This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 79300a9f4a8645369f32c163c4d4e914d72f5346 (commit) via eec2ad4cd64f73b97dfa535f95c95db362dcb8b2 (commit) via 94bd60cc86871d99d3c83e7a22c47e300d93ccbb (commit) via c07966af1ff0a31fb8de513b083e10a559454f8f (commit) via 9038d07719685b13d38a9e4cfafaea99f08435d1 (commit) from d0c38f2d93d56f1d43329ae5ac82cead01a3a11e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 79300a9f4a8645369f32c163c4d4e914d72f5346 Merge: eec2ad4 94bd60c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Feb 17 21:20:38 2012 +0100
Merge remote-tracking branch 'stevee/nss-reworked'
commit eec2ad4cd64f73b97dfa535f95c95db362dcb8b2 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Feb 17 21:10:34 2012 +0100
glibc: Re-enable some dependencies.
However these were commented out for bootstrapping glibc.
commit 94bd60cc86871d99d3c83e7a22c47e300d93ccbb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 15 23:11:55 2012 +0100
nss: Update to 3.13.1 / Completely rework of package.
Update nss to 3.13.1 to build on kernel 3.x.
Stop splitting nss into several subpackages at build time. Now everything of nss will build at the same time and shipped with the following different packages. * nss * nss-libs * nss-softokn * nss-softokn-freebl * nss-util
Fixes #10010
commit c07966af1ff0a31fb8de513b083e10a559454f8f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 15 23:10:59 2012 +0100
nss-util: Remove obsolete package.
This package is obsolete after the complete rework of nss.
Reference #10010
commit 9038d07719685b13d38a9e4cfafaea99f08435d1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 15 23:07:26 2012 +0100
nss-softokn: Remove obsolete package.
This package is obsolete after the complete rework of nss.
Reference #10010
-----------------------------------------------------------------------
Summary of changes: glibc/glibc.nm | 12 +- nss-softokn/nss-softokn-config.in | 116 ---- nss-softokn/nss-softokn.nm | 135 ----- nss-softokn/nss-softokn.pc.in | 11 - nss-softokn/nss-softokn.spec | 462 -------------- .../patches/nss-softokn-3.12.4-fips-fix.patch | 12 - .../patches/nss-softokn-3.12.4-prelink.patch | 298 --------- nss-util/nss-util-config.in | 118 ---- nss-util/nss-util.nm | 112 ---- nss-util/nss-util.pc.in | 11 - nss/nss.nm | 132 +++-- ...d-support-for-PKCS-8-encoded-private-keys.patch | 237 -------- nss/patches/0001-Bug-695011-PEM-logging.patch | 107 ++++ .../0001-Do-not-define-SEC_SkipTemplate.patch | 35 -- nss/patches/0001-libnsspem-rhbz-734760.patch | 21 + ...72-protect-against-calls-before-nss_init.patch0 | 40 ++ nss/patches/gnuc-minor-def-fix.patch | 12 + nss/patches/nofipstest.patch0 | 19 + nss/patches/nosha224.patch0 | 618 +++++++++++++++++++ nss/patches/nss-646045.patch0 | 34 + nss/patches/nss-ckbi-1.88.rtm.patch0 | 637 ++++++++++++++++++++ ...{nss-enable-pem.patch => nss-enable-pem.patch0} | 4 +- nss/patches/nss-fix-gcc47-secmodt.patch0 | 12 + .../nss-ssl-cbc-random-iv-off-by-default.patch0 | 25 + nss/patches/nss-sysinit-userdb-first.patch | 65 -- nss/patches/nsspem-596674.patch | 127 ---- nss/patches/nsspem-bz754771.patch0 | 13 + .../nsspem-createobject-initialize-pointer.patch0 | 11 + .../nsspem-init-inform-not-thread-safe.patch0 | 129 ++++ nss/patches/renegotiate-transitional.patch | 12 - nss/patches/renegotiate-transitional.patch0 | 12 + 31 files changed, 1766 insertions(+), 1823 deletions(-) delete mode 100644 nss-softokn/nss-softokn-config.in delete mode 100644 nss-softokn/nss-softokn.nm delete mode 100644 nss-softokn/nss-softokn.pc.in delete mode 100644 nss-softokn/nss-softokn.spec delete mode 100644 nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch delete mode 100644 nss-softokn/patches/nss-softokn-3.12.4-prelink.patch delete mode 100644 nss-util/nss-util-config.in delete mode 100644 nss-util/nss-util.nm delete mode 100644 nss-util/nss-util.pc.in delete mode 100644 nss/patches/0001-Add-support-for-PKCS-8-encoded-private-keys.patch create mode 100644 nss/patches/0001-Bug-695011-PEM-logging.patch delete mode 100644 nss/patches/0001-Do-not-define-SEC_SkipTemplate.patch create mode 100644 nss/patches/0001-libnsspem-rhbz-734760.patch create mode 100644 nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 create mode 100644 nss/patches/gnuc-minor-def-fix.patch create mode 100644 nss/patches/nofipstest.patch0 create mode 100644 nss/patches/nosha224.patch0 create mode 100644 nss/patches/nss-646045.patch0 create mode 100644 nss/patches/nss-ckbi-1.88.rtm.patch0 rename nss/patches/{nss-enable-pem.patch => nss-enable-pem.patch0} (70%) create mode 100644 nss/patches/nss-fix-gcc47-secmodt.patch0 create mode 100644 nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 delete mode 100755 nss/patches/nss-sysinit-userdb-first.patch delete mode 100644 nss/patches/nsspem-596674.patch create mode 100644 nss/patches/nsspem-bz754771.patch0 create mode 100644 nss/patches/nsspem-createobject-initialize-pointer.patch0 create mode 100644 nss/patches/nsspem-init-inform-not-thread-safe.patch0 delete mode 100644 nss/patches/renegotiate-transitional.patch create mode 100644 nss/patches/renegotiate-transitional.patch0
Difference in files: diff --git a/glibc/glibc.nm b/glibc/glibc.nm index d191602..1ff72bf 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -5,7 +5,7 @@
name = glibc version = 2.15 -release = 1 +release = 2 thisapp = %{name}-2.15-a316c1f
maintainer = Michael Tremer michael.tremer@ipfire.org @@ -35,14 +35,14 @@ build OPTIMIZED_KERNEL = 2.6.32
requires - #audit-devel + audit-devel autoconf automake - #gettext + gettext kernel-headers>=%{OPTIMIZED_KERNEL} libcap-devel libselinux-devel - #nss-devel + nss-devel texinfo end
@@ -155,8 +155,8 @@ build --enable-kernel=%{OPTIMIZED_KERNEL} \ --with-selinux \ --disable-werror \ - --enable-bind-now -# --enable-nss-crypt + --enable-bind-now \ + --enable-nss-crypt
if "%{DISTRO_ARCH}" == "armv5tel" # Disable hardware FP for ARM. diff --git a/nss-softokn/nss-softokn-config.in b/nss-softokn/nss-softokn-config.in deleted file mode 100644 index f46ba24..0000000 --- a/nss-softokn/nss-softokn-config.in +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/sh - -prefix=@prefix@ - -major_version=@MOD_MAJOR_VERSION@ -minor_version=@MOD_MINOR_VERSION@ -patch_version=@MOD_PATCH_VERSION@ - -usage() -{ - cat <<EOF -Usage: nss-softokn-config [OPTIONS] [LIBRARIES] -Options: - [--prefix[=DIR]] - [--exec-prefix[=DIR]] - [--includedir[=DIR]] - [--libdir[=DIR]] - [--version] - [--libs] - [--cflags] -Dynamic Libraries: - softokn3 - Requires full dynamic linking - freebl3 - for internal use only (and glibc for self-integrity check) - nssdbm3 - for internal use only -Dymamically linked -EOF - exit $1 -} - -if test $# -eq 0; then - usage 1 1>&2 -fi - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --includedir=*) - includedir=$optarg - ;; - --includedir) - echo_includedir=yes - ;; - --libdir=*) - libdir=$optarg - ;; - --libdir) - echo_libdir=yes - ;; - --version) - echo ${major_version}.${minor_version}.${patch_version} - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -# Set variables that may be dependent upon other variables -if test -z "$exec_prefix"; then - exec_prefix=`pkg-config --variable=exec_prefix nss-softokn` -fi -if test -z "$includedir"; then - includedir=`pkg-config --variable=includedir nss-softokn` -fi -if test -z "$libdir"; then - libdir=`pkg-config --variable=libdir nss-softokn` -fi - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_includedir" = "yes"; then - echo $includedir -fi - -if test "$echo_libdir" = "yes"; then - echo $libdir -fi - -if test "$echo_cflags" = "yes"; then - echo -I$includedir -fi - -if test "$echo_libs" = "yes"; then - libdirs="-Wl,-rpath-link,$libdir -L$libdir" - echo $libdirs -fi - diff --git a/nss-softokn/nss-softokn.nm b/nss-softokn/nss-softokn.nm deleted file mode 100644 index 8cd0d90..0000000 --- a/nss-softokn/nss-softokn.nm +++ /dev/null @@ -1,135 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = nss-softokn -version = 3.12.8 -release = 2 - -groups = System/Libraries -url = http://www.mozilla.org/projects/security/pki/nss/ -license = MPLv1.1 or GPLv2+ or LGPLv2+ -summary = Network Security Services Softoken Module. - -description - Network Security Services Softoken Cryptographic Module. -end - -source_dl = -sources = %{thisapp}-stripped.tar.bz2 - -build - requires - nspr-devel - nss-util-devel - perl - pkg-config - psmisc - sqlite-devel - zlib-devel - end - - ## Define some global environment variables - export FREEBL_NO_DEPEND=1 - export FREEBL_USE_PRELINK=1 - - # Enable compiler optimizations and disable debugging code - export BUILD_OPT=1 - export XCFLAGS=%{CFLAGS} - - export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 - export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 - - export NSPR_INCLUDE_DIR=/usr/include/nspr4 - export NSPR_LIB_DIR=%{libdir} - - export NSS_INCLUDE_DIR=/usr/include/nss3 - export NSS_LIB_DIR=%{libdir} - - export NSS_USE_SYSTEM_SQLITE=1 - - if "%{DISTRO_ARCH}" == "x86_64" - export USE_64=1 - end - - build - make -C ./mozilla/security/coreconf - make -C ./mozilla/security/dbm - make -C ./mozilla/security/nss - end - - install - mkdir -pv %{BUILDROOT}/%{lib} - mkdir -pv %{BUILDROOT}/usr/include/nss3 - mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}} - mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig - mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools - - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \ - %{BUILDROOT}%{libdir} - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \ - %{BUILDROOT}/%{lib} - ln -svf ../../%{lib}/libfreebl3.so %{BUILDROOT}%{libdir}/libfreebl3.so - - # Copy the binaries we ship as unsupported - install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign \ - %{BUILDROOT}%{libdir}/nss/unsupported-tools - - sed -e "s,@libdir@,%{libdir},g" \ - -e "s,@prefix@,/usr,g" \ - -e "s,@exec_prefix@,/usr,g" \ - -e "s,@includedir@,/usr/include/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMAJOR" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ - -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMINOR" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ - -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*SOFTOKEN_VPATCH" mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ - < %{DIR_SOURCE}/nss-softokn-config.in \ - > %{BUILDROOT}/usr/bin/nss-softokn-config - chmod -v 755 %{BUILDROOT}/usr/bin/nss-softokn-config - - # XXX need to fix this - sed \ - -e "s,%libdir%,%{libdir},g" \ - -e "s,%prefix%,/usr,g" \ - -e "s,%exec_prefix%,/usr,g" \ - -e "s,%includedir%,/usr/include/nss3,g" \ - -e "s,%NSS_VERSION%,%{version},g" \ - -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \ - -e "s,%NSSUTIL_VERSION%,$$(nss-util-config --version),g" \ - -e "s,%SOFTOKEN_VERSION%,%{version},g" \ - < %{DIR_SOURCE}/nss-softokn.pc.in \ - > %{BUILDROOT}%{libdir}/pkgconfig/nss-softokn.pc - - # Copy the include files we want - cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3 - cp -vf mozilla/dist/private/nss/blapi.h \ - %{BUILDROOT}/usr/include/nss3 - chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h - end -end - -packages - package %{name} - - package %{name}-devel - template DEVEL - - requires - nss-util-devel - end - - # Mozilla does no versioning :( - files - /usr/bin/*-config - /usr/include - %{libdir}/libfreebl3.so - %{libdir}/pkgconfig - end - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/nss-softokn/nss-softokn.pc.in b/nss-softokn/nss-softokn.pc.in deleted file mode 100644 index b7fc3d1..0000000 --- a/nss-softokn/nss-softokn.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSS-SOFTOKN -Description: Network Security Services Softoken PKCS #11 Module -Version: %SOFTOKEN_VERSION% -Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% -Libs: -lfreebl3 -lnssdbm3 -lsoftokn3 -Cflags: -I${includedir} diff --git a/nss-softokn/nss-softokn.spec b/nss-softokn/nss-softokn.spec deleted file mode 100644 index 9f405d3..0000000 --- a/nss-softokn/nss-softokn.spec +++ /dev/null @@ -1,462 +0,0 @@ -%global nspr_version 4.8.6 -%global nss_name nss -%global nss_util_version 3.12.8 -%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools -%global saved_files_dir %{_libdir}/nss/saved - -# Produce .chk files for the final stripped binaries -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \ -%{nil} - -Summary: Network Security Services Softoken Module -Name: nss-softokn -Version: 3.12.8 -Release: 2%{?dist} -License: MPLv1.1 or GPLv2+ or LGPLv2+ -URL: http://www.mozilla.org/projects/security/pki/nss/ -Group: System Environment/Libraries -Requires: nspr >= %{nspr_version} -Requires: nss-util >= %{nss_util_version} -Requires: nss-softokn-freebl%{_isa} >= %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: nspr-devel >= %{nspr_version} -BuildRequires: nss-util-devel >= %{nss_util_version} -BuildRequires: sqlite-devel -BuildRequires: zlib-devel -BuildRequires: pkgconfig -BuildRequires: gawk -BuildRequires: psmisc -BuildRequires: perl - -Source0: %{name}-%{version}-stripped.tar.bz2 -# The nss-softokn tar ball is a subset of nss-{version}-stripped.tar.bz2, -# Therefore we use the nss-split-softokn.sh script to keep only what we need. -# Download the nss tarball via git from the nss propect and follow these -# steps to make the tarball for nss-util out of the one for nss: -# fedpkg clone nss -# fedpkg clone nss-softokn -# cd nss-softokn -# cp ../../nss/devel/${version}-stripped.tar.bz2 . -# sh ./nss-split-softokn.sh ${version} -# A file named {name}-{version}-stripped.tar.bz2 should appear -Source1: nss-split-softokn.sh -Source2: nss-softokn.pc.in -Source3: nss-softokn-config.in - -Patch2: nss-softokn-3.12.4-prelink.patch -Patch3: nss-softokn-3.12.4-fips-fix.patch - -%description -Network Security Services Softoken Cryptographic Module - -%package freebl -Summary: Freebl library for the Network Security Services -Group: System Environment/Base -Conflicts: nss < 3.12.2.99.3-5 -Conflicts: prelink < 0.4.3 - -%description freebl -NSS Softoken Cryptographic Module Freelb Library - -Install the nss-softokn-freebl package if you need the freebl -library. - -%package freebl-devel -Summary: Header and Library files for doing development with the Freebl library for NSS -Group: System Environment/Base -Provides: nss-softokn-freebl-static = %{version}-%{release} -Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release} - -%description freebl-devel -NSS Softoken Cryptographic Module Freelb Library Development Tools - -%package devel -Summary: Development libraries for Network Security Services -Group: Development/Libraries -Requires: nss-softokn%{?