From 9ff440494ffe511fd1240249b03d302e5d30b996 Mon Sep 17 00:00:00 2001
From: Bob Relyea <rrelyea@redhat.com>
Date: Tue, 23 Mar 2021 22:33:58 -0700
Subject: [PATCH] - Update to 3.63 - Update to NSPR 2.30 - Remove old dbm files
 and man pages

---
 .gitignore                           |  2 +
 nss-gcm-param-default-pkcs11v2.patch | 21 ----------
 nss.spec                             | 61 +++++++++++++++-------------
 sources                              |  4 +-
 4 files changed, 37 insertions(+), 51 deletions(-)
 delete mode 100644 nss-gcm-param-default-pkcs11v2.patch

diff --git a/.gitignore b/.gitignore
index ac162b5..543e373 100644
--- a/.gitignore
+++ b/.gitignore
@@ -59,3 +59,5 @@ TestUser51.cert
 /nss-3.59.tar.gz
 /nss-3.60.1.tar.gz
 /nss-3.62.tar.gz
+/nss-3.63.tar.gz
+/nspr-4.30.tar.gz
diff --git a/nss-gcm-param-default-pkcs11v2.patch b/nss-gcm-param-default-pkcs11v2.patch
deleted file mode 100644
index 2d6cba8..0000000
--- a/nss-gcm-param-default-pkcs11v2.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
---- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2	2020-05-13 13:44:11.312405744 -0700
-+++ ./lib/util/pkcs11n.h	2020-05-13 13:45:23.951723660 -0700
-@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
- typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
- 
- /* deprecated #defines. Drop in future NSS releases */
--#ifdef NSS_PKCS11_2_0_COMPAT
-+#ifndef NSS_PKCS11_3_0_STRICT
- 
- /* defines that were changed between NSS's PKCS #11 and the Oasis headers */
- #define CKF_EC_FP CKF_EC_F_P
-@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
- #define CKT_NETSCAPE_VALID CKT_NSS_VALID
- #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
- #else
--/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
-+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
- typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
- typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
- #endif
diff --git a/nss.spec b/nss.spec
index 574cc2e..1d742bf 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,9 +1,9 @@
-%global nspr_version 4.29.0
+%global nspr_version 4.30.0
 # NOTE: To avoid NVR clashes of nspr* packages:
 # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
 # - increment %%{nspr_version}, when updating the NSS part only
-%global nspr_release 13
-%global nss_version 3.62.0
+%global nspr_release 1
+%global nss_version 3.63.0
 # only need to update this as we added new
 # algorithms under nss policy control
 %global crypto_policies_version 20210118
@@ -87,9 +87,11 @@ Source6:          nss-softokn-dracut-module-setup.sh
 Source7:          nss-softokn-dracut.conf
 Source8:          nss.pc.in
 Source9:          nss-config.in
+%if %{with dbm}
 Source10:         blank-cert8.db
 Source11:         blank-key3.db
 Source12:         blank-secmod.db
+%endif
 Source13:         blank-cert9.db
 Source14:         blank-key4.db
 Source15:         system-pkcs11.txt
@@ -97,11 +99,13 @@ Source16:         setup-nsssysinit.sh
 Source20:         nss-config.xml
 Source21:         setup-nsssysinit.xml
 Source22:         pkcs11.txt.xml
-Source23:         cert8.db.xml
 Source24:         cert9.db.xml
-Source25:         key3.db.xml
 Source26:         key4.db.xml
+%if %{with dbm}
+Source23:         cert8.db.xml
+Source25:         key3.db.xml
 Source27:         secmod.db.xml
+%endif
 Source28:         nss-p11-kit.config
 
 Source100:        nspr-%{nspr_archive_version}.tar.gz
@@ -122,12 +126,6 @@ Patch2:           nss-539183.patch
 # but it doesn't hurt to keep it.
 Patch4:           iquote.patch
 Patch12:          nss-signtool-format.patch
-%if 0%{?fedora} < 34
-%if 0%{?rhel} < 9
-Patch20:          nss-gcm-param-default-pkcs11v2.patch
-%endif
-%endif
-# can drop this patch when the underlying btrfs/sqlite issue is solved
 Patch30:          nss-fedora-btrf-sql-hack.patch
 
