Consolidated the three pem module patches into one patch.

- Rename the surving patch to better reflect it's purpose
- This is still a work in progress to be cleaned up further and sent for review

nss.spec

@@ -94,11 +94,11 @@ Patch54:          tstclnt-ssl2-off-by-default.patch
 Patch55:          skip_stress_TLS_RC4_128_with_MD5.patch
 # Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
 Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
-# TODO: consolidate the following patches and submit the resultant
-# one to the interim usptream project
-Patch59: pem-pobject-handle-pemAll.patch
-Patch60: pem-rsawrapr-disable-unused-functions.patch
-Patch61: pem-remove-unused-variables.patch
+# TODO: submit to the interim usptream project
+# As of nss-3.21 we compile NSS with -Werror per upstream
+# see: https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
+# which requires  quite a bit of clean up of the PEM module
+Patch59: pem-compile-with-Werror.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -188,9 +188,7 @@ popd
 %patch54 -p0 -b .ssl2_off
 %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
 %patch58 -p0 -b .1185708_3des
-%patch59 -p0 -b .pemAll
-%patch60 -p0 -b .unused_functions
-%patch61 -p0 -b .unused_vars
+%patch59 -p0 -b .compile_Werror
 
 #########################################################
 # Higher-level libraries and test tools need access to

pem-compile-with-Werror.patch

@@ -1,6 +1,6 @@
-diff -up nss/lib/ckfw/pem/ckpem.h.unused_vars nss/lib/ckfw/pem/ckpem.h
---- nss/lib/ckfw/pem/ckpem.h.unused_vars	2014-01-23 06:28:18.000000000 -0800
-+++ nss/lib/ckfw/pem/ckpem.h	2015-11-11 17:20:27.564794173 -0800
+diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
+--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/ckpem.h	2015-11-12 06:59:07.831377167 -0800
 @@ -233,7 +233,7 @@ struct pemLOWKEYPrivateKeyStr {
  };
  typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
@@ -10,9 +10,9 @@ diff -up nss/lib/ckfw/pem/ckpem.h.unused_vars nss/lib/ckfw/pem/ckpem.h
  const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
  void pem_PopulateModulusExponent(pemInternalObject *io);
  NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError);
-diff -up nss/lib/ckfw/pem/pinst.c.unused_vars nss/lib/ckfw/pem/pinst.c
---- nss/lib/ckfw/pem/pinst.c.unused_vars	2014-01-23 06:28:18.000000000 -0800
-+++ nss/lib/ckfw/pem/pinst.c	2015-11-11 17:20:27.564794173 -0800
+diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
+--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pinst.c	2015-11-12 06:59:07.831377167 -0800
 @@ -466,15 +466,17 @@ AddCertificate(char *certfile, char *key
  {
      pemInternalObject *o;
@@ -48,10 +48,37 @@ diff -up nss/lib/ckfw/pem/pinst.c.unused_vars nss/lib/ckfw/pem/pinst.c
                  error = CKR_GENERAL_ERROR;
                  goto loser;
              }
-diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c
---- nss/lib/ckfw/pem/pobject.c.unused_vars	2015-11-11 17:20:27.562794220 -0800
-+++ nss/lib/ckfw/pem/pobject.c	2015-11-11 17:20:27.565794149 -0800
-@@ -1116,7 +1116,10 @@ pem_CreateObject
+diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
+--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/pobject.c	2015-11-12 06:59:07.831377167 -0800
+@@ -630,6 +630,8 @@ pem_DestroyInternalObject
+         if (io->u.key.ivstring)
+             free(io->u.key.ivstring);
+         break;
++    case pemAll:
++        return;
+     }
+ 
+     if (NULL != gobj)
+@@ -1044,7 +1046,7 @@ pem_CreateObject
+     int nobjs = 0;
+     int i;
+     int objid;
+-    pemToken *token;
++    /*pemToken *token = NULL;*/
+     int cipher;
+     char *ivstring = NULL;
+     pemInternalObject *listObj = NULL;
+@@ -1073,7 +1075,7 @@ pem_CreateObject
+     }
+     slotID = nssCKFWSlot_GetSlotID(fwSlot);
+ 
+-    token = (pemToken *) mdToken->etc;
++    /*token = (pemToken *) mdToken->etc;*/
+ 
+     /*
+      * only create keys and certs.
+@@ -1114,7 +1116,10 @@ pem_CreateObject
      }
  
      if (objClass == CKO_CERTIFICATE) {
@@ -63,7 +90,7 @@ diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c
          if (nobjs < 1)
              goto loser;
  
