diff --git a/.gitignore b/.gitignore index 4cb9016..6773720 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,4 @@ TestCA.ca.cert TestUser50.cert TestUser51.cert /nss-pem-20130828.tar.bz2 -/nss-3.15.3.tar.gz +/nss-3.15.3.1.tar.gz diff --git a/nss-872761.patch b/nss-872761.patch deleted file mode 100644 index 0c092ca..0000000 --- a/nss-872761.patch +++ /dev/null @@ -1,58 +0,0 @@ -Index: mozilla/security/nss/cmd/lib/secutil.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v -retrieving revision 1.126 -diff -u -u -r1.126 secutil.c ---- mozilla/security/nss/cmd/lib/secutil.c 7 Jan 2013 04:11:49 -0000 1.126 -+++ mozilla/security/nss/cmd/lib/secutil.c 19 Apr 2013 22:43:02 -0000 -@@ -504,6 +504,8 @@ - - /* Read in ascii data */ - rv = SECU_FileToItem(&filedata, inFile); -+ if (rv != SECSuccess) -+ return rv; - asc = (char *)filedata.data; - if (!asc) { - fprintf(stderr, "unable to read data from input file\n"); -@@ -519,20 +521,28 @@ - body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ - if (body) - trailer = strstr(++body, "-----END"); -- if (trailer != NULL) { -+ if (trailer != NULL) - *trailer = '\0'; -- } else { -+ if (!body || !trailer) { - fprintf(stderr, "input has header but no trailer\n"); - PORT_Free(filedata.data); - return SECFailure; - } - } else { -- body = asc; -+ /* need one additional byte for zero terminator */ -+ rv = SECITEM_ReallocItem(NULL, &filedata, filedata.len, filedata.len+1); -+ if (rv != SECSuccess) { -+ PORT_Free(filedata.data); -+ return rv; -+ } -+ filedata.len = filedata.len+1; -+ body = (char*)filedata.data; -+ body[filedata.len-1] = '\0'; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); -- if (rv) { -+ if (rv != SECSuccess) { - fprintf(stderr, "error converting ascii to binary (%s)\n", - SECU_Strerror(PORT_GetError())); - PORT_Free(filedata.data); -@@ -543,7 +553,7 @@ - } else { - /* Read in binary der */ - rv = SECU_FileToItem(der, inFile); -- if (rv) { -+ if (rv != SECSuccess) { - fprintf(stderr, "error converting der (%s)\n", - SECU_Strerror(PORT_GetError())); - return SECFailure; diff --git a/nss.spec b/nss.spec index 98be1b4..cfef00a 100644 --- a/nss.spec +++ b/nss.spec @@ -19,7 +19,7 @@ Summary: Network Security Services Name: nss -Version: 3.15.3 +Version: 3.15.3.1 Release: 1%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ @@ -172,7 +172,7 @@ low level services. %patch18 -p0 -b .646045 # link pem against buildroot's freebl, essential when mixing and matching %patch25 -p0 -b .systemfreebl -# activate for stable and beta branches +# activate for stable branches %patch29 -p0 -b .cbcrandomivoff %patch40 -p0 -b .noocsptest %patch44 -p1 -b .syncupwithupstream @@ -660,6 +660,11 @@ done %changelog +* Wed Dec 18 2013 Elio Maldonado - 3.15.3.1-1 +- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) +- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) +- Resolves: Bug 1040192 - nss-3.15.3.1 is available + * Mon Dec 09 2013 Elio Maldonado - 3.15.3-1 - Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws diff --git a/sources b/sources index f7b6e77..ab0b3d0 100644 --- a/sources +++ b/sources @@ -8,4 +8,4 @@ f998b70c1be25e8bb9f5fdb5d50eb6f2 TestCA.ca.cert 1b7b6808cd77d5df29bf5bb9e5fac967 TestUser50.cert ab0b56dd505a995425c03e5266f7c8d6 TestUser51.cert e82dd2b9520f9d0f5d101e7710d59656 nss-pem-20130828.tar.bz2 -1bb267452359bd37e34d072a215873d5 nss-3.15.3.tar.gz +1d444fffdb1f890a000003b50295b5aa nss-3.15.3.1.tar.gz