_isa} = %{version}-%{release} -Requires: nspr-devel >= %{nspr_version} -Requires: nss-util-devel >= %{nss_util_version} -Requires: pkgconfig -BuildRequires: nspr-devel >= %{nspr_version} -BuildRequires: nss-util-devel >= %{nss_util_version} -# require nss at least the version when we split via subpackages -BuildRequires: nss-devel >= 3.12.2.99.3-11 - -%description devel -Header and Library files for doing development with Network Security Services. - - -%prep -%setup -q - -%patch2 -p0 -b .prelink -%patch3 -p0 -b .fipsfix - - -%build - -FREEBL_NO_DEPEND=1 -export FREEBL_NO_DEPEND - -FREEBL_USE_PRELINK=1 -export FREEBL_USE_PRELINK - -# Enable compiler optimizations and disable debugging code -BUILD_OPT=1 -export BUILD_OPT - -# Generate symbolic info for debuggers -XCFLAGS=$RPM_OPT_FLAGS -export XCFLAGS - -PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 -PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 - -export PKG_CONFIG_ALLOW_SYSTEM_LIBS -export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS - -NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` -NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` - -export NSPR_INCLUDE_DIR -export NSPR_LIB_DIR - -NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'` -NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'` - -export NSS_INCLUDE_DIR -export NSS_LIB_DIR - -NSS_USE_SYSTEM_SQLITE=1 -export NSS_USE_SYSTEM_SQLITE - -%ifarch x86_64 ppc64 ia64 s390x sparc64 -USE_64=1 -export USE_64 -%endif - -# Compile softokn plus needed support -%{__make} -C ./mozilla/security/coreconf -%{__make} -C ./mozilla/security/dbm -%{__make} -C ./mozilla/security/nss - -# Set up our package file -# The nspr_version and nss_util_version globals used here -# must match the ones nss-softokn has for its Requires. -%{__mkdir_p} ./mozilla/dist/pkgconfig -%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ - -e "s,%%prefix%%,%{_prefix},g" \ - -e "s,%%exec_prefix%%,%{_prefix},g" \ - -e "s,%%includedir%%,%{_includedir}/nss3,g" \ - -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ - -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \ - -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ - ./mozilla/dist/pkgconfig/nss-softokn.pc - -SOFTOKEN_VMAJOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'` -SOFTOKEN_VMINOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'` -SOFTOKEN_VPATCH=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'` - -export SOFTOKEN_VMAJOR -export SOFTOKEN_VMINOR -export SOFTOKEN_VPATCH - -%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ - -e "s,@prefix@,%{_prefix},g" \ - -e "s,@exec_prefix@,%{_prefix},g" \ - -e "s,@includedir@,%{_includedir}/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \ - -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \ - -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \ - > ./mozilla/dist/pkgconfig/nss-softokn-config - -chmod 755 ./mozilla/dist/pkgconfig/nss-softokn-config - - -# enable the following line to force a test failure -# find ./mozilla -name *.chk | xargs rm -f - -# -# We can't run a subset of the tests because the tools have -# dependencies on nss libraries outside of softokn. -# Let's leave this as a place holder. -# - - -%install - -%{__rm} -rf $RPM_BUILD_ROOT - -# There is no make install target so we'll do it ourselves. - -%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 -%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{_lib} -%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} -%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir} - -# Copy the binary libraries we want -for file in libsoftokn3.so libnssdbm3.so -do - %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} -done - -# Because libcrypt depends on libfreebl3.so, it is special -# so we install it in /lib{64}, keeping a symbolic link to it -# back in /usr/lib{64} to keep everyone else working -for file in libfreebl3.so -do - %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib} - ln -sf ../../%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so -done - -# Make sure chk files can be found in both places -for file in libfreebl3.chk -do - ln -s ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file -done - -# Copy the binaries we ship as unsupported -for file in shlibsign -do - %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} -done - -# Copy the include files we want -for file in mozilla/dist/public/nss/*.h -do - %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 -done - -# Copy a freebl include file we also want -for file in mozilla/dist/private/nss/blapi.h -do - %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 -done - -# Copy the static freebl library -for file in libfreebl.a -do -%{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} -done - -# Copy the package configuration files -%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc -%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config - -%clean -%{__rm} -rf $RPM_BUILD_ROOT - - -%post -/sbin/ldconfig >/dev/null 2>/dev/null - -%postun -/sbin/ldconfig >/dev/null 2>/dev/null - -%files -%defattr(-,root,root) -%{_libdir}/libnssdbm3.so -%{_libdir}/libnssdbm3.chk -%{_libdir}/libsoftokn3.so -%{_libdir}/libsoftokn3.chk -# shared with nss-tools -%dir %{_libdir}/nss -%dir %{saved_files_dir} -%dir %{unsupported_tools_directory} -%{unsupported_tools_directory}/shlibsign - -%files freebl -%defattr(-,root,root) -/%{_lib}/libfreebl3.so -/%{_lib}/libfreebl3.chk -# and these symbolic links -%{_libdir}/libfreebl3.so -%{_libdir}/libfreebl3.chk - -%files freebl-devel -%defattr(-,root,root) -%{_libdir}/libfreebl.a -%{_includedir}/nss3/blapi.h - -%files devel -%defattr(-,root,root) -%{_libdir}/pkgconfig/nss-softokn.pc -%{_bindir}/nss-softokn-config - -# co-owned with nss -%dir %{_includedir}/nss3 -# -# The following headers are those exported public in -# mozilla/security/nss/lib/freebl/manifest.mn and -# mozilla/security/nss/lib/softoken/manifest.mn -# -# The following list is short because many headers, such as -# the pkcs #11 ones, have been provided by nss-util-devel -# which installed them before us. -# -%{_includedir}/nss3/blapit.h -%{_includedir}/nss3/ecl-exp.h -%{_includedir}/nss3/hasht.h -%{_includedir}/nss3/sechash.h -%{_includedir}/nss3/nsslowhash.h -%{_includedir}/nss3/secmodt.h -%{_includedir}/nss3/shsign.h - -%changelog -* Wed Sep 29 2010 jkeating - 3.12.8-2 -- Rebuilt for gcc bug 634757 - -* Thu Sep 23 2010 Elio Maldonado emaldona@redhat.com - 3.12.8-1 -- Update to 3.12.8 -- Adhere to static library packaging guidelines (#609613) -- Fix nss-util-devel version dependency line -- Shorten freebl and freebl subpackages descriptions - -* Sat Sep 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.99.4-1 -- NSS 3.12.8 RC0 - -* Sat Sep 12 2010 Elio Maldonado emaldona@redhat.com - 3.12.7.99.3-2 -- Update the required version of nss-util to 3.12.7.99.3 - -* Sat Sep 04 2010 Elio Maldonado emaldona@redhat.com - 3.12.7.99.3-1 -- NSS 3.12.8 Beta 3 - -* Mon Aug 30 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-3 -- Update BuildRequires on nspr-devel and nss-util-devel - -* Sat Aug 29 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-2 -- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch -- Fix rpmlint warnings about macros in comments and changelog - -* Mon Aug 16 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-1 -- Update to 3.12.7 -- Fix build files to ensure nsslowhash.h is included in public headers - -* Tue Jun 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.6-3 -- Retagging - -* Mon Jun 07 2010 Elio Maldonado emaldona@redhat.com - 3.12.6-2 -- Bump NVR to be greater than those for nss-softokn subpackages in F11 (rhbz#601407) - -* Sun Jun 06 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-23 -- Bump release number - -* Fri Jun 04 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-22 -- Cleanup changelog comments to avoid unwanted macro expansions - -* Wed Jun 02 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-21 -- Retagging - -* Wed Jun 02 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-20 -- Add %%{?_isa} to the requires in the devel packages (#596840) -- Fix typo in the package description (#598295) -- Update nspr version to 4.8.4 - -* Sat May 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-19 -- Consider the system as not fips enabled when /proc/sys/crypto/fips_enabled isn't present (rhbz#590199) - -* Sat May 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-18 -- Fix Conflicts line to prevent update when prelink is not yet the right version (rhbz#590199) - -* Mon Apr 19 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-17 -- Updated prelink patch rhbz#504949 - -* Wed Apr 15 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-16 -- allow prelink of softoken and freebl. Change the verify code to use - prelink -u if prelink is installed. Fix by Robert Relyea rhbz#504949 - -* Mon Jan 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-15 -- Move libfreebl3.so and its .chk file to /lib{64} (rhbz#561544) - -* Mon Jan 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-13 -- Fix in nss-softokn-spec.in -- Require nss-util >= 3.12.4 - -* Thu Dec 03 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-12 -- Require nss-util 3.12.5 - -* Fri Nov 20 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-11 -- export freebl devel tools (#538226) - -* Tue Sep 23 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-10 -- Fix paths in nss-softokn-prelink so signed libraries don't get touched, rhbz#524794 - -* Thu Sep 17 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-9 -- Add nssdbm3.so to nss-softokn-prelink.conf, rhbz#524077 - -* Thu Sep 10 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-8 -- Retagging for a chained build - -* Thu Sep 10 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-6 -- Don't list libraries in nss-softokn-config, dynamic linking required - -* Tue Sep 08 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-5 -- Installing shared libraries to %%{_libdir} - -* Sun Sep 06 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-4 -- Postuninstall scriptlet finishes quietly - -* Sat Sep 05 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-3 -- Remove symblic links to shared libraries from devel, rhbz#521155 -- Apply the nss-nolocalsql patch -- No rpath-link in nss-softokn-config - -* Fri Sep 04 2009 serstring=Elio Maldonadoemaldona@redhat.cpm - 3.12.4-2 -- Retagging to pick up the correct .cvsignore - -* Tue Sep 01 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-1 -- Update to 3.12.4 -- Fix logic on postun -- Don't require sqlite - -* Mon Aug 31 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-24 -- Fixed test on %postun to avoid returning 1 when nss-softokn instances still remain - -* Sun Aug 30 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-23 -- Explicitly state via nss_util_version the nss-util version we require - -* Fri Aug 28 2009 Warren Togami wtogami@redhat.com - 3.12.3.99.3-22 -- caolan's nss-softokn.pc patch - -* Thu Aug 27 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-21 -- Bump the release number for a chained build of nss-util, nss-softokn and nss - -* Thu Aug 27 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-20 -- List freebl, nssdbm and softokn libraries in nss-softokn-config and nss-softokn.pc - -* Thu Aug 27 2009 Elio Maldonado@emaldona@redhat.com - 3.12.3.99.3-19 -- Determine NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR with a pkg-config query on nss-util -- Remove the release 17 hack - -* Wed Aug 27 2009 Elio maldonadoemaldona@redhat.com - 3.12.3.99.3-18 -- fix spurious executable permissions on nss-softokn.pc - -* Thu Aug 27 2009 Adel Gadllah adel.gadllah@gmail.com - 3.12.3.99.3-17 -- Add hack to fix build - -* Tue Aug 25 2009 Dennis Gilmore dennis@ausil.us - 3.12.3.99.3-16 -- only have a single Requires: line in the .pc file - -* Tue Aug 25 2009 Dennis Gilmore dennis@ausil.us - 3.12.3.99.3-12 -- bump to unique rpm nvr - -* Tue Aug 25 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-10 -- Build after nss with subpackages and new nss-util - -* Thu Aug 20 2009 Dennis Gilmore dennis@ausil.us 3.12.3.99.3-9 -- revert to shipping bits - -* Thu Aug 19 2009 Elio Maldonado emaldona@redhat.com 3.12.3.99.3-8.1 -- Disable installing until conflicts are relsoved - -* Thu Aug 19 2009 Elio Maldonado emaldona@redhat.com 3.12.3.99.3-8 -- Initial build diff --git a/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch b/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch deleted file mode 100644 index 011a148..0000000 --- a/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips ./mozilla/security/nss/lib/freebl/nsslowhash.c ---- ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips 2010-09-04 20:23:14.764313661 -0700 -+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2010-09-04 20:25:52.622313780 -0700 -@@ -275,7 +275,7 @@ static int nsslow_GetFIPSEnabled(void) { - - f = fopen("/proc/sys/crypto/fips_enabled", "r"); - if (!f) -- return 1; -+ return 0; - - size = fread(&d, 1, 1, f); - fclose(f); diff --git a/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch b/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch deleted file mode 100644 index 5f2e46f..0000000 --- a/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch +++ /dev/null @@ -1,298 +0,0 @@ -diff -up ./mozilla/security/nss/lib/freebl/Makefile.prelink ./mozilla/security/nss/lib/freebl/Makefile ---- ./mozilla/security/nss/lib/freebl/Makefile.prelink 2010-09-04 14:13:58.846327263 -0700 -+++ ./mozilla/security/nss/lib/freebl/Makefile 2010-09-04 14:15:11.544326993 -0700 -@@ -82,6 +82,12 @@ ifeq ($(FREEBL_NO_DEPEND),1) - else - MAPFILE_SOURCE = freebl.def - endif -+ifdef FREEBL_USE_PRELINK -+ DEFINES += -DFREEBL_USE_PRELINK -+endif -+ifdef FREEBL_PRELINK_COMMAND -+ DEFINES +=-DFREEBL_PRELINK_COMMAND="$(FREEBL_PRELINK_COMMAND)" -+endif - # NSS_X86 means the target is a 32-bits x86 CPU architecture - # NSS_X64 means the target is a 64-bits x64 CPU architecture - # NSS_X86_OR_X64 means the target is either x86 or x64 -diff -up ./mozilla/security/nss/lib/freebl/shvfy.c.prelink ./mozilla/security/nss/lib/freebl/shvfy.c ---- ./mozilla/security/nss/lib/freebl/shvfy.c.prelink 2010-09-04 14:16:01.518326988 -0700 -+++ ./mozilla/security/nss/lib/freebl/shvfy.c 2010-09-04 14:25:44.770326384 -0700 -@@ -48,6 +48,168 @@ - #include "stdio.h" - #include "prmem.h" - -+#ifdef FREEBL_USE_PRELINK -+#ifndef FREELB_PRELINK_COMMAND -+#define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -" -+#endif -+#include "private/pprio.h" -+ -+#include <stdlib.h> -+#include <unistd.h> -+#include <fcntl.h> -+#include <sys/wait.h> -+#include <sys/stat.h> -+ -+PRFileDesc * -+bl_OpenUnPrelink(const char *shName, int *pid) -+{ -+ char *command= strdup(FREEBL_PRELINK_COMMAND); -+ char *argString = NULL; -+ char **argv = NULL; -+ char *shNameArg = NULL; -+ char *cp; -+ pid_t child; -+ int argc = 0, argNext = 0; -+ struct stat statBuf; -+ int pipefd[2] = {-1,-1}; -+ int ret; -+ -+ *pid = 0; -+ -+ /* make sure the prelink command exists first. If not, fall back to -+ * just reading the file */ -+ for (cp = command; *cp ; cp++) { -+ if (*cp == ' ') { -+ *cp++ = 0; -+ argString = cp; -+ break; -+ } -+ } -+ memset (&statBuf, 0, sizeof(statBuf)); -+ /* stat the file, follow the link */ -+ ret = stat(command, &statBuf); -+ if (ret < 0) { -+ free(command); -+ return PR_Open(shName, PR_RDONLY, 0); -+ } -+ /* file exits, make sure it's an executable */ -+ if (!S_ISREG(statBuf.st_mode) || -+ ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) { -+ free(command); -+ return PR_Open(shName, PR_RDONLY, 0); -+ } -+ -+ /* OK, the prelink command exists and looks correct, use it */ -+ /* build the arglist while we can still malloc */ -+ /* count the args if any */ -+ if (argString && *argString) { -+ /* argString may have leading spaces, strip them off*/ -+ for (cp = argString; *cp && *cp == ' '; cp++); -+ argString = cp; -+ if (*cp) { -+ /* there is at least one arg.. */ -+ argc = 1; -+ } -+ -+ /* count the rest: Note there is no provision for escaped -+ * spaces here */ -+ for (cp = argString; *cp ; cp++) { -+ if (*cp == ' ') { -+ while (*cp && *cp == ' ') cp++; -+ if (*cp) argc++; -+ } -+ } -+ } -+ -+ /* add the additional args: argv[0] (command), shName, NULL*/ -+ argc += 3; -+ argv = PORT_NewArray(char *, argc); -+ if (argv == NULL) { -+ goto loser; -+ } -+ -+ /* fill in the arglist */ -+ argv[argNext++] = command; -+ if (argString && *argString) { -+ argv[argNext++] = argString; -+ for (cp = argString; *cp; cp++) { -+ if (*cp == ' ') { -+ *cp++ = 0; -+ while (*cp && *cp == ' ') cp++; -+ if (*cp) argv[argNext++] = cp; -+ } -+ } -+ } -+ /* exec doesn't advertise taking const char **argv, do the paranoid -+ * copy */ -+ shNameArg = strdup(shName); -+ if (shNameArg == NULL) { -+ goto loser; -+ } -+ argv[argNext++] = shNameArg; -+ argv[argNext++] = 0; -+ -+ ret = pipe(pipefd); -+ if (ret < 0) { -+ goto loser; -+ } -+ -+ /* use vfork() so we don't trigger the pthread_at_fork() handlers */ -+ child = vfork(); -+ if (child < 0) goto loser; -+ if (child == 0) { -+ /* set up the file descriptors */ -+ close(0); -+ /* associate pipefd[1] with stdout */ -+ if (pipefd[1] != 1) dup2(pipefd[1], 1); -+ close(2); -+ close(pipefd[0]); -+ /* should probably close the other file descriptors? */ -+ -+ -+ execv(command, argv); -+ /* avoid at_exit() handlers */ -+ _exit(1); /* shouldn't reach here except on an error */ -+ } -+ close(pipefd[1]); -+ pipefd[1] = -1; -+ -+ /* this is safe because either vfork() as