- Update to NSS_3_12_9_BETA2
- Fix libpnsspem crash when cacert dir contains other directories (#642433) - Remove unused-patch
This commit is contained in:
parent
f5fbb3f944
commit
9cfe30c547
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
|||||||
nss-3.12.8.99.1-stripped.tar.bz2
|
nss-3.12.8.99.2-stripped.tar.bz2
|
||||||
nss-pem-20101125.tar.bz2
|
nss-pem-20101125.tar.bz2
|
||||||
blank-cert8.db
|
blank-cert8.db
|
||||||
blank-key3.db
|
blank-key3.db
|
||||||
|
18
nss.spec
18
nss.spec
@ -1,11 +1,11 @@
|
|||||||
%global nspr_version 4.8.6.99.1
|
%global nspr_version 4.8.6.99.2
|
||||||
%global nss_util_version 3.12.8.99.1
|
%global nss_util_version 3.12.8.99.2
|
||||||
%global nss_softokn_version 3.12.8.99.1
|
%global nss_softokn_version 3.12.8.99.2
|
||||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.12.8.99.1
|
Version: 3.12.8.99.2
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
@ -41,6 +41,7 @@ Source12: %{name}-pem-20101125.tar.bz2
|
|||||||
|
|
||||||
Patch3: renegotiate-transitional.patch
|
Patch3: renegotiate-transitional.patch
|
||||||
Patch6: nss-enable-pem.patch
|
Patch6: nss-enable-pem.patch
|
||||||
|
Patch7: nsspem-642433.patch
|
||||||
Patch11: nss-sysinit-fix-trustorder.patch
|
Patch11: nss-sysinit-fix-trustorder.patch
|
||||||
Patch12: nss-sysinit-userdb-first.patch
|
Patch12: nss-sysinit-userdb-first.patch
|
||||||
|
|
||||||
@ -113,6 +114,7 @@ low level services.
|
|||||||
|
|
||||||
%patch3 -p0 -b .transitional
|
%patch3 -p0 -b .transitional
|
||||||
%patch6 -p0 -b .libpem
|
%patch6 -p0 -b .libpem
|
||||||
|
%patch7 -p0 -b .642433
|
||||||
%patch11 -p1 -b .643134
|
%patch11 -p1 -b .643134
|
||||||
%patch12 -p0 -b .603313
|
%patch12 -p0 -b .603313
|
||||||
|
|
||||||
@ -126,6 +128,10 @@ export FREEBL_NO_DEPEND
|
|||||||
BUILD_OPT=1
|
BUILD_OPT=1
|
||||||
export BUILD_OPT
|
export BUILD_OPT
|
||||||
|
|
||||||
|
# Uncomment to disable optimizations
|
||||||
|
#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'`
|
||||||
|
#export RPM_OPT_FLAGS
|
||||||
|
|
||||||
# Generate symbolic info for debuggers
|
# Generate symbolic info for debuggers
|
||||||
XCFLAGS=$RPM_OPT_FLAGS
|
XCFLAGS=$RPM_OPT_FLAGS
|
||||||
export XCFLAGS
|
export XCFLAGS
|
||||||
@ -486,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||||||
%{_libdir}/libnssckfw.a
|
%{_libdir}/libnssckfw.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 10 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8.99.2-1
|
||||||
|
- Update to NSS_3_12_9_BETA2
|
||||||
|
- Fix libpnsspem crash when cacert dir contains other directories (#642433)
|
||||||
|
|
||||||
* Wed Dec 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8.99.1-1
|
* Wed Dec 08 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8.99.1-1
|
||||||
- Update to NSS_3_12_9_BETA1
|
- Update to NSS_3_12_9_BETA1
|
||||||
|
|
||||||
|
@ -1,127 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
|
|
||||||
--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700
|
|
||||||
+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700
|
|
||||||
@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c
|
|
||||||
buf = issuer->data + issuer->len;
|
|
||||||
|
|
||||||
/* only wanted issuer/SN */
|
|
||||||
- if (valid == NULL) {
|
|
||||||
+ if (subject == NULL || valid == NULL || subjkey == NULL) {
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
/* validity */
|
|
||||||
@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass,
|
|
||||||
memset(&o->u.trust, 0, sizeof(o->u.trust));
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
|
|
||||||
+ if (o->nickname == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
+ strcpy(o->nickname, nickname);
|
|
||||||
+
|
|
||||||
+ sprintf(id, "%d", objid);
|
|
||||||
+ len = strlen(id) + 1; /* zero terminate */
|
|
||||||
+ o->id.data = (void *) nss_ZAlloc(NULL, len);
|
|
||||||
+ if (o->id.data == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
+ (void) nsslibc_memcpy(o->id.data, id, len);
|
|
||||||
+ o->id.size = len;
|
|
||||||
+
|
|
||||||
o->objClass = objClass;
|
|
||||||
o->type = type;
|
|
||||||
o->slotID = slotID;
|
|
||||||
+
|
|
||||||
o->derCert = nss_ZNEW(NULL, SECItem);
|
|
||||||
+ if (o->derCert == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len);
|
|
||||||
+ if (o->derCert->data == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
o->derCert->len = certDER->len;
|
|
||||||
nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len);
|
|
||||||
|
|
||||||
switch (objClass) {
|
|
||||||
case CKO_CERTIFICATE:
|
|
||||||
case CKO_NETSCAPE_TRUST:
|
|
||||||
- GetCertFields(o->derCert->data,
|
|
||||||
- o->derCert->len, &issuer, &serial,
|
|
||||||
- &derSN, &subject, &valid, &subjkey);
|
|
||||||
+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len,
|
|
