Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory
checked in at 2012-02-24 12:06:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss", Maintainer is "gnome-maintain...@suse.de"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2012-02-17
15:00:52.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes
2012-02-24 12:06:12.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Feb 23 15:06:34 UTC 2012 - w...@rosenauer.org
+
+- update to 3.13.3 RTM
+ - distrust Trustwave's MITM certificates (bmo#724929)
+ - fix generic blacklisting mechanism (bmo#727204)
+
+-------------------------------------------------------------------
Old:
----
nss-3.13.2.tar.bz2
New:
----
nss-3.13.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.fD1iIu/_old 2012-02-24 12:06:14.000000000 +0100
+++ /var/tmp/diff_new_pack.fD1iIu/_new 2012-02-24 12:06:14.000000000 +0100
@@ -30,7 +30,7 @@
%if %suse_version > 1030
BuildRequires: sqlite3-devel
%endif
-Version: 3.13.2
+Version: 3.13.3
Release: 0
# bug437293
%ifarch ppc64
++++++ nss-3.13.2.tar.bz2 -> nss-3.13.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/certhigh/certvfypkix.c
new/nss-3.13.3/mozilla/security/nss/lib/certhigh/certvfypkix.c
--- old/nss-3.13.2/mozilla/security/nss/lib/certhigh/certvfypkix.c
2011-11-17 01:20:21.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/certhigh/certvfypkix.c
2012-02-17 23:22:43.000000000 +0100
@@ -859,7 +859,7 @@
void *plContext)
{
int errLevel = 0;
- PKIX_UInt32 nssErr = 0;
+ PKIX_Int32 nssErr = 0;
PKIX_Error *errPtr = error;
PKIX_ENTER(CERTVFYPKIX, "cert_PkixErrorToNssCode");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.c
new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.c
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.c
2012-01-17 23:02:37.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.c
2012-02-18 22:41:45.000000000 +0100
@@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $
$Date: 2012/01/17 22:02:37 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $
$Date: 2012/01/17 22:02:37 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $
$Date: 2012/02/18 21:41:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $
$Date: 2012/02/18 21:41:45 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@@ -1075,6 +1075,12 @@
static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL,
CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER,
CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING,
CKA_TRUST_STEP_UP_APPROVED
};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL,
CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH,
CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL,
CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH,
CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@@ -1083,7 +1089,7 @@
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17
22:02:37 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17
22:02:37 $", (PRUint32)160 }
+ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18
21:41:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18
21:41:45 $", (PRUint32)160 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@@ -22713,6 +22719,56 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
+static const NSSItem nss_builtins_items_340 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"MITM subCA 1 issued by Trustwave", (PRUint32)33 },
+ { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123"
+"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156"
+"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150"
+"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030"
+"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156"
+"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004"
+"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147"
+"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156"
+"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060"
+"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141"
+"\100\164\162\165\163\164\167\141\166\145\056\143\157\155"
+, (PRUint32)174 },
+ { (void *)"\002\004\153\111\322\005"
+, (PRUint32)6 },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_341 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"MITM subCA 2 issued by Trustwave", (PRUint32)33 },
+ { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123"
+"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156"
+"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150"
+"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030"
+"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156"
+"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004"
+"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147"
+"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156"
+"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060"
+"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141"
+"\100\164\162\165\163\164\167\141\166\145\056\143\157\155"
+, (PRUint32)174 },
+ { (void *)"\002\004\153\111\322\006"
+, (PRUint32)6 },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
builtinsInternalObject
nss_builtins_data[] = {
@@ -23057,11 +23113,13 @@
{ 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
{ 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
{ 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
+ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
+ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
+ { 11, nss_builtins_types_341, nss_builtins_items_341, {NULL} }
};
const PRUint32
#ifdef DEBUG
- nss_builtins_nObjects = 339+1;
+ nss_builtins_nObjects = 341+1;
#else
- nss_builtins_nObjects = 339;
+ nss_builtins_nObjects = 341;
#endif /* DEBUG */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
2012-01-17 23:02:37.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
2012-02-18 22:41:46.000000000 +0100
@@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.81 $ $Date: 2012/01/17
22:02:37 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.82 $ $Date: 2012/02/18
21:41:46 $"
#
# certdata.txt
@@ -23413,3 +23413,65 @@
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929
+# Issuer: E=c...@trustwave.com,CN="Trustwave Organization Issuing CA, Level
2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000005 (0x6b49d205)
+# Not Before: Apr 7 15:37:15 2011 GMT
+# Not After : Apr 4 15:37:15 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\005
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929
+# Issuer: E=c...@trustwave.com,CN="Trustwave Organization Issuing CA, Level
2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000006 (0x6b49d206)
+# Not Before: Apr 18 21:09:30 2011 GMT
+# Not After : Apr 15 21:09:30 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
2012-01-17 23:02:38.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
2012-02-18 22:41:46.000000000 +0100
@@ -77,8 +77,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 89
-#define NSS_BUILTINS_LIBRARY_VERSION "1.89"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 90
+#define NSS_BUILTINS_LIBRARY_VERSION "1.90"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c
new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c
--- old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c
2008-11-20 04:32:20.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c
2012-02-17 23:22:44.000000000 +0100
@@ -60,7 +60,7 @@
#endif /* PKIX_ERROR_DESCRIPTION */
-extern const int PKIX_PLErrorIndex[];
+extern const PKIX_Int32 PKIX_PLErrorIndex[];
/* --Private-Functions-------------------------------------------- */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h
new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h
--- old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h
2008-02-25 22:32:45.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h
2012-02-17 23:22:44.000000000 +0100
@@ -53,7 +53,7 @@
struct PKIX_ErrorStruct {
PKIX_ERRORCODE errCode;
PKIX_ERRORCLASS errClass; /* was formerly "code" */
- PKIX_UInt32 plErr;
+ PKIX_Int32 plErr;
PKIX_Error *cause;
PKIX_PL_Object *info;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
---
old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
2008-02-29 01:50:17.000000000 +0100
+++
new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
2012-02-17 23:22:44.000000000 +0100
@@ -47,7 +47,7 @@
#define PKIX_ERRORENTRY(name,desc,plerr) plerr
-const SECErrorCodes PKIX_PLErrorIndex[] =
+const PKIX_Int32 PKIX_PLErrorIndex[] =
{
#include "pkix_errorstrings.h"
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/nss/nss.h
new/nss-3.13.3/mozilla/security/nss/lib/nss/nss.h
--- old/nss-3.13.2/mozilla/security/nss/lib/nss/nss.h 2012-02-15
22:56:55.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/nss/nss.h 2012-02-19
00:22:43.000000000 +0100
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: nss.h,v 1.89 2012/02/15 21:56:55 kaie%kuix.de Exp $ */
+/* $Id: nss.h,v 1.91 2012/02/18 23:22:43 kaie%kuix.de Exp $ */
#ifndef __nss_h_
#define __nss_h_
@@ -66,11 +66,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][
<ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.13.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION "3.13.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 13
-#define NSS_VPATCH 2
-#define NSS_VBUILD 1
+#define NSS_VPATCH 3
+#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/pkcs12/p12d.c
new/nss-3.13.3/mozilla/security/nss/lib/pkcs12/p12d.c
--- old/nss-3.13.2/mozilla/security/nss/lib/pkcs12/p12d.c 2010-09-13
22:05:03.000000000 +0200
+++ new/nss-3.13.3/mozilla/security/nss/lib/pkcs12/p12d.c 2012-02-17
23:34:39.000000000 +0100
@@ -931,7 +931,7 @@
goto loser;
}
- /* open the temp file for writing, if the filter functions were set */
+ /* open the temp file for writing, if the digest functions were set */
if(p12dcx->dOpen && (*p12dcx->dOpen)(p12dcx->dArg, PR_FALSE)
!= SECSuccess) {
p12dcx->errorValue = PORT_GetError();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/pki/pki3hack.c
new/nss-3.13.3/mozilla/security/nss/lib/pki/pki3hack.c
--- old/nss-3.13.2/mozilla/security/nss/lib/pki/pki3hack.c 2011-11-17
01:20:21.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/pki/pki3hack.c 2012-02-17
23:44:56.000000000 +0100
@@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.105 $
$Date: 2011/11/17 00:20:21 $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.106 $
$Date: 2012/02/17 22:44:56 $";
#endif /* DEBUG */
/*
@@ -768,6 +768,22 @@
if (context) {
/* trust */
nssTrust = nssCryptoContext_FindTrustForCertificate(context, c);
+ if (!nssTrust) {
+ /* chicken and egg issue:
+ *
+ * c->issuer and c->serial are empty at this point, but
+ * nssTrustDomain_FindTrustForCertificate use them to look up
+ * up the trust object, so we point them to cc->derIssuer and
+ * cc->serialNumber.
