Update to 3.12.6

2010-03-06 21:13:40 +00:00 · 2010-03-06 21:13:40 +00:00 · f9076c4e22
parent 90bba8e3ec
commit f9076c4e22
12 changed files with 37 additions and 444 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,4 +1,4 @@
-nss-3.12.5-stripped.tar.bz2
+nss-3.12.6-stripped.tar.bz2
 nss-pem-20091210.tar.bz2
 blank-cert8.db
 blank-key3.db
--- a/533125-ammend.patch
+++ b/533125-ammend.patch
@ -1,23 +0,0 @@
-Index: mozilla/security/nss/lib/ssl/ssl3con.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
-retrieving revision 1.121
-diff -u -p -r1.121 ssl3con.c
--- mozilla/security/nss/lib/ssl/ssl3con.c	12 Nov 2009 05:08:27 -0000	1.121
-+++ mozilla/security/nss/lib/ssl/ssl3con.c	20 Nov 2009 19:36:30 -0000
-@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
- 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
- 	return SECFailure;
-     }
-+    /*
-     if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
- 	ssl_GetXmitBufLock(ss);
- 	rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
-@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
- 	PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
- 	return SECFailure;
-     }
-+    */
- 
-     if (sid) {
- 	ss->sec.uncache(sid);
--- a/540387.patch
+++ b/540387.patch
@ -1,17 +0,0 @@
-diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pars.c b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
-index c36cd25..5855084 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11pars.c
-+++ b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
-@@ -1134,6 +1134,12 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
- 
- 	    for (; *index; index++) {
- 		SECMODModule *child;
-+		if (0 == PORT_Strcmp(*index, modulespec)) {
-+		    /* avoid trivial infinite recursion */
-+		    PORT_SetError(SEC_ERROR_NO_MODULE);
-+		    rv = SECFailure;
-+		    break;
-+		}
- 		child = SECMOD_LoadModule(*index,module,PR_TRUE);
- 		if (!child) break;
- 		if (child->isCritical && !child->loaded) {
--- a/545779.patch
+++ b/545779.patch
@ -1,49 +0,0 @@
-Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
-retrieving revision 1.1
-diff -u -p -r1.1 nsssysinit.c
--- mozilla/security/nss/lib/sysinit/nsssysinit.c	8 Oct 2009 17:08:36 -0000	1.1
-+++ mozilla/security/nss/lib/sysinit/nsssysinit.c	12 Dec 2009 03:34:17 -0000
-@@ -198,11 +198,20 @@ getFIPSMode(void)
-  * the decision making process.
-  *
-  */
-+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
-+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-+askpw=any timeout=30 ] }  ";
-+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
-+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-+askpw=any timeout=30 ] }  ";
-+
- static char **
- get_list(char *filename, char *stripped_parameters)
- {
-     char **module_list = PORT_ZNewArray(char *, 4);
-     char *userdb;
-+    int isFIPS = getFIPSMode();
-+    const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
-     int next = 0;
- 
-     /* can't get any space */
-@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
- 	    "library= "
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s\" "
-	    "NSS=\"flags=internal%s\"", 
-		userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
-+        "NSS=\"%sflags=internal%s\"",
-+        userdb, stripped_parameters, nssflags,
-+        isFIPS ? ",FIPS" : "");
- 
- 	/* now open the user's defined PKCS #11 modules */
- 	/* skip the local user DB entry */
-@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
- 	"library= "
- 	"module=\"NSS system database\" "
- 	"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
-	"NSS=\"flags=internal,critical\"",filename);
-+    "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
- 
-     /* that was the last module */
-     module_list[next] = 0;
--- a/546221.patch
+++ b/546221.patch
@ -1,85 +0,0 @@
-diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221	2009-12-19 21:11:06.590930221 -0800
-+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c	2009-12-19 21:17:29.019931181 -0800
-@@ -37,8 +37,6 @@
- #include "prio.h"
- #include "prprf.h"
- 
-
-
- /*
-  * The following provides a default example for operating systems to set up
-  * and manage applications loading NSS on their OS globally.
-@@ -208,8 +206,8 @@ askpw=any timeout=30 ] }  ";
- static char **
- get_list(char *filename, char *stripped_parameters)
- {
-    char **module_list = PORT_ZNewArray(char *, 4);
-    char *userdb;
-+    char **module_list = PORT_ZNewArray(char *, 5);
-+    char *userdb, *sysdb;
-     int isFIPS = getFIPSMode();
-     const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
-     int next = 0;
-@@ -219,13 +217,20 @@ get_list(char *filename, char *stripped_
- 	return NULL;
-     }
- 
-    userdb  = getUserDB();
-+    sysdb = getSystemDB();
-+    userdb = getUserDB();
-+