full fork() semantics, and thus -+ * already has it's own address space, or because vfork() has paused -+ * the parent util the exec or exit */ -+ free(command); -+ free(shNameArg); -+ PORT_Free(argv); -+ -+ *pid = child; -+ -+ return PR_ImportPipe(pipefd[0]); -+ -+loser: -+ if (pipefd[0] != -1) { -+ close(pipefd[0]); -+ } -+ if (pipefd[1] != -1) { -+ close(pipefd[1]); -+ } -+ free(command); -+ free(shNameArg); -+ PORT_Free(argv); -+ -+ return NULL; -+} -+ -+void -+bl_CloseUnPrelink( PRFileDesc *file, int pid) -+{ -+ /* close the file descriptor */ -+ PR_Close(file); -+ /* reap the child */ -+ if (pid) { -+ waitpid(pid, NULL, 0); -+ } -+} -+#endif - - /* #define DEBUG_SHVERIFY 1 */ - -@@ -117,6 +279,9 @@ BLAPI_SHVerify(const char *name, PRFuncP - SECStatus rv; - DSAPublicKey key; - int count; -+#ifdef FREEBL_USE_PRELINK -+ int pid = 0; -+#endif - - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ -@@ -197,7 +362,11 @@ BLAPI_SHVerify(const char *name, PRFuncP - checkFD = NULL; - - /* open our library file */ -+#ifdef FREEBL_USE_PRELINK -+ shFD = bl_OpenUnPrelink(shName,&pid); -+#else - shFD = PR_Open(shName, PR_RDONLY, 0); -+#endif - if (shFD == NULL) { - #ifdef DEBUG_SHVERIFY - fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n", -@@ -218,7 +387,11 @@ BLAPI_SHVerify(const char *name, PRFuncP - SHA1_Update(hashcx, buf, bytesRead); - count += bytesRead; - } -+#ifdef FREEBL_USE_PRELINK -+ bl_CloseUnPrelink(shFD, pid); -+#else - PR_Close(shFD); -+#endif - shFD = NULL; - - SHA1_End(hashcx, hash.data, &hash.len, hash.len); -diff -up ./mozilla/security/nss/lib/freebl/stubs.c.prelink ./mozilla/security/nss/lib/freebl/stubs.c ---- ./mozilla/security/nss/lib/freebl/stubs.c.prelink 2010-09-04 14:26:27.454327120 -0700 -+++ ./mozilla/security/nss/lib/freebl/stubs.c 2010-09-04 14:31:56.778327428 -0700 -@@ -69,6 +69,7 @@ - #include <secport.h> - #include <secitem.h> - #include <blapi.h> -+#include <private/pprio.h> - - #define FREEBL_NO_WEAK 1 - -@@ -157,6 +158,8 @@ STUB_DECLARE(void,PR_Lock,(PRLock *lock) - STUB_DECLARE(PRLock *,PR_NewLock,(void)); - STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags, - PRIntn mode)); -+STUB_DECLARE(PRFileDesc *,PR_ImportFile,(PROsfd osfd)); -+STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd)); - STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount)); - STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset, - PRSeekWhence whence)); -@@ -295,6 +298,34 @@ PR_Open_stub(const char *name, PRIntn fl - return (PRFileDesc *)lfd; - } - -+extern PRFileDesc * -+PR_ImportFile_stub(PROsfd fd) -+{ -+ int *lfd = NULL; -+ -+ STUB_SAFE_CALL1(PR_ImportFile, fd); -+ -+ lfd = PORT_New_stub(int); -+ if (lfd != NULL) { -+ *lfd = fd; -+ } -+ return (PRFileDesc *)lfd; -+} -+ -+extern PRFileDesc * -+PR_ImportPipe_stub(PROsfd fd) -+{ -+ int *lfd = NULL; -+ -+ STUB_SAFE_CALL1(PR_ImportPipe, fd); -+ -+ lfd = PORT_New_stub(int); -+ if (lfd != NULL) { -+ *lfd = fd; -+ } -+ return (PRFileDesc *)lfd; -+} -+ - extern PRStatus - PR_Close_stub(PRFileDesc *fd) - { -@@ -492,6 +523,8 @@ freebl_InitNSPR(void *lib) - { - STUB_FETCH_FUNCTION(PR_Free); - STUB_FETCH_FUNCTION(PR_Open); -+ STUB_FETCH_FUNCTION(PR_ImportFile); -+ STUB_FETCH_FUNCTION(PR_ImportPipe); - STUB_FETCH_FUNCTION(PR_Close); - STUB_FETCH_FUNCTION(PR_Read); - STUB_FETCH_FUNCTION(PR_Seek); -diff -up ./mozilla/security/nss/lib/freebl/stubs.h.prelink ./mozilla/security/nss/lib/freebl/stubs.h ---- ./mozilla/security/nss/lib/freebl/stubs.h.prelink 2010-09-04 14:26:41.822327256 -0700 -+++ ./mozilla/security/nss/lib/freebl/stubs.h 2010-09-04 14:32:53.498540767 -0700 -@@ -78,6 +78,8 @@ - #define PR_Lock PR_Lock_stub - #define PR_NewLock PR_NewLock_stub - #define PR_Open PR_Open_stub -+#define PR_ImportFile PR_ImportFile_stub -+#define PR_ImportPipe PR_ImportPipe_stub - #define PR_Read PR_Read_stub - #define PR_Seek PR_Seek_stub - #define PR_Sleep PR_Sleep_stub diff --git a/nss-util/nss-util-config.in b/nss-util/nss-util-config.in deleted file mode 100644 index ef8751d..0000000 --- a/nss-util/nss-util-config.in +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/sh - -prefix=@prefix@ - -major_version=@MOD_MAJOR_VERSION@ -minor_version=@MOD_MINOR_VERSION@ -patch_version=@MOD_PATCH_VERSION@ - -usage() -{ - cat <<EOF -Usage: nss-util-config [OPTIONS] [LIBRARIES] -Options: - [--prefix[=DIR]] - [--exec-prefix[=DIR]] - [--includedir[=DIR]] - [--libdir[=DIR]] - [--version] - [--libs] - [--cflags] -Dynamic Libraries: - nssutil -EOF - exit $1 -} - -if test $# -eq 0; then - usage 1 1>&2 -fi - -lib_nssutil=yes - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --includedir=*) - includedir=$optarg - ;; - --includedir) - echo_includedir=yes - ;; - --libdir=*) - libdir=$optarg - ;; - --libdir) - echo_libdir=yes - ;; - --version) - echo ${major_version}.${minor_version}.${patch_version} - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -# Set variables that may be dependent upon other variables -if test -z "$exec_prefix"; then - exec_prefix=`pkg-config --variable=exec_prefix nss-util` -fi -if test -z "$includedir"; then - includedir=`pkg-config --variable=includedir nss-util` -fi -if test -z "$libdir"; then - libdir=`pkg-config --variable=libdir nss-util` -fi - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_includedir" = "yes"; then - echo $includedir -fi - -if test "$echo_libdir" = "yes"; then - echo $libdir -fi - -if test "$echo_cflags" = "yes"; then - echo -I$includedir -fi - -if test "$echo_libs" = "yes"; then - libdirs="-Wl,-rpath-link,$libdir -L$libdir" - if test -n "$lib_nssutil"; then - libdirs="$libdirs -lnssutil${major_version}" - fi - echo $libdirs -fi - diff --git a/nss-util/nss-util.nm b/nss-util/nss-util.nm deleted file mode 100644 index 6363e48..0000000 --- a/nss-util/nss-util.nm +++ /dev/null @@ -1,112 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = nss-util -version = 3.12.8 -release = 1 - -groups = System/Libraries -url = http://www.mozilla.org/projects/security/pki/nss/ -license = MPLv1.1 or GPLv2+ or LGPLv2+ -summary = Network Security Services Utilities Library. - -description - Utilities for Network Security Services and the Softoken module. -end - -source_dl = -sources = %{thisapp}.tar.bz2 - -build - requires - nspr-devel - perl - pkg-config - psmisc - zlib-devel - end - - ## Define some global environment variables - # Enable compiler optimizations and disable debugging code - export BUILD_OPT=1 - export XCFLAGS=%{CFLAGS} - - export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 - export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 - - export NSPR_INCLUDE_DIR=/usr/include/nspr4 - export NSPR_LIB_DIR=%{libdir} - - export NSS_INCLUDE_DIR=/usr/include/nss3 - export NSS_LIB_DIR=%{libdir} - - export NSS_USE_SYSTEM_SQLITE=1 - - if "%{DISTRO_ARCH}" == "x86_64" - export USE_64=1 - end - - build - make -C ./mozilla/security/coreconf - make -C ./mozilla/security/nss - end - - install - mkdir -pv %{BUILDROOT}/usr/bin - mkdir -pv %{BUILDROOT}/usr/include/nss3 - mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig - - install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \ - %{BUILDROOT}%{libdir} - - sed -e "s,@libdir@,%{libdir},g" \ - -e "s,@prefix@,/usr,g" \ - -e "s,@exec_prefix@,/usr,g" \ - -e "s,@includedir@,/usr/include/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*NSSUTIL_VMAJOR" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \ - -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*NSSUTIL_VMINOR" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \ - -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*NSSUTIL_VPATCH" mozilla/security/nss/lib/util/nssutil.h | awk '{print $3}'),g" \ - < %{DIR_SOURCE}/nss-util-config.in \ - > %{BUILDROOT}/usr/bin/nss-util-config - chmod -v 755 %{BUILDROOT}/usr/bin/nss-util-config - - sed \ - -e "s,%libdir%,%{libdir},g" \ - -e "s,%prefix%,/usr,g" \ - -e "s,%exec_prefix%,/usr,g" \ - -e "s,%includedir%,/usr/include/nss3,g" \ - -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \ - -e "s,%NSSUTIL_VERSION%,%{name},g" \ - < %{DIR_SOURCE}/nss-util.pc.in \ - > %{BUILDROOT}%{libdir}/pkgconfig/nss-util.pc - - # The util headers, the rest come from softokn and nss - cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3 - chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h - end -end - -packages - package %{name} - - package %{name}-devel - template DEVEL - - requires - %{name} - end - - # Mozilla does no versioning :( - files - /usr/bin/*-config - /usr/include - %{libdir}/pkgconfig - end - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/nss-util/nss-util.pc.in b/nss-util/nss-util.pc.in deleted file mode 100644 index 079f83f..0000000 --- a/nss-util/nss-util.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSS-UTIL -Description: Network Security Services Utility Library -Version: %NSSUTIL_VERSION% -Requires: nspr >= %NSPR_VERSION% -Libs: -lnssutil3 -Cflags: -I${includedir} diff --git a/nss/nss.nm b/nss/nss.nm index bdefb12..b12c34d 100644 --- a/nss/nss.nm +++ b/nss/nss.nm @@ -4,8 +4,8 @@ ###############################################################################
name = nss -version = 3.12.8 -release = 4 +version = 3.13.1 +release = 1
groups = System/Libraries url = http://www.mozilla.org/projects/security/pki/nss/ @@ -20,18 +20,13 @@ description v3 certificates, and other security standards. end
-source_dl = -sources - %{thisapp}-stripped.tar.bz2 +sources += \ %{name}-pem-20100809.tar.bz2 -end
build requires chrpath nspr-devel - nss-softokn-devel - nss-util-devel perl pkg-config psmisc @@ -47,15 +42,18 @@ build export BUILD_OPT=1 export XCFLAGS=%{CFLAGS}
+ # Allow the usage of system libraries. export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+ # Define where to find nspr header files and libraries. export NSPR_INCLUDE_DIR=/usr/include/nspr4 export NSPR_LIB_DIR=%{libdir}
- export NSS_INCLUDE_DIR=/usr/include/nss3 - export NSS_LIB_DIR=%{libdir} + # Disable support for SHA224. + export NO_SHA224_AVAILABLE=1
+ # Use sqlite from system. export NSS_USE_SYSTEM_SQLITE=1
if "%{DISTRO_ARCH}" == "x86_64" @@ -63,17 +61,14 @@ build end
prepare - # Extract tarball - cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}-stripped.tar.bz2 + # Extract tarball. + cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
- # Extract tarball into nss directory. + # Extract pem tarball into nss directory. cd %{DIR_APP} && %{MACRO_EXTRACT} %{DIR_DL}/%{name}-pem-20100809.tar.bz2
# Apply all patches %{MACRO_PATCHES} - - cp -vf %{DIR_SOURCE}/PayPalEE.cert \ - %{DIR_APP}/mozilla/security/nss/tests/libpkix/certs end
build @@ -83,11 +78,15 @@ build end
install + # We have to do the complete install stuff self. + + # Create directory layout. mkdir -pv %{BUILDROOT}/usr/include/nss3 mkdir -pv %{BUILDROOT}/usr/{bin,%{lib}} mkdir -pv %{BUILDROOT}%{libdir}/pkgconfig mkdir -pv %{BUILDROOT}%{libdir}/nss/unsupported-tools
+ # Install all libraries. install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnss3.so \ %{BUILDROOT}%{libdir} install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssckbi.so \ @@ -96,10 +95,18 @@ build %{BUILDROOT}%{libdir} install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnsssysinit.so \ %{BUILDROOT}%{libdir} + install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssutil3.so \ + %{BUILDROOT}%{libdir} install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsmime3.so \ %{BUILDROOT}%{libdir} install -p -v -m 755 mozilla/dist/*.OBJ/lib/libssl3.so \ %{BUILDROOT}%{libdir} + install -p -v -m 755 mozilla/dist/*.OBJ/lib/libsoftokn3.so \ + %{BUILDROOT}%{libdir} + install -p -v -m 755 mozilla/dist/*.OBJ/lib/libnssdbm3.so \ + %{BUILDROOT}%{libdir} + install -p -v -m 755 mozilla/dist/*.OBJ/lib/libfreebl3.so \ + %{BUILDROOT}/%{libdir}
# Install the empty NSS db files mkdir -pv %{BUILDROOT}/etc/pki/nssdb @@ -125,11 +132,13 @@ build install -p -v -m 755 mozilla/dist/*.OBJ/bin/ocspclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/pp %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/selfserv %{BUILDROOT}%{libdir}/nss/unsupported-tools + install -p -v -m 755 mozilla/dist/*.OBJ/bin/shlibsign %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/strsclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/symkeyutil %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/tstclnt %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfyserv %{BUILDROOT}%{libdir}/nss/unsupported-tools install -p -v -m 755 mozilla/dist/*.OBJ/bin/vfychain %{BUILDROOT}%{libdir}/nss/unsupported-tools + chrpath --delete %{BUILDROOT}%{libdir}/nss/unsupported-tools/*
sed -e "s,@libdir@,%{libdir},g" \ -e "s,@prefix@,/usr,g" \ @@ -144,11 +153,7 @@ build
install -p -v -m 755 %{DIR_SOURCE}/setup-nsssysinit.sh %{BUILDROOT}/usr/bin
- # Set up our package file - # The nspr_version and nss_{util|softokn}_version globals used - # here match the ones nss has for its Requires. - - # XXX need to fix this + # Generate file for pkg-config. sed \ -e "s,%libdir%,%{libdir},g" \ -e "s,%prefix%,/usr,g" \ @@ -156,52 +161,13 @@ build -e "s,%includedir%,/usr/include/nss3,g" \ -e "s,%NSS_VERSION%,%{version},g" \ -e "s,%NSPR_VERSION%,$(nspr-config --version),g" \ - -e "s,%NSSUTIL_VERSION%,$(nss-util-config --version),g" \ - -e "s,%SOFTOKEN_VERSION%,$(nss-softokn-config --version),g" \ < %{DIR_SOURCE}/nss.pc.in \ > %{BUILDROOT}%{libdir}/pkgconfig/nss.pc
# Copy the include files we want cp -vf mozilla/dist/public/nss/*.h %{BUILDROOT}/usr/include/nss3 + cp -vf mozilla/dist/private/nss/blapi.h %{BUILDROOT}/usr/include/nss3 chmod -v 644 %{BUILDROOT}/usr/include/nss3/*.h - - # remove the nss-util-devel headers - cd %{BUILDROOT}/usr/include/nss3 && rm -vf \ - base64.h \ - ciferfam.h \ - nssb64.h \ - nssb64t.h \ - nsslocks.h \ - nssilock.h \ - nssilckt.h \ - nssrwlk.h \ - nssrwlkt.h \ - nssutil.h \ - pkcs11{,f,n,p,t,u}.h \ - portreg.h \ - secasn1.h \ - secasn1t.h \ - seccomon.h \ - secder.h \ - secdert.h \ - secdig.h \ - secdigt.h \ - secerr.h \ - secitem.h \ - secoid.h \ - secoidt.h \ - secport.h \ - utilrename.h - - # remove header shipped in nss-softokn-devel - cd %{BUILDROOT}/usr/include/nss3 && rm -vf \ - blapit.h \ - ecl-exp.h \ - hasht.h \ - sechash.h \ - secmodt.h \ - shsign.h \ - nsslowhash.h end end
@@ -221,9 +187,7 @@ packages
requires nspr-devel - %{name} - nss-softokn-devel - nss-util-devel + nss=%{thisver} end
