diff --git a/.gitignore b/.gitignore
index 0ed84b6..b386124 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/nss-util-3.28.4.tar.gz
+SOURCES/nss-util-3.34.0.tar.gz
diff --git a/.nss-util.metadata b/.nss-util.metadata
index 779d4b0..96a9507 100644
--- a/.nss-util.metadata
+++ b/.nss-util.metadata
@@ -1 +1 @@
-cf8f65cd933957802a2ed95c2e67061fff43f350 SOURCES/nss-util-3.28.4.tar.gz
+a614a976a848d65b840e65a58d73529dffcf25d4 SOURCES/nss-util-3.34.0.tar.gz
diff --git a/SOURCES/nss-util-ecc-defaults.patch b/SOURCES/nss-util-ecc-defaults.patch
new file mode 100644
index 0000000..f4cd5bb
--- /dev/null
+++ b/SOURCES/nss-util-ecc-defaults.patch
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Bob Relyea <rrelyea@redhat.com>
+# Date 1513864398 -3600
+# Thu Dec 21 14:53:18 2017 +0100
+# Node ID e577b1df8dabb31466cebad07fdbe0883290bede
+# Parent 481de926f1fa18b7b62e80b59f28f2aef7ab3034
+Bug 1312142, Softoken still does not handle login state correctly for user db slots in FIPS mode, r=kaie
+
+diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c
+--- a/lib/util/utilpars.c
++++ b/lib/util/utilpars.c
+@@ -589,6 +589,7 @@ struct nssutilArgSlotFlagTable {
+ }
+ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
+ NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
++ NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG),
+ NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
+ NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
+ NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
+diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h
+--- a/lib/util/utilparst.h
++++ b/lib/util/utilparst.h
+@@ -43,7 +43,7 @@
+ #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
+ " askpw=any timeout=30})\""
+ #define NSSUTIL_DEFAULT_SFTKN_FLAGS \
+- "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
++ "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+
+ #define NSSUTIL_DEFAULT_CIPHER_ORDER 0
+ #define NSSUTIL_DEFAULT_TRUST_ORDER 50
diff --git a/SOURCES/nss-util-mozilla-ca-policy.patch b/SOURCES/nss-util-mozilla-ca-policy.patch
deleted file mode 100644
index de662f2..0000000
--- a/SOURCES/nss-util-mozilla-ca-policy.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-# HG changeset patch
-# User Kai Engert <kaie@kuix.de>
-# Date 1486667455 -3600
-# Thu Feb 09 20:10:55 2017 +0100
-# Node ID 29858a467f45b3964c7403ab4e41daf5c5bc18ad
-# Parent 867f6176020d098a5c069bf43f06ef5c68e4c3cd
-Bug 1334976, use a new attribute in the builtins root CA list, to distinguish between Mozilla policy CAs and other CAs, code changes, r=rrelyea
-
-diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h
---- a/lib/util/pkcs11n.h
-+++ b/lib/util/pkcs11n.h
-@@ -93,6 +93,8 @@
- #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32)
- #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
-
-+#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34)
-+
- /*
- * Trust attributes:
- *
diff --git a/SOURCES/nss-util-pkcs12.patch b/SOURCES/nss-util-pkcs12.patch
deleted file mode 100644
index c5994b3..0000000
--- a/SOURCES/nss-util-pkcs12.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1481829086 -3600
-# Thu Dec 15 20:11:26 2016 +0100
-# Node ID 6d66c2c24e4d9d1ad12a7065c55ef1c9fe143057
-# Parent 35ecce23718136f99ca9537007481b4774c57e68
-Bug 1268143 - pk12util can't import PKCS#12 files with SHA-256 MAC, r=rrelyea
-
-diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h
---- a/lib/util/pkcs11n.h
-+++ b/lib/util/pkcs11n.h
-@@ -222,6 +222,12 @@
- #define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27)
- #define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28)
-
-+/* Additional PKCS #12 PBE algorithms defined in v1.1 */
-+#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29)
-+#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30)
-+#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31)
-+#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32)
-+
- /*
- * HISTORICAL:
- * Do not attempt to use these. They are only used by NETSCAPE's internal
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1485768835 -3600
-# Mon Jan 30 10:33:55 2017 +0100
-# Node ID 09d1a0757431fa52ae025138da654c698141971b
-# Parent 806c3106536feea0827ec54729a52b5cbac8a496
-Bug 1268141 - pk12util can't import PKCS#12 files encrypted with AES-128-CBC, r=rrelyea
-
-diff --git a/lib/util/ciferfam.h b/lib/util/ciferfam.h
---- a/lib/util/ciferfam.h
-+++ b/lib/util/ciferfam.h
-@@ -52,6 +52,9 @@
- #define PKCS12_RC4_128 (CIPHER_FAMILYID_PKCS12 | 0012)
- #define PKCS12_DES_56 (CIPHER_FAMILYID_PKCS12 | 0021)
- #define PKCS12_DES_EDE3_168 (CIPHER_FAMILYID_PKCS12 | 0022)
-+#define PKCS12_AES_CBC_128 (CIPHER_FAMILYID_PKCS12 | 0031)
-+#define PKCS12_AES_CBC_192 (CIPHER_FAMILYID_PKCS12 | 0032)
-+#define PKCS12_AES_CBC_256 (CIPHER_FAMILYID_PKCS12 | 0033)
-
- /* SMIME version numbers are negative, to avoid colliding with SSL versions */
- #define SMIME_LIBRARY_VERSION_1_0 -0x0100
diff --git a/SOURCES/nss-util-policy-double-newline.patch b/SOURCES/nss-util-policy-double-newline.patch
deleted file mode 100644
index c627990..0000000
--- a/SOURCES/nss-util-policy-double-newline.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-diff --git a/lib/util/utilmod.c b/lib/util/utilmod.c
---- a/lib/util/utilmod.c
-+++ b/lib/util/utilmod.c
-@@ -227,20 +227,25 @@ nssutil_ReadSecmodDB(const char *appName
- * the following loop takes line separated config lines and collapses
- * the lines to a single string, escaping and quoting as necessary.
