From b2961491fc57313f03fab49c58ec9d4cc3324ac4 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Fri, 30 Oct 2020 02:57:17 +0100 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/nss.git#51aa05789caa51bfe3a8162996e8462e76b3c5e5 --- .gitignore | 1 + nspr-config-pc.patch | 37 ++++++++++ nspr-config.xml | 127 ++++++++++++++++++++++++++++++++ nspr-gcc-atomics.patch | 77 ++++++++++++++++++++ nss.spec | 159 +++++++++++++++++++++++++++++++++++++++-- sources | 1 + 6 files changed, 395 insertions(+), 7 deletions(-) create mode 100644 nspr-config-pc.patch create mode 100644 nspr-config.xml create mode 100644 nspr-gcc-atomics.patch diff --git a/.gitignore b/.gitignore index 38fb549..cf8c887 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,4 @@ TestUser51.cert /nss-3.56.tar.gz /nss-3.57.tar.gz /nss-3.58.tar.gz +/nspr-4.29.tar.gz diff --git a/nspr-config-pc.patch b/nspr-config-pc.patch new file mode 100644 index 0000000..2c1fe87 --- /dev/null +++ b/nspr-config-pc.patch @@ -0,0 +1,37 @@ +diff -up nspr/config/nspr-config.in.flags nspr/config/nspr-config.in +--- nspr/config/nspr-config.in.flags 2013-05-29 13:46:34.147971410 -0700 ++++ nspr/config/nspr-config.in 2013-05-29 14:17:10.990838914 -0700 +@@ -102,7 +102,7 @@ if test -z "$includedir"; then + includedir=@includedir@ + fi + if test -z "$libdir"; then +- libdir=@libdir@ ++ libdir=`pkg-config --variable=libdir nspr` + fi + + if test "$echo_prefix" = "yes"; then +@@ -136,12 +136,12 @@ if test "$echo_libs" = "yes"; then + if test -n "$lib_nspr"; then + libdirs="$libdirs -lnspr${major_version}" + fi +- os_ldflags="@LDFLAGS@" ++ os_ldflags=`pkg-config --variable=ldflags nspr` + for i in $os_ldflags ; do + if echo $i | grep \^-L >/dev/null; then + libdirs="$libdirs $i" + fi + done +- echo $libdirs @OS_LIBS@ ++ echo $libdirs `pkg-config --variable=os_libs nspr` + fi + +diff -up nspr/config/nspr.pc.in.flags nspr/config/nspr.pc.in +--- nspr/config/nspr.pc.in.flags 2013-05-29 13:48:15.026643570 -0700 ++++ nspr/config/nspr.pc.in 2013-05-29 13:49:47.795202949 -0700 +@@ -6,5 +6,5 @@ includedir=@includedir@ + Name: NSPR + Description: The Netscape Portable Runtime + Version: @MOD_MAJOR_VERSION@.@MOD_MINOR_VERSION@.@MOD_PATCH_VERSION@ +-Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ ++Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ @OS_LIBS@ + Cflags: -I@includedir@ diff --git a/nspr-config.xml b/nspr-config.xml new file mode 100644 index 0000000..9e3f99c --- /dev/null +++ b/nspr-config.xml @@ -0,0 +1,127 @@ + + + +]> + + + + + &date; + Netscape Portable Runtime + nspr + &version; + + + + nspr-config + 1 + + + + nspr-config + Return meta information about nspr libraries + + + + + nspr-config + + + + + + + + + + + + Description + nspr-config is a shell script which can be used to obtain gcc options for building client pacakges of nspr. + + + + Options + + + + + Returns the top level system directory under which the nspr libraries are installed. + + + + + Returns the top level system directory under which any nspr binaries would be installed. + + + + count + Returns the path to the directory were the nspr headers are installed. + + + + + Returns the upstream version of nspr in the form major_version-minor_version-patch_version. + + + + + Returns the compiler linking flags. + + + + + Returns the compiler include flags. + + + + + Returns the path to the directory were the nspr libraries are installed. + + + + + + + Examples + + The following example will query for both include path and linkage flags: + + /usr/bin/nspr-config --cflags --libs + + + + + + + + Files + + /usr/bin/nspr-config + + + + + See also + pkg-config(1) + + + + Authors + The NSPR liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + + Authors: Elio Maldonado <emaldona@redhat.com>. + + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + + + diff --git a/nspr-gcc-atomics.patch b/nspr-gcc-atomics.patch new file mode 100644 index 0000000..b94e840 --- /dev/null +++ b/nspr-gcc-atomics.patch @@ -0,0 +1,77 @@ +diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h +--- a/pr/include/md/_linux.h ++++ b/pr/include/md/_linux.h +@@ -82,53 +82,73 @@ + #define NO_DLOPEN_NULL + #endif + + #if defined(__FreeBSD_kernel__) || defined(__GNU__) + #define _PR_HAVE_SOCKADDR_LEN + #endif + + #if defined(__i386__) ++#if defined(__GNUC__) ++/* Use GCC built-in functions */ ++#define _PR_HAVE_ATOMIC_OPS ++#define _MD_INIT_ATOMIC() ++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) ++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) ++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i) ++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv) ++#else + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + extern PRInt32 _PR_x86_AtomicIncrement(PRInt32 *val); + #define _MD_ATOMIC_INCREMENT _PR_x86_AtomicIncrement + extern PRInt32 _PR_x86_AtomicDecrement(PRInt32 *val); + #define _MD_ATOMIC_DECREMENT _PR_x86_AtomicDecrement + extern PRInt32 _PR_x86_AtomicAdd(PRInt32 *ptr, PRInt32 val); + #define _MD_ATOMIC_ADD _PR_x86_AtomicAdd + extern PRInt32 _PR_x86_AtomicSet(PRInt32 *val, PRInt32 newval); + #define _MD_ATOMIC_SET _PR_x86_AtomicSet + #endif ++#endif + + #if defined(__ia64__) + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + extern PRInt32 _PR_ia64_AtomicIncrement(PRInt32 *val); + #define _MD_ATOMIC_INCREMENT _PR_ia64_AtomicIncrement + extern PRInt32 _PR_ia64_AtomicDecrement(PRInt32 *val); + #define _MD_ATOMIC_DECREMENT _PR_ia64_AtomicDecrement + extern PRInt32 _PR_ia64_AtomicAdd(PRInt32 *ptr, PRInt32 val); + #define _MD_ATOMIC_ADD _PR_ia64_AtomicAdd + extern PRInt32 _PR_ia64_AtomicSet(PRInt32 *val, PRInt32 newval); + #define _MD_ATOMIC_SET _PR_ia64_AtomicSet + #endif + + #if defined(__x86_64__) ++#if defined(__GNUC__) ++/* Use GCC built-in functions */ ++#define _PR_HAVE_ATOMIC_OPS ++#define _MD_INIT_ATOMIC() ++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) ++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) ++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i) ++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv) ++#else + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + extern PRInt32 _PR_x86_64_AtomicIncrement(PRInt32 *val); + #define _MD_ATOMIC_INCREMENT _PR_x86_64_AtomicIncrement + extern PRInt32 _PR_x86_64_AtomicDecrement(PRInt32 *val); + #define _MD_ATOMIC_DECREMENT _PR_x86_64_AtomicDecrement + extern PRInt32 _PR_x86_64_AtomicAdd(PRInt32 *ptr, PRInt32 val); + #define _MD_ATOMIC_ADD _PR_x86_64_AtomicAdd + extern PRInt32 _PR_x86_64_AtomicSet(PRInt32 *val, PRInt32 newval); + #define _MD_ATOMIC_SET _PR_x86_64_AtomicSet + #endif ++#endif + + #if defined(__or1k__) + #if defined(__GNUC__) + /* Use GCC built-in functions */ + #define _PR_HAVE_ATOMIC_OPS + #define _MD_INIT_ATOMIC() + #define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1) + #define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1) diff --git a/nss.spec b/nss.spec index 1f96b55..85434b6 100644 --- a/nss.spec +++ b/nss.spec @@ -1,4 +1,5 @@ %global nspr_version 4.29.0 +%global nspr_release 2 %global nss_version 3.58.