rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 3.12.6

This commit is contained in:
Elio Maldonado 2010-03-06 23:05:19 +00:00
parent 5333c595c9
commit fbb4c50e05
14 changed files with 773 additions and 444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1,4 +1,4 @@
nss-3.12.5-stripped.tar.bz2
nss-3.12.6-stripped.tar.bz2
nss-pem-20091210.tar.bz2
blank-cert8.db
blank-key3.db

23
533125-ammend.patch
View File

@ -1,23 +0,0 @@
Index: mozilla/security/nss/lib/ssl/ssl3con.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
retrieving revision 1.121
diff -u -p -r1.121 ssl3con.c
--- mozilla/security/nss/lib/ssl/ssl3con.c 12 Nov 2009 05:08:27 -0000 1.121
+++ mozilla/security/nss/lib/ssl/ssl3con.c 20 Nov 2009 19:36:30 -0000
@@ -4004,6 +4004,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
return SECFailure;
}
+ /*
if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
ssl_GetXmitBufLock(ss);
rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
@@ -4011,6 +4012,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
return SECFailure;
}
+ */
if (sid) {
ss->sec.uncache(sid);

17
540387.patch
View File

@ -1,17 +0,0 @@
diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pars.c b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
index c36cd25..5855084 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11pars.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
@@ -1134,6 +1134,12 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
for (; *index; index++) {
SECMODModule *child;
+ if (0 == PORT_Strcmp(*index, modulespec)) {
+ /* avoid trivial infinite recursion */
+ PORT_SetError(SEC_ERROR_NO_MODULE);
+ rv = SECFailure;
+ break;
+ }
child = SECMOD_LoadModule(*index,module,PR_TRUE);
if (!child) break;
if (child->isCritical && !child->loaded) {

49
545779.patch
View File

@ -1,49 +0,0 @@
Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.1
diff -u -p -r1.1 nsssysinit.c
--- mozilla/security/nss/lib/sysinit/nsssysinit.c 8 Oct 2009 17:08:36 -0000 1.1
+++ mozilla/security/nss/lib/sysinit/nsssysinit.c 12 Dec 2009 03:34:17 -0000
@@ -198,11 +198,20 @@ getFIPSMode(void)
* the decision making process.
*
*/
+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+
static char **
get_list(char *filename, char *stripped_parameters)
{
char **module_list = PORT_ZNewArray(char *, 4);
char *userdb;
+ int isFIPS = getFIPSMode();
+ const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
int next = 0;
/* can't get any space */
@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
- "NSS=\"flags=internal%s\"",
- userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
+ "NSS=\"%sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS system database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
- "NSS=\"flags=internal,critical\"",filename);
+ "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
/* that was the last module */
module_list[next] = 0;

85
546221.patch
View File

@ -1,85 +0,0 @@
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.546221 2009-12-19 21:11:06.590930221 -0800
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2009-12-19 21:17:29.019931181 -0800
@@ -37,8 +37,6 @@
#include "prio.h"
#include "prprf.h"
-
-
/*
* The following provides a default example for operating systems to set up
* and manage applications loading NSS on their OS globally.
@@ -208,8 +206,8 @@ askpw=any timeout=30 ] } ";
static char **
get_list(char *filename, char *stripped_parameters)
{
- char **module_list = PORT_ZNewArray(char *, 4);
- char *userdb;
+ char **module_list = PORT_ZNewArray(char *, 5);
+ char *userdb, *sysdb;
int isFIPS = getFIPSMode();
const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
int next = 0;
@@ -219,13 +217,20 @@ get_list(char *filename, char *stripped_
return NULL;
}
- userdb = getUserDB();
+ sysdb = getSystemDB();
+ userdb = getUserDB();
+
+ if (sysdb && !strcmp(filename, sysdb))
+ filename = NULL;
+ if (userdb && !strcmp(filename, userdb))
+ filename = NULL;
+
if (userdb != NULL) {
/* return a list of databases to open. First the user Database */
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS User database\" "
- "parameters=\"configdir='sql:%s' %s\" "
+ "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
"NSS=\"%sflags=internal%s\"",
userdb, stripped_parameters, nssflags,
isFIPS ? ",FIPS" : "");
@@ -238,19 +243,32 @@ get_list(char *filename, char *stripped_
"parameters=\"configdir='sql:%s' %s\" "
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
userdb, stripped_parameters);
- }
+ }
+
+ if (filename && 0 /* This doesn't actually work. If we register
+ both this and the sysdb (in either order)
+ then only one of them actually shows up */) {
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
+ "NSS=\"%sflags=internal\"",filename, filename, nssflags);
+ }
/* now the system database (always read only) */
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
- "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
+ if (sysdb) {
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS system database\" "
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
+ "NSS=\"%sflags=internal,critical\"",sysdb, nssflags);
+ }
/* that was the last module */
module_list[next] = 0;
PORT_Free(userdb);
+ PORT_Free(sysdb);
return module_list;
}

