diff --git a/.gitignore b/.gitignore
index 38fb549..cf8c887 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,3 +55,4 @@ TestUser51.cert
/nss-3.56.tar.gz
/nss-3.57.tar.gz
/nss-3.58.tar.gz
+/nspr-4.29.tar.gz
diff --git a/nspr-config-pc.patch b/nspr-config-pc.patch
new file mode 100644
index 0000000..2c1fe87
--- /dev/null
+++ b/nspr-config-pc.patch
@@ -0,0 +1,37 @@
+diff -up nspr/config/nspr-config.in.flags nspr/config/nspr-config.in
+--- nspr/config/nspr-config.in.flags 2013-05-29 13:46:34.147971410 -0700
++++ nspr/config/nspr-config.in 2013-05-29 14:17:10.990838914 -0700
+@@ -102,7 +102,7 @@ if test -z "$includedir"; then
+ includedir=@includedir@
+ fi
+ if test -z "$libdir"; then
+- libdir=@libdir@
++ libdir=`pkg-config --variable=libdir nspr`
+ fi
+
+ if test "$echo_prefix" = "yes"; then
+@@ -136,12 +136,12 @@ if test "$echo_libs" = "yes"; then
+ if test -n "$lib_nspr"; then
+ libdirs="$libdirs -lnspr${major_version}"
+ fi
+- os_ldflags="@LDFLAGS@"
++ os_ldflags=`pkg-config --variable=ldflags nspr`
+ for i in $os_ldflags ; do
+ if echo $i | grep \^-L >/dev/null; then
+ libdirs="$libdirs $i"
+ fi
+ done
+- echo $libdirs @OS_LIBS@
++ echo $libdirs `pkg-config --variable=os_libs nspr`
+ fi
+
+diff -up nspr/config/nspr.pc.in.flags nspr/config/nspr.pc.in
+--- nspr/config/nspr.pc.in.flags 2013-05-29 13:48:15.026643570 -0700
++++ nspr/config/nspr.pc.in 2013-05-29 13:49:47.795202949 -0700
+@@ -6,5 +6,5 @@ includedir=@includedir@
+ Name: NSPR
+ Description: The Netscape Portable Runtime
+ Version: @MOD_MAJOR_VERSION@.@MOD_MINOR_VERSION@.@MOD_PATCH_VERSION@
+-Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@
++Libs: -L@libdir@ -lplds@MOD_MAJOR_VERSION@ -lplc@MOD_MAJOR_VERSION@ -lnspr@MOD_MAJOR_VERSION@ @OS_LIBS@
+ Cflags: -I@includedir@
diff --git a/nspr-config.xml b/nspr-config.xml
new file mode 100644
index 0000000..9e3f99c
--- /dev/null
+++ b/nspr-config.xml
@@ -0,0 +1,127 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Netscape Portable Runtime
+ nspr
+ &version;
+
+
+
+ nspr-config
+ 1
+
+
+
+ nspr-config
+ Return meta information about nspr libraries
+
+
+
+
+ nspr-config
+
+
+
+
+
+
+
+
+
+
+
+ Description
+ nspr-config is a shell script which can be used to obtain gcc options for building client pacakges of nspr.
+
+
+
+ Options
+
+
+
+
+ Returns the top level system directory under which the nspr libraries are installed.
+
+
+
+
+ Returns the top level system directory under which any nspr binaries would be installed.
+
+
+
+ count
+ Returns the path to the directory were the nspr headers are installed.
+
+
+
+
+ Returns the upstream version of nspr in the form major_version-minor_version-patch_version.
+
+
+
+
+ Returns the compiler linking flags.
+
+
+
+
+ Returns the compiler include flags.
