From a9a362256764531cd8c5e30c67e9e79135ae6fa18fc2c7ed8a52be8404b19263 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Tue, 5 Apr 2016 05:56:14 +0000
Subject: [PATCH] - update to NSS 3.22.3   * required for Firefox 46.0   *
 Increase compatibility of TLS extended master secret,     don't send an empty
 TLS extension last in the handshake     (bmo#1243641)

- update to NSS 3.22.2
  New functionality:
  * RSA-PSS signatures are now supported (bmo#1215295)
  * Pseudorandom functions based on hashes other than SHA-1 are now supported
  * Enforce an External Policy on NSS from a config file (bmo#1009429)
  New functions:
  * PK11_SignWithMechanism - an extended version PK11_Sign()
  * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
  * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
    TLS extension data
  * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
    TLS extension data
  New types:
  * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
  * Constants for several object IDs are added to SECOidTag
  New macros:
  * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
  * NSS_USE_ALG_IN_SSL
  * NSS_USE_POLICY_IN_SSL
  * NSS_RSA_MIN_KEY_SIZE
  * NSS_DH_MIN_KEY_SIZE
  * NSS_DSA_MIN_KEY_SIZE
  * NSS_TLS_VERSION_MIN_POLICY
  * NSS_TLS_VERSION_MAX_POLICY

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=209
---
 mozilla-nss.changes | 53 +++++++++++++++++++++++++++++++++++++++++++--
 mozilla-nss.spec    | 10 ++++-----
 nss-3.21.1.tar.gz   |  3 ---
 nss-3.22.3.tar.gz   |  3 +++
 4 files changed, 59 insertions(+), 10 deletions(-)
 delete mode 100644 nss-3.21.1.tar.gz
 create mode 100644 nss-3.22.3.tar.gz

diff --git a/mozilla-nss.changes b/mozilla-nss.changes
index 92bc7ec..648dbb2 100644
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Tue Mar 15 10:25:38 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.3
+  * required for Firefox 46.0
+  * Increase compatibility of TLS extended master secret,
+    don't send an empty TLS extension last in the handshake
+    (bmo#1243641)
+
+-------------------------------------------------------------------
+Wed Mar  9 15:42:01 UTC 2016 - wr@rosenauer.org
+
+- update to NSS 3.22.2
+  New functionality:
+  * RSA-PSS signatures are now supported (bmo#1215295)
+  * Pseudorandom functions based on hashes other than SHA-1 are now supported
+  * Enforce an External Policy on NSS from a config file (bmo#1009429)
+  New functions:
+  * PK11_SignWithMechanism - an extended version PK11_Sign()
+  * PK11_VerifyWithMechanism - an extended version of PK11_Verify()
+  * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
+    TLS extension data
+  * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
+    TLS extension data
+  New types:
+  * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
+  * Constants for several object IDs are added to SECOidTag
+  New macros:
+  * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
+  * NSS_USE_ALG_IN_SSL
+  * NSS_USE_POLICY_IN_SSL
+  * NSS_RSA_MIN_KEY_SIZE
+  * NSS_DH_MIN_KEY_SIZE
+  * NSS_DSA_MIN_KEY_SIZE
+  * NSS_TLS_VERSION_MIN_POLICY
+  * NSS_TLS_VERSION_MAX_POLICY
+  * NSS_DTLS_VERSION_MIN_POLICY
+  * NSS_DTLS_VERSION_MAX_POLICY
+  * CKP_PKCS5_PBKD2_HMAC_SHA224
+  * CKP_PKCS5_PBKD2_HMAC_SHA256
+  * CKP_PKCS5_PBKD2_HMAC_SHA384
+  * CKP_PKCS5_PBKD2_HMAC_SHA512
+  * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
+  * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
+  * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
+  Notable changes:
+  * NSS C++ tests are built by default, requiring a C++11 compiler.
+    Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
+  * NSS has been changed to use the PR_GetEnvSecure function that
+    was made available in NSPR 4.12
+
 -------------------------------------------------------------------
 Mon Mar  7 15:41:50 UTC 2016 - wr@rosenauer.org
 
@@ -5,10 +56,8 @@ Mon Mar  7 15:41:50 UTC 2016 - wr@rosenauer.org
   * required for Firefox 45.0
   * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
     Buffer overflow during ASN.1 decoding in NSS
-    (fixed by requiring 3.21.1)
   * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
     Use-after-free during processing of DER encoded keys in NSS
-    (fixed by requiring 3.21.1)
 
 -------------------------------------------------------------------
 Sun Dec 20 10:12:35 UTC 2015 - wr@rosenauer.org
diff --git a/mozilla-nss.spec b/mozilla-nss.spec
index 987bf84..2e980a2 100644
--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@@ -2,7 +2,7 @@
 # spec file for package mozilla-nss
 #
 # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-# Copyright (c) 2006-2016 Wolfgang Rosenauer
+# Copyright (c) 2006-2015 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,11 +21,11 @@
 
 Name:           mozilla-nss
 BuildRequires:  gcc-c++
-BuildRequires:  mozilla-nspr-devel >= 4.10.10
+BuildRequires:  mozilla-nspr-devel >= 4.12
 BuildRequires:  pkg-config
 BuildRequires:  sqlite-devel
 BuildRequires:  zlib-devel
-Version:        3.21.1
+Version:        3.22.3
 Release:        0
 # bug437293
 %ifarch ppc64
@@ -36,8 +36,8 @@ Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
 Url:            http://www.mozilla.org/projects/security/pki/nss/
-Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_1_RTM/src/nss-%{version}.tar.gz
-# hg clone https://hg.mozilla.org/projects/nss nss-3.21.1/nss ; cd nss-3.21.1/nss ; hg up NSS_3_21_1_RTM
+Source:         https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_3_RTM/src/nss-%{version}.tar.gz
+# hg clone https://hg.mozilla.org/projects/nss nss-3.22.3/nss ; cd nss-3.22.3/nss ; hg up NSS_3_22_3_RTM
 #Source:         nss-%{version}.tar.gz
 Source1:        nss.pc.in
 Source3:        nss-config.in
diff --git a/nss-3.21.1.tar.gz b/nss-3.21.1.tar.gz
deleted file mode 100644
index b39c2f4..0000000
--- a/nss-3.21.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:daf6bb45246630547b5de31132287bb585fcd283fc856ed4136a69c47c4ad94e
-size 6978378
diff --git a/nss-3.22.3.tar.gz b/nss-3.22.3.tar.gz
new file mode 100644
index 0000000..f0f1b9b
--- /dev/null
+++ b/nss-3.22.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:03be288e20c19a032403318cc819529229aafdf6d50bc77b682e33a3241f9b97
+size 6981457