109
547860.patch
View File

@ -1,109 +0,0 @@
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 2010-01-06 17:57:30.722388282 -0800
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-06 18:20:59.713397530 -0800
@@ -50,6 +50,7 @@
*/
#ifdef XP_UNIX
+#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -108,12 +109,26 @@ getSystemDB(void) {
return PORT_Strdup(NSS_DEFAULT_SYSTEM);
}
+static PRBool
+userIsRoot()
+{
+ /* this works for linux and all unixes that we know off
+ though it isn't stated as such in POSIX documentation */
+ return getuid() == 0;
+}
+
+static PRBool
+userCanModifySystemDB()
+{
+ return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
+}
+
#else
#ifdef XP_WIN
static char *
getUserDB(void)
{
- /* use the registry to find the user's NSS_DIR. if no entry exists, creaate
+ /* use the registry to find the user's NSS_DIR. if no entry exists, create
* one in the users Appdir location */
return NULL;
}
@@ -121,13 +136,28 @@ getUserDB(void)
static char *
getSystemDB(void)
{
- /* use the registry to find the system's NSS_DIR. if no entry exists, creaate
+ /* use the registry to find the system's NSS_DIR. if no entry exists, create
* one based on the windows system data area */
return NULL;
}
+static PRBool
+userIsRoot()
+{
+ /* use the registry to find if the user is the system administrator. */
+ return PR_FALSE;
+}
+
+static PRBool
+userCanModifySystemDB()
+{
+ /* use the registry to find if the user has administrative privilege
+ * to modify the system's nss database. */
+ return PR_FALSE;
+}
+
#else
-#error "Need to write getUserDB and get SystemDB functions"
+#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
#endif
#endif
@@ -225,7 +255,8 @@ get_list(char *filename, char *stripped_
if (userdb && !strcmp(filename, userdb))
filename = NULL;
- if (userdb != NULL) {
+ /* Don't open root's user DB */
+ if (userdb != NULL && !userIsRoot()) {
/* return a list of databases to open. First the user Database */
module_list[next++] = PR_smprintf(
"library= "
@@ -245,7 +276,8 @@ get_list(char *filename, char *stripped_
userdb, stripped_parameters);
}
- if (filename && 0 /* This doesn't actually work. If we register
+ if (filename && !userIsRoot() && 0
+ /* This doesn't actually work. If we register
both this and the sysdb (in either order)
then only one of them actually shows up */) {
module_list[next++] = PR_smprintf(
@@ -255,13 +287,14 @@ get_list(char *filename, char *stripped_
"NSS=\"%sflags=internal\"",filename, filename, nssflags);
}
- /* now the system database (always read only) */
+ /* now the system database (always read only unless it's root) */
if (sysdb) {
- module_list[next++] = PR_smprintf(
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+ module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
- "NSS=\"%sflags=internal,critical\"",sysdb, nssflags);
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
}
/* that was the last module */

