From 72e7b013a20732ae6ae0f8ab2fb0ca31682c35ee1ae3d7b737786c75af16fa8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?=
 <vcizek@suse.com>
Date: Mon, 19 Mar 2018 13:59:29 +0000
Subject: [PATCH 1/2] Accepting request 588609 from
 home:vitezslav_cizek:branches:Apache:Modules

- Update to 1.0.16
  * Fix up some broken cipher strings from a bad merge
- adjust distro detection, Tumbleweed has NSS 3.35, Leap 15 has 3.34
- drop 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
  (upstream)

OBS-URL: https://build.opensuse.org/request/show/588609
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=42
---
 ...oken-cipher-strings-from-a-bad-merge.patch | 57 -------------------
 apache2-mod_nss.changes                       |  9 +++
 apache2-mod_nss.spec                          | 12 ++--
 mod_nss-1.0.15.tar.gz                         |  3 -
 mod_nss-1.0.16.tar.gz                         |  3 +
 5 files changed, 18 insertions(+), 66 deletions(-)
 delete mode 100644 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
 delete mode 100644 mod_nss-1.0.15.tar.gz
 create mode 100644 mod_nss-1.0.16.tar.gz

diff --git a/0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch b/0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
deleted file mode 100644
index 4154d61..0000000
--- a/0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 6d1f6dd0c2b2cd80559b61779254e1b3d39aa5cd Mon Sep 17 00:00:00 2001
-From: Rob Crittenden <rcritten@redhat.com>
-Date: Fri, 19 Jan 2018 15:36:40 -0500
-Subject: [PATCH] Fix up some broken cipher strings from a bad merge
-
----
- nss_engine_cipher.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c
-index b78e32c..3eda72a 100644
---- a/nss_engine_cipher.c
-+++ b/nss_engine_cipher.c
-@@ -59,7 +59,7 @@ cipher_properties ciphers_def[] =
-     {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "FIPS-DES-CBC3-SHA", SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSLV3, SSL_MEDIUM, 112, 168, NULL},
-     {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, "FIPS-DES-CBC-SHA", SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56, NULL},
- #ifdef ENABLE_SERVER_DHE
--    {"dhe_rsa_3des_sha", TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "EDH-RSA-DES-CBC3-SHA", SSL_kDHE|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
-+    {"dhe_rsa_3des_sha", TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "DHE-RSA-DES-CBC3-SHA", SSL_kDHE|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
-     {"dhe_rsa_aes_128_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "DHE-RSA-AES128-SHA", SSL_kDHE|SSL_aRSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
-     {"dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "DHE-RSA-AES256-SHA", SSL_kDHE|SSL_aRSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
-     {"dhe_rsa_camellia_128_sha", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "DHE-RSA-CAMELLIA128-SHA", SSL_kDHE|SSL_aRSA|SSL_CAMELLIA128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
-@@ -74,21 +74,21 @@ cipher_properties ciphers_def[] =
- #endif
- #endif /* ENABLE_SERVER_DHE */
- #ifdef NSS_ENABLE_ECC
--    {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
--    {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-SHA", SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
--    {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDH-ECDSA-DES-CBC3-SHA", SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
--    {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "ECDH-ECDSA-AES128-SHA", SSL_kECDHe|SSL_aECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
--    {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "ECDH-ECDSA-AES256-SHA", SSL_kECDHe|SSL_aECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
-+    {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", SSL_kECDHE|SSL_AECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
-+    {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-SHA", SSL_kECDHE|SSL_AECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
-+    {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDH-ECDSA-DES-CBC3-SHA", SSL_kECDHE|SSL_AECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
-+    {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "ECDH-ECDSA-AES128-SHA", SSL_kECDHE|SSL_AECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
-+    {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "ECDH-ECDSA-AES256-SHA", SSL_kECDHE|SSL_AECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
-     {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA, "ECDHE-ECDSA-NULL-SHA", SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
-     {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "ECDHE-ECDSA-RC4-SHA", SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
-     {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-ECDSA-DES-CBC3-SHA", SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
-     {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "ECDHE-ECDSA-AES128-SHA", SSL_kEECDH|SSL_aECDSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
-     {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "ECDHE-ECDSA-AES256-SHA", SSL_kEECDH|SSL_aECDSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
--    {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, "ECDH-RSA-NULL-SHA", SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
--    {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, "ECDH-RSA-RC4-SHA", SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
--    {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "ECDH-RSA-DES-CBC3-SHA", SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
--    {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "ECDH-RSA-AES128-SHA", SSL_kECDHr|SSL_aECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
--    {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "ECDH-RSA-AES256-SHA", SSL_kECDHr|SSL_aECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
-+    {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, "ECDH-RSA-NULL-SHA", SSL_kECDHr|SSL_AECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
-+    {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA, "ECDH-RSA-RC4-SHA", SSL_kECDHr|SSL_AECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
-+    {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "ECDH-RSA-DES-CBC3-SHA", SSL_kECDHr|SSL_AECDH|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
-+    {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "ECDH-RSA-AES128-SHA", SSL_kECDHr|SSL_AECDH|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128, NULL},
-+    {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "ECDH-RSA-AES256-SHA", SSL_kECDHr|SSL_AECDH|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256, NULL},
-     {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA, "ECDHE-RSA-NULL-SHA", SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0, NULL},
-     {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, "ECDHE-RSA-RC4-SHA", SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128, NULL},
-     {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-RSA-DES-CBC3-SHA", SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_MEDIUM, 112, 168, NULL},
--- 
-2.16.2
-
diff --git a/apache2-mod_nss.changes b/apache2-mod_nss.changes
index eb1b16a..6db9b40 100644
--- a/apache2-mod_nss.changes
+++ b/apache2-mod_nss.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Mar 19 11:12:29 UTC 2018 - vcizek@suse.com
+
+- Update to 1.0.16
+  * Fix up some broken cipher strings from a bad merge
+- adjust distro detection, Tumbleweed has NSS 3.35, Leap 15 has 3.34
+- drop 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
+  (upstream)
+
 -------------------------------------------------------------------
 Thu Mar  8 13:15:32 UTC 2018 - vcizek@suse.com
 
