5 files changed, 8 insertions, 203 deletions

diff --git a/security/nss/Makefile b/security/nss/Makefile
index 54b047b9fa4f..4be6d923d477 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -7,7 +7,6 @@
 
 PORTNAME=	nss
 PORTVERSION=	${_MAJOR}.${_MINOR}.${_PATCH}
-PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
@@ -21,7 +20,7 @@ LIB_DEPENDS=	nspr4.1:${PORTSDIR}/devel/nspr \
 
 _MAJOR=	3
 _MINOR=	12
-_PATCH=	6
+_PATCH=	8
 
 WRKSRC=		${WRKDIR}/${DISTNAME}/mozilla/security/nss
 
diff --git a/security/nss/distinfo b/security/nss/distinfo
index f9a148581667..52e9352c0af4 100644
--- a/security/nss/distinfo
+++ b/security/nss/distinfo
@@ -1,3 +1,3 @@
-MD5 (nss-3.12.6.tar.gz) = da42596665f226de5eb3ecfc1ec57cd1
-SHA256 (nss-3.12.6.tar.gz) = 8f9759be1ce928e82830923fde62a66e270c4645f10a4c176acfccb6021a9795
-SIZE (nss-3.12.6.tar.gz) = 5947630
+MD5 (nss-3.12.8.tar.gz) = 40bf1bb0c7567827d3768d1fc6081100
+SHA256 (nss-3.12.8.tar.gz) = 9178ce29749e8d09cb93ce70c38f1c2c10630926b2bb7259c7dfff42cb090c14
+SIZE (nss-3.12.8.tar.gz) = 5951955
diff --git a/security/nss/files/patch-lib_softoken_manifest.mn b/security/nss/files/patch-lib_softoken_manifest.mn
index 666bd31a0a2e..402e89a80507 100644
--- a/security/nss/files/patch-lib_softoken_manifest.mn
+++ b/security/nss/files/patch-lib_softoken_manifest.mn
@@ -1,11 +1,11 @@
---- lib/softoken/manifest.mn.orig	2009-08-31 18:15:14.000000000 +0200
-+++ lib/softoken/manifest.mn	2009-08-31 18:15:30.000000000 +0200
+--- lib/softoken/manifest.mn.orig	2010-07-30 04:33:26.000000000 +0200
++++ lib/softoken/manifest.mn	2010-10-17 12:01:04.000000000 +0200
 @@ -47,9 +47,7 @@
  
  DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
  
--ifdef MOZILLA_CLIENT
--INCLUDES += -I$(DIST)/include/sqlite3
+-ifdef SQLITE_INCLUDE_DIR
+-INCLUDES += -I$(SQLITE_INCLUDE_DIR)
 -endif
 +INCLUDES += -I$(LOCALBASE)/include
  
