diff options
Diffstat (limited to 'main/nss')
-rw-r--r-- | main/nss/APKBUILD | 14 | ||||
-rw-r--r-- | main/nss/bmo702090.patch | 20 | ||||
-rw-r--r-- | main/nss/cve-2011-3640.patch | 141 |
3 files changed, 28 insertions, 147 deletions
diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD index 7d79c9d6b7..16fbb59bf4 100644 --- a/main/nss/APKBUILD +++ b/main/nss/APKBUILD @@ -2,7 +2,7 @@ pkgname=nss pkgver=3.13.1 _ver=${pkgver//./_} -pkgrel=0 +pkgrel=1 pkgdesc="Mozilla Network Security Services" url="http://www.mozilla.org/projects/security/pki/nss/" arch="all" @@ -16,16 +16,18 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src nss-config.in add_spi+cacert_ca_certs.patch ssl-renegotiate-transitional.patch - cve-2011-3640.patch + bmo702090.patch " depends_dev="nspr-dev" _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" - patch -Np1 -i ""$srcdir"/add_spi+cacert_ca_certs.patch" || return 1 - patch -Np1 -i ""$srcdir"/ssl-renegotiate-transitional.patch" || return 1 - patch -Np0 -i ""$srcdir"/nss-no-rpath.patch" || return 1 + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done # Respect LDFLAGS sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \ @@ -145,4 +147,4 @@ c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in 46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in 7f39c19b1dfd62d7db7d8bf19f156fed add_spi+cacert_ca_certs.patch d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch -6fa44457270956d634abe15d1f3340ab cve-2011-3640.patch" +af8c6c19a3ef6df87141a67c6c600c13 bmo702090.patch" diff --git a/main/nss/bmo702090.patch b/main/nss/bmo702090.patch new file mode 100644 index 0000000000..e251485546 --- /dev/null +++ b/main/nss/bmo702090.patch @@ -0,0 +1,20 @@ +--- ./mozilla/security/nss/lib/util/pkcs11n.h.orig 2011-09-14 10:21:10.000000000 +0900 ++++ ./mozilla/security/nss/lib/util/pkcs11n.h 2011-11-19 00:45:01.131860104 +0900 +@@ -346,7 +346,7 @@ + * labels have never been accurate to what was really implemented. + * The new labels correctly reflect what the values effectively mean. + */ +-#if __GNUC__ > 3 ++#if defined(__GNUC__) && (__GNUC__ > 3) + /* make GCC warn when we use these #defines */ + /* + * This is really painful because GCC doesn't allow us to mark random +@@ -362,7 +362,7 @@ + * cast the resulting value to the deprecated type in the #define, thus + * producting the warning when the #define is used. + */ +-#if (__GNUC__ == 4) && (__GNUC_MINOR < 5) ++#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) + /* The mac doesn't like the friendlier deprecate messages. I'm assuming this + * is a gcc version issue rather than mac or ppc specific */ + typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); diff --git a/main/nss/cve-2011-3640.patch b/main/nss/cve-2011-3640.patch deleted file mode 100644 index ced9915102..0000000000 --- a/main/nss/cve-2011-3640.patch +++ /dev/null @@ -1,141 +0,0 @@ -Index: mozilla/security/nss/lib/softoken/sftkmod.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v -retrieving revision 1.8 -diff -p -u -r1.8 sftkmod.c ---- a/mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8 -+++ b/mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000 -@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char * - char *sep; - - sep = PORT_Strrchr(dirPath,*PATH_SEPARATOR); --#ifdef WINDOWS -+#ifdef _WIN32 - if (!sep) { -- sep = PORT_Strrchr(dirPath,'/'); -+ /* pkcs11i.h defines PATH_SEPARATOR as "/" for all platforms. */ -+ sep = PORT_Strrchr(dirPath,'\\'); - } - #endif - if (sep) { -- *(sep)=0; -+ *sep = 0; -+ file = PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename); -+ } else { -+ file = PR_smprintf("%s", filename); - } -- file= PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename); - PORT_Free(dirPath); - return file; - } -@@ -242,13 +245,18 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons - char *paramsValue=NULL; - PRBool failed = PR_TRUE; - -- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { -+ if ((dbname != NULL) && -+ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) { - return sftkdbCall_ReadSecmodDB(appName, filename, dbname, params, rw); - } - - moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **)); - if (moduleList == NULL) return NULL; - -+ if (dbname == NULL) { -+ goto return_default; -+ } -+ - /* do we really want to use streams here */ - fd = fopen(dbname, "r"); - if (fd == NULL) goto done; -@@ -405,7 +413,11 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons - moduleString = NULL; - } - done: -- /* if we couldn't open a pkcs11 database, look for the old one */ -+ /* If we couldn't open a pkcs11 database, look for the old one. -+ * This is necessary to maintain the semantics of the transition from -+ * old to new DB's. If there is an old DB and not new DB, we will -+ * automatically use the old DB. If the DB was opened read/write, we -+ * create a new db and upgrade it from the old one. */ - if (fd == NULL) { - char *olddbname = sftk_getOldSecmodName(dbname,filename); - PRStatus status; -@@ -462,6 +474,8 @@ bail: - PR_smprintf_free(olddbname); - } - } -+ -+return_default: - - if (!moduleList[0]) { - char * newParams; -@@ -515,7 +529,8 @@ sftkdb_ReleaseSecmodDBData(SDBType dbTyp - const char *filename, const char *dbname, - char **moduleSpecList, PRBool rw) - { -- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { -+ if ((dbname != NULL) && -+ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) { - return sftkdbCall_ReleaseSecmodDBData(appName, filename, dbname, - moduleSpecList, rw); - } -@@ -546,6 +561,10 @@ sftkdb_DeleteSecmodDB(SDBType dbType, co - PRBool skip = PR_FALSE; - PRBool found = PR_FALSE; - -+ if (dbname == NULL) { -+ return SECFailure; -+ } -+ - if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { - return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw); - } -@@ -669,6 +688,10 @@ sftkdb_AddSecmodDB(SDBType dbType, const - char *block = NULL; - PRBool libFound = PR_FALSE; - -+ if (dbname == NULL) { -+ return SECFailure; -+ } -+ - if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { - return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw); - } -Index: mozilla/security/nss/lib/softoken/sftkpars.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v -retrieving revision 1.11 -diff -p -u -r1.11 sftkpars.c ---- a/mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11 -+++ b/mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000 -@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType - char *value = NULL; - char *save_params = param; - const char *lconfigdir; -+ PRBool noModDB = PR_FALSE; - param = sftk_argStrip(param); - - -@@ -631,7 +632,10 @@ sftk_getSecmodName(char *param, SDBType - - if (sftk_argHasFlag("flags","noModDB",save_params)) { - /* there isn't a module db, don't load the legacy support */ -+ noModDB = PR_TRUE; - *dbType = SDB_SQL; -+ PORT_Free(*filename); -+ *filename = NULL; - *rw = PR_FALSE; - } - -@@ -640,7 +644,9 @@ sftk_getSecmodName(char *param, SDBType - secmodName="pkcs11.txt"; - } - -- if (lconfigdir) { -+ if (noModDB) { -+ value = NULL; -+ } else if (lconfigdir && lconfigdir[0] != '\0') { - value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName); - } else { - value = PR_smprintf("%s",secmodName); |