2007-01-16 00:25:44 +01:00
|
|
|
#
|
2011-04-28 08:41:37 +02:00
|
|
|
# spec file for package mozilla-nss
|
2007-01-16 00:25:44 +01:00
|
|
|
#
|
2018-01-20 21:25:21 +01:00
|
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
- update to NSS 3.35
New functionality
* TLS 1.3 support has been updated to draft -23. This includes a
large number of changes since 3.34, which supported only draft
-18. See below for details.
New Types
* SSLHandshakeType - The type of a TLS handshake message.
* For the SSLSignatureScheme enum, the enumerated values
ssl_sig_rsa_pss_sha* are deprecated in response to a change in
TLS 1.3. Please use the equivalent ssl_sig_rsa_pss_rsae_sha*
for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys.
Note that this release does not include support for the latter.
Notable Changes
* Previously, NSS used the DBM file format by default. Starting
with version 3.35, NSS uses the SQL file format by default.
Additional information can be found on this Fedora Linux project
page: https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql
* Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
* For stronger security, when creating encrypted PKCS#7 or PKCS#12 data,
the iteration count for the password based encryption algorithm
has been increased to one million iterations. Note that debug builds
will use a lower count, for better performance in test environments.
* NSS 3.30 had introduced a regression, preventing NSS from reading
some AES encrypted data, produced by older versions of NSS.
NSS 3.35 fixes this regression and restores the ability to read
affected data.
* The following CA certificates were Removed:
OU = Security Communication EV RootCA1
CN = CA Disig Root R1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=256
2018-02-08 12:21:36 +01:00
|
|
|
# Copyright (c) 2006-2018 Wolfgang Rosenauer
|
2007-01-16 00:25:44 +01:00
|
|
|
#
|
2008-10-23 22:36:47 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
#
|
|
|
|
|
|
|
|
|
2018-03-16 07:37:00 +01:00
|
|
|
%global nss_softokn_fips_version 3.36
|
2008-03-26 16:24:30 +01:00
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
Name: mozilla-nss
|
2011-12-18 18:50:41 +01:00
|
|
|
BuildRequires: gcc-c++
|
2018-03-16 07:37:00 +01:00
|
|
|
BuildRequires: mozilla-nspr-devel >= 4.19
|
2011-12-18 18:50:41 +01:00
|
|
|
BuildRequires: pkg-config
|
2013-02-28 23:53:05 +01:00
|
|
|
BuildRequires: sqlite-devel
|
2012-06-01 22:35:17 +02:00
|
|
|
BuildRequires: zlib-devel
|
2018-06-23 16:10:30 +02:00
|
|
|
Version: 3.37.3
|
2011-12-18 18:50:41 +01:00
|
|
|
Release: 0
|
2009-01-09 01:35:33 +01:00
|
|
|
# bug437293
|
|
|
|
%ifarch ppc64
|
|
|
|
Obsoletes: mozilla-nss-64bit
|
|
|
|
%endif
|
|
|
|
#
|
2010-03-15 16:05:35 +01:00
|
|
|
Summary: Network Security Services
|
2012-10-25 16:10:44 +02:00
|
|
|
License: MPL-2.0
|
2007-01-16 00:25:44 +01:00
|
|
|
Group: System/Libraries
|
2011-12-18 18:50:41 +01:00
|
|
|
Url: http://www.mozilla.org/projects/security/pki/nss/
|
2018-06-23 16:10:30 +02:00
|
|
|
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_37_3_RTM/src/nss-%{version}.tar.gz
|
|
|
|
# hg clone https://hg.mozilla.org/projects/nss nss-3.37.3/nss ; cd nss-3.37.3/nss ; hg up NSS_3_37_3_RTM
|
2014-10-16 21:19:00 +02:00
|
|
|
#Source: nss-%{version}.tar.gz
|
2007-01-16 00:25:44 +01:00
|
|
|
Source1: nss.pc.in
|
|
|
|
Source3: nss-config.in
|
2009-12-21 14:21:30 +01:00
|
|
|
Source4: %{name}-rpmlintrc
|
|
|
|
Source5: baselibs.conf
|
2010-03-15 16:05:35 +01:00
|
|
|
Source6: setup-nsssysinit.sh
|
2010-06-03 22:48:06 +02:00
|
|
|
Source7: cert9.db
|
|
|
|
Source8: key4.db
|
|
|
|
Source9: pkcs11.txt
|
2011-04-28 08:41:37 +02:00
|
|
|
#Source10: PayPalEE.cert
|
- update to 3.18
* Firefox target release 38
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types:
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=175
