Bug 539183 - Short-term fix for ssl test suites hangs on ipv6 type connections

Change selfserv to use a dual-stack IPv6 listening socket, which can accept
connections from both IPv4 and IPv6 clients.  NSPR's IPv6 sockets have the
IPV6_V6ONLY socket option default to false.

nss-539183.patch

@@ -0,0 +1,33 @@
+Index: mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.94
+diff -p -u -8 -r1.94 selfserv.c
+--- mozilla/security/nss/cmd/selfserv/selfserv.c	3 Apr 2010 18:27:27 -0000	1.94
++++ mozilla/security/nss/cmd/selfserv/selfserv.c	24 Feb 2011 02:28:02 -0000
+@@ -1487,21 +1487,21 @@ PRFileDesc *
+ getBoundListenSocket(unsigned short port)
+ {
+     PRFileDesc *       listen_sock;
+     int                listenQueueDepth = 5 + (2 * maxThreads);
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
++    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
++	errExit("PR_SetNetAddr");
++    }
+ 
+-    listen_sock = PR_NewTCPSocket();
++    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+ 	errExit("PR_NewTCPSocket");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+     opt.value.non_blocking = PR_FALSE;
+     prStatus = PR_SetSocketOption(listen_sock, &opt);
+     if (prStatus < 0) {

nss.spec

@@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.9
-Release:          12%{?dist}
+Release:          13%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -47,6 +47,7 @@ Patch12:          allow-content-types-beyond-smime.patch
 Patch13:          nss-recurse.patch
 Patch14:          dont-use-cpp-reserved-words.patch
 Patch15:          swap-internal-key-slot.patch
+Patch16:          nss-539183.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -124,6 +125,7 @@ low level services.
 %patch13 -p1 -b .recurse
 %patch14 -p1 -b .676036
 %patch15 -p1 -b .jss
+%patch16 -p0 -b .539183
 
 
 %build
@@ -271,9 +273,10 @@ cd ./mozilla/security/nss/tests/
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
 #
-#  Disable the ssl test suites until Bug 539183 is resolved
-%global nss_ssl_tests " "
-%global nss_ssl_run " "
+# Uncomment these lines if you need to temporarily
+# disable some test suites for faster test builds
+# global nss_ssl_tests "normal_fips"
+# global nss_ssl_run "cov auth"
 
 HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
 
@@ -516,6 +519,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Wed Feb 24 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-13
+- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)
+
 * Fri Feb 18 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-12
 - Add a missing requires for pkcs11-devel (#675196)