# Mozilla does no versioning :( @@ -234,6 +198,46 @@ packages end end
+ package %{name}-softokn + summary = Network Security Services Softoken Module. + description + Network Security Services Softoken Cryptographic Module. + end + + requires = nss=%{thisver} + + files + %{libdir}/libnssdbm3.so + %{libdir}/libsoftokn3.so + %{libdir}/nss/unsupported-tools/shlibsign + end + end + + package %{name}-softokn-freebl + summary = Freebl library for the Network Security Services. + description + NSS Softoken Cryptographic Module Freelb Library. + end + + requires + nss=%{thisver} + nss-softokn=%{thisver} + end + + files = %{libdir}/libfreebl3.so + end + + package %{name}-util + summary = Network Security Services Utilities Library. + description + Utilities for Network Security Services and the Softoken module. + end + + requires = nss=%{thisver} + + files = %{libdir}/libnssutil3.so + end + package %{name}-debuginfo template DEBUGINFO end diff --git a/nss/patches/0001-Add-support-for-PKCS-8-encoded-private-keys.patch b/nss/patches/0001-Add-support-for-PKCS-8-encoded-private-keys.patch deleted file mode 100644 index 108bb9a..0000000 --- a/nss/patches/0001-Add-support-for-PKCS-8-encoded-private-keys.patch +++ /dev/null @@ -1,237 +0,0 @@ -From 8bd0a0427e034262ff982fed98ca5e8c623165db Mon Sep 17 00:00:00 2001 -From: Rich Megginson rmeggins@redhat.com -Date: Mon, 12 Jul 2010 16:31:01 -0600 -Subject: [PATCH] Add support for PKCS#8 encoded private keys - -The code supports PKCS#1 encoded RSA private keys that begin with the -BEGIN RSA PRIVATE KEY header in PEM files. This patch adds support for -RSA private keys encoded in PEM files that begin with the header -BEGIN PRIVATE KEY which are in PKCS#8 format. ---- - prsa.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++------------------ - util.c | 3 +- - 2 files changed, 110 insertions(+), 43 deletions(-) - -diff --git a/prsa.c b/prsa.c -index 5b2f379..8d4fb92 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/prsa.c -+++ b/mozilla/security/nss/lib/ckfw/pem/prsa.c -@@ -63,6 +63,35 @@ const SEC_ASN1Template pem_RSAPrivateKeyTemplate[] = { - {0} - }; - -+static const SEC_ASN1Template pem_AttributeTemplate[] = { -+ { SEC_ASN1_SEQUENCE, -+ 0, NULL, sizeof(NSSLOWKEYAttribute) }, -+ { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) }, -+ { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(NSSLOWKEYAttribute, attrValue), -+ SEC_ASN1_SUB(SEC_AnyTemplate) }, -+ { 0 } -+}; -+ -+static const SEC_ASN1Template pem_SetOfAttributeTemplate[] = { -+ { SEC_ASN1_SET_OF, 0, pem_AttributeTemplate }, -+}; -+ -+const SEC_ASN1Template pem_PrivateKeyInfoTemplate[] = { -+ { SEC_ASN1_SEQUENCE, -+ 0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) }, -+ { SEC_ASN1_INTEGER, -+ offsetof(NSSLOWKEYPrivateKeyInfo,version) }, -+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, -+ offsetof(NSSLOWKEYPrivateKeyInfo,algorithm), -+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, -+ { SEC_ASN1_OCTET_STRING, -+ offsetof(NSSLOWKEYPrivateKeyInfo,privateKey) }, -+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, -+ offsetof(NSSLOWKEYPrivateKeyInfo, attributes), -+ pem_SetOfAttributeTemplate }, -+ { 0 } -+}; -+ - /* Declarations */ - SECStatus pem_RSA_Sign(pemLOWKEYPrivateKey * key, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, -@@ -116,6 +145,79 @@ pem_DestroyPrivateKey(pemLOWKEYPrivateKey * privk) - nss_ZFreeIf(privk); - } - -+/* decode and parse the rawkey into the lpk structure */ -+static pemLOWKEYPrivateKey * -+pem_getPrivateKey(PLArenaPool *arena, SECItem *rawkey, CK_RV * pError, NSSItem *modulus) -+{ -+ pemLOWKEYPrivateKey *lpk = NULL; -+ SECStatus rv = SECFailure; -+ NSSLOWKEYPrivateKeyInfo *pki = NULL; -+ SECItem *keysrc = NULL; -+ -+ /* make sure SECOID is initialized - not sure why we have to do this outside of nss_Init */ -+ if (SECSuccess != (rv = SECOID_Init())) { -+ *pError = CKR_GENERAL_ERROR; -+ return NULL; /* wha???? */ -+ } -+ -+ pki = (NSSLOWKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena, -+ sizeof(NSSLOWKEYPrivateKeyInfo)); -+ if(!pki) { -+ *pError = CKR_HOST_MEMORY; -+ goto done; -+ } -+ -+ /* let's first see if this is a "raw" RSA private key or an RSA private key in PKCS#8 format */ -+ rv = SEC_ASN1DecodeItem(arena, pki, pem_PrivateKeyInfoTemplate, rawkey); -+ if (rv != SECSuccess) { -+ /* not PKCS#8 - assume it's a "raw" RSA private key */ -+ keysrc = rawkey; -+ } else if (SECOID_GetAlgorithmTag(&pki->algorithm) == SEC_OID_PKCS1_RSA_ENCRYPTION) { -+ keysrc = &pki->privateKey; -+ } else { /* unsupported */ -+ *pError = CKR_FUNCTION_NOT_SUPPORTED; -+ goto done; -+ } -+ -+ lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL, -+ sizeof(pemLOWKEYPrivateKey)); -+ if (lpk == NULL) { -+ *pError = CKR_HOST_MEMORY; -+ goto done; -+ } -+ -+ lpk->arena = arena; -+ lpk->keyType = pemLOWKEYRSAKey; -+ prepare_low_rsa_priv_key_for_asn1(lpk); -+ -+ /* I don't know what this is supposed to accomplish. We free the old -+ modulus data and set it again, making a copy of the new data. -+ But we just allocated a new empty key structure above with -+ nss_ZAlloc. So lpk->u.rsa.modulus.data is NULL and -+ lpk->u.rsa.modulus.len. If the intention is to free the old -+ modulus data, why not just set it to NULL after freeing? Why -+ go through this unnecessary and confusing copying code? -+ */ -+ if (modulus) { -+ nss_ZFreeIf(modulus->data); -+ modulus->data = (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len); -+ modulus->size = lpk->u.rsa.modulus.len; -+ nsslibc_memcpy(modulus->data, lpk->u.rsa.modulus.data, -+ lpk->u.rsa.modulus.len); -+ } -+ -+ /* decode the private key and any algorithm parameters */ -+ rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate, -+ keysrc); -+ -+ if (rv != SECSuccess) { -+ goto done; -+ } -+ -+done: -+ return lpk; -+} -+ - void - pem_PopulateModulusExponent(pemInternalObject * io) - { -@@ -123,7 +225,7 @@ pem_PopulateModulusExponent(pemInternalObject * io) - const NSSItem *keyType = pem_FetchAttribute(io, CKA_KEY_TYPE); - pemLOWKEYPrivateKey *lpk = NULL; - PLArenaPool *arena; -- SECStatus rv; -+ CK_RV pError = 0; - - /* make sure we have the right objects */ - if (((const NSSItem *) NULL == classItem) || -@@ -140,26 +242,12 @@ pem_PopulateModulusExponent(pemInternalObject * io) - return; - } - -- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL, -- sizeof(pemLOWKEYPrivateKey)); -+ lpk = pem_getPrivateKey(arena, io->u.key.key.privateKey, &pError, NULL); - if (lpk == NULL) { - PORT_FreeArena(arena, PR_FALSE); - return; - } - -- lpk->arena = arena; -- lpk->keyType = pemLOWKEYRSAKey; -- prepare_low_rsa_priv_key_for_asn1(lpk); -- -- /* decode the private key and any algorithm parameters */ -- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate, -- io->u.key.key.privateKey); -- -- if (rv != SECSuccess) { -- PORT_FreeArena(arena, PR_FALSE); -- return; -- } -- - nss_ZFreeIf(io->u.key.key.modulus.data); - io->u.key.key.modulus.data = - (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len); -@@ -252,13 +340,6 @@ pem_mdCryptoOperationRSAPriv_Create - pemInternalCryptoOperationRSAPriv *iOperation; - pemLOWKEYPrivateKey *lpk = NULL; - PLArenaPool *arena; -- SECStatus rv; -- -- arena = PORT_NewArena(2048); -- if (!arena) { -- *pError = CKR_HOST_MEMORY; -- return (NSSCKMDCryptoOperation *) NULL; -- } - - /* make sure we have the right objects */ - if (((const NSSItem *) NULL == classItem) || -@@ -271,30 +352,15 @@ pem_mdCryptoOperationRSAPriv_Create - return (NSSCKMDCryptoOperation *) NULL; - } - -- lpk = (pemLOWKEYPrivateKey *) nss_ZAlloc(NULL, -- sizeof (pemLOWKEYPrivateKey)); -- if (lpk == NULL) { -+ arena = PORT_NewArena(2048); -+ if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *) NULL; - } -- lpk->arena = arena; -- lpk->keyType = pemLOWKEYRSAKey; -- prepare_low_rsa_priv_key_for_asn1(lpk); - -- nss_ZFreeIf(iKey->u.key.key.modulus.data); -- iKey->u.key.key.modulus.data = -- (void *) nss_ZAlloc(NULL, lpk->u.rsa.modulus.len); -- iKey->u.key.key.modulus.size = lpk->u.rsa.modulus.len; -- nsslibc_memcpy(iKey->u.key.key.modulus.data, lpk->u.rsa.modulus.data, -- lpk->u.rsa.modulus.len); -- -- /* decode the private key and any algorithm parameters */ -- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate, -- iKey->u.key.key.privateKey); -- -- if (rv != SECSuccess) { -+ lpk = pem_getPrivateKey(arena, iKey->u.key.key.privateKey, pError, &iKey->u.key.key.modulus); -+ if (lpk == NULL) { - PORT_FreeArena(arena, PR_FALSE); -- *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *) NULL; - } - -diff --git a/util.c b/util.c -index a6ca094..d02ee87 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/util.c -+++ b/mozilla/security/nss/lib/ckfw/pem/util.c -@@ -164,7 +164,8 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, - int key = 0; - while ((asc) && ((body = strstr(asc, "-----BEGIN")) != NULL)) { - key = 0; -- if (strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) { -+ if ((strncmp(body, "-----BEGIN RSA PRIVATE KEY", 25) == 0) || -+ (strncmp(body, "-----BEGIN PRIVATE KEY", 21) == 0)) { - key = 1; - c = body; - body = strchr(body, '\n'); --- -1.5.5.6 - diff --git a/nss/patches/0001-Bug-695011-PEM-logging.patch b/nss/patches/0001-Bug-695011-PEM-logging.patch new file mode 100644 index 0000000..2693d7c --- /dev/null +++ b/nss/patches/0001-Bug-695011-PEM-logging.patch @@ -0,0 +1,107 @@ +From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001 +From: Elio Maldonado emaldona@redhat.com +Date: Tue, 12 Apr 2011 09:31:48 -0700 +Subject: [PATCH] Bug 695011 PEM logging + +Use NSPR logging facilities for PEM logging to fix a segmenation violation +caused when user cannot for write a log file created by root +--- + mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++- + mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------ + 2 files changed, 22 insertions(+), 15 deletions(-) + +diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h +index 839d40b..720525e 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h ++++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h +@@ -1,3 +1,6 @@ ++#ifndef CKPEM_H ++#define CKPEM_H ++ + #include "nssckmdt.h" + #include "nssckfw.h" + #include "ckfwtm.h" +@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk); + /* ptoken.c */ + NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError); + ++/* util.c */ + void open_log(); +-void close_log(); + void plog(const char *fmt, ...); + +-#define PEM_H 1 ++#endif /* CKPEM_H */ +diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c +index 853f418..fafb924 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/util.c ++++ b/mozilla/security/nss/lib/ckfw/pem/util.c +@@ -41,6 +41,7 @@ + #include "prtime.h" + #include "prlong.h" + #include "prerror.h" ++#include "prlog.h" + #include "prprf.h" + #include "plgetopt.h" + #include "prenv.h" +@@ -51,6 +52,9 @@ + #include "cryptohi.h" + #include "secpkcs7.h" + #include "secerr.h" ++ ++#include "ckpem.h" ++ + #include <stdarg.h> + + #define CHUNK_SIZE 512 +@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, + return -1; + } + +-FILE *plogfile; ++#ifdef DEBUG ++#define LOGGING_BUFFER_SIZE 400 ++#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log" ++static const char *pemLogModuleName = "PEM"; ++static PRLogModuleInfo* pemLogModule; ++#endif + + void open_log() + { + #ifdef DEBUG +- plogfile = fopen("/tmp/pkcs11.log", "a"); +-#endif ++ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE"); + +- return; +-} ++ pemLogModule = PR_NewLogModule(pemLogModuleName); + +-void close_log() +-{ +-#ifdef DEBUG +- fclose(plogfile); ++ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE); ++ /* If false, the log file will remain what it was before */ + #endif +- return; + } + + void plog(const char *fmt, ...) + { + #ifdef DEBUG ++ char buf[LOGGING_BUFFER_SIZE]; + va_list ap; + + va_start(ap, fmt); +- vfprintf(plogfile, fmt, ap); ++ PR_vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); +- +- fflush(plogfile); ++ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf)); + #endif + } +-- +1.7.4.2 + diff --git a/nss/patches/0001-Do-not-define-SEC_SkipTemplate.patch b/nss/patches/0001-Do-not-define-SEC_SkipTemplate.patch deleted file mode 100644 index 23eb47d..0000000 --- a/nss/patches/0001-Do-not-define-SEC_SkipTemplate.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9b7334b61cf3277e5eb48b716f6719b4636e2572 Mon Sep 17 00:00:00 2001 -From: Rich Megginson rmeggins@redhat.com -Date: Mon, 12 Jul 2010 17:21:01 -0600 -Subject: [PATCH] Do not define SEC_SkipTemplate - -Building NSS with PEM support gives an error in pbobject due to multiple -definitions of SEC_SkipTemplate. This is already defined in libnssutil ---- - pobject.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/pobject.c b/pobject.c -index 81b9028..48f5e78 100644 ---- a/mozilla/security/nss/lib/ckfw/pem/pobject.c -+++ b/mozilla/security/nss/lib/ckfw/pem/pobject.c -@@ -172,6 +172,8 @@ static const NSSItem pem_trusted = { - (void *) &ckt_netscape_trusted, (PRUint32) sizeof(CK_TRUST) - }; - -+/* SEC_SkipTemplate is already defined and exported by libnssutil */ -+#ifdef SEC_SKIP_TEMPLATE - /* - * Template for skipping a subitem. - * -@@ -182,6 +184,7 @@ static const NSSItem pem_trusted = { - const SEC_ASN1Template SEC_SkipTemplate[] = { - {SEC_ASN1_SKIP} - }; -+#endif - - /* - * Find the subjectName in a DER encoded certificate --- -1.5.5.6 - diff --git a/nss/patches/0001-libnsspem-rhbz-734760.patch b/nss/patches/0001-libnsspem-rhbz-734760.patch new file mode 100644 index 0000000..45b4024 --- /dev/null +++ b/nss/patches/0001-libnsspem-rhbz-734760.patch @@ -0,0 +1,21 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c +--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700 ++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700 +@@ -1117,7 +1117,7 @@ pem_CreateObject + + nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs < 1) +- return (NSSCKMDObject *) NULL; ++ goto loser; + + objid = -1; + /* Brute force: find the id of the key, if any, in this slot */ +@@ -1176,7 +1176,7 @@ pem_CreateObject + + nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */); + if (nobjs < 1) +- return (NSSCKMDObject *) NULL; ++ goto loser; + + certDER.len = 0; /* in case there is no equivalent cert */ + certDER.data = NULL; diff --git a/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 b/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 new file mode 100644 index 0000000..934ea30 --- /dev/null +++ b/nss/patches/bz784672-protect-against-calls-before-nss_init.patch0 @@ -0,0 +1,40 @@ +diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c +--- mozilla/security/nss/lib/nss/nssinit.c.784672 2012-01-26 14:43:46.232357231 -0800 ++++ mozilla/security/nss/lib/nss/nssinit.c 2012-01-26 14:50:55.830512565 -0800 +@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF + { + int i; + ++ /* make sure our lock and condition variable are initialized one and only ++ * one time */ ++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { ++ return SECFailure; ++ } ++ + PZ_Lock(nssInitLock); + if (!NSS_IsInitialized()) { + PZ_Unlock(nssInitLock); +@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc + { + int i; + ++ /* make sure our lock and condition variable are initialized one and only ++ * one time */ ++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { ++ return SECFailure; ++ } + PZ_Lock(nssInitLock); + if (!NSS_IsInitialized()) { + PZ_Unlock(nssInitLock); +@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont + { + SECStatus rv = SECSuccess; + ++ /* make sure our lock and condition variable are initialized one and only ++ * one time */ ++ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { ++ return SECFailure; ++ } + PZ_Lock(nssInitLock); + /* If one or more threads are in the middle of init, wait for them + * to complete */ diff --git a/nss/patches/gnuc-minor-def-fix.patch b/nss/patches/gnuc-minor-def-fix.patch new file mode 100644 index 0000000..f210af2 --- /dev/null +++ b/nss/patches/gnuc-minor-def-fix.patch @@ -0,0 +1,12 @@ +diff -up nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h +--- nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h.fo 2011-11-10 12:44:17.683967574 -0600 ++++ nss-3.13.1/mozilla/security/nss/lib/util/pkcs11n.h 2011-11-10 12:44:24.146886778 -0600 +@@ -362,7 +362,7 @@ typedef CK_ULONG CK_TRUST; + * cast the resulting value to the deprecated type in the #define, thus + * producting the warning when the #define is used. + */ +-#if (__GNUC__ == 4) && (__GNUC_MINOR < 5) ++#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) + /* The mac doesn't like the friendlier deprecate messages. I'm assuming this + * is a gcc version issue rather than mac or ppc specific */ + typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); diff --git a/nss/patches/nofipstest.patch0 b/nss/patches/nofipstest.patch0 new file mode 100644 index 0000000..5f711be --- /dev/null +++ b/nss/patches/nofipstest.patch0 @@ -0,0 +1,19 @@ +diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn +--- ./mozilla/security/nss/cmd/manifest.mn.nofipstest 2011-12-03 22:54:40.969914919 -0800 ++++ ./mozilla/security/nss/cmd/manifest.mn 2011-12-03 22:55:12.348505822 -0800 +@@ -54,7 +54,6 @@ DIRS = lib \ + dbtest \ + derdump \ + digest \ +- fipstest \ + makepqg \ + multinit \ + ocspclnt \ +@@ -84,6 +83,7 @@ DIRS = lib \ + $(NULL) + + TEMPORARILY_DONT_BUILD = \ ++ fipstest \ + $(NULL) + + # rsaperf \ diff --git a/nss/patches/nosha224.patch0 b/nss/patches/nosha224.patch0 new file mode 100644 index 0000000..bd9d351 --- /dev/null +++ b/nss/patches/nosha224.patch0 @@ -0,0 +1,618 @@ +diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk +--- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800 ++++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800 +@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3 + USE_SYSTEM_FREEBL = 1 + FREEBL_LIBS = -lfreebl3 + ++# ++# Don't compile code that requires SHA224 if it isn't avilable ++# Such is the case when system freebl/softokn is the 3.12 one ++# ++ifdef NO_SHA224_AVAILABLE ++CFLAGS+=-DNO_SHA224_AVAILABLE ++endif ++ + # The -rpath '$$ORIGIN' linker option instructs this library to search for its + # dependencies in the same directory where it resides. + ifeq ($(BUILD_SUN_PKG), 1) +diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c +--- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700 ++++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800 +@@ -686,7 +686,9 @@ typedef enum { + bltestMD2, /* Hash algorithms */ + bltestMD5, /* . */ + bltestSHA1, /* . */ ++#ifndef NO_SHA224_AVAILABLE + bltestSHA224, /* . */ ++#endif + bltestSHA256, /* . */ + bltestSHA384, /* . */ + bltestSHA512, /* . */ +@@ -721,7 +723,9 @@ static char *mode_strings[] = + "md2", + "md5", + "sha1", ++#ifndef NO_SHA224_AVAILABLE + "sha224", ++#endif + "sha256", + "sha384", + "sha512", +@@ -1761,6 +1765,7 @@ finish: + return rv; + } + ++#ifndef NO_SHA224_AVAILABLE + SECStatus + SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) + { +@@ -1800,6 +1805,7 @@ finish: + SHA224_DestroyContext(cx, PR_TRUE); + return rv; + } ++#endif + + SECStatus + SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) +@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo, + cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; + return SECSuccess; + break; ++#ifndef NO_SHA224_AVAILABLE + case bltestSHA224: + restart = cipherInfo->params.hash.restart; + SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, +@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo, + cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart + : SHA224_HashBuf; + return SECSuccess; ++#endif + break; + case bltestSHA256: + restart = cipherInfo->params.hash.restart; +@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf + case bltestMD2: /* hash contexts are ephemeral */ + case bltestMD5: + case bltestSHA1: ++#ifndef NO_SHA224_AVAILABLE + case bltestSHA224: ++#endif + case bltestSHA256: + case bltestSHA384: + case bltestSHA512: +@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar + case bltestMD2: + case bltestMD5: + case bltestSHA1: ++#ifndef NO_SHA224_AVAILABLE + case bltestSHA224: ++#endif + case bltestSHA256: + case bltestSHA384: + case bltestSHA512: +diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c +--- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800 ++++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800 +@@ -41,6 +41,10 @@ + #include "blapi.h" + #include "secutil.h" + ++#ifdef NO_SHA224_AVAILABLE ++PRBool BLAPI_SHVerifyFile(const char *shName); ++#endif ++ + static int Usage() + { + fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n"); +diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c +--- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700 ++++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800 +@@ -86,6 +86,14 @@ static char consoleName[] = { + #include "nssutil.h" + #include "ssl.h" + ++/* Defined in ./mozilla/dist/public/nss/certdb.h which was included ++ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h ++ * but invisible here for some reason ++ */ ++#ifndef CERTDB_TERMINAL_RECORD ++#define CERTDB_TERMINAL_RECORD (1<<0) ++#endif ++ + + void + SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) +@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[] + { 0 } + }; + ++/* if no sha224 then no psapss either */ ++#ifndef NO_SHA224_AVAILABLE + void + secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level) + { +@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte + } + PORT_FreeArena(pool, PR_FALSE); + } ++#endif + + void + secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level) +@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo + return; + } + ++#ifndef NO_SHA224_AVAILABLE + if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { + secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1); + return; + } ++#endif + + if (a->parameters.len == 0 + || (a->parameters.len == 2 +@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char + hashAlgTag = SEC_OID_MD5; + } else if (!PL_strcmp(alg, "SHA1")) { + hashAlgTag = SEC_OID_SHA1; ++#ifndef NO_SHA224_AVAILABLE + } else if (!PL_strcmp(alg, "SHA224")) { + hashAlgTag = SEC_OID_SHA224; ++#endif + } else if (!PL_strcmp(alg, "SHA256")) { + hashAlgTag = SEC_OID_SHA256; + } else if (!PL_strcmp(alg, "SHA384")) { +diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c +--- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800 ++++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800 +@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR + + mech_str digestMechs[] = { + {CKM_SHA_1, "CKM_SHA_1 "}, ++#ifndef NO_SHA224_AVAILABLE + {CKM_SHA224, "CKM_SHA224"}, ++#endif + {CKM_SHA256, "CKM_SHA256"}, + {CKM_SHA384, "CKM_SHA384"}, + {CKM_SHA512, "CKM_SHA512"} + }; + mech_str hmacMechs[] = { + {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"}, ++#ifndef NO_SHA224_AVAILABLE + {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"}, ++#endif + {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"}, + {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"}, + {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"} + }; + mech_str sigRSAMechs[] = { + {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"}, ++#ifndef NO_SHA224_AVAILABLE + {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"}, ++#endif + {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"}, + {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"}, + {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"} +diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c +--- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700 ++++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800 +@@ -91,10 +91,12 @@ sha1_NewContext(void) { + return (void *) PK11_CreateDigestContext(SEC_OID_SHA1); + } + ++#ifndef NO_SHA224_AVAILABLE + static void * + sha224_NewContext(void) { + return (void *) PK11_CreateDigestContext(SEC_OID_SHA224); + } ++#endif + + static void * + sha256_NewContext(void) { +@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = { + SHA512_BLOCK_LENGTH, + HASH_AlgSHA512 + }, ++#ifndef NO_SHA224_AVAILABLE + { SHA224_LENGTH, + (void * (*)(void)) sha224_NewContext, + (void * (*)(void *)) PK11_CloneContext, +@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = { + SHA224_BLOCK_LENGTH, + HASH_AlgSHA224 + }, ++#endif + }; + + const SECHashObject * +@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO + case SEC_OID_MD2: ht = HASH_AlgMD2; break; + case SEC_OID_MD5: ht = HASH_AlgMD5; break; + case SEC_OID_SHA1: ht = HASH_AlgSHA1; break; ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_SHA224: ht = HASH_AlgSHA224; break; ++#endif + case SEC_OID_SHA256: ht = HASH_AlgSHA256; break; + case SEC_OID_SHA384: ht = HASH_AlgSHA384; break; + case SEC_OID_SHA512: ht = HASH_AlgSHA512; break; +@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ + case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break; ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break; ++#endif + case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break; + case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break; + case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break; +@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ + case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break; ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break; ++#endif + case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break; + case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break; + case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break; +diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c +--- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700 ++++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800 +@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) { + * should be handing us a cipher type */ + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: ++#endif + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: +diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c +--- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700 ++++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800 +@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey * + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ + break; +- ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + *hashalg = SEC_OID_SHA224; + break; ++#endif + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + *hashalg = SEC_OID_SHA256; +@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey * + len = SECKEY_PublicKeyStrength(key); + if (len < 28) { /* 28 bytes == 224 bits */ + *hashalg = SEC_OID_SHA1; ++#ifndef NO_SHA224_AVAILABLE + } else if (len < 32) { /* 32 bytes == 256 bits */ + *hashalg = SEC_OID_SHA224; ++#endif + } else if (len < 48) { /* 48 bytes == 384 bits */ + *hashalg = SEC_OID_SHA256; + } else if (len < 64) { /* 48 bytes == 512 bits */ +@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: ++#endif + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: +@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * + *encalg = SEC_OID_MISSI_DSS; + break; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: ++#ifndef NO_SHA224_AVAILABLE + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: ++#endif + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: +diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h +--- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800 +@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi + extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); + + /******************************************/ +- ++#ifndef NO_SHA224_AVAILABLE + extern SHA224Context *SHA224_NewContext(void); + extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit); + extern void SHA224_Begin(SHA224Context *cx); +@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S + extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space); + extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg); + extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src); ++#endif + + /******************************************/ + +diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c +--- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800 +@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect + JPAKE_Verify, + JPAKE_Round2, + JPAKE_Final, +- ++#ifndef NO_SHA224_AVAILABLE + /* End of Version 3.012 */ + + TLS_P_hash, +@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect + SHA224_Resurrect, + SHA224_Clone, + BLAPI_SHVerifyFile +- ++#endif + /* End of Version 3.013 */ + }; + +diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c +--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800 +@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void ) + 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, + 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, + 0xe0,0x68,0x47,0x7a}; +- ++#ifndef NO_SHA224_AVAILABLE + /* SHA-224 Known Digest Message (224-bits). */ + static const PRUint8 sha224_known_digest[] = { + 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb, + 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8, + 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64, + 0x9a,0xb8,0x98,0x4e}; +- ++#endif + /* SHA-256 Known Digest Message (256-bits). */ + static const PRUint8 sha256_known_digest[] = { + 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, +@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) + ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, + SHA1_LENGTH ) != 0 ) ) + return( CKR_DEVICE_ERROR ); +- ++#ifndef NO_SHA224_AVAILABLE + /***************************************************/ + /* SHA-224 Single-Round Known Answer Hashing Test. */ + /***************************************************/ +@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) + ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, + SHA224_LENGTH ) != 0 ) ) + return( CKR_DEVICE_ERROR ); +- ++#endif + /***************************************************/ + /* SHA-256 Single-Round Known Answer Hashing Test. */ + /***************************************************/ +diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c +--- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800 +@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[] + SHA512_BLOCK_LENGTH, + HASH_AlgSHA512 + }, ++#ifndef NO_SHA224_AVAILABLE + { SHA224_LENGTH, + (void * (*)(void)) SHA224_NewContext, + (void * (*)(void *)) null_hash_clone_context, +@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[] + SHA224_BLOCK_LENGTH, + HASH_AlgSHA224 + }, ++#endif + }; + + const SECHashObject * +diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c +--- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800 +@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S + memcpy(dest, src, sizeof *dest); + } + ++#ifndef NO_SHA224_AVAILABLE + /* ============= SHA224 implementation ================================== */ + + /* SHA-224 initial hash values */ +@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S + { + SHA256_Clone(dest, src); + } +- ++#endif + + /* ======= SHA512 and SHA384 common constants and defines ================= */ + +diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c +--- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700 ++++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800 +@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) + 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, + 0x5d, 0x0e, 0x1e, 0x11}; + ++#ifndef NO_SHA224_AVAILABLE + /* known SHA224 hmac (28 bytes) */ + static const PRUint8 known_SHA224_hmac[] = { + 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, + 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8, + 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64, + 0x9a, 0xb8, 0x98, 0x4e}; ++#endif + + /* known SHA256 hmac (32 bytes) */ + static const PRUint8 known_SHA256_hmac[] = { +@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) + /* HMAC SHA-224 Single-Round Known Answer Test. */ + /***************************************************/ + ++#ifndef NO_SHA224_AVAILABLE + hmac_status = sftk_fips_HMAC(hmac_computed, + HMAC_known_secret_key, + HMAC_known_secret_key_length, +@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) + ( PORT_Memcmp( hmac_computed, known_SHA224_hmac, + SHA224_LENGTH ) != 0 ) ) + return( CKR_DEVICE_ERROR ); ++#endif + + /***************************************************/ + /* HMAC SHA-256 Single-Round Known Answer Test. */ +@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void ) + 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, + 0xe0,0x68,0x47,0x7a}; + ++#ifndef NO_SHA224_AVAILABLE + /* SHA-224 Known Digest Message (224-bits). */ + static const PRUint8 sha224_known_digest[] = { + 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, + 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, + 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, + 0x8e,0x08,0xe5,0xcb}; ++#endif + + /* SHA-256 Known Digest Message (256-bits). */ + static const PRUint8 sha256_known_digest[] = { +@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) + /* SHA-224 Single-Round Known Answer Hashing Test. */ + /***************************************************/ + ++#ifndef NO_SHA224_AVAILABLE + sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, + FIPS_KNOWN_HASH_MESSAGE_LENGTH ); + +@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) + ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, + SHA224_LENGTH ) != 0 ) ) + return( CKR_DEVICE_ERROR ); ++#endif + + /***************************************************/ + /* SHA-256 Single-Round Known Answer Hashing Test. */ +diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c +--- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700 ++++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800 +@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h + INIT_MECH(CKM_MD2, MD2) + INIT_MECH(CKM_MD5, MD5) + INIT_MECH(CKM_SHA_1, SHA1) ++#ifndef