+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" -+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" -+"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" -+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" -+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" -+"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" -+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" -+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" -+"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" -+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" -+"\040\050\062\060\064\070\051" -+, (PRUint32)183 }, -+ { (void *)"\002\006\007\377\377\377\377\377" -+, (PRUint32)8 }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, -+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -+}; - - builtinsInternalObject - nss_builtins_data[] = { -@@ -22944,11 +23216,15 @@ nss_builtins_data[] = { - { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} }, - { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} }, - { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} }, -- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} } -+ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }, -+ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} }, -+ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} }, -+ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} }, -+ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} } - }; - const PRUint32 - #ifdef DEBUG -- nss_builtins_nObjects = 339+1; -+ nss_builtins_nObjects = 343+1; - #else -- nss_builtins_nObjects = 339; -+ nss_builtins_nObjects = 343; - #endif /* DEBUG */ -diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt ---- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 16:29:42.293000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 08:11:58.000000000 -0700 -@@ -34,7 +34,7 @@ - # the terms of any one of the MPL, the GPL or the LGPL. - # - # ***** END LICENSE BLOCK ***** --CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $" -+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $" - - # - # certdata.txt -@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N - CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED - CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED - CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -+ -+# -+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" -+# -+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" -+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -+CKA_SUBJECT MULTILINE_OCTAL -+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061 -+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 -+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 -+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 -+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151 -+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156 -+\162\151\143\150\051 -+END -+CKA_ID UTF8 "0" -+CKA_ISSUER MULTILINE_OCTAL -+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 -+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 -+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 -+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 -+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 -+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 -+\141\154\040\122\157\157\164 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\006\007\377\377\377\377\377 -+END -+CKA_VALUE MULTILINE_OCTAL -+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007 -+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 -+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023 -+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124 -+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060 -+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145 -+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163 -+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023 -+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 -+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060 -+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062 -+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060 -+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 -+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 -+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 -+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003 -+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145 -+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051 -+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001 -+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144 -+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376 -+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312 -+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225 -+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152 -+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173 -+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335 -+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177 -+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001 -+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035 -+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134 -+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001 -+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005 -+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142 -+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164 -+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056 -+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003 -+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006 -+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061 -+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026 -+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157 -+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023 -+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 -+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061 -+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171 -+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040 -+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004 -+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072 -+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165 -+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103 -+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060 -+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027 -+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015 -+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201 -+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005 -+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325 -+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377 -+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222 -+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113 -+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362 -+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305 -+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143 -+\131 -+END -+ -+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" -+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" -+CKA_CERT_SHA1_HASH MULTILINE_OCTAL -+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025 -+\214\071\131\117 -+END -+CKA_CERT_MD5_HASH MULTILINE_OCTAL -+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152 -+END -+CKA_ISSUER MULTILINE_OCTAL -+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 -+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 -+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 -+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 -+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 -+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 -+\141\154\040\122\157\157\164 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\006\007\377\377\377\377\377 -+END -+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -+ -+# -+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" -+# -+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" -+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -+CKA_SUBJECT MULTILINE_OCTAL -+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061 -+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 -+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 -+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 -+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151 -+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050 -+\105\156\162\151\143\150\051 -+END -+CKA_ID UTF8 "0" -+CKA_ISSUER MULTILINE_OCTAL -+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 -+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 -+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 -+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 -+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 -+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 -+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 -+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 -+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 -+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 -+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -+\040\050\062\060\064\070\051 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\006\007\377\377\377\377\377 -+END -+CKA_VALUE MULTILINE_OCTAL -+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007 -+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 -+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012 -+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060 -+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162 -+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070 -+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056 -+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061 -+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071 -+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114 -+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023 -+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162 -+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061 -+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065 -+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060 -+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 -+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 -+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 -+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003 -+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145 -+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143 -+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065 -+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140 -+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026 -+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313 -+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336 -+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245 -+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044 -+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167 -+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026 -+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166 -+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063 -+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312 -+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364 -+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046 -+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150 -+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205 -+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060 -+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001 -+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006 -+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005 -+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006 -+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006 -+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072 -+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156 -+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006 -+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005 -+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167 -+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171 -+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004 -+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072 -+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145 -+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003 -+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060 -+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321 -+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160 -+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153 -+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003 -+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001 -+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014 -+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063 -+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142 -+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264 -+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251 -+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330 -+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327 -+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013 -+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113 -+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227 -+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100 -+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247 -+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011 -+\355\020\342\305 -+END -+ -+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" -+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" -+CKA_CERT_SHA1_HASH MULTILINE_OCTAL -+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151 -+\005\155\061\046 -+END -+CKA_CERT_MD5_HASH MULTILINE_OCTAL -+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362 -+END -+CKA_ISSUER MULTILINE_OCTAL -+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 -+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 -+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 -+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 -+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 -+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 -+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 -+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 -+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 -+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 -+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -+\040\050\062\060\064\070\051 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\006\007\377\377\377\377\377 -+END -+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -+ -diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h ---- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700 -@@ -77,8 +77,8 @@ - * of the comment in the CK_VERSION type definition. - */ - #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 --#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87 --#define NSS_BUILTINS_LIBRARY_VERSION "1.87" -+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88 -+#define NSS_BUILTINS_LIBRARY_VERSION "1.88" - - /* These version numbers detail the semantic changes to the ckfw engine. */ - #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/nss/patches/nss-enable-pem.patch0 b/nss/patches/nss-enable-pem.patch0 deleted file mode 100644 index 665a148..0000000 --- a/nss/patches/nss-enable-pem.patch0 +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn ---- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 -+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 -@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife - - CORE_DEPTH = ../../.. - --DIRS = builtins -+DIRS = builtins pem - - PRIVATE_EXPORTS = \ - ck.h \ diff --git a/nss/patches/nss-fix-gcc47-secmodt.patch0 b/nss/patches/nss-fix-gcc47-secmodt.patch0 deleted file mode 100644 index 361555e..0000000 --- a/nss/patches/nss-fix-gcc47-secmodt.patch0 +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h ---- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-01-30 16:14:41.179494528 -0500 -+++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-01-30 16:14:48.287424482 -0500 -@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags; - #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" - - #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \ --"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})" -+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})" - - #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module" - #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) diff --git a/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 b/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 deleted file mode 100644 index 28dfa48..0000000 --- a/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 +++ /dev/null @@ -1,25 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800 -@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = { - 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - PR_FALSE, /* enableFalseStart */ -- PR_TRUE /* cbcRandomIV */ -+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */ - }; - - sslSessionIDLookupFunc ssl_sid_lookup; -@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void) - PR_TRUE)); - } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); -- if (ev && ev[0] == '0') { -- ssl_defaults.cbcRandomIV = PR_FALSE; -- SSL_TRACE(("SSL: cbcRandomIV set to 0")); -+ if (ev && ev[0] == '1') { -+ ssl_defaults.cbcRandomIV = PR_TRUE; -+ SSL_TRACE(("SSL: cbcRandomIV set to 1")); - } - } - #endif /* NSS_HAVE_GETENV */ diff --git a/nss/patches/nsspem-bz754771.patch0 b/nss/patches/nsspem-bz754771.patch0 deleted file mode 100644 index 1e64a42..0000000 --- a/nss/patches/nsspem-bz754771.patch0 +++ /dev/null @@ -1,13 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c ---- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-12-12 09:44:40.437096761 -0800 -@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla - if (io == NULL) - return NULL; - -+ /* initialize pointers to functions */ -+ pem_CreateMDObject(NULL, io, NULL); -+ - io->gobjIndex = count; - - /* add object to global array */ diff --git a/nss/patches/nsspem-createobject-initialize-pointer.patch0 b/nss/patches/nsspem-createobject-initialize-pointer.patch0 deleted file mode 100644 index cdfdea3..0000000 --- a/nss/patches/nsspem-createobject-initialize-pointer.patch0 +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c ---- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800 -+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700 -@@ -1179,6 +1179,7 @@ pem_CreateObject - return (NSSCKMDObject *) NULL; - - certDER.len = 0; /* in case there is no equivalent cert */ -+ certDER.data = NULL; - - objid = -1; - for (i = 0; i < pem_nobjs; i++) { diff --git a/nss/patches/nsspem-init-inform-not-thread-safe.patch0 b/nss/patches/nsspem-init-inform-not-thread-safe.patch0 deleted file mode 100644 index 2df4fbe..0000000 --- a/nss/patches/nsspem-init-inform-not-thread-safe.patch0 +++ /dev/null @@ -1,129 +0,0 @@ ---- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800 -+++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700 -@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla - size += PEM_ITEM_CHUNK; - } - gobj[count] = io; - count++; - pem_nobjs++; - - io->refCount ++; - return io; - } - - CK_RV - AddCertificate(char *certfile, char *keyfile, PRBool cacert, - CK_SLOT_ID slotID) - { - pemInternalObject *o; -- SECItem certDER; - CK_RV error = 0; - int objid, i; - int nobjs = 0; - SECItem **objs = NULL; - char *ivstring = NULL; - int cipher; - -- certDER.data = NULL; - nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); - if (nobjs <= 0) { - nss_ZFreeIf(objs); - return CKR_GENERAL_ERROR; - } - - /* For now load as many certs as are in the file for CAs only */ - if (cacert) { - for (i = 0; i < nobjs; i++) { - char nickname[1024]; - objid = pem_nobjs + 1; - - snprintf(nickname, 1024, "%s - %d", certfile, i); - - o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL, -@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key - loser: - nss_ZFreeIf(objs); - nss_ZFreeIf(o); - return error; - } - - CK_RV - pem_Initialize - ( - NSSCKMDInstance * mdInstance, - NSSCKFWInstance * fwInstance, - NSSUTF8 * configurationData - ) - { - CK_RV rv; -- /* parse the initialization string and initialize CRLInstances */ -+ /* parse the initialization string */ - char **certstrings = NULL; -+ char *modparms = NULL; - PRInt32 numcerts = 0; - PRBool status, error = PR_FALSE; - int i; -+ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL; -+ -+ if (!fwInstance) return CKR_ARGUMENTS_BAD; -+ -+ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance); -+ if (modArgs && -+ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) { -+ return CKR_CANT_LOCK; -+ } - - if (pemInitialized) { - return CKR_OK; - } -+ - RNG_RNGInit(); - - open_log(); - - plog("pem_Initialize\n"); - -- unsigned char *modparms = NULL; -- if (!fwInstance) { -- return CKR_ARGUMENTS_BAD; -- } -- -- CK_C_INITIALIZE_ARGS_PTR modArgs = -- NSSCKFWInstance_GetInitArgs(fwInstance); - if (!modArgs || !modArgs->LibraryParameters) { - goto done; - } -- modparms = (unsigned char *) modArgs->LibraryParameters; -+ modparms = (char *) modArgs->LibraryParameters; - plog("Initialized with %s\n", modparms); - - /* - * The initialization string format is a space-delimited file of - * pairs of paths which are delimited by a semi-colon. The first - * entry of the pair is the path to the certificate file. The - * second is the path to the key file. - * - * CA certificates do not need the semi-colon. - * - * Example: - * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem - * - */ - status = -- pem_ParseString((const char *) modparms, ' ', &numcerts, -+ pem_ParseString(modparms, ' ', &numcerts, - &certstrings); - if (status == PR_FALSE) { - return CKR_ARGUMENTS_BAD; - } - - for (i = 0; i < numcerts && error != PR_TRUE; i++) { - char *cert = certstrings[i]; - PRInt32 attrcount = 0; - char **certattrs = NULL; - status = pem_ParseString(cert, ';', &attrcount, &certattrs); - if (status == PR_FALSE) { - error = PR_TRUE; - break; - } - diff --git a/nss/patches/renegotiate-transitional.patch0 b/nss/patches/renegotiate-transitional.patch0 deleted file mode 100644 index 989491d..0000000 --- a/nss/patches/renegotiate-transitional.patch0 +++ /dev/null @@ -1,12 +0,0 @@ -diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c ---- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700 -+++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700 -@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - PR_FALSE, /* enableFalseStart */ - PR_TRUE /* cbcRandomIV */ diff --git a/nss/secmod.db b/nss/secmod.db deleted file mode 100644 index 9a02807..0000000 Binary files a/nss/secmod.db and /dev/null differ diff --git a/nss/setup-nsssysinit.sh b/nss/setup-nsssysinit.sh deleted file mode 100755 index 8e1f5f7..0000000 --- a/nss/setup-nsssysinit.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh -# -# Turns on or off the nss-sysinit module db by editing the -# global PKCS #11 congiguration file. Displays the status. -# -# This script can be invoked by the user as super user. -# It is invoked at nss-sysinit post install time with argument on. -# -usage() -{ - cat <<EOF -Usage: setup-nsssysinit [on|off] - on - turns on nsssysinit - off - turns off nsssysinit - status - reports whether nsssysinit is turned on or off -EOF - exit $1 -} - -# validate -if [ $# -eq 0 ]; then - usage 1 1>&2 -fi - -# the system-wide configuration file -p11conf="/etc/pki/nssdb/pkcs11.txt" -# must exist, otherwise report it and exit with failure -if [ ! -f $p11conf ]; then - echo "Could not find ${p11conf}" - exit 1 -fi - -# check if nsssysinit is currently enabled or disabled -sysinit_enabled() -{ - grep -q '^library=libnsssysinit' ${p11conf} -} - -umask 022 -case "$1" in - on | ON ) - if sysinit_enabled; then - exit 0 - fi - cat ${p11conf} | \ - sed -e 's/^library=$/library=libnsssysinit.so/' \ - -e '/^NSS/s/(Flags=internal)(,[^m])/\1,moduleDBOnly\2/' > \ - ${p11conf}.on - mv ${p11conf}.on ${p11conf} - ;; - off | OFF ) - if ! sysinit_enabled; then - exit 0 - fi - cat ${p11conf} | \ - sed -e 's/^library=libnsssysinit.so/library=/' \ - -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ - ${p11conf}.off - mv ${p11conf}.off ${p11conf} - ;; - status ) - echo -n 'NSS sysinit is ' - sysinit_enabled && echo 'enabled' || echo 'disabled' - ;; - * ) - usage 1 1>&2 - ;; -esac diff --git a/nss/system-pkcs11.txt b/nss/system-pkcs11.txt deleted file mode 100644 index c2f5704..0000000 --- a/nss/system-pkcs11.txt +++ /dev/null @@ -1,5 +0,0 @@ -library=libnsssysinit.so -name=NSS Internal PKCS #11 Module -parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' -NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) -
hooks/post-receive -- IPFire 3.x development tree