main/nss: upgrade to 3.21

2 files changed, 7 insertions, 54 deletions

diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index dc2d292204..3a2acd8969 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=nss
-pkgver=3.20.1
+pkgver=3.21
 _ver=${pkgver//./_}
 pkgrel=0
 pkgdesc="Mozilla Network Security Services"
@@ -15,7 +15,6 @@ source="http://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/sr
 	nss.pc.in
 	nss-config.in
 	add_spi+cacert_ca_certs.patch
-	rhbz1185708-enable-ecc-ciphers-by-default.patch
 	"
 depends_dev="nspr-dev"
 
@@ -139,18 +138,15 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="c285ef92de0031cb0a8caa60d396d618  nss-3.20.1.tar.gz
+md5sums="3c8b2ed880dd3a8d86c9e0151afe6eba  nss-3.21.tar.gz
 c547b030c57fe1ed8b77c73bf52b3ded  nss.pc.in
 46bee81908f1e5b26d6a7a2e14c64d9f  nss-config.in
-981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch
-d3cfe84b67e9fd7c0009f48836b1fe1f  rhbz1185708-enable-ecc-ciphers-by-default.patch"
-sha256sums="ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97  nss-3.20.1.tar.gz
+981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch"
+sha256sums="3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239  nss-3.21.tar.gz
 b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd  nss.pc.in
 e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9  nss-config.in
-592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch
-5f4466b25051285ef8ab8307d69149eaa72ab36dd5ea67175a5da603a6fd4d4f  rhbz1185708-enable-ecc-ciphers-by-default.patch"
-sha512sums="c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74  nss-3.20.1.tar.gz
+592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch"
+sha512sums="0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53  nss-3.21.tar.gz
 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
-6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch
-905b25e7c9f844335a961f3173311b2dbd8e4de9d74a65f2e2ab71b8afcd05ffd408d85ff6d5e134126c878e7b23f0a0ccdb94478e894d8bcc6d50585b9cdcf2  rhbz1185708-enable-ecc-ciphers-by-default.patch"
+6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch"
diff --git a/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch b/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch
deleted file mode 100644
index 8b69634abb..0000000000
--- a/main/nss/rhbz1185708-enable-ecc-ciphers-by-default.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c
-+++ b/nss/lib/ssl/ssl3con.c
-@@ -85,29 +85,29 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
-  *
-  * Important: See bug 946147 before enabling, reordering, or adding any cipher
-  * suites to this list.
-  */
- static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
-    /*      cipher_suite                     policy       enabled   isPresent */
- 
- #ifndef NSS_DISABLE_ECC
-- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-     * bug 946147.
-     */
-- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
-- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
-+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- #endif /* NSS_DISABLE_ECC */
- 
-  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
-  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},