Merge branch 'master' into f18

- Update to NSS_3_14_RTM
- Update the license to MPLv2.0
- Use only -f when removing unwanted headers
- Add secmodt.h to the headers installed by nss-devel
- update nss-589636.patch to apply to httpdserv
- turn off ocsp tests for now
- remove no longer needed patches
- remove secmodt.h now installed by nss-util

.gitignore

@@ -5,4 +5,4 @@ blank-cert9.db
 blank-key4.db
 PayPalEE.cert
 /nss-pem-20120811.tar.bz2
-/nss-3.13.6-stripped.tar.bz2
+/nss-3.14-stripped.tar.bz2

Bug-772628-nss_Init-leaks-memory.patch

@@ -1,27 +0,0 @@
-From ea14b3279da63a344dcaf3466592c2619025ac28 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 9 Jan 2012 14:10:07 +0100
-Subject: [PATCH] nss - rhbz #772628 (fix a memory leak in nssinit.c) V2
-
----
- mozilla/security/nss/lib/nss/nssinit.c |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/nss/nssinit.c b/mozilla/security/nss/lib/nss/nssinit.c
-index f1c0327..9fbbab7 100644
---- a/mozilla/security/nss/lib/nss/nssinit.c
-+++ b/mozilla/security/nss/lib/nss/nssinit.c
-@@ -754,6 +754,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
-     PZ_NotifyAllCondVar(nssInitCondition);
-     PZ_Unlock(nssInitLock);
- 
-+    if (initContextPtr && configStrings) {
-+	PR_smprintf_free(configStrings);
-+    }
-+
-     return SECSuccess;
- 
- loser:
--- 
-1.7.1
-

Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch

@@ -1,27 +0,0 @@
-diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
---- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1	2011-10-19 17:41:09.148204402 -0700
-+++ ./mozilla/security/nss/lib/nss/nssinit.c	2011-10-19 17:42:32.354416861 -0700
-@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
- 	passwordRequired = pk11_password_required;
-     }
- 
--    /* we always try to initialize the modules */
--    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
-+    /* Skip the module init if we are already initted and we are trying
-+     * to init with not noCertDB and noModDB */
-+    if (!(isReallyInitted && noCertDB && noModDB)) {
-+	/* we always try to initialize the modules */
-+	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
- 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
- 		updateName, configName, configStrings, passwordRequired,
- 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
- 		(initContextPtr != NULL));
- 
--    if (rv != SECSuccess) {
--	goto loser;
-+	if (rv != SECSuccess) {
-+	    goto loser;
-+	}
-     }
- 
- 

Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch

@@ -1,15 +0,0 @@
-diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
---- ./mozilla/security/nss/lib/nss/nssinit.c.800682	2012-03-07 17:34:50.846174813 -0800
-+++ ./mozilla/security/nss/lib/nss/nssinit.c	2012-03-07 17:36:12.545753433 -0800
-@@ -1151,6 +1151,11 @@ SECStatus
- NSS_Shutdown(void)
- {
-     SECStatus rv;
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
- 
-     if (!nssIsInitted) {

bz784672-protect-against-calls-before-nss_init.patch

@@ -1,40 +0,0 @@
-diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
---- mozilla/security/nss/lib/nss/nssinit.c.784672	2012-01-26 14:43:46.232357231 -0800
-+++ mozilla/security/nss/lib/nss/nssinit.c	2012-01-26 14:50:55.830512565 -0800
-@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-+
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
- 	PZ_Unlock(nssInitLock);
-@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
- 	PZ_Unlock(nssInitLock);
-@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
- {
-     SECStatus rv = SECSuccess;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     /* If one or more threads are in the middle of init, wait for them
-      * to complete */

nofipstest.patch

@@ -1,19 +0,0 @@
-diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
---- ./mozilla/security/nss/cmd/manifest.mn.nofipstest	2011-12-03 22:54:40.969914919 -0800
-+++ ./mozilla/security/nss/cmd/manifest.mn	2011-12-03 22:55:12.348505822 -0800
-@@ -54,7 +54,6 @@ DIRS = lib  \
-  dbtest \
-  derdump  \
-  digest  \
-- fipstest  \
-  makepqg  \
-  multinit \
-  ocspclnt  \
-@@ -84,6 +83,7 @@ DIRS = lib  \
-  $(NULL)
- 
- TEMPORARILY_DONT_BUILD = \
-+ fipstest  \
-  $(NULL)
- 
- # rsaperf  \

nss-3.14.0.0-disble-ocsp-test.patch

@@ -0,0 +1,9 @@
+diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
+--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test	2012-10-12 09:30:07.264987000 -0700
++++ ./mozilla/security/nss/tests/chains/scenarios/scenarios	2012-10-12 09:34:55.653123000 -0700
+@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
+ realcerts.cfg
+ dsa.cfg
+ revoc.cfg
+-ocsp.cfg
+ crldp.cfg

