+%define nspr_ver 1:4.17
%define foover %(echo %{version} | tr . _)
Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
-Version: 3.12
-Release: 2
+Version: 3.34.1
+Release: 1
Epoch: 1
-License: MPL v1.1 or GPL v2+ or LGPL v2.1+
+License: MPL v2.0
Group: Libraries
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/dbm -r DBM_1_61_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/dbm -r DBM_1_61_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/coreconf -r NSS_3_9_4_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/nss -r NSS_3_9_4_RTM
-#Source0: %{name}-%{version}.tar.bz2
-Source0: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
-# Source0-md5: 917f4e05f3982bd7fceaede197f0e1d4
+Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
+# Source0-md5: 5922468bb1c54e4c8067f153fcf467e5
Source1: %{name}-mozilla-nss.pc
Source2: %{name}-config.in
-Patch0: %{name}-Makefile.patch
-URL: http://www.mozilla.org/projects/security/pki/nss/
-BuildRequires: nspr-devel >= 1:4.7
+Source3: http://www.cacert.org/certs/root.der
+# Source3-md5: a61b375e390d9c3654eebd2031461f6b
+Source4: nss-softokn.pc.in
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch0: x32.patch
+URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+BuildRequires: nspr-devel >= %{nspr_ver}
+BuildRequires: nss-tools
+BuildRequires: perl-base
BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
BuildConflicts: mozilla < 0.9.6-3
-Requires: nspr >= 1:4.7
+Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
+Requires: nspr >= %{nspr_ver}
Obsoletes: libnss3
+# needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
+Conflicts: firefox < 50.1.0-2
+Conflicts: iceape < 2.46-1
+Conflicts: iceweasel < 51
+Conflicts: mozilla-firefox < 51
+Conflicts: seamonkey < 2.47
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define specflags -fno-strict-aliasing
Summary(pl.UTF-8): NSS - pliki nagłówkowe
Group: Development/Libraries
Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: nspr-devel >= 1:4.7
+Requires: nspr-devel >= %{nspr_ver}
Obsoletes: libnss3-devel
%description devel
%description static -l pl.UTF-8
Statyczne wersje bibliotek z NSS.
+%package softokn-freebl
+Summary: Freebl library for the Network Security Services
+Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
+Group: Libraries
+
+%description softokn-freebl
+Freebl cryptographic library for the Network Security Services.
+
+%description softokn-freebl -l pl.UTF-8
+Biblioteka kryptograficzna freebl dla bibliotek NSS.
+
%prep
%setup -q
%patch0 -p1
%if 0%{!?debug:1}
# strip before signing
-sed -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' mozilla/security/nss/cmd/shlibsign/sign.sh
+%{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh
%endif
%build
-cd mozilla/security/nss
+# http://wiki.cacert.org/wiki/NSSLib
+addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
-%ifarch %{x8664} ppc64
+%ifarch %{x8664} ppc64 sparc64
export USE_64=1
%endif
-%{__make} -j1 build_coreconf \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- BUILD_OPT=1 \
- CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}"
-
-%{__make} -j1 build_dbm \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- BUILD_OPT=1 \
+# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
+for dir in ecc noecc; do
+ install -d $dir
+ cp -a nss $dir/nss
+done
+
+export BUILD_OPT=1
+export MOZILLA_CLIENT=1
+export NSDISTMODE=copy
+export NSPR_INCLUDE_DIR=/usr/include/nspr
+export NSS_USE_SYSTEM_SQLITE=1
+export USE_PTHREADS=1
+export USE_SYSTEM_ZLIB=1
+export ZLIB_LIBS="-lz"
+%ifarch x32
+export USE_X32=1
+%endif
+
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
+
+# Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
+# Thus we also build noecc version (which doesn't require hack) and use these
+# libs from there.
