NSS

Merge lp:~chrisccoulson/nss/nss-3.12.5 into lp:~mozillateam/nss/nss.head

  1. nss-3.12.5
  2. Merge into nss.head
Proposed by Chris Coulson
Status: Merged
Merged at revision: not available
Proposed branch: lp:~chrisccoulson/nss/nss-3.12.5
Merge into: lp:~mozillateam/nss/nss.head
Diff against target: 779 lines (+201/-277)
6 files modified
debian/changelog (+31/-0)
debian/control (+1/-1)
debian/libnss3-1d.symbols (+25/-0)
debian/patches/38_kbsd.patch (+77/-213)
debian/patches/38_mips64_build.patch (+7/-21)
debian/patches/85_security_load.patch (+60/-42)
To merge this branch: bzr merge lp:~chrisccoulson/nss/nss-3.12.5
To post a comment you must log in.
lp:~chrisccoulson/nss/nss-3.12.5 updated
106. By Alexander Sack

(merge lp:~chrisccoulson/nss/nss-3.12.5)
* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
  - fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
  - update debian/patches/38_kbsd.patch
  - update debian/patches/38_mips64_build.patch
  - update debian/patches/85_security_load.patch
* Remove patches that are merged upstream
  - delete debian/patches/91_nonexec_stack.patch
  - update debian/patches/series
* Bump nspr dependency to 4.8
  - update debian/control
* Add new symbols for 3.12.6
  - update debian/libnss3-1d.symbols
* rebuild rest of main for armel armv7/thumb2 optimization;
  UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2
* Add 91_nonexec_stack.patch: fix regression in stack memory
  protectons caused by unmarked assembly (LP: #409864).

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-08-01 15:06:02 +0000
3+++ debian/changelog 2010-03-29 11:55:44 +0000
4@@ -1,3 +1,34 @@
5+nss (3.12.6-0ubuntu1) UNRELEASED; urgency=low
6+
7+ * New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
8+ * Adjust patches to changed upstream code base
9+ - update debian/patches/38_kbsd.patch
10+ - update debian/patches/38_mips64_build.patch
11+ - update debian/patches/85_security_load.patch
12+ * Remove patches that are merged upstream
13+ - delete debian/patches/91_nonexec_stack.patch
14+ - update debian/patches/series
15+ * Bump nspr dependency to 4.8
16+ - update debian/control
17+ * Add new symbols for 3.12.6
18+ - update debian/libnss3-1d.symbols
19+
20+ -- Chris Coulson <chris.coulson@canonical.com> Thu, 25 Mar 2010 13:46:06 +0000
21+
22+nss (3.12.3.1-0ubuntu3) lucid; urgency=low
23+
24+ * rebuild rest of main for armel armv7/thumb2 optimization;
25+ UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2
26+
27+ -- Alexander Sack <asac@ubuntu.com> Sun, 07 Mar 2010 00:58:36 +0100
28+
29+nss (3.12.3.1-0ubuntu2) karmic; urgency=low
30+
31+ * Add 91_nonexec_stack.patch: fix regression in stack memory
32+ protectons caused by unmarked assembly (LP: #409864).
33+
34+ -- Kees Cook <kees@ubuntu.com> Mon, 24 Aug 2009 15:03:19 -0700
35+
36 nss (3.12.3.1-0ubuntu1) karmic; urgency=low
37
38 * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
39
40=== modified file 'debian/control'
41--- debian/control 2009-06-16 11:16:54 +0000
42+++ debian/control 2010-03-29 11:55:44 +0000
43@@ -3,7 +3,7 @@
44 Priority: optional
45 Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@lists.ubuntu.com>
46 XSBC-Original-Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
