From 732d1042a35c7db64c4ce1980e938666c65671ea Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Apr 29 2013 13:49:37 +0000
Subject: Require version of NSS that properly parses base64-encoded certs


There were cases where a base64-encoded cert with no header/footer would
not be handled properly and rejected. This was causing the CA install
to fail.

https://fedorahosted.org/freeipa/ticket/3586

---

diff --git a/freeipa.spec.in b/freeipa.spec.in
index af3fb37..fc1c6ab 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -95,8 +95,13 @@ Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-server-selinux = %{version}-%{release}
 Requires: 389-ds-base >= 1.3.0.5
 Requires: openldap-clients
-Requires: nss
-Requires: nss-tools
+%if 0%{?fedora} == 18
+Requires: nss >= 3.14.3-2
+Requires: nss-tools >= 3.14.3-2
+%else
+Requires: nss >= 3.14.3-12.0
+Requires: nss-tools >= 3.14.3-12.0
+%endif
 %if 0%{?krb5_dal_version} >= 4
 Requires: krb5-server >= 1.11.2-1
 %else
@@ -794,6 +799,9 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Thu Apr 25 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-7
+- Update nss and nss-tools dependency to fix certutil problem (#872761)
+
 * Mon Apr 15 2013 Martin Kosek <mkosek@redhat.com> - 3.1.99-6
 - Require samba 4.0.5, includes new passdb API
 - Require krb5 1.11.2-1, fixes missing PAC issue