!134 [sync] PR-132: Add the crypto-policies-scripts Requires

From: @openeuler-sync-bot 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite

Feature-fix-sm2-sm3-code-error.patch

@@ -0,0 +1,39 @@
+From 4343eb37c04f464f1f09e91e71d619a7eed1b38b Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 22 Jan 2024 17:03:52 +0800
+Subject: [PATCH] fix sm2 sm3 code error
+
+---
+ lib/util/secoid.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/util/secoid.c b/lib/util/secoid.c
+index e97eead..cc776c1 100644
+--- a/lib/util/secoid.c
++++ b/lib/util/secoid.c
+@@ -1813,10 +1813,6 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
+        "IPsec User",
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+ 
+-    OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION),
+-    OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION),
+-    OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION),
+-
+     OD(sha3_224, SEC_OID_SHA3_224, "SHA3-224", CKM_SHA3_224, INVALID_CERT_EXTENSION),
+     OD(sha3_256, SEC_OID_SHA3_256, "SHA3-256", CKM_SHA3_256, INVALID_CERT_EXTENSION),
+     OD(sha3_384, SEC_OID_SHA3_384, "SHA3-384", CKM_SHA3_384, INVALID_CERT_EXTENSION),
+@@ -1826,6 +1822,11 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
+     OD(hmac_sha3_256, SEC_OID_HMAC_SHA3_256, "HMAC SHA3-256", CKM_SHA3_256_HMAC, INVALID_CERT_EXTENSION),
+     OD(hmac_sha3_384, SEC_OID_HMAC_SHA3_384, "HMAC SHA3-384", CKM_SHA3_384_HMAC, INVALID_CERT_EXTENSION),
+     OD(hmac_sha3_512, SEC_OID_HMAC_SHA3_512, "HMAC SHA3-512", CKM_SHA3_512_HMAC, INVALID_CERT_EXTENSION),
++
++    OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION),
++    OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION),
++    OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION),
++
+ };
+ 
+ /* PRIVATE EXTENDED SECOID Table
+-- 
+2.33.0
+

Feature-fix-sm3-code-error.patch

@@ -0,0 +1,50 @@
+From d71c36d1c218a7bba38a7aaa7d31917d3551e7d5 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Thu, 18 Apr 2024 18:22:39 +0800
+Subject: [PATCH] fix sm3 code error
+
+---
+ nss/lib/cryptohi/sechash.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/nss/lib/cryptohi/sechash.c b/nss/lib/cryptohi/sechash.c
+index b288145..8d60fbc 100644
+--- a/lib/cryptohi/sechash.c
++++ b/lib/cryptohi/sechash.c
+@@ -196,16 +196,6 @@ const SECHashObject SECHashObjects[] = {
+           PK11_DigestFinal,
+       SHA224_BLOCK_LENGTH,
+       HASH_AlgSHA224 },
+-    { SM3_LENGTH,
+-      (void *(*)(void))sm3_NewContext,
+-      (void *(*)(void *))PK11_CloneContext,
+-      (void (*)(void *, PRBool))PK11_DestroyContext,
+-      (void (*)(void *))PK11_DigestBegin,
+-      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+-      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+-          PK11_DigestFinal,
+-      SM3_BLOCK_LENGTH,
+-      HASH_AlgSM3 },
+     { SHA3_224_LENGTH,
+       (void *(*)(void))sha3_224_NewContext,
+       (void *(*)(void *))PK11_CloneContext,
+@@ -246,6 +236,16 @@ const SECHashObject SECHashObjects[] = {
+           PK11_DigestFinal,
+       SHA3_512_BLOCK_LENGTH,
+       HASH_AlgSHA3_512 },
++    { SM3_LENGTH,
++      (void *(*)(void))sm3_NewContext,
++      (void *(*)(void *))PK11_CloneContext,
++      (void (*)(void *, PRBool))PK11_DestroyContext,
++      (void (*)(void *))PK11_DigestBegin,
++      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
++      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
++          PK11_DigestFinal,
++      SM3_BLOCK_LENGTH,
++      HASH_AlgSM3 },
+ };
+ 
+ const SECHashObject *
+-- 
+2.33.0
+

nss.spec

@@ -1,5 +1,5 @@
 %global nspr_version 4.35.0
-%global nss_version 3.94
+%global nss_version 3.94.0
 %global nss_ver 3_94
 %global nss_archive_version 3.94
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
@@ -12,15 +12,26 @@
 %bcond_with test
 %bcond_without dbm
 
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
+    %{?with_dbm:$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so
+} \
+%{nil}
+
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          2
+Release:          7
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
 Requires:         nspr >= %{nspr_version} nss-util >= %{nss_version} nss-softokn%{_isa} >= %{nss_version}
-Requires:         p11-kit-trust crypto-policies
+Requires:         p11-kit-trust crypto-policies crypto-policies-scripts
 Requires(post):   coreutils, sed
 BuildRequires:    nspr-devel >= %{nspr_version} nss-softokn sqlite-devel zlib-devel
 BuildRequires:    pkgconf gawk psmisc perl-interpreter gcc-c++
@@ -47,6 +58,8 @@ Patch9001:        Feature-nss-add-implement-of-SM2-signature-algorithm.patch
 Patch9002:        Feature-nss-support-SM3-digest-algorithm.patch
 Patch9003:        Feature-nss-support-SM2-signature-algorithm.patch
 Patch9004:        Feature-nss-fix-the-certificate-resolution-in-sm2.patch
+Patch9005:        Feature-fix-sm2-sm3-code-error.patch
+Patch9006:        Feature-fix-sm3-code-error.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -135,6 +148,8 @@ pushd nss
 %patch9002 -p1
 %patch9003 -p1
 %patch9004 -p1
+%patch9005 -p1
+%patch9006 -p1
 popd
 
 %build
@@ -519,15 +534,15 @@ update-crypto-policies &>/dev/null||:
 %{!?_licensedir:%global license %%doc}
 %license nss/COPYING
 %{_libdir}/libfreebl3.so
-#%{_libdir}/libfreebl3.chk
+%{_libdir}/libfreebl3.chk
 %{_libdir}/libfreeblpriv3.so
-#%{_libdir}/libfreeblpriv3.chk
+%{_libdir}/libfreeblpriv3.chk
 %if %{with dbm}
 %{_libdir}/libnssdbm3.so
-#%{_libdir}/libnssdbm3.chk
+%{_libdir}/libnssdbm3.chk
 %endif
 %{_libdir}/libsoftokn3.so
-#%{_libdir}/libsoftokn3.chk
+%{_libdir}/libsoftokn3.chk
 %dir %{_libdir}/nss
 %dir %{_libdir}/nss/saved
 %dir %{unsupported_tools_directory}
@@ -557,6 +572,21 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*
 
 %changelog
+* Fri Oct 11 2024 fuanan <fuanan3@h-partners.com> - 3.94.0-7
+- Add the crypto-policies-scripts Requires
+
+* Thu Apr 18 2024 jinlun <jinlun@huawei.com> - 3.94.0-6
+- Add Integrity Verification File in nss-softokn
+
+* Thu Apr 18 2024 jinlun <jinlun@huawei.com> - 3.94.0-5
+- fix sm3 code error
+
+* Mon Jan 22 2024 jinlun <jinlun@huawei.com> - 3.94.0-4
+- fix sm2 sm3 code error
+
+* Fri Dec 15 2023 jinlun <jinlun@huawei.com> - 3.94.0-3
+- fix nss_version error.
+
 * Sat Nov 25 2023 jinlun <jinlun@huawei.com> - 3.94-2
 - fix nss-softokn.pc version error.