47-Build-Depends: debhelper (>= 5.0.0), autotools-dev, quilt (>= 0.40), dpkg-dev (>= 1.13.19), libnspr4-dev (>= 4.7.4), zlib1g-dev, libsqlite3-dev (>= 3.3.17)
48+Build-Depends: debhelper (>= 5.0.0), autotools-dev, quilt (>= 0.40), dpkg-dev (>= 1.13.19), libnspr4-dev (>= 4.8), zlib1g-dev, libsqlite3-dev (>= 3.3.17)
49 Standards-Version: 3.7.3
50 Homepage: http://www.mozilla.org/projects/security/pki/nss/
51
52
53=== modified file 'debian/libnss3-1d.symbols'
54--- debian/libnss3-1d.symbols 2009-06-16 11:23:38 +0000
55+++ debian/libnss3-1d.symbols 2010-03-29 11:55:44 +0000
56@@ -3,6 +3,7 @@
57 ATOB_ConvertAsciiToItem@NSS_3.2 3.12.2~rc1
58 BTOA_ConvertItemToAscii@NSS_3.2 3.12.2~rc1
59 BTOA_DataToAscii@NSS_3.2 3.12.2~rc1
60+ CERT_AddCertToListSorted@NSS_3.12.5 3.12.5
61 CERT_AddCertToListTail@NSS_3.2 3.12.2~rc1
62 CERT_AddExtension@NSS_3.5 3.12.2~rc1
63 CERT_AddOCSPAcceptableResponses@NSS_3.6 3.12.2~rc1
64@@ -11,6 +12,7 @@
65 CERT_AsciiToName@NSS_3.2 3.12.2~rc1
66 CERT_CRLCacheRefreshIssuer@NSS_3.7 3.12.2~rc1
67 CERT_CacheCRL@NSS_3.10 3.12.2~rc1
68+ CERT_CacheOCSPResponseFromSideChannel@NSS_3.12.6 3.12.6
69 CERT_CertChainFromCert@NSS_3.2 3.12.2~rc1
70 CERT_CertListFromCert@NSS_3.2 3.12.2~rc1
71 CERT_CertTimesValid@NSS_3.2 3.12.2~rc1
72@@ -69,8 +71,10 @@
73 CERT_DestroyValidity@NSS_3.5 3.12.2~rc1
74 CERT_DisableOCSPChecking@NSS_3.3 3.12.2~rc1
75 CERT_DisableOCSPDefaultResponder@NSS_3.3 3.12.2~rc1
76+ CERT_DistNamesFromCertList@NSS_3.12.6 3.12.6
77 CERT_DupCertList@NSS_3.2 3.12.2~rc1
78 CERT_DupCertificate@NSS_3.2 3.12.2~rc1
79+ CERT_DupDistNames@NSS_3.12.6 3.12.6
80 CERT_EnableOCSPChecking@NSS_3.2 3.12.2~rc1
81 CERT_EnableOCSPDefaultResponder@NSS_3.3 3.12.2~rc1
82 CERT_EncodeAltNameExtension@NSS_3.7 3.12.2~rc1
83@@ -260,6 +264,9 @@
84 NSS_3.11@NSS_3.11 3.12.2~rc1
85 NSS_3.12.1@NSS_3.12.1 3.12.2~rc1
86 NSS_3.12.3@NSS_3.12.3 3.12.3
87+ NSS_3.12.4@NSS_3.12.4 3.12.5
88+ NSS_3.12.5@NSS_3.12.5 3.12.5
89+ NSS_3.12.6@NSS_3.12.6 3.12.6
90 NSS_3.12@NSS_3.12 3.12.2~rc1
91 NSS_3.2.1@NSS_3.2.1 3.12.2~rc1
92 NSS_3.2@NSS_3.2 3.12.2~rc1
93@@ -310,6 +317,7 @@
94 NSS_Get_SEC_UTF8StringTemplate@NSS_3.4 3.12.2~rc1
95 NSS_Get_sgn_DigestInfoTemplate@NSS_3.2 3.12.2~rc1
96 NSS_Init@NSS_3.2 3.12.2~rc1
97+ NSS_InitContext@NSS_3.12.5 3.12.5
98 NSS_InitReadWrite@NSS_3.2 3.12.2~rc1
99 NSS_InitWithMerge@NSS_3.12 3.12.2~rc1
100 NSS_Initialize@NSS_3.2 3.12.2~rc1
101@@ -318,6 +326,7 @@
102 NSS_PutEnv@NSS_3.2 3.12.2~rc1
103 NSS_RegisterShutdown@NSS_3.11.1 3.12.2~rc1
104 NSS_Shutdown@NSS_3.2 3.12.2~rc1
105+ NSS_ShutdownContext@NSS_3.12.5 3.12.5
106 NSS_UnregisterShutdown@NSS_3.11.1 3.12.2~rc1
107 NSS_VersionCheck@NSS_3.2 3.12.2~rc1
108 PBE_CreateContext@NSS_3.3 3.12.2~rc1
109@@ -477,6 +486,7 @@
110 PK11_IsFriendly@NSS_3.2 3.12.2~rc1
111 PK11_IsHW@NSS_3.2 3.12.2~rc1
112 PK11_IsInternal@NSS_3.2 3.12.2~rc1
113+ PK11_IsInternalKeySlot@NSS_3.12.4 3.12.5
114 PK11_IsLoggedIn@NSS_3.3 3.12.2~rc1
115 PK11_IsPresent@NSS_3.2 3.12.2~rc1
116 PK11_IsReadOnly@NSS_3.2 3.12.2~rc1
117@@ -662,17 +672,20 @@
118 SECMOD_FreeModuleSpecList@NSS_3.4 3.12.2~rc1
119 SECMOD_GetDBModuleList@NSS_3.9 3.12.2~rc1
120 SECMOD_GetDeadModuleList@NSS_3.9 3.12.2~rc1
121+ SECMOD_GetDefaultModDBFlag@NSS_3.12.5 3.12.5
122 SECMOD_GetDefaultModuleList@NSS_3.3 3.12.2~rc1