+%{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
+%{__make} -j1 -C ecc/nss \
+ NSS_ECC_MORE_THAN_SUITE_B=1 \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}" \
- PLATFORM="pld"
-
-%{__make} -j1 all \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- USE_SYSTEM_ZLIB=1 \
- ZLIB_LIBS="-lz" \
- BUILD_OPT=1 \
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+
+%{__make} -j1 -C noecc/nss \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}" \
- PLATFORM="pld"
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}"
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir}/nss,%{_libdir},%{_pkgconfigdir}}
+install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
-install mozilla/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/pld/bin/* $RPM_BUILD_ROOT%{_bindir}
-install mozilla/dist/pld/lib/* $RPM_BUILD_ROOT%{_libdir}
+cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
+cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
+cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
+install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir}
+install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir}
+
+# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
+install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir}
+install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir}
+install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir}
+
+cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
%{__sed} -e '
s#libdir=.*#libdir=%{_libdir}#g
s#includedir=.*#includedir=%{_includedir}#g
s#VERSION#%{version}#g
-' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
-ln -s mozilla-nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
+' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
+# compatibility symlink
+ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
+
+cat %{SOURCE4} | \
+sed -e "s,%%libdir%%,%{_libdir},g" \
+ -e "s,%%prefix%%,%{_prefix},g" \
+ -e "s,%%exec_prefix%%,%{_prefix},g" \
+ -e "s,%%includedir%%,%{_includedir}/nss,g" \
+ -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
+ -e "s,%%NSS_VERSION%%,%{version},g" \
+ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
+ $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
-NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
-NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
-NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
+NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
%{__sed} -e "
s,@libdir@,%{_libdir},g
s,@prefix@,%{_prefix},g
" %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
-# resolve conflict with squid
-mv -f $RPM_BUILD_ROOT%{_bindir}/{,nss-}client
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk
+
+# conflict with openssl-static
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
+
+# unit tests
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,ssl,util}_gtest
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
+
+if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
+ echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
+ exit 1
+fi
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
+# COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
+%doc nss/{COPYING,trademarks.txt}
%attr(755,root,root) %{_libdir}/libfreebl3.so
+%attr(755,root,root) %{_libdir}/libfreeblpriv3.so
%attr(755,root,root) %{_libdir}/libnss3.so
%attr(755,root,root) %{_libdir}/libnssckbi.so
%attr(755,root,root) %{_libdir}/libnssdbm3.so
%attr(755,root,root) %{_libdir}/libsoftokn3.so
%attr(755,root,root) %{_libdir}/libssl3.so
%{_libdir}/libfreebl3.chk
+%{_libdir}/libfreeblpriv3.chk
+%{_libdir}/libnssdbm3.chk
%{_libdir}/libsoftokn3.chk
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/nss-config
-%{_includedir}/nss
+%{_libdir}/libcpputil.a
%{_libdir}/libcrmf.a
+%{_libdir}/libfreebl.a