2015-04-03 10:58:03 +02:00
|
|
|
Source99: %{name}.changes
|
2007-01-16 00:25:44 +01:00
|
|
|
Patch1: nss-opt.patch
|
2012-02-17 09:35:36 +01:00
|
|
|
Patch2: system-nspr.patch
|
2017-04-12 23:26:25 +02:00
|
|
|
Patch3: nss-no-rpath.patch
|
2018-06-07 15:20:25 +02:00
|
|
|
Patch4: add-relro-linker-option.patch
|
2017-04-12 23:26:25 +02:00
|
|
|
Patch5: malloc.patch
|
|
|
|
Patch6: nss-disable-ocsp-test.patch
|
|
|
|
Patch7: nss-sqlitename.patch
|
2017-10-04 22:50:43 +02:00
|
|
|
Patch8: bmo-1400603.patch
|
2017-12-11 09:31:33 +01:00
|
|
|
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
|
2009-04-29 00:40:53 +02:00
|
|
|
PreReq: mozilla-nspr >= %nspr_ver
|
2010-03-15 16:05:35 +01:00
|
|
|
PreReq: libfreebl3 >= %{nss_softokn_fips_version}
|
|
|
|
PreReq: libsoftokn3 >= %{nss_softokn_fips_version}
|
2013-07-03 12:36:27 +02:00
|
|
|
%if %{_lib} == lib64
|
|
|
|
Requires: libnssckbi.so()(64bit)
|
|
|
|
%else
|
2013-07-05 14:48:09 +02:00
|
|
|
Requires: libnssckbi.so
|
2013-07-03 12:36:27 +02:00
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2009-03-26 23:25:02 +01:00
|
|
|
%define nssdbdir %{_sysconfdir}/pki/nssdb
|
2012-02-17 09:35:36 +01:00
|
|
|
%ifnarch %sparc
|
2011-12-18 18:50:41 +01:00
|
|
|
%if ! 0%{?qemu_user_space_build}
|
- update to NSS 3.21
* required for Firefox 44.0
New functionality:
* certutil now supports a --rename option to change a nickname (bmo#1142209)
* TLS extended master secret extension (RFC 7627) is supported (bmo#1117022)
* New info functions added for use during mid-handshake callbacks (bmo#1084669)
New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
string, module parameters string, NSS specific parameters string, and NSS
configuration parameter string. The module represented by the module
structure is not loaded. The difference with SECMOD_CreateModule is the new
function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
to the handshake being completed, for use with the callbacks that are invoked
during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
library string, module name string, module parameters string, NSS specific
parameters string, and NSS configuration parameter strings. The returned
strings must be freed by the caller. The difference with
NSS_ArgParseModuleSpec is the new function handles NSS configuration
parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=203
2016-01-26 07:30:20 +01:00
|
|
|
# disabled temporarily bmo#1236340
|
|
|
|
%define run_testsuite 0
|
2010-07-09 20:06:01 +02:00
|
|
|
%endif
|
2011-12-18 18:50:41 +01:00
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
%description
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2007-01-16 00:25:44 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
Summary: Network (Netscape) Security Services development files
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2010-03-15 16:05:35 +01:00
|
|
|
Requires: libfreebl3
|
|
|
|
Requires: libsoftokn3
|
2018-03-16 07:37:00 +01:00
|
|
|
Requires: mozilla-nspr-devel >= 4.19
|
2012-06-01 22:35:17 +02:00
|
|
|
Requires: mozilla-nss = %{version}-%{release}
|
2009-01-09 01:35:33 +01:00
|
|
|
# bug437293
|
|
|
|
%ifarch ppc64
|
|
|
|
Obsoletes: mozilla-nss-devel-64bit
|
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
%description devel
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2007-01-16 00:25:44 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
2008-03-26 16:24:30 +01:00
|
|
|
%package tools
|
2009-06-02 12:26:37 +02:00
|
|
|
Summary: Tools for developing, debugging, and managing applications that use NSS
|
2008-03-26 16:24:30 +01:00
|
|
|
Group: System/Management
|
2009-04-29 00:40:53 +02:00
|
|
|
PreReq: mozilla-nss >= %{version}
|
2008-03-26 16:24:30 +01:00
|
|
|
|
|
|
|
%description tools
|
|
|
|
The NSS Security Tools allow developers to test, debug, and manage
|
|
|
|
applications that use NSS.