-@@ -1158,11 +1161,14 @@ pem_CreateObject
+@@ -1156,11 +1161,14 @@ pem_CreateObject
      } else if (objClass == CKO_PRIVATE_KEY) {
          /* Brute force: find the id of the certificate, if any, in this slot */
          int i;
@@ -79,9 +106,29 @@ diff -up nss/lib/ckfw/pem/pobject.c.unused_vars nss/lib/ckfw/pem/pobject.c
          if (nobjs < 1)
              goto loser;
  
-diff -up nss/lib/ckfw/pem/util.c.unused_vars nss/lib/ckfw/pem/util.c
---- nss/lib/ckfw/pem/util.c.unused_vars	2014-01-23 06:28:18.000000000 -0800
-+++ nss/lib/ckfw/pem/util.c	2015-11-11 17:25:34.580452082 -0800
+diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
+--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/rsawrapr.c	2015-11-12 06:59:07.831377167 -0800
+@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
+     return 0;
+ }
+ 
++/* unused functions */
++#if 0
+ static SHA1Context *SHA1_CloneContext(SHA1Context * original)
+ {
+     SHA1Context *clone = NULL;
+@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
+ 
+     return SECSuccess;
+ }
++#endif /* unused functions */
+ 
+ /*
+  * Format one block of data for public/private key encryption using
+diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
+--- ./nss/lib/ckfw/pem/util.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
++++ ./nss/lib/ckfw/pem/util.c	2015-11-12 06:59:07.831377167 -0800
 @@ -58,7 +58,7 @@
  #include <stdarg.h>
  

pem-pobject-handle-pemAll.patch

@@ -1,30 +0,0 @@
-diff -up ./nss/lib/ckfw/pem/pobject.c.pemAll ./nss/lib/ckfw/pem/pobject.c
---- ./nss/lib/ckfw/pem/pobject.c.pemAll	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/pobject.c	2015-11-11 15:15:16.581569576 -0800
-@@ -630,6 +630,8 @@ pem_DestroyInternalObject
-         if (io->u.key.ivstring)
-             free(io->u.key.ivstring);
-         break;
-+    case pemAll:
-+        return;
-     }
- 
-     if (NULL != gobj)
-@@ -1044,7 +1046,7 @@ pem_CreateObject
-     int nobjs = 0;
-     int i;
-     int objid;
--    pemToken *token;
-+    /*pemToken *token = NULL;*/
-     int cipher;
-     char *ivstring = NULL;
-     pemInternalObject *listObj = NULL;
-@@ -1073,7 +1075,7 @@ pem_CreateObject
-     }
-     slotID = nssCKFWSlot_GetSlotID(fwSlot);
- 
--    token = (pemToken *) mdToken->etc;
-+    /*token = (pemToken *) mdToken->etc;*/
- 
-     /*
-      * only create keys and certs.

pem-rsawrapr-disable-unused-functions.patch

@@ -1,20 +0,0 @@
-diff -up ./nss/lib/ckfw/pem/rsawrapr.c.unused_functions ./nss/lib/ckfw/pem/rsawrapr.c
---- ./nss/lib/ckfw/pem/rsawrapr.c.unused_functions	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/rsawrapr.c	2015-11-11 15:30:22.097087094 -0800
-@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
-     return 0;
- }
- 
-+/* unused functions */
-+#if 0
- static SHA1Context *SHA1_CloneContext(SHA1Context * original)
- {
-     SHA1Context *clone = NULL;
-@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
- 
-     return SECSuccess;
- }
-+#endif /* unused functions */
- 
- /*
-  * Format one block of data for public/private key encryption using