Update to version 3.14.3

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@jollamobile.com>
sailfishos · Apr 5, 2013 · bee2a57 · bee2a57
1 parent 91777af
commit bee2a57
Show file tree

Hide file tree

Showing 9 changed files with 566 additions and 10 deletions.
diff --git a/0001-sync-up-with-upstream-softokn-changes.patch b/0001-sync-up-with-upstream-softokn-changes.patch
diff --git a/add_SEC_PKCS7VerifyDetachedSignatureAtTime_842856.patch b/add_SEC_PKCS7VerifyDetachedSignatureAtTime_842856.patch
@@ -0,0 +1,141 @@
+Index: mozilla/security/nss/lib/pkcs7/p7decode.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/p7decode.c,v
+retrieving revision 1.31
+diff -p -u -r1.31 p7decode.c
+--- mozilla/security/nss/lib/pkcs7/p7decode.c	12 Dec 2012 19:25:36 -0000	1.31
++++ mozilla/security/nss/lib/pkcs7/p7decode.c	20 Feb 2013 00:45:08 -0000
+@@ -1281,7 +1281,8 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
+ 			   SECCertUsage certusage,
+ 			   const SECItem *detached_digest,
+ 			   HASH_HashType digest_type,
+-			   PRBool keepcerts)
++			   PRBool keepcerts,
++			   PRTime atTime)
+ {
+     SECAlgorithmID **digestalgs, *bulkid;
+     const SECItem *digest;
+@@ -1299,7 +1300,8 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
+     SECItem *content_type;
+     PK11SymKey *sigkey;
+     SECItem *encoded_stime;
+-    int64 stime;
++    PRTime stime;
++    PRTime verificationTime;
+     SECStatus rv;
+
+     /*
+@@ -1436,8 +1438,10 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
+      * in a time (and for non-S/MIME callers to pass in nothing, or
+      * maybe make them pass in the current time, always?).
+      */
++    verificationTime = atTime ? atTime
++			      : (encoded_stime ? stime : PR_Now());
+     if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage,
+-			 encoded_stime != NULL ? stime : PR_Now(),
++			 verificationTime,
+ 			 cinfo->pwfn_arg, NULL) != SECSuccess)
+ 	{
+ 	/*
+@@ -1757,7 +1761,7 @@ SEC_PKCS7VerifySignature(SEC_PKCS7Conten
+ 			 PRBool keepcerts)
+ {
+     return sec_pkcs7_verify_signature (cinfo, certusage,
+-				       NULL, HASH_AlgNULL, keepcerts);
++				       NULL, HASH_AlgNULL, keepcerts, 0);
+ }
+
+ /*
+@@ -1779,9 +1783,34 @@ SEC_PKCS7VerifyDetachedSignature(SEC_PKC
+ {
+     return sec_pkcs7_verify_signature (cinfo, certusage,
+ 				       detached_digest, digest_type,
+-				       keepcerts);
++				       keepcerts, 0);
+ }
+
++/*
++ * SEC_PKCS7VerifyDetachedSignatureAtTime
++ *      Look at a PKCS7 contentInfo and check if the signature matches
++ *      a passed-in digest (calculated, supposedly, from detached contents).
++ *      The verification checks that the signing cert is valid and trusted
++ *      for the purpose specified by "certusage" at time "atTime"
++ *      if "atTime" is non-zero, or at the current time (as returned by
++ *      PR_Now) otherwise.
++ */
++PRBool
++SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
++				       SECCertUsage certusage,
++				       const SECItem *detached_digest,
++				       HASH_HashType digest_type,
++				       PRBool keepcerts,
++				       PRTime atTime)
++{
++    if (!atTime) {
++	atTime = PR_Now();
++    }
++
++    return sec_pkcs7_verify_signature (cinfo, certusage,
++				       detached_digest, digest_type,
++				       keepcerts, atTime);
++}
+
+ /*
+  * Return the asked-for portion of the name of the signer of a PKCS7
+@@ -1844,7 +1873,7 @@ sec_pkcs7_get_signer_cert_info(SEC_PKCS7
+ 	 * some valid usage to pass in.
+ 	 */
+ 	(void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner,
+-					   NULL, HASH_AlgNULL, PR_FALSE);
++					   NULL, HASH_AlgNULL, PR_FALSE, 0);
+ 	signercert = signerinfos[0]->cert;
+ 	if (signercert == NULL)
+ 	    return NULL;
+Index: mozilla/security/nss/lib/pkcs7/secpkcs7.h
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/secpkcs7.h,v
+retrieving revision 1.10
+diff -p -u -r1.10 secpkcs7.h
+--- mozilla/security/nss/lib/pkcs7/secpkcs7.h	27 Nov 2012 22:48:08 -0000	1.10
++++ mozilla/security/nss/lib/pkcs7/secpkcs7.h	20 Feb 2013 00:45:08 -0000
+@@ -133,6 +133,23 @@ extern PRBool SEC_PKCS7VerifyDetachedSig
+ 					       HASH_HashType digest_type,
+ 					       PRBool keepcerts);
+
++
++/*
++ * SEC_PKCS7VerifyDetachedSignatureAtTime
++ *      Look at a PKCS7 contentInfo and check if the signature matches
++ *      a passed-in digest (calculated, supposedly, from detached contents).
++ *      The verification checks that the signing cert is valid and trusted
++ *      for the purpose specified by "certusage" at time "atTime"
++ *      if "atTime" is non-zero, or at the current time (as returned by
++ *      PR_Now) otherwise.
++ */
++extern PRBool SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
++						     SECCertUsage certusage,
++						     const SECItem *detached_digest,
++						     HASH_HashType digest_type,
++						     PRBool keepcerts,
++						     PRTime atTime);
++
+ /*
+  * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
+  *      The passed-in contentInfo is espected to be Signed, and these
+Index: mozilla/security/nss/lib/smime/smime.def
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/smime/smime.def,v
+retrieving revision 1.39
+diff -p -u -r1.39 smime.def
+--- mozilla/security/nss/lib/smime/smime.def	25 Apr 2012 14:50:09 -0000	1.39
++++ mozilla/security/nss/lib/smime/smime.def	20 Feb 2013 00:45:08 -0000
+@@ -267,3 +267,9 @@ NSSSMIME_GetVersion;
+ ;+    local:
+ ;+       *;
+ ;+};
++;+NSS_3.14.3 {    # NSS 3.14.3 release
++;+    global:
++SEC_PKCS7VerifyDetachedSignatureAtTime;
++;+    local:
++;+       *;
++;+};
diff --git a/nss-3.13.3-stripped.tar.bz2 b/nss-3.13.3-stripped.tar.bz2
diff --git a/nss-3.14.3-stripped.tar.bz2 b/nss-3.14.3-stripped.tar.bz2
diff --git a/nss-no-rpath.patch b/nss-no-rpath.patch
@@ -1,14 +1,14 @@
---- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2007-02-19 07:17:06.000000000 +0100
-+++ ./mozilla/security/nss/cmd/platlibs.mk	2007-02-19 07:18:07.000000000 +0100
-@@ -52,9 +52,9 @@
+--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath	2013-03-09 02:09:57.584660753 +0200
++++ ./mozilla/security/nss/cmd/platlibs.mk	2013-03-09 02:10:59.144484108 +0200
+@@ -18,9 +18,9 @@
 
