new upstream release

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10272 ec354946-7b23-47d6-9f5a-488ba84defc7

n/nspr/nspr-vl.spec

@@ -3,7 +3,7 @@
 Summary:	Netscape Portable Runtime
 Summary(ja):    Netscape ポータブルランタイム
 Name:		nspr
-Version:	4.10.6
+Version:	4.11
 Release:	1%{?_dist_release}
 License:	MPLv1.1/GPLv2+/LGPLv2+
 URL:		http://www.mozilla.org/projects/nspr/
@@ -130,6 +130,9 @@ NSPR_VERSION=`./config/nspr-config --version`
 
 
 %changelog
+* Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 4.11-1
+- update to 4.11
+
 * Thu Jun 12 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 4.10.6-1
 - update to 4.10.6
 

n/nss/nss-vl.spec

@@ -1,11 +1,11 @@
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 
-%define nspr_version 4.10.6
+%define nspr_version 4.11
 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.16.1
+Version:          3.21.1
 Release:          1%{?_dist_release}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
@@ -17,7 +17,10 @@ Source2:          nss-config.in
 Source3:          blank-cert8.db
 Source4:          blank-key3.db
 Source5:          blank-secmod.db
-Source12:         %{name}-pem-20130828.tar.bz2
+Source6:          blank-cert9.db
+Source7:          blank-key4.db
+Source8:          system-pkcs11.txt
+Source12:         %{name}-pem-20140125.tar.bz2
 Source101:	  nss-util.pc.in
 Source102:	  nss-util-config.in
 
@@ -31,13 +34,72 @@ Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 # Fedora / RHEL-only patch, the templates directory was originally 
 # introduced to support mod _revocator
 Patch47:          utilwrap-include-templates.patch
-# TODO submit this patch upstream
-Patch48:          nss-versus-softoken-tests.patch
 # TODO remove when we switch to building nss without softoken
 Patch49:          nss-skip-bltest-and-fipstest.patch
 Patch50:          iquote.patch
+# As of nss-3.21 we compile NSS with -Werror.
+# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
+# This requires a cleanup of the PEM module as we have it here.
+# TODO: submit a patch to the interim nss-pem upstream project
+# The submission will be very different from this patch as
+# cleanup there is already in progress there.
+Patch51:          pem-compile-with-Werror.patch
+Patch52:          Bug-1001841-disable-sslv2-libssl.patch
+Patch53:          Bug-1001841-disable-sslv2-tests.patch
+Patch54:          sslauth-no-v2.patch
+Patch55:          enable-fips-when-system-is-in-fips-mode.patch
+# rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
+Patch56:          p-ignore-setpolicy.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
+Patch62: nss-fix-deadlock-squash.patch
+# Two patches from from rhel6.8 that are also needed for rhel-7
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373
+Patch74: race.patch
+Patch94: nss-3.16-token-init-race.patch
+Patch99: ssl-server-min-key-sizes.patch
+Patch100: fix-min-library-version-in-SSLVersionRange.patch
+# Add support for sha384 tls cipher suites, dss cipher suites, and
+# server-side dhe key exchange
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
+Patch101: dhe-sha384-dss-support.patch
+# TODO: From upstream review: For the client authentication case, should
+# probably drop our hack of swapping between sha256 and sha384 and plan
+# on implementing the fix we already have a patch for. What is that fix?
+Patch102: client_auth_for_sha384_prf_support.patch
+Patch103: nss-fix-client-auth-init-hashes.patch
+Patch104: nss-map-oid-to-hashalg.patch
+Patch105: nss-remove-bogus-assert.patch
+Patch106: nss-old-pkcs11-num.patch
+Patch107: nss-enable-384-cipher-tests.patch
+Patch108: nss-sni-c-v-fix.patch
+Patch109: nss-fix-signature-and-hash.patch
+Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch
+
+# Enable by default two additional ciphers and fix order of two tables 
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403
+Patch112: rh1238290.patch
+# Local: keep as long nss-softokn lacks support
+Patch113: disable-extended-master-secret-with-old-softoken.patch
+# extra tests needed
+Patch114: tests-extra.patch
+Patch115: nss-prevent-abi-issue.patch
+Patch116: nss-tests-prevent-abi-issue.patch
+Patch117: fix-nss-test-filtering.patch
+Patch118: fix-allowed-sig-alg.patch
+Patch119: nss-ssl-ssl3con-delete-duplicates.patch
+
+# Local patches
+Patch1002: hasht-dont-include-prtypes.patch
+Patch1007: pkcs1sig-include-prtypes.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
+Patch1008: nss-util-3.19.1-tls12-mechanisms.patch
+
 