97
553638.patch
View File

@ -1,97 +0,0 @@
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 2010-01-25 08:58:42.358325102 -0800
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-25 09:07:20.028324059 -0800
@@ -36,6 +36,7 @@
#include "seccomon.h"
#include "prio.h"
#include "prprf.h"
+#include "plhash.h"
/*
* The following provides a default example for operating systems to set up
@@ -212,6 +213,25 @@ getFIPSMode(void)
#define NSS_DEFAULT_FLAGS "flags=readonly"
+/* configuration flags according to
+ * https://developer.mozilla.org/en/PKCS11_Module_Specs
+ * As stated there the slotParams start with a slot name which is a slotID
+ * Slots 1 through 3 are reserved for the nss internal modules as follows:
+ * 1 for crypto operations slot non-fips,
+ * 2 for the key slot, and
+ * 3 for the crypto operations slot fips
+ */
+#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
+#define SLOT_FLAGS \
+ "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ " askpw=any timeout=30 ]"
+
+static const char *nssDefaultFlags =
+ ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
+
+static const char *nssDefaultFIPSFlags =
+ ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
+
/*
* This function builds the list of databases and modules to load, and sets
* their configuration. For the sample we have a fixed set.
@@ -226,13 +246,6 @@ getFIPSMode(void)
* the decision making process.
*
*/
-static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] } ";
-static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] } ";
-
static char **
get_list(char *filename, char *stripped_parameters)
{
@@ -250,11 +263,6 @@ get_list(char *filename, char *stripped_
sysdb = getSystemDB();
userdb = getUserDB();
- if (sysdb && !strcmp(filename, sysdb))
- filename = NULL;
- if (userdb && !strcmp(filename, userdb))
- filename = NULL;
-
/* Don't open root's user DB */
if (userdb != NULL && !userIsRoot()) {
/* return a list of databases to open. First the user Database */
@@ -276,16 +284,29 @@ get_list(char *filename, char *stripped_
userdb, stripped_parameters);
}
- if (filename && !userIsRoot() && 0
- /* This doesn't actually work. If we register
- both this and the sysdb (in either order)
- then only one of them actually shows up */) {
+#if 0
+ /* This doesn't actually work. If we register
+ both this and the sysdb (in either order)
+ then only one of them actually shows up */
+
+ /* Using a NULL filename as a Boolean flag to
+ * prevent registering both an application-defined
+ * db and the system db. rhbz #546211.
+ */
+ PORT_Assert(filename);
+ if (sysdb && PL_CompareStrings(filename, sysdb))
+ filename = NULL;
+ else if (userdb && PL_CompareStrings(filename, userdb))
+ filename = NULL;
+
+ if (filename && !userIsRoot()) {
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
"NSS=\"%sflags=internal\"",filename, filename, nssflags);
}
+#endif
/* now the system database (always read only unless it's root) */
if (sysdb) {

14
nss-no-rpath.patch
View File

@ -1,14 +0,0 @@
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100
+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100
@@ -52,9 +52,9 @@
ifeq ($(OS_ARCH), Linux)
ifeq ($(USE_64), 1)
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
else
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
endif
endif

24
nss-nolocalsql.patch
View File

@ -1,26 +1,26 @@
diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200
+++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200
@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
DIRS := $(filter-out fortcrypt,$(DIRS))
--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2010-02-27 16:40:25.891777537 -0800
+++ ./mozilla/security/nss/lib/Makefile 2010-02-27 16:41:59.175902327 -0800
@@ -62,11 +62,11 @@ ifndef USE_SYSTEM_ZLIB
ZLIB_SRCDIR = zlib # Add the zlib directory to DIRS.
endif
-ifndef MOZILLA_CLIENT
-ifndef NSS_USE_SYSTEM_SQLITE
-DIRS := sqlite $(DIRS)
-SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
-endif
-endif
+#ifndef MOZILLA_CLIENT
+#ifndef NSS_USE_SYSTEM_SQLITE
+#DIRS := sqlite $(DIRS)
+#SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
+#endif
+#endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
ifndef MOZILLA_CLIENT
ifeq ($(OS_ARCH),Linux)
diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2010-02-27 16:44:24.998777709 -0800
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2010-02-27 16:45:08.533803472 -0800
@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
@ -35,8 +35,8 @@ diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./m
CSRCS = \
dbmshim.c \
diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100
+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2010-02-27 16:42:52.213902231 -0800
+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2010-02-27 16:43:34.040776788 -0800
@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"

15
nss-sysinit.patch
View File

@ -1,15 +0,0 @@
Index: mozilla/security/nss/lib/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/manifest.mn,v
retrieving revision 1.20
diff -u -p -r1.20 manifest.mn
--- mozilla/security/nss/lib/manifest.mn 7 Nov 2009 05:57:41 -0000 1.20
+++ mozilla/security/nss/lib/manifest.mn 4 Dec 2009 02:27:20 -0000
@@ -56,6 +56,7 @@ DIRS = util freebl softoken \
pkcs12 pkcs7 smime \
crmf jar \
ckfw \
+ sysinit \
$(NULL)
# fortcrypt is no longer built

