From a22e2da6eb1753819e2ee71714308308e4d7b9b8 Mon Sep 17 00:00:00 2001
From: Bob Relyea <rrelyea@redhat.com>
Date: Tue, 23 Feb 2021 16:41:10 -0800
Subject: [PATCH] Rebase to nss 3.62.0

---
 .gitignore                           |  1 +
 nss-turn-off-expired-ocsp-cert.patch | 19 -------------------
 nss.spec                             |  6 ++++--
 sources                              |  2 +-
 4 files changed, 6 insertions(+), 22 deletions(-)
 delete mode 100644 nss-turn-off-expired-ocsp-cert.patch

diff --git a/.gitignore b/.gitignore
index d08b965..7b3c503 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,3 +57,4 @@ TestUser51.cert
 /nss-3.58.tar.gz
 /nss-3.59.tar.gz
 /nss-3.60.1.tar.gz
+/nss-3.62.tar.gz
diff --git a/nss-turn-off-expired-ocsp-cert.patch b/nss-turn-off-expired-ocsp-cert.patch
deleted file mode 100644
index dfbbb50..0000000
--- a/nss-turn-off-expired-ocsp-cert.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg
---- a/tests/chains/scenarios/nameconstraints.cfg
-+++ b/tests/chains/scenarios/nameconstraints.cfg
-@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x
- verify NameConstraints.dcissallowed:x
-   result pass
- 
- # Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
- #
- # This tests that a non server certificate (i.e. id-kp-serverAuth
- # not present in EKU) does *NOT* have CN treated as dnsName for
- # purposes of Name Constraints validation
--verify NameConstraints.ocsp1:x
--  usage 10
--  result pass
-+#verify NameConstraints.ocsp1:x
-+#  usage 10
-+#  result pass
- 
diff --git a/nss.spec b/nss.spec
index 1d3523c..d85d780 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,5 +1,5 @@
 %global nspr_version 4.29.0
-%global nss_version 3.60.1
+%global nss_version 3.62.0
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 %global dracutlibdir %{_prefix}/lib/dracut
@@ -107,7 +107,6 @@ Patch2:           nss-539183.patch
 # but it doesn't hurt to keep it.
 Patch4:           iquote.patch
 Patch12:          nss-signtool-format.patch
-Patch13:          nss-turn-off-expired-ocsp-cert.patch
 %if 0%{?fedora} < 34
 %if 0%{?rhel} < 9
 Patch20:          nss-gcm-param-default-pkcs11v2.patch
@@ -908,6 +907,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Tue Feb 23 2021 Bob Relyea <rrelyea@redhat.com> - 3.62.0-1
+- Update to NSS 3.62.0
+
 * Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
 - Update to NSS 3.60.1
 
diff --git a/sources b/sources
index f801005..4f0292d 100644
--- a/sources
+++ b/sources
@@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nss-3.60.1.tar.gz) = ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
+SHA512 (nss-3.62.tar.gz) = 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d