-Patch100:	  nss-3.16.1-rsawrapr.patch
 
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:    nspr-devel >= %{nspr_version}
@@ -116,13 +178,51 @@ v3 certificates, and other security standards.
 %patch3 -p0 -b .transitional
 %patch6 -p0 -b .libpem
 %patch16 -p0 -b .539183
-%patch18 -p0 -b .646045
+pushd nss
+%patch18 -p1 -b .646045
+popd
 %patch40 -p0 -b .noocsptest
 %patch47 -p0 -b .templates
-%patch48 -p0 -b .crypto
 %patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
-%patch100 -p0 -b .buildfix
+%patch51 -p1 -b -Werror
+pushd nss
+%patch52 -p1 -b .disableSSL2libssl
+%patch53 -p1 -b .disableSSL2tests
+%patch54 -p1 -b .sslauth-no-v2
+%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
+%patch56 -p1 -b .1026677_ignore_set_policy
+%patch62 -p1 -b .fix_deadlock
+%patch99 -p1 -b .min_key_sizes
+%patch100 -p0 -b .1171318
+%patch101 -p1 -b .dhe_and_sha384
+%patch102 -p1 -b .client_auth_prf
+%patch112 -p1 -b .1238290
+%patch113 -p1 -b .disable-ems
+%patch114 -p1 -b .extra
+%patch115 -p1 -b .abi_lib
+%patch116 -p1 -b .abi_tests
+%patch117 -p1 -b .test-filtering
+%patch74 -p1 -b .race
+popd
+%patch94 -p0 -b .init-token-race
+%patch103 -p0 -b .fix_client_auth_crash
+%patch104 -p0 -b .use_oids
+%patch105 -p0 -b .remove_bogus_assert
+%patch106 -p0 -b .old_pkcs11_num
+%patch107 -p0 -b .enable_384_cipher_tests
+%patch108 -p0 -b .sni_c_v_fix
+%patch109 -p0 -b .fix_signature_and_hash
+%patch110 -p0 -b .no_ssl2
+pushd nss
+%patch118 -p1 -b .allowed-sig-alg
+popd
+%patch119 -p0 -b .delete_duplicates
+
+%patch1002 -p0 -b .prtypes
+%patch1007 -p0 -b .include_prtypes
+%patch1008 -p1 -b .tls12_mechs
+
 
 pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
 for file in ${pemNeedsFromSoftoken}; do
@@ -131,9 +231,17 @@ done
 %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
 %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
 
+pushd nss/tests/ssl
+# Create versions of sslcov.txt and sslstress.txt that disable tests
+# for SSL2 and EXPORT ciphers.
+cat sslcov.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslcov.noSSL2orExport.txt
+cat sslstress.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslstress.noSSL2orExport.txt
+popd
 
 %build
 
+export NSS_NO_SSL2=1
+
 #NSS_NO_PKCS11_BYPASS=1
 #export NSS_NO_PKCS11_BYPASS
 
@@ -262,10 +370,16 @@ touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk
 touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk
 
 # Install the empty NSS db files
+# Legacy db
 %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
 %{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
 %{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
 %{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+# Shared db
+%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
+%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
+%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
+
 
 # Copy the development libraries we want
 for file in libcrmf.a libnssb.a libnssckfw.a
@@ -324,6 +438,9 @@ done
 %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
 %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
 %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
 
 %files tools
 %defattr(-,root,root)
@@ -412,6 +529,7 @@ done
 %{_includedir}/nss3/pkcs12.h
 %{_includedir}/nss3/pkcs12t.h
 %{_includedir}/nss3/pkcs7t.h
+%{_includedir}/nss3/pkcs1sig.h
 %{_includedir}/nss3/portreg.h
 %{_includedir}/nss3/preenc.h
 %{_includedir}/nss3/secasn1.h
@@ -472,6 +590,10 @@ done
 
 
 %changelog
+* Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.21.1-1
+- update to 3.21.1
+- import patches from centos package
+
 * Thu Jun 12 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 3.16.1-1
 - update to 3.16.1
 

q/qemu/qemu-vl.spec

@@ -1,7 +1,7 @@
 Summary: QEMU is a FAST! processor emulator
 Summary(ja): QEMU 高速なプロセッサ・エミュレーター
 Name: qemu
-Version: 2.5.1
+Version: 2.5.1.1
 Release: 1%{?_dist_release}
 License: GPLv2+ and LGPLv2+ and BSD
 Group: Development/Tools
@@ -623,6 +623,9 @@ fi
 %{_bindir}/ivshmem-server
 
 %changelog
+* Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 2.5.1.1-1
+- new upstream release
+
 * Thu Mar 31 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 2.5.1-1
 - new upstream release
 - fix typo