diff --git a/.gitignore b/.gitignore index f6a77b5..a5c5a30 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -nss-3.12.8.99.1-stripped.tar.bz2 +nss-3.12.8.99.2-stripped.tar.bz2 nss-pem-20101125.tar.bz2 blank-cert8.db blank-key3.db diff --git a/nss.spec b/nss.spec index 7f762d1..d437d53 100644 --- a/nss.spec +++ b/nss.spec @@ -1,11 +1,11 @@ -%global nspr_version 4.8.6.99.1 -%global nss_util_version 3.12.8.99.1 -%global nss_softokn_version 3.12.8.99.1 +%global nspr_version 4.8.6.99.2 +%global nss_util_version 3.12.8.99.2 +%global nss_softokn_version 3.12.8.99.2 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools Summary: Network Security Services Name: nss -Version: 3.12.8.99.1 +Version: 3.12.8.99.2 Release: 1%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ @@ -41,6 +41,7 @@ Source12: %{name}-pem-20101125.tar.bz2 Patch3: renegotiate-transitional.patch Patch6: nss-enable-pem.patch +Patch7: nsspem-642433.patch Patch11: nss-sysinit-fix-trustorder.patch Patch12: nss-sysinit-userdb-first.patch @@ -113,6 +114,7 @@ low level services. %patch3 -p0 -b .transitional %patch6 -p0 -b .libpem +%patch7 -p0 -b .642433 %patch11 -p1 -b .643134 %patch12 -p0 -b .603313 @@ -126,6 +128,10 @@ export FREEBL_NO_DEPEND BUILD_OPT=1 export BUILD_OPT +# Uncomment to disable optimizations +#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` +#export RPM_OPT_FLAGS + # Generate symbolic info for debuggers XCFLAGS=$RPM_OPT_FLAGS export XCFLAGS @@ -486,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %{_libdir}/libnssckfw.a %changelog +* Fri Dec 10 2010 Elio Maldonado - 3.12.8.99.2-1 +- Update to NSS_3_12_9_BETA2 +- Fix libpnsspem crash when cacert dir contains other directories (#642433) + * Wed Dec 08 2010 Elio Maldonado - 3.12.8.99.1-1 - Update to NSS_3_12_9_BETA1 diff --git a/nsspem-596674.patch b/nsspem-596674.patch deleted file mode 100644 index 3744867..0000000 --- a/nsspem-596674.patch +++ /dev/null @@ -1,127 +0,0 @@ -diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 ./mozilla/security/nss/lib/ckfw/pem/pinst.c ---- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700 -+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700 -@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c - buf = issuer->data + issuer->len; - - /* only wanted issuer/SN */ -- if (valid == NULL) { -+ if (subject == NULL || valid == NULL || subjkey == NULL) { - return SECSuccess; - } - /* validity */ -@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass, - memset(&o->u.trust, 0, sizeof(o->u.trust)); - break; - } -+ -+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1); -+ if (o->nickname == NULL) -+ goto fail; -+ strcpy(o->nickname, nickname); -+ -+ sprintf(id, "%d", objid); -+ len = strlen(id) + 1; /* zero terminate */ -+ o->id.data = (void *) nss_ZAlloc(NULL, len); -+ if (o->id.data == NULL) -+ goto fail; -+ (void) nsslibc_memcpy(o->id.data, id, len); -+ o->id.size = len; -+ - o->objClass = objClass; - o->type = type; - o->slotID = slotID; -+ - o->derCert = nss_ZNEW(NULL, SECItem); -+ if (o->derCert == NULL) -+ goto fail; - o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len); -+ if (o->derCert->data == NULL) -+ goto fail; - o->derCert->len = certDER->len; - nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len); - - switch (objClass) { - case CKO_CERTIFICATE: - case CKO_NETSCAPE_TRUST: -- GetCertFields(o->derCert->data, -- o->derCert->len, &issuer, &serial, -- &derSN, &subject, &valid, &subjkey); -+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len, -+ &issuer, &serial, &derSN, &subject, -+ &valid, &subjkey)) -+ goto fail; - - o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len); -+ if (o->u.cert.subject.data == NULL) -+ goto fail; - o->u.cert.subject.size = subject.len; - nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len); - - o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len); -+ if (o->u.cert.issuer.data == NULL) { -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } - o->u.cert.issuer.size = issuer.len; - nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len); - - o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len); -+ if (o->u.cert.serial.data == NULL) { -+ nss_ZFreeIf(o->u.cert.issuer.data); -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } - o->u.cert.serial.size = serial.len; - nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len); - break; - case CKO_PRIVATE_KEY: - o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem); -+ if (o->u.key.key.privateKey == NULL) -+ goto fail; - o->u.key.key.privateKey->data = - (void *) nss_ZAlloc(NULL, keyDER->len); -+ if (o->u.key.key.privateKey->data == NULL) { -+ nss_ZFreeIf(o->u.key.key.privateKey); -+ goto fail; -+ } - o->u.key.key.privateKey->len = keyDER->len; - nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data, - keyDER->len); - } - -- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1); -- strcpy(o->nickname, nickname); -- -- sprintf(id, "%d", objid); -- -- len = strlen(id) + 1; /* zero terminate */ -- o->id.data = (void *) nss_ZAlloc(NULL, len); -- (void) nsslibc_memcpy(o->id.data, id, len); -- o->id.size = len; - - return o; -+ -+fail: -+ if (o) { -+ if (o->derCert) { -+ nss_ZFreeIf(o->derCert->data); -+ nss_ZFreeIf(o->derCert); -+ } -+ nss_ZFreeIf(o->id.data); -+ nss_ZFreeIf(o->nickname); -+ nss_ZFreeIf(o); -+ } -+ return NULL; - } - - pemInternalObject * -@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla - /* object not found, we need to create it */ - pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER, - filename, objid, slotID); -+ if (io == NULL) -+ return NULL; - - io->gobjIndex = count; - diff --git a/nsspem-642433.patch b/nsspem-642433.patch new file mode 100644 index 0000000..710919b --- /dev/null +++ b/nsspem-642433.patch @@ -0,0 +1,52 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c +--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800 ++++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800 +@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item + return (result); + + loser: +- if (result != NULL) { +- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE); +- } + return (NULL); + } + +@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds + + prStatus = PR_GetOpenFileInfo(src, &info); + +- if (prStatus != PR_SUCCESS) { ++ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) { + return SECFailure; + } + +@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds + + return SECSuccess; + loser: +- SECITEM_FreeItem(dst, PR_FALSE); +- nss_ZFreeIf(dst); ++ nss_ZFreeIf(dst->data); + return SECFailure; + } + +@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha + + /* Read in ascii data */ + rv = FileToItem(&filedata, inFile); ++ if (rv != SECSuccess) { ++ PR_Close(inFile); ++ return -1; ++ } + asc = (char *) filedata.data; + if (!asc) { + PR_Close(inFile); +@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha + } else { + /* Read in binary der */ + rv = FileToItem(der, inFile); +- if (rv) { ++ if (rv != SECSuccess) { + PR_Close(inFile); + return -1; + } diff --git a/sources b/sources index b26c6c7..46363c2 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -f511f0c563c9eecdbafab8360daae8a1 nss-3.12.8.99.1-stripped.tar.bz2 +710e46c53613d84a31037953d5821324 nss-3.12.8.99.2-stripped.tar.bz2 e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2 a5ae49867124ac75f029a9a33af31bad blank-cert8.db 9315689bbd9f28ceebd47894f99fccbd blank-key3.db