From a21a33ed09bb4f3da7d5ad9d863c3c3c059b4227 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 5 Apr 2011 18:11:25 -0700 Subject: [PATCH 1/2] Update the PayPalEE.cert that had expired new test certificate valid until April 2013 --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 855e03f..d5ce83d 100644 --- a/sources +++ b/sources @@ -5,4 +5,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db 73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db 691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db 2ec9e0606ba40fe65196545564b7cc2a blank-key4.db -f3eaeb308918aeb0748707d8780f321c PayPalEE.cert +bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert From 6e1b6bdc2431ad8f779f902fd9808718dab559c7 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Tue, 12 Apr 2011 11:53:46 -0700 Subject: [PATCH 2/2] - Implement PEM logging using NSPR's own (#695011) --- 0001-Bug-695011-PEM-logging.patch | 107 ++++++++++++++++++++++++++++++ nss.spec | 7 +- 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 0001-Bug-695011-PEM-logging.patch diff --git a/0001-Bug-695011-PEM-logging.patch b/0001-Bug-695011-PEM-logging.patch new file mode 100644 index 0000000..2693d7c --- /dev/null +++ b/0001-Bug-695011-PEM-logging.patch @@ -0,0 +1,107 @@ +From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001 +From: Elio Maldonado +Date: Tue, 12 Apr 2011 09:31:48 -0700 +Subject: [PATCH] Bug 695011 PEM logging + +Use NSPR logging facilities for PEM logging to fix a segmenation violation +caused when user cannot for write a log file created by root +--- + mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++- + mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------ + 2 files changed, 22 insertions(+), 15 deletions(-) + +diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h +index 839d40b..720525e 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h ++++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h +@@ -1,3 +1,6 @@ ++#ifndef CKPEM_H ++#define CKPEM_H ++ + #include "nssckmdt.h" + #include "nssckfw.h" + #include "ckfwtm.h" +@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk); + /* ptoken.c */ + NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError); + ++/* util.c */ + void open_log(); +-void close_log(); + void plog(const char *fmt, ...); + +-#define PEM_H 1 ++#endif /* CKPEM_H */ +diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c +index 853f418..fafb924 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/util.c ++++ b/mozilla/security/nss/lib/ckfw/pem/util.c +@@ -41,6 +41,7 @@ + #include "prtime.h" + #include "prlong.h" + #include "prerror.h" ++#include "prlog.h" + #include "prprf.h" + #include "plgetopt.h" + #include "prenv.h" +@@ -51,6 +52,9 @@ + #include "cryptohi.h" + #include "secpkcs7.h" + #include "secerr.h" ++ ++#include "ckpem.h" ++ + #include + + #define CHUNK_SIZE 512 +@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, + return -1; + } + +-FILE *plogfile; ++#ifdef DEBUG ++#define LOGGING_BUFFER_SIZE 400 ++#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log" ++static const char *pemLogModuleName = "PEM"; ++static PRLogModuleInfo* pemLogModule; ++#endif + + void open_log() + { + #ifdef DEBUG +- plogfile = fopen("/tmp/pkcs11.log", "a"); +-#endif ++ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE"); + +- return; +-} ++ pemLogModule = PR_NewLogModule(pemLogModuleName); + +-void close_log() +-{ +-#ifdef DEBUG +- fclose(plogfile); ++ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE); ++ /* If false, the log file will remain what it was before */ + #endif +- return; + } + + void plog(const char *fmt, ...) + { + #ifdef DEBUG ++ char buf[LOGGING_BUFFER_SIZE]; + va_list ap; + + va_start(ap, fmt); +- vfprintf(plogfile, fmt, ap); ++ PR_vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); +- +- fflush(plogfile); ++ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf)); + #endif + } +-- +1.7.4.2 + diff --git a/nss.spec b/nss.spec index 45e1895..1f077bf 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.9 -Release: 14%{?dist} +Release: 15%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -42,6 +42,7 @@ Source12: %{name}-pem-20101125.tar.bz2 Patch3: renegotiate-transitional.patch Patch6: nss-enable-pem.patch Patch7: nsspem-642433.patch +Patch8: 0001-Bug-695011-PEM-logging.patch Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch @@ -120,6 +121,7 @@ low level services. %patch3 -p0 -b .transitional %patch6 -p0 -b .libpem %patch7 -p0 -b .642433 +%patch8 -p1 -b .695011 %patch11 -p1 -b .643134 %patch12 -p1 -b .contenttypes %patch13 -p1 -b .recurse @@ -519,6 +521,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Mon Apr 11 2011 Elio Maldonado - 3.12.9-15 +- Implement PEM logging using NSPR's own (#695011) + * Wed Mar 23 2011 Elio Maldonado - 3.12.9-14 - Update to NSS_3.12.9_WITH_CKBI_1_82_RTM