Attachment 913569 Details for Bug 1099619 – backport upstream fix applied for 3.16.2

[patch] backport upstream fix applied for 3.16.2

backprtUpstreamFix.patch (text/plain), 2.64 KB, created by Elio Maldonado Batiz on 2014-06-30 22:00:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Elio Maldonado Batiz

Created: 2014-06-30 22:00:50 UTC

Size: 2.64 KB

patch

obsolete

>diff --git a/Free-dangling-reference.patch b/Free-dangling-reference.patch
>new file mode 100644
>index 0000000..b2d3554
>--- /dev/null
>+++ b/Free-dangling-reference.patch
>@@ -0,0 +1,29 @@
>+diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
>+--- a/lib/pk11wrap/pk11cert.c
>++++ b/lib/pk11wrap/pk11cert.c
>+@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
>+ 	cert->istemp = PR_FALSE;
>+ 	cert->isperm = PR_TRUE;
>+     }
>+ 
>+     /* add the new instance to the cert, force an update of the
>+      * CERTCertificate, and finish
>+      */
>+     nssPKIObject_AddInstance(&c->object, certobj);
>++    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
>++     * replace 'c' by a different value. So we add a reference to 'c' to
>++     * prevent 'c' from being destroyed. */
>++    nssCertificate_AddRef(c);
>+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
>++    /* XXX should we pass the original value of 'c' to
>++     * STAN_ForceCERTCertificateUpdate? */
>+     (void)STAN_ForceCERTCertificateUpdate(c);
>++    nssCertificate_Destroy(c);
>+     SECITEM_FreeItem(keyID,PR_TRUE);
>+     return SECSuccess;
>+ loser:
>+     CERT_MapStanError();
>+     SECITEM_FreeItem(keyID,PR_TRUE);
>+     if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
>+ 	PORT_SetError(SEC_ERROR_ADDING_CERT);
>+     }
>diff --git a/nss.spec b/nss.spec
>index 1fd2645..92e653e 100644
>--- a/nss.spec
>+++ b/nss.spec
>@@ -16,7 +16,7 @@
> Summary:          Network Security Services
> Name:             nss
> Version:          3.16.1
>-Release:          7%{?dist}
>+Release:          8%{?dist}
> License:          MPLv2.0
> URL:              http://www.mozilla.org/projects/security/pki/nss/
> Group:            System Environment/Libraries
>@@ -97,6 +97,8 @@ Patch70: manfixes.patch
> # https://bugzilla.redhat.com/show_bug.cgi?id=1096478
> # Apply this patch to the generated certutil manpage
> Patch71: indentation.patch
>+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=963150
>+Patch72: Free-dangling-reference.patch
> 
> %description
> Network Security Services (NSS) is a set of libraries designed to
>@@ -190,6 +192,9 @@ low level services.
> #%patch63 -p0 -b .hw_comp
> %patch69 -p0 -b .uint32
> %patch70 -p0 -b .cleanup
>+pushd nss
>+%patch72 -p1 -b .dangling
>+popd
> 
> #########################################################
> # Higher-level libraries and test tools need access to
>@@ -714,6 +719,10 @@ fi
> 
> 
> %changelog
>+* Mon Jun 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-8
>+- Backport an nss-3.12.6 upstream patch required by Firefox 31 ESR
>+- Resolves: Bug 1099619
>+
> * Wed Jun 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-7
> - Update nspr-version to 4.10.6
>

Flags:

rrelyea: review+

Actions: View | Diff

Attachments on bug 1099619: 898508 | 898509 | 898716 | 903189 | 913569 | 928882 | 928886 | 928887