123 SECMOD_GetDefaultModuleListLock@NSS_3.3 3.12.2~rc1
124 SECMOD_GetInternalModule@NSS_3.3 3.12.2~rc1
125 SECMOD_GetModuleSpecList@NSS_3.4 3.12.2~rc1
126 SECMOD_GetReadLock@NSS_3.3 3.12.2~rc1
127+ SECMOD_GetSkipFirstFlag@NSS_3.12.5 3.12.5
128 SECMOD_HasRemovableSlots@NSS_3.9.3 3.12.2~rc1
129 SECMOD_HasRootCerts@NSS_3.11 3.12.2~rc1
130 SECMOD_IsModulePresent@NSS_3.2 3.12.2~rc1
131 SECMOD_LoadModule@NSS_3.4 3.12.2~rc1
132 SECMOD_LoadUserModule@NSS_3.4 3.12.2~rc1
133 SECMOD_LookupSlot@NSS_3.2 3.12.2~rc1
134+ SECMOD_OpenNewSlot@NSS_3.12.4 3.12.5
135 SECMOD_OpenUserDB@NSS_3.11 3.12.2~rc1
136 SECMOD_PubCipherFlagstoInternal@NSS_3.4 3.12.2~rc1
137 SECMOD_PubMechFlagstoInternal@NSS_3.4 3.12.2~rc1
138@@ -835,6 +848,7 @@
139 NSSRWLock_UnlockRead_Util@NSSUTIL_3.12 3.12.2~rc1
140 NSSRWLock_UnlockWrite_Util@NSSUTIL_3.12 3.12.2~rc1
141 NSSUTIL_3.12.3@NSSUTIL_3.12.3 3.12.3
142+ NSSUTIL_3.12.5@NSSUTIL_3.12.5 3.12.5
143 NSSUTIL_3.12@NSSUTIL_3.12 3.12.2~rc1
144 NSS_GetAlgorithmPolicy@NSSUTIL_3.12.3 3.12.3
145 NSS_Get_SECOID_AlgorithmIDTemplate_Util@NSSUTIL_3.12 3.12.2~rc1
146@@ -863,6 +877,7 @@
147 NSS_Get_SEC_UniversalStringTemplate@NSSUTIL_3.12 3.12.2~rc1
148 NSS_Get_sgn_DigestInfoTemplate_Util@NSSUTIL_3.12 3.12.2~rc1
149 NSS_PutEnv_Util@NSSUTIL_3.12 3.12.2~rc1
150+ NSS_SecureMemcmp@NSSUTIL_3.12.5 3.12.5
151 NSS_SetAlgorithmPolicy@NSSUTIL_3.12.3 3.12.3
152 PORT_Alloc_Util@NSSUTIL_3.12 3.12.2~rc1
153 PORT_ArenaAlloc_Util@NSSUTIL_3.12 3.12.2~rc1
154@@ -876,6 +891,7 @@
155 PORT_Free_Util@NSSUTIL_3.12 3.12.2~rc1
156 PORT_GetError_Util@NSSUTIL_3.12 3.12.2~rc1
157 PORT_ISO88591_UTF8Conversion@NSSUTIL_3.12 3.12.2~rc1
158+ PORT_LoadLibraryFromOrigin@NSSUTIL_3.12.5 3.12.5
159 PORT_NewArena_Util@NSSUTIL_3.12 3.12.2~rc1
160 PORT_Realloc_Util@NSSUTIL_3.12 3.12.2~rc1
161 PORT_RegExpCaseSearch@NSSUTIL_3.12 3.12.2~rc1
162@@ -1150,6 +1166,7 @@
163 NSSSSL_VersionCheck@NSS_3.2.1 3.12.2~rc1
164 NSS_3.11.4@NSS_3.11.4 3.12.2~rc1
165 NSS_3.11.8@NSS_3.11.8 3.12.2~rc1
166+ NSS_3.12.6@NSS_3.12.6 3.12.6
167 NSS_3.2.1@NSS_3.2.1 3.12.2~rc1
168 NSS_3.2@NSS_3.2 3.12.2~rc1
169 NSS_3.4@NSS_3.4 3.12.2~rc1
170@@ -1175,16 +1192,21 @@
171 SSL_ConfigMPServerSIDCache@NSS_3.2 3.12.2~rc1
172 SSL_ConfigSecureServer@NSS_3.2 3.12.2~rc1
173 SSL_ConfigServerSessionIDCache@NSS_3.2 3.12.2~rc1
174+ SSL_ConfigServerSessionIDCacheWithOpt@NSS_3.12.6 3.12.6
175 SSL_DataPending@NSS_3.2 3.12.2~rc1
176 SSL_ForceHandshake@NSS_3.2 3.12.2~rc1
177 SSL_ForceHandshakeWithTimeout@NSS_3.11.4 3.12.2~rc1
178 SSL_GetChannelInfo@NSS_3.4 3.12.2~rc1
179 SSL_GetCipherSuiteInfo@NSS_3.4 3.12.2~rc1
180 SSL_GetClientAuthDataHook@NSS_3.2 3.12.2~rc1
181+ SSL_GetImplementedCiphers@NSS_3.12.6 3.12.6
182 SSL_GetMaxServerCacheLocks@NSS_3.4 3.12.2~rc1
183+ SSL_GetNegotiatedHostInfo@NSS_3.12.6 3.12.6
184+ SSL_GetNumImplementedCiphers@NSS_3.12.6 3.12.6
185 SSL_GetSessionID@NSS_3.2 3.12.2~rc1
186 SSL_GetStatistics@NSS_3.2 3.12.2~rc1
187 SSL_HandshakeCallback@NSS_3.2 3.12.2~rc1
188+ SSL_HandshakeNegotiatedExtension@NSS_3.12.6 3.12.6
189 SSL_ImplementedCiphers@NSS_3.2 3.12.2~rc1
190 SSL_ImportFD@NSS_3.2 3.12.2~rc1
191 SSL_InheritMPServerSIDCache@NSS_3.2 3.12.2~rc1
192@@ -1200,15 +1222,18 @@
193 SSL_PreencryptedStreamToFile@NSS_3.2 3.12.2~rc1
194 SSL_ReHandshake@NSS_3.2 3.12.2~rc1
