From 2a45956d5b88dbe3570abf5932ccffa41f1d0667 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Tue, 8 Mar 2016 06:47:48 -0800
Subject: [PATCH] Update pem sources to latest from nss-pem upstream

- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key
- Fixes memory leak on failed ASN1 decoding of RSA keys with rebase
- https://git.fedorahosted.org/cgit/nss-pem.git
---
 .gitignore |  2 +-
 nss.spec   | 18 +++++++-----------
 sources    |  2 +-
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index b8b21b3..214a868 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,7 @@ PayPalEE.cert
 TestCA.ca.cert
 TestUser50.cert
 TestUser51.cert
-/nss-pem-20140125.tar.bz2
+/nss-pem-20160308.tar.bz2
 /PayPalRootCA.cert
 /PayPalICA.cert
 /nss-3.23.0.tar.gz
diff --git a/nss.spec b/nss.spec
index b6d61e0..eae211d 100644
--- a/nss.spec
+++ b/nss.spec
@@ -21,7 +21,7 @@ Name:             nss
 Version:          3.23.0
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release:          2%{?dist}
+Release:          3%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -58,7 +58,7 @@ Source6:          blank-cert9.db
 Source7:          blank-key4.db
 Source8:          system-pkcs11.txt
 Source9:          setup-nsssysinit.sh
-Source12:         %{name}-pem-20140125.tar.bz2
+Source12:         %{name}-pem-20160308.tar.bz2
 Source20:         nss-config.xml
 Source21:         setup-nsssysinit.xml
 Source22:         pkcs11.txt.xml
@@ -98,13 +98,6 @@ Patch55:          skip_stress_TLS_RC4_128_with_MD5.patch
 # Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
 Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
 
-# As of nss-3.21 we compile NSS with -Werror.
-# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
-# This requires a cleanup of the PEM module as we have it here.
-# TODO: submit a patch to the interim nss-pem upstream project
-# The submission will be very different from this patch as
-# cleanup there is already in progress there.
-Patch59: pem-compile-with-Werror.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -194,7 +187,6 @@ popd
 %patch54 -p0 -b .ssl2_off
 %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
 %patch58 -p0 -b .1185708_3des
-%patch59 -p0 -b .compile_Werror
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -823,7 +815,11 @@ fi
 
 
 %changelog
-* Sat Mar 05 2016 emaldona <emaldona@redhat.com> - 3.23.0-2
+* Tue Mar 08 2016 Elio Maldonado <emaldona@redhat.com> - 3.23.0-3
+- Update pem sources to latest from nss-pem upstream
+- Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key
+
+* Sat Mar 05 2016 Elio Maldonado <emaldona@redhat.com> - 3.23.0-2
 - Rebase to NSS 3.23
 
 * Sat Feb 27 2016 Elio Maldonado <emaldona@redhat.com> - 3.22.2-2
diff --git a/sources b/sources
index be690da..dbff227 100644
--- a/sources
+++ b/sources
@@ -3,5 +3,5 @@ a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 73bc040a0542bba387e6dd7fb9fd7d23  blank-secmod.db
 691e663ccc07b7a1eaa6f088e03bf8e2  blank-cert9.db
 2ec9e0606ba40fe65196545564b7cc2a  blank-key4.db
-b8a94e863c852e1f8b75e930e76f8640  nss-pem-20140125.tar.bz2
+4d8e770b105483e365f3327d883dd229  nss-pem-20160308.tar.bz2
 574488f97390085832299cc3b90814a8  nss-3.23.0.tar.gz