|
|
|
|
|
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%package sysinit
|
|
|
|
Summary: System NSS Initialization
|
|
|
|
Group: System/Management
|
|
|
|
Requires: mozilla-nss >= %{version}
|
|
|
|
Requires(post): coreutils
|
|
|
|
|
|
|
|
%description sysinit
|
|
|
|
Default Operation System module that manages applications loading
|
|
|
|
NSS globally on the system. This module loads the system defined
|
|
|
|
PKCS #11 modules for NSS and chains with other NSS modules to load
|
|
|
|
any system or user configured modules.
|
|
|
|
|
|
|
|
|
2009-04-29 00:40:53 +02:00
|
|
|
%package -n libfreebl3
|
|
|
|
Summary: Freebl library for the Network Security Services
|
|
|
|
Group: System/Libraries
|
2015-06-24 19:52:00 +02:00
|
|
|
Provides: libfreebl3-hmac
|
2009-04-29 00:40:53 +02:00
|
|
|
|
|
|
|
%description -n libfreebl3
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2009-04-29 00:40:53 +02:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
|
|
This package installs the freebl library from NSS.
|
|
|
|
|
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%package -n libsoftokn3
|
2011-08-24 10:38:15 +02:00
|
|
|
Summary: Network Security Services Softoken Module
|
2010-03-15 16:05:35 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
Requires: libfreebl3 = %{version}-%{release}
|
2015-06-24 19:52:00 +02:00
|
|
|
Provides: libsoftokn3-hmac
|
2010-03-15 16:05:35 +01:00
|
|
|
|
|
|
|
%description -n libsoftokn3
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2010-03-15 16:05:35 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
2010-11-09 11:00:46 +01:00
|
|
|
Network Security Services Softoken Cryptographic Module
|
2010-03-15 16:05:35 +01:00
|
|
|
|
|
|
|
|
2009-12-21 14:21:30 +01:00
|
|
|
%package certs
|
|
|
|
Summary: CA certificates for NSS
|
|
|
|
Group: Productivity/Networking/Security
|
|
|
|
|
|
|
|
%description certs
|
2010-11-09 11:00:46 +01:00
|
|
|
This package contains the integrated CA root certificates from the
|
2009-12-21 14:21:30 +01:00
|
|
|
Mozilla project.
|
|
|
|
|
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
%prep
|
|
|
|
%setup -n nss-%{version} -q
|
2013-06-12 10:21:54 +02:00
|
|
|
cd nss
|
2013-06-11 17:41:13 +02:00
|
|
|
%patch1 -p1
|
|
|
|
%patch2 -p1
|
2017-04-12 23:26:25 +02:00
|
|
|
%patch3 -p1
|
2018-06-07 15:20:25 +02:00
|
|
|
%patch4 -p1
|
2009-06-09 17:44:32 +02:00
|
|
|
%if %suse_version > 1110
|
2017-04-12 23:26:25 +02:00
|
|
|
%patch5 -p1
|
2009-06-09 17:44:32 +02:00
|
|
|
%endif
|
2017-04-12 23:26:25 +02:00
|
|
|
%patch6 -p1
|
2013-06-11 17:41:13 +02:00
|
|
|
%patch7 -p1
|
2017-10-04 22:50:43 +02:00
|
|
|
%patch8 -p1
|
2007-01-16 00:25:44 +01:00
|
|
|
# additional CA certificates
|
|
|
|
#cd security/nss/lib/ckfw/builtins
|
|
|
|
#cat %{SOURCE2} >> certdata.txt
|
|
|
|
#make generate
|
|
|
|
|
|
|
|
%build
|
2013-06-12 10:21:54 +02:00
|
|
|
cd nss
|
- update to 3.18
* Firefox target release 38
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types:
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=175
2015-04-03 10:58:03 +02:00
|
|
|
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{S:99}")"
|
2011-05-23 20:44:21 +02:00
|
|
|
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
|
|
|
|
TIME="\"$(date -d "${modified}" "+%%R")\""
|
|
|
|
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
|
|
|
|
|
2018-01-20 21:25:21 +01:00
|
|
|
export NSS_NO_PKCS11_BYPASS=1
|
2010-11-09 11:00:46 +01:00
|
|
|
export FREEBL_NO_DEPEND=1
|
2014-02-25 13:02:07 +01:00
|
|
|
export FREEBL_LOWHASH=1
|
2007-01-16 00:25:44 +01:00
|
|
|
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
|
|
|
export NSPR_LIB_DIR=`nspr-config --libdir`
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
export OPT_FLAGS="%{optflags} -fno-strict-aliasing"
|
2007-01-16 00:25:44 +01:00
|
|
|
export LIBDIR=%{_libdir}
|
2018-06-19 17:07:03 +02:00
|
|
|
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64 riscv64
|
2007-01-16 00:25:44 +01:00
|
|
|
export USE_64=1
|
|
|
|
%endif
|
2008-03-26 16:24:30 +01:00
|
|
|
export NSS_USE_SYSTEM_SQLITE=1
|
2013-02-28 23:53:05 +01:00
|
|
|
#export SQLITE_LIB_NAME=nsssqlite3
|
- update to 3.16
* required for Firefox 29
* bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
character should not be embedded within the U-label of an
internationalized domain name. See the last bullet point in RFC 6125,
Section 7.2.