44
nss.spec
View File

@ -1,24 +1,24 @@
%global nspr_version 4.8
%global nss_util_version 3.12.5
%global nspr_version 4.8.4
%global nss_util_version 3.12.6
%global nss_softokn_version 3.12.4
%global nss_softokn_fips_version 3.12.4
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
Summary: Network Security Services
Name: nss
Version: 3.12.5
Release: 9%{?dist}
Version: 3.12.6
Release: 1.1%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
Requires: nspr >= %{nspr_version}
Requires: nss-util >= %{nss_util_version}
Requires: nss-util = %{nss_util_version}
Requires: nss-softokn%{_isa} = %{nss_softokn_fips_version}
Requires: nss-system-init
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
BuildRequires: nss-softokn-devel = %{nss_softokn_version}
BuildRequires: nss-util-devel >= %{nss_util_version}
BuildRequires: nss-util-devel = %{nss_util_version}
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig
@ -40,14 +40,9 @@ Source9: setup-nsssysinit.sh
Source12: %{name}-pem-20091210.tar.bz2
Patch2: nss-nolocalsql.patch
Patch3: renegotiate-transitional.patch
Patch4: validate-arguments.patch
Patch6: nss-enable-pem.patch
Patch7: 533125-ammend.patch
Patch8: nss-sysinit.patch
Patch9: 540387.patch
Patch10: 545779.patch
Patch11: 546221.patch
Patch12: 547860.patch
Patch13: 553638.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -112,15 +107,11 @@ low level services.
%setup -q
%setup -q -T -D -n %{name}-%{version} -a 12
%patch2 -p0
%patch2 -p0 -b .nolocalsql
%patch3 -p0 -b .transitional
%patch4 -p0 -b .validate
%patch6 -p0 -b .libpem
%patch7 -p0 -b .533125
%patch8 -p0 -b .sysinit
%patch9 -p1 -b .540387
%patch10 -p0 -b .545779
%patch11 -p1 -b .546221
%patch12 -p1 -b .547860
%patch13 -p1 -b .553638
%build
@ -242,6 +233,12 @@ rm -rf ./mozilla/tests_results
cd ./mozilla/security/nss/tests/
# all.sh is the test suite script
# don't need to run all the tests when testing packaging
# nss_cycles: standard pkix upgradedb sharedb
# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
# Temporarily disabling the ssl test suites
# until bug 539183 gets resolved
%global nss_ssl_tests " "
@ -487,6 +484,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Sat Mar 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-1.1
- Update to 3.12.6
- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period
- Patch tools to validate command line options arguments
* Mon Jan 25 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-8
- Fix curl related regression and general patch code clean up

16
renegotiate-transitional.patch Normal file
View File

@ -0,0 +1,16 @@
Index: ./mozilla/security/nss/lib/ssl/sslsock.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
retrieving revision 1.66
diff -u -p -r1.66 sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c 26 Feb 2010 20:44:54 -0000 1.66
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 1 Mar 2010 18:05:10 -0000
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional)
PR_FALSE, /* requireSafeNegotiation */
};

2
sources
View File

@ -1,4 +1,4 @@
51c5958153b6c01fada2e74cedc66835 nss-3.12.5-stripped.tar.bz2
3902499c8e02b02d4944f21d3c6a839f nss-3.12.6-stripped.tar.bz2
82c2c72c961f2783c8e975a42fa939cf nss-pem-20091210.tar.bz2
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
9315689bbd9f28ceebd47894f99fccbd blank-key3.db

