diff --git a/nspr-4.34-server-passive.patch b/nspr-4.34-server-passive.patch
new file mode 100644
index 0000000..ed8d713
--- /dev/null
+++ b/nspr-4.34-server-passive.patch
@@ -0,0 +1,12 @@
+diff -r c75b4e36b7e8 pr/src/misc/prnetdb.c
+--- a/pr/src/misc/prnetdb.c Wed May 25 23:39:48 2022 +0200
++++ b/pr/src/misc/prnetdb.c Tue Jun 14 18:48:03 2022 -0400
+@@ -2204,6 +2204,7 @@
+
+ memset(&hints, 0, sizeof(hints));
+
++ hints.ai_flags = AI_PASSIVE;
+ rv = GETADDRINFO(NULL, tmpBuf, &hints, &res);
+ if (rv == 0) {
+ PRBool result_still_empty = PR_TRUE;
+
diff --git a/nss-3.79-remove-explicit-ipv4.patch b/nss-3.79-remove-explicit-ipv4.patch
deleted file mode 100644
index 3222e8c..0000000
--- a/nss-3.79-remove-explicit-ipv4.patch
+++ /dev/null
@@ -1,442 +0,0 @@
-diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
---- a/tests/ssl/ssl.sh
-+++ b/tests/ssl/ssl.sh
-@@ -81,16 +81,17 @@ ssl_init()
- if [ -n "$NSS_TASKCLUSTER_MAC" ]; then
- cwd=$(cd $(dirname $0); pwd -P)
- padd=$(echo $cwd | cut -d "/" -f4 | sed 's/[^0-9]//g')
- PORT=$(($PORT + $padd))
- fi
- NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
- nss_ssl_run="stapling signed_cert_timestamps cov auth dtls scheme exporter"
- NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
-+ IPVER=${NSS_CLIENT_IPVER}
-
- # Test case files
- SSLCOV=${QADIR}/ssl/sslcov.txt
- SSLAUTH=${QADIR}/ssl/sslauth.txt
- SSLSTRESS=${QADIR}/ssl/sslstress.txt
- SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
- REQUEST_FILE=${QADIR}/ssl/sslreq.dat
-
-@@ -166,26 +167,26 @@ is_selfserv_alive()
-
- ########################### wait_for_selfserv ##########################
- # local shell function to wait until selfserver is running and initialized
- ########################################################################
- wait_for_selfserv()
- {
- #verbose="-v"
- echo "trying to connect to selfserv at `date`"
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
- echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
-- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
- -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
- if [ $? -ne 0 ]; then
- sleep 5
- echo "retrying to connect to selfserv at `date`"
- echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
- echo " -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
-- ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
-+ ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
- -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
- if [ $? -ne 0 ]; then
- html_failed "Waiting for Server"
- fi
- fi
- is_selfserv_alive
- }
-
-@@ -371,21 +372,21 @@ ssl_cov()
- if [ "$VMAX" = "ssl3" -a "$VMIN" = "tls1.1" ]; then
- kill_selfserv
- start_selfserv $CIPHER_SUITES
- VMIN="ssl3"
- fi
-
-
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
- echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
- -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- html_msg $ret 0 "${testname}" \
- "produced a returncode of $ret, expected is 0"
- done < ${SSL_COV_TMP}
-@@ -427,21 +428,21 @@ ssl_cov_rsa_pss()
- ;;
- *)
- continue
- ;;
- esac
-
- echo "$SCRIPTNAME: running $testname (RSA-PSS) ----------------------------"
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
- echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
- -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- html_msg $ret 0 "${testname}" \
- "produced a returncode of $ret, expected is 0"
- done
-@@ -480,20 +481,20 @@ ssl_auth()
- unset SERVER_VMIN
- unset SERVER_VMAX
- if [ $TLS13 -eq 0 ] ; then
- SERVER_VMIN=tls1.0
- SERVER_VMAX=tls1.3
- fi
- start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'`
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " ${cparam} < ${REQUEST_FILE}"
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- #workaround for bug #402058
- [ $ret -ne 0 ] && ret=1
-@@ -528,20 +529,20 @@ ssl_stapling_sub()
-
- SAVE_P_R_SERVERDIR=${P_R_SERVERDIR}
- P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/
-
- echo "${testname}"
-
- start_selfserv
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}"
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -c v -T -O -F -M 1 -V ssl3:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- # hopefully no workaround for bug #402058 needed here?
