[nss/f19] * Fri Apr 19 2013 Kai Engert <kaie at redhat.com> - 3.14.3-12.0 - Add upstream patch to fix rhbz#872761

Mon Apr 22 13:24:08 UTC 2013

commit d6b57e36c181b8889383cf67c454339a1d5fc93c
Author: Kai Engert <kaie at redhat.com>
Date:   Mon Apr 22 15:23:51 2013 +0200

    * Fri Apr 19 2013 Kai Engert <kaie at redhat.com> - 3.14.3-12.0
    - Add upstream patch to fix rhbz#872761

 nss-872761.patch |   58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 nss.spec         |    7 +++++-
 2 files changed, 64 insertions(+), 1 deletions(-)
---

diff --git a/nss-872761.patch b/nss-872761.patch
new file mode 100644
index 0000000..0c092ca
--- /dev/null
+++ b/nss-872761.patch
@@ -0,0 +1,58 @@
+Index: mozilla/security/nss/cmd/lib/secutil.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v
+retrieving revision 1.126
+diff -u -u -r1.126 secutil.c
+--- mozilla/security/nss/cmd/lib/secutil.c	7 Jan 2013 04:11:49 -0000	1.126
++++ mozilla/security/nss/cmd/lib/secutil.c	19 Apr 2013 22:43:02 -0000
+@@ -504,6 +504,8 @@
+ 
+ 	/* Read in ascii data */
+ 	rv = SECU_FileToItem(&filedata, inFile);
++	if (rv != SECSuccess)
++	    return rv;
+ 	asc = (char *)filedata.data;
+ 	if (!asc) {
+ 	    fprintf(stderr, "unable to read data from input file\n");
+@@ -519,20 +521,28 @@
+ 		body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
+ 	    if (body)
+ 		trailer = strstr(++body, "-----END");
+-	    if (trailer != NULL) {
++	    if (trailer != NULL)
+ 		*trailer = '\0';
+-	    } else {
++	    if (!body || !trailer) {
+ 		fprintf(stderr, "input has header but no trailer\n");
+ 		PORT_Free(filedata.data);
+ 		return SECFailure;
+ 	    }
+ 	} else {
+-	    body = asc;
++	    /* need one additional byte for zero terminator */
++	    rv = SECITEM_ReallocItem(NULL, &filedata, filedata.len, filedata.len+1);
++	    if (rv != SECSuccess) {
++		PORT_Free(filedata.data);
++		return rv;
++	    }
++	    filedata.len = filedata.len+1;
++	    body = (char*)filedata.data;
++	    body[filedata.len-1] = '\0';
+ 	}
+      
+ 	/* Convert to binary */
+ 	rv = ATOB_ConvertAsciiToItem(der, body);
+-	if (rv) {
++	if (rv != SECSuccess) {
+ 	    fprintf(stderr, "error converting ascii to binary (%s)\n",
+ 		    SECU_Strerror(PORT_GetError()));
+ 	    PORT_Free(filedata.data);
+@@ -543,7 +553,7 @@
+     } else {
+ 	/* Read in binary der */
+ 	rv = SECU_FileToItem(der, inFile);
+-	if (rv) {
++	if (rv != SECSuccess) {
+ 	    fprintf(stderr, "error converting der (%s)\n", 
+ 		    SECU_Strerror(PORT_GetError()));
+ 	    return SECFailure;
diff --git a/nss.spec b/nss.spec
index 391e2c8..92b776f 100644
--- a/nss.spec
+++ b/nss.spec
@@ -19,7 +19,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.14.3
-Release:          11%{?dist}
+Release:          12.0%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -80,6 +80,7 @@ Patch3:           renegotiate-transitional.patch
 Patch6:           nss-enable-pem.patch
 Patch16:          nss-539183.patch
 Patch18:          nss-646045.patch
+Patch19:          nss-872761.patch
 # must statically link pem against the freebl in the buildroot
 # Needed only when freebl on tree has new APIS
 Patch25:          nsspem-use-system-freebl.patch
@@ -173,6 +174,7 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch16 -p0 -b .539183
 %patch18 -p0 -b .646045
+%patch19 -p0 -b .872761
 # link pem against buildroot's freebl, essential when mixing and matching
 %patch25 -p0 -b .systemfreebl
 # activate for stable and beta branches
@@ -679,6 +681,9 @@ fi
 
 
 %changelog
+* Fri Apr 19 2013 Kai Engert <kaie at redhat.com> - 3.14.3-12.0
+- Add upstream patch to fix rhbz#872761
+
 * Sun Mar 24 2013 Kai Engert <kaie at redhat.com> - 3.14.3-11
 - Update expired test certificates (fixed in upstream bug 852781)
 