195 SSL_ReHandshakeWithTimeout@NSS_3.11.4 3.12.2~rc1
196+ SSL_ReconfigFD@NSS_3.12.6 3.12.6
197 SSL_ResetHandshake@NSS_3.2 3.12.2~rc1
198 SSL_RestartHandshakeAfterCertReq@NSS_3.2 3.12.2~rc1
199 SSL_RestartHandshakeAfterServerCert@NSS_3.2 3.12.2~rc1
200 SSL_RevealCert@NSS_3.2 3.12.2~rc1
201 SSL_RevealPinArg@NSS_3.2 3.12.2~rc1
202 SSL_RevealURL@NSS_3.2 3.12.2~rc1
203+ SSL_SNISocketConfigHook@NSS_3.12.6 3.12.6
204 SSL_SecurityStatus@NSS_3.2 3.12.2~rc1
205 SSL_SetMaxServerCacheLocks@NSS_3.4 3.12.2~rc1
206 SSL_SetPKCS11PinArg@NSS_3.2 3.12.2~rc1
207 SSL_SetSockPeerID@NSS_3.2 3.12.2~rc1
208+ SSL_SetTrustAnchors@NSS_3.12.6 3.12.6
209 SSL_SetURL@NSS_3.2 3.12.2~rc1
210 SSL_ShutdownServerSessionIDCache@NSS_3.7.4 3.12.2~rc1
211
212=== modified file 'debian/patches/38_kbsd.patch'
213--- debian/patches/38_kbsd.patch 2009-04-29 14:33:57 +0000
214+++ debian/patches/38_kbsd.patch 2010-03-29 11:55:44 +0000
215@@ -1,23 +1,18 @@
216 ---
217- mozilla/security/coreconf/Linux.mk | 71 ++++++----------------------
218- mozilla/security/coreconf/Linux2.6.mk | 3 +
219- mozilla/security/coreconf/arch.mk | 8 +++
220- mozilla/security/coreconf/config.mk | 2
221- mozilla/security/nss/lib/freebl/unix_rand.c | 2
222- mozilla/security/nss/lib/ssl/sslmutex.c | 2
223- mozilla/security/nss/lib/ssl/sslmutex.h | 2
224- 7 files changed, 32 insertions(+), 58 deletions(-)
225+ coreconf/Linux.mk | 34 +++++++++++++++++-----------------
226+ coreconf/Linux2.6.mk | 3 +++
227+ coreconf/arch.mk | 8 ++++++++
228+ coreconf/config.mk | 2 +-
229+ nss/lib/freebl/unix_rand.c | 2 ++
230+ nss/lib/ssl/sslmutex.c | 2 +-
231+ nss/lib/ssl/sslmutex.h | 2 +-
232+ 7 files changed, 33 insertions(+), 20 deletions(-)
233
234-Index: nss-3.12.3/mozilla/security/nss/lib/freebl/unix_rand.c
235+Index: nss-3.12.6/mozilla/security/nss/lib/freebl/unix_rand.c
236 ===================================================================
237---- nss-3.12.3.orig/mozilla/security/nss/lib/freebl/unix_rand.c
238-+++ nss-3.12.3/mozilla/security/nss/lib/freebl/unix_rand.c
239-@@ -183,16 +183,18 @@
240- }
241- return rv;
242- }
243-
244- #endif
245+--- nss-3.12.6.orig/mozilla/security/nss/lib/freebl/unix_rand.c 2010-03-25 13:48:26.593065793 +0000
246++++ nss-3.12.6/mozilla/security/nss/lib/freebl/unix_rand.c 2010-03-25 13:48:26.623067512 +0000
247+@@ -188,6 +188,8 @@
248
249 #if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) \
250 || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) \
251@@ -26,198 +21,121 @@
252 || defined(NTO) || defined(__riscos__)
253 #include <sys/times.h>
254
255- #define getdtablesize() sysconf(_SC_OPEN_MAX)
256+Index: nss-3.12.6/mozilla/security/coreconf/arch.mk
257+===================================================================
258+--- nss-3.12.6.orig/mozilla/security/coreconf/arch.mk 2009-06-05 03:14:49.000000000 +0100
259++++ nss-3.12.6/mozilla/security/coreconf/arch.mk 2010-03-25 13:48:26.623067512 +0000
260+@@ -155,6 +155,14 @@
261+ ifneq ($(words $(OS_RELEASE)),1)
262+ OS_RELEASE := $(word 1,$(OS_RELEASE)).$(word 2,$(OS_RELEASE))
263+ endif
264++ KERNEL = linux
265++endif
266++
267++# This check must be last. Since all uses of OS_ARCH that follow affect only
268++# userland, we can merge other Glibc systems with Linux here.