NO_SHA224_AVAILABLE + INIT_MECH(CKM_SHA224, SHA224) ++#endif + INIT_MECH(CKM_SHA256, SHA256) + INIT_MECH(CKM_SHA384, SHA384) + INIT_MECH(CKM_SHA512, SHA512) +@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co + DOSUB(MD2) + DOSUB(MD5) + DOSUB(SHA1) ++#ifndef NO_SHA224_AVAILABLE + DOSUB(SHA224) ++#endif + DOSUB(SHA256) + DOSUB(SHA384) + DOSUB(SHA512) +@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe + INIT_RSA_SIGN_MECH(MD5) + INIT_RSA_SIGN_MECH(MD2) + INIT_RSA_SIGN_MECH(SHA1) ++#ifndef NO_SHA224_AVAILABLE + INIT_RSA_SIGN_MECH(SHA224) ++#endif + INIT_RSA_SIGN_MECH(SHA256) + INIT_RSA_SIGN_MECH(SHA384) + INIT_RSA_SIGN_MECH(SHA512) +@@ -2131,7 +2137,9 @@ finish_rsa: + + INIT_HMAC_MECH(MD2) + INIT_HMAC_MECH(MD5) ++#ifndef NO_SHA224_AVAILABLE + INIT_HMAC_MECH(SHA224) ++#endif + INIT_HMAC_MECH(SHA256) + INIT_HMAC_MECH(SHA384) + INIT_HMAC_MECH(SHA512) +@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h + INIT_RSA_VFY_MECH(MD5) + INIT_RSA_VFY_MECH(MD2) + INIT_RSA_VFY_MECH(SHA1) ++#ifndef NO_SHA224_AVAILABLE + INIT_RSA_VFY_MECH(SHA224) ++#endif + INIT_RSA_VFY_MECH(SHA256) + INIT_RSA_VFY_MECH(SHA384) + INIT_RSA_VFY_MECH(SHA512) +@@ -2626,7 +2636,9 @@ finish_rsa: + + INIT_HMAC_MECH(MD2) + INIT_HMAC_MECH(MD5) ++#ifndef NO_SHA224_AVAILABLE + INIT_HMAC_MECH(SHA224) ++#endif + INIT_HMAC_MECH(SHA256) + INIT_HMAC_MECH(SHA384) + INIT_HMAC_MECH(SHA512) +diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c +--- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800 ++++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800 +@@ -311,8 +311,10 @@ static const struct mechanismList mechan + CKF_SN_VR}, PR_TRUE}, + {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_SN_VR}, PR_TRUE}, ++#ifndef NO_SHA224_AVAILABLE + {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_SN_VR}, PR_TRUE}, ++#endif + {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_SN_VR}, PR_TRUE}, + {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, +@@ -401,9 +403,11 @@ static const struct mechanismList mechan + {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE}, + {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, + {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, ++#ifndef NO_SHA224_AVAILABLE + {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE}, + {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, + {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, ++#endif + {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE}, + {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, + {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, +diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c +--- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700 ++++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800 +@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY + case CKM_SHA_1: + case CKG_MGF1_SHA1: + return HASH_AlgSHA1; ++#ifndef NO_SHA224_AVAILABLE + case CKM_SHA224: + case CKG_MGF1_SHA224: + return HASH_AlgSHA224; ++#endif + case CKM_SHA256: + case CKG_MGF1_SHA256: + return HASH_AlgSHA256; +diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt +--- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700 ++++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800 +@@ -73,7 +73,6 @@ + 0 md2_-H MD2_Hash + 0 md5_-H MD5_Hash + 0 sha1_-H SHA1_Hash +- 0 sha224_-H SHA224_Hash + 0 sha256_-H SHA256_Hash + 0 sha384_-H SHA384_Hash + 0 sha512_-H SHA512_Hash diff --git a/nss/patches/nss-646045.patch0 b/nss/patches/nss-646045.patch0 new file mode 100644 index 0000000..5492127 --- /dev/null +++ b/nss/patches/nss-646045.patch0 @@ -0,0 +1,34 @@ +diff -up ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot ./mozilla/security/nss/tests/dbtests/dbtests.sh +--- ./mozilla/security/nss/tests/dbtests/dbtests.sh.noroot 2011-04-06 09:56:07.207701000 -0700 ++++ ./mozilla/security/nss/tests/dbtests/dbtests.sh 2011-04-06 10:19:54.159552000 -0700 +@@ -201,6 +201,9 @@ dbtest_main() + cat $RONLY_DIR/* > /dev/null + fi + ++ # skipping the next two tests when user is root, ++ # otherwise they would fail due to rooty powers ++ if [[ $EUID -ne 0 ]] then + ${BINDIR}/dbtest -d $RONLY_DIR + ret=$? + if [ $ret -ne 46 ]; then +@@ -208,6 +211,10 @@ dbtest_main() + else + html_passed "Dbtest r/w didn't work in an readonly dir $ret" + fi ++ else ++ html_passed "Skipping Dbtest r/w in a readonly dir because user is root" ++ fi ++ if [[ $EUID -ne 0 ]] then + ${BINDIR}/certutil -D -n "TestUser" -d . + ret=$? + if [ $ret -ne 255 ]; then +@@ -215,6 +222,9 @@ dbtest_main() + else + html_passed "Certutil didn't work in an readonly dir $ret" + fi ++ else ++ html_passed "Skipping Certutil delete cert in an readonly directory test because user is root" ++ fi + + Echo "test opening the database ronly in a readonly directory" + diff --git a/nss/patches/nss-ckbi-1.88.rtm.patch0 b/nss/patches/nss-ckbi-1.88.rtm.patch0 new file mode 100644 index 0000000..c6de789 --- /dev/null +++ b/nss/patches/nss-ckbi-1.88.rtm.patch0 @@ -0,0 +1,637 @@ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c +--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 16:29:17.081000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 08:11:57.000000000 -0700 +@@ -35,7 +35,7 @@ + * + * ***** END LICENSE BLOCK ***** */ + #ifdef DEBUG +-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $"; ++static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $"; + #endif /* DEBUG */ + + #ifndef BUILTINS_H +@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built + static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED + }; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED ++}; + #ifdef DEBUG + static const NSSItem nss_builtins_items_0 [] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, +@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_ + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"CVS ID", (PRUint32)7 }, + { (void *)"NSS", (PRUint32)4 }, +- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 } ++ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 } + }; + #endif /* DEBUG */ + static const NSSItem nss_builtins_items_1 [] = { +@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_ + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } + }; ++static const NSSItem nss_builtins_items_340 [] = { ++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, ++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, ++ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061" ++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" ++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" ++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" ++"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151" ++"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156" ++"\162\151\143\150\051" ++, (PRUint32)101 }, ++ { (void *)"0", (PRUint32)2 }, ++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" ++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" ++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" ++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" ++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" ++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" ++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" ++"\141\154\040\122\157\157\164" ++, (PRUint32)119 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007" ++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" ++"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023" ++"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124" ++"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060" ++"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145" ++"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163" ++"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023" ++"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" ++"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060" ++"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062" ++"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060" ++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" ++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" ++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" ++"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003" ++"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145" ++"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051" ++"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001" ++"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144" ++"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376" ++"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312" ++"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225" ++"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152" ++"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173" ++"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335" ++"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177" ++"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001" ++"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035" ++"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134" ++"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001" ++"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005" ++"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142" ++"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164" ++"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056" ++"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003" ++"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006" ++"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061" ++"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026" ++"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157" ++"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023" ++"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" ++"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061" ++"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171" ++"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040" ++"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004" ++"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072" ++"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165" ++"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103" ++"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060" ++"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027" ++"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015" ++"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201" ++"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005" ++"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325" ++"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377" ++"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222" ++"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113" ++"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362" ++"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305" ++"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143" ++"\131" ++, (PRUint32)977 } ++}; ++static const NSSItem nss_builtins_items_341 [] = { ++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, ++ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025" ++"\214\071\131\117" ++, (PRUint32)20 }, ++ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152" ++, (PRUint32)16 }, ++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" ++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" ++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" ++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" ++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" ++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" ++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" ++"\141\154\040\122\157\157\164" ++, (PRUint32)119 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } ++}; ++static const NSSItem nss_builtins_items_342 [] = { ++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, ++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, ++ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061" ++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" ++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" ++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" ++"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151" ++"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050" ++"\105\156\162\151\143\150\051" ++, (PRUint32)103 }, ++ { (void *)"0", (PRUint32)2 }, ++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" ++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" ++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" ++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" ++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" ++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" ++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" ++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" ++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" ++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" ++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" ++"\040\050\062\060\064\070\051" ++, (PRUint32)183 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007" ++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" ++"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012" ++"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060" ++"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162" ++"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070" ++"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056" ++"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061" ++"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071" ++"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114" ++"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023" ++"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162" ++"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157" ++"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061" ++"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065" ++"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060" ++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" ++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" ++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" ++"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003" ++"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145" ++"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143" ++"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015" ++"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202" ++"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065" ++"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140" ++"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026" ++"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313" ++"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336" ++"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245" ++"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044" ++"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167" ++"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026" ++"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166" ++"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063" ++"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312" ++"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364" ++"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046" ++"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150" ++"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205" ++"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060" ++"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006" ++"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001" ++"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006" ++"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005" ++"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006" ++"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006" ++"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072" ++"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156" ++"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006" ++"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005" ++"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167" ++"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171" ++"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004" ++"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072" ++"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145" ++"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003" ++"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060" ++"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321" ++"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160" ++"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003" ++"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153" ++"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003" ++"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001" ++"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014" ++"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063" ++"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142" ++"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264" ++"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251" ++"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330" ++"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327" ++"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013" ++"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113" ++"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227" ++"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100" ++"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247" ++"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011" ++"\355\020\342\305" ++, (PRUint32)1236 } ++}; ++static const NSSItem nss_builtins_items_343 [] = { ++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, ++ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151" ++"\005\155\061\046" ++, (PRUint32)20 }, ++ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362" ++, (PRUint32)16 }, ++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" ++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" ++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" ++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" ++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" ++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" ++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" ++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" ++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" ++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" ++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" ++"\040\050\062\060\064\070\051" ++, (PRUint32)183 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } ++}; + + builtinsInternalObject + nss_builtins_data[] = { +@@ -22944,11 +23216,15 @@ nss_builtins_data[] = { + { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} }, + { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} }, + { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} }, +- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} } ++ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }, ++ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} }, ++ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} }, ++ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} }, ++ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} } + }; + const PRUint32 + #ifdef DEBUG +- nss_builtins_nObjects = 339+1; ++ nss_builtins_nObjects = 343+1; + #else +- nss_builtins_nObjects = 339; ++ nss_builtins_nObjects = 343; + #endif /* DEBUG */ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt +--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 16:29:42.293000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 08:11:58.000000000 -0700 +@@ -34,7 +34,7 @@ + # the terms of any one of the MPL, the GPL or the LGPL. + # + # ***** END LICENSE BLOCK ***** +-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $" ++CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $" + + # + # certdata.txt +@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ ++# ++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++# ++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++CKA_SUBJECT MULTILINE_OCTAL ++\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061 ++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 ++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 ++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 ++\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151 ++\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156 ++\162\151\143\150\051 ++END ++CKA_ID UTF8 "0" ++CKA_ISSUER MULTILINE_OCTAL ++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 ++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 ++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 ++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 ++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 ++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 ++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 ++\141\154\040\122\157\157\164 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_VALUE MULTILINE_OCTAL ++\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007 ++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 ++\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023 ++\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124 ++\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060 ++\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145 ++\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163 ++\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023 ++\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 ++\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060 ++\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062 ++\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060 ++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 ++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 ++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 ++\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003 ++\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145 ++\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051 ++\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001 ++\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144 ++\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376 ++\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312 ++\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225 ++\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152 ++\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173 ++\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335 ++\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177 ++\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001 ++\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035 ++\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134 ++\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001 ++\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005 ++\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142 ++\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164 ++\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056 ++\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003 ++\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006 ++\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061 ++\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026 ++\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157 ++\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023 ++\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 ++\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061 ++\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171 ++\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040 ++\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004 ++\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072 ++\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165 ++\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103 ++\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060 ++\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027 ++\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015 ++\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201 ++\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005 ++\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325 ++\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377 ++\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222 ++\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113 ++\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362 ++\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305 ++\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143 ++\131 ++END ++ ++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CERT_SHA1_HASH MULTILINE_OCTAL ++\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025 ++\214\071\131\117 ++END ++CKA_CERT_MD5_HASH MULTILINE_OCTAL ++\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152 ++END ++CKA_ISSUER MULTILINE_OCTAL ++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 ++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 ++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 ++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 ++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 ++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 ++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 ++\141\154\040\122\157\157\164 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ ++# ++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++# ++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++CKA_SUBJECT MULTILINE_OCTAL ++\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061 ++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 ++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 ++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 ++\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151 ++\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050 ++\105\156\162\151\143\150\051 ++END ++CKA_ID UTF8 "0" ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 ++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 ++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 ++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 ++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 ++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 ++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 ++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 ++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 ++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 ++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 ++\040\050\062\060\064\070\051 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_VALUE MULTILINE_OCTAL ++\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007 ++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 ++\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012 ++\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060 ++\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162 ++\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070 ++\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056 ++\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061 ++\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071 ++\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114 ++\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023 ++\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162 ++\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 ++\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061 ++\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065 ++\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060 ++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 ++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 ++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 ++\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003 ++\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145 ++\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143 ++\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015 ++\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 ++\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065 ++\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140 ++\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026 ++\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313 ++\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336 ++\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245 ++\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044 ++\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167 ++\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026 ++\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166 ++\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063 ++\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312 ++\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364 ++\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046 ++\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150 ++\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205 ++\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060 ++\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 ++\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001 ++\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006 ++\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005 ++\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006 ++\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006 ++\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072 ++\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156 ++\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006 ++\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005 ++\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167 ++\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171 ++\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004 ++\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072 ++\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145 ++\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003 ++\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060 ++\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321 ++\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160 ++\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 ++\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153 ++\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003 ++\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001 ++\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014 ++\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063 ++\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142 ++\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264 ++\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251 ++\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330 ++\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327 ++\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013 ++\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113 ++\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227 ++\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100 ++\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247 ++\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011 ++\355\020\342\305 ++END ++ ++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CERT_SHA1_HASH MULTILINE_OCTAL ++\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151 ++\005\155\061\046 ++END ++CKA_CERT_MD5_HASH MULTILINE_OCTAL ++\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362 ++END ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 ++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 ++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 ++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 ++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 ++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 ++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 ++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 ++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 ++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 ++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 ++\040\050\062\060\064\070\051 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h +--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700 +@@ -77,8 +77,8 @@ + * of the comment in the CK_VERSION type definition. + */ + #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 +-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87 +-#define NSS_BUILTINS_LIBRARY_VERSION "1.87" ++#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88 ++#define NSS_BUILTINS_LIBRARY_VERSION "1.88" + + /* These version numbers detail the semantic changes to the ckfw engine. */ + #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/nss/patches/nss-enable-pem.patch b/nss/patches/nss-enable-pem.patch deleted file mode 100644 index a84907c..0000000 --- a/nss/patches/nss-enable-pem.