- # (see commands in ssl_auth
-@@ -572,20 +573,20 @@ ssl_stapling_stress()
- SERVER_OPTIONS="${SERVER_OPTIONS} ${SO}"
-
- SAVE_P_R_SERVERDIR=${P_R_SERVERDIR}
- P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/
-
- echo "${testname}"
- start_selfserv
-
-- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\"
-+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\"
- echo " -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}"
- echo "strsclnt started at `date`"
-- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \
-+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \
- -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}
- ret=$?
-
- echo "strsclnt completed at `date`"
- html_msg $ret $value \
- "${testname}" \
- "produced a returncode of $ret, expected is $value."
- kill_selfserv
-@@ -638,20 +639,20 @@ ssl_signed_cert_timestamps()
- value=0
-
- echo "${testname}"
-
- start_selfserv
-
- # Since we don't have server-side support, this test only covers advertising the
- # extension in the client hello.
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE}"
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -U -V tls1.0:tls1.2 ${CLIENT_PW} < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- html_msg $ret $value "${testname}" \
- "produced a returncode of $ret, expected is $value"
-@@ -697,20 +698,20 @@ ssl_stress()
- fi
-
- if [ "${NOLOGIN}" -eq 0 ] ; then
- dbdir=${P_R_NOLOGINDIR}
- else
- dbdir=${P_R_CLIENTDIR}
- fi
-
-- echo "strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
-+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \\"
- echo " -V ssl3:tls1.2 $verbose ${HOSTADDR}"
- echo "strsclnt started at `date`"
-- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
-+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} -d ${dbdir} ${CLIENT_OPTIONS} -w nss $cparam \
- -V ssl3:tls1.2 $verbose ${HOSTADDR}
- ret=$?
- echo "strsclnt completed at `date`"
- html_msg $ret $value \
- "${testname}" \
- "produced a returncode of $ret, expected is $value. "
- if [ "`uname -n`" = "sjsu" ] ; then
- echo "debugging disapering selfserv... ps -ef | grep selfserv"
-@@ -789,20 +790,20 @@ ssl_crl_ssl()
- while [ $TEMP_NUM -lt $CRL_GROUP_RANGE ]
- do
- CURR_SER_NUM=`expr ${CRL_GROUP_BEGIN} + ${TEMP_NUM}`
- TEMP_NUM=`expr $TEMP_NUM + 1`
- USER_NICKNAME="TestUser${CURR_SER_NUM}"
- cparam=`echo $_cparam | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" `
- start_selfserv `echo "$sparam" | sed -e 's;\([^\\]\)_;\1 ;g' -e 's;\\\\_;_;g'`
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
- echo " ${cparam} < ${REQUEST_FILE}"
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
- -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- if [ $CURR_SER_NUM -ne $UNREVOKED_CERT ]; then
- modvalue=$rev_modvalue
- testAddMsg="revoked"
-@@ -884,21 +885,21 @@ ssl_policy()
- if [ "$testmax" = "TLS12" ]; then
- VMAX="tls1.2"
- fi
-
- # load the policy
- policy=`echo ${policy} | sed -e 's;_; ;g'`
- setup_policy "$policy" ${P_R_CLIENTDIR}
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
- echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
- -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- #workaround for bug #402058
- [ $ret -ne 0 ] && ret=1
-@@ -1066,22 +1067,22 @@ ssl_policy_selfserv()
-
- start_selfserv $CIPHER_SUITES
-
- SERVER_OPTIONS="${SAVE_SERVER_OPTIONS}"
- VMIN="ssl3"
- VMAX="tls1.2"
-
- # Try to connect to the server with a ciphersuite using RSA in key exchange
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
- echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
-