269++ifneq (, $(filter GNU GNU_%, $(OS_ARCH)))
270++OS_ARCH = Linux
271++OS_RELEASE = 2.6
272+ endif
273
274- static size_t
275- GetHighResClock(void *buf, size_t maxbytes)
276- {
277-Index: nss-3.12.3/mozilla/security/nss/lib/ssl/sslmutex.c
278+ #
279+Index: nss-3.12.6/mozilla/security/nss/lib/ssl/sslmutex.c
280 ===================================================================
281---- nss-3.12.3.orig/mozilla/security/nss/lib/ssl/sslmutex.c
282-+++ nss-3.12.3/mozilla/security/nss/lib/ssl/sslmutex.c
283-@@ -84,17 +84,17 @@
284- if (!pMutex->u.sslLock) {
285- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
286- return SECFailure;
287- }
288- PR_Lock(pMutex->u.sslLock);
289+--- nss-3.12.6.orig/mozilla/security/nss/lib/ssl/sslmutex.c 2009-06-05 03:34:14.000000000 +0100
290++++ nss-3.12.6/mozilla/security/nss/lib/ssl/sslmutex.c 2010-03-25 13:48:26.623067512 +0000
291+@@ -89,7 +89,7 @@
292 return SECSuccess;
293 }
294
295--#if defined(LINUX) || defined(AIX) || defined(VMS) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
296-+#if defined(LINUX) || defined(AIX) || defined(VMS) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
297+-#if defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
298++#if defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
299
300 #include <unistd.h>
301 #include <fcntl.h>
302- #include <string.h>
303- #include <errno.h>
304- #include "unix_err.h"
305- #include "pratom.h"
306-
307-Index: nss-3.12.3/mozilla/security/nss/lib/ssl/sslmutex.h
308+Index: nss-3.12.6/mozilla/security/nss/lib/ssl/sslmutex.h
309 ===================================================================
310---- nss-3.12.3.orig/mozilla/security/nss/lib/ssl/sslmutex.h
311-+++ nss-3.12.3/mozilla/security/nss/lib/ssl/sslmutex.h
312-@@ -78,17 +78,17 @@
313- #endif
314- PRLock* sslLock;
315- HANDLE sslMutx;
316- } u;
317- } sslMutex;
318+--- nss-3.12.6.orig/mozilla/security/nss/lib/ssl/sslmutex.h 2009-06-05 03:34:15.000000000 +0100
319++++ nss-3.12.6/mozilla/security/nss/lib/ssl/sslmutex.h 2010-03-25 13:48:26.623067512 +0000
320+@@ -83,7 +83,7 @@
321
322 typedef int sslPID;
323
324--#elif defined(LINUX) || defined(AIX) || defined(VMS) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
325-+#elif defined(LINUX) || defined(AIX) || defined(VMS) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
326+-#elif defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD)
327++#elif defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
328
329 #include <sys/types.h>
330 #include "prtypes.h"
331-
332- typedef struct {
333- PRBool isMultiProcess;
334- union {
335- PRLock* sslLock;
336-Index: nss-3.12.3/mozilla/security/coreconf/Linux.mk
337+Index: nss-3.12.6/mozilla/security/coreconf/Linux.mk
338 ===================================================================
339---- nss-3.12.3.orig/mozilla/security/coreconf/Linux.mk
340-+++ nss-3.12.3/mozilla/security/coreconf/Linux.mk
341-@@ -47,107 +47,70 @@
342- endif
343-
344- CC = gcc
345- CCC = g++
346- RANLIB = ranlib
347+--- nss-3.12.6.orig/mozilla/security/coreconf/Linux.mk 2010-01-15 22:19:00.000000000 +0000
348++++ nss-3.12.6/mozilla/security/coreconf/Linux.mk 2010-03-25 13:54:10.280567769 +0000
349+@@ -52,6 +52,16 @@
350
351 DEFAULT_COMPILER = gcc
352
353--ifeq ($(OS_TEST),m68k)
354-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
355-- CPU_ARCH = m68k
356 +CPU_ARCH = $(OS_TEST)
357 +
358 +ifeq ($(KERNEL),linux)
359 + OS_REL_CFLAGS = -D_XOPEN_SOURCE -DLINUX1_2
360 + ARCH = linux
361- else
362++else
363 + OS_REL_CFLAGS = -D_XOPEN_SOURCE
364 + ARCH = gnu
365 +endif
366 +
367 ifeq ($(OS_TEST),ppc64)
368-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
369 CPU_ARCH = ppc
370 ifeq ($(USE_64),1)
371- ARCHFLAG = -m64
372+@@ -59,14 +69,11 @@
373 endif
374 else
375--ifeq ($(OS_TEST),ppc)
376-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
377-- CPU_ARCH = ppc
378--else
379 ifeq ($(OS_TEST),alpha)
380-- OS_REL_CFLAGS = -D_ALPHA_ -DLINUX1_2 -D_XOPEN_SOURCE
381+- OS_REL_CFLAGS = -D_ALPHA_
382 - CPU_ARCH = alpha
383--else
384--ifeq ($(OS_TEST),ia64)
385-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
386-- CPU_ARCH = ia64
387-+ OS_REL_CFLAGS += -D_ALPHA_
388++ OS_REL_CFLAGS += -D_ALPHA_
389 else
390 ifeq ($(OS_TEST),x86_64)
391 -ifeq ($(USE_64),1)
392-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
393 - CPU_ARCH = x86_64
394 -else
395-- OS_REL_CFLAGS = -DLINUX1_2 -Di386 -D_XOPEN_SOURCE
396+- OS_REL_CFLAGS = -Di386
397 +ifneq ($(USE_64),1)
398 + OS_REL_CFLAGS += -Di386
399 CPU_ARCH = x86
400 ARCHFLAG = -m32
401 endif
402- else
403--ifeq ($(OS_TEST),sparc)
404-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
405-- CPU_ARCH = sparc
406--else
407- ifeq ($(OS_TEST),sparc64)
408-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