nss-539183.patch

@@ -1,7 +1,42 @@
-diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
---- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183	2011-10-06 10:42:06.913919000 -0700
-+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	2011-10-06 10:43:14.858987000 -0700
-@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
+Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v
+retrieving revision 1.1
+diff -u -p -r1.1 httpserv.c
+--- ./mozilla/security/nss/cmd/httpserv/httpserv.c	28 Jun 2012 11:11:06 -0000	1.1
++++ ./mozilla/security/nss/cmd/httpserv/httpserv.c	21 Oct 2012 22:22:10 -0000
+@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
++    PRUint16           socketDomain = PR_AF_INET;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
++    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
++	errExit("PR_SetNetAddr");
++    }
+ 
+-    listen_sock = PR_NewTCPSocket();
++    if (PR_GetEnv("NSS_USE_SDP")) {
++        socketDomain = PR_AF_INET_SDP;
++    }
++    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+-	errExit("PR_NewTCPSocket");
++	errExit("PR_OpenTCPSocket error");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.102
+diff -u -p -r1.102 selfserv.c
+--- ./mozilla/security/nss/cmd/selfserv/selfserv.c	27 Sep 2012 17:13:34 -0000	1.102
++++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	21 Oct 2012 22:22:10 -0000
+@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port
      PRStatus	       prStatus;
      PRNetAddr          addr;
      PRSocketOptionData opt;

nss-fix-gcc47-secmodt.patch

@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
---- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47	2012-02-29 16:27:58.474061098 -0800
-+++ ./mozilla/security/nss/lib/softoken/secmodt.h	2012-02-29 16:30:55.604349312 -0800
-@@ -342,7 +342,7 @@ typedef PRUint32 PK11AttrFlags;
- #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
- 
- #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
--"Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
-+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
- 
- #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
- #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)

nss.spec

@@ -1,14 +1,14 @@
 %global nspr_version 4.9.2
-%global nss_util_version 3.13.6
+%global nss_util_version 3.14
 %global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.13.6
+%global nss_softokn_version 3.14
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.13.6
+Version:          3.14
 Release:          1%{?dist}
-License:          MPLv1.1 or GPLv2+ or LGPLv2+
+License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
 Requires:         nspr >= %{nspr_version}
@@ -62,22 +62,10 @@ Patch18:          nss-646045.patch
 # must statically link pem against the freebl in the buildroot
 # Needed only when freebl on tree has newe APIS
 Patch25:          nsspem-use-system-freebl.patch
-# don't compile the fipstest application
-Patch26:          nofipstest.patch
 # This patch is currently meant for stable branches
 Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch30:          bz784672-protect-against-calls-before-nss_init.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
-Patch32:          Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch33:          Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
-Patch34:          Bug-772628-nss_Init-leaks-memory.patch
+# TODO: Remove this patch when the ocsp test are fixed
+Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -157,14 +145,9 @@ low level services.
 %patch18 -p0 -b .646045
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
-%patch26 -p0 -b .nofipstest
 # activate only if requested for this branch
 #%patch29 -p0 -b .770682
-%patch30 -p0 -b .784672
-%patch32 -p0 -b .800674
-%patch33 -p0 -b .800682
-%patch34 -p1 -b .772628
-
+%patch40 -p1 -b .noocsptest
 
 %build
 
@@ -342,7 +325,7 @@ cd ./mozilla/security/nss/tests/
 
 #  don't need to run all the tests when testing packaging
 #  nss_cycles: standard pkix upgradedb sharedb
-#  nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
+nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains"
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
 #
@@ -427,46 +410,48 @@ done
 %{__install} -p -m 755 ./mozilla/dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
 
 #remove the nss-util-devel headers
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
 
-#remove the nss-softokn-devel and nss-softokn-freebl-devel headers
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/sechash.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secmodt.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
-rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
+#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/sechash.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
+rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 %clean
 %{__rm} -rf $RPM_BUILD_ROOT
@@ -568,6 +553,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 %{_includedir}/nss3/preenc.h
 %{_includedir}/nss3/secmime.h
 %{_includedir}/nss3/secmod.h
+%{_includedir}/nss3/secmodt.h
 %{_includedir}/nss3/secpkcs5.h
 %{_includedir}/nss3/secpkcs7.h
 %{_includedir}/nss3/smime.h
@@ -594,6 +580,16 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Sat Oct 27 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-1
+- Update to NSS_3_14_RTM
+- Update the license to MPLv2.0
+- Use only -f when removing unwanted headers
+- Add secmodt.h to the headers installed by nss-devel
+- update nss-589636.patch to apply to httpdserv
+- turn off ocsp tests for now
+- remove no longer needed patches
+- remove secmodt.h now installed by nss-util
+
 * Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
 - Update to NSS_3_13_6_RTM
 

sources

@@ -5,4 +5,4 @@ a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 2ec9e0606ba40fe65196545564b7cc2a  blank-key4.db
 bf47cecad861efa77d1488ad4a73cb5b  PayPalEE.cert
 2a06bf7b815d1a666cc3587b895506ce  nss-pem-20120811.tar.bz2
-11bdf048bce19963c88c4fc32652cd29  nss-3.13.6-stripped.tar.bz2
+2844d502638ac84097d5a9affa6d1c3a  nss-3.14-stripped.tar.bz2