Accepting request 614946 from mozilla:Factory

- update to NSS 3.36.4
  * required for Firefox 60.0.2 (bsc#1096515)
  * Fix crash on macOS related to authentication tokens, e.g. PK11or
    WebAuthn. (bmo#1461731)
  Bugfixes from 3.36.2
  * Connecting to a server that was recently upgraded to TLS 1.3
    would result in a SSL_RX_MALFORMED_SERVER_HELLO error. (bmo#1462303)
  * Fix a rare bug with PKCS#12 files. (bmo#1460673)
- use relro linker option (add-relro-linker-option.patch)

OBS-URL: https://build.opensuse.org/request/show/614946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=136

add-relro-linker-option.patch

@@ -0,0 +1,16 @@
+diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk
+--- nss/coreconf/Linux.mk.relro	2013-04-09 14:29:45.943228682 -0700
++++ nss/coreconf/Linux.mk	2013-04-09 14:31:26.194953927 -0700
+@@ -174,6 +174,12 @@ endif
+ endif
+ endif
+ 
++# harden DSOs/executables a bit against exploits
++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
++DSO_LDOPTS+=-Wl,-z,relro
++LDFLAGS	+= -Wl,-z,relro
++endif
++
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+ 

mozilla-nss.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Thu Jun  7 12:30:44 UTC 2018 - wr@rosenauer.org
+
+- update to NSS 3.36.4
+  * required for Firefox 60.0.2 (bsc#1096515)
+  * Fix crash on macOS related to authentication tokens, e.g. PK11or
+    WebAuthn. (bmo#1461731)
+  Bugfixes from 3.36.2
+  * Connecting to a server that was recently upgraded to TLS 1.3
+    would result in a SSL_RX_MALFORMED_SERVER_HELLO error. (bmo#1462303)
+  * Fix a rare bug with PKCS#12 files. (bmo#1460673)
+- use relro linker option (add-relro-linker-option.patch)
+
 -------------------------------------------------------------------
 Tue Apr 24 05:58:54 UTC 2018 - wr@rosenauer.org
 

mozilla-nss.spec

@@ -25,7 +25,7 @@ BuildRequires:  mozilla-nspr-devel >= 4.19
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.36.1
+Version:        3.36.4
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_36_1_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.36.1/nss ; cd nss-3.36.1/nss ; hg up NSS_3_36_1_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_36_4_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.36.4/nss ; cd nss-3.36.4/nss ; hg up NSS_3_36_4_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in
@@ -52,6 +52,7 @@ Source99:       %{name}.changes
 Patch1:         nss-opt.patch
 Patch2:         system-nspr.patch
 Patch3:         nss-no-rpath.patch
+Patch4:         add-relro-linker-option.patch
 Patch5:         malloc.patch
 Patch6:         nss-disable-ocsp-test.patch
 Patch7:         nss-sqlitename.patch
@@ -170,6 +171,7 @@ cd nss
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 %if %suse_version > 1110
 %patch5 -p1
 %endif

nss-3.36.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6025441d528ff6a7f1a4b673b6ee7d3540731ada3f78d5acd5c3b3736b222bff
-size 23026430

nss-3.36.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:33de96b33dc9225d8f637debc3f62bd1fee6a4415cd97c9cf07d7e685779246a
+size 23030385