Merge branch 'master' into f14

honor-user-trust-preferences.patch

@@ -2,16 +2,17 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
 retrieving revision 1.30
-diff -u -p -r1.30 pk11load.c
+retrieving revision 1.30.2.2
+diff -u -p -r1.30 -r1.30.2.2
 --- ./mozilla/security/nss/lib/pk11wrap/pk11load.c	30 Apr 2010 07:22:54 -0000	1.30
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c	22 Jan 2011 05:39:07 -0000
++++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c	27 Jan 2011 01:35:46 -0000	1.30.2.2
 @@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
  	char *oldModuleSpec;
  
  	if (secmod_IsInternalKeySlot(newModule)) {
 -	    pk11_SetInternalKeySlot(slot);
 -	}
-+	    pk11_FirstInternalKeySlot(slot);
++	    pk11_SetInternalKeySlotIfFirst(slot);
 +	} 
  	newID = slot->slotID;
  	PK11_FreeSlot(slot);
@@ -23,7 +24,7 @@ diff -u -p -r1.30 pk11load.c
 +	    /* explicitly mark the internal slot as such if IsInternalKeySlot()
 +	     * is set */
 +	    if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
-+		pk11_FirstInternalKeySlot(mod->slots[i]);
++		pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
 +	    } 
  	}
  	mod->slotCount = slotCount;
@@ -32,14 +33,15 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
 retrieving revision 1.13
-diff -u -p -r1.13 pk11priv.h
+retrieving revision 1.13.2.2
+diff -u -p -r1.13 -r1.13.2.2
 --- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	27 Oct 2009 23:04:46 -0000	1.13
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	22 Jan 2011 05:39:07 -0000
++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h	27 Jan 2011 01:35:46 -0000	1.13.2.2
 @@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
  PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
  SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
  void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
-+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
++void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
  
  /*********************************************************************
   *       Mechanism Mapping functions
@@ -47,15 +49,43 @@ Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
 retrieving revision 1.101
-diff -u -p -r1.101 pk11slot.c
+retrieving revision 1.101.2.3
+diff -u -p -r1.101 -r1.101.2.3
 --- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	3 Apr 2010 18:27:31 -0000	1.101
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	22 Jan 2011 05:39:08 -0000
-@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c	27 Jan 2011 01:35:46 -0000	1.101.2.3
+@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot) 
+  * times as tokens are removed and re-inserted.
+  */
+ void
+-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
++PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
+ {
+     SECStatus rv;
+     char *tmp;
+@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
+ }
+ 
+ static PK11SlotInfo *pk11InternalKeySlot = NULL;
++
++/*
++ * Set a new default internal keyslot. If one has already been set, clear it.
++ * Passing NULL falls back to the NSS normally selected default internal key
++ * slot.
++ */
+ void
+ pk11_SetInternalKeySlot(PK11SlotInfo *slot)
+ {
+@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
     pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
  }
  
++/*
++ * Set a new default internal keyslot if the normal key slot has not already
++ * been overridden. Subsequent calls to this function will be ignored unless
++ * pk11_SetInternalKeySlot is used to clear the current default.
++ */
 +void
-+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
++pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
 +{
 +   if (pk11InternalKeySlot) {
 +	return;
@@ -70,18 +100,30 @@ Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
 retrieving revision 1.2
-diff -u -p -r1.2 nsssysinit.c
+retrieving revision 1.2.2.2
+diff -u -p -r1.2 -r1.2.2.2
 --- ./mozilla/security/nss/lib/sysinit/nsssysinit.c	6 Feb 2010 04:56:37 -0000	1.2
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	22 Jan 2011 05:39:08 -0000
-@@ -221,7 +221,7 @@ getFIPSMode(void)
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	26 Jan 2011 00:52:31 -0000	1.2.2.2
+@@ -221,16 +221,16 @@ getFIPSMode(void)
   * 2 for the key slot, and
   * 3 for the crypto operations slot fips
   */
 -#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
-+#define ORDER_FLAGS "cipherOrder=100"
++#define CIPHER_ORDER_FLAGS "cipherOrder=100"
  #define SLOT_FLAGS \
  	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
  	" askpw=any timeout=30 ]"
+  
+ static const char *nssDefaultFlags =
+-	ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " }  ";
++	CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " }  ";
+ 
+ static const char *nssDefaultFIPSFlags =
+-	ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " }  ";
++	CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " }  ";
+ 
+ /*
+  * This function builds the list of databases and modules to load, and sets
 @@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
  	    "library= "
  	    "module=\"NSS User database\" "
@@ -131,3 +173,24 @@ diff -u -p -r1.2 nsssysinit.c
      }
  
      /* that was the last module */
+@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
+ 
+ /* determine what options the user was trying to open this database with */
+ /* filename is the directory pointed to by configdir= */
+-/* stripped is the rest of the paramters with configdir= stripped out */
++/* stripped is the rest of the parameters with configdir= stripped out */
+ static SECStatus
+-parse_paramters(char *parameters, char **filename, char **stripped)
++parse_parameters(char *parameters, char **filename, char **stripped)
+ {
+     char *sourcePrev;
+     char *sourceCurr;
+@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
+     char **retString = NULL;
+     SECStatus rv;
+ 
+-    rv = parse_paramters(parameters, &filename, &stripped);
++    rv = parse_parameters(parameters, &filename, &stripped);
+     if (rv != SECSuccess) {
+ 	/* use defaults */
+ 	filename = getSystemDB();

nss.spec

@@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.9
-Release:          2%{?dist}
+Release:          4%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -43,6 +43,7 @@ Patch3:           renegotiate-transitional.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           nsspem-642433.patch
 Patch11:          honor-user-trust-preferences.patch
+Patch12:          allow-content-types-beyond-smime.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -115,6 +116,7 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch7 -p0 -b .642433
 %patch11 -p1 -b .643134
+%patch12 -p1 -b .contenttypes
 
 
 %build
@@ -490,6 +492,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 %{_libdir}/libnssckfw.a
 
 %changelog
+* Tue Feb 01 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-4
+- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)
+
+* Mon Jan 31 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-3
+- Update the cacert trust patch per upstream review requests (#633043)
+
 * Wed Jan 19 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-2
 - Fix to honor the user's cert trust preferences (#633043)
 - Remove obsoleted patch