diff --git a/nss-3.15.1-correct-path-to-prtypes.h.patch b/nss-3.15.1-correct-path-to-prtypes.h.patch
new file mode 100644
index 0000000..122fce6
--- /dev/null
+++ b/nss-3.15.1-correct-path-to-prtypes.h.patch
@@ -0,0 +1,11 @@
+--- nss-3.15.1/nss/lib/util/hasht.h	2013-06-27 17:58:08.000000000 +0000
++++ nss-3.15.1/nss/lib/util/hasht.h.tpg	2013-08-12 07:28:35.342936969 +0000
+@@ -5,7 +5,7 @@
+ #ifndef _HASHT_H_
+ #define _HASHT_H_
+ 
+-#include "prtypes.h"
++#include "nspr4/prtypes.h"
+ 
+ /* Opaque objects */
+ typedef struct SECHashObjectStr SECHashObject;
diff --git a/nss-3.15.1.prtypes.patch b/nss-3.15.1.prtypes.patch
deleted file mode 100644
index 0c4e4a5..0000000
--- a/nss-3.15.1.prtypes.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Nur nss-3.15.1.old/nss/lib/util/hasht.h nss-3.15.1/nss/lib/util/hasht.h
---- nss-3.15.1.old/nss/lib/util/hasht.h	2013-06-27 21:58:08.000000000 +0400
-+++ nss-3.15.1/nss/lib/util/hasht.h	2013-11-28 13:38:39.809153998 +0400
-@@ -5,7 +5,7 @@
- #ifndef _HASHT_H_
- #define _HASHT_H_
- 
--#include "prtypes.h"
-+#include "nspr4/prtypes.h"
- 
- /* Opaque objects */
- typedef struct SECHashObjectStr SECHashObject;
diff --git a/nss-cross.patch b/nss-cross.patch
new file mode 100644
index 0000000..4565592
--- /dev/null
+++ b/nss-cross.patch
@@ -0,0 +1,34 @@
+diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
+index a586e5e..ec43193 100644
+--- a/nss/coreconf/Linux.mk
++++ b/nss/coreconf/Linux.mk
+@@ -16,9 +16,13 @@ ifeq ($(USE_PTHREADS),1)
+ 	IMPL_STRATEGY = _PTH
+ endif
+ 
+-CC			= gcc
+-CCC			= g++
+-RANLIB			= ranlib
++TARGETCC               = gcc
++TARGETCCC              = g++
++TARGETRANLIB           = ranlib
++
++CC                     = $(TARGETCC)
++CCC                    = $(TARGETCCC)
++RANLIB                 = $(TARGETRANLIB)
+ 
+ DEFAULT_COMPILER = gcc
+ 
+--- nss-3.14.3/nss/cmd/shlibsign/sign.sh.bero	2013-03-21 16:19:04.000000000 +0000
++++ nss-3.14.3/nss/cmd/shlibsign/sign.sh	2013-03-21 16:20:55.000000000 +0000
+@@ -45,7 +45,9 @@ WIN*)
+     export LIBRARY_PATH
+     ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+     export ADDON_PATH
++    # The fallback to system shlibsign is for crosscompiling -- in that case, the
++    # just-built version will (obviously) fail to run
+     echo "${2}"/shlibsign -v -i "${5}"
+-    "${2}"/shlibsign -v -i "${5}"
++    "${2}"/shlibsign -v -i "${5}" || /usr/bin/shlibsign -v -i "${5}"
+     ;;
+ esac
diff --git a/nss.spec b/nss.spec
index 81e1863..19d79bd 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,14 +1,15 @@
 %bcond_without  lib
+%bcond_with	cross_compiling
+%define url_ver	%(echo %{version}| sed -e "s|\\.|_|g")
 
-%define major 3
-%define libname %mklibname %{name} %{major}
+%define major	3
+%define libname	%mklibname %{name} %{major}
 %define libfreebl %mklibname freebl %{major}
-%define develname %mklibname -d %{name}
-%define sdevelname %mklibname -d -s %{name}
-%define cvsver 3_26
+%define devname	%mklibname -d %{name}
+%define sdevname %mklibname -d -s %{name}
+%define _disable_lto 1
 
