Hello community,
here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2012-02-24 12:06:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nss.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss", Maintainer is "gnome-maintainers@suse.de"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2012-02-17 15:00:52.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mozilla-nss.new/mozilla-nss.changes 2012-02-24 12:06:12.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Feb 23 15:06:34 UTC 2012 - wr@rosenauer.org
+
+- update to 3.13.3 RTM
+ - distrust Trustwave's MITM certificates (bmo#724929)
+ - fix generic blacklisting mechanism (bmo#727204)
+
+-------------------------------------------------------------------
Old:
----
nss-3.13.2.tar.bz2
New:
----
nss-3.13.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nss.spec ++++++
--- /var/tmp/diff_new_pack.fD1iIu/_old 2012-02-24 12:06:14.000000000 +0100
+++ /var/tmp/diff_new_pack.fD1iIu/_new 2012-02-24 12:06:14.000000000 +0100
@@ -30,7 +30,7 @@
%if %suse_version > 1030
BuildRequires: sqlite3-devel
%endif
-Version: 3.13.2
+Version: 3.13.3
Release: 0
# bug437293
%ifarch ppc64
++++++ nss-3.13.2.tar.bz2 -> nss-3.13.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/certhigh/certvfypkix.c new/nss-3.13.3/mozilla/security/nss/lib/certhigh/certvfypkix.c
--- old/nss-3.13.2/mozilla/security/nss/lib/certhigh/certvfypkix.c 2011-11-17 01:20:21.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/certhigh/certvfypkix.c 2012-02-17 23:22:43.000000000 +0100
@@ -859,7 +859,7 @@
void *plContext)
{
int errLevel = 0;
- PKIX_UInt32 nssErr = 0;
+ PKIX_Int32 nssErr = 0;
PKIX_Error *errPtr = error;
PKIX_ENTER(CERTVFYPKIX, "cert_PkixErrorToNssCode");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.c new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.c
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.c 2012-01-17 23:02:37.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.c 2012-02-18 22:41:45.000000000 +0100
@@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17 22:02:37 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17 22:02:37 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18 21:41:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18 21:41:45 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@@ -1075,6 +1075,12 @@
static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@@ -1083,7 +1089,7 @@
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
- { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17 22:02:37 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.84 $ $Date: 2012/01/17 22:02:37 $", (PRUint32)160 }
+ { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18 21:41:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.85 $ $Date: 2012/02/18 21:41:45 $", (PRUint32)160 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@@ -22713,6 +22719,56 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
+static const NSSItem nss_builtins_items_340 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"MITM subCA 1 issued by Trustwave", (PRUint32)33 },
+ { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123"
+"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156"
+"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150"
+"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030"
+"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156"
+"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004"
+"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147"
+"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156"
+"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060"
+"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141"
+"\100\164\162\165\163\164\167\141\166\145\056\143\157\155"
+, (PRUint32)174 },
+ { (void *)"\002\004\153\111\322\005"
+, (PRUint32)6 },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_341 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"MITM subCA 2 issued by Trustwave", (PRUint32)33 },
+ { (void *)"\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123"
+"\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156"
+"\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150"
+"\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030"
+"\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156"
+"\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004"
+"\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147"
+"\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156"
+"\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060"
+"\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141"
+"\100\164\162\165\163\164\167\141\166\145\056\143\157\155"
+, (PRUint32)174 },
+ { (void *)"\002\004\153\111\322\006"
+, (PRUint32)6 },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
builtinsInternalObject
nss_builtins_data[] = {
@@ -23057,11 +23113,13 @@
{ 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} },
{ 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} },
{ 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} },
- { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }
+ { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} },
+ { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} },
+ { 11, nss_builtins_types_341, nss_builtins_items_341, {NULL} }
};
const PRUint32
#ifdef DEBUG
- nss_builtins_nObjects = 339+1;
+ nss_builtins_nObjects = 341+1;
#else
- nss_builtins_nObjects = 339;
+ nss_builtins_nObjects = 341;
#endif /* DEBUG */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.txt new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2012-01-17 23:02:37.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/certdata.txt 2012-02-18 22:41:46.000000000 +0100
@@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.81 $ $Date: 2012/01/17 22:02:37 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.82 $ $Date: 2012/02/18 21:41:46 $"
#
# certdata.txt
@@ -23413,3 +23413,65 @@
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929
+# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000005 (0x6b49d205)
+# Not Before: Apr 7 15:37:15 2011 GMT
