From 449fc4a03ca6229952bf52157e64e9382f5163e4 Mon Sep 17 00:00:00 2001
From: Bob Relyea <rrelyea@redhat.com>
Date: Thu, 8 Jul 2021 15:14:08 -0700
Subject: [PATCH] Related: rhbz#1972928 - fix relro support in nspr part of
 build

---
 nss.spec | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/nss.spec b/nss.spec
index 2c9ea14..0018c20 100644
--- a/nss.spec
+++ b/nss.spec
@@ -2,7 +2,10 @@
 # NOTE: To avoid NVR clashes of nspr* packages:
 # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
 # - increment %%{nspr_version}, when updating the NSS part only
-%global nspr_release 4
+# - put the nss_release number here next to nspr, as they both
+#   need to be updated on a given release
+%global nspr_release 5
+%global nss_release 8
 %global nss_version 3.67.0
 # only need to update this as we added new
 # algorithms under nss policy control
@@ -56,7 +59,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          7%{?dist}
+Release:          %{nss_release}%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@@ -333,6 +336,8 @@ find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
 # adjustment in the NSS build process.
 mkdir -p nspr_build
 pushd nspr_build
+export LDFLAGS="$RPM_LD_FLAGS"
+export CFLAGS="$RPM_OPT_FLAGS"
 ../nspr/configure \
                  --prefix=%{_prefix} \
                  --libdir=%{_libdir} \
@@ -349,7 +354,6 @@ pushd nspr_build
                  --enable-optimize="$RPM_OPT_FLAGS" \
                  --disable-debug
 
-export LDFLAGS=$RPM_LD_FLAGS
 # The assembly files are only for legacy atomics, to which we prefer GCC atomics
 %ifarch i686 x86_64
 sed -i '/^PR_MD_ASFILES/d' config/autoconf.mk
@@ -1072,6 +1076,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Thu Jul 8 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-8
+- fix relro support in nspr part of build
+
 * Tue Jul 6 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-7
 - fix ssl alert regressions
 
@@ -1144,7 +1151,7 @@ update-crypto-policies &> /dev/null || :
 - Consolidate NSPR package with this package
 
 * Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.58.0-4
-- fix pkix ocsp to tolerate OCSP checking on intermediates 
+- fix pkix ocsp to tolerate OCSP checking on intermediates
   when the root is signed by sha1 and sha1 is disabled by
   policy