409- CPU_ARCH = sparc
410- else
411- ifeq (,$(filter-out arm% sa110,$(OS_TEST)))
412-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
413- CPU_ARCH = arm
414- else
415- ifeq ($(OS_TEST),parisc)
416-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
417- CPU_ARCH = hppa
418- else
419- ifeq ($(OS_TEST),parisc64)
420-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
421- CPU_ARCH = hppa
422- else
423--ifeq ($(OS_TEST),s390)
424-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
425-- CPU_ARCH = s390
426--else
427--ifeq ($(OS_TEST),s390x)
428-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
429-- CPU_ARCH = s390x
430--else
431--ifeq ($(OS_TEST),mips)
432-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
433-- CPU_ARCH = mips
434--else
435+@@ -80,8 +87,8 @@
436+ ifeq (,$(filter-out parisc%,$(OS_TEST)))
437+ CPU_ARCH = hppa
438+ else
439 -ifeq (,$(filter-out i%86,$(OS_TEST)))
440-- OS_REL_CFLAGS = -DLINUX1_2 -Di386 -D_XOPEN_SOURCE
441+- OS_REL_CFLAGS = -Di386
442 +ifeq (,$(filter-out i686 i586 i486 i386,$(OS_TEST)))
443 + OS_REL_CFLAGS += -Di386
444 CPU_ARCH = x86
445--else
446-- OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE
447-- CPU_ARCH = $(OS_TEST)
448--endif
449--endif
450--endif
451--endif
452--endif
453--endif
454--endif
455- endif
456- endif
457- endif
458- endif
459- endif
460- endif
461- endif
462- endif
463-
464+ else
465+ ifeq ($(OS_TEST),sh4a)
466+@@ -101,7 +108,7 @@
467
468 LIBC_TAG = _glibc
469
470 -ifeq ($(OS_RELEASE),2.0)
471 +ifeq ($(KERNEL)-$(OS_RELEASE),linux-2.0)
472 OS_REL_CFLAGS += -DLINUX2_0
473- MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
474+ MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) $(RPATH)
475 ifdef MAPFILE
476- MKSHLIB += -Wl,--version-script,$(MAPFILE)
477- endif
478- PROCESS_MAP_FILE = grep -v ';-' $< | \
479- sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
480- endif
481-@@ -166,24 +129,22 @@
482-
483- OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -ansi -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR
484- OS_LIBS = $(OS_PTHREAD) -ldl -lc
485-
486- ifdef USE_PTHREADS
487+@@ -139,8 +146,6 @@
488 DEFINES += -D_REENTRANT
489 endif
490
491 -ARCH = linux
492 -
493 DSO_CFLAGS = -fPIC
494- DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,-z,defs
495- DSO_LDFLAGS =
496+ DSO_LDOPTS = -shared $(ARCHFLAG)
497+ # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
498+@@ -150,7 +155,7 @@
499+ DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
500 LDFLAGS += $(ARCHFLAG)
501
502 -# INCLUDES += -I/usr/include -Y/usr/include/linux
503@@ -225,21 +143,11 @@
504 G++INCLUDES = -I/usr/include/g++
505
506 #
507- # Always set CPU_TAG on Linux, OpenVMS, WINCE.
508- #
509- CPU_TAG = _$(CPU_ARCH)
510-
511- USE_SYSTEM_ZLIB = 1
512-Index: nss-3.12.3/mozilla/security/coreconf/Linux2.6.mk
513+Index: nss-3.12.6/mozilla/security/coreconf/Linux2.6.mk
514 ===================================================================
515---- nss-3.12.3.orig/mozilla/security/coreconf/Linux2.6.mk
516-+++ nss-3.12.3/mozilla/security/coreconf/Linux2.6.mk
517-@@ -32,17 +32,20 @@
518- # and other provisions required by the GPL or the LGPL. If you do not delete
519- # the provisions above, a recipient may use your version of this file under
520- # the terms of any one of the MPL, the GPL or the LGPL.
521- #
522- # ***** END LICENSE BLOCK *****
523+--- nss-3.12.6.orig/mozilla/security/coreconf/Linux2.6.mk 2009-06-11 01:55:32.000000000 +0100
524++++ nss-3.12.6/mozilla/security/coreconf/Linux2.6.mk 2010-03-25 13:48:26.623067512 +0000
525+@@ -37,7 +37,10 @@
526
527 include $(CORE_DEPTH)/coreconf/Linux.mk
528
529@@ -247,63 +155,19 @@
530 OS_REL_CFLAGS += -DLINUX2_1
531 +endif
532 +
533- MKSHLIB = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
534+ MKSHLIB = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) $(RPATH)
535
536 ifdef MAPFILE
537- MKSHLIB += -Wl,--version-script,$(MAPFILE)
538- endif
539- PROCESS_MAP_FILE = grep -v ';-' $< | \
540- sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
541-
542-Index: nss-3.12.3/mozilla/security/coreconf/arch.mk
543-===================================================================
544---- nss-3.12.3.orig/mozilla/security/coreconf/arch.mk
545-+++ nss-3.12.3/mozilla/security/coreconf/arch.mk
546-@@ -150,16 +150,24 @@
547- OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//')
548- endif
549-
550- ifeq ($(OS_ARCH),Linux)
551- OS_RELEASE := $(subst ., ,$(OS_RELEASE))
552- ifneq ($(words $(OS_RELEASE)),1)
553- OS_RELEASE := $(word 1,$(OS_RELEASE)).$(word 2,$(OS_RELEASE))
554- endif
555-+ KERNEL = linux
556-+endif
557-+
558-+# This check must be last. Since all uses of OS_ARCH that follow affect only
559-+# userland, we can merge other Glibc systems with Linux here.
