Apply vendor patch to fix race condition in certificate verification

that can lead to remote code execution. Reference: https://hg.mozilla.org/projects/nss/rev/204f22c527f8 Security: CVE-2014-1544 Security: 978b0f76-122d-11e4-afe3-bc5ff4fb5e7b
svn path=/head/; revision=362631
2014-07-23 07:49:43 +00:00 · 2014-07-23 07:49:43 +00:00 · 9f034fd828 · 2021-03-31 03:12:20 +00:00
commit 9f034fd828
parent 35eec38ead
2 changed files with 31 additions and 1 deletions
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	nss
 PORTVERSION=	3.16.1
-PORTREVISION=	1
+PORTREVISION=	2
 #DISTVERSIONSUFFIX=	.with.ckbi.1.93
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
--- a/security/nss/files/patch-bug963150
+++ b/security/nss/files/patch-bug963150
@ -0,0 +1,30 @@
+diff --git lib/pk11wrap/pk11cert.c lib/pk11wrap/pk11cert.c
+--- lib/pk11wrap/pk11cert.c
+++ lib/pk11wrap/pk11cert.c
+@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
+ 	cert->istemp = PR_FALSE;
+ 	cert->isperm = PR_TRUE;
+     }
+ 
+     /* add the new instance to the cert, force an update of the
+      * CERTCertificate, and finish
+      */
+     nssPKIObject_AddInstance(&c->object, certobj);
+    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
+     * replace 'c' by a different value. So we add a reference to 'c' to
+     * prevent 'c' from being destroyed. */
+    nssCertificate_AddRef(c);
+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+    /* XXX should we pass the original value of 'c' to
+     * STAN_ForceCERTCertificateUpdate? */
+     (void)STAN_ForceCERTCertificateUpdate(c);
+    nssCertificate_Destroy(c);
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     return SECSuccess;
+ loser:
+     CERT_MapStanError();
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ 	PORT_SetError(SEC_ERROR_ADDING_CERT);
+     }
+