diff --git a/apache2-mod_nss.spec b/apache2-mod_nss.spec
index 509455a..1bbf986 100644
--- a/apache2-mod_nss.spec
+++ b/apache2-mod_nss.spec
@@ -25,7 +25,7 @@
 %define    apache_mmn        %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
 %define    apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d
 Name:           apache2-mod_nss
-Version:        1.0.15
+Version:        1.0.16
 Release:        0
 Summary:        SSL/TLS module for the Apache HTTP server
 License:        Apache-2.0
@@ -39,7 +39,6 @@ Source5:        vhost-nss.template
 Patch1:         mod_nss-migrate.patch
 Patch2:         mod_nss-gencert-correct-ownership.patch
 Patch4:         mod_nss-gencert_use_ss_instead_of_netstat.patch
-Patch5:         0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel >= 2.2.12
 BuildRequires:  apr-devel
@@ -72,11 +71,12 @@ Security (TLS) protocols using the Network Security Services (NSS)
 security library.
 
 %prep
-%setup -q -n mod_nss-%{version}
+#% setup -q -n mod_nss-%{version}
+# Workaround for bug https://pagure.io/mod_nss/issue/44
+%setup -q -n mod_nss-1.0.15
 %patch1 -p1
 %patch2 -p1
 %patch4 -p1
-%patch5 -p1
 
 # Touch expression parser sources to prevent regenerating it
 touch nss_expr_*.[chyl]
@@ -130,7 +130,7 @@ install -m 755 gencert %{buildroot}%{_sbindir}/
 install -m 755 migrate.pl %{buildroot}%{_sbindir}/mod_nss_migrate.pl
 