+
+
+
+
+ Returns the path to the directory were the nspr libraries are installed.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for both include path and linkage flags:
+
+ /usr/bin/nspr-config --cflags --libs
+
+
+
+
+
+
+
+ Files
+
+ /usr/bin/nspr-config
+
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The NSPR liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/nspr-gcc-atomics.patch b/nspr-gcc-atomics.patch
new file mode 100644
index 0000000..b94e840
--- /dev/null
+++ b/nspr-gcc-atomics.patch
@@ -0,0 +1,77 @@
+diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h
+--- a/pr/include/md/_linux.h
++++ b/pr/include/md/_linux.h
+@@ -82,53 +82,73 @@
+ #define NO_DLOPEN_NULL
+ #endif
+
+ #if defined(__FreeBSD_kernel__) || defined(__GNU__)
+ #define _PR_HAVE_SOCKADDR_LEN
+ #endif
+
+ #if defined(__i386__)
++#if defined(__GNUC__)
++/* Use GCC built-in functions */
++#define _PR_HAVE_ATOMIC_OPS
++#define _MD_INIT_ATOMIC()
++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1)
++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1)
++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i)
++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv)
++#else
+ #define _PR_HAVE_ATOMIC_OPS
+ #define _MD_INIT_ATOMIC()
+ extern PRInt32 _PR_x86_AtomicIncrement(PRInt32 *val);
+ #define _MD_ATOMIC_INCREMENT _PR_x86_AtomicIncrement
+ extern PRInt32 _PR_x86_AtomicDecrement(PRInt32 *val);
+ #define _MD_ATOMIC_DECREMENT _PR_x86_AtomicDecrement
+ extern PRInt32 _PR_x86_AtomicAdd(PRInt32 *ptr, PRInt32 val);
+ #define _MD_ATOMIC_ADD _PR_x86_AtomicAdd
+ extern PRInt32 _PR_x86_AtomicSet(PRInt32 *val, PRInt32 newval);
+ #define _MD_ATOMIC_SET _PR_x86_AtomicSet
+ #endif
++#endif
+
+ #if defined(__ia64__)
+ #define _PR_HAVE_ATOMIC_OPS
+ #define _MD_INIT_ATOMIC()
+ extern PRInt32 _PR_ia64_AtomicIncrement(PRInt32 *val);
+ #define _MD_ATOMIC_INCREMENT _PR_ia64_AtomicIncrement
+ extern PRInt32 _PR_ia64_AtomicDecrement(PRInt32 *val);
+ #define _MD_ATOMIC_DECREMENT _PR_ia64_AtomicDecrement
+ extern PRInt32 _PR_ia64_AtomicAdd(PRInt32 *ptr, PRInt32 val);
+ #define _MD_ATOMIC_ADD _PR_ia64_AtomicAdd
+ extern PRInt32 _PR_ia64_AtomicSet(PRInt32 *val, PRInt32 newval);
+ #define _MD_ATOMIC_SET _PR_ia64_AtomicSet
+ #endif
+
+ #if defined(__x86_64__)
++#if defined(__GNUC__)
++/* Use GCC built-in functions */
++#define _PR_HAVE_ATOMIC_OPS
++#define _MD_INIT_ATOMIC()
++#define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1)
++#define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1)
++#define _MD_ATOMIC_ADD(ptr, i) __sync_add_and_fetch(ptr, i)
++#define _MD_ATOMIC_SET(ptr, nv) __sync_lock_test_and_set(ptr, nv)
++#else
+ #define _PR_HAVE_ATOMIC_OPS
+ #define _MD_INIT_ATOMIC()
+ extern PRInt32 _PR_x86_64_AtomicIncrement(PRInt32 *val);
+ #define _MD_ATOMIC_INCREMENT _PR_x86_64_AtomicIncrement
+ extern PRInt32 _PR_x86_64_AtomicDecrement(PRInt32 *val);
+ #define _MD_ATOMIC_DECREMENT _PR_x86_64_AtomicDecrement
+ extern PRInt32 _PR_x86_64_AtomicAdd(PRInt32 *ptr, PRInt32 val);
+ #define _MD_ATOMIC_ADD _PR_x86_64_AtomicAdd
+ extern PRInt32 _PR_x86_64_AtomicSet(PRInt32 *val, PRInt32 newval);
+ #define _MD_ATOMIC_SET _PR_x86_64_AtomicSet
+ #endif
++#endif
+
+ #if defined(__or1k__)
+ #if defined(__GNUC__)
+ /* Use GCC built-in functions */
+ #define _PR_HAVE_ATOMIC_OPS
+ #define _MD_INIT_ATOMIC()
+ #define _MD_ATOMIC_INCREMENT(ptr) __sync_add_and_fetch(ptr, 1)
+ #define _MD_ATOMIC_DECREMENT(ptr) __sync_sub_and_fetch(ptr, 1)
diff --git a/nss.spec b/nss.spec
index 1f96b55..2070eec 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,4 +1,5 @@
