aboutsummaryrefslogtreecommitdiffstats
path: root/main/nss
diff options
context:
space:
mode:
Diffstat (limited to 'main/nss')
-rw-r--r--main/nss/APKBUILD14
-rw-r--r--main/nss/bmo702090.patch20
-rw-r--r--main/nss/cve-2011-3640.patch141
3 files changed, 28 insertions, 147 deletions
diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index 7d79c9d6b7..16fbb59bf4 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -2,7 +2,7 @@
pkgname=nss
pkgver=3.13.1
_ver=${pkgver//./_}
-pkgrel=0
+pkgrel=1
pkgdesc="Mozilla Network Security Services"
url="http://www.mozilla.org/projects/security/pki/nss/"
arch="all"
@@ -16,16 +16,18 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src
nss-config.in
add_spi+cacert_ca_certs.patch
ssl-renegotiate-transitional.patch
- cve-2011-3640.patch
+ bmo702090.patch
"
depends_dev="nspr-dev"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
- patch -Np1 -i ""$srcdir"/add_spi+cacert_ca_certs.patch" || return 1
- patch -Np1 -i ""$srcdir"/ssl-renegotiate-transitional.patch" || return 1
- patch -Np0 -i ""$srcdir"/nss-no-rpath.patch" || return 1
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
@@ -145,4 +147,4 @@ c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in
46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in
7f39c19b1dfd62d7db7d8bf19f156fed add_spi+cacert_ca_certs.patch
d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch
-6fa44457270956d634abe15d1f3340ab cve-2011-3640.patch"
+af8c6c19a3ef6df87141a67c6c600c13 bmo702090.patch"
diff --git a/main/nss/bmo702090.patch b/main/nss/bmo702090.patch
new file mode 100644
index 0000000000..e251485546
--- /dev/null
+++ b/main/nss/bmo702090.patch
@@ -0,0 +1,20 @@
+--- ./mozilla/security/nss/lib/util/pkcs11n.h.orig 2011-09-14 10:21:10.000000000 +0900
++++ ./mozilla/security/nss/lib/util/pkcs11n.h 2011-11-19 00:45:01.131860104 +0900
+@@ -346,7 +346,7 @@
+ * labels have never been accurate to what was really implemented.
+ * The new labels correctly reflect what the values effectively mean.
+ */
+-#if __GNUC__ > 3
++#if defined(__GNUC__) && (__GNUC__ > 3)
+ /* make GCC warn when we use these #defines */
+ /*
+ * This is really painful because GCC doesn't allow us to mark random
+@@ -362,7 +362,7 @@
+ * cast the resulting value to the deprecated type in the #define, thus
+ * producting the warning when the #define is used.
+ */
+-#if (__GNUC__ == 4) && (__GNUC_MINOR < 5)
++#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
+ /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
+ * is a gcc version issue rather than mac or ppc specific */
+ typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
diff --git a/main/nss/cve-2011-3640.patch b/main/nss/cve-2011-3640.patch
deleted file mode 100644
index ced9915102..0000000000
--- a/main/nss/cve-2011-3640.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-Index: mozilla/security/nss/lib/softoken/sftkmod.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v
-retrieving revision 1.8
-diff -p -u -r1.8 sftkmod.c
---- a/mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8
-+++ b/mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000
-@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char *
- char *sep;
-
- sep = PORT_Strrchr(dirPath,*PATH_SEPARATOR);
--#ifdef WINDOWS
-+#ifdef _WIN32
- if (!sep) {
-- sep = PORT_Strrchr(dirPath,'/');
-+ /* pkcs11i.h defines PATH_SEPARATOR as "/" for all platforms. */
-+ sep = PORT_Strrchr(dirPath,'\\');
- }
- #endif
- if (sep) {
-- *(sep)=0;
-+ *sep = 0;
-+ file = PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
-+ } else {
-+ file = PR_smprintf("%s", filename);
- }
-- file= PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
- PORT_Free(dirPath);
- return file;
- }
-@@ -242,13 +245,18 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
- char *paramsValue=NULL;
- PRBool failed = PR_TRUE;
-
-- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
-+ if ((dbname != NULL) &&
-+ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
- return sftkdbCall_ReadSecmodDB(appName, filename, dbname, params, rw);
- }
-
- moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
- if (moduleList == NULL) return NULL;
-
-+ if (dbname == NULL) {
-+ goto return_default;
-+ }
-+
- /* do we really want to use streams here */
- fd = fopen(dbname, "r");
- if (fd == NULL) goto done;
-@@ -405,7 +413,11 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
- moduleString = NULL;
- }
- done:
-- /* if we couldn't open a pkcs11 database, look for the old one */
-+ /* If we couldn't open a pkcs11 database, look for the old one.
-+ * This is necessary to maintain the semantics of the transition from
-+ * old to new DB's. If there is an old DB and not new DB, we will
-+ * automatically use the old DB. If the DB was opened read/write, we
-+ * create a new db and upgrade it from the old one. */
- if (fd == NULL) {
- char *olddbname = sftk_getOldSecmodName(dbname,filename);
- PRStatus status;
-@@ -462,6 +474,8 @@ bail:
- PR_smprintf_free(olddbname);
- }
- }
-+
-+return_default:
-
- if (!moduleList[0]) {
- char * newParams;
-@@ -515,7 +529,8 @@ sftkdb_ReleaseSecmodDBData(SDBType dbTyp
- const char *filename, const char *dbname,
- char **moduleSpecList, PRBool rw)
- {
-- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
-+ if ((dbname != NULL) &&
-+ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
- return sftkdbCall_ReleaseSecmodDBData(appName, filename, dbname,
- moduleSpecList, rw);
- }
-@@ -546,6 +561,10 @@ sftkdb_DeleteSecmodDB(SDBType dbType, co
- PRBool skip = PR_FALSE;
- PRBool found = PR_FALSE;
-
-+ if (dbname == NULL) {
-+ return SECFailure;
-+ }
-+
- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
- return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw);
- }
-@@ -669,6 +688,10 @@ sftkdb_AddSecmodDB(SDBType dbType, const
- char *block = NULL;
- PRBool libFound = PR_FALSE;
-
-+ if (dbname == NULL) {
-+ return SECFailure;
-+ }
-+
- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
- return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw);
- }
-Index: mozilla/security/nss/lib/softoken/sftkpars.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v
-retrieving revision 1.11
-diff -p -u -r1.11 sftkpars.c
---- a/mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11
-+++ b/mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000
-@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType
- char *value = NULL;
- char *save_params = param;
- const char *lconfigdir;
-+ PRBool noModDB = PR_FALSE;
- param = sftk_argStrip(param);
-
-
-@@ -631,7 +632,10 @@ sftk_getSecmodName(char *param, SDBType
-
- if (sftk_argHasFlag("flags","noModDB",save_params)) {
- /* there isn't a module db, don't load the legacy support */
-+ noModDB = PR_TRUE;
- *dbType = SDB_SQL;
-+ PORT_Free(*filename);
-+ *filename = NULL;
- *rw = PR_FALSE;
- }
-
-@@ -640,7 +644,9 @@ sftk_getSecmodName(char *param, SDBType
- secmodName="pkcs11.txt";
- }
-
-- if (lconfigdir) {
-+ if (noModDB) {
-+ value = NULL;
-+ } else if (lconfigdir && lconfigdir[0] != '\0') {
- value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName);
- } else {
- value = PR_smprintf("%s",secmodName);