From 52a319230b75975ad545660e8eceb3d9fcb8b255 Mon Sep 17 00:00:00 2001
From: Kai Engert <kengert@fedoraproject.org>
Date: Fri, 8 May 2009 20:07:13 +0000
Subject: [PATCH] - re-enable test suite - add patch for upstream bug 488646
 and add newer paypal certs in order to     make the test suite pass

---
 PayPalEE.cert       | Bin 0 -> 1483 bytes
 PayPalICA.cert      | Bin 0 -> 1512 bytes
 nss-bug488646.patch |  66 ++++++++++++++++++++++++++++++++++++++++++++
 nss.spec            |  14 ++++++++--
 4 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 PayPalEE.cert
 create mode 100644 PayPalICA.cert
 create mode 100644 nss-bug488646.patch

diff --git a/PayPalEE.cert b/PayPalEE.cert
new file mode 100644
index 0000000000000000000000000000000000000000..6e7f755542f4bf82aa4c6122d5da340fdcf4d14c
GIT binary patch
literal 1483
zcmaJ>e@qj16z^THEu{rySBi?jA!-1neb@3^8NtE?K?Dl50#nX%LZ!5<EfhqJR4Kt}
za7<x~8$VnkOh(2AVN(ZlAOUnU6P?DH1;f<o%tmAi`ytEj5QuEa?yv9r^?C1o-X{lk
z-VoTakDIwDf}%@yZaMxrXF$+-@>oMbi`M5aaN!Gs90`tT7X;z)I8b?>6oHV>&BXXP
znyDr|!GkrNaaRp()~ogT#&txZQ70pP!J7?;aOr%2$S{{!tV9ZJwVBL?<a&sFk)X(+
z%|#Z%w3{fg&;(^A3ar**OO#x0v)N>&4621emFY}Ha&s|71n2@Gj0^z<Tg=7RE}*Ln
zl*K|QiTE-rZOo(d2n}V>=TTO@$w;Wx$%HBvd^}ws5<(OaF#BbBx{v@NKq{1>k)e@U
zU`O0Y9NhV$wR{9a?BN?wggd+CGVpxaiQ-Oiw1KiwW}5VZW$Yww_$wMx2I~lB40erB
zS-`G9atXMyK^`tp0vVzR3tvng+lvXiOPnJ^NhKMq00lWa0ONGRomI>NyG>@Jo+91B
zjm;EDoYa(&*le=Uq!c8qODJ(sFjYhfK{Dj3t)vIwtlwE8PNm9IDZ|`7R={%BEt24g
zMh3KKj+k<bl`gW(pOGtZWl1ll%8MxjOF2|Fy{rI)$Kh5UV^mOsR#tNEJq*A3aLoND
zSz1HLp$%!Z)lXZS##)B^x-MU>kGrCb$-cb0O~GsO);^d%_-fGjxVXDl+cngc;@=sP
znx6ecDct_7IwIoF)IPbXBYn94)P(9l>_A0^BQ|a1+U>9YNXYWg>Fy(?O(Vm-pA8+=
z*U295zx8P5Zq4S~WpyRr^cSLBgoAuwM}A`tH!&+pZyZB`GpjsrS4@gY&b3#VueWB_
zj&TS-kE3IgcOJBE01-okw;P6WQC>4_WDQ@8Q6q#mhc+u6Br88geeoJKtt&Cp!8)^H
zu?*)U3V<*f6NNYygTSJJ)wC$rk$^aUk4FTad<cR7z7wM+9#4QG(iQ)w>=#q7#@M^g
zm2i=T7Ye>?6Mt+eNDoS$A4xsmcy4u8MP}93lN?>`BW<Ay_RS|F2v!V62%fhAarpgv
zDU;4pyl5+kUPwp(%K@dQ7G*E6^MV7~4959#M2zi%+?E~9IgkZf&`5>)A}XJj=j(Ta
zANYcR&s*!tMVDieq{4Fn^?dP#Z_^`A1%8wyc+-!!6xK*r&CO~s<(n2aEw!*dQpQ3p
z{x5Ou2*PoED9&$_$C#$K4i+>IyQ_Mh#ta?ex4rK>Sy){<-Z$dkv8lUjFzM&xClY-g
zREt+$zFBbK=9=V7x8#lWHP4o}H5xDaOpMkgpDA5B6KzYNuYB=*rY9)1Gp_+V9ksur
zE$ZH6<G|t9ww#V|R5j&HQDyt=M}G7e-E-mMwkLJR>y2W;MDG1<XY1ULti*dX-=9U>
z`>%a><E`=6x3_d?{0H`sDcW~pZU`X0Y-?Cezi`z4-ss`=@3uzy24-J9Q~vkPH|}&~
zKM`Gt4$7(8d#PYBu-h%XZB?A=X?Cvd?O(mtv~PO+<;;q`9n|%yfgQad^xE>tr})>k
PKm4MdY&jA4{O;60{ubU9