-+    if (sysdb && !strcmp(filename, sysdb))
-+	    filename = NULL;
-+    if (userdb && !strcmp(filename, userdb))
-+	    filename = NULL;
-+
-     if (userdb != NULL) {
- 	/* return a list of databases to open. First the user Database */
- 	module_list[next++] = PR_smprintf(
- 	    "library= "
- 	    "module=\"NSS User database\" "
-	    "parameters=\"configdir='sql:%s' %s\" "
-+	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
-         "NSS=\"%sflags=internal%s\"",
-         userdb, stripped_parameters, nssflags,
-         isFIPS ? ",FIPS" : "");
-@@ -238,19 +243,32 @@ get_list(char *filename, char *stripped_
- 	    "parameters=\"configdir='sql:%s' %s\" "
- 	    "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", 
- 		userdb, stripped_parameters);
-   }
-+	}
-+
-+    if (filename && 0 /* This doesn't actually work. If we register
-+			 both this and the sysdb (in either order)
-+			 then only one of them actually shows up */) {
-+	    module_list[next++] = PR_smprintf(
-+	      "library= "
-+	      "module=\"NSS database\" "
-+	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
-+	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-+    }
- 
-     /* now the system database (always read only) */
-    module_list[next++] = PR_smprintf(
-	"library= "
-	"module=\"NSS system database\" "
-	"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
-    "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
-+    if (sysdb) {
-+	    module_list[next++] = PR_smprintf(
-+	      "library= "
-+	      "module=\"NSS system database\" "
-+	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
-+	      "NSS=\"%sflags=internal,critical\"",sysdb, nssflags);
-+    }
- 
-     /* that was the last module */
-     module_list[next] = 0;
- 
-     PORT_Free(userdb);
-+    PORT_Free(sysdb);
- 
-     return module_list;
- }
--- a/547860.patch
+++ b/547860.patch
@ -1,109 +0,0 @@
-diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860	2010-01-06 17:57:30.722388282 -0800
-+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-01-06 18:20:59.713397530 -0800
-@@ -50,6 +50,7 @@
-  */
- 
- #ifdef XP_UNIX
-+#include <unistd.h>
- #include <sys/stat.h>
- #include <sys/types.h>
- 
-@@ -108,12 +109,26 @@ getSystemDB(void) {
-    return PORT_Strdup(NSS_DEFAULT_SYSTEM);
- }
- 
-+static PRBool
-+userIsRoot()
-+{
-+   /* this works for linux and all unixes that we know off
-+	  though it isn't stated as such in POSIX documentation */
-+   return getuid() == 0;
-+}
-+
-+static PRBool
-+userCanModifySystemDB()
-+{
-+   return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
-+}
-+
- #else
- #ifdef XP_WIN
- static char *
- getUserDB(void)
- {
-   /* use the registry to find the user's NSS_DIR. if no entry exists, creaate
-+   /* use the registry to find the user's NSS_DIR. if no entry exists, create
-     * one in the users Appdir location */
-    return NULL;
- }
-@@ -121,13 +136,28 @@ getUserDB(void)
- static char *
- getSystemDB(void)
- {
-   /* use the registry to find the system's NSS_DIR. if no entry exists, creaate
-+   /* use the registry to find the system's NSS_DIR. if no entry exists, create
-     * one based on the windows system data area */
-    return NULL;
- }
- 
-+static PRBool
-+userIsRoot()
-+{
-+   /* use the registry to find if the user is the system administrator. */
-+   return PR_FALSE;
-+}
-+
-+static PRBool
-+userCanModifySystemDB()
-+{
-+   /* use the registry to find if the user has administrative privilege 
-+    * to modify the system's nss database. */
-+   return PR_FALSE;
-+}
-+
- #else
-#error "Need to write getUserDB and get SystemDB functions"
-+#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
- #endif
- #endif
- 
-@@ -225,7 +255,8 @@ get_list(char *filename, char *stripped_
-     if (userdb && !strcmp(filename, userdb))
- 	    filename = NULL;
- 
-    if (userdb != NULL) {
-+    /* Don't open root's user DB */
-+    if (userdb != NULL && !userIsRoot()) {
- 	/* return a list of databases to open. First the user Database */
- 	module_list[next++] = PR_smprintf(
- 	    "library= "
-@@ -245,7 +276,8 @@ get_list(char *filename, char *stripped_
- 		userdb, stripped_parameters);
- 	}
- 
-    if (filename && 0 /* This doesn't actually work. If we register
-+    if (filename && !userIsRoot() && 0
-+		/* This doesn't actually work. If we register
- 			 both this and the sysdb (in either order)
- 			 then only one of them actually shows up */) {
- 	    module_list[next++] = PR_smprintf(
-@@ -255,13 +287,14 @@ get_list(char *filename, char *stripped_
- 	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-     }
- 
-    /* now the system database (always read only) */
-+    /* now the system database (always read only unless it's root) */
-     if (sysdb) {
-	    module_list[next++] = PR_smprintf(