 Patch100:         nspr-config-pc.patch
@@ -510,19 +508,19 @@ date +"%e %B %Y" | tr -d '\n' > date.xml
 echo -n %{nss_version} > version.xml
 
 # configuration files and setup script
-for m in %{SOURCE20} %{SOURCE21} %{SOURCE22}; do
+%if %{with dbm}
+%global XMLSOURCES %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}
+%global dbfiles cert8.db key3.db secmod.db cert9.db key4.db pkcs11.txt
+%else
+%global XMLSOURCES %{SOURCE22} %{SOURCE24} %{SOURCE26}
+%global dbfiles cert9.db key4.db pkcs11.txt
+%endif
+for m in %{SOURCE20} %{SOURCE21} %{XMLSOURCES}; do
   cp ${m} .
 done
-for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml; do
-  xmlto man ${m}
-done
-
-# nss databases considered to be configuration files
-for m in %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}; do
-  cp ${m} .
-done
-for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
-  xmlto man ${m}
+%global configFiles nss-config setup-nsssysinit
+for m in %{configFiles}  %{dbfiles}; do
+  xmlto man ${m}.xml
 done
 
 
@@ -674,9 +672,11 @@ done
 # Install the empty NSS db files
 # Legacy db
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
+%if %{with dbm}
 install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
 install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
 install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+%endif
 # Shared db
 install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
 install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
@@ -738,7 +738,7 @@ install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir
 ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
 
 # Copy the man pages for scripts
-for f in nss-config setup-nsssysinit; do
+for f in %{configFiles}; do
    install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
 done
 # Copy the man pages for the nss tools
@@ -751,12 +751,8 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_mandir}/man1/pp.1
 install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools/pp.1
 %endif
 
-# Copy the man pages for the configuration files
-for f in pkcs11.txt; do
-   install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
-done
 # Copy the man pages for the nss databases
-for f in cert8.db cert9.db key3.db key4.db secmod.db; do
+for f in %{dbfiles}; do
    install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
 done
 
@@ -793,16 +789,20 @@ update-crypto-policies &> /dev/null || :
 %{_libdir}/libssl3.so
 %{_libdir}/libsmime3.so
 %dir %{_sysconfdir}/pki/nssdb
+%if %{with dbm}
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db
+%endif
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
+%if %{with dbm}
 %doc %{_mandir}/man5/cert8.db.5*
 %doc %{_mandir}/man5/key3.db.5*
 %doc %{_mandir}/man5/secmod.db.5*
+%endif
 %doc %{_mandir}/man5/cert9.db.5*
 %doc %{_mandir}/man5/key4.db.5*
 %doc %{_mandir}/man5/pkcs11.txt.5*
@@ -1052,6 +1052,11 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Tue Mar 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.63.0-1
+- Update to 3.63
+- Update to NSPR 2.30
+- Remove old dbm files and man pages
+
 * Tue Feb 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.62.0-1
 - Update to 3.62
 
diff --git a/sources b/sources
index e9d5d6a..7c8e062 100644
--- a/sources
+++ b/sources
@@ -3,5 +3,5 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nspr-4.29.tar.gz) = ba5ac275fe0beb69d7a7674c9ee9e4429bd5761daed285edd975ccc829af30d062bf4a0f5e44361e3bd191f21b1905f96ab146d53b55324020f13ecb3c05609b
-SHA512 (nss-3.62.tar.gz) = 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
+SHA512 (nss-3.63.tar.gz) = 2f1f75dce7fd049453cbcf53263a3d9d4d9e62ad2cc2fef4dd0d5645fe14dad4ce47ed64aae507a09214d7fccbe83c142844121f55b44783e5a1bcfe24ea671c
+SHA512 (nspr-4.30.tar.gz) = bbda2cfee5351f15e03fb3ff462dffea17a52739a38b7eb7bce51ebddfb5c8ebe0b565b24b596d0155c35f94cd87e965aaed6abcab37ace9ccc33c9522bb0364