diff --git a/.gitignore b/.gitignore
index 6773720..8c5fa50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,5 +7,5 @@ PayPalEE.cert
TestCA.ca.cert
TestUser50.cert
TestUser51.cert
-/nss-pem-20130828.tar.bz2
-/nss-3.15.3.1.tar.gz
+/nss-pem-20131226.tar.bz2
+/nss-3.15.4.tar.gz
diff --git a/Bug-896651-pem-dont-trash-keys-on-failed-login.patch b/Bug-896651-pem-dont-trash-keys-on-failed-login.patch
deleted file mode 100644
index 6f0e88c..0000000
--- a/Bug-896651-pem-dont-trash-keys-on-failed-login.patch
+++ /dev/null
@@ -1,44 +0,0 @@
---- nss/lib/ckfw/pem/psession.c
-+++ nss/lib/ckfw/pem/psession.c
-@@ -230,6 +230,7 @@ pem_mdSession_Login
- unsigned int len = 0;
- NSSLOWKEYPrivateKey *lpk = NULL;
- PLArenaPool *arena;
-+ SECItem plain;
- int i;
-
- fwSlot = NSSCKFWToken_GetFWSlot(fwToken);
-@@ -306,23 +321,27 @@ pem_mdSession_Login
- lpk->keyType = NSSLOWKEYRSAKey;
- prepare_low_rsa_priv_key_for_asn1(lpk);
-
-- nss_ZFreeIf(io->u.key.key.privateKey->data);
-- io->u.key.key.privateKey->len = len - output[len - 1];
-- io->u.key.key.privateKey->data =
-- (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
-- memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
-
- /* Decode the resulting blob and see if it is a decodable DER that fits
- * our private key template. If so we declare success and move on. If not
- * then we return an error.
- */
-+ memset(&plain, 0, sizeof(plain));
-+ plain.data = output;
-+ plain.len = len - output[len - 1];
- rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
-- io->u.key.key.privateKey);
-+ &plain);
- pem_DestroyPrivateKey(lpk);
- arena = NULL;
- if (rv != SECSuccess)
- goto loser;
-
-+ nss_ZFreeIf(io->u.key.key.privateKey->data);
-+ io->u.key.key.privateKey->len = len - output[len - 1];
-+ io->u.key.key.privateKey->data =
-+ (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
-+ memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
-+
- rv = CKR_OK;
-
- loser:
diff --git a/certutil_keyOpFlagsFix.patch b/certutil_keyOpFlagsFix.patch
deleted file mode 100644
index 94724ff..0000000
--- a/certutil_keyOpFlagsFix.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff --git a/doc/certutil.xml b/doc/certutil.xml
---- a/doc/certutil.xml
-+++ b/doc/certutil.xml
-@@ -655,18 +655,18 @@ of the attribute codes:
-
-
- --keyAttrFlags attrflags
-
- PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
-
-
-
-- --keyFlagsOn opflags
-- --keyFlagsOff opflags
-+ --keyOpFlagsOn opflags
-+ --keyOpFlagsOff opflags
-
- PKCS #11 key Operation Flags.
- Comma separated list of one or more of the following:
- {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
-
-
-
-
diff --git a/disable-ocsp-stapling-tests.patch b/disable-ocsp-stapling-tests.patch
deleted file mode 100644
index df27c0e..0000000
--- a/disable-ocsp-stapling-tests.patch
+++ /dev/null
@@ -1,9 +0,0 @@
-diff -up nss/tests/ocsp/ocsp.sh.skipoutbound nss/tests/ocsp/ocsp.sh
---- nss/tests/ocsp/ocsp.sh.skipoutbound 2013-04-24 18:04:30.203307355 -0700
-+++ nss/tests/ocsp/ocsp.sh 2013-04-24 18:06:27.967176794 -0700
-@@ -115,4 +115,4 @@ ocsp_stapling()
- ################## main #################################################
- ocsp_init
- ocsp_iopr_run
--ocsp_stapling
-+#ocsp_stapling
diff --git a/document-certutil-email-option.patch b/document-certutil-email-option.patch
deleted file mode 100644
index b9ca7e1..0000000
--- a/document-certutil-email-option.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/doc/certutil.xml b/doc/certutil.xml
---- a/doc/certutil.xml
-+++ b/doc/certutil.xml
-@@ -204,16 +204,21 @@ If this option is not used, the validity
-
-
-
- -e
- Check a certificate's signature during the process of validating a certificate.
-
-
-
-+ --email email-address
-+ Specify the email address, used with the -L command option to print a single named certificate.
-+
-+
-+
- -f password-file
- Specify a file that will automatically supply the password to include in a certificate
- or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent
- unauthorized access to this file.
-
-
-
- -g keysize
diff --git a/nss.spec b/nss.spec
index f33fe5f..74606cb 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,7 +1,6 @@
%global nspr_version 4.10.2
-%global nss_util_version 3.15.3
-%global nss_softokn_fips_version 3.13.5
-%global nss_softokn_version 3.15.3
+%global nss_util_version 3.15.4
+%global nss_softokn_version 3.15.4
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
@@ -19,7 +18,7 @@
Summary: Network Security Services
Name: nss
-Version: 3.15.3.1
+Version: 3.15.4
Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
@@ -58,7 +57,7 @@ Source7: blank-key4.db
Source8: system-pkcs11.txt
Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
-Source12: %{name}-pem-20130828.tar.bz2
+Source12: %{name}-pem-20131226.tar.bz2
Source17: TestCA.ca.cert
Source18: TestUser50.cert
Source19: TestUser51.cert
@@ -82,10 +81,6 @@ Patch25: nsspem-use-system-freebl.patch
# TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
-Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
-# The ocsp stapling tests currently require access to the
-# kuix.de test server but koji forbids outbount connections
-Patch46: disable-ocsp-stapling-tests.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171
@@ -93,10 +88,6 @@ Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch
Patch50: iquote.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=932001
-Patch54: document-certutil-email-option.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=937677
-Patch57: certutil_keyOpFlagsFix.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -182,16 +173,10 @@ low level services.
%patch25 -p0 -b .systemfreebl
%patch40 -p0 -b .noocsptest
%patch44 -p1 -b .syncupwithupstream
-%patch45 -p0 -b .notrash
-%patch46 -p0 -b .skipoutbound
%patch47 -p0 -b .templates
%patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem
%patch50 -p0 -b .iquote
-pushd nss
-%patch54 -p1 -b .948495
-%patch57 -p1 -b .948495
-popd
#########################################################
# Higher-level libraries and test tools need access to
@@ -749,6 +734,12 @@ fi
%changelog
+* Tue Jan 07 2014 Elio Maldonado - 3.15.4-1
+- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
+- Resolves: Bug 1049229 - nss-3.15.4 is available
+- Update pem sources to latest from the interim upstream for pem
+- Remove no longer needed patches
+
* Wed Dec 11 2013 Elio Maldonado - 3.15.3.1-1
- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)
diff --git a/sources b/sources
index ab0b3d0..17a8fc5 100644
--- a/sources
+++ b/sources
@@ -7,5 +7,5 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert
1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert
ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert
-e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2
-1d444fffdb1f890a000003b50295b5aa nss-3.15.3.1.tar.gz
+cb247307632f7673b32c71009ba7b660 nss-pem-20131226.tar.bz2
+74738d89615665e3547dc2c0602ab0e6 nss-3.15.4.tar.gz