Rebase to nss 3.22 WIP

- This is still a work in progress
- Temporay added export NSS_DISABLE_GTEST=1 to the spec file
- TODO: determine the cause of some gtest failures

.gitignore

@@ -10,4 +10,4 @@ TestUser51.cert
 /nss-pem-20140125.tar.bz2
 /PayPalRootCA.cert
 /PayPalICA.cert
-/nss-3.21.0.tar.gz
+/nss-3.22.0.tar.gz

disableSSL2libssl.patch

@@ -1,6 +1,5 @@
-diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
---- a/lib/ssl/config.mk
-+++ b/lib/ssl/config.mk
+--- ./lib/ssl/config.mk.disableSSL2libssl	2016-01-29 02:30:10.000000000 -0800
++++ ./lib/ssl/config.mk	2016-02-06 11:20:50.322990421 -0800
 @@ -2,16 +2,20 @@
  # This Source Code Form is subject to the terms of the Mozilla Public
  # License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -22,10 +21,9 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk
  ifdef NSS_NO_PKCS11_BYPASS
  DEFINES += -DNO_PKCS11_BYPASS
  else
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -674,16 +674,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+--- ./lib/ssl/sslsock.c.disableSSL2libssl	2016-02-06 11:20:50.312990617 -0800
++++ ./lib/ssl/sslsock.c	2016-02-06 11:26:04.123828138 -0800
+@@ -705,16 +705,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
          if (ss->cipherSpecs) {
              PORT_Free(ss->cipherSpecs);
              ss->cipherSpecs     = NULL;
@@ -47,8 +45,8 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
              }
              break;
          }
-         ss->opt.enableSSL2       = on;
-@@ -691,52 +697,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+         if (on) {
+@@ -729,52 +735,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
              ss->opt.v2CompatibleHello = on;
          }
          ss->preferredCipher     = NULL;
@@ -116,7 +114,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
              rv = SECFailure;
          } else {
              if (PR_FALSE != on) {
-@@ -1163,16 +1184,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+@@ -1235,16 +1256,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
      }
      return SECSuccess;
  }

disableSSL2tests.patch

@@ -1,12 +1,11 @@
-diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
---- a/tests/ssl/ssl.sh
-+++ b/tests/ssl/ssl.sh
+--- ./tests/ssl/ssl.sh.disableSSL2tests	2016-01-29 02:30:10.000000000 -0800
++++ ./tests/ssl/ssl.sh	2016-02-06 11:50:26.496668124 -0800
 @@ -57,19 +57,24 @@ ssl_init()
    fi
  
    PORT=${PORT-8443}
    NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
-   nss_ssl_run="stapling cov auth stress"
+   nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
    NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
  
    # Test case files
@@ -20,6 +19,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
 +  fi
    SSLAUTH=${QADIR}/ssl/sslauth.txt
 -  SSLSTRESS=${QADIR}/ssl/sslstress.txt
+   SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
    REQUEST_FILE=${QADIR}/ssl/sslreq.dat
  
    #temparary files
@@ -27,8 +27,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
    SERVERPID=${TMP}/tests_pid.$$
  
    R_SERVERPID=../tests_pid.$$
- 
-@@ -115,17 +120,21 @@ is_selfserv_alive()
+@@ -116,17 +121,21 @@ is_selfserv_alive()
    if [ "${OS_ARCH}" = "WINNT" ] && \
       [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
        PID=${SHELL_SERVERPID}
@@ -50,7 +49,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
  # local shell function to wait until selfserver is running and initialized
  ########################################################################
  wait_for_selfserv()
-@@ -138,17 +147,21 @@ wait_for_selfserv()
+@@ -139,17 +148,21 @@ wait_for_selfserv()
    if [ $? -ne 0 ]; then
        sleep 5
        echo "retrying to connect to selfserv at `date`"
@@ -72,7 +71,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
  ########################### kill_selfserv ##############################
  # local shell function to kill the selfserver after the tests are done
  ########################################################################
-@@ -209,25 +222,26 @@ start_selfserv()
+@@ -210,25 +223,26 @@ start_selfserv()
        ECC_OPTIONS=""
    fi
    if [ "$1" = "mixed" ]; then
@@ -102,7 +101,7 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
    # process (sh.exe).  MKS's kill command has a bug: invoking kill
    # on the helper process does not terminate the real background
    # process.  Our workaround has been to have selfserv save its PID
-@@ -274,16 +288,22 @@ ssl_cov()
+@@ -275,16 +289,22 @@ ssl_cov()
    exec < ${SSLCOV}
    while read ectype testmax param testname
    do