-%define nspr_libname %mklibname nspr 4
-%define	nspr_version 4.12
+%define	nspr_version 4.10
 
 # this seems fragile, so require the exact version or later (#58754)
 %define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0)
@@ -18,38 +19,42 @@
 %{?_with_empty:   %{expand: %%global build_empty 1}}
 %{?_without_empty:   %{expand: %%global build_empty 0}}
 
+Summary:	Netscape Security Services
 Name:		nss
 Epoch:		2
 Version:	3.26
 Release:	1
-Summary:	Netscape Security Services
 Group:		System/Libraries
 License:	MPL or GPLv2+ or LGPLv2+
-URL:		http://www.mozilla.org/projects/security/pki/nss/index.html
-Source0:	http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{version}.tar.gz
-Source1:	nss.pc.in
-Source2:	nss-config.in
-Source3:	blank-cert8.db
-Source4:	blank-key3.db
-Source5:	blank-secmod.db
-Source6:	certdata_empty.txt
+Url:		http://www.mozilla.org/projects/security/pki/nss/index.html
+Source0:	http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz
+#Source1:	http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz.asc
+Source2:	nss.pc.in
+Source3:	nss-config.in
+Source4:	blank-cert8.db
+Source5:	blank-key3.db
+Source6:	blank-secmod.db
+Source7:	certdata_empty.txt
 # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
 # converted from PEM to DER format with openssl command:
 # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
 # this way we can avoid a buildrequires for openssl
-Source7:	verisign-class-3-secure-server-ca.der
+Source8:	verisign-class-3-secure-server-ca.der
 # Brasilian government certificate
 # verified in person with a government official
-Source8:	http://www.icpbrasil.gov.br/certificadoACRaiz.crt
+Source9:	http://www.icpbrasil.gov.br/certificadoACRaiz.crt
 Patch0:		nss-no-rpath.patch
 Patch1:		nss-fixrandom.patch
-Patch4:		renegotiate-transitional.patch
-Patch5:         nss-3.15.1.prtypes.patch
+Patch2:		renegotiate-transitional.patch
+Patch3:		nss-cross.patch
+# (tpg) be carefull with last nspr4-4.10 because prtypes.h was moved to include/nspr4/
+Patch4:		nss-3.15.1-correct-path-to-prtypes.h.patch
+
 BuildRequires:	rootcerts >= 1:20120218.00
-BuildRequires:	nspr-devel >= 2:4.9.0
-BuildRequires:	zlib-devel
-BuildRequires:	sqlite3-devel >= 3.7.7.1
 BuildRequires:	zip
+BuildRequires:	pkgconfig(nspr)
+BuildRequires:	pkgconfig(sqlite3)
+BuildRequires:	pkgconfig(zlib)
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -93,7 +98,7 @@ Conflicts: %{_lib}nss3 < 2:3.13.1-5
 %description -n %{libfreebl}
 This package contains the shared libraries libfreebl3 and libsoftokn3.
 
-%package -n %{develname}
+%package -n %{devname}
 Summary:	Network Security Services (NSS) - development files
 Group:		Development/C++
 Requires:	%{libname} >= %{epoch}:%{version}-%{release}
@@ -101,29 +106,30 @@ Requires:	%{libfreebl} >= %{epoch}:%{version}-%{release}
 Provides:	nss-devel = %{epoch}:%{version}-%{release}
 %rename %{libname}-devel
 
-%description -n %{develname}
+%description -n %{devname}
 Header files to doing development with Network Security Services.
 
-%package -n %{sdevelname}
+%package -n %{sdevname}
 Summary:	Network Security Services (NSS) - static libraries
 Group:		Development/C++
 Requires:	%{libname} >= %{epoch}:%{version}-%{release}
-Requires:	%{develname} >= %{epoch}:%{version}-%{release}
+Requires:	%{devname} >= %{epoch}:%{version}-%{release}
 Provides:	nss-static-devel = %{epoch}:%{version}-%{release}
 Conflicts:	libopenssl-static-devel
 %rename %{libname}-static-devel
 
-%description -n %{sdevelname}
+%description -n %{sdevname}
 Static libraries for doing development with Network Security Services.
 %endif
 
