summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2011-10-27 15:58:49 +0000
committerLars Wendler <polynomial-c@gentoo.org>2011-10-27 15:58:49 +0000
commit8d4d8a109189225afb153fbdc904c1d8a6faef2e (patch)
tree5e876a4a68da6b53ccdb95188e66cff640af1dba /dev-libs/nss/files
parentMarked stable on AMD64; objections in arch testing by Ian "idella4" Delaney &... (diff)
downloadhistorical-8d4d8a109189225afb153fbdc904c1d8a6faef2e.tar.gz
historical-8d4d8a109189225afb153fbdc904c1d8a6faef2e.tar.bz2
historical-8d4d8a109189225afb153fbdc904c1d8a6faef2e.zip
Revbump to fix CVE-2011-3640 (bug #388045)
Package-Manager: portage-2.2.0_alpha71/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/nss/files')
-rw-r--r--dev-libs/nss/files/nss-3.12.11-CVE-2011-3640.patch137
1 files changed, 137 insertions, 0 deletions
diff --git a/dev-libs/nss/files/nss-3.12.11-CVE-2011-3640.patch b/dev-libs/nss/files/nss-3.12.11-CVE-2011-3640.patch
new file mode 100644
index 000000000000..717ef74fd453
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.12.11-CVE-2011-3640.patch
@@ -0,0 +1,137 @@
+Index: mozilla/security/nss/lib/softoken/sftkmod.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v
+--- mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8
++++ mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000
+@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char *
+ char *sep;
+
+ sep = PORT_Strrchr(dirPath,*PATH_SEPARATOR);
+-#ifdef WINDOWS
++#ifdef _WIN32
+ if (!sep) {
+- sep = PORT_Strrchr(dirPath,'/');
++ /* pkcs11i.h defines PATH_SEPARATOR as "/" for all platforms. */
++ sep = PORT_Strrchr(dirPath,'\\');
+ }
+ #endif
+ if (sep) {
+- *(sep)=0;
++ *sep = 0;
++ file = PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
++ } else {
++ file = PR_smprintf("%s", filename);
+ }
+- file= PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
+ PORT_Free(dirPath);
+ return file;
+ }
+@@ -242,13 +245,18 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
+ char *paramsValue=NULL;
+ PRBool failed = PR_TRUE;
+
+- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
++ if ((dbname != NULL) &&
++ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
+ return sftkdbCall_ReadSecmodDB(appName, filename, dbname, params, rw);
+ }
+
+ moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
+ if (moduleList == NULL) return NULL;
+
++ if (dbname == NULL) {
++ goto return_default;
++ }
++
+ /* do we really want to use streams here */
+ fd = fopen(dbname, "r");
+ if (fd == NULL) goto done;
+@@ -405,7 +413,11 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
+ moduleString = NULL;
+ }
+ done:
+- /* if we couldn't open a pkcs11 database, look for the old one */
++ /* If we couldn't open a pkcs11 database, look for the old one.
++ * This is necessary to maintain the semantics of the transition from
++ * old to new DB's. If there is an old DB and not new DB, we will
++ * automatically use the old DB. If the DB was opened read/write, we
++ * create a new db and upgrade it from the old one. */
+ if (fd == NULL) {
+ char *olddbname = sftk_getOldSecmodName(dbname,filename);
+ PRStatus status;
+@@ -462,6 +474,8 @@ bail:
+ PR_smprintf_free(olddbname);
+ }
+ }
++
++return_default:
+
+ if (!moduleList[0]) {
+ char * newParams;
+@@ -515,7 +529,8 @@ sftkdb_ReleaseSecmodDBData(SDBType dbTyp
+ const char *filename, const char *dbname,
+ char **moduleSpecList, PRBool rw)
+ {
+- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
++ if ((dbname != NULL) &&
++ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
+ return sftkdbCall_ReleaseSecmodDBData(appName, filename, dbname,
+ moduleSpecList, rw);
+ }
+@@ -546,6 +561,10 @@ sftkdb_DeleteSecmodDB(SDBType dbType, co
+ PRBool skip = PR_FALSE;
+ PRBool found = PR_FALSE;
+
++ if (dbname == NULL) {
++ return SECFailure;
++ }
++
+ if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
+ return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw);
+ }
+@@ -669,6 +688,10 @@ sftkdb_AddSecmodDB(SDBType dbType, const
+ char *block = NULL;
+ PRBool libFound = PR_FALSE;
+
++ if (dbname == NULL) {
++ return SECFailure;
++ }
++
+ if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
+ return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw);
+ }
+Index: mozilla/security/nss/lib/softoken/sftkpars.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v
+--- mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11
++++ mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000
+@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType
+ char *value = NULL;
+ char *save_params = param;
+ const char *lconfigdir;
++ PRBool noModDB = PR_FALSE;
+ param = sftk_argStrip(param);
+
+
+@@ -631,7 +632,10 @@ sftk_getSecmodName(char *param, SDBType
+
+ if (sftk_argHasFlag("flags","noModDB",save_params)) {
+ /* there isn't a module db, don't load the legacy support */
++ noModDB = PR_TRUE;
+ *dbType = SDB_SQL;
++ PORT_Free(*filename);
++ *filename = NULL;
+ *rw = PR_FALSE;
+ }
+
+@@ -640,7 +644,9 @@ sftk_getSecmodName(char *param, SDBType
+ secmodName="pkcs11.txt";
+ }
+
+- if (lconfigdir) {
++ if (noModDB) {
++ value = NULL;
++ } else if (lconfigdir && lconfigdir[0] != '\0') {
+ value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName);
+ } else {
+ value = PR_smprintf("%s",secmodName);