@@ -0,0 +1,285 @@

+%{!?_httpd_apxs:       %{expand: %%global _httpd_apxs       %%{_sbindir}/apxs}}

+%{!?_httpd_mmn:        %{expand: %%global _httpd_mmn        %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}

+%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}

+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4

+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}

+%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}

+

+Name: mod_nss

+Version: 1.0.8

+Release: 19.1%{?dist}

+Summary: SSL/TLS module for the Apache HTTP server

+Group: System Environment/Daemons

+License: ASL 2.0

+URL: http://directory.fedoraproject.org/wiki/Mod_nss

+Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.gz

+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

+BuildRequires: nspr-devel >= 4.6.3, nss-devel >= 3.12.6

+BuildRequires: httpd-devel, apr-devel, apr-util-devel

+BuildRequires: pkgconfig

+Requires: httpd-mmn = %{_httpd_mmn}

+Requires(post): httpd, nss-tools

+Requires: nss >= 3.12.6

+Patch1: mod_nss-conf.patch

+Patch2: mod_nss-gencert.patch

+Patch3: mod_nss-wouldblock.patch

+# Add options for tuning client negotiate in NSS

+Patch4: mod_nss-negotiate.patch

+Patch5: mod_nss-reverseproxy.patch

+Patch6: mod_nss-pcachesignal.h

+Patch7: mod_nss-reseterror.patch

+Patch8: mod_nss-lockpcache.patch

+Patch9: mod_nss-httpd24.patch

+Patch10: mod_nss-overlapping_memcpy.patch

+

+%description

+The mod_nss module provides strong cryptography for the Apache Web

+server via the Secure Sockets Layer (SSL) and Transport Layer

+Security (TLS) protocols using the Network Security Services (NSS)

+security library.

+

+%prep

+%setup -q

+%patch1 -p1 -b .conf

+%patch2 -p1 -b .gencert

+%patch3 -p1 -b .wouldblock

+%patch4 -p1 -b .negotiate

+%patch5 -p1 -b .reverseproxy

+%patch6 -p1 -b .pcachesignal.h

+%patch7 -p1 -b .reseterror

+%patch8 -p1 -b .lockpcache

+%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7

+%patch9 -p1 -b .httpd24

+%endif

+%patch10 -p1 -b .overlap

+

+# Touch expression parser sources to prevent regenerating it

+touch nss_expr_*.[chyl]

+

+%build

+

+CFLAGS="$RPM_OPT_FLAGS"

+APXS=%{_httpd_apxs}

+

+export CFLAGS APXS

+

+NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr`

+NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr`

+

+NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss`

+NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss`

+

+NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss`

+

+%configure \

+    --with-nss-lib=$NSS_LIB_DIR \

+    --with-nss-inc=$NSS_INCLUDE_DIR \

+    --with-nspr-lib=$NSPR_LIB_DIR \

+    --with-nspr-inc=$NSPR_INCLUDE_DIR \

+    --with-apr-config

+

+make %{?_smp_mflags} all

+

+%install

+# The install target of the Makefile isn't used because that uses apxs

+# which tries to enable the module in the build host httpd instead of in

+# the build root.

+rm -rf $RPM_BUILD_ROOT

+

+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf

+mkdir -p $RPM_BUILD_ROOT%{_httpd_confdir}

+mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules

+mkdir -p $RPM_BUILD_ROOT%{_sbindir}

+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias

+

+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"

+# httpd >= 2.4.x

+mkdir -p $RPM_BUILD_ROOT%{_httpd_modconfdir}

+sed -n /^LoadModule/p nss.conf > 10-nss.conf

+sed -i /^LoadModule/d nss.conf

+install -m 644 10-nss.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}

+%endif

+

+install -m 644 nss.conf $RPM_BUILD_ROOT%{_httpd_confdir}

+

+install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/

+install -m 755 nss_pcache $RPM_BUILD_ROOT%{_sbindir}/

+install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/

+ln -s ../../../%{_libdir}/libnssckbi.so $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/

+touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/secmod.db

+touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/cert8.db

+touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/key3.db

+touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/install.log

+

+perl -pi -e "s:$NSS_LIB_DIR:$NSS_BIN:" $RPM_BUILD_ROOT%{_sbindir}/gencert

+

+%clean

+rm -rf $RPM_BUILD_ROOT

+

+%post

+umask 077

+

+if [ "$1" -eq 1 ] ; then

+    if [ ! -e %{_sysconfdir}/httpd/alias/key3.db ]; then

+        %{_sbindir}/gencert %{_sysconfdir}/httpd/alias > %{_sysconfdir}/httpd/alias/install.log 2>&1

+        echo ""

+        echo "%{name} certificate database generated."

+        echo ""

+    fi

+

+    # Make sure that the database ownership is setup properly.

+    /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;

+    /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;

+fi

+

+%files

+%defattr(-,root,root,-)

+%doc README LICENSE docs/mod_nss.html

+%config(noreplace) %{_httpd_confdir}/nss.conf

+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"

+%config(noreplace) %{_httpd_modconfdir}/10-nss.conf

+%endif

+%{_libdir}/httpd/modules/libmodnss.so

+%dir %{_sysconfdir}/httpd/alias/

+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db

+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db

+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db

+%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log

+%{_sysconfdir}/httpd/alias/libnssckbi.so

+%{_sbindir}/nss_pcache

+%{_sbindir}/gencert

+

+%changelog

+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-19.1

+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

+

+* Mon Jun 18 2012 Joe Orton <jorton@redhat.com> - 1.0.8-18.1

+- fix build for RHEL7

+

+* Fri Jun 15 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-18

+- Actually apply the patch to use memmove in place of memcpy since the

+  buffers can overlap (#669118)

+

+* Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17

+- Port mod_nss to work with httpd 2.4

+

+* Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.8-16

+- packaging fixes/updates (#803072)

+

+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-15

+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

+

+* Wed Mar  7 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-14

+- Add Requires(post) for nss-tools, gencert needs it (#652007)

+

+* Wed Mar  2 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13

+- Lock around the pipe to nss_pcache for retrieving the token PIN

+  (#677701)

+

+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-12

+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

+

+* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11

+- Use memmove in place of memcpy since the buffers can overlap (#669118)

+

+* Wed Sep 29 2010 jkeating - 1.0.8-10

+- Rebuilt for gcc bug 634757

+

+* Thu Sep 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9

+- Revert mod_nss-wouldblock patch

+- Reset NSPR error before calling PR_Read(). This should fix looping

+  in #620856

+

+* Fri Sep 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8

+- Fix hang when handling large POST under some conditions (#620856)

+

+* Tue Jun 22 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7

+- Remove file Requires on libnssckbi.so (#601939)

+

+* Fri May 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6

​