 %prep
-
 %setup -q
-%patch0 -p0 -b .no-rpath
+#%  apply_patches
+%patch0 -p0
 %patch1 -p0
-%patch4 -p1 -b .transitional
-%patch5 -p1
+%patch2 -p0 -b .transitional
+%patch3 -p1
+%patch4 -p1
 
 find . -type d -perm 0700 -exec chmod 755 {} \;
 find . -type f -perm 0555 -exec chmod 755 {} \;
@@ -131,8 +137,13 @@ find . -type f -perm 0444 -exec chmod 644 {} \;
 find . -name '*.h' -executable -exec chmod -x {} \;
 find . -name '*.c' -executable -exec chmod -x {} \;
 
+# remove hardcoded gcc
+sed -i 's!gcc!%{__cc}!g' nss/coreconf/Linux.mk
+
 %build
+%serverbuild
 %setup_compile_flags
+export CC=gcc
 export BUILD_OPT=1
 export OPTIMIZER="%{optflags}"
 export XCFLAGS="%{optflags} -Wno-error"
@@ -153,31 +164,64 @@ export NSS_ENABLE_ECC=1
 # TODO: Investigate as there may be a better solution
 export NSS_DISABLE_GTESTS=1
 
-%ifarch x86_64 ppc64 ia64 s390x
-export USE_64=1
-%endif
-
 %if %{build_empty}
 # (oe) the "trust no one" scenario, it goes like:
-# 1. mv /% {_lib}/libnssckbi.so /% {_lib}/libnssckbi.so.BAK
-# 2. mv /% {_lib}/libnssckbi_empty.so /% {_lib}/libnssckbi.so
+# 1. mv /%{_lib}/libnssckbi.so /%{_lib}/libnssckbi.so.BAK
+# 2. mv /%{_lib}/libnssckbi_empty.so /%{_lib}/libnssckbi.so
 # 3. restart ff/tb
 # it has to be done manually for now, but at least we have a way for 
 # users to quickly mitigate future problems, or whatever :-)
 
-pushd mozilla/security/nss/lib/ckfw/builtins
-%{__perl} ./certdata.perl < %{SOURCE6}
+pushd nss/lib/ckfw/builtins
+perl ./certdata.perl < %{SOURCE7}
 popd
 %endif
 
+%if %cross_compiling
+	# Compile tools used at build time (nsinstall) in native
+	# mode before setting up the environment for crosscompiling
+	export USE_64=1
+	make -j1 -C ./nss \
+		build_coreconf build_dbm all
+
+	CPU_ARCH="%_target_cpu"
+	if echo $CPU_ARCH |grep -qE '(i.86|pentium.|athlon)'; then
+		CPU_ARCH=x86
+	fi
+	export CPU_ARCH
+%endif
+
+export NATIVE_CC="/usr/bin/gcc"
+export TARGETCC="%{__cc}"
+export TARGETCCC="%{__cxx}"
+export TARGETRANLIB="%{__ranlib}"
+%ifarch x86_64 ppc64 ia64 s390x aarch64
+export USE_64=1
+%else
+unset USE_64 || :
+%endif
+
 # Parallel is broken as of 3.11.4 :(
+#make -j1 -C ./nss/coreconf ./nss/lib/dbm ./nss \
+#	TARGETCC="$TARGETCC" \
+#	TARGETCCC="$TARGETCCC" \
+#	TARGETRANLIB="$TARGETRANLIB" \
+#	AR="%__ar cr \"\$@\"" \
+#%if %cross_compiling
+#	CPU_ARCH="$CPU_ARCH" \
+#%endif
+#%if %with %{cross_compiling}
+#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar" CPU_ARCH="$CPU_ARCH"
+#%else
+#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar"
+#%endif
 %make -j1 -C ./nss/coreconf
 %make -j1 -C ./nss/lib/dbm
 %make -j1 -C ./nss
 
 %if %{build_empty}
 # tuck away the empty libnssckbi.so library
-cp -p mozilla/security/nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so
+cp -p nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so
 %endif
 