literal 0
HcmV?d00001

diff --git a/PayPalICA.cert b/PayPalICA.cert
new file mode 100644
index 0000000000000000000000000000000000000000..459373be94872c6cf99e61b0550d14e82f28497d
GIT binary patch
literal 1512
zcmXqLVtr!J#Byc<GZP~dlR$KN<T3G<hjGW%4;W3=)W|mAW#iOp^Jx3d%gD&e%3#oV
z%8=WDlZ`o)g-w_#G}utwKorE`66Om_Ey@heOwZF%@XSlrGn6-w1xauVi@_umLW)X@
zOBDQ4OUm<$vJI^aEFcODHIg+Ij0_CS6ksYLMkweixaAiqB$k$B<QHXDrKTv97N;uY
z=jBuyx*9lx^fC+Ez_chh=Oh*vD;O&TlqTh5CMyIKW#%RpRVp~A7L{bCWhN(<Waj57
zI6}-SsRWwsZfYPW&TC+1XlP(z00vRwyoMmIxskD{rKx3<LE|oJdDhy%65?5-kkq2w
zVuk!PuxAoW6f#Om3W}}t^~=l4^~!)jSPTq8z2y8{{i1?I1z^Yk9cW@;1o5plhHqUf
zN>cMufI$<Mn3I_T@nmqYkAkzKK@+1Aa^x|xGB7tW@-qO%xtN+585w5WUJ&|v&R_A$
z$FuT8WH(07P;M8?YcHF#)xvt~f~qa-$()kUv^qRiKA*eIAc|u;&zn_G#4?MLlxO{}
z3elKxlt*{_b){`5ep-khzkAEjZPpZ#zIpE|7Hn6#;u$jC_i0J=q&;tPbnZVtxJ_Cr
zG&_xhx!!gCEaQ&?2Xbb5O;R!B$i2&CmsnO&vF&Z0`MR9Xoe#G^yd!#Md)WMj1shrG
z{me!GZ`YUWXS1*m*q*7ecxzg`nN*O6b6U{-MU(t5OC;=j{3=eekahn&nVgIw)%?xX
z#V2$33jLq$XcYJ5Mcq;E#Xcz){r0GFr2dwi9#Qeoc>miByN&9u`3D}onV$JQ=JNMI
zCT2zk#>GvHmw+L14xCtJ`B=nQME-OI?3%YzHL5za)qg5Oa{tSSY-a-@U<AktGcx{X
z;V@tWQcR2t2DTtE1r{>{Q2ej}nG6P61{!P}+HAm_!p_7fCWA9>lM9L=+T|hI7Z@zi
zYtsQK2c`tqu;A3>(xOz|<f0tZBvFu@XsnxVst1%X-~-vt4{{L;Fz2!v2(ob|w0SVL
z{cvJrgbL-t+``Dil4uaWFm^$-L8L*rL8urfFmt4*>ZfO>87Laa8?dvnYV$EONwJ9Z
zKfNr~wx+i)`|$aOtScT8I@OYT2C8DpP^abOr{|+OsjL_*1~N$#<RU>9B?E;eat1Pn
zQU(%00bm{#1ZPcSXGbFg6AN8KT@!Pl-=U!dbgQ9(zJV@`Z@}25h#n02$;AaImKw-|
zY*J>CFc51HslS}M{LtMuyFVCkes;F}#kAho&=@)00}Cx+x@TmVw&+*=GuyXUw9jo9
zwLehA9N)c5Y=Y|dL(MmimzpGJ2nF*5cUGSa<6M5&%*BuILQ>M^wqGw6&NfN!4OSAj
z`@7~{x}Ni+*m~oZPm2l;<TXt{VDeY>m~#EwXB&=&JGX4Qr~C23HxGG{!thON3?EKc
zQ9dagTk_QHJ!j3lhcgYiI4Y(43+Iccov=9nu4no-ww=XpPcBb6_%vawYN_tcOv5*4
zryX8g_V-1J%Nn7bzWW1T?7ZUQr+#{!!o@nRnr+GM^U8KjzaaLUJ16(MbG|XRra}3y
zxj(=9?I_!PR$|Lfh4;3%pPgDe`-0!4_LaQLT#5tk7DT^YTj#Y$>FNr#Cx==Ucy9s#
Da6$|!