||||||
+ &issuer, &serial, &derSN, &subject,
|
|
||||||
+ &valid, &subjkey))
|
|
||||||
+ goto fail;
|
|
||||||
|
|
||||||
o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len);
|
|
||||||
+ if (o->u.cert.subject.data == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
o->u.cert.subject.size = subject.len;
|
|
||||||
nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len);
|
|
||||||
|
|
||||||
o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len);
|
|
||||||
+ if (o->u.cert.issuer.data == NULL) {
|
|
||||||
+ nss_ZFreeIf(o->u.cert.subject.data);
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
o->u.cert.issuer.size = issuer.len;
|
|
||||||
nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len);
|
|
||||||
|
|
||||||
o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len);
|
|
||||||
+ if (o->u.cert.serial.data == NULL) {
|
|
||||||
+ nss_ZFreeIf(o->u.cert.issuer.data);
|
|
||||||
+ nss_ZFreeIf(o->u.cert.subject.data);
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
o->u.cert.serial.size = serial.len;
|
|
||||||
nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len);
|
|
||||||
break;
|
|
||||||
case CKO_PRIVATE_KEY:
|
|
||||||
o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem);
|
|
||||||
+ if (o->u.key.key.privateKey == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
o->u.key.key.privateKey->data =
|
|
||||||
(void *) nss_ZAlloc(NULL, keyDER->len);
|
|
||||||
+ if (o->u.key.key.privateKey->data == NULL) {
|
|
||||||
+ nss_ZFreeIf(o->u.key.key.privateKey);
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
o->u.key.key.privateKey->len = keyDER->len;
|
|
||||||
nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data,
|
|
||||||
keyDER->len);
|
|
||||||
}
|
|
||||||
|
|
||||||
- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
|
|
||||||
- strcpy(o->nickname, nickname);
|
|
||||||
-
|
|
||||||
- sprintf(id, "%d", objid);
|
|
||||||
-
|
|
||||||
- len = strlen(id) + 1; /* zero terminate */
|
|
||||||
- o->id.data = (void *) nss_ZAlloc(NULL, len);
|
|
||||||
- (void) nsslibc_memcpy(o->id.data, id, len);
|
|
||||||
- o->id.size = len;
|
|
||||||
|
|
||||||
return o;
|
|
||||||
+
|
|
||||||
+fail:
|
|
||||||
+ if (o) {
|
|
||||||
+ if (o->derCert) {
|
|
||||||
+ nss_ZFreeIf(o->derCert->data);
|
|
||||||
+ nss_ZFreeIf(o->derCert);
|
|
||||||
+ }
|
|
||||||
+ nss_ZFreeIf(o->id.data);
|
|
||||||
+ nss_ZFreeIf(o->nickname);
|
|
||||||
+ nss_ZFreeIf(o);
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
pemInternalObject *
|
|
||||||
@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
|
|
||||||
/* object not found, we need to create it */
|
|
||||||
pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
|
|
||||||
filename, objid, slotID);
|
|
||||||
+ if (io == NULL)
|
|
||||||
+ return NULL;
|
|
||||||
|
|
||||||
io->gobjIndex = count;
|
|
||||||
|
|
52
nsspem-642433.patch
Normal file
52
nsspem-642433.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
|
||||||
|
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
|
||||||
|
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
|
||||||
|
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
|
||||||
|
return (result);
|
||||||
|
|
||||||
|
loser:
|
||||||
|
- if (result != NULL) {
|
||||||
|
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
|
||||||
|
- }
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
|
||||||
|
|
||||||
|
prStatus = PR_GetOpenFileInfo(src, &info);
|
||||||
|
|
||||||
|
- if (prStatus != PR_SUCCESS) {
|
||||||
|
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
|
||||||
|
|
||||||
|
return SECSuccess;
|
||||||
|
loser:
|
||||||
|
- SECITEM_FreeItem(dst, PR_FALSE);
|
||||||
|
- nss_ZFreeIf(dst);
|
||||||
|
+ nss_ZFreeIf(dst->data);
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||||
|
|
||||||
|
/* Read in ascii data */
|
||||||
|
rv = FileToItem(&filedata, inFile);
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
+ PR_Close(inFile);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
asc = (char *) filedata.data;
|
||||||
|
if (!asc) {
|
||||||
|
PR_Close(inFile);
|
||||||
|
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||||
|
} else {
|
||||||
|
/* Read in binary der */
|
||||||
|
rv = FileToItem(der, inFile);
|
||||||
|
- if (rv) {
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
PR_Close(inFile);
|
||||||
|
return -1;
|
||||||
|
}
|
2
sources
2
sources
@ -1,4 +1,4 @@
|
|||||||
f511f0c563c9eecdbafab8360daae8a1 nss-3.12.8.99.1-stripped.tar.bz2
|
710e46c53613d84a31037953d5821324 nss-3.12.8.99.2-stripped.tar.bz2
|
||||||
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
|
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
|
||||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||||
|
Loading…
Reference in New Issue
Block a user