From 304de980b97860fad0b74690a463ff72cf534094 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Nov 01 2012 18:16:11 +0000
Subject: Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default


- Update the patch to account for the new sources
- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources

---

diff --git a/nss-ssl-cbc-random-iv-off-by-default.patch b/nss-ssl-cbc-random-iv-off-by-default.patch
index 28dfa48..04ecf64 100644
--- a/nss-ssl-cbc-random-iv-off-by-default.patch
+++ b/nss-ssl-cbc-random-iv-off-by-default.patch
@@ -1,25 +1,25 @@
-diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
---- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible	2012-01-05 13:54:36.430389994 -0800
-+++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-01-05 13:55:25.810750394 -0800
-@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
+diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.770682 ./mozilla/security/nss/lib/ssl/sslsock.c
+--- ./mozilla/security/nss/lib/ssl/sslsock.c.770682	2012-11-01 11:10:54.107504267 -0700
++++ ./mozilla/security/nss/lib/ssl/sslsock.c	2012-11-01 11:07:36.758464814 -0700
+@@ -153,7 +153,7 @@ static sslOptions ssl_defaults = {
      3,          /* enableRenegotiation (default: transitional) */
      PR_FALSE,   /* requireSafeNegotiation */
      PR_FALSE,   /* enableFalseStart   */
--    PR_TRUE     /* cbcRandomIV        */
-+    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
+-    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
++    PR_TRUE     /* cbcRandomIV        */
  };
  
- sslSessionIDLookupFunc  ssl_sid_lookup;
-@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
+ /*
+@@ -2833,9 +2833,9 @@ ssl_SetDefaultsFromEnvironment(void)
  	                PR_TRUE));
  	}
  	ev = getenv("NSS_SSL_CBC_RANDOM_IV");
--	if (ev && ev[0] == '0') {
--	    ssl_defaults.cbcRandomIV = PR_FALSE;
--	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
-+	if (ev && ev[0] == '1') {
-+	    ssl_defaults.cbcRandomIV = PR_TRUE;
-+	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
+-	if (ev && ev[0] == '1') {
+-	    ssl_defaults.cbcRandomIV = PR_TRUE;
+-	    SSL_TRACE(("SSL: cbcRandomIV set to 1"));
++	if (ev && ev[0] == '0') {
++	    ssl_defaults.cbcRandomIV = PR_FALSE;
++	    SSL_TRACE(("SSL: cbcRandomIV set to 0"));
  	}
      }
  #endif /* NSS_HAVE_GETENV */
diff --git a/nss.spec b/nss.spec
index a405f45..31dcd10 100644
--- a/nss.spec
+++ b/nss.spec
@@ -146,7 +146,7 @@ low level services.
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
 # activate for stable and beta branches
-%patch29 -p0 -b .770682
+#%patch29 -p0 -b .770682
 %patch40 -p1 -b .noocsptest
 
 %build
@@ -582,7 +582,8 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 %changelog
 * Thu Nov 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-6
 - Reenable patch to set NSS_SSL_CBC_RANDOM_IV to 1 by default
-- Bug 872124 - nss 3.14 breaks fedpkg new-sources
+- Update the patch to account for the new sources
+- Resolves Bug 872124 - nss 3.14 breaks fedpkg new-sources
 
 * Wed Oct 31 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-2
 - Fix the spec file so sechash.h gets installed