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- RET_EXP=254
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -c d -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
- -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- RET=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-
- html_msg $RET $RET_EXP "${testname}" \
- "produced a returncode of $RET, expected is $RET_EXP"
-@@ -1156,30 +1157,30 @@ load_group_crl() {
- if [ $group -eq 1 ]; then
- echo "==================== Resetting to group 1 crl ==================="
- kill_selfserv
- start_selfserv
- is_selfserv_alive
- fi
- echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
- echo " -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
- echo "Request:"
- echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
- echo ""
- echo "RELOAD time $i"
-
- REQF=${R_CLIENTDIR}.crlreq
- cat > ${REQF} <<_EOF_REQUEST_
- GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
-
- _EOF_REQUEST_
-
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f \
- -d ${R_CLIENTDIR} $verbose -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
- >${OUTFILE_TMP} 2>&1 < ${REQF}
-
- cat ${OUTFILE_TMP}
- grep "CRL ReCache Error" ${OUTFILE_TMP}
- if [ $? -eq 0 ]; then
- ret=1
- return 1
-@@ -1257,20 +1258,20 @@ ssl_crl_cache()
- while [ $TEMP_NUM -lt $TOTAL_CRL_RANGE ]
- do
- CURR_SER_NUM=`expr ${CRL_GRP_1_BEGIN} + ${TEMP_NUM}`
- TEMP_NUM=`expr $TEMP_NUM + 1`
- USER_NICKNAME="TestUser${CURR_SER_NUM}"
- cparam=`echo $_cparam | sed -e 's;\([^\]\)_;\1 ;g' -e 's;\\_;_;g' -e "s/TestUser/$USER_NICKNAME/g" `
-
- echo "Server Args: $SERV_ARG"
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
- echo " ${cparam} < ${REQUEST_FILE}"
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
- -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
- >${TMP}/$HOST.tmp.$$ 2>&1
- ret=$?
- cat ${TMP}/$HOST.tmp.$$
- rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
- is_revoked ${CURR_SER_NUM} ${LOADED_GRP}
- isRevoked=$?
- if [ $isRevoked -eq 0 ]; then
-@@ -1325,29 +1326,29 @@ ssl_dtls()
- #verbose="-v"
- html_head "SSL DTLS $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
-
- testname="ssl_dtls"
- value=0
-
- echo "${testname}"
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \\"
- echo " -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss < ${REQUEST_FILE} &"
-
-- (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \
-+ (sleep 2; cat ${REQUEST_FILE}) | ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${SERVER_OPTIONS} \
- -d ${P_R_SERVERDIR} $verbose -U -V tls1.1:tls1.2 -P server -n ${HOSTADDR} -w nss 2>&1 &
-
- PID=$!
-
- sleep 1
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \\"
- echo " -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE}"
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -U -V tls1.1:tls1.2 -P client -Q ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
- ret=$?
- html_msg $ret $value "${testname}" \
- "produced a returncode of $ret, expected is $value"
-
- kill ${PID}
-
- html "
"
-@@ -1364,19 +1365,19 @@ ssl_scheme()
- schemes=("rsa_pkcs1_sha256" "rsa_pss_rsae_sha256" "rsa_pkcs1_sha256,rsa_pss_rsae_sha256")
- for sscheme in "${schemes[@]}"; do
- for cscheme in "${schemes[@]}"; do
- testname="ssl_scheme server='$sscheme' client='$cscheme'"
- echo "${testname}"
-
- start_selfserv -V tls1.2:tls1.2 -J "$sscheme"
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE}"
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
- ret=$?
- # If both schemes include just one option and those options don't
- # match, then the test should fail; otherwise, assume that it works.