-+	const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+	module_list[next++] = PR_smprintf(
- 	      "library= "
- 	      "module=\"NSS system database\" "
-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
-	      "NSS=\"%sflags=internal,critical\"",sysdb, nssflags);
-+	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-     }
- 
-     /* that was the last module */
--- a/553638.patch
+++ b/553638.patch
@ -1,97 +0,0 @@
-diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638	2010-01-25 08:58:42.358325102 -0800
-+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-01-25 09:07:20.028324059 -0800
-@@ -36,6 +36,7 @@
- #include "seccomon.h"
- #include "prio.h"
- #include "prprf.h"
-+#include "plhash.h"
- 
- /*
-  * The following provides a default example for operating systems to set up
-@@ -212,6 +213,25 @@ getFIPSMode(void)
- 
- #define NSS_DEFAULT_FLAGS "flags=readonly"
- 
-+/* configuration flags according to
-+ * https://developer.mozilla.org/en/PKCS11_Module_Specs
-+ * As stated there the slotParams start with a slot name which is a slotID
-+ * Slots 1 through 3 are reserved for the nss internal modules as follows:
-+ * 1 for crypto operations slot non-fips,
-+ * 2 for the key slot, and
-+ * 3 for the crypto operations slot fips
-+ */
-+#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
-+#define SLOT_FLAGS \
-+	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
-+	" askpw=any timeout=30 ]"
-+ 
-+static const char *nssDefaultFlags =
-+	ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " }  ";
-+
-+static const char *nssDefaultFIPSFlags =
-+	ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " }  ";
-+
- /*
-  * This function builds the list of databases and modules to load, and sets
-  * their configuration. For the sample we have a fixed set.
-@@ -226,13 +246,6 @@ getFIPSMode(void)
-  * the decision making process.
-  *
-  */
-static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] }  ";
-static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] }  ";
-
- static char **
- get_list(char *filename, char *stripped_parameters)
- {
-@@ -250,11 +263,6 @@ get_list(char *filename, char *stripped_
-     sysdb = getSystemDB();
-     userdb = getUserDB();
- 
-    if (sysdb && !strcmp(filename, sysdb))
-	    filename = NULL;
-    if (userdb && !strcmp(filename, userdb))
-	    filename = NULL;
-
-     /* Don't open root's user DB */
-     if (userdb != NULL && !userIsRoot()) {
- 	/* return a list of databases to open. First the user Database */
-@@ -276,16 +284,29 @@ get_list(char *filename, char *stripped_
- 		userdb, stripped_parameters);
- 	}
- 
-    if (filename && !userIsRoot() && 0
-		/* This doesn't actually work. If we register
-			 both this and the sysdb (in either order)
-			 then only one of them actually shows up */) {
-+#if 0
-+	/* This doesn't actually work. If we register
-+		both this and the sysdb (in either order)
-+		then only one of them actually shows up */
-+
-+    /* Using a NULL filename as a Boolean flag to
-+     * prevent registering both an application-defined
-+     * db and the system db. rhbz #546211.
-+     */
-+    PORT_Assert(filename);
-+    if (sysdb && PL_CompareStrings(filename, sysdb))
-+	    filename = NULL;
-+    else if (userdb && PL_CompareStrings(filename, userdb))
-+	    filename = NULL;
-+
-+    if (filename && !userIsRoot()) {
- 	    module_list[next++] = PR_smprintf(
- 	      "library= "
- 	      "module=\"NSS database\" "
- 	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
- 	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-     }
-+#endif
- 
-     /* now the system database (always read only unless it's root) */
-     if (sysdb) {
--- a/nss-no-rpath.patch
+++ b/nss-no-rpath.patch
@ -1,14 +0,0 @@
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2007-02-19 07:17:06.000000000 +0100
-+++ ./mozilla/security/nss/cmd/platlibs.mk	2007-02-19 07:18:07.000000000 +0100
-@@ -52,9 +52,9 @@
- 
- ifeq ($(OS_ARCH), Linux)
- ifeq ($(USE_64), 1)
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
- else
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
- endif
- endif
- 
--- a/nss-nolocalsql.patch
+++ b/nss-nolocalsql.patch
@ -1,26 +1,26 @@
 diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
--- ./mozilla/security/nss/lib/Makefile.nolocalsql	2007-07-19 23:36:49.000000000 +0200
-+++ ./mozilla/security/nss/lib/Makefile	2009-04-14 17:07:40.000000000 +0200
-@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
- DIRS := $(filter-out fortcrypt,$(DIRS))
+--- ./mozilla/security/nss/lib/Makefile.nolocalsql	2010-02-27 16:40:25.891777537 -0800
+++ ./mozilla/security/nss/lib/Makefile	2010-02-27 16:41:59.175902327 -0800
+@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB
+ ZLIB_SRCDIR = zlib  # Add the zlib directory to DIRS.
 endif
 