720
validate-arguments.patch Normal file
View File

@ -0,0 +1,720 @@
Index: ./mozilla/security/nss/cmd/p7content/p7content.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/p7content/p7content.c,v
retrieving revision 1.12
diff -u -p -r1.12 p7content.c
--- ./mozilla/security/nss/cmd/p7content/p7content.c 4 Aug 2008 22:58:31 -0000 1.12
+++ ./mozilla/security/nss/cmd/p7content/p7content.c 2 Mar 2010 18:29:48 -0000
@@ -64,7 +64,7 @@ extern int fprintf(FILE *, char *, ...);
static void
-Usage(char *progName)
+Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s [-d dbdir] [-i input] [-o output]\n",
@@ -195,6 +195,15 @@ DecodeAndPrintFile(FILE *out, PRFileDesc
return 0;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
/*
* Print the contents of a PKCS7 message, indicating signatures, etc.
*/
@@ -222,10 +231,12 @@ main(int argc, char **argv)
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
+ REQUIRE_ARG(optstate->option, optstate->value);
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
@@ -235,6 +246,7 @@ main(int argc, char **argv)
break;
case 'o':
+ REQUIRE_ARG(optstate->option, optstate->value);
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
@@ -244,11 +256,13 @@ main(int argc, char **argv)
break;
case 'p':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup (optstate->value);
break;
case 'f':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup (optstate->value);
break;
Index: ./mozilla/security/nss/cmd/p7env/p7env.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/p7env/p7env.c,v
retrieving revision 1.10
diff -u -p -r1.10 p7env.c
--- ./mozilla/security/nss/cmd/p7env/p7env.c 11 Feb 2010 02:39:47 -0000 1.10
+++ ./mozilla/security/nss/cmd/p7env/p7env.c 2 Mar 2010 18:29:48 -0000
@@ -63,7 +63,7 @@ extern int fprintf(FILE *, char *, ...);
static void
-Usage(char *progName)
+Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n",
@@ -159,6 +159,15 @@ EncryptFile(FILE *outFile, FILE *inFile,
return 0;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int
main(int argc, char **argv)
{
@@ -194,10 +203,12 @@ main(int argc, char **argv)
break;
case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
+ REQUIRE_ARG(optstate->option, optstate->value);
inFile = fopen(optstate->value, "r");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
@@ -207,6 +218,7 @@ main(int argc, char **argv)
break;
case 'o':
+ REQUIRE_ARG(optstate->option, optstate->value);
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
@@ -216,6 +228,7 @@ main(int argc, char **argv)
break;
case 'r':
+ REQUIRE_ARG(optstate->option, optstate->value);
if (rcpt == NULL) {
recipients = rcpt = PORT_Alloc (sizeof(struct recipient));
} else {
Index: ./mozilla/security/nss/cmd/p7sign/p7sign.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/p7sign/p7sign.c,v
retrieving revision 1.14
diff -u -p -r1.14 p7sign.c
--- ./mozilla/security/nss/cmd/p7sign/p7sign.c 4 Aug 2008 22:58:28 -0000 1.14
+++ ./mozilla/security/nss/cmd/p7sign/p7sign.c 2 Mar 2010 18:29:48 -0000
@@ -67,7 +67,7 @@ extern int fprintf(FILE *, char *, ...);
static secuPWData pwdata = { PW_NONE, 0 };
static void
-Usage(char *progName)
+Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
@@ -173,6 +173,15 @@ SignFile(FILE *outFile, PRFileDesc *inFi
return 0;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int
main(int argc, char **argv)
{
@@ -210,10 +219,12 @@ main(int argc, char **argv)
break;
case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
+ REQUIRE_ARG(optstate->option, optstate->value);
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
@@ -223,10 +234,12 @@ main(int argc, char **argv)
break;
case 'k':
+ REQUIRE_ARG(optstate->option, optstate->value);
keyName = strdup(optstate->value);
break;
case 'o':
+ REQUIRE_ARG(optstate->option, optstate->value);
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
@@ -235,11 +248,13 @@ main(int argc, char **argv)
}
break;
case 'p':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_PLAINTEXT;
pwdata.data = strdup (optstate->value);
break;
case 'f':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup (optstate->value);
break;
Index: ./mozilla/security/nss/cmd/p7verify/p7verify.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/p7verify/p7verify.c,v
retrieving revision 1.10
diff -u -p -r1.10 p7verify.c
--- ./mozilla/security/nss/cmd/p7verify/p7verify.c 8 Aug 2008 23:47:57 -0000 1.10