%global nspr_version 4.29.0
+%global nspr_release 2
%global nss_version 3.58.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
@@ -31,6 +32,11 @@
# The upstream omits the trailing ".0", while we need it for
# consistency with the pkg-config version:
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
+%{lua:
+rpm.define(string.format("nspr_archive_version %s",
+ string.gsub(rpm.expand("%nspr_version"), "(.*)%.0$", "%1")))
+}
+
%{lua:
rpm.define(string.format("nss_archive_version %s",
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
@@ -44,7 +50,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services
Name: nss
Version: %{nss_version}
-Release: 4%{?dist}
+Release: 5%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version}
@@ -54,7 +60,6 @@ Requires: nss-softokn%{_isa} >= %{nss_version}
Requires: nss-system-init
Requires: p11-kit-trust
Requires: /usr/bin/update-crypto-policies
-BuildRequires: nspr-devel >= %{nspr_version}
# for shlibsign
BuildRequires: nss-softokn
BuildRequires: sqlite-devel
@@ -92,6 +97,9 @@ Source26: key4.db.xml
Source27: secmod.db.xml
Source28: nss-p11-kit.config
+Source100: nspr-%{nspr_archive_version}.tar.gz
+Source101: nspr-config.xml
+
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch2: nss-539183.patch
# This patch uses the GCC -iquote option documented at
@@ -117,6 +125,9 @@ Patch20: nss-gcm-param-default-pkcs11v2.patch
%endif
%endif
+Patch100: nspr-config-pc.patch
+Patch101: nspr-gcc-atomics.patch
+
%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
@@ -236,16 +247,52 @@ Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
Requires: nspr-devel >= %{nspr_version}
Requires: nss-util-devel >= %{version}-%{release}
Requires: pkgconfig
-BuildRequires: nspr-devel >= %{nspr_version}
%description softokn-devel
Header and library files for doing development with Network Security Services.
+%package -n nspr
+Summary: Netscape Portable Runtime
+Version: %{nspr_version}
+Release: %{nspr_release}%{?dist}
+License: MPLv2.0
+URL: http://www.mozilla.org/projects/nspr/
+Conflicts: filesystem < 3
+BuildRequires: gcc
+
+%description -n nspr
+NSPR provides platform independence for non-GUI operating system
+facilities. These facilities include threads, thread synchronization,
+normal file and network I/O, interval timing and calendar time, basic
+memory management (malloc and free) and shared library linking.
+
+%package -n nspr-devel
+Summary: Development libraries for the Netscape Portable Runtime
+Version: %{nspr_version}
+Release: %{nspr_release}%{?dist}
+Requires: nspr = %{nspr_version}-%{nspr_release}
+Requires: pkgconfig
+BuildRequires: xmlto
+Conflicts: filesystem < 3
+
+%description -n nspr-devel
+Header files for doing development with the Netscape Portable Runtime.
+
%prep
-%autosetup -N -S quilt -n %{name}-%{nss_archive_version}
+%setup -q -T -b 100 -n nspr-%{nspr_archive_version}
+
+%setup -q -T -b 0 -n %{name}-%{nss_archive_version}
+mv ../nspr-%{nspr_archive_version}/nspr .
+cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
+
+%patch100 -p0 -b .flags
+pushd nspr
+%patch101 -p1 -b .gcc-atomics
+popd
+
pushd nss
-%autopatch -p1
+%autopatch -p1 -M 99
popd
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
@@ -253,6 +300,48 @@ find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
%build
+# Build, check, and install NSPR for building NSS in the later phase
+#
+# TODO: This phase can be done by the NSS build process if we switch
+# to using "make nss_build_all". For now, however, we need some
+# adjustment in the NSS build process.