+%{_includedir}/nss
%{_pkgconfigdir}/mozilla-nss.pc
%{_pkgconfigdir}/nss.pc
+%{_pkgconfigdir}/nss-softokn.pc
%files tools
%defattr(644,root,root,755)
-%attr(755,root,root) %{_bindir}/*
-%exclude %{_bindir}/nss-config
+%attr(755,root,root) %{_bindir}/addbuiltin
+%attr(755,root,root) %{_bindir}/atob
+%attr(755,root,root) %{_bindir}/baddbdir
+%attr(755,root,root) %{_bindir}/bltest
+%attr(755,root,root) %{_bindir}/btoa
+%attr(755,root,root) %{_bindir}/certcgi
+%attr(755,root,root) %{_bindir}/certutil
+%attr(755,root,root) %{_bindir}/chktest
+%attr(755,root,root) %{_bindir}/cmsutil
+%attr(755,root,root) %{_bindir}/conflict
+%attr(755,root,root) %{_bindir}/crlutil
+%attr(755,root,root) %{_bindir}/crmftest
+%attr(755,root,root) %{_bindir}/dbtest
+%attr(755,root,root) %{_bindir}/derdump
+%attr(755,root,root) %{_bindir}/dertimetest
+%attr(755,root,root) %{_bindir}/digest
+%attr(755,root,root) %{_bindir}/ecperf
+%attr(755,root,root) %{_bindir}/encodeinttest
+%attr(755,root,root) %{_bindir}/fipstest
+%attr(755,root,root) %{_bindir}/httpserv
+%attr(755,root,root) %{_bindir}/listsuites
+%attr(755,root,root) %{_bindir}/lowhashtest
+%attr(755,root,root) %{_bindir}/makepqg
+%attr(755,root,root) %{_bindir}/mangle
+%attr(755,root,root) %{_bindir}/modutil
+%attr(755,root,root) %{_bindir}/multinit
+%attr(755,root,root) %{_bindir}/nonspr10
+%attr(755,root,root) %{_bindir}/ocspclnt
+%attr(755,root,root) %{_bindir}/ocspresp
+%attr(755,root,root) %{_bindir}/oidcalc
+%attr(755,root,root) %{_bindir}/p7content
+%attr(755,root,root) %{_bindir}/p7env
+%attr(755,root,root) %{_bindir}/p7sign
+%attr(755,root,root) %{_bindir}/p7verify
+%attr(755,root,root) %{_bindir}/pk11gcmtest
+%attr(755,root,root) %{_bindir}/pk11mode
+%attr(755,root,root) %{_bindir}/pk12util
+%attr(755,root,root) %{_bindir}/pk1sign
+%attr(755,root,root) %{_bindir}/pkix-errcodes
+%attr(755,root,root) %{_bindir}/pp
+%attr(755,root,root) %{_bindir}/pwdecrypt
+%attr(755,root,root) %{_bindir}/remtest
+%attr(755,root,root) %{_bindir}/rsaperf
+%attr(755,root,root) %{_bindir}/sdrtest
+%attr(755,root,root) %{_bindir}/secmodtest
+%attr(755,root,root) %{_bindir}/selfserv
+%attr(755,root,root) %{_bindir}/shlibsign
+%attr(755,root,root) %{_bindir}/signtool
+%attr(755,root,root) %{_bindir}/signver
+%attr(755,root,root) %{_bindir}/ssltap
+%attr(755,root,root) %{_bindir}/strsclnt
+%attr(755,root,root) %{_bindir}/symkeyutil
+%attr(755,root,root) %{_bindir}/tstclnt
+%attr(755,root,root) %{_bindir}/vfychain
+%attr(755,root,root) %{_bindir}/vfyserv
+%{_mandir}/man1/certutil.1*
+%{_mandir}/man1/cmsutil.1*
+%{_mandir}/man1/crlutil.1*
+%{_mandir}/man1/derdump.1*
+%{_mandir}/man1/modutil.1*
+%{_mandir}/man1/pk12util.1*
+%{_mandir}/man1/pp.1*
+%{_mandir}/man1/signtool.1*
+%{_mandir}/man1/signver.1*
+%{_mandir}/man1/ssltap.1*
+%{_mandir}/man1/vfychain.1*
+%{_mandir}/man1/vfyserv.1*
%files static
%defattr(644,root,root,755)
%{_libdir}/libcerthi.a
%{_libdir}/libcryptohi.a
%{_libdir}/libdbm.a
-%{_libdir}/libfreebl3.a
%{_libdir}/libjar.a
-%{_libdir}/libnss3.a
+%{_libdir}/libnss.a
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a
-%{_libdir}/libnssdbm3.a
+%{_libdir}/libnssdbm.a
%{_libdir}/libnssdev.a
-%{_libdir}/libnsspki3.a
-%{_libdir}/libnssutil3.a
-%{_libdir}/libpk11wrap3.a
+%{_libdir}/libnsspki.a
+%{_libdir}/libnssutil.a
+%{_libdir}/libpk11wrap.a
%{_libdir}/libpkcs12.a
%{_libdir}/libpkcs7.a
%{_libdir}/libpkixcertsel.a
%{_libdir}/libpkixtop.a
%{_libdir}/libpkixutil.a
%{_libdir}/libsectool.a
-%{_libdir}/libsmime3.a
-%{_libdir}/libsoftokn3.a
+%{_libdir}/libsmime.a
+%{_libdir}/libsoftokn.a
%{_libdir}/libssl3.a
+
+%files softokn-freebl
+%defattr(644,root,root,755)
+%attr(755,root,root) /%{_lib}/libfreebl3.so
+%attr(755,root,root) /%{_lib}/libfreeblpriv3.so
+/%{_lib}/libfreebl3.chk
+/%{_lib}/libfreeblpriv3.chk