+++ ./mozilla/security/nss/cmd/p7verify/p7verify.c 2 Mar 2010 18:29:48 -0000
@@ -126,7 +126,7 @@ DigestFile(unsigned char *digest, unsign
static void
-Usage(char *progName)
+Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n",
@@ -209,6 +209,14 @@ HashDecodeAndVerify(FILE *out, FILE *con
return 0;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,arg) if (!(arg)) PrintMsgAndExit(progName, opt)
int
main(int argc, char **argv)
@@ -239,6 +247,7 @@ main(int argc, char **argv)
break;
case 'c':
+ REQUIRE_ARG(optstate->option, optstate->value);
contentFile = fopen(optstate->value, "r");
if (!contentFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
@@ -248,10 +257,12 @@ main(int argc, char **argv)
break;
case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
SECU_ConfigDirectory(optstate->value);
break;
case 'o':
+ REQUIRE_ARG(optstate->option, optstate->value);
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
@@ -261,6 +272,7 @@ main(int argc, char **argv)
break;
case 's':
+ REQUIRE_ARG(optstate->option, optstate->value);
signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!signatureFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
@@ -271,7 +283,7 @@ main(int argc, char **argv)
case 'u': {
int usageType;
-
+ REQUIRE_ARG(optstate->option, optstate->value);
usageType = atoi (strdup(optstate->value));
if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
return -1;
Index: ./mozilla/security/nss/cmd/strsclnt/strsclnt.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v
retrieving revision 1.66
diff -u -p -r1.66 strsclnt.c
--- ./mozilla/security/nss/cmd/strsclnt/strsclnt.c 10 Feb 2010 18:07:20 -0000 1.66
+++ ./mozilla/security/nss/cmd/strsclnt/strsclnt.c 2 Mar 2010 18:29:51 -0000
@@ -1325,6 +1325,15 @@ done:
return rv;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int
main(int argc, char **argv)
{
@@ -1364,33 +1373,57 @@ main(int argc, char **argv)
case 'B': bypassPKCS11 = PR_TRUE; break;
- case 'C': cipherString = optstate->value; break;
+ case 'C':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ cipherString = optstate->value;
+ break;
case 'D': NoDelay = PR_TRUE; break;
case 'N': NoReuse = 1; break;
- case 'P': fullhs = PORT_Atoi(optstate->value); break;
+ case 'P':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ fullhs = PORT_Atoi(optstate->value);
+ break;
case 'T': disableTLS = PR_TRUE; break;
case 'U': ThrottleUp = PR_TRUE; break;
- case 'a': sniHostName = PL_strdup(optstate->value); break;
+ case 'a':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ sniHostName = PL_strdup(optstate->value);
+ break;
- case 'c': connections = PORT_Atoi(optstate->value); break;
+ case 'c':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ connections = PORT_Atoi(optstate->value);
+ break;
- case 'd': dir = optstate->value; break;
+ case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ dir = optstate->value;
+ break;
- case 'f': fileName = optstate->value; break;
+ case 'f':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ fileName = optstate->value;
+ break;
case 'i': ignoreErrors = PR_TRUE; break;
- case 'n': nickName = PL_strdup(optstate->value); break;
+ case 'n':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ nickName = PL_strdup(optstate->value);
+ break;
case 'o': MakeCertOK++; break;
- case 'p': port = PORT_Atoi(optstate->value); break;
+ case 'p':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ port = PORT_Atoi(optstate->value);
+ break;
case 'q': QuitOnTimeout = PR_TRUE; break;
@@ -1407,11 +1440,13 @@ main(int argc, char **argv)
case 'v': verbose++; break;
case 'w':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_PLAINTEXT;
pwdata.data = PL_strdup(optstate->value);
break;
case 'W':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_FROMFILE;
pwdata.data = PL_strdup(optstate->value);
break;
@@ -1419,6 +1454,7 @@ main(int argc, char **argv)
case 'z': enableCompression = PR_TRUE; break;
case 0: /* positional parameter */
+ REQUIRE_ARG(optstate->option, optstate->value);
if (hostName) {
Usage(progName);
}
Index: ./mozilla/security/nss/cmd/tests/remtest.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/tests/remtest.c,v
retrieving revision 1.5
diff -u -p -r1.5 remtest.c
--- ./mozilla/security/nss/cmd/tests/remtest.c 8 Aug 2008 23:48:09 -0000 1.5
+++ ./mozilla/security/nss/cmd/tests/remtest.c 2 Mar 2010 18:29:51 -0000
@@ -69,6 +69,15 @@ Usage(char *progName)