literal 0
HcmV?d00001

diff --git a/nss-bug488646.patch b/nss-bug488646.patch
new file mode 100644
index 0000000..f17c5a4
--- /dev/null
+++ b/nss-bug488646.patch
@@ -0,0 +1,66 @@
+diff -up ./mozilla/security/nss/tests/chains/chains.sh.bug488646 ./mozilla/security/nss/tests/chains/chains.sh
+--- ./mozilla/security/nss/tests/chains/chains.sh.bug488646	2009-05-08 21:37:48.000000000 +0200
++++ ./mozilla/security/nss/tests/chains/chains.sh	2009-05-08 21:38:03.000000000 +0200
+@@ -695,6 +695,37 @@ verify_cert()
+     fi
+ }
+ 
++
++check_ocsp()
++{
++    OCSP_CERT=$1
++
++    CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1`
++    CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2`
++
++    if [ "${CERT_ISSUER}" = "x" ]; then
++        CERT_ISSUER=
++        CERT=${CERT_NICK}.cert
++        CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
++    else
++        CERT=${CERT_NICK}${CERT_ISSUER}.der
++        CERT_FILE=${CERT}
++    fi
++
++    OCSP_HOST=$(${BINDIR}/pp -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
++
++    if [ "${OS_ARCH}" = "WINNT" ]; then
++        ping -n 1 ${OCSP_HOST}
++        return $?
++    elif [ "${OS_ARCH}" = "HP-UX" ]; then
++        ping ${OCSP_HOST} -c 1
++        return $?
++    else
++        ping -c 1 ${OCSP_HOST}
++        return $?
++    fi
++}
++
+ ############################ parse_result ##############################
+ # local shell function to process expected result value
+ # this function was created for case that expected result depends on
+@@ -865,6 +896,13 @@ parse_config()
+         "break")
+             break
+             ;;
++        "check_ocsp")
++            check_ocsp ${VALUE}
++            if [ $? -ne 0 ]; then
++                echo "OCSP server not accessible, skipping OCSP tests"
++                break;
++            fi
++            ;;
+         "")
+             if [ -n "${ENTITY}" ]; then
+                 if [ -z "${DB}" ]; then
+diff -up ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646 ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg
+--- ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646	2009-05-08 21:37:58.000000000 +0200
++++ ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg	2009-05-08 21:38:03.000000000 +0200
+@@ -1,5 +1,7 @@
+ scenario OCSP
+ 
++check_ocsp OCSPEE11:x
++
+ db OCSPRoot
+ import OCSPRoot:x:CT,C,C
+ 
diff --git a/nss.spec b/nss.spec
index 274bda6..b970566 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.3
-Release:          6%{?dist}
+Release:          7%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -29,6 +29,8 @@ Source4:          blank-key3.db
 Source5:          blank-secmod.db
 Source8:          nss-prelink.conf
 Source12:         %{name}-pem-20080124.tar.bz2
+Source13:         PayPalEE.cert
+Source14:         PayPalICA.cert
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-nolocalsql.patch
@@ -37,6 +39,7 @@ Patch5:           nss-pem-bug429175.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           nss-disable-freebl-execstack.patch
 Patch8:           nss-freebl-kernelfipsmode
+Patch9:           nss-bug488646.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -110,6 +113,11 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1 -b .bug488646
+
+#need newer certs to make test suite work
+#remove once we update to NSS 3.12.4
+cp %{SOURCE13} %{SOURCE14} mozilla/security/nss/tests/libpkix/certs
 
 
 %build
@@ -476,8 +484,10 @@ done
 
 
 %changelog
-* Thu May 07 2009 Kai Engert <kaie@redhat.com> - 3.12.3-6
+* Thu May 07 2009 Kai Engert <kaie@redhat.com> - 3.12.3-7
 - re-enable test suite
+- add patch for upstream bug 488646 and add newer paypal
+  certs in order to make the test suite pass
 * Wed May 06 2009 Kai Engert <kaie@redhat.com> - 3.12.3-4
 - add conflicts info in order to fix bug 499436
 * Tue Apr 14 2009 Kai Engert <kaie@redhat.com> - 3.12.3-3