- */
- /* loop state variables */
- moduleString = NULL; /* current concatenated string */
- internal = PR_FALSE; /* is this an internal module */
- skipParams = PR_FALSE; /* did we find an override parameter block*/
- paramsValue = NULL; /* the current parameter block value */
-- while (fgets(line, sizeof(line), fd) != NULL) {
-- int len = PORT_Strlen(line);
-+ do {
-+ int len;
-+
-+ if (fgets(line, sizeof(line), fd) == NULL) {
-+ goto endloop;
-+ }
-
- /* remove the ending newline */
-+ len = PORT_Strlen(line);
- if (len && line[len - 1] == '\n') {
- len--;
- line[len] = 0;
- }
- if (*line == '#') {
- continue;
- }
- if (*line != 0) {
-@@ -339,16 +344,17 @@ nssutil_ReadSecmodDB(const char *appName
- }
- }
- continue;
- }
- if ((moduleString == NULL) || (*moduleString == 0)) {
- continue;
- }
-
-+ endloop:
- /*
- * if we are here, we have found a complete stanza. Now write out
- * any param section we may have found.
- */
- if (paramsValue) {
- /* we had an override */
- if (!skipParams) {
- moduleString = nssutil_DupnCat(moduleString, " parameters=", 12);
-@@ -374,17 +380,17 @@ nssutil_ReadSecmodDB(const char *appName
- moduleList[0] = moduleString;
- } else {
- moduleList[moduleCount] = moduleString;
- moduleCount++;
- }
- moduleString = NULL;
- internal = PR_FALSE;
- skipParams = PR_FALSE;
-- }
-+ } while (!feof(fd));
-
- if (moduleString) {
- PORT_Free(moduleString);
- moduleString = NULL;
- }
- done:
- /* if we couldn't open a pkcs11 database, look for the old one */
- if (fd == NULL) {
diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec
index 51c76ef..2bc4044 100644
--- a/SPECS/nss-util.spec
+++ b/SPECS/nss-util.spec
@@ -1,11 +1,11 @@
-%global nspr_version 4.13.1
+%global nspr_version 4.17.0
# adjust to the very latest build needed
-%global nspr_build_version -1.0
+%global nspr_build_version -1
Summary: Network Security Services Utilities Library
Name: nss-util
-Version: 3.28.4
-Release: 3%{?dist}
+Version: 3.34.0
+Release: 2%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -39,13 +39,8 @@ Patch7: pkcs1sig-include-prtypes.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
Patch8: nss-util-3.19.1-tls12-mechanisms.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1334976
-Patch9: nss-util-mozilla-ca-policy.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1268143
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1268141
-Patch10: nss-util-pkcs12.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1319856
-Patch11: nss-util-policy-double-newline.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1312142
+Patch9: nss-util-ecc-defaults.patch
%description
Utilities for Network Security Services and the Softoken module
@@ -70,9 +65,7 @@ Header and library files for doing development with Network Security Services.
%patch7 -p0 -b .include_prtypes
%patch8 -p1 -b .tls12_mechs
pushd nss
-%patch9 -p1 -b .mozilla_ca_policy
-%patch10 -p1 -b .pkcs12
-%patch11 -p1 -b .policy_double_newline
+%patch9 -p1 -b .ecc_defaults
popd
@@ -224,6 +217,7 @@ done
%{_includedir}/nss3/pkcs11p.h
%{_includedir}/nss3/pkcs11t.h
%{_includedir}/nss3/pkcs11u.h
+%{_includedir}/nss3/pkcs11uri.h
%{_includedir}/nss3/pkcs1sig.h
%{_includedir}/nss3/portreg.h
%{_includedir}/nss3/secasn1.h
@@ -245,6 +239,18 @@ done
%{_includedir}/nss3/templates/templates.c
%changelog
+* Tue Jan 16 2018 Daiki Ueno <dueno@redhat.com> - 3.34.0-2
+- Recognize "ECC" flag in slotFlags
+
+* Thu Nov 23 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-1
+- Rebase to nss-3.34
+
+* Mon Oct 30 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-0.1.beta1
+- Rebase to nss-3.34-beta1
+
+* Fri Oct 6 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1
+- Rebase to nss-3.33
+
* Mon May 15 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-3
- Backport patch to allow empty line at the end of policy file