 # install new Verisign intermediate certificate
@@ -190,7 +234,7 @@ if [ -z "$ADDBUILTIN" ]; then
 fi
 ADDBUILTIN="$PWD/$ADDBUILTIN"
 OLD="$LD_LIBRARY_PATH"
-libpath=`%{_bindir}/find ./dist/ -name "Linux*" -type d`
+libpath=`%{_bindir}/find ./dist/ -name "Linux*.*" -type d`
 # to use the built libraries instead of requiring nss
 # again as buildrequires
 export LD_LIBRARY_PATH="$PWD/$libpath/lib"
@@ -208,7 +252,7 @@ pushd nss/lib/ckfw/builtins
 # *ALL* of the mozilla based softwares that support SSL has to link against
 # the NSS library.
 # recreate certificates
-%{__perl} ./certdata.perl < /etc/pki/tls/mozilla/certdata.txt
+perl ./certdata.perl < /etc/pki/tls/mozilla/certdata.txt
 
 %make clean
 %make -j1
@@ -219,16 +263,16 @@ export LD_LIBRARY_PATH="$OLD"
 %install
 pushd dist/$(uname -s)*
 
-%{__mkdir_p} %{buildroot}%{_bindir}
-%{__cp} -aL bin/* %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_bindir}
+cp -aL bin/* %{buildroot}%{_bindir}
 
 %if %with lib
-%{__mkdir_p} %{buildroot}%{_libdir}
-%{__mkdir_p} %{buildroot}/%{_lib}
-%{__mkdir_p} %{buildroot}%{_includedir}/nss
-%{__cp} -aL ../public/nss/* %{buildroot}%{_includedir}/nss
+mkdir -p %{buildroot}%{_libdir}
+mkdir -p %{buildroot}/%{_lib}
+mkdir -p %{buildroot}%{_includedir}/nss
+cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss
 
-%{__cp} -aL lib/libcrmf.a \
+cp -aL lib/libcrmf.a \
             lib/libnss.a \
             lib/libnssb.a \
             lib/libnssckbi.so \
@@ -239,10 +283,10 @@ pushd dist/$(uname -s)*
             %{buildroot}%{_libdir}
 
 # Copy the binary libraries we want
-for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
+for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \
             libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so
 do
-  %{__install} -m 755 lib/$file %{buildroot}/%{_lib}
+  install -m 755 lib/$file %{buildroot}/%{_lib}
   ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
 done
 
@@ -254,8 +298,8 @@ do
   ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
 done
 
-%{__mkdir_p} %{buildroot}%{_libdir}/pkgconfig
-cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+mkdir -p %{buildroot}%{_libdir}/pkgconfig
+cat %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \
                           -e "s,%%prefix%%,%{_prefix},g" \
                           -e "s,%%exec_prefix%%,%{_prefix},g" \
                           -e "s,%%includedir%%,%{_includedir}/nss,g" \
@@ -271,8 +315,8 @@ export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR"
 export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'`
 export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'`
 
-%{__mkdir_p} %{buildroot}%{_bindir}
-cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+mkdir -p %{buildroot}%{_bindir}
+cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
                                -e "s,@prefix@,%{_prefix},g" \
                                -e "s,@exec_prefix@,%{_prefix},g" \
                                -e "s,@includedir@,%{_includedir}/nss%{major},g" \
@@ -283,41 +327,42 @@ cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
 %endif
 
 pushd nss/cmd/smimetools
-%{__install} -m 0755 smime %{buildroot}%{_bindir}
-%{__perl} -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime
+install -m 0755 smime %{buildroot}%{_bindir}
+perl -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime
 popd
 
 # add docs
-%{__mkdir_p} docs/SSLsample
+mkdir -p docs/SSLsample
+#cp -a mozilla/security/nss/cmd/SSLsample/README docs/SSLsample/
 
-%{__mkdir_p} docs/bltest
+mkdir -p docs/bltest
 cp -a nss/cmd/bltest/tests/* docs/bltest/
 chmod -R a+r docs
 
-%{__mkdir_p} docs/certcgi
-%{__cp} -a nss/cmd/certcgi/*.html docs/certcgi/
-%{__cp} -a nss/cmd/certcgi/HOWTO.txt docs/certcgi/
+mkdir -p docs/certcgi
+cp -a nss/cmd/certcgi/*.html docs/certcgi/
+cp -a nss/cmd/certcgi/HOWTO.txt docs/certcgi/
 
