Use the full pristine sources from upstream

- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird

.gitignore

@@ -8,4 +8,4 @@ TestCA.ca.cert
 TestUser50.cert
 TestUser51.cert
 /nss-pem-20130828.tar.bz2
-/nss-3.15.2-stripped.tar.bz2
+/nss-3.15.2.tar.gz

mozilla-crypto-strip.sh

@@ -1,128 +0,0 @@
-#!/bin/sh
-set -e
-
-if test -z $1
-then
-  echo "usage: $0 <input-tarball>"
-  exit
-fi
-
-ORIGDIR=`pwd`
-WORKDIR=nss_ecc_strip_working_dir
-EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'`
-BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'`
-COMPRESS=""
-
-if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2"
-then
-  COMPRESS="j"
-fi
-
-if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz"
-then
-  COMPRESS="z"
-fi
-
-if test "x$COMPRESS" = "x"
-then
-  echo "unable to process, input file $1 has unsupported extension"
-  exit
-fi
-
-echo "== extension is $EXTENSION - ok"
-echo "== new extension will be $JEXTENSION"
-echo "== cleaning old workdir $WORKDIR"
-
-rm -rf $WORKDIR
-mkdir $WORKDIR
-
-echo "== extracting input archive $1"
-tar -x -$COMPRESS -C $WORKDIR -f $1
-
-echo "changing into $WORKDIR"
-pushd $WORKDIR
-
-DIRCOUNT=`ls -1 | wc -l`
-if test $DIRCOUNT -ne 1
-then
-  echo "unable to process, $1 contains more than one toplevel directory"
-  exit
-fi
-
-TOPDIR=`ls -1`
-if test "x$TOPDIR" != "xnss"
-then
-  # try to deal with a single additional subdirectory above "nss"
-  echo "== skipping toplevel directory $TOPDIR"
-  cd $TOPDIR
-fi
-
-DIRCOUNT=`ls -1 | wc -l`
-if test $DIRCOUNT -ne 1
-then
-  echo "unable to process, $1 contains more than one second level directory"
-  exit
-fi
-
-SINGLEDIR=`ls -1`
-if test "x$SINGLEDIR" != "xnss"
-then
-  echo "unable to process, first or second level directory is not nss"
-  exit
-fi
-
-echo "== input archive accepted, now processing"
-
-REALFREEBLDIR=nss/lib/freebl
-FREEBLDIR=./$REALFREEBLDIR
-
-rm -rf ./nss/cmd/ecperf
-
-mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save
-rm -rf ${FREEBLDIR}/ecl/tests
-rm -rf ${FREEBLDIR}/ecl/CVS
-for i in ${FREEBLDIR}/ecl/* ; do
-echo clobbering $i
- > $i
-done
-mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h
-
-for j in ${FREEBLDIR}/ec.*; do
-        echo unifdef $j
-        cat $j | \
-        awk    'BEGIN {ech=1; prt=0;} \
-                /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \
-                /^#[ \t]*if/ {if(ech < 1) ech--;} \
-                {if(ech>0) {;print $0};} \
-                /^#[ \t]*endif/ {if(ech < 1) ech++;} \
-                {if (prt && (ech<=0)) {;print $0}; } \
-                {if (ech>0) {prt=0;} } \
-                /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \
-        mv $j.hobbled $j
-done
-
-echo "== returning to original directory"
-popd
-
-JCOMPRESS=j
-JEXTENSION=.tar.bz2
-NEWARCHIVE=$BASE-stripped$JEXTENSION
-echo "== finally producing new archive $NEWARCHIVE"
-tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR
-
-echo "== all done, listing of old and new archive:"
-ls -l $1
-ls -l $NEWARCHIVE
-
-LISTING_DIR=""
-if test "x$TOPDIR" != "xmozilla"
-then
-  LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl"
-else
-  LISTING_DIR="$REALFREEBLDIR/ecl"
-fi
-
-echo "== FYI, producing listing of stripped dir in new archive"
-tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR
-
-

nss.spec

@@ -20,7 +20,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.15.2
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -47,20 +47,7 @@ BuildRequires:    perl
 %{!?nss_ckbi_suffix:%define full_nss_version %{version}}
 %{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}
 
-Source0:          %{name}-%{full_nss_version}-stripped.tar.bz2
-
-# The stripped tar ball is a subset of the upstream sources with
-# patent-encumbered cryptographic algorithms removed.
-# Use this script to remove them and create the stripped archive.
-# 1. Download the sources nss-{version}.tar.gz found within 
-# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
-# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src
-# 2. In the download directory execute
-# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz
-# to produce ${name}-${version}-stripped.tar.bz2
-# for uploading to the lookaside cache.
-Source100:        mozilla-crypto-strip.sh
-
+Source0:          %{name}-%{full_nss_version}.tar.gz
 Source1:          nss.pc.in
 Source2:          nss-config.in
 Source3:          blank-cert8.db
@@ -105,7 +92,7 @@ Patch45:          Bug-896651-pem-dont-trash-keys-on-failed-login.patch
 Patch46:          disable-ocsp-stapling-tests.patch
 # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
 Patch47:          utilwrap-include-templates.patch
-# TODO submit this patch upstream
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
 Patch48:          nss-versus-softoken-tests.patch
 # TODO remove when we switch to building nss without softoken
 Patch49:          nss-skip-bltest-and-fipstest.patch
@@ -755,6 +742,10 @@ fi
 
 
 %changelog
+* Sun Oct 27 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-2
+- Use the full pristine sources from upstream
+- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
+
 * Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1
 - Update to NSS_3_15_2_RTM
 - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel

sources

@@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2  TestCA.ca.cert
 1b7b6808cd77d5df29bf5bb9e5fac967  TestUser50.cert
 ab0b56dd505a995425c03e5266f7c8d6  TestUser51.cert
 e82dd2b9520f9d0f5d101e7710d59656  nss-pem-20130828.tar.bz2
-b402f7062b1c0c0ee9d0f223d03b4d6a  nss-3.15.2-stripped.tar.bz2
+154223568f9734c76c164b46c774450c  nss-3.15.2.tar.gz