exit(1);
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int main(int argc, char **argv)
{
char * certDir = NULL;
@@ -92,10 +101,12 @@ int main(int argc, char **argv)
switch (optstate->option) {
case 'd':
+ REQUIRE_ARG(optstate->option, optstate->value);
certDir = strdup(optstate->value);
certDir = SECU_ConfigDirectory(certDir);
break;
case 't':
+ REQUIRE_ARG(optstate->option, optstate->value);
tokenName = strdup(optstate->value);
break;
case 'r':
Index: ./mozilla/security/nss/cmd/tstclnt/tstclnt.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v
retrieving revision 1.62
diff -u -p -r1.62 tstclnt.c
--- ./mozilla/security/nss/cmd/tstclnt/tstclnt.c 10 Feb 2010 18:07:21 -0000 1.62
+++ ./mozilla/security/nss/cmd/tstclnt/tstclnt.c 2 Mar 2010 18:29:51 -0000
@@ -497,6 +497,15 @@ separateReqHeader(const PRFileDesc* outF
Usage(progName); \
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int main(int argc, char **argv)
{
PRFileDesc * s;
@@ -563,38 +572,56 @@ int main(int argc, char **argv)
case 'B': bypassPKCS11 = 1; break;
- case 'S': skipProtoHeader = PR_TRUE; break;
+ case 'S': skipProtoHeader = PR_TRUE; break;
case 'T': disableTLS = 1; break;
- case 'a': if (!hs1SniHostName) {
- hs1SniHostName = PORT_Strdup(optstate->value);
- } else if (!hs2SniHostName) {
- hs2SniHostName = PORT_Strdup(optstate->value);
- } else {
- Usage(progName);
- }
- break;
-
- case 'c': cipherString = PORT_Strdup(optstate->value); break;
-
- case 'd': certDir = PORT_Strdup(optstate->value); break;
+ case 'a':
+ REQUIRE_ARG(optstate->option, optstate->value);
+ if (!hs1SniHostName) {
+ hs1SniHostName = PORT_Strdup(optstate->value);
+ } else if (!hs2SniHostName) {
+ hs2SniHostName = PORT_Strdup(optstate->value);
+ } else {
+ Usage(progName);
+ }
+ break;
+
+ case 'c':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ cipherString = PORT_Strdup(optstate->value);
+ break;
+
+ case 'd':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ certDir = PORT_Strdup(optstate->value);
+ break;
case 'f': clientSpeaksFirst = PR_TRUE; break;
- case 'h': host = PORT_Strdup(optstate->value); break;
+ case 'h':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ host = PORT_Strdup(optstate->value);
+ break;
case 'm':
+ REQUIRE_ARG(optstate->option,optstate->value);
multiplier = atoi(optstate->value);
if (multiplier < 0)
multiplier = 0;
break;
- case 'n': nickname = PORT_Strdup(optstate->value); break;
+ case 'n':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ nickname = PORT_Strdup(optstate->value);
+ break;
case 'o': override = 1; break;
- case 'p': portno = (PRUint16)atoi(optstate->value); break;
+ case 'p':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ portno = (PRUint16)atoi(optstate->value);
+ break;
case 'q': pingServerFirst = PR_TRUE; break;
@@ -604,17 +631,22 @@ int main(int argc, char **argv)
case 'v': verbose++; break;
- case 'r': renegotiationsToDo = atoi(optstate->value); break;
-
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
-
- case 'W':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
+ case 'r':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ renegotiationsToDo = atoi(optstate->value);
+ break;
+
+ case 'w':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'W':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
case 'x': useExportPolicy = 1; break;
Index: ./mozilla/security/nss/cmd/vfychain/vfychain.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/vfychain/vfychain.c,v
retrieving revision 1.30
diff -u -p -r1.30 vfychain.c
--- ./mozilla/security/nss/cmd/vfychain/vfychain.c 1 Apr 2009 20:41:29 -0000 1.30
+++ ./mozilla/security/nss/cmd/vfychain/vfychain.c 2 Mar 2010 18:29:52 -0000
@@ -432,6 +432,15 @@ isOCSPEnabled()
return PR_FALSE;
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int
main(int argc, char *argv[], char *envp[])
{
@@ -469,12 +478,19 @@ main(int argc, char *argv[], char *envp[
switch(optstate->option) {
case 0 : /* positional parameter */ goto breakout;
case 'a' : isAscii = PR_TRUE; break;
- case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
- if (secStatus != SECSuccess) Usage(progName); break;
- case 'd' : certDir = PL_strdup(optstate->value); break;
+ case 'b' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ secStatus = DER_AsciiToTime(&time, optstate->value);
+ if (secStatus != SECSuccess) Usage(progName);
+ break;
