From 0598777c8d01d30e4e177f3da5d91c199106ad49 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Nov 07 2011 16:36:10 +0000 Subject: Merge branch 'master' into f16 Keeping softokn at 3.12.10 as we are bootstrapping the system --- diff --git a/.gitignore b/.gitignore index c4a4ab9..101e14e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -nss-3.12.10-stripped.tar.bz2 +nss-3.13.1-stripped.tar.bz2 nss-pem-20101125.tar.bz2 blank-cert8.db blank-key3.db diff --git a/0001-libnsspem-rhbz-734760.patch b/0001-libnsspem-rhbz-734760.patch new file mode 100644 index 0000000..45b4024 --- /dev/null +++ b/0001-libnsspem-rhbz-734760.patch @@ -0,0 +1,21 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c +--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700 ++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700 +@@ -1117,7 +1117,7 @@ pem_CreateObject + + nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs < 1) +- return (NSSCKMDObject *) NULL; ++ goto loser; + + objid = -1; + /* Brute force: find the id of the key, if any, in this slot */ +@@ -1176,7 +1176,7 @@ pem_CreateObject + + nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */); + if (nobjs < 1) +- return (NSSCKMDObject *) NULL; ++ goto loser; + + certDER.len = 0; /* in case there is no equivalent cert */ + certDER.data = NULL; diff --git a/nss-539183.patch b/nss-539183.patch index bf82d96..4e04e0b 100644 --- a/nss-539183.patch +++ b/nss-539183.patch @@ -1,9 +1,11 @@ diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c ---- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-04-27 15:24:07.922128850 -0700 -+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-04-27 15:27:11.053271675 -0700 -@@ -1493,14 +1493,14 @@ getBoundListenSocket(unsigned short port +--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-10-06 10:42:06.913919000 -0700 ++++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-10-06 10:43:14.858987000 -0700 +@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port + PRStatus prStatus; + PRNetAddr addr; PRSocketOptionData opt; - PRUint16 socketDomain = PR_AF_INET; ++ PRUint16 socketDomain = PR_AF_INET; - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; @@ -12,11 +14,14 @@ diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/securit + errExit("PR_SetNetAddr"); + } - if (PR_GetEnv("NSS_USE_SDP")) { - socketDomain = PR_AF_INET_SDP; - } -- listen_sock = PR_OpenTCPSocket(socketDomain); +- listen_sock = PR_NewTCPSocket(); ++ if (PR_GetEnv("NSS_USE_SDP")) { ++ socketDomain = PR_AF_INET_SDP; ++ } + listen_sock = PR_OpenTCPSocket(PR_AF_INET6); if (listen_sock == NULL) { - errExit("PR_OpenTCPSocket error"); +- errExit("PR_NewTCPSocket"); ++ errExit("PR_OpenTCPSocket error"); } + + opt.option = PR_SockOpt_Nonblocking; diff --git a/nss-703658.patch b/nss-703658.patch deleted file mode 100644 index 182a593..0000000 --- a/nss-703658.patch +++ /dev/null @@ -1,47 +0,0 @@ -Index: mozilla/security/nss/lib/crmf/crmfi.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/crmf/crmfi.h,v -retrieving revision 1.4 -diff -u -u -r1.4 crmfi.h ---- mozilla/security/nss/lib/crmf/crmfi.h 15 Jan 2011 19:47:11 -0000 1.4 -+++ mozilla/security/nss/lib/crmf/crmfi.h 11 May 2011 20:06:26 -0000 -@@ -46,10 +46,38 @@ - #include "secasn1.h" - #include "crmfit.h" - #include "secerr.h" -+#include "blapit.h" - - #define CRMF_DEFAULT_ARENA_SIZE 1024 --#define MAX_WRAPPED_KEY_LEN 2048 - -+/* -+ * Explanation for the definition of MAX_WRAPPED_KEY_LEN: -+ * -+ * It's used for internal buffers to transport a wrapped private key. -+ * The value is in BYTES. -+ * We want to define a reasonable upper bound for this value. -+ * Ideally this could be calculated, but in order to simplify the code -+ * we want to estimate the maximum requires size. -+ * See also mozilla bug 655850 for the full explanation. -+ * -+ * We know the largest wrapped keys are RSA keys. -+ * We'll estimate the maximum size needed for wrapped RSA keys, -+ * and assume it's sufficient for wrapped keys of any type we support. -+ * -+ * The maximum size of RSA keys in bits is defined elsewhere as -+ * RSA_MAX_MODULUS_BITS -+ * -+ * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. -+ * -+ * A wrapped RSA key requires about -+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 -+ * bytes. -+ * -+ * Therefore, a safe upper bound is: -+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS -+ * -+ */ -+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS - - #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) - #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) diff --git a/nss-ckbi-1.88.rtm.patch b/nss-ckbi-1.88.rtm.patch new file mode 100644 index 0000000..c6de789 --- /dev/null +++ b/nss-ckbi-1.88.rtm.patch @@ -0,0 +1,637 @@ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.c +--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.c.ckbi188 2011-11-03 16:29:17.081000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.c 2011-11-03 08:11:57.000000000 -0700 +@@ -35,7 +35,7 @@ + * + * ***** END LICENSE BLOCK ***** */ + #ifdef DEBUG +-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $"; ++static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $"; + #endif /* DEBUG */ + + #ifndef BUILTINS_H +@@ -1075,6 +1075,18 @@ static const CK_ATTRIBUTE_TYPE nss_built + static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED + }; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE ++}; ++static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = { ++ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED ++}; + #ifdef DEBUG + static const NSSItem nss_builtins_items_0 [] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, +@@ -1083,7 +1095,7 @@ static const NSSItem nss_builtins_items_ + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"CVS ID", (PRUint32)7 }, + { (void *)"NSS", (PRUint32)4 }, +- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.82 $ $Date: 2011/09/02 19:40:56 $", (PRUint32)160 } ++ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.83 $ $Date: 2011/11/03 15:11:57 $", (PRUint32)160 } + }; + #endif /* DEBUG */ + static const NSSItem nss_builtins_items_1 [] = { +@@ -22600,6 +22612,266 @@ static const NSSItem nss_builtins_items_ + { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } + }; ++static const NSSItem nss_builtins_items_340 [] = { ++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, ++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, ++ { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061" ++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" ++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" ++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" ++"\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151" ++"\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156" ++"\162\151\143\150\051" ++, (PRUint32)101 }, ++ { (void *)"0", (PRUint32)2 }, ++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" ++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" ++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" ++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" ++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" ++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" ++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" ++"\141\154\040\122\157\157\164" ++, (PRUint32)119 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)"\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007" ++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" ++"\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023" ++"\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124" ++"\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060" ++"\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145" ++"\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163" ++"\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023" ++"\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" ++"\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060" ++"\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062" ++"\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060" ++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" ++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" ++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" ++"\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003" ++"\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145" ++"\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051" ++"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001" ++"\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144" ++"\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376" ++"\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312" ++"\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225" ++"\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152" ++"\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173" ++"\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335" ++"\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177" ++"\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001" ++"\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035" ++"\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134" ++"\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001" ++"\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005" ++"\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142" ++"\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164" ++"\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056" ++"\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003" ++"\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006" ++"\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061" ++"\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026" ++"\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157" ++"\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023" ++"\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040" ++"\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061" ++"\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171" ++"\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040" ++"\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004" ++"\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072" ++"\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165" ++"\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103" ++"\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060" ++"\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027" ++"\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015" ++"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201" ++"\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005" ++"\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325" ++"\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377" ++"\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222" ++"\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113" ++"\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362" ++"\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305" ++"\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143" ++"\131" ++, (PRUint32)977 } ++}; ++static const NSSItem nss_builtins_items_341 [] = { ++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)", (PRUint32)57 }, ++ { (void *)"\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025" ++"\214\071\131\117" ++, (PRUint32)20 }, ++ { (void *)"\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152" ++, (PRUint32)16 }, ++ { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061" ++"\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157" ++"\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125" ++"\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165" ++"\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156" ++"\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105" ++"\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142" ++"\141\154\040\122\157\157\164" ++, (PRUint32)119 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } ++}; ++static const NSSItem nss_builtins_items_342 [] = { ++ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, ++ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, ++ { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061" ++"\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145" ++"\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017" ++"\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061" ++"\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151" ++"\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050" ++"\105\156\162\151\143\150\051" ++, (PRUint32)103 }, ++ { (void *)"0", (PRUint32)2 }, ++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" ++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" ++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" ++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" ++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" ++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" ++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" ++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" ++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" ++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" ++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" ++"\040\050\062\060\064\070\051" ++, (PRUint32)183 