-%{__mkdir_p} docs/modutil
-%{__cp} -a nss/cmd/modutil/*.html docs/modutil/
+mkdir -p docs/modutil
+cp -a nss/cmd/modutil/*.html docs/modutil/
 
-%{__mkdir_p} docs/signtool
-%{__cp} -a nss/cmd/signtool/README docs/signtool/
+mkdir -p docs/signtool
+cp -a nss/cmd/signtool/README docs/signtool/
 
-%{__mkdir_p} docs/signver
-%{__cp} -a nss/cmd/signver/examples/1/*.pl docs/signver/
-%{__cp} -a nss/cmd/signver/examples/1/*.html docs/signver/
+mkdir -p docs/signver
+cp -a nss/cmd/signver/examples/1/*.pl docs/signver/
+cp -a nss/cmd/signver/examples/1/*.html docs/signver/
 
-%{__mkdir_p} docs/ssltap
-%{__cp} -a nss/cmd/ssltap/*.html docs/ssltap/
+mkdir -p docs/ssltap
+cp -a nss/cmd/ssltap/*.html docs/ssltap/
 
 # Install the empty NSS db files
-%{__mkdir_p} %{buildroot}%{_sysconfdir}/pki/nssdb
-%{__install} -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
-%{__install} -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
-%{__install} -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
+mkdir -p %{buildroot}%{_sysconfdir}/pki/nssdb
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
+install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
+install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
 
-%{_bindir}/find docs -type f | %{_bindir}/xargs -t %{__perl} -pi -e 's/\r$//g'
+%{_bindir}/find docs -type f | %{_bindir}/xargs -t perl -pi -e 's/\r$//g'
 
 %if %{build_empty}
 # install the empty libnssckbi.so library (use alternatives?)
@@ -352,9 +397,8 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %attr(0755,root,root) %{_bindir}/derdump
 %attr(0755,root,root) %{_bindir}/dertimetest
 %attr(0755,root,root) %{_bindir}/digest
-%attr(0755,root,root) %{_bindir}/encodeinttest
 %attr(0755,root,root) %{_bindir}/ecperf
-%attr(0755,root,root) %{_bindir}/ectest
+%attr(0755,root,root) %{_bindir}/encodeinttest
 %attr(0755,root,root) %{_bindir}/fipstest
 %attr(0755,root,root) %{_bindir}/httpserv
 %attr(0755,root,root) %{_bindir}/listsuites
@@ -403,6 +447,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %if %with lib
 %files -n %{libfreebl}
 /%{_lib}/libfreebl%{major}.so
+/%{_lib}/libfreeblpriv%{major}.so
 /%{_lib}/libsoftokn%{major}.so
 %defattr(0644,root,root,0755)
 %ghost /%{_lib}/libfreebl%{major}.chk
@@ -419,13 +464,11 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 /%{_lib}/libsmime%{major}.so
 /%{_lib}/libssl%{major}.so
 
-%files -n %{develname}
-%defattr(0644,root,root,0755)
+%files -n %{devname}
 %attr(0755,root,root) %{_bindir}/nss-config
 %attr(0755,root,root) %{multiarch_bindir}/nss-config
 %_libdir/*.so
 %dir %{_includedir}/nss
-%{_includedir}/nss/pkcs1sig.h
 %{_includedir}/nss/base64.h
 %{_includedir}/nss/blapit.h
 %{_includedir}/nss/certdb.h
@@ -492,6 +535,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %{_includedir}/nss/pkcs11u.h
 %{_includedir}/nss/pkcs12.h
 %{_includedir}/nss/pkcs12t.h
+%{_includedir}/nss/pkcs1sig.h
 %{_includedir}/nss/pkcs7t.h
 %{_includedir}/nss/portreg.h
 %{_includedir}/nss/preenc.h
@@ -527,8 +571,7 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %{_libdir}/libsoftokn%{major}.chk
 %{_libdir}/libfreebl%{major}.chk
 
-%files -n %{sdevelname}
-%defattr(0644,root,root,0755)
+%files -n %{sdevname}
 %{_libdir}/libcrmf.a
 %{_libdir}/libnss.a
 %{_libdir}/libnssutil.a
@@ -538,4 +581,3 @@ install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
 %{_libdir}/libssl.a
 %endif
 
-