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved @@ -31,6 +32,11 @@ # The upstream omits the trailing ".0", while we need it for # consistency with the pkg-config version: # https://bugzilla.redhat.com/show_bug.cgi?id=1578106 +%{lua: +rpm.define(string.format("nspr_archive_version %s", + string.gsub(rpm.expand("%nspr_version"), "(.*)%.0$", "%1"))) +} + %{lua: rpm.define(string.format("nss_archive_version %s", string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1"))) @@ -44,7 +50,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 4%{?dist} +Release: 6%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -54,7 +60,6 @@ Requires: nss-softokn%{_isa} >= %{nss_version} Requires: nss-system-init Requires: p11-kit-trust Requires: /usr/bin/update-crypto-policies -BuildRequires: nspr-devel >= %{nspr_version} # for shlibsign BuildRequires: nss-softokn BuildRequires: sqlite-devel @@ -92,6 +97,9 @@ Source26: key4.db.xml Source27: secmod.db.xml Source28: nss-p11-kit.config +Source100: nspr-%{nspr_archive_version}.tar.gz +Source101: nspr-config.xml + # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723 Patch2: nss-539183.patch # This patch uses the GCC -iquote option documented at @@ -117,6 +125,9 @@ Patch20: nss-gcm-param-default-pkcs11v2.patch %endif %endif +Patch100: nspr-config-pc.patch +Patch101: nspr-gcc-atomics.patch + %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and @@ -236,16 +247,52 @@ Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release} Requires: nspr-devel >= %{nspr_version} Requires: nss-util-devel >= %{version}-%{release} Requires: pkgconfig -BuildRequires: nspr-devel >= %{nspr_version} %description softokn-devel Header and library files for doing development with Network Security Services. +%package -n nspr +Summary: Netscape Portable Runtime +Version: %{nspr_version} +Release: %{nspr_release}%{?dist} +License: MPLv2.0 +URL: http://www.mozilla.org/projects/nspr/ +Conflicts: filesystem < 3 +BuildRequires: gcc + +%description -n nspr +NSPR provides platform independence for non-GUI operating system +facilities. These facilities include threads, thread synchronization, +normal file and network I/O, interval timing and calendar time, basic +memory management (malloc and free) and shared library linking. + +%package -n nspr-devel +Summary: Development libraries for the Netscape Portable Runtime +Version: %{nspr_version} +Release: %{nspr_release}%{?dist} +Requires: nspr = %{nspr_version}-%{nspr_release} +Requires: pkgconfig +BuildRequires: xmlto +Conflicts: filesystem < 3 + +%description -n nspr-devel +Header files for doing development with the Netscape Portable Runtime. + %prep -%autosetup -N -S quilt -n %{name}-%{nss_archive_version} +%setup -q -T -b 100 -n nspr-%{nspr_archive_version} + +%setup -q -T -b 0 -n %{name}-%{nss_archive_version} +mv ../nspr-%{nspr_archive_version}/nspr . +cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in + +%patch100 -p0 -b .flags +pushd nspr +%patch101 -p1 -b .gcc-atomics +popd + pushd nss -%autopatch -p1 +%autopatch -p1 -M 99 popd # https://bugzilla.redhat.com/show_bug.cgi?id=1247353 @@ -253,6 +300,48 @@ find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \; %build +# Build, check, and install NSPR for building NSS in the later phase +# +# TODO: This phase can be done by the NSS build process if we switch +# to using "make nss_build_all". For now, however, we need some +# adjustment in the NSS build process. +mkdir -p nspr_build +pushd nspr_build +../nspr/configure \ + --prefix=%{_prefix} \ + --libdir=%{_libdir} \ + --includedir=%{_includedir}/nspr4 \ + --with-dist-prefix=$PWD/../dist \ +%ifnarch noarch +%if 0%{__isa_bits} == 64 + --enable-64bit \ +%endif +%endif +%ifarch armv7l armv7hl armv7nhl + --enable-thumb2 \ +%endif + --enable-optimize="$RPM_OPT_FLAGS" \ + --disable-debug + +# The assembly files are only for legacy atomics, to which we prefer GCC atomics +%ifarch i686 x86_64 +sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk +%endif +make + +date +"%e %B %Y" | tr -d '\n' > date.xml +echo -n %{nspr_version} > version.xml + +for m in %{SOURCE101}; do + cp ${m} . +done +for m in nspr-config.xml; do + xmlto man ${m} +done +popd + +# Build NSS +# # This package fails its testsuite with LTO. Disable LTO for now %global _lto_cflags %{nil} @@ -285,6 +374,9 @@ export XCFLAGS=$RPM_OPT_FLAGS export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized" %endif +# Similarly, but for gcc-11 +export XCFLAGS="$XCFLAGS -Wno-array-parameter" + export LDFLAGS=$RPM_LD_FLAGS export DSO_LDOPTS=$RPM_LD_FLAGS @@ -292,8 +384,7 @@ export DSO_LDOPTS=$RPM_LD_FLAGS export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 -export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` -export NSPR_LIB_DIR=%{_libdir} +export NSPR_INCLUDE_DIR=$PWD/dist/include/nspr export NSS_USE_SYSTEM_SQLITE=1 @@ -429,6 +520,20 @@ done %check +%if %{with tests} +pushd nspr_build +# Run test suite. +perl ../nspr/pr/tests/runtests.pl 2>&1 | tee output.log + +TEST_FAILURES=`grep -c FAILED ./output.log` || : +if [ $TEST_FAILURES -ne 0 ]; then + echo "error: test suite returned failure(s)" + exit 1 +fi +echo "test suite completed" +popd +%endif + %if %{with tests} # Begin -- copied from the build section @@ -507,6 +612,27 @@ killall $RANDSERV || : %install +pushd nspr_build +make install DESTDIR=$RPM_BUILD_ROOT + +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig + +# Get rid of the things we don't want installed (per upstream) +rm -rf \ + $RPM_BUILD_ROOT/%{_bindir}/compile-et.pl \ + $RPM_BUILD_ROOT/%{_bindir}/prerr.properties \ + $RPM_BUILD_ROOT/%{_libdir}/libnspr4.a \ + $RPM_BUILD_ROOT/%{_libdir}/libplc4.a \ + $RPM_BUILD_ROOT/%{_libdir}/libplds4.a \ + $RPM_BUILD_ROOT/%{_datadir}/aclocal/nspr.m4 \ + $RPM_BUILD_ROOT/%{_includedir}/nspr4/md + +for f in nspr-config; do + install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 +done +popd + # There is no make install target so we'll do it ourselves. mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3 @@ -904,8 +1030,27 @@ update-crypto-policies &> /dev/null || : %{_includedir}/nss3/nsslowhash.h %{_includedir}/nss3/shsign.h +%files -n nspr +%{!?_licensedir:%global license %%doc} +%license nspr/LICENSE +%{_libdir}/libnspr4.so +%{_libdir}/libplc4.so +%{_libdir}/libplds4.so + +%files -n nspr-devel +%{_includedir}/nspr4 +%{_libdir}/pkgconfig/nspr.pc +%{_bindir}/nspr-config +%{_mandir}/man*/* + %changelog +* Thu Oct 29 2020 Jeff Law - 3.58.0-6 +- Disable -Warray-parameter warning for gcc-11 + +* Tue Oct 27 2020 Daiki Ueno - 3.58.0-5 +- Consolidate NSPR package with this package + * Mon Oct 26 2020 Bob Relyea - 3.58.0-4 - fix pkix ocsp to tolerate OCSP checking on intermediates when the root is signed by sha1 and sha1 is disabled by diff --git a/sources b/sources index d5ad023..a798991 100644 --- a/sources +++ b/sources @@ -3,4 +3,5 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 +SHA512 (nspr-4.29.tar.gz) = ba5ac275fe0beb69d7a7674c9ee9e4429bd5761daed285edd975ccc829af30d062bf4a0f5e44361e3bd191f21b1905f96ab146d53b55324020f13ecb3c05609b SHA512 (nss-3.58.tar.gz) = 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80