+ case 'd' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ certDir = PL_strdup(optstate->value);
+ break;
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
case 'f' : certFetching = PR_TRUE; break;
case 'g' :
+ REQUIRE_ARG(optstate->option, optstate->value);
if (revMethodsData[revDataIndex].testTypeStr ||
revMethodsData[revDataIndex].methodTypeStr) {
revDataIndex += 1;
@@ -489,11 +505,13 @@ main(int argc, char *argv[], char *envp[
revMethodsData[revDataIndex].
testTypeStr = PL_strdup(optstate->value); break;
case 'h' :
+ REQUIRE_ARG(optstate->option, optstate->value);
revMethodsData[revDataIndex].
testFlagsStr = PL_strdup(optstate->value);break;
case 'i' : vfyCounts = PORT_Atoi(optstate->value); break;
break;
case 'm' :
+ REQUIRE_ARG(optstate->option, optstate->value);
if (revMethodsData[revDataIndex].methodTypeStr) {
revDataIndex += 1;
if (revDataIndex == REV_METHOD_INDEX_MAX) {
@@ -506,24 +524,33 @@ main(int argc, char *argv[], char *envp[
useDefaultRevFlags = PR_FALSE;
revMethodsData[revDataIndex].
methodTypeStr = PL_strdup(optstate->value); break;
- case 'o' : oidStr = PL_strdup(optstate->value); break;
+ case 'o' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ oidStr = PL_strdup(optstate->value);
+ break;
case 'p' : usePkix += 1; break;
case 'r' : isAscii = PR_FALSE; break;
case 's' :
+ REQUIRE_ARG(optstate->option, optstate->value);
revMethodsData[revDataIndex].
- methodFlagsStr = PL_strdup(optstate->value); break;
+ methodFlagsStr = PL_strdup(optstate->value);
+ break;
case 't' : trusted = PR_TRUE; break;
- case 'u' : usage = PORT_Atoi(optstate->value);
+ case 'u' :
+ REQUIRE_ARG(optstate->option,optstate->value);
+ usage = PORT_Atoi(optstate->value);
if (usage < 0 || usage > 62) Usage(progName);
certUsage = ((SECCertificateUsage)1) << usage;
if (certUsage > certificateUsageHighest) Usage(progName);
break;
case 'w':
+ REQUIRE_ARG(optstate->option,optstate->value);
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(optstate->value);
break;
case 'W':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(optstate->value);
break;
Index: ./mozilla/security/nss/cmd/vfyserv/vfyserv.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/vfyserv/vfyserv.c,v
retrieving revision 1.17
diff -u -p -r1.17 vfyserv.c
--- ./mozilla/security/nss/cmd/vfyserv/vfyserv.c 8 Aug 2008 23:48:12 -0000 1.17
+++ ./mozilla/security/nss/cmd/vfyserv/vfyserv.c 2 Mar 2010 18:29:52 -0000
@@ -419,6 +419,15 @@ client_main(unsigned short port,
Usage(progName); \
}
+static void
+PrintMsgAndExit(const char *progName, char opt)
+{
+ fprintf(stderr, "%s: option -%c requires argument\n", progName, opt);
+ Usage(progName);
+}
+
+#define REQUIRE_ARG(opt,value) if (!(value)) PrintMsgAndExit(progName, opt)
+
int
main(int argc, char **argv)
{
@@ -442,23 +451,43 @@ main(int argc, char **argv)
optstate = PL_CreateOptState(argc, argv, "C:cd:f:l:n:p:ot:w:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
- case 'C' : cipherString = PL_strdup(optstate->value); break;
- case 'c' : dumpChain = PR_TRUE; break;
- case 'd' : certDir = PL_strdup(optstate->value); break;
- case 'l' : respUrl = PL_strdup(optstate->value); break;
- case 'p' : port = PORT_Atoi(optstate->value); break;
- case 'o' : doOcspCheck = PR_TRUE; break;
- case 't' : respCertName = PL_strdup(optstate->value); break;
- case 'w':
+ case 'C' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ cipherString = PL_strdup(optstate->value);
+ break;
+ case 'c' : dumpChain = PR_TRUE;
+ break;
+ case 'd' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ certDir = PL_strdup(optstate->value);
+ break;
+ case 'l' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ respUrl = PL_strdup(optstate->value);
+ break;
+ case 'p' :
+ REQUIRE_ARG(optstate->option,optstate->value);
+ port = PORT_Atoi(optstate->value);
+ break;
+ case 'o' : doOcspCheck = PR_TRUE;
+ break;
+ case 't' :
+ REQUIRE_ARG(optstate->option, optstate->value);
+ respCertName = PL_strdup(optstate->value);
+ break;
+ case 'w' :
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(optstate->value);
break;
-
case 'f':
+ REQUIRE_ARG(optstate->option, optstate->value);
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(optstate->value);
break;
- case '\0': hostName = PL_strdup(optstate->value); break;
+ case '\0':
+ REQUIRE_ARG(optstate->option,optstate->value);
+ hostName = PL_strdup(optstate->value); break;
default : Usage(progName);
}
}