560-+ifneq (, $(filter GNU GNU_%, $(OS_ARCH)))
561-+OS_ARCH = Linux
562-+OS_RELEASE = 2.6
563- endif
564-
565- #
566- # For OS/2
567- #
568- ifeq ($(OS_ARCH),OS_2)
569- OS_ARCH = OS2
570- OS_RELEASE := $(shell uname -v)
571-Index: nss-3.12.3/mozilla/security/coreconf/config.mk
572-===================================================================
573---- nss-3.12.3.orig/mozilla/security/coreconf/config.mk
574-+++ nss-3.12.3/mozilla/security/coreconf/config.mk
575-@@ -58,17 +58,17 @@
576- # (dependent upon <architecture> tags) #
577- # #
578- # We are moving towards just having a $(OS_TARGET).mk file #
579- # as opposed to multiple $(OS_TARGET)$(OS_RELEASE).mk files, #
580- # one for each OS release. #
581+Index: nss-3.12.6/mozilla/security/coreconf/config.mk
582+===================================================================
583+--- nss-3.12.6.orig/mozilla/security/coreconf/config.mk 2009-08-25 23:35:11.000000000 +0100
584++++ nss-3.12.6/mozilla/security/coreconf/config.mk 2010-03-25 13:48:26.623067512 +0000
585+@@ -63,7 +63,7 @@
586 #######################################################################
587
588 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
589-- OpenVMS AIX RISCOS WINNT WIN95 WINCE
590-+ OpenVMS AIX RISCOS WINNT WIN95 WINCE GNU GNU_%
591+- AIX RISCOS WINNT WIN95 WINCE
592++ AIX RISCOS WINNT WIN95 WINCE GNU GNU_%
593
594 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
595 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
596- else
597- include $(CORE_DEPTH)/coreconf/$(OS_TARGET)$(OS_RELEASE).mk
598- endif
599-
600- #######################################################################
601
602=== modified file 'debian/patches/38_mips64_build.patch'
603--- debian/patches/38_mips64_build.patch 2008-08-17 20:48:05 +0000
604+++ debian/patches/38_mips64_build.patch 2010-03-29 11:55:44 +0000
605@@ -1,18 +1,13 @@
606 ---
607- mozilla/security/coreconf/Linux.mk | 4 ++++
608+ Linux.mk | 4 ++++
609 1 file changed, 4 insertions(+)
610
611-Index: nss-3.12.1~rc1/mozilla/security/coreconf/Linux.mk
612+Index: nss-3.12.5/mozilla/security/coreconf/Linux.mk
613 ===================================================================
614---- nss-3.12.1~rc1.orig/mozilla/security/coreconf/Linux.mk
615-+++ nss-3.12.1~rc1/mozilla/security/coreconf/Linux.mk
616-@@ -85,27 +85,31 @@
617- CPU_ARCH = arm
618- else
619- ifeq ($(OS_TEST),parisc)
620- CPU_ARCH = hppa
621- else
622- ifeq ($(OS_TEST),parisc64)
623+--- nss-3.12.5.orig/mozilla/security/coreconf/Linux.mk 2010-03-24 14:12:33.052504575 +0000
624++++ nss-3.12.5/mozilla/security/coreconf/Linux.mk 2010-03-24 14:13:27.394999573 +0000
625+@@ -87,6 +87,9 @@
626+ ifeq (,$(filter-out parisc%,$(OS_TEST)))
627 CPU_ARCH = hppa
628 else
629 +ifeq ($(OS_TEST),mips64)
630@@ -21,11 +16,7 @@
631 ifeq (,$(filter-out i686 i586 i486 i386,$(OS_TEST)))
632 OS_REL_CFLAGS += -Di386
633 CPU_ARCH = x86
634- endif
635- endif
636- endif
637- endif
638- endif
639+@@ -106,6 +109,7 @@
640 endif
641 endif
642 endif
643@@ -33,8 +24,3 @@
644
645
646 LIBC_TAG = _glibc
647-
648- ifeq ($(KERNEL)-$(OS_RELEASE),linux-2.0)
649- OS_REL_CFLAGS += -DLINUX2_0
650- MKSHLIB = $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
651- ifdef MAPFILE
652
653=== modified file 'debian/patches/85_security_load.patch'
654--- debian/patches/85_security_load.patch 2009-06-16 11:17:52 +0000
655+++ debian/patches/85_security_load.patch 2010-03-29 11:55:44 +0000
656@@ -1,12 +1,55 @@
657-85_security_load.dpatch by Mike Hommey <glandium@debian.org>
658-
659-All lines beginning with `## DP:' are a description of the patch.
660-DP: Load modules from $ORIGIN/nss.