  ifeq ($(OS_ARCH), Linux)
  ifeq ($(USE_64), 1)
--EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
  else
--EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
-+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
  endif
  endif
 
diff --git a/nss-pem-20101125.tar.bz2 b/nss-pem-20101125.tar.bz2
diff --git a/nss-pem-20120811.tar.bz2 b/nss-pem-20120811.tar.bz2
diff --git a/nss.changes b/nss.changes
@@ -1,3 +1,6 @@
+* Fri Apr 05 2013 Dmitry Rozhkov <dmitry.rozhkov@jollamobile.com> - 3.14.3
+- Update to 3.14.3
+
 * Tue Jan 22 2013 Oleg Girko <ol+mer@infoserver.ru> - 3.13.3
 - Do not rely on already installed nss to sign shared libraries.
 

diff --git a/nss.spec b/nss.spec
@@ -3,7 +3,7 @@
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.13.3
+Version:          3.14.3
 Release:          1
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
@@ -40,14 +40,16 @@ Source7:          blank-key4.db
 Source8:          system-pkcs11.txt
 Source9:          setup-nsssysinit.sh
 Source11:         nss-prelink.conf
-Source12:         %{name}-pem-20101125.tar.bz2
+Source12:         %{name}-pem-20120811.tar.bz2
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-nolocalsql.patch
 Patch3:           nss-3.12.8-char.patch
 Patch6:           nss-enable-pem.patch
 Patch8:           nss-sysinit-userdb-first.patch
 Patch9:           nss-3.13.3-notimestamps.patch
+Patch10:          0001-sync-up-with-upstream-softokn-changes.patch
+Patch11:          add_SEC_PKCS7VerifyDetachedSignatureAtTime_842856.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -133,6 +135,8 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch8 -p0 -b .rh603313
 %patch9 -p1 -b .timestamping
+%patch10 -p1 -b .softokn
+%patch11 -p0 -b .842856
 
 %build
 
@@ -429,7 +433,9 @@ done
 %{_includedir}/nss3/sslproto.h
 %{_includedir}/nss3/sslt.h
 %{_includedir}/nss3/utilrename.h
-
+%{_includedir}/nss3/utilmodt.h
+%{_includedir}/nss3/utilpars.h
+%{_includedir}/nss3/utilparst.h
 
 %files pkcs11-devel
 %defattr(-, root, root,-)