* Supports the Linux x32 ABI. To build for the Linux x32 target, set
the environment variable USE_X32=1 when building NSS.
New Functions:
* NSS_CMSSignerInfo_Verify
New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
cipher suites that were first defined in SSL 3.0 can now be referred
to with their official IANA names in TLS, with the TLS_ prefix.
Previously, they had to be referred to with their names in SSL 3.0,
with the SSL_ prefix.
Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
text that aren't in base64 format.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=155
2014-03-21 22:54:13 +01:00
|
|
|
MAKE_FLAGS="BUILD_OPT=1"
|
2008-04-21 01:25:47 +02:00
|
|
|
make nss_build_all $MAKE_FLAGS
|
2008-10-23 22:36:47 +02:00
|
|
|
# run testsuite
|
2010-07-09 20:06:01 +02:00
|
|
|
%if 0%{?run_testsuite}
|
2008-10-23 22:36:47 +02:00
|
|
|
export BUILD_OPT=1
|
|
|
|
export HOST="localhost"
|
|
|
|
export DOMSUF=" "
|
|
|
|
export USE_IP=TRUE
|
|
|
|
export IP_ADDRESS="127.0.0.1"
|
|
|
|
cd tests
|
|
|
|
./all.sh
|
2009-03-26 23:25:02 +01:00
|
|
|
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
|
2008-10-23 22:36:47 +02:00
|
|
|
echo "Testsuite FAILED"
|
|
|
|
exit 1
|
|
|
|
fi
|
2009-06-02 12:26:37 +02:00
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
%install
|
2013-06-12 10:21:54 +02:00
|
|
|
cd nss
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
mkdir -p %{buildroot}%{_libdir}
|
|
|
|
mkdir -p %{buildroot}%{_libexecdir}/nss
|
|
|
|
mkdir -p %{buildroot}%{_includedir}/nss3
|
|
|
|
mkdir -p %{buildroot}%{_bindir}
|
|
|
|
mkdir -p %{buildroot}%{_sbindir}
|
|
|
|
mkdir -p %{buildroot}/%{_lib}
|
|
|
|
mkdir -p %{buildroot}%{nssdbdir}
|
2013-06-11 17:41:13 +02:00
|
|
|
pushd ../dist/Linux*
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy headers
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
cp -rL ../public/nss/*.h %{buildroot}%{_includedir}/nss3
|
2015-09-24 11:37:13 +02:00
|
|
|
# copy some freebl include files we also want
|
|
|
|
for file in blapi.h alghmac.h
|
|
|
|
do
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
cp -L ../private/nss/$file %{buildroot}/%{_includedir}/nss3
|
2015-09-24 11:37:13 +02:00
|
|
|
done
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy dynamic libs
|
|
|
|
cp -L lib/libnss3.so \
|
2008-03-26 16:24:30 +01:00
|
|
|
lib/libnssdbm3.so \
|
2009-08-08 01:32:03 +02:00
|
|
|
lib/libnssdbm3.chk \
|
2008-03-26 16:24:30 +01:00
|
|
|
lib/libnssutil3.so \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libnssckbi.so \
|
2010-03-15 16:05:35 +01:00
|
|
|
lib/libnsssysinit.so \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libsmime3.so \
|
|
|
|
lib/libsoftokn3.so \
|
|
|
|
lib/libsoftokn3.chk \
|
|
|
|
lib/libssl3.so \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libdir}
|
2009-04-29 00:40:53 +02:00
|
|
|
cp -L lib/libfreebl3.so \
|
|
|
|
lib/libfreebl3.chk \
|
2016-07-31 12:48:39 +02:00
|
|
|
lib/libfreeblpriv3.so \
|
|
|
|
lib/libfreeblpriv3.chk \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}/%{_lib}
|
2013-02-28 23:53:05 +01:00
|
|
|
#cp -L lib/libnsssqlite3.so \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
# %{buildroot}%{_libdir}
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy static libs
|
|
|
|
cp -L lib/libcrmf.a \
|