 #ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconf_nssdir}/
-%if 0%{?suse_version} < 1330
+%if 0%{?suse_version} <= 1500
 touch %{buildroot}%{apache_sysconf_nssdir}/secmod.db
 touch %{buildroot}%{apache_sysconf_nssdir}/cert8.db
 touch %{buildroot}%{apache_sysconf_nssdir}/key3.db
@@ -220,7 +220,7 @@ find %{apache_sysconf_nssdir} -user root -name "*.db" ! -type l -exec /bin/chmod
 %dir %{apache_libexecdir}
 %{apache_libexecdir}/mod_nss.so
 %dir %{apache_sysconf_nssdir}/
-%if 0%{?suse_version} < 1330
+%if 0%{?suse_version} <= 1500
 %ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/secmod.db
 %ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/cert8.db
 %ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db
diff --git a/mod_nss-1.0.15.tar.gz b/mod_nss-1.0.15.tar.gz
deleted file mode 100644
index 2c609c3..0000000
--- a/mod_nss-1.0.15.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a33734ecd6e1fa44bffb359b0a08431a3b5c8e81a4958d90200bbb2ce2c0fe9
-size 183083
diff --git a/mod_nss-1.0.16.tar.gz b/mod_nss-1.0.16.tar.gz
new file mode 100644
index 0000000..48aba6c
--- /dev/null
+++ b/mod_nss-1.0.16.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bf7516fc70f30b56cf6fbeeaaa44bc40fcaa42eb8510f600b25f099306fc161f
+size 183112

From 292151f4c6962e5ab1ad2a50225e7bcd5382df54eab6955a42b79623dcd09e44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?=
 <vcizek@suse.com>
Date: Mon, 19 Mar 2018 15:29:20 +0000
Subject: [PATCH 2/2] Accepting request 588674 from
 home:vitezslav_cizek:branches:Apache:Modules

- Use fixed upstream 1.0.16 tarball
  * https://pagure.io/mod_nss/issue/44

OBS-URL: https://build.opensuse.org/request/show/588674
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=43
---
 apache2-mod_nss.changes | 6 ++++++
 apache2-mod_nss.spec    | 4 +---
 mod_nss-1.0.16.tar.gz   | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/apache2-mod_nss.changes b/apache2-mod_nss.changes
index 6db9b40..2578388 100644
--- a/apache2-mod_nss.changes
+++ b/apache2-mod_nss.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 19 15:23:59 UTC 2018 - vcizek@suse.com
+
+- Use fixed upstream 1.0.16 tarball
+  * https://pagure.io/mod_nss/issue/44
+
 -------------------------------------------------------------------
 Mon Mar 19 11:12:29 UTC 2018 - vcizek@suse.com
 
diff --git a/apache2-mod_nss.spec b/apache2-mod_nss.spec
index 1bbf986..6b29de7 100644
--- a/apache2-mod_nss.spec
+++ b/apache2-mod_nss.spec
@@ -71,9 +71,7 @@ Security (TLS) protocols using the Network Security Services (NSS)
 security library.
 
 %prep
-#% setup -q -n mod_nss-%{version}
-# Workaround for bug https://pagure.io/mod_nss/issue/44
-%setup -q -n mod_nss-1.0.15
+%setup -q -n mod_nss-%{version}
 %patch1 -p1
 %patch2 -p1
 %patch4 -p1
diff --git a/mod_nss-1.0.16.tar.gz b/mod_nss-1.0.16.tar.gz
index 48aba6c..e924496 100644
--- a/mod_nss-1.0.16.tar.gz
+++ b/mod_nss-1.0.16.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bf7516fc70f30b56cf6fbeeaaa44bc40fcaa42eb8510f600b25f099306fc161f
-size 183112
+oid sha256:b72412ac6cbcaced00fae368fd3497e40c010669e39030db4a7b34e2a8bbf92c
+size 183115