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)"\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007" ++"\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001" ++"\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012" ++"\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060" ++"\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162" ++"\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070" ++"\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056" ++"\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061" ++"\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071" ++"\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114" ++"\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023" ++"\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162" ++"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157" ++"\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061" ++"\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065" ++"\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060" ++"\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003" ++"\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144" ++"\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013" ++"\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003" ++"\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145" ++"\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143" ++"\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015" ++"\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202" ++"\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065" ++"\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140" ++"\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026" ++"\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313" ++"\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336" ++"\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245" ++"\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044" ++"\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167" ++"\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026" ++"\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166" ++"\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063" ++"\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312" ++"\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364" ++"\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046" ++"\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150" ++"\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205" ++"\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060" ++"\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006" ++"\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001" ++"\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006" ++"\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005" ++"\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006" ++"\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006" ++"\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072" ++"\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156" ++"\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006" ++"\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005" ++"\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167" ++"\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171" ++"\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004" ++"\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072" ++"\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145" ++"\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003" ++"\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060" ++"\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321" ++"\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160" ++"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003" ++"\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153" ++"\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003" ++"\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001" ++"\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014" ++"\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063" ++"\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142" ++"\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264" ++"\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251" ++"\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330" ++"\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327" ++"\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013" ++"\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113" ++"\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227" ++"\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100" ++"\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247" ++"\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011" ++"\355\020\342\305" ++, (PRUint32)1236 } ++}; ++static const NSSItem nss_builtins_items_343 [] = { ++ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, ++ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, ++ { (void *)"Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)", (PRUint32)56 }, ++ { (void *)"\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151" ++"\005\155\061\046" ++, (PRUint32)20 }, ++ { (void *)"\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362" ++, (PRUint32)16 }, ++ { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156" ++"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125" ++"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056" ++"\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143" ++"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151" ++"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006" ++"\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105" ++"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164" ++"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164" ++"\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151" ++"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171" ++"\040\050\062\060\064\070\051" ++, (PRUint32)183 }, ++ { (void *)"\002\006\007\377\377\377\377\377" ++, (PRUint32)8 }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) }, ++ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } ++}; + + builtinsInternalObject + nss_builtins_data[] = { +@@ -22944,11 +23216,15 @@ nss_builtins_data[] = { + { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} }, + { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} }, + { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} }, +- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} } ++ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }, ++ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} }, ++ { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} }, ++ { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} }, ++ { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} } + }; + const PRUint32 + #ifdef DEBUG +- nss_builtins_nObjects = 339+1; ++ nss_builtins_nObjects = 343+1; + #else +- nss_builtins_nObjects = 339; ++ nss_builtins_nObjects = 343; + #endif /* DEBUG */ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt +--- ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt.ckbi188 2011-11-03 16:29:42.293000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2011-11-03 08:11:58.000000000 -0700 +@@ -34,7 +34,7 @@ + # the terms of any one of the MPL, the GPL or the LGPL. + # + # ***** END LICENSE BLOCK ***** +-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.79 $ $Date: 2011/09/02 19:40:56 $" ++CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $" + + # + # certdata.txt +@@ -23299,3 +23299,284 