From cf095e07631dce2691ba21ea595b205b91ba656e Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Thu, 11 Oct 2007 13:22:10 +0000 Subject: [PATCH] - Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification. --- nss-prelink.conf | 2 ++ nss.spec | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 nss-prelink.conf diff --git a/nss-prelink.conf b/nss-prelink.conf new file mode 100644 index 0000000..c2f24c4 --- /dev/null +++ b/nss-prelink.conf @@ -0,0 +1,2 @@ +-b /usr/lib{,64}/libfreebl3.so +-b /usr/lib{,64}/libsoftokn3.so diff --git a/nss.spec b/nss.spec index 3c9b22c..9bd98ac 100644 --- a/nss.spec +++ b/nss.spec @@ -7,7 +7,7 @@ Summary: Network Security Services Name: nss Version: 3.11.7 -Release: 9%{?dist} +Release: 10%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -29,6 +29,7 @@ Source3: blank-cert8.db Source4: blank-key3.db Source5: blank-secmod.db Source7: fake-kstat.h +Source8: nss-prelink.conf Source10: %{name}-%{fips_source_version}-fbst-stripped.tar.gz Source11: %{name}-%{ckfw_source_version}-ckfw.tar.gz Source12: %{name}-%{ckfw_source_version}-pem.tar.gz @@ -256,6 +257,8 @@ touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk %{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db %{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db %{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db +%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d +%{__install} -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/nss-prelink.conf # Copy the development libraries we want for file in libcrmf.a libnssb.a libnssckfw.a @@ -323,6 +326,7 @@ done %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db +%{_sysconfdir}/prelink.conf.d/nss-prelink.conf %files tools %defattr(-,root,root) @@ -453,6 +457,10 @@ done %changelog +* Wed Oct 10 2007 Kai Engert - 3.11.7-10 +- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist + our signed libraries and protect them from modification. + * Thu Sep 06 2007 Rob Crittenden - 3.11.7-9 - Fix off-by-one error in the PEM module