+# Not After : Apr 4 15:37:15 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\005
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929
+# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000006 (0x6b49d206)
+# Not Before: Apr 18 21:09:30 2011 GMT
+# Not After : Apr 15 21:09:30 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h
--- old/nss-3.13.2/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2012-01-17 23:02:38.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h 2012-02-18 22:41:46.000000000 +0100
@@ -77,8 +77,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 89
-#define NSS_BUILTINS_LIBRARY_VERSION "1.89"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 90
+#define NSS_BUILTINS_LIBRARY_VERSION "1.90"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c
--- old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c 2008-11-20 04:32:20.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.c 2012-02-17 23:22:44.000000000 +0100
@@ -60,7 +60,7 @@
#endif /* PKIX_ERROR_DESCRIPTION */
-extern const int PKIX_PLErrorIndex[];
+extern const PKIX_Int32 PKIX_PLErrorIndex[];
/* --Private-Functions-------------------------------------------- */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h
--- old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h 2008-02-25 22:32:45.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix/util/pkix_error.h 2012-02-17 23:22:44.000000000 +0100
@@ -53,7 +53,7 @@
struct PKIX_ErrorStruct {
PKIX_ERRORCODE errCode;
PKIX_ERRORCLASS errClass; /* was formerly "code" */
- PKIX_UInt32 plErr;
+ PKIX_Int32 plErr;
PKIX_Error *cause;
PKIX_PL_Object *info;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
--- old/nss-3.13.2/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c 2008-02-29 01:50:17.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c 2012-02-17 23:22:44.000000000 +0100
@@ -47,7 +47,7 @@
#define PKIX_ERRORENTRY(name,desc,plerr) plerr
-const SECErrorCodes PKIX_PLErrorIndex[] =
+const PKIX_Int32 PKIX_PLErrorIndex[] =
{
#include "pkix_errorstrings.h"
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/nss/nss.h new/nss-3.13.3/mozilla/security/nss/lib/nss/nss.h
--- old/nss-3.13.2/mozilla/security/nss/lib/nss/nss.h 2012-02-15 22:56:55.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/nss/nss.h 2012-02-19 00:22:43.000000000 +0100
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: nss.h,v 1.89 2012/02/15 21:56:55 kaie%kuix.de Exp $ */
+/* $Id: nss.h,v 1.91 2012/02/18 23:22:43 kaie%kuix.de Exp $ */
#ifndef __nss_h_
#define __nss_h_
@@ -66,11 +66,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.13.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION "3.13.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 13
-#define NSS_VPATCH 2
-#define NSS_VBUILD 1
+#define NSS_VPATCH 3
+#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/pkcs12/p12d.c new/nss-3.13.3/mozilla/security/nss/lib/pkcs12/p12d.c
--- old/nss-3.13.2/mozilla/security/nss/lib/pkcs12/p12d.c 2010-09-13 22:05:03.000000000 +0200
+++ new/nss-3.13.3/mozilla/security/nss/lib/pkcs12/p12d.c 2012-02-17 23:34:39.000000000 +0100
@@ -931,7 +931,7 @@
goto loser;
}
- /* open the temp file for writing, if the filter functions were set */
+ /* open the temp file for writing, if the digest functions were set */
if(p12dcx->dOpen && (*p12dcx->dOpen)(p12dcx->dArg, PR_FALSE)
!= SECSuccess) {
p12dcx->errorValue = PORT_GetError();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/pki/pki3hack.c new/nss-3.13.3/mozilla/security/nss/lib/pki/pki3hack.c
--- old/nss-3.13.2/mozilla/security/nss/lib/pki/pki3hack.c 2011-11-17 01:20:21.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/pki/pki3hack.c 2012-02-17 23:44:56.000000000 +0100
@@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.105 $ $Date: 2011/11/17 00:20:21 $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.106 $ $Date: 2012/02/17 22:44:56 $";
#endif /* DEBUG */
/*
@@ -768,6 +768,22 @@
if (context) {
/* trust */
nssTrust = nssCryptoContext_FindTrustForCertificate(context, c);
+ if (!nssTrust) {
+ /* chicken and egg issue:
+ *
+ * c->issuer and c->serial are empty at this point, but
+ * nssTrustDomain_FindTrustForCertificate use them to look up
+ * up the trust object, so we point them to cc->derIssuer and
+ * cc->serialNumber.
+ *
+ * Our caller will fill these in with proper arena copies when we
+ * return. */
+ c->issuer.data = cc->derIssuer.data;
+ c->issuer.size = cc->derIssuer.len;
+ c->serial.data = cc->serialNumber.data;
+ c->serial.size = cc->serialNumber.len;
+ nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c);
+ }
if (nssTrust) {
trust = cert_trust_from_stan_trust(nssTrust, cc->arena);
if (trust) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/softoken/secmodt.h new/nss-3.13.3/mozilla/security/nss/lib/softoken/secmodt.h
--- old/nss-3.13.2/mozilla/security/nss/lib/softoken/secmodt.h 2012-01-18 00:46:27.000000000 +0100
+++ new/nss-3.13.3/mozilla/security/nss/lib/softoken/secmodt.h 2012-02-17 23:08:23.000000000 +0100
@@ -42,15 +42,19 @@
#include "secasn1.h"
#include "pkcs11t.h"
+SEC_BEGIN_PROTOS
+
/* find a better home for these... */
extern const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_EncryptedPrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PrivateKeyInfoTemplate)
extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[];
-extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate;
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToPrivateKeyInfoTemplate)
+
+SEC_END_PROTOS
/* PKCS11 needs to be included */
typedef struct SECMODModuleStr SECMODModule;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nss-3.13.2/mozilla/security/nss/lib/softoken/sftkmod.c new/nss-3.13.3/mozilla/security/nss/lib/softoken/sftkmod.c
--- old/nss-3.13.2/mozilla/security/nss/lib/softoken/sftkmod.c 2011-10-02 19:14:44.000000000 +0200
+++ new/nss-3.13.3/mozilla/security/nss/lib/softoken/sftkmod.c 2012-02-18 00:01:31.000000000 +0100
@@ -54,6 +54,7 @@
#include "prprf.h"
#include "prsystem.h"
#include "lgglue.h"
+#include "secerr.h"
#include "secmodt.h"
#if defined (_WIN32)
#include