diff --git a/security/nss/files/patch-lib_softoken_sdb.c b/security/nss/files/patch-lib_softoken_sdb.c
deleted file mode 100644
index 9489bc6857f1..000000000000
--- a/security/nss/files/patch-lib_softoken_sdb.c
+++ /dev/null
@@ -1,75 +0,0 @@
---- lib/softoken/sdb.c.orig	2010-05-03 12:43:00.000000000 +0000
-+++ lib/softoken/sdb.c	2010-05-03 13:09:55.000000000 +0000
-@@ -827,16 +827,8 @@
- 	goto loser;
-     }
- 
--    getStr = sqlite3_mprintf("");
--    for (i=0; getStr && i < count; i++) {
--	if (i==0) {
--	    newStr = sqlite3_mprintf("a%x", template[i].type);
--	} else {
--	    newStr = sqlite3_mprintf("%s, a%x", getStr, template[i].type);
--	}
--	sqlite3_free(getStr);
--	getStr = newStr;
--    }
-+  for (i=0; i < count; i++) {
-+    getStr = sqlite3_mprintf("a%x", template[i].type);
- 
-     if (getStr == NULL) {
- 	error = CKR_HOST_MEMORY;
-@@ -852,6 +844,11 @@
-     }
- 
-     sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
-+    if (sqlerr == SQLITE_ERROR) {
-+	template[i].ulValueLen = -1;
-+	error = CKR_ATTRIBUTE_TYPE_INVALID;
-+	continue;
-+    } else
-     if (sqlerr != SQLITE_OK) { goto loser; }
-     sqlerr = sqlite3_bind_int(stmt, 1, object_id);
-     if (sqlerr != SQLITE_OK) { goto loser; }
-@@ -861,17 +858,15 @@
- 	    PR_Sleep(SDB_BUSY_RETRY_TIME);
- 	}
- 	if (sqlerr == SQLITE_ROW) {
--	    for (i=0; i < count; i++) {
--		int column = i;
- 	    	int blobSize;
- 	    	const char *blobData;
- 
--	    	blobSize = sqlite3_column_bytes(stmt, column);
--		blobData = sqlite3_column_blob(stmt, column);
-+	    	blobSize = sqlite3_column_bytes(stmt, 0);
-+		blobData = sqlite3_column_blob(stmt, 0);
- 		if (blobData == NULL) {
- 		    template[i].ulValueLen = -1;
- 		    error = CKR_ATTRIBUTE_TYPE_INVALID; 
--		    continue;
-+		    break;
- 		}
- 		/* If the blob equals our explicit NULL value, then the 
- 		 * attribute is a NULL. */
-@@ -884,15 +879,18 @@
- 		    if (template[i].ulValueLen < blobSize) {
- 			template[i].ulValueLen = -1;
- 		    	error = CKR_BUFFER_TOO_SMALL;
--			continue;
-+			break;
- 		    }
- 	    	    PORT_Memcpy(template[i].pValue, blobData, blobSize);
- 		}
- 		template[i].ulValueLen = blobSize;
--	    }
- 	    found = 1;
- 	}
-     } while (!sdb_done(sqlerr,&retry));
-+    sqlite3_reset(stmt);
-+    sqlite3_finalize(stmt);
-+    stmt = NULL;
-+  }
- 
- loser:
-     /* fix up the error if necessary */
diff --git a/security/nss/files/patch-lib_softoken_sftkdb.c b/security/nss/files/patch-lib_softoken_sftkdb.c
deleted file mode 100644
index cb0d02f16346..000000000000
--- a/security/nss/files/patch-lib_softoken_sftkdb.c
+++ /dev/null
@@ -1,119 +0,0 @@
---- lib/softoken/sftkdb.c.orig	2010-06-24 13:58:26.000000000 +0200
-+++ lib/softoken/sftkdb.c	2010-06-24 13:58:37.000000000 +0200
-@@ -509,18 +509,23 @@
- 		  CK_ULONG count)
- {
-     int i;
-+    CK_RV crv;
-     SFTKDBHandle *keyHandle = handle;
-     SDB *keyTarget = NULL;
-+    PRBool usingPeerDB = PR_FALSE;
-+    PRBool inPeerDBTransaction = PR_FALSE;
- 
-     PORT_Assert(handle);
- 
-     if (handle->type != SFTK_KEYDB_TYPE) {
- 	keyHandle = handle->peerDB;
-+	usingPeerDB = PR_TRUE;
-     }
- 
-     /* no key DB defined? then no need to sign anything */
-     if (keyHandle == NULL) {
--	return CKR_OK;
-+	crv = CKR_OK;
-+	goto loser;
-     }
- 
-     /* When we are in a middle of an update, we have an update database set, 
-@@ -532,7 +537,17 @@
- 
-     /* skip the the database does not support meta data */
-     if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) {
--	return CKR_OK;
-+	crv = CKR_OK;
-+	goto loser;
-+    }
-+
-+    /* If we had to switch databases, we need to initialize a transaction. */
-+    if (usingPeerDB) {
-+	crv = (*keyTarget->sdb_Begin)(keyTarget);
-+	if (crv != CKR_OK) {
-+	    goto loser;
-+	}
-+	inPeerDBTransaction = PR_TRUE;
-     }
- 
-     for (i=0; i < count; i ++) {
-@@ -546,23 +561,44 @@
- 	    PZ_Lock(keyHandle->passwordLock);
- 	    if (keyHandle->passwordKey.data == NULL) {
- 		PZ_Unlock(keyHandle->passwordLock);
--		return CKR_USER_NOT_LOGGED_IN;
-+		crv = CKR_USER_NOT_LOGGED_IN;
-+		goto loser;
- 	    }
- 	    rv = sftkdb_SignAttribute(arena, &keyHandle->passwordKey, 
- 				objectID, template[i].type,
- 				&plainText, &signText);
- 	    PZ_Unlock(keyHandle->passwordLock);
- 	    if (rv != SECSuccess) {
--		return CKR_GENERAL_ERROR; /* better error code here? */
-+		crv = CKR_GENERAL_ERROR; /* better error code here? */
-+		goto loser;
- 	    }
- 	    rv = sftkdb_PutAttributeSignature(handle, keyTarget, 
- 				objectID, template[i].type, signText);
- 	    if (rv != SECSuccess) {
--		return CKR_GENERAL_ERROR; /* better error code here? */
-+		crv = CKR_GENERAL_ERROR; /* better error code here? */
-+		goto loser;
- 	    }
- 	}
-     }
--    return CKR_OK;
-+    crv = CKR_OK;
-+
-+    /* If necessary, commit the transaction */
-+    if (inPeerDBTransaction) {
-+	crv = (*keyTarget->sdb_Commit)(keyTarget);
-+	if (crv != CKR_OK) {
-+	    goto loser;
-+	}
-+	inPeerDBTransaction = PR_FALSE;
-+    }
-+
-+loser:
-+    if (inPeerDBTransaction) {
-+	/* The transaction must have failed. Abort. */
-+	(*keyTarget->sdb_Abort)(keyTarget);
-+	PORT_Assert(crv != CKR_OK);
-+	if (crv == CKR_OK) crv = CKR_GENERAL_ERROR;
-+    }
-+    return crv;
- }
- 
- static CK_RV
-@@ -766,6 +802,11 @@
- 	if (attr == NULL) {
- 	    return CKR_TEMPLATE_INCOMPLETE;
- 	}
-+	if (attr->ulValueLen == 0) {
-+	    /* key is to generic to determine that it's unique, usually
-+	     * happens in the key gen case */
-+	    return CKR_OBJECT_HANDLE_INVALID;
-+	}
- 	findTemplate[1] = *attr;
- 	count = 2;
- 	break;
-@@ -827,6 +868,11 @@
-     }
-     crv = sftkdb_getFindTemplate(objectType, objTypeData,
- 			findTemplate, &count, ptemplate, len);
-+    if (crv == CKR_OBJECT_HANDLE_INVALID) {
-+	/* key is to generic to determine that it's unique, usually
-+         * happens in the key gen case, go ahead and just create it */
-+	return CKR_OK;
-+    }
-     if (crv != CKR_OK) {
- 	return crv;
-     }