2015-09-24 19:37:48 +02:00
|
|
|
lib/libfreebl.a \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libnssb.a \
|
|
|
|
lib/libnssckfw.a \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libdir}
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy tools
|
|
|
|
cp -L bin/certutil \
|
2008-03-26 16:24:30 +01:00
|
|
|
bin/cmsutil \
|
|
|
|
bin/crlutil \
|
2007-01-16 00:25:44 +01:00
|
|
|
bin/modutil \
|
|
|
|
bin/pk12util \
|
|
|
|
bin/signtool \
|
2008-03-26 16:24:30 +01:00
|
|
|
bin/signver \
|
2007-01-16 00:25:44 +01:00
|
|
|
bin/ssltap \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_bindir}
|
2008-03-26 16:24:30 +01:00
|
|
|
# copy unsupported tools
|
|
|
|
cp -L bin/atob \
|
|
|
|
bin/btoa \
|
|
|
|
bin/derdump \
|
|
|
|
bin/ocspclnt \
|
|
|
|
bin/pp \
|
|
|
|
bin/selfserv \
|
|
|
|
bin/shlibsign \
|
|
|
|
bin/strsclnt \
|
|
|
|
bin/symkeyutil \
|
|
|
|
bin/tstclnt \
|
|
|
|
bin/vfyserv \
|
|
|
|
bin/vfychain \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libexecdir}/nss
|
2007-01-16 00:25:44 +01:00
|
|
|
# prepare pkgconfig file
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
mkdir -p %{buildroot}%{_libdir}/pkgconfig/
|
2007-01-16 00:25:44 +01:00
|
|
|
sed "s:%%LIBDIR%%:%{_libdir}:g
|
2009-04-29 00:40:53 +02:00
|
|
|
s:%%VERSION%%:%{version}:g
|
|
|
|
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/nss.pc
|
2007-01-16 00:25:44 +01:00
|
|
|
# prepare nss-config file
|
|
|
|
popd
|
2014-07-05 15:02:10 +02:00
|
|
|
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'`
|
|
|
|
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | gawk '{print $3}'`
|
|
|
|
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | gawk '{print $3}'`
|
2007-01-16 00:25:44 +01:00
|
|
|
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
|
|
|
|
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
|
|
|
|
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
> %{buildroot}/%{_bindir}/nss-config
|
|
|
|
chmod 755 %{buildroot}/%{_bindir}/nss-config
|
2010-03-15 16:05:35 +01:00
|
|
|
# setup-nsssysinfo.sh
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
install -m 744 %{SOURCE6} %{buildroot}%{_sbindir}/
|
2010-09-27 00:45:55 +02:00
|
|
|
# create empty NSS database
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/modutil -force -dbdir "sql:%{buildroot}%{nssdbdir}" -create
|
|
|
|
#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/certutil -N -d "sql:%{buildroot}%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
|
|
|
|
#chmod 644 "%{buildroot}%{nssdbdir}"/*
|
2010-09-27 00:45:55 +02:00
|
|
|
#sed "s:%{buildroot}::g
|
|
|
|
#s/^library=$/library=libnsssysinit.so/
|
|
|
|
#/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
# %{buildroot}%{nssdbdir}/pkcs11.txt > %{buildroot}%{nssdbdir}/pkcs11.txt.sed
|
|
|
|
# mv %{buildroot}%{nssdbdir}/pkcs11.txt{.sed,}
|
2010-06-03 22:48:06 +02:00
|
|
|
# copy empty NSS database
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
install -m 644 %{SOURCE7} %{buildroot}%{nssdbdir}
|
|
|
|
install -m 644 %{SOURCE8} %{buildroot}%{nssdbdir}
|
|
|
|
install -m 644 %{SOURCE9} %{buildroot}%{nssdbdir}
|
2009-06-09 17:44:32 +02:00
|
|
|
# create shlib sigs after extracting debuginfo
|
|
|
|
%define __spec_install_post \
|
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
