diff --git a/.gitignore b/.gitignore
index 863dd4e..a2ca2b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/nspr-4.10.8.tar.gz
+SOURCES/nspr-4.11.0.tar.gz
SOURCES/nspr-config.xml
diff --git a/.nspr.metadata b/.nspr.metadata
index ddfa4ea..5e42c37 100644
--- a/.nspr.metadata
+++ b/.nspr.metadata
@@ -1,2 +1,2 @@
-c87c6a10e0e36866006b45c194d70cd8c67d0934 SOURCES/nspr-4.10.8.tar.gz
+c5d88b364846b468174beb6ec5b3512de780ab5b SOURCES/nspr-4.11.0.tar.gz
f748a225d13fc55d8843c93002a6e8b79cd3779d SOURCES/nspr-config.xml
diff --git a/SOURCES/nspr-4.10.10-security-fix.patch b/SOURCES/nspr-4.10.10-security-fix.patch
deleted file mode 100644
index 074b66e..0000000
--- a/SOURCES/nspr-4.10.10-security-fix.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-diff --git a/lib/ds/plarena.c b/lib/ds/plarena.c
---- a/lib/ds/plarena.c
-+++ b/lib/ds/plarena.c
-@@ -88,16 +88,19 @@ PR_IMPLEMENT(void) PL_InitArenaPool(
- align = PL_ARENA_DEFAULT_ALIGN;
-
- if (align < sizeof(pmasks)/sizeof(pmasks[0]))
- pool->mask = pmasks[align];
- else
- pool->mask = PR_BITMASK(PR_CeilingLog2(align));
-
- pool->first.next = NULL;
-+ /* Set all three addresses in pool->first to the same dummy value.
-+ * These addresses are only compared with each other, but never
-+ * dereferenced. */
- pool->first.base = pool->first.avail = pool->first.limit =
- (PRUword)PL_ARENA_ALIGN(pool, &pool->first + 1);
- pool->current = &pool->first;
- /*
- * Compute the net size so that each arena's gross size is |size|.
- * sizeof(PLArena) + pool->mask is the header and alignment slop
- * that PL_ArenaAllocate adds to the net size.
- */
-@@ -139,20 +142,24 @@ PR_IMPLEMENT(void) PL_InitArenaPool(
- ** See also: bugzilla: 45343.
- **
- */
-
- PR_IMPLEMENT(void *) PL_ArenaAllocate(PLArenaPool *pool, PRUint32 nb)
- {
- PLArena *a;
- char *rp; /* returned pointer */
-+ PRUint32 nbOld;
-
- PR_ASSERT((nb & pool->mask) == 0);
-
-+ nbOld = nb;
- nb = (PRUword)PL_ARENA_ALIGN(pool, nb); /* force alignment */
-+ if (nb < nbOld)
-+ return NULL;
-
- /* attempt to allocate from arenas at pool->current */
- {
- a = pool->current;
- do {
- if ( nb <= a->limit - a->avail ) {
- pool->current = a;
- rp = (char *)a->avail;
-@@ -203,16 +210,17 @@ PR_IMPLEMENT(void *) PL_ArenaAllocate(PL
- a = (PLArena*)PR_MALLOC(sz);
- }
- if ( NULL != a ) {
- a->limit = (PRUword)a + sz;
- a->base = a->avail = (PRUword)PL_ARENA_ALIGN(pool, a + 1);
- PL_MAKE_MEM_NOACCESS((void*)a->avail, a->limit - a->avail);
- rp = (char *)a->avail;
- a->avail += nb;
-+ PR_ASSERT(a->avail <= a->limit);
- /* the newly allocated arena is linked after pool->current
- * and becomes pool->current */
- a->next = pool->current->next;
- pool->current->next = a;
- pool->current = a;
- if ( NULL == pool->first.next )
- pool->first.next = a;
- PL_COUNT_ARENA(pool,++);
-@@ -225,16 +233,18 @@ PR_IMPLEMENT(void *) PL_ArenaAllocate(PL
- return(NULL);
- } /* --- end PL_ArenaAllocate() --- */
-
- PR_IMPLEMENT(void *) PL_ArenaGrow(
- PLArenaPool *pool, void *p, PRUint32 size, PRUint32 incr)
- {
- void *newp;
-
-+ if (PR_UINT32_MAX - size < incr)
-+ return NULL;
- PL_ARENA_ALLOCATE(newp, pool, size + incr);
- if (newp)
- memcpy(newp, p, size);
- return newp;
- }
-
- static void ClearArenaList(PLArena *a, PRInt32 pattern)
- {
-diff --git a/lib/ds/plarena.h b/lib/ds/plarena.h
---- a/lib/ds/plarena.h
-+++ b/lib/ds/plarena.h
-@@ -132,44 +132,49 @@ void __asan_unpoison_memory_region(void
- PL_InitArenaPool(pool, name, size, PL_ARENA_CONST_ALIGN_MASK + 1)
- #else
- #define PL_ARENA_ALIGN(pool, n) (((PRUword)(n) + (pool)->mask) & ~(pool)->mask)
- #endif
-
- #define PL_ARENA_ALLOCATE(p, pool, nb) \
- PR_BEGIN_MACRO \
- PLArena *_a = (pool)->current; \
-- PRUint32 _nb = PL_ARENA_ALIGN(pool, nb); \
-+ PRUint32 _nb = PL_ARENA_ALIGN(pool, (PRUint32)nb); \