- if [ "${cscheme#*,}" = "$cscheme" -a \
- "${sscheme#*,}" = "$sscheme" -a \
- "$cscheme" != "$sscheme" ]; then
- expected=254
-@@ -1404,19 +1405,19 @@ ssl_scheme_stress()
- schemes=("rsa_pkcs1_sha256" "rsa_pss_rsae_sha256" "rsa_pkcs1_sha256,rsa_pss_rsae_sha256")
- for sscheme in "${schemes[@]}"; do
- for cscheme in "${schemes[@]}"; do
- testname="ssl_scheme server='$sscheme' client='$cscheme'"
- echo "${testname}"
-
- start_selfserv -V tls1.2:tls1.2 -J "$sscheme"
-
-- echo "strsclnt -4 -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "strsclnt ${IPVER} -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE}"
-- ${PROFTOOL} ${BINDIR}/strsclnt -4 -q -p ${PORT} ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/strsclnt ${IPVER} -q -p ${PORT} ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} ${CLIENT_PW} < ${REQUEST_FILE} 2>&1
- ret=$?
- # If both schemes include just one option and those options don't
- # match, then the test should fail; otherwise, assume that it works.
- if [ "${cscheme#*,}" = "$cscheme" -a \
- "${sscheme#*,}" = "$sscheme" -a \
- "$cscheme" != "$sscheme" ]; then
- expected=1
-@@ -1443,19 +1444,19 @@ ssl_exporter()
- save_fileout=${fileout}
- fileout=1
- SAVE_SERVEROUTFILE=${SERVEROUTFILE}
- SERVEROUTFILE=server.out
- exporters=("label" "label:10" "label:10:0xdeadbeef" "0x666f6f2c:10:0xdeadbeef" "label1:10:0xdeadbeef,label2:10")
- for exporter in "${exporters[@]}"; do
- start_selfserv -V tls1.2:tls1.2 -x "$exporter"
-
-- echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
-+ echo "tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
- echo " -V tls1.2:tls1.2 -x $exporter ${CLIENT_PW} < ${REQUEST_FILE}"
-- ${PROFTOOL} ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-+ ${PROFTOOL} ${BINDIR}/tstclnt ${IPVER} -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
- -d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -x "$exporter" ${CLIENT_PW} < ${REQUEST_FILE} 2>&1 > client.out
- kill_selfserv
- diff <(LC_ALL=C grep -A1 "^ *Keying Material:" server.out) \
- <(LC_ALL=C grep -A1 "^ *Keying Material:" client.out)
- ret=$?
- html_msg $ret 0 "${testname}" \
- "produced a returncode of $ret, expected is 0"
- done
diff --git a/nss.spec b/nss.spec
index 3d625eb..5c0219b 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,6 +1,6 @@
%global nss_version 3.79.0
%global nspr_version 4.34.0
-%global baserelease 3
+%global baserelease 4
%global nss_release %baserelease
# NOTE: To avoid NVR clashes of nspr* packages:
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@@ -158,7 +158,7 @@ Patch34: nss-3.71-fix-lto-gtests.patch
Patch35: nss-3.71-camellia-pkcs12-doc.patch
# patches that expect to be upstreamed
-Patch50: nss-3.79-remove-explicit-ipv4.patch
+#Patch50: nss-3.79-remove-explicit-ipv4.patch
Patch51: nss-3.79-dbtool.patch
Patch52: nss-3.79-dont-verify-default.patch
Patch53: nss-3.79-fix-client-cert-crash.patch
@@ -168,6 +168,7 @@ Patch53: nss-3.79-fix-client-cert-crash.patch
Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch
Patch110: nspr-4.34-fix-coverity-loop-issue.patch
+Patch120: nspr-4.34-server-passive.patch
# NSS reverse patches
@@ -336,6 +337,7 @@ cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
pushd nspr
%patch101 -p1 -b .gcc-atomics
%patch110 -p1 -b .coverity
+%patch120 -p1 -b .server-passive
popd
pushd nss
@@ -1142,6 +1144,9 @@ update-crypto-policies &> /dev/null || :
%changelog
+* Tue Jun 14 2022 Bob Relyea - 3.79.0-4
+- server passive fix
+
* Sat Jun 11 2022 Bob Relyea - 3.79.0-3
- fix regressions in test suite