[nss] Update to NSS_3_14_RC1

Mon Oct 22 01:25:54 UTC 2012

commit 1f01ab68b142c0b6571d0f752982ae5b16927a3e
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Sun Oct 21 20:47:52 2012 -0400

    Update to NSS_3_14_RC1
    
    - update nss-589636.patch to apply to httpdserv
    - turn off ocsp tests for now
    - remove no longer needed patches
    - remove headers shipped by nss-util

 Bug-772628-nss_Init-leaks-memory.patch             |   27 ------------
 ...ble-to-contact-LDAP-Server-during-winsync.patch |   27 ------------
 ...MQP-daemon-fails-to-load-after-nss-update.patch |   15 -------
 ...672-protect-against-calls-before-nss_init.patch |   40 -----------------
 nofipstest.patch                                   |   19 --------
 nss-3.14.0.0-disble-ocsp-test.patch                |    9 ++++
 nss-539183.patch                                   |   43 +++++++++++++++++--
 nss-fix-gcc47-secmodt.patch                        |   12 -----
 nss.spec                                           |   45 ++++++++-----------
 9 files changed, 67 insertions(+), 170 deletions(-)
---

diff --git a/nss-3.14.0.0-disble-ocsp-test.patch b/nss-3.14.0.0-disble-ocsp-test.patch
new file mode 100644
index 0000000..df4e692
--- /dev/null
+++ b/nss-3.14.0.0-disble-ocsp-test.patch
@@ -0,0 +1,9 @@
+diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
+--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test	2012-10-12 09:30:07.264987000 -0700
++++ ./mozilla/security/nss/tests/chains/scenarios/scenarios	2012-10-12 09:34:55.653123000 -0700
+@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
+ realcerts.cfg
+ dsa.cfg
+ revoc.cfg
+-ocsp.cfg
+ crldp.cfg
diff --git a/nss-539183.patch b/nss-539183.patch
index 4e04e0b..0a85894 100644
--- a/nss-539183.patch
+++ b/nss-539183.patch
@@ -1,7 +1,42 @@
-diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
---- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183	2011-10-06 10:42:06.913919000 -0700
-+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	2011-10-06 10:43:14.858987000 -0700
-@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
+Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v
+retrieving revision 1.1
+diff -u -p -r1.1 httpserv.c
+--- ./mozilla/security/nss/cmd/httpserv/httpserv.c	28 Jun 2012 11:11:06 -0000	1.1
++++ ./mozilla/security/nss/cmd/httpserv/httpserv.c	21 Oct 2012 22:22:10 -0000
+@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
++    PRUint16           socketDomain = PR_AF_INET;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
++    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
++	errExit("PR_SetNetAddr");
++    }
+ 
+-    listen_sock = PR_NewTCPSocket();
++    if (PR_GetEnv("NSS_USE_SDP")) {
++        socketDomain = PR_AF_INET_SDP;
++    }
++    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+-	errExit("PR_NewTCPSocket");
++	errExit("PR_OpenTCPSocket error");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.102
+diff -u -p -r1.102 selfserv.c
+--- ./mozilla/security/nss/cmd/selfserv/selfserv.c	27 Sep 2012 17:13:34 -0000	1.102
++++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	21 Oct 2012 22:22:10 -0000
+@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port
      PRStatus	       prStatus;
      PRNetAddr          addr;
      PRSocketOptionData opt;
diff --git a/nss.spec b/nss.spec
index 3622e1a..874ee27 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,13 +1,13 @@
 %global nspr_version 4.9.2
-%global nss_util_version 3.13.6
+%global nss_util_version 3.14
 %global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.13.6
+%global nss_softokn_version 3.14
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.13.6
-Release:          1%{?dist}
+Version:          3.14
+Release:          0.1%{?dist}.rc1.1
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -62,22 +62,10 @@ Patch18:          nss-646045.patch
 # must statically link pem against the freebl in the buildroot
 # Needed only when freebl on tree has newe APIS
 Patch25:          nsspem-use-system-freebl.patch
-# don't compile the fipstest application
-Patch26:          nofipstest.patch
 # This patch is currently meant for stable branches
 Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch30:          bz784672-protect-against-calls-before-nss_init.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
-Patch32:          Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch33:          Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
-Patch34:          Bug-772628-nss_Init-leaks-memory.patch
+# TODO: Remove this patch when the ocsp test are fixed
+Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -157,14 +145,9 @@ low level services.
 %patch18 -p0 -b .646045
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
-%patch26 -p0 -b .nofipstest
 # activate only if requested for this branch
 #%patch29 -p0 -b .770682
-%patch30 -p0 -b .784672
-%patch32 -p0 -b .800674
-%patch33 -p0 -b .800682
-%patch34 -p1 -b .772628
-
+%patch40 -p1 -b .noocsptest
 
 %build
 
@@ -342,7 +325,7 @@ cd ./mozilla/security/nss/tests/
 
 #  don't need to run all the tests when testing packaging
 #  nss_cycles: standard pkix upgradedb sharedb
-#  nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
+nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains"
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
 #
@@ -457,8 +440,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
 
-#remove the nss-softokn-devel and nss-softokn-freebl-devel headers
+#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
@@ -594,6 +580,13 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Sun Oct 21 2012 Elio Maldonado <emaldona at redhat.com> - 3.14-0.1.rc.1
+- Update to NSS_3_14_RC1
+- update nss-589636.patch to apply to httpdserv
+- turn off ocsp tests for now
+- remove no longer needed patches
+- remove headers shipped by nss-util
+
 * Fri Oct 05 2012 Kai Engert <kaie at redhat.com> - 3.13.6-1
 - Update to NSS_3_13_6_RTM
 