+ *
+ * Our caller will fill these in with proper arena copies when we
+ * return. */
+ c->issuer.data = cc->derIssuer.data;
+ c->issuer.size = cc->derIssuer.len;
+ c->serial.data = cc->serialNumber.data;
+ c->serial.size = cc->serialNumber.len;
+ nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c);
+ }
if (nssTrust) {
trust = cert_trust_from_stan_trust(nssTrust, cc->arena);
if (trust) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/softoken/secmodt.h
new/nss-3.13.3/mozilla/security/nss/lib/softoken/secmodt.h
--- old/nss-3.13.2/mozilla/security/nss/lib/softoken/secmodt.h 2012-01-18
00:46:27.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/softoken/secmodt.h 2012-02-17
23:08:23.000000000 +0100
@@ -42,15 +42,19 @@
#include "secasn1.h"
#include "pkcs11t.h"
+SEC_BEGIN_PROTOS
+
/* find a better home for these... */
extern const SEC_ASN1Template
SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser
NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_EncryptedPrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToPrivateKeyInfoTemplate)
+
+SEC_END_PROTOS
/* PKCS11 needs to be included */
typedef struct SECMODModuleStr SECMODModule;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/softoken/sftkmod.c
new/nss-3.13.3/mozilla/security/nss/lib/softoken/sftkmod.c
--- old/nss-3.13.2/mozilla/security/nss/lib/softoken/sftkmod.c 2011-10-02
19:14:44.000000000 +0200
+++ new/nss-3.13.3/mozilla/security/nss/lib/softoken/sftkmod.c 2012-02-18
00:01:31.000000000 +0100
@@ -54,6 +54,7 @@
#include "prprf.h"
#include "prsystem.h"
#include "lgglue.h"
+#include "secerr.h"
#include "secmodt.h"
#if defined (_WIN32)
#include <io.h>
@@ -562,6 +563,7 @@
PRBool found = PR_FALSE;
if (dbname == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -570,6 +572,7 @@
}
if (!rw) {
+ PORT_SetError(SEC_ERROR_READ_ONLY);
return SECFailure;
}
@@ -689,6 +692,7 @@
PRBool libFound = PR_FALSE;
if (dbname == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -698,6 +702,7 @@
/* can't write to a read only module */
if (!rw) {
+ PORT_SetError(SEC_ERROR_READ_ONLY);
return SECFailure;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/nss-3.13.2/mozilla/security/nss/lib/softoken/softkver.h
new/nss-3.13.3/mozilla/security/nss/lib/softoken/softkver.h
--- old/nss-3.13.2/mozilla/security/nss/lib/softoken/softkver.h 2012-02-15
22:56:56.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/softoken/softkver.h 2012-02-19
00:22:43.000000000 +0100
@@ -57,11 +57,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][
<ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.13.2.1" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.13.3.0" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 13
-#define SOFTOKEN_VPATCH 2
-#define SOFTOKEN_VBUILD 1
+#define SOFTOKEN_VPATCH 3
+#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/ssl/ssl3con.c
new/nss-3.13.3/mozilla/security/nss/lib/ssl/ssl3con.c
--- old/nss-3.13.2/mozilla/security/nss/lib/ssl/ssl3con.c 2012-02-15
22:52:08.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ssl/ssl3con.c 2012-02-17
10:50:04.000000000 +0100
@@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: ssl3con.c,v 1.163 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
+/* $Id: ssl3con.c,v 1.164 2012/02/17 09:50:04 kaie%kuix.de Exp $ */
#include "cert.h"
#include "ssl.h"
@@ -4363,6 +4363,12 @@
SECStatus rv;
SECItem wrappedKey;
SSLWrappedSymWrappingKey wswk;
+#ifdef NSS_ENABLE_ECC
+ PK11SymKey * Ks = NULL;
+ SECKEYPublicKey *pubWrapKey = NULL;
+ SECKEYPrivateKey *privWrapKey = NULL;
+ ECCWrappedKeyInfo *ecWrapped;
+#endif /* NSS_ENABLE_ECC */
svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY;
PORT_Assert(svrPrivKey != NULL);
@@ -4439,13 +4445,6 @@
/* wrap symmetric wrapping key in server's public key. */
switch (exchKeyType) {
-#ifdef NSS_ENABLE_ECC
- PK11SymKey * Ks = NULL;
- SECKEYPublicKey *pubWrapKey = NULL;
- SECKEYPrivateKey *privWrapKey = NULL;
- ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_ENABLE_ECC */
-
case kt_rsa:
asymWrapMechanism = CKM_RSA_PKCS;
rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/util/nssutil.h
new/nss-3.13.3/mozilla/security/nss/lib/util/nssutil.h
--- old/nss-3.13.2/mozilla/security/nss/lib/util/nssutil.h 2012-02-15
22:56:56.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/util/nssutil.h 2012-02-19
00:22:44.000000000 +0100
@@ -51,11 +51,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][
<Beta>]"
*/
-#define NSSUTIL_VERSION "3.13.2.1"
+#define NSSUTIL_VERSION "3.13.3.0"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 13
-#define NSSUTIL_VPATCH 2
-#define NSSUTIL_VBUILD 1
+#define NSSUTIL_VPATCH 3
+#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