|
%{__arch_install_post} \
|
|
|
|
%{__os_install_post} \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libsoftokn3.so \
|
|
|
|
LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libnssdbm3.so \
|
|
|
|
LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreebl3.so \
|
|
|
|
LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreeblpriv3.so \
|
2009-06-09 17:44:32 +02:00
|
|
|
%{nil}
|
2007-09-14 00:46:20 +02:00
|
|
|
|
2009-06-09 17:44:32 +02:00
|
|
|
%post -p /sbin/ldconfig
|
2008-03-26 16:24:30 +01:00
|
|
|
|
2008-04-03 01:00:13 +02:00
|
|
|
%postun -p /sbin/ldconfig
|
2008-03-26 16:24:30 +01:00
|
|
|
|
2009-04-29 00:40:53 +02:00
|
|
|
%post -n libfreebl3 -p /sbin/ldconfig
|
|
|
|
|
|
|
|
%postun -n libfreebl3 -p /sbin/ldconfig
|
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%post -n libsoftokn3 -p /sbin/ldconfig
|
|
|
|
|
|
|
|
%postun -n libsoftokn3 -p /sbin/ldconfig
|
|
|
|
|
|
|
|
%post sysinit
|
|
|
|
/sbin/ldconfig
|
|
|
|
# make sure the current config is enabled
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh on
|
|
|
|
|
|
|
|
%preun sysinit
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh off
|
2007-09-14 00:46:20 +02:00
|
|
|
fi
|
2007-01-16 00:25:44 +01:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%postun sysinit -p /sbin/ldconfig
|
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
%files
|
|
|
|
%defattr(-, root, root)
|
2009-04-29 00:40:53 +02:00
|
|
|
%{_libdir}/libnss3.so
|
|
|
|
%{_libdir}/libnssutil3.so
|
|
|
|
%{_libdir}/libsmime3.so
|
|
|
|
%{_libdir}/libssl3.so
|
2013-02-28 23:53:05 +01:00
|
|
|
#%{_libdir}/libnsssqlite3.so
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
%files devel
|
|
|
|
%defattr(644, root, root, 755)
|
|
|
|
%{_includedir}/nss3/
|
|
|
|
%{_libdir}/*.a
|
|
|
|
%{_libdir}/pkgconfig/*
|
|
|
|
%attr(755,root,root) %{_bindir}/nss-config
|
|
|
|
|
2008-03-26 16:24:30 +01:00
|
|
|
%files tools
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_bindir}/*
|
2010-03-15 16:05:35 +01:00
|
|
|
%exclude %{_sbindir}/setup-nsssysinit.sh
|
2009-07-29 17:52:36 +02:00
|
|
|
%{_libexecdir}/nss/
|
2008-03-26 16:24:30 +01:00
|
|
|
%exclude %{_bindir}/nss-config
|
2009-04-29 00:40:53 +02:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%files sysinit
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%dir %{_sysconfdir}/pki
|
|
|
|
%dir %{_sysconfdir}/pki/nssdb
|
|
|
|
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
|
|
|
|
%{_libdir}/libnsssysinit.so
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh
|
|
|
|
|
2009-04-29 00:40:53 +02:00
|
|
|
%files -n libfreebl3
|
|
|
|
%defattr(-, root, root)
|
|
|
|
/%{_lib}/libfreebl3.so
|
2009-07-29 17:52:36 +02:00
|
|
|
/%{_lib}/libfreebl3.chk
|
2016-07-31 12:48:39 +02:00
|
|
|
/%{_lib}/libfreeblpriv3.so
|
|
|
|
/%{_lib}/libfreeblpriv3.chk
|
2009-05-28 01:43:25 +02:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%files -n libsoftokn3
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_libdir}/libsoftokn3.so
|
|
|
|
%{_libdir}/libsoftokn3.chk
|
|
|
|
%{_libdir}/libnssdbm3.so
|
|
|
|
%{_libdir}/libnssdbm3.chk
|
|
|
|
|
2009-12-21 14:21:30 +01:00
|
|
|
%files certs
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_libdir}/libnssckbi.so
|
|
|
|
|
2007-02-22 14:30:50 +01:00
|
|
|
%changelog
|