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn ---- a/mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 -+++ b/mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 -@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife - - CORE_DEPTH = ../../.. - --DIRS = builtins -+DIRS = builtins pem - - PRIVATE_EXPORTS = \ - ck.h \ diff --git a/nss/patches/nss-enable-pem.patch0 b/nss/patches/nss-enable-pem.patch0 new file mode 100644 index 0000000..665a148 --- /dev/null +++ b/nss/patches/nss-enable-pem.patch0 @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn +--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 +@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife + + CORE_DEPTH = ../../.. + +-DIRS = builtins ++DIRS = builtins pem + + PRIVATE_EXPORTS = \ + ck.h \ diff --git a/nss/patches/nss-fix-gcc47-secmodt.patch0 b/nss/patches/nss-fix-gcc47-secmodt.patch0 new file mode 100644 index 0000000..361555e --- /dev/null +++ b/nss/patches/nss-fix-gcc47-secmodt.patch0 @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h +--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-01-30 16:14:41.179494528 -0500 ++++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-01-30 16:14:48.287424482 -0500 +@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags; + #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" + + #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \ +-"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})" ++"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})" + + #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module" + #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) diff --git a/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 b/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 new file mode 100644 index 0000000..28dfa48 --- /dev/null +++ b/nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0 @@ -0,0 +1,25 @@ +diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c +--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800 ++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800 +@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = { + 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + PR_FALSE, /* enableFalseStart */ +- PR_TRUE /* cbcRandomIV */ ++ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */ + }; + + sslSessionIDLookupFunc ssl_sid_lookup; +@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void) + PR_TRUE)); + } + ev = getenv("NSS_SSL_CBC_RANDOM_IV"); +- if (ev && ev[0] == '0') { +- ssl_defaults.cbcRandomIV = PR_FALSE; +- SSL_TRACE(("SSL: cbcRandomIV set to 0")); ++ if (ev && ev[0] == '1') { ++ ssl_defaults.cbcRandomIV = PR_TRUE; ++ SSL_TRACE(("SSL: cbcRandomIV set to 1")); + } + } + #endif /* NSS_HAVE_GETENV */ diff --git a/nss/patches/nss-sysinit-userdb-first.patch b/nss/patches/nss-sysinit-userdb-first.patch deleted file mode 100755 index cbfbb9a..0000000 --- a/nss/patches/nss-sysinit-userdb-first.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c ---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700 -+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700 -@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_ - sysdb = getSystemDB(); - userdb = getUserDB(); - -- /* Don't open root's user DB */ -+ /* return a list of databases to open. First the system database. */ -+ if (sysdb) { -+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; -+ module_list[next++] = PR_smprintf( -+ "library= " -+ "module="NSS system database" " -+ "parameters="configdir='sql:%s' tokenDescription='NSS system database' %s" " -+ "NSS="%sflags=internal,critical"",sysdb, readonly, nssflags); -+ } -+ -+ /* Next the user database, but not for root. */ - if (userdb != NULL && !userIsRoot()) { -- /* return a list of databases to open. First the user Database */ - module_list[next++] = PR_smprintf( - "library= " - "module="NSS User database" " -@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_ - userdb, stripped_parameters); - } - --#if 0 -- /* This doesn't actually work. If we register -- both this and the sysdb (in either order) -- then only one of them actually shows up */ -- -- /* Using a NULL filename as a Boolean flag to -- * prevent registering both an application-defined -- * db and the system db. rhbz #546211. -- */ -- PORT_Assert(filename); -- if (sysdb && PL_CompareStrings(filename, sysdb)) -- filename = NULL; -- else if (userdb && PL_CompareStrings(filename, userdb)) -- filename = NULL; -- -- if (filename && !userIsRoot()) { -- module_list[next++] = PR_smprintf( -- "library= " -- "module="NSS database" " -- "parameters="configdir='sql:%s' tokenDescription='NSS database sql:%s'" " -- "NSS="%sflags=internal"",filename, filename, nssflags); -- } --#endif -- -- /* now the system database (always read only unless it's root) */ -- if (sysdb) { -- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; -- module_list[next++] = PR_smprintf( -- "library= " -- "module="NSS system database" " -- "parameters="configdir='sql:%s' tokenDescription='NSS system database' %s" " -- "NSS="%sflags=internal,critical"",sysdb, readonly, nssflags); -- } -- - /* that was the last module */ - module_list[next] = 0; - diff --git a/nss/patches/nsspem-596674.patch b/nss/patches/nsspem-596674.patch deleted file mode 100644 index cfa44e6..0000000 --- a/nss/patches/nsspem-596674.patch +++ /dev/null @@ -1,127 +0,0 @@ -diff -up a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 b/mozilla/security/nss/lib/ckfw/pem/pinst.c ---- a/mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700 -+++ b/mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700 -@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c - buf = issuer->data + issuer->len; - - /* only wanted issuer/SN */ -- if (valid == NULL) { -+ if (subject == NULL || valid == NULL || subjkey == NULL) { - return SECSuccess; - } - /* validity */ -@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass, - memset(&o->u.trust, 0, sizeof(o->u.trust)); - break; - } -+ -+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1); -+ if (o->nickname == NULL) -+ goto fail; -+ strcpy(o->nickname, nickname); -+ -+ sprintf(id, "%d", objid); -+ len = strlen(id) + 1; /* zero terminate */ -+ o->id.data = (void *) nss_ZAlloc(NULL, len); -+ if (o->id.data == NULL) -+ goto fail; -+ (void) nsslibc_memcpy(o->id.data, id, len); -+ o->id.size = len; -+ - o->objClass = objClass; - o->type = type; - o->slotID = slotID; -+ - o->derCert = nss_ZNEW(NULL, SECItem); -+ if (o->derCert == NULL) -+ goto fail; - o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len); -+ if (o->derCert->data == NULL) -+ goto fail; - o->derCert->len = certDER->len; - nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len); - - switch (objClass) { - case CKO_CERTIFICATE: - case CKO_NETSCAPE_TRUST: -- GetCertFields(o->derCert->data, -- o->derCert->len, &issuer, &serial, -- &derSN, &subject, &valid, &subjkey); -+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len, -+ &issuer, &serial, &derSN, &subject, -+ &valid, &subjkey)) -+ goto fail; - - o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len); -+ if (o->u.cert.subject.data == NULL) -+ goto fail; - o->u.cert.subject.size = subject.len; - nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len); - - o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len); -+ if (o->u.cert.issuer.data == NULL) { -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } - o->u.cert.issuer.size = issuer.len; - nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len); - - o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len); -+ if (o->u.cert.serial.data == NULL) { -+ nss_ZFreeIf(o->u.cert.issuer.data); -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } - o->u.cert.serial.size = serial.len; - nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len); - break; - case CKO_PRIVATE_KEY: - o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem); -+ if (o->u.key.key.privateKey == NULL) -+ goto fail; - o->u.key.key.privateKey->data = - (void *) nss_ZAlloc(NULL, keyDER->len); -+ if (o->u.key.key.privateKey->data == NULL) { -+ nss_ZFreeIf(o->u.key.key.privateKey); -+ goto fail; -+ } - o->u.key.key.privateKey->len = keyDER->len; - nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data, - keyDER->len); - } - -- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1); -- strcpy(o->nickname, nickname); -- -- sprintf(id, "%d", objid); -- -- len = strlen(id) + 1; /* zero terminate */ -- o->id.data = (void *) nss_ZAlloc(NULL, len); -- (void) nsslibc_memcpy(o->id.data, id, len); -- o->id.size = len; - - return o; -+ -+fail: -+ if (o) { -+ if (o->derCert) { -+ nss_ZFreeIf(o->derCert->data); -+ nss_ZFreeIf(o->derCert); -+ } -+ nss_ZFreeIf(o->id.data); -+ nss_ZFreeIf(o->nickname); -+ nss_ZFreeIf(o); -+ } -+ return NULL; - } - - pemInternalObject * -@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla - /* object not found, we need to create it */ - pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER, - filename, objid, slotID); -+ if (io == NULL) -+ return NULL; - - io->gobjIndex = count; - diff --git a/nss/patches/nsspem-bz754771.patch0 b/nss/patches/nsspem-bz754771.patch0 new file mode 100644 index 0000000..1e64a42 --- /dev/null +++ b/nss/patches/nsspem-bz754771.patch0 @@ -0,0 +1,13 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c +--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800 ++++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-12-12 09:44:40.437096761 -0800 +@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla + if (io == NULL) + return NULL; + ++ /* initialize pointers to functions */ ++ pem_CreateMDObject(NULL, io, NULL); ++ + io->gobjIndex = count; + + /* add object to global array */ diff --git a/nss/patches/nsspem-createobject-initialize-pointer.patch0 b/nss/patches/nsspem-createobject-initialize-pointer.patch0 new file mode 100644 index 0000000..cdfdea3 --- /dev/null +++ b/nss/patches/nsspem-createobject-initialize-pointer.patch0 @@ -0,0 +1,11 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c +--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800 ++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700 +@@ -1179,6 +1179,7 @@ pem_CreateObject + return (NSSCKMDObject *) NULL; + + certDER.len = 0; /* in case there is no equivalent cert */ ++ certDER.data = NULL; + + objid = -1; + for (i = 0; i < pem_nobjs; i++) { diff --git a/nss/patches/nsspem-init-inform-not-thread-safe.patch0 b/nss/patches/nsspem-init-inform-not-thread-safe.patch0 new file mode 100644 index 0000000..2df4fbe --- /dev/null +++ b/nss/patches/nsspem-init-inform-not-thread-safe.patch0 @@ -0,0 +1,129 @@ +--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800 ++++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700 +@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla + size += PEM_ITEM_CHUNK; + } + gobj[count] = io; + count++; + pem_nobjs++; + + io->refCount ++; + return io; + } + + CK_RV + AddCertificate(char *certfile, char *keyfile, PRBool cacert, + CK_SLOT_ID slotID) + { + pemInternalObject *o; +- SECItem certDER; + CK_RV error = 0; + int objid, i; + int nobjs = 0; + SECItem **objs = NULL; + char *ivstring = NULL; + int cipher; + +- certDER.data = NULL; + nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs <= 0) { + nss_ZFreeIf(objs); + return CKR_GENERAL_ERROR; + } + + /* For now load as many certs as are in the file for CAs only */ + if (cacert) { + for (i = 0; i < nobjs; i++) { + char nickname[1024]; + objid = pem_nobjs + 1; + + snprintf(nickname, 1024, "%s - %d", certfile, i); + + o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL, +@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key + loser: + nss_ZFreeIf(objs); + nss_ZFreeIf(o); + return error; + } + + CK_RV + pem_Initialize + ( + NSSCKMDInstance * mdInstance, + NSSCKFWInstance * fwInstance, + NSSUTF8 * configurationData + ) + { + CK_RV rv; +- /* parse the initialization string and initialize CRLInstances */ ++ /* parse the initialization string */ + char **certstrings = NULL; ++ char *modparms = NULL; + PRInt32 numcerts = 0; + PRBool status, error = PR_FALSE; + int i; ++ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL; ++ ++ if (!fwInstance) return CKR_ARGUMENTS_BAD; ++ ++ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance); ++ if (modArgs && ++ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) { ++ return CKR_CANT_LOCK; ++ } + + if (pemInitialized) { + return CKR_OK; + } ++ + RNG_RNGInit(); + + open_log(); + + plog("pem_Initialize\n"); + +- unsigned char *modparms = NULL; +- if (!fwInstance) { +- return CKR_ARGUMENTS_BAD; +- } +- +- CK_C_INITIALIZE_ARGS_PTR modArgs = +- NSSCKFWInstance_GetInitArgs(fwInstance); + if (!modArgs || !modArgs->LibraryParameters) { + goto done; + } +- modparms = (unsigned char *) modArgs->LibraryParameters; ++ modparms = (char *) modArgs->LibraryParameters; + plog("Initialized with %s\n", modparms); + + /* + * The initialization string format is a space-delimited file of + * pairs of paths which are delimited by a semi-colon. The first + * entry of the pair is the path to the certificate file. The + * second is the path to the key file. + * + * CA certificates do not need the semi-colon. + * + * Example: + * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem + * + */ + status = +- pem_ParseString((const char *) modparms, ' ', &numcerts, ++ pem_ParseString(modparms, ' ', &numcerts, + &certstrings); + if (status == PR_FALSE) { + return CKR_ARGUMENTS_BAD; + } + + for (i = 0; i < numcerts && error != PR_TRUE; i++) { + char *cert = certstrings[i]; + PRInt32 attrcount = 0; + char **certattrs = NULL; + status = pem_ParseString(cert, ';', &attrcount, &certattrs); + if (status == PR_FALSE) { + error = PR_TRUE; + break; + } + diff --git a/nss/patches/renegotiate-transitional.patch b/nss/patches/renegotiate-transitional.patch deleted file mode 100644 index 0cd6556..0000000 --- a/nss/patches/renegotiate-transitional.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c ---- a/mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700 -+++ b/mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700 -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* noLocks */ - PR_FALSE, /* enableSessionTickets */ - PR_FALSE, /* enableDeflate */ -- 2, /* enableRenegotiation (default: requires extension) */ -+ 3, /* enableRenegotiation (default: transitional) */ - PR_FALSE, /* requireSafeNegotiation */ - PR_FALSE, /* enableFalseStart */ - }; diff --git a/nss/patches/renegotiate-transitional.patch0 b/nss/patches/renegotiate-transitional.patch0 new file mode 100644 index 0000000..989491d --- /dev/null +++ b/nss/patches/renegotiate-transitional.patch0 @@ -0,0 +1,12 @@ +diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c +--- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700 ++++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700 +@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + PR_FALSE, /* enableFalseStart */ + PR_TRUE /* cbcRandomIV */
hooks/post-receive -- IPFire 3.x development tree