[rpms/nss] f44: Update NSS to 3.124.0

[Frantisek Krenzelok <fkrenzel@redhat.com>]

A new commit has been pushed.

Repo   : rpms/nss
Branch : f44
Commit : a6597ec69e8bb10d63cde85976b94b8838401022
Author : Frantisek Krenzelok <fkrenzel@redhat.com>
Date   : 2026-06-15T10:49:27+02:00
Stats  : +12/-25 in 4 file(s)
URL    : https://src.fedoraproject.org/rpms/nss/c/a6597ec69e8bb10d63cde85976b94b8838401022?branch=f44

Log:
Update NSS to 3.124.0

---
diff --git a/.gitignore b/.gitignore
index 5ab3bac..1d695d4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -120,3 +120,4 @@ TestUser51.cert
 /nss-3.122.1-with-nspr-4.38.2.tar.gz
 /nss-3.122.2-with-nspr-4.38.2.tar.gz
 /nss-3.123.1-with-nspr-4.38.2.tar.gz
+/nss-3.124-with-nspr-4.39.tar.gz

diff --git a/nss-dbtests-sqlite-mangling.patch b/nss-dbtests-sqlite-mangling.patch
deleted file mode 100644
index 7d7d315..0000000
--- a/nss-dbtests-sqlite-mangling.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/tests/dbtests/dbtests.sh
-+++ b/tests/dbtests/dbtests.sh
-@@ -479,7 +479,7 @@
-         Echo "testing if key corruption is detected in attribute $i"
-         cp ${KEYDB}.save ${KEYDB}  # restore the saved keydb
-         # find all the hmacs for this key attribute and mangle each entry
--        sqlite3 ${KEYDB} ".dump metadata" |  sed -e "/sig_key_.*_00000$i/{s/.*VALUES('\\(.*\\)',X'\\(.*\\)',NULL.*/\\1 \\2/;p;};d" | while read sig data
-+        sqlite3 ${KEYDB} ".dump metadata" |  sed -e "/sig_key_.*_00000$i/{s/.*VALUES('\\(.*\\)',[xX]'\\(.*\\)',NULL.*/\\1 \\2/;p;};d" | while read sig data
-         do
-           # mangle the last byte of the hmac
-           # The following increments the last nibble by 1 with both F and f

diff --git a/nss.spec b/nss.spec
index 1a6ca7f..a73ca07 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,5 +1,5 @@
-%global nspr_version 4.38.2
-%global nss_version 3.123.1
+%global nspr_version 4.39
+%global nss_version 3.124.0
 # NOTE: To avoid NVR clashes of nspr* packages:
 # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
 # - increment %%{nspr_version}, when updating the NSS part only
@@ -7,7 +7,7 @@
 %global nss_release %baserelease
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
 # release number between nss and nspr are different.
-%global nspr_release %[%baserelease+10]
+%global nspr_release %[%baserelease+0]
 # only need to update this as we added new
 # algorithms under nss policy control
 %global crypto_policies_version 20240521
@@ -145,8 +145,6 @@ Patch66:          nss-3.118-ml-dsa-tls-test.patch
 Patch67:          nss-3.118-ml-dsa-unittests.patch
 Patch68:          nss-3.123-fix-mldsa-import-regeneration.patch
 
-Patch70:          nss-dbtests-sqlite-mangling.patch
-
 Patch100:         nspr-config-pc.patch
 Patch101:         nspr-gcc-atomics.patch
 
@@ -632,8 +630,8 @@ pushd nss/tests
 #  don't need to run all the tests when testing packaging
 #  nss_cycles: standard pkix upgradedb sharedb
 #  the full list from all.sh is:
-#  "cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
-%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
+#  "cipher lowhash libpkix cert dbtests tools fips sdr smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
+%define nss_tests "libpkix cert dbtests tools fips sdr smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr policy
 #  nss_ssl_run: cov auth stapling stress
 #
@@ -734,7 +732,7 @@ install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
 install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
 
 # Copy the development libraries we want
-for file in libcrmf.a libnssb.a libnssckfw.a
+for file in libnssb.a libnssckfw.a
 do
   install -p -m 644 dist/${LOBJDIR}/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
@@ -902,7 +900,6 @@ fi
 %doc %{_mandir}/man1/vfyserv.1*
 
 %files devel
-%{_libdir}/libcrmf.a
 %{_libdir}/pkgconfig/nss.pc
 %{_bindir}/nss-config
 %doc %{_mandir}/man1/nss-config.1*
@@ -911,13 +908,9 @@ fi
 %{_includedir}/nss3/cert.h
 %{_includedir}/nss3/certdb.h
 %{_includedir}/nss3/certt.h
-%{_includedir}/nss3/cmmf.h
-%{_includedir}/nss3/cmmft.h
 %{_includedir}/nss3/cms.h
 %{_includedir}/nss3/cmsreclist.h
 %{_includedir}/nss3/cmst.h
-%{_includedir}/nss3/crmf.h
-%{_includedir}/nss3/crmft.h
 %{_includedir}/nss3/cryptohi.h
 %{_includedir}/nss3/cryptoht.h
 %{_includedir}/nss3/sechash.h
@@ -1100,6 +1093,10 @@ fi
 
 
 %changelog
+* Mon Jun  1 2026 Frantisek Krenzelok <fkrenzel@redhat.com> - 3.124.0-1
+- Update NSS to 3.124.0
+- Remove libcrmf as it is being deprecated and we don't use it.
+
 * Thu May  7 2026 Frantisek Krenzelok <fkrenzel@redhat.com> - 3.123.1-1
 - Update NSS to 3.123.1
 

diff --git a/sources b/sources
index 4fbcbf7..ae07bab 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
 SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (nss-3.118-ml-dsa-test-for-sign-verify-pkcs12_files.tar.xz) = c6440f332703ca9a3351be5a35eac42f24b9c114f54137b95691aa353cc329f0fb7016b689b2f976bc6cff66aa62760067f3226efad665a5252f37294a3d12a6
-SHA512 (nss-3.123.1-with-nspr-4.38.2.tar.gz) = 9d1b320ee766bddfe9c870d5c0069d8317e5bdb8d0a2f5ffa181fb14c119dd64cb36082676d5c7d6a2d1b09c68ea14e844c558a1b531564e4be35b5900f6f0b2
+SHA512 (nss-3.124-with-nspr-4.39.tar.gz) = a8af03f4f1ca1148e7ec847b8a5a2d6adcb7656c58243b1473bdd7ee0cbc23ad5d36c5bf62be24b7c9d6ce2b472de72013e58c246f5dca8645590093728759e9