2 files changed, 31 insertions, 1 deletions

diff --git a/security/nss/Makefile b/security/nss/Makefile
index 3337fc6861ae..2dbdc6c2a9ad 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	nss
 PORTVERSION=	3.16.1
-PORTREVISION=	1
+PORTREVISION=	2
 #DISTVERSIONSUFFIX=	.with.ckbi.1.93
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
diff --git a/security/nss/files/patch-bug963150 b/security/nss/files/patch-bug963150
new file mode 100644
index 000000000000..84fed1912dce
--- /dev/null
+++ b/security/nss/files/patch-bug963150
@@ -0,0 +1,30 @@
+diff --git lib/pk11wrap/pk11cert.c lib/pk11wrap/pk11cert.c
+--- lib/pk11wrap/pk11cert.c
++++ lib/pk11wrap/pk11cert.c
+@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
+ 	cert->istemp = PR_FALSE;
+ 	cert->isperm = PR_TRUE;
+     }
+ 
+     /* add the new instance to the cert, force an update of the
+      * CERTCertificate, and finish
+      */
+     nssPKIObject_AddInstance(&c->object, certobj);
++    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
++     * replace 'c' by a different value. So we add a reference to 'c' to
++     * prevent 'c' from being destroyed. */
++    nssCertificate_AddRef(c);
+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
++    /* XXX should we pass the original value of 'c' to
++     * STAN_ForceCERTCertificateUpdate? */
+     (void)STAN_ForceCERTCertificateUpdate(c);
++    nssCertificate_Destroy(c);
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     return SECSuccess;
+ loser:
+     CERT_MapStanError();
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ 	PORT_SetError(SEC_ERROR_ADDING_CERT);
+     }
+