 -ifndef MOZILLA_CLIENT
 -ifndef NSS_USE_SYSTEM_SQLITE
-DIRS := sqlite $(DIRS)
+-SQLITE_SRCDIR = sqlite  # Add the sqlite directory to DIRS.
 -endif
 -endif
 +#ifndef MOZILLA_CLIENT
 +#ifndef NSS_USE_SYSTEM_SQLITE
-+#DIRS := sqlite $(DIRS)
+#SQLITE_SRCDIR = sqlite  # Add the sqlite directory to DIRS.
 +#endif
 +#endif
 
- #######################################################################
- # (5) Execute "global" rules. (OPTIONAL)                              #
+ ifndef MOZILLA_CLIENT
+ ifeq ($(OS_ARCH),Linux)
 diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2007-07-19 23:36:50.000000000 +0200
-+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql	2010-02-27 16:44:24.998777709 -0800
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn	2010-02-27 16:45:08.533803472 -0800
@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
 
 DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
@ -35,8 +35,8 @@ diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./m
 CSRCS = \
 	dbmshim.c \
 diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2009-03-25 17:21:37.000000000 +0100
-+++ ./mozilla/security/nss/lib/softoken/manifest.mn	2009-04-14 17:07:40.000000000 +0200
+--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql	2010-02-27 16:42:52.213902231 -0800
+++ ./mozilla/security/nss/lib/softoken/manifest.mn	2010-02-27 16:43:34.040776788 -0800
@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
 
 DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
--- a/nss-sysinit.patch
+++ b/nss-sysinit.patch
@ -1,15 +0,0 @@
-Index: mozilla/security/nss/lib/manifest.mn
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/manifest.mn,v
-retrieving revision 1.20
-diff -u -p -r1.20 manifest.mn
--- mozilla/security/nss/lib/manifest.mn	7 Nov 2009 05:57:41 -0000	1.20
-+++ mozilla/security/nss/lib/manifest.mn	4 Dec 2009 02:27:20 -0000
-@@ -56,6 +56,7 @@ DIRS =  util freebl softoken \
- 	pkcs12 pkcs7 smime \
- 	crmf jar \
- 	ckfw      \
-+	sysinit \
- 	$(NULL)
- 
- #  fortcrypt  is no longer built
--- a/nss.spec
+++ b/nss.spec
@ -1,24 +1,24 @@
-%global nspr_version 4.8
-%global nss_util_version 3.12.5
+%global nspr_version 4.8.4
+%global nss_util_version 3.12.6
 %global nss_softokn_version 3.12.4
 %global nss_softokn_fips_version 3.12.4
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools

 Summary:          Network Security Services
 Name:             nss
-Version:          3.12.5
-Release:          9%{?dist}
+Version:          3.12.6
+Release:          1%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
 Requires:         nspr >= %{nspr_version}
-Requires:         nss-util >= %{nss_util_version}
+Requires:         nss-util = %{nss_util_version}
 Requires:         nss-softokn%{_isa} = %{nss_softokn_fips_version}
 Requires:         nss-system-init
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:    nspr-devel >= %{nspr_version}
 BuildRequires:    nss-softokn-devel = %{nss_softokn_version}                                                  
-BuildRequires:    nss-util-devel >= %{nss_util_version}
+BuildRequires:    nss-util-devel = %{nss_util_version}
 BuildRequires:    sqlite-devel
 BuildRequires:    zlib-devel
 BuildRequires:    pkgconfig
@ -40,14 +40,9 @@ Source9:          setup-nsssysinit.sh
 Source12:         %{name}-pem-20091210.tar.bz2

 Patch2:           nss-nolocalsql.patch
+Patch3:           renegotiate-transitional.patch
+Patch4:           validate-arguments.patch
 Patch6:           nss-enable-pem.patch
-Patch7:           533125-ammend.patch
-Patch8:           nss-sysinit.patch
-Patch9:           540387.patch
-Patch10:          545779.patch
-Patch11:          546221.patch
-Patch12:          547860.patch
-Patch13:          553638.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -112,15 +107,11 @@ low level services.
 %setup -q
 %setup -q -T -D -n %{name}-%{version} -a 12

-%patch2 -p0
+%patch2 -p0 -b .nolocalsql
+%patch3 -p0 -b .transitional
+%patch4 -p0 -b .validate
 %patch6 -p0 -b .libpem
-%patch7 -p0 -b .533125
-%patch8 -p0 -b .sysinit
-%patch9 -p1 -b .540387
-%patch10 -p0 -b .545779
-%patch11 -p1 -b .546221
-%patch12 -p1 -b .547860
-%patch13 -p1 -b .553638
+

 %build

@ -242,6 +233,12 @@ rm -rf ./mozilla/tests_results
 cd ./mozilla/security/nss/tests/
 # all.sh is the test suite script

+#  don't need to run all the tests when testing packaging
+#  nss_cycles: standard pkix upgradedb sharedb
+#  nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
+#  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
+#  nss_ssl_run: cov auth stress
+
 # Temporarily disabling the ssl test suites
 # until bug 539183 gets resolved
 %global nss_ssl_tests " "
@ -487,6 +484,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Sat Mar 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-1
+- Update to 3.12.6
+- Reactivate all tests
+- Patch tools to validate command line options arguments
+
 * Mon Jan 25 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-8
 - Fix curl related regression and general patch code clean up

--- a/2
+++ b/2
@ -1,4 +1,4 @@
-51c5958153b6c01fada2e74cedc66835  nss-3.12.5-stripped.tar.bz2
+3902499c8e02b02d4944f21d3c6a839f  nss-3.12.6-stripped.tar.bz2
 82c2c72c961f2783c8e975a42fa939cf  nss-pem-20091210.tar.bz2
 a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 9315689bbd9f28ceebd47894f99fccbd  blank-key3.db