- PRUword _p = _a->avail; \
-- PRUword _q = _p + _nb; \
-- if (_q > _a->limit) { \
-+ if (_nb < (PRUint32)nb) { \
-+ _p = 0; \
-+ } else if (_nb > (_a->limit - _a->avail)) { \
- _p = (PRUword)PL_ArenaAllocate(pool, _nb); \
- } else { \
-- _a->avail = _q; \
-+ _a->avail += _nb; \
- } \
- p = (void *)_p; \
-- PL_MAKE_MEM_UNDEFINED(p, nb); \
-- PL_ArenaCountAllocation(pool, nb); \
-+ if (p) { \
-+ PL_MAKE_MEM_UNDEFINED(p, (PRUint32)nb); \
-+ PL_ArenaCountAllocation(pool, (PRUint32)nb); \
-+ } \
- PR_END_MACRO
-
- #define PL_ARENA_GROW(p, pool, size, incr) \
- PR_BEGIN_MACRO \
- PLArena *_a = (pool)->current; \
-- PRUint32 _incr = PL_ARENA_ALIGN(pool, incr); \
-- PRUword _p = _a->avail; \
-- PRUword _q = _p + _incr; \
-- if (_p == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
-- _q <= _a->limit) { \
-- PL_MAKE_MEM_UNDEFINED((unsigned char *)(p) + size, incr); \
-- _a->avail = _q; \
-- PL_ArenaCountInplaceGrowth(pool, size, incr); \
-+ PRUint32 _incr = PL_ARENA_ALIGN(pool, (PRUint32)incr); \
-+ if (_incr < (PRUint32)incr) { \
-+ p = NULL; \
-+ } else if (_a->avail == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
-+ _incr <= (_a->limit - _a->avail)) { \
-+ PL_MAKE_MEM_UNDEFINED((unsigned char *)(p) + size, (PRUint32)incr); \
-+ _a->avail += _incr; \
-+ PL_ArenaCountInplaceGrowth(pool, size, (PRUint32)incr); \
- } else { \
-- p = PL_ArenaGrow(pool, p, size, incr); \
-+ p = PL_ArenaGrow(pool, p, size, (PRUint32)incr); \
- } \
-- PL_ArenaCountGrowth(pool, size, incr); \
-+ if (p) {\
-+ PL_ArenaCountGrowth(pool, size, (PRUint32)incr); \
-+ } \
- PR_END_MACRO
-
- #define PL_ARENA_MARK(pool) ((void *) (pool)->current->avail)
- #define PR_UPTRDIFF(p,q) ((PRUword)(p) - (PRUword)(q))
-
- #define PL_CLEAR_UNUSED_PATTERN(a, pattern) \
- PR_BEGIN_MACRO \
- PR_ASSERT((a)->avail <= (a)->limit); \
diff --git a/SPECS/nspr.spec b/SPECS/nspr.spec
index c0cf2de..fc85f17 100644
--- a/SPECS/nspr.spec
+++ b/SPECS/nspr.spec
@@ -1,7 +1,7 @@
Summary: Netscape Portable Runtime
Name: nspr
-Version: 4.10.8
-Release: 2%{?dist}
+Version: 4.11.0
+Release: 1%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/nspr/
Group: System Environment/Libraries
@@ -17,8 +17,6 @@ Source1: nspr-config.xml
Patch1: nspr-config-pc.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=853902
Patch2: nspr-561901.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1205157
-Patch3: nspr-4.10.10-security-fix.patch
%description
NSPR provides platform independence for non-GUI operating system
@@ -51,9 +49,6 @@ Header files for doing development with the Netscape Portable Runtime.
cp ./nspr/config/nspr-config.in ./nspr/config/nspr-config-pc.in
%patch1 -p0 -b .flags
%patch2 -p0
-pushd nspr
-%patch3 -p1 -b .1269362
-popd
%build
@@ -66,9 +61,11 @@ export LDFLAGS
--prefix=%{_prefix} \
--libdir=%{_libdir} \
--includedir=%{_includedir}/nspr4 \
-%if %{__isa_bits} == 64
+%ifnarch noarch
+%if 0%{__isa_bits} == 64
--enable-64bit \
%endif
+%endif
%ifarch armv7l armv7hl armv7nhl
--enable-thumb2 \
%endif
@@ -148,12 +145,15 @@ done
%{_mandir}/man*/*
%changelog
+* Tue Jan 26 2016 Elio Maldonado <emaldona@redhat.com> - 4.11.0-1
+- Rebase to NSPR 4.11
+
* Fri Oct 16 2015 Elio Maldonado <emaldona@redhat.com> - 4.10.8-2
-- Resolves: Bug 1269362 - CVE-2015-7183
+- Resolves: Bug 1269363 - CVE-2015-7183
- nspr: heap-buffer overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption
-* Mon Apr 13 2015 Elio Maldonado <emaldona@redhat.com> - 4.10.8-1
-- Resolves: Bug 1211372 - Rebase nspr to 4.10.8 for Firefox 38 ESR [RHEL7.1]
+* Mon Mar 30 2015 Elio Maldonado <emaldona@redhat.com> - 4.10.8-1
+- Resolves: Bug 1200917 - Rebase nspr to 4.10.8 for Firefox 38 ESR
* Mon Dec 01 2014 Elio Maldonado <emaldona@redhat.com> - 4.10.6-3
- Restore s390x related patch as it hasn't been applied upstream yet