+mkdir -p nspr_build
+pushd nspr_build
+../nspr/configure \
+ --prefix=%{_prefix} \
+ --libdir=%{_libdir} \
+ --includedir=%{_includedir}/nspr4 \
+ --with-dist-prefix=$PWD/../dist \
+%ifnarch noarch
+%if 0%{__isa_bits} == 64
+ --enable-64bit \
+%endif
+%endif
+%ifarch armv7l armv7hl armv7nhl
+ --enable-thumb2 \
+%endif
+ --enable-optimize="$RPM_OPT_FLAGS" \
+ --disable-debug
+
+# The assembly files are only for legacy atomics, to which we prefer GCC atomics
+%ifarch i686 x86_64
+sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk
+%endif
+make
+
+date +"%e %B %Y" | tr -d '\n' > date.xml
+echo -n %{nspr_version} > version.xml
+
+for m in %{SOURCE101}; do
+ cp ${m} .
+done
+for m in nspr-config.xml; do
+ xmlto man ${m}
+done
+popd
+
+# Build NSS
+#
# This package fails its testsuite with LTO. Disable LTO for now
%global _lto_cflags %{nil}
@@ -292,8 +381,7 @@ export DSO_LDOPTS=$RPM_LD_FLAGS
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
-export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
-export NSPR_LIB_DIR=%{_libdir}
+export NSPR_INCLUDE_DIR=$PWD/dist/include/nspr
export NSS_USE_SYSTEM_SQLITE=1
@@ -429,6 +517,20 @@ done
%check
+%if %{with tests}
+pushd nspr_build
+# Run test suite.
+perl ../nspr/pr/tests/runtests.pl 2>&1 | tee output.log
+
+TEST_FAILURES=`grep -c FAILED ./output.log` || :
+if [ $TEST_FAILURES -ne 0 ]; then
+ echo "error: test suite returned failure(s)"
+ exit 1
+fi
+echo "test suite completed"
+popd
+%endif
+
%if %{with tests}
# Begin -- copied from the build section
@@ -507,6 +609,27 @@ killall $RANDSERV || :
%install
+pushd nspr_build
+make install DESTDIR=$RPM_BUILD_ROOT
+
+mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+
+# Get rid of the things we don't want installed (per upstream)
+rm -rf \
+ $RPM_BUILD_ROOT/%{_bindir}/compile-et.pl \
+ $RPM_BUILD_ROOT/%{_bindir}/prerr.properties \
+ $RPM_BUILD_ROOT/%{_libdir}/libnspr4.a \
+ $RPM_BUILD_ROOT/%{_libdir}/libplc4.a \
+ $RPM_BUILD_ROOT/%{_libdir}/libplds4.a \
+ $RPM_BUILD_ROOT/%{_datadir}/aclocal/nspr.m4 \
+ $RPM_BUILD_ROOT/%{_includedir}/nspr4/md
+
+for f in nspr-config; do
+ install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
+done
+popd
+
# There is no make install target so we'll do it ourselves.
mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3
@@ -904,8 +1027,24 @@ update-crypto-policies &> /dev/null || :
%{_includedir}/nss3/nsslowhash.h
%{_includedir}/nss3/shsign.h
+%files -n nspr
+%{!?_licensedir:%global license %%doc}
+%license nspr/LICENSE
+%{_libdir}/libnspr4.so
+%{_libdir}/libplc4.so
+%{_libdir}/libplds4.so
+
+%files -n nspr-devel
+%{_includedir}/nspr4
+%{_libdir}/pkgconfig/nspr.pc
+%{_bindir}/nspr-config
+%{_mandir}/man*/*
+
%changelog
+* Tue Oct 27 2020 Daiki Ueno - 3.58.0-5
+- Consolidate NSPR package with this package
+
* Mon Oct 26 2020 Bob Relyea - 3.58.0-4
- fix pkix ocsp to tolerate OCSP checking on intermediates
when the root is signed by sha1 and sha1 is disabled by
diff --git a/sources b/sources
index d5ad023..a798991 100644
--- a/sources
+++ b/sources
@@ -3,4 +3,5 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
+SHA512 (nspr-4.29.tar.gz) = ba5ac275fe0beb69d7a7674c9ee9e4429bd5761daed285edd975ccc829af30d062bf4a0f5e44361e3bd191f21b1905f96ab146d53b55324020f13ecb3c05609b
SHA512 (nss-3.58.tar.gz) = 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80