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_N + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ ++# ++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++# ++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++CKA_SUBJECT MULTILINE_OCTAL ++\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061 ++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 ++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 ++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 ++\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151 ++\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156 ++\162\151\143\150\051 ++END ++CKA_ID UTF8 "0" ++CKA_ISSUER MULTILINE_OCTAL ++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 ++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 ++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 ++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 ++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 ++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 ++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 ++\141\154\040\122\157\157\164 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_VALUE MULTILINE_OCTAL ++\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007 ++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 ++\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023 ++\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124 ++\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060 ++\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145 ++\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163 ++\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023 ++\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 ++\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060 ++\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062 ++\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060 ++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 ++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 ++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 ++\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003 ++\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145 ++\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051 ++\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001 ++\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144 ++\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376 ++\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312 ++\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225 ++\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152 ++\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173 ++\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335 ++\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177 ++\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001 ++\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035 ++\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134 ++\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001 ++\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005 ++\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142 ++\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164 ++\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056 ++\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003 ++\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006 ++\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061 ++\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026 ++\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157 ++\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023 ++\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040 ++\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061 ++\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171 ++\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040 ++\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004 ++\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072 ++\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165 ++\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103 ++\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060 ++\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027 ++\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015 ++\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201 ++\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005 ++\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325 ++\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377 ++\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222 ++\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113 ++\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362 ++\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305 ++\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143 ++\131 ++END ++ ++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)" ++CKA_CERT_SHA1_HASH MULTILINE_OCTAL ++\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025 ++\214\071\131\117 ++END ++CKA_CERT_MD5_HASH MULTILINE_OCTAL ++\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152 ++END ++CKA_ISSUER MULTILINE_OCTAL ++\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061 ++\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157 ++\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125 ++\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165 ++\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156 ++\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105 ++\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142 ++\141\154\040\122\157\157\164 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ ++# ++# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++# ++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++CKA_SUBJECT MULTILINE_OCTAL ++\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061 ++\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145 ++\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017 ++\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061 ++\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151 ++\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050 ++\105\156\162\151\143\150\051 ++END ++CKA_ID UTF8 "0" ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 ++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 ++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 ++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 ++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 ++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 ++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 ++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 ++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 ++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 ++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 ++\040\050\062\060\064\070\051 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_VALUE MULTILINE_OCTAL ++\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007 ++\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001 ++\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012 ++\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060 ++\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162 ++\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070 ++\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056 ++\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061 ++\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071 ++\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114 ++\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023 ++\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162 ++\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 ++\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061 ++\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065 ++\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060 ++\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003 ++\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144 ++\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013 ++\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003 ++\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145 ++\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143 ++\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015 ++\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 ++\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065 ++\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140 ++\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026 ++\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313 ++\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336 ++\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245 ++\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044 ++\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167 ++\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026 ++\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166 ++\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063 ++\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312 ++\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364 ++\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046 ++\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150 ++\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205 ++\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060 ++\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 ++\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001 ++\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006 ++\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005 ++\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006 ++\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006 ++\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072 ++\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156 ++\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006 ++\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005 ++\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167 ++\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171 ++\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004 ++\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072 ++\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145 ++\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003 ++\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060 ++\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321 ++\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160 ++\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 ++\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153 ++\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003 ++\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001 ++\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014 ++\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063 ++\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142 ++\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264 ++\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251 ++\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330 ++\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327 ++\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013 ++\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113 ++\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227 ++\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100 ++\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247 ++\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011 ++\355\020\342\305 ++END ++ ++# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)" ++CKA_CERT_SHA1_HASH MULTILINE_OCTAL ++\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151 ++\005\155\061\046 ++END ++CKA_CERT_MD5_HASH MULTILINE_OCTAL ++\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362 ++END ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 ++\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 ++\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 ++\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 ++\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 ++\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 ++\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 ++\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 ++\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 ++\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 ++\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 ++\040\050\062\060\064\070\051 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\006\007\377\377\377\377\377 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ +diff -up ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h +--- ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h.ckbi188 2011-11-03 16:30:05.063000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2011-11-03 08:11:58.000000000 -0700 +@@ -77,8 +77,8 @@ + * of the comment in the CK_VERSION type definition. + */ + #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 +-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 87 +-#define NSS_BUILTINS_LIBRARY_VERSION "1.87" ++#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88 ++#define NSS_BUILTINS_LIBRARY_VERSION "1.88" + + /* These version numbers detail the semantic changes to the ckfw engine. */ + #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/nss.spec b/nss.spec index 11e3cda..c4d9d7e 100644 --- a/nss.spec +++ b/nss.spec @@ -1,12 +1,12 @@ -%global nspr_version 4.8.8 -%global nss_util_version 3.12.10 +%global nspr_version 4.8.9 +%global nss_util_version 3.13.1 %global nss_softokn_version 3.12.10 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools Summary: Network Security Services Name: nss -Version: 3.12.10 -Release: 7%{?dist} +Version: 3.13.1 +Release: 2%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -55,9 +55,12 @@ Patch6: nss-enable-pem.patch Patch7: nsspem-642433.patch Patch8: 0001-Bug-695011-PEM-logging.patch Patch16: nss-539183.patch -Patch17: nss-703658.patch Patch18: nss-646045.patch -Patch19: builtins-nssckbi_1_87_rtm.patch +Patch20: nsspem-createobject-initialize-pointer.patch +Patch21: 0001-libnsspem-rhbz-734760.patch +Patch22: nsspem-init-inform-not-thread-safe.patch +Patch23: nss-ckbi-1.88.rtm.patch + %description Network Security Services (NSS) is a set of libraries designed to @@ -133,9 +136,11 @@ low level services. %patch7 -p0 -b .642433 %patch8 -p1 -b .695011 %patch16 -p0 -b .539183 -%patch17 -p0 -b .703658 %patch18 -p0 -b .646045 -%patch19 -p0 -b .ckbi187 +%patch20 -p1 -b .717338 +%patch21 -p1 -b .734760 +%patch22 -p0 -b .736410 +%patch23 -p0 -b .ckbi188 %build @@ -546,9 +551,30 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog -* Tue Sep 06 2011 Kai Engert - 3.12.10-7 +* Fri Nov 04 2011 Elio Maldonado - 3.13.1-2 +- Fix broken dependencies by updating the nss-util and nss-softokn versions + +* Thu Nov 03 2011 Elio Maldonado - 3.13.1-1 +- Update to NSS_3_13_1_RTM +- Update builtin certs to those from NSSCKBI_1_88_RTM + +* Sat Oct 15 2011 Elio Maldonado - 3.13-1 +- Update to NSS_3_13_RTM + +* Sat Oct 08 2011 Elio Maldonado - 3.13-0.1.rc0.1 +- Update to NSS_3_13_RC0 + +* Wed Sep 14 2011 Elio Maldonado - 3.12.11-3 +- Fix attempt to free initilized pointer (#717338) +- Fix leak on pem_CreateObject when given non-existing file name (#734760) +- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410) + +* Tue Sep 06 2011 Kai Engert - 3.12.11-2 - Update builtins certs to those from NSSCKBI_1_87_RTM +* Tue Aug 09 2011 Elio Maldonado - 3.12.11-1 +- Update to NSS_3_12_11_RTM + * Sat Jul 23 2011 Elio Maldonado - 3.12.10-6 - Indicate the provenance of stripped source tarball (#688015) diff --git a/nsspem-createobject-initialize-pointer.patch b/nsspem-createobject-initialize-pointer.patch new file mode 100644 index 0000000..cdfdea3 --- /dev/null +++ b/nsspem-createobject-initialize-pointer.patch @@ -0,0 +1,11 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c +--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800 ++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700 +@@ -1179,6 +1179,7 @@ pem_CreateObject + return (NSSCKMDObject *) NULL; + + certDER.len = 0; /* in case there is no equivalent cert */ ++ certDER.data = NULL; + + objid = -1; + for (i = 0; i < pem_nobjs; i++) { diff --git a/nsspem-init-inform-not-thread-safe.patch b/nsspem-init-inform-not-thread-safe.patch new file mode 100644 index 0000000..2df4fbe --- /dev/null +++ b/nsspem-init-inform-not-thread-safe.patch @@ -0,0 +1,129 @@ +--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800 ++++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700 +@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla + size += PEM_ITEM_CHUNK; + } + gobj[count] = io; + count++; + pem_nobjs++; + + io->refCount ++; + return io; + } + + CK_RV + AddCertificate(char *certfile, char *keyfile, PRBool cacert, + CK_SLOT_ID slotID) + { + pemInternalObject *o; +- SECItem certDER; + CK_RV error = 0; + int objid, i; + int nobjs = 0; + SECItem **objs = NULL; + char *ivstring = NULL; + int cipher; + +- certDER.data = NULL; + nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs <= 0) { + nss_ZFreeIf(objs); + return CKR_GENERAL_ERROR; + } + + /* For now load as many certs as are in the file for CAs only */ + if (cacert) { + for (i = 0; i < nobjs; i++) { + char nickname[1024]; + objid = pem_nobjs + 1; + + snprintf(nickname, 1024, "%s - %d", certfile, i); + + o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL, +@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key + loser: + nss_ZFreeIf(objs); + nss_ZFreeIf(o); + return error; + } + + CK_RV + pem_Initialize + ( + NSSCKMDInstance * mdInstance, + NSSCKFWInstance * fwInstance, + NSSUTF8 * configurationData + ) + { + CK_RV rv; +- /* parse the initialization string and initialize CRLInstances */ ++ /* parse the initialization string */ + char **certstrings = NULL; ++ char *modparms = NULL; + PRInt32 numcerts = 0; + PRBool status, error = PR_FALSE; + int i; ++ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL; ++ ++ if (!fwInstance) return CKR_ARGUMENTS_BAD; ++ ++ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance); ++ if (modArgs && ++ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) { ++ return CKR_CANT_LOCK; ++ } + + if (pemInitialized) { + return CKR_OK; + } ++ + RNG_RNGInit(); + + open_log(); + + plog("pem_Initialize\n"); + +- unsigned char *modparms = NULL; +- if (!fwInstance) { +- return CKR_ARGUMENTS_BAD; +- } +- +- CK_C_INITIALIZE_ARGS_PTR modArgs = +- NSSCKFWInstance_GetInitArgs(fwInstance); + if (!modArgs || !modArgs->LibraryParameters) { + goto done; + } +- modparms = (unsigned char *) modArgs->LibraryParameters; ++ modparms = (char *) modArgs->LibraryParameters; + plog("Initialized with %s\n", modparms); + + /* + * The initialization string format is a space-delimited file of + * pairs of paths which are delimited by a semi-colon. The first + * entry of the pair is the path to the certificate file. The + * second is the path to the key file. + * + * CA certificates do not need the semi-colon. + * + * Example: + * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem + * + */ + status = +- pem_ParseString((const char *) modparms, ' ', &numcerts, ++ pem_ParseString(modparms, ' ', &numcerts, + &certstrings); + if (status == PR_FALSE) { + return CKR_ARGUMENTS_BAD; + } + + for (i = 0; i < numcerts && error != PR_TRUE; i++) { + char *cert = certstrings[i]; + PRInt32 attrcount = 0; + char **certattrs = NULL; + status = pem_ParseString(cert, ';', &attrcount, &certattrs); + if (status == PR_FALSE) { + error = PR_TRUE; + break; + } + diff --git a/renegotiate-transitional.patch b/renegotiate-transitional.patch index 3dc6eec..989491d 100644 --- a/renegotiate-transitional.patch +++ b/renegotiate-transitional.patch @@ -1,7 +1,7 @@ -diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c ---- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700 -+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700 -@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { +diff -up mozilla/security/nss/lib/ssl/sslsock.c.transitional mozilla/security/nss/lib/ssl/sslsock.c +--- mozilla/security/nss/lib/ssl/sslsock.c.transitional 2011-10-06 10:37:47.156659000 -0700 ++++ mozilla/security/nss/lib/ssl/sslsock.c 2011-10-06 10:38:32.276704000 -0700 +@@ -182,7 +182,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ @@ -9,4 +9,4 @@ diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/securit + 3, /* enableRenegotiation (default: transitional) */ PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ - }; + PR_TRUE /* cbcRandomIV */ diff --git a/sources b/sources index 3c0bbf6..38ac629 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -05ccaacf0146ef7b74f100e9d2141633 nss-3.12.10-stripped.tar.bz2 +5e92ca8e516fd7f6a566e1690f313106 nss-3.13.1-stripped.tar.bz2 e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2 a5ae49867124ac75f029a9a33af31bad blank-cert8.db 9315689bbd9f28ceebd47894f99fccbd blank-key3.db