iquote.patch

@@ -171,6 +171,18 @@ diff -up nss/lib/nss/Makefile.iquote nss/lib/nss/Makefile
 +INCLUDES += -iquote $(DIST)/../public/nss
 +INCLUDES += -iquote $(DIST)/../private/nss
  
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/lib/pk11wrap/Makefile.iquote ./nss/lib/pk11wrap/Makefile
+--- ./nss/lib/pk11wrap/Makefile.iquote	2016-02-07 09:49:33.310455054 -0800
++++ ./nss/lib/pk11wrap/Makefile	2016-02-07 09:51:38.830881330 -0800
+@@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
+-
++INCLUDES += -iquote $(DIST)/../public/nss
+ 
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
 diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
@@ -185,3 +197,25 @@ diff -up nss/lib/ssl/Makefile.iquote nss/lib/ssl/Makefile
  
  #######################################################################
  # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/external_tests/pk11_gtest/Makefile.iquote ./nss/external_tests/pk11_gtest/Makefile
+--- ./nss/external_tests/pk11_gtest/Makefile.iquote	2016-02-07 10:07:49.163055808 -0800
++++ ./nss/external_tests/pk11_gtest/Makefile	2016-02-07 10:09:07.463478307 -0800
+@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
++INCLUDES += -iquote $(DIST)/../public/nss
+ 
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile
+--- ./nss/external_tests/ssl_gtest/Makefile.iquote	2016-02-07 10:19:57.132763142 -0800
++++ ./nss/external_tests/ssl_gtest/Makefile	2016-02-07 10:20:42.346957530 -0800
+@@ -37,6 +37,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
+++INCLUDES += -iquote $(DIST)/../public/nss
+ 
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL).                              #

nss.spec

@@ -1,6 +1,6 @@
-%global nspr_version 4.10.10
-%global nss_util_version 3.21.0
-%global nss_softokn_version 3.21.0
+%global nspr_version 4.11.0
+%global nss_util_version 3.22.0
+%global nss_softokn_version 3.22.0
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
 
@@ -18,10 +18,10 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.21.0
+Version:          3.22.0
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release:          7%{?dist}
+Release:          0.2%{?dist}.test.1
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -105,6 +105,8 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
 # The submission will be very different from this patch as
 # cleanup there is already in progress there.
 Patch59: pem-compile-with-Werror.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1246499
+Patch60: vfyserv-defined-but-not-used.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -195,6 +197,9 @@ popd
 %patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
 %patch58 -p0 -b .1185708_3des
 %patch59 -p0 -b .compile_Werror
+pushd nss
+%patch60 -p1 -b .defined_not_used
+popd
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -236,6 +241,9 @@ popd
 
 %build
 
+# FIXME comment out once we figure out why the tests file to compile
+# export NSS_DISABLE_GTESTS=1
+
 export NSS_NO_SSL2_NO_EXPORT=1
 
 NSS_NO_PKCS11_BYPASS=1
@@ -824,6 +832,9 @@ fi
 
 
 %changelog
+* Sat Feb 06 2016 Elio Maldonado <emaldona@redhat.com> - 3.22.0-0.2.test.1
+- Rebase to nss 3.22
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 

sources

@@ -4,4 +4,4 @@ a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 691e663ccc07b7a1eaa6f088e03bf8e2  blank-cert9.db
 2ec9e0606ba40fe65196545564b7cc2a  blank-key4.db
 b8a94e863c852e1f8b75e930e76f8640  nss-pem-20140125.tar.bz2
-f53ffa490133d29ff930fa4b29bade90  nss-3.21.0.tar.gz
+a0ae9d27c0261716648e49e3be33badd  nss-3.22.0.tar.gz