661-
662---
663---- nss/mozilla/security/nss/lib/freebl/genload.c
664-+++ nss/mozilla/security/nss/lib/freebl/genload.c
665-@@ -113,9 +124,14 @@
666+## 85_security_load.patch by Mike Hommey <glandium@debian.org>
667+##
668+## All lines beginning with `## DP:' are a description of the patch.
669+## DP: Load modules from $ORIGIN/nss.
670+
671+Index: nss-3.12.6/mozilla/security/nss/cmd/shlibsign/shlibsign.c
672+===================================================================
673+--- nss-3.12.6.orig/mozilla/security/nss/cmd/shlibsign/shlibsign.c 2008-11-20 15:44:12.000000000 +0000
674++++ nss-3.12.6/mozilla/security/nss/cmd/shlibsign/shlibsign.c 2010-03-29 12:06:03.560531797 +0100
675+@@ -769,6 +769,8 @@
676+ libname = PR_GetLibraryName(NULL, "softokn3");
677+ assert(libname != NULL);
678+ lib = PR_LoadLibrary(libname);
679++ if (!lib)
680++ lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so");
681+ assert(lib != NULL);
682+ PR_FreeLibraryName(libname);
683+
684+Index: nss-3.12.6/mozilla/security/nss/lib/pk11wrap/pk11load.c
685+===================================================================
686+--- nss-3.12.6.orig/mozilla/security/nss/lib/pk11wrap/pk11load.c 2009-10-30 09:44:45.000000000 +0000
687++++ nss-3.12.6/mozilla/security/nss/lib/pk11wrap/pk11load.c 2010-03-29 12:14:42.600534017 +0100
688+@@ -393,6 +393,7 @@
689+ SECStatus rv;
690+ PRBool alreadyLoaded = PR_FALSE;
691+ char *disableUnload = NULL;
692++ char * tmp;
693+
694+ if (mod->loaded) return SECSuccess;
695+
696+@@ -440,6 +441,16 @@
697+ * unload the library if anything goes wrong from here on out...
698+ */
699+ library = PR_LoadLibrary(full_name);
700++ if (library == NULL) {
701++ tmp = rindex(full_name, PR_GetDirectorySeparator());
702++ if (tmp)
703++ tmp++;
704++ else
705++ tmp = full_name;
706++ library = PORT_LoadLibraryFromOrigin(my_shlib_name,
707++ (PRFuncPtr) &softoken_LoadDSO,
708++ tmp);
709++ }
710+ mod->library = (void *)library;
711+ PORT_Free(full_name);
712+
713+Index: nss-3.12.6/mozilla/security/nss/lib/util/secload.c
714+===================================================================
715+--- nss-3.12.6.orig/mozilla/security/nss/lib/util/secload.c 2009-10-30 09:44:47.000000000 +0000
716++++ nss-3.12.6/mozilla/security/nss/lib/util/secload.c 2010-03-29 12:06:03.560531797 +0100
717+@@ -104,9 +104,14 @@
718
719 /* Remove the trailing filename from referencePath and add the new one */
720 c = strrchr(referencePath, PR_GetDirectorySeparator());
721@@ -22,7 +65,7 @@
722 if (fullName) {
723 memcpy(fullName, referencePath, referencePathSize);
724 strcpy(fullName + referencePathSize, name);
725-@@ -125,7 +141,17 @@
726+@@ -116,6 +121,12 @@
727 #endif
728 libSpec.type = PR_LibSpec_Pathname;
729 libSpec.value.pathname = fullName;
730@@ -32,7 +75,13 @@
731 + }
732 + strcpy(fullName + referencePathSize, "nss/");
733 + strcpy(fullName + referencePathSize + 4, name);
734- dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
735+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
736+ #ifdef PR_LD_ALT_SEARCH_PATH
737+ /* allow library's dependencies to be found in the same directory
738+@@ -123,6 +134,10 @@
739+ | PR_LD_ALT_SEARCH_PATH
740+ #endif
741+ );
742 + if (! dlh) {
743 + strcpy(fullName + referencePathSize, name);
744 + dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
745@@ -40,34 +89,3 @@
746 PORT_Free(fullName);
747 }
748 }
749---- nss/mozilla/security/nss/lib/pk11wrap/pk11load.c
750-+++ nss/mozilla/security/nss/lib/pk11wrap/pk11load.c
751-@@ -331,6 +331,14 @@
752- #endif
753-
754- if (library == NULL) {
755-+ full_name = rindex(mod->dllName, PR_GetDirectorySeparator());
756-+ if (full_name)
757-+ full_name++;
758-+ else
759-+ full_name = mod->dllName;
760-+ library = loader_LoadLibrary(full_name);
761-+ }
762-+ if (library == NULL) {
763- return SECFailure;
764- }
765-
766-diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
767-index 6e93225..501e70b 100644
768---- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c
769-+++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
770-@@ -769,6 +769,8 @@ int main(int argc, char **argv)
771- libname = PR_GetLibraryName(NULL, "softokn3");
772- assert(libname != NULL);
773- lib = PR_LoadLibrary(libname);
774-+ if (!lib)
775-+ lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so");
776- assert(lib != NULL);
777- PR_FreeLibraryName(libname);
778-
779-

Subscribers

People subscribed via source and target branches

to all changes:
to status/vote changes: