Bug 822682: Remove references to patches subsumed by the update to NSS 3.14.1, r=me, a=akeybl
authorBrian Smith <bsmith@mozilla.com>
Wed, 26 Dec 2012 17:36:07 -0800
changeset 119112 5bc5fbb72f331ef96e037ccd7fe3b64af64a8ccd
parent 119111 3f42feb4a51b03b667bf9c5271f3803e8684c8b3
child 119113 f61cbb4e348bd22cd34c9eca2d50e94c061f87fb
push id3064
push userbsmith@mozilla.com
push dateThu, 27 Dec 2012 21:01:57 +0000
treeherdermozilla-aurora@5bc5fbb72f33 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme, akeybl
bugs822682
milestone19.0a2
Bug 822682: Remove references to patches subsumed by the update to NSS 3.14.1, r=me, a=akeybl
security/patches/README
security/patches/bug-683266.patch
security/patches/bug-808218.patch
security/patches/bug-812802.patch
--- a/security/patches/README
+++ b/security/patches/README
@@ -1,10 +1,3 @@
 This directory contains patches that were added locally
 on top of the NSS release.
 
-bug-683266.patch - Added so we can customize code signing trust for b2g in
-                   bug 772365. Also requires removal of
-				   security/nss/lib/ckfw/builtins/certdata.c.
-bug-808218.patch - Added so the code in bug 772365 will compile without casts
-bug-812802.patch - Added so that the version of addbuiltin in this repository
-                   can be used (if built) to regenerate b2g-certdata.txt for
-                   bug 772365.
deleted file mode 100644
--- a/security/patches/bug-683266.patch
+++ /dev/null
@@ -1,268 +0,0 @@
-Index: mozilla/security/nss/lib/ckfw/builtins/Makefile
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/builtins/Makefile,v
-retrieving revision 1.21
-diff -u -8 -p -r1.21 Makefile
---- mozilla/security/nss/lib/ckfw/builtins/Makefile	25 Apr 2012 14:49:29 -0000	1.21
-+++ mozilla/security/nss/lib/ckfw/builtins/Makefile	29 Nov 2012 01:53:17 -0000
-@@ -39,10 +39,16 @@ EXTRA_SHARED_LIBS += \
- 	-lnspr4 \
- 	$(NULL)
- endif
- 
- 
- include $(CORE_DEPTH)/coreconf/rules.mk
- 
- # Generate certdata.c.
--generate:
--	$(PERL) certdata.perl < certdata.txt
-+
-+# By default, use the unmodified certdata.txt.
-+ifndef NSS_CERTDATA_TXT
-+NSS_CERTDATA_TXT = certdata.txt
-+endif
-+
-+$(OBJDIR)/certdata.c: $(NSS_CERTDATA_TXT) certdata.perl
-+	$(PERL) certdata.perl < $(NSS_CERTDATA_TXT) > $@
-Index: mozilla/security/nss/lib/ckfw/builtins/README
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/builtins/README,v
-retrieving revision 1.5
-diff -u -8 -p -r1.5 README
---- mozilla/security/nss/lib/ckfw/builtins/README	13 Apr 2005 01:45:53 -0000	1.5
-+++ mozilla/security/nss/lib/ckfw/builtins/README	29 Nov 2012 01:53:17 -0000
-@@ -15,34 +15,31 @@ environment variable. Then, add the dire
- libraries (DLLs) reside to the platform-specific environment variable that
- specifies your shared library search path: LD_LIBRARY_PATH (most Unix
- variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).
- 
- 2. Copy newroot.der to this directory.
- 
- 3. In this directory, run addbuiltin to add the new root certificate. The
- argument to the -n option should be replaced by the nickname of the root
--certificate. Then run "gmake generate".
-+certificate.
- 
-     % addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
--    % gmake generate
- 
- 4. Edit nssckbi.h to bump the version of the module.
- 
- 5. Run gmake in this directory to build the nssckbi module.
- 
- 6. After you verify that the new nssckbi module is correct, check in
--certdata.txt, certdata.c, and nssckbi.h.
-+certdata.txt and nssckbi.h.
- 
- II. Removing a Builtin Root CA Certificate
- 
- 1. Change directory to this directory.
- 
- 2. Edit certdata.txt and remove the root CA certificate.
- 
--3. Run "gmake generate".
-+3. Edit nssckbi.h to bump the version of the module.
- 
--4. Edit nssckbi.h to bump the version of the module.
--
--5. Run gmake in this directory to build the nssckbi module.
-+4. Run gmake in this directory to build the nssckbi module.
- 
--6. After you verify that the new nssckbi module is correct, check in
--certdata.txt, certdata.c, and nssckbi.h.
-+5. After you verify that the new nssckbi module is correct, check in
-+certdata.txt and nssckbi.h.
-Index: mozilla/security/nss/lib/ckfw/builtins/certdata.perl
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.perl,v
-retrieving revision 1.15
-diff -u -8 -p -r1.15 certdata.perl
---- mozilla/security/nss/lib/ckfw/builtins/certdata.perl	4 Jul 2012 15:21:49 -0000	1.15
-+++ mozilla/security/nss/lib/ckfw/builtins/certdata.perl	29 Nov 2012 01:53:17 -0000
-@@ -20,17 +20,16 @@ $constants{CK_FALSE} = "static const CK_
- while(<>) {
-   my @fields = ();
-   my $size;
- 
-   s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
-   next if (/^\s*$/);
- 
-   if( /(^CVS_ID\s+)(.*)/ ) {
--#    print "The CVS ID is $2\n";
-     $cvsid = $2 . "\"; $cvs_id\"";
-     my $scratch = $cvsid;
-     $size = 1 + $scratch =~ s/[^"\n]//g;
-     @{$objects[0][0]} = ( "CKA_CLASS", "&cko_data", "sizeof(CK_OBJECT_CLASS)" );
-     @{$objects[0][1]} = ( "CKA_TOKEN", "&ck_true", "sizeof(CK_BBOOL)" );
-     @{$objects[0][2]} = ( "CKA_PRIVATE", "&ck_false", "sizeof(CK_BBOOL)" );
-     @{$objects[0][3]} = ( "CKA_MODIFIABLE", "&ck_false", "sizeof(CK_BBOOL)" );
-     @{$objects[0][4]} = ( "CKA_LABEL", "\"CVS ID\"", "7" );
-@@ -124,112 +123,109 @@ for( $i = 0; $i <= $count; $i++ ) {
-   }
- }
- 
- }
- 
- sub doprint {
- my $i;
- 
--open(CFILE, ">certdata.c") || die "Can't open certdata.c: $!";
--
--print CFILE <<EOD
-+print <<EOD
- /* THIS IS A GENERATED FILE */
- /* This Source Code Form is subject to the terms of the Mozilla Public
-  * License, v. 2.0. If a copy of the MPL was not distributed with this
-  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- #ifdef DEBUG
- static const char CVS_ID[] = $cvsid;
- #endif /* DEBUG */
- 
- #ifndef BUILTINS_H
- #include "builtins.h"
- #endif /* BUILTINS_H */
- 
- EOD
-     ;
- 
- foreach $b (sort values(%constants)) {
--  print CFILE $b;
-+  print $b;
- }
- 
- for( $i = 0; $i <= $count; $i++ ) {
-   if( 0 == $i ) {
--    print CFILE "#ifdef DEBUG\n";
-+    print "#ifdef DEBUG\n";
-   }
- 
--  print CFILE "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
-+  print "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
-   $o = $objects[$i];
-- # print STDOUT "type $i object $o \n";
-   my @ob = @{$o};
-   my $j;
-   for( $j = 0; $j < @ob; $j++ ) {
-     my $l = $ob[$j];
-     my @a = @{$l};
--    print CFILE " $a[0]";
-+    print " $a[0]";
-     if( $j+1 != @ob ) {
--      print CFILE ", ";
-+      print ", ";
-     }
-   }
--  print CFILE "\n};\n";
-+  print "\n};\n";
- 
-   if( 0 == $i ) {
--    print CFILE "#endif /* DEBUG */\n";
-+    print "#endif /* DEBUG */\n";
-   }
- }
- 
- for( $i = 0; $i <= $count; $i++ ) {
-   if( 0 == $i ) {
--    print CFILE "#ifdef DEBUG\n";
-+    print "#ifdef DEBUG\n";
-   }
- 
--  print CFILE "static const NSSItem nss_builtins_items_$i [] = {\n";
-+  print "static const NSSItem nss_builtins_items_$i [] = {\n";
-   $o = $objects[$i];
-   my @ob = @{$o};
-   my $j;
-   for( $j = 0; $j < @ob; $j++ ) {
-     my $l = $ob[$j];
-     my @a = @{$l};
--    print CFILE "  { (void *)$a[1], (PRUint32)$a[2] }";
-+    print "  { (void *)$a[1], (PRUint32)$a[2] }";
-     if( $j+1 != @ob ) {
--      print CFILE ",\n";
-+      print ",\n";
-     } else {
--      print CFILE "\n";
-+      print "\n";
-     }
-   }
--  print CFILE "};\n";
-+  print "};\n";
- 
-   if( 0 == $i ) {
--    print CFILE "#endif /* DEBUG */\n";
-+    print "#endif /* DEBUG */\n";
-   }
- }
- 
--print CFILE "\nbuiltinsInternalObject\n";
--print CFILE "nss_builtins_data[] = {\n";
-+print "\nbuiltinsInternalObject\n";
-+print "nss_builtins_data[] = {\n";
- 
- for( $i = 0; $i <= $count; $i++ ) {
- 
-   if( 0 == $i ) {
--    print CFILE "#ifdef DEBUG\n";
-+    print "#ifdef DEBUG\n";
-   }
- 
--  print CFILE "  { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i, {NULL} }";
-+  print "  { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i, {NULL} }";
- 
-   if( $i == $count ) {
--    print CFILE "\n";
-+    print "\n";
-   } else {
--    print CFILE ",\n";
-+    print ",\n";
-   }
- 
-   if( 0 == $i ) {
--    print CFILE "#endif /* DEBUG */\n";
-+    print "#endif /* DEBUG */\n";
-   }
- }
- 
--print CFILE "};\n";
-+print "};\n";
- 
--print CFILE "const PRUint32\n";
--print CFILE "#ifdef DEBUG\n";
--print CFILE "  nss_builtins_nObjects = $count+1;\n";
--print CFILE "#else\n";
--print CFILE "  nss_builtins_nObjects = $count;\n";
--print CFILE "#endif /* DEBUG */\n";
-+print "const PRUint32\n";
-+print "#ifdef DEBUG\n";
-+print "  nss_builtins_nObjects = $count+1;\n";
-+print "#else\n";
-+print "  nss_builtins_nObjects = $count;\n";
-+print "#endif /* DEBUG */\n";
- }
-Index: mozilla/security/nss/lib/ckfw/builtins/config.mk
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/builtins/config.mk,v
-retrieving revision 1.15
-diff -u -8 -p -r1.15 config.mk
---- mozilla/security/nss/lib/ckfw/builtins/config.mk	25 Apr 2012 14:49:29 -0000	1.15
-+++ mozilla/security/nss/lib/ckfw/builtins/config.mk	29 Nov 2012 01:53:17 -0000
-@@ -19,16 +19,19 @@ ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-     RES = $(OBJDIR)/$(LIBRARY_NAME).res
-     RESNAME = $(LIBRARY_NAME).rc
- endif
- 
- ifdef BUILD_IDG
-     DEFINES += -DNSSDEBUG
- endif
- 
-+# Needed for compilation of $(OBJDIR)/certdata.c
-+INCLUDES += -I$(CORE_DEPTH)/nss/lib/ckfw/builtins
-+
- #
- # To create a loadable module on Darwin, we must use -bundle.
- #
- ifeq ($(OS_TARGET),Darwin)
- ifndef USE_64
- DSO_LDOPTS = -bundle
- endif
- endif
deleted file mode 100644
--- a/security/patches/bug-808218.patch
+++ /dev/null
@@ -1,367 +0,0 @@
-Index: mozilla/security/nss/lib/nss/utilwrap.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/nss/utilwrap.c,v
-retrieving revision 1.7
-diff -u -8 -p -r1.7 utilwrap.c
---- mozilla/security/nss/lib/nss/utilwrap.c	25 Apr 2012 14:50:04 -0000	1.7
-+++ mozilla/security/nss/lib/nss/utilwrap.c	27 Nov 2012 03:08:28 -0000
-@@ -642,17 +642,17 @@ char *BTOA_DataToAscii(const unsigned ch
-     return BTOA_DataToAscii_Util(data, len);
- }
- 
- unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp)
- {
-     return ATOB_AsciiToData_Util(string, lenp);
- }
-  
--SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii)
-+SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
- {
-     return ATOB_ConvertAsciiToItem_Util(binary_item, ascii);
- }
- 
- char *BTOA_ConvertItemToAscii(SECItem *binary_item)
- {
-     return BTOA_ConvertItemToAscii_Util(binary_item);
- }
-Index: mozilla/security/nss/lib/pk11wrap/pk11cxt.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11cxt.c,v
-retrieving revision 1.9
-diff -u -8 -p -r1.9 pk11cxt.c
---- mozilla/security/nss/lib/pk11wrap/pk11cxt.c	25 Apr 2012 14:50:04 -0000	1.9
-+++ mozilla/security/nss/lib/pk11wrap/pk11cxt.c	27 Nov 2012 03:08:28 -0000
-@@ -587,17 +587,17 @@ SECStatus PK11_DigestBegin(PK11Context *
-     if (rv != SECSuccess) {
- 	return SECFailure;
-     }
-     cx->init = PR_TRUE;
-     return SECSuccess;
- }
- 
- SECStatus
--PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in, 
-+PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in,
- 								PRInt32 len) {
-     PK11Context *context;
-     unsigned int max_length;
-     unsigned int out_length;
-     SECStatus rv;
- 
-     /* len will be passed to PK11_DigestOp as unsigned. */
-     if (len < 0) {
-@@ -632,17 +632,17 @@ PK11_HashBuf(SECOidTag hashAlg, unsigned
- }
- 
- 
- /*
-  * execute a bulk encryption operation
-  */
- SECStatus
- PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen, 
--				int maxout, unsigned char *in, int inlen)
-+				int maxout, const unsigned char *in, int inlen)
- {
-     CK_RV crv = CKR_OK;
-     CK_ULONG length = maxout;
-     CK_ULONG offset =0;
-     SECStatus rv = SECSuccess;
-     unsigned char *saveOut = out;
-     unsigned char *allocOut = NULL;
- 
-@@ -682,34 +682,36 @@ PK11_CipherOp(PK11Context *context, unsi
- 		random,sizeof(random),out,&length);
- 
- 	    out += length;
- 	    maxout -= length;
- 	    offset = length;
- 	} else if (context->operation == CKA_DECRYPT) {
- 	    length = sizeof(random);
- 	    crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
--		in,sizeof(random),random,&length);
-+		(CK_BYTE_PTR)in,sizeof(random),random,&length);
- 	    inlen -= length;
- 	    in += length;
- 	    context->fortezzaHack = PR_FALSE;
- 	}
-     }
- 
-     switch (context->operation) {
-     case CKA_ENCRYPT:
- 	length = maxout;
- 	crv=PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
--						in, inlen, out, &length);
-+							(CK_BYTE_PTR)in, inlen,
-+							out, &length);
- 	length += offset;
- 	break;
-     case CKA_DECRYPT:
- 	length = maxout;
- 	crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
--						in, inlen, out, &length);
-+							(CK_BYTE_PTR)in, inlen,
-+							out, &length);
- 	break;
-     default:
- 	crv = CKR_OPERATION_NOT_INITIALIZED;
- 	break;
-     }
- 
-     if (crv != CKR_OK) {
-         PORT_SetError( PK11_MapError(crv) );
-Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v
-retrieving revision 1.28
-diff -u -8 -p -r1.28 pk11obj.c
---- mozilla/security/nss/lib/pk11wrap/pk11obj.c	16 Nov 2012 13:02:39 -0000	1.28
-+++ mozilla/security/nss/lib/pk11wrap/pk11obj.c	27 Nov 2012 03:08:28 -0000
-@@ -595,18 +595,18 @@ pk11_FindAttrInTemplate(CK_ATTRIBUTE *at
-     return PR_FALSE;
- }
- 	
- /*
-  * Recover the Signed data. We need this because our old verify can't
-  * figure out which hash algorithm to use until we decryptted this.
-  */
- SECStatus
--PK11_VerifyRecover(SECKEYPublicKey *key,
--			 	SECItem *sig, SECItem *dsig, void *wincx)
-+PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
-+		   SECItem *dsig, void *wincx)
- {
-     PK11SlotInfo *slot = key->pkcs11Slot;
-     CK_OBJECT_HANDLE id = key->pkcs11ID;
-     CK_MECHANISM mech = {0, NULL, 0 };
-     PRBool owner = PR_TRUE;
-     CK_SESSION_HANDLE session;
-     CK_ULONG len;
-     CK_RV crv;
-@@ -655,17 +655,18 @@ PK11_VerifyRecover(SECKEYPublicKey *key,
-     PK11_FreeSlot(slot);
-     return SECSuccess;
- }
- 
- /*
-  * verify a signature from its hash.
-  */
- SECStatus
--PK11_Verify(SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
-+PK11_Verify(SECKEYPublicKey *key, const SECItem *sig, const SECItem *hash,
-+	    void *wincx)
- {
-     PK11SlotInfo *slot = key->pkcs11Slot;
-     CK_OBJECT_HANDLE id = key->pkcs11ID;
-     CK_MECHANISM mech = {0, NULL, 0 };
-     PRBool owner = PR_TRUE;
-     CK_SESSION_HANDLE session;
-     CK_RV crv;
- 
-@@ -724,17 +725,17 @@ PK11_Verify(SECKEYPublicKey *key, SECIte
-     }
-     return SECSuccess;
- }
- 
- /*
-  * sign a hash. The algorithm is determined by the key.
-  */
- SECStatus
--PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
-+PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, const SECItem *hash)
- {
-     PK11SlotInfo *slot = key->pkcs11Slot;
-     CK_MECHANISM mech = {0, NULL, 0 };
-     PRBool owner = PR_TRUE;
-     CK_SESSION_HANDLE session;
-     PRBool haslock = PR_FALSE;
-     CK_ULONG len;
-     CK_RV crv;
-Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11pub.h,v
-retrieving revision 1.41
-diff -u -8 -p -r1.41 pk11pub.h
---- mozilla/security/nss/lib/pk11wrap/pk11pub.h	29 Jun 2012 17:46:25 -0000	1.41
-+++ mozilla/security/nss/lib/pk11wrap/pk11pub.h	27 Nov 2012 03:08:28 -0000
-@@ -653,43 +653,44 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotIn
-  * Return the length in bytes of a signature generated with the
-  * private key.
-  *
-  * Return 0 or -1 on failure.  (XXX Should we fix it to always return
-  * -1 on failure?)
-  */
- int PK11_SignatureLen(SECKEYPrivateKey *key);
- PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
--SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash);
--SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig,
--						 SECItem *dsig, void * wincx);
--SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig, 
--						SECItem *hash, void *wincx);
-+SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig,
-+		    const SECItem *hash);
-+SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
-+			     SECItem *dsig, void * wincx);
-+SECStatus PK11_Verify(SECKEYPublicKey *key, const SECItem *sig,
-+		      const SECItem *hash, void *wincx);
- 
- 
- 
- /**********************************************************************
-  *                   Crypto Contexts
-  **********************************************************************/
- void PK11_DestroyContext(PK11Context *context, PRBool freeit);
- PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
- 	CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
- PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
- PK11Context *PK11_CloneContext(PK11Context *old);
- SECStatus PK11_DigestBegin(PK11Context *cx);
- /*
-  * The output buffer 'out' must be big enough to hold the output of
-  * the hash algorithm 'hashAlg'.
-  */
--SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
--					PRInt32 len);
-+SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out,
-+		       const unsigned char *in, PRInt32 len);
- SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in, 
-                         unsigned len);
- SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen, 
--				int maxout, unsigned char *in, int inlen);
-+			int maxout, const unsigned char *in, int inlen);
- SECStatus PK11_Finalize(PK11Context *context);
- SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data, 
- 				unsigned int *outLen, unsigned int length);
- SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,
- 						int *len, int saveLength);
- 
- /* Save the context's state, with possible allocation.
-  * The caller may supply an already allocated buffer in preAllocBuf,
-Index: mozilla/security/nss/lib/pkcs7/p7decode.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/p7decode.c,v
-retrieving revision 1.29
-diff -u -8 -p -r1.29 p7decode.c
---- mozilla/security/nss/lib/pkcs7/p7decode.c	25 Apr 2012 14:50:06 -0000	1.29
-+++ mozilla/security/nss/lib/pkcs7/p7decode.c	27 Nov 2012 03:08:28 -0000
-@@ -1275,22 +1275,22 @@ SEC_PKCS7ContentIsSigned(SEC_PKCS7Conten
-  * to encrypt the content.  So before we can pass the digest to VerifyDigest,
-  * we need to decrypt it with the bulk encryption key.  Also, in this case,
-  * there should be NO authenticatedAttributes (signerinfo->authAttr should
-  * be NULL).
-  */
- static PRBool
- sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
- 			   SECCertUsage certusage,
--			   SECItem *detached_digest,
-+			   const SECItem *detached_digest,
- 			   HASH_HashType digest_type,
- 			   PRBool keepcerts)
- {
-     SECAlgorithmID **digestalgs, *bulkid;
--    SECItem *digest;
-+    const SECItem *digest;
-     SECItem **digests;
-     SECItem **rawcerts;
-     CERTSignedCrl **crls;
-     SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
-     CERTCertificate *cert, **certs;
-     PRBool goodsig;
-     CERTCertDBHandle *certdb, *defaultdb; 
-     SECOidTag encTag,digestTag;
-@@ -1769,17 +1769,17 @@ SEC_PKCS7VerifySignature(SEC_PKCS7Conten
-  *	for the purpose specified by "certusage".
-  *
-  *	In addition, if "keepcerts" is true, add any new certificates found
-  *	into our local database.
-  */
- PRBool
- SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
- 				 SECCertUsage certusage,
--				 SECItem *detached_digest,
-+				 const SECItem *detached_digest,
- 				 HASH_HashType digest_type,
- 				 PRBool keepcerts)
- {
-     return sec_pkcs7_verify_signature (cinfo, certusage,
- 				       detached_digest, digest_type,
- 				       keepcerts);
- }
- 
-Index: mozilla/security/nss/lib/pkcs7/secpkcs7.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/secpkcs7.h,v
-retrieving revision 1.9
-diff -u -8 -p -r1.9 secpkcs7.h
---- mozilla/security/nss/lib/pkcs7/secpkcs7.h	25 Apr 2012 14:50:06 -0000	1.9
-+++ mozilla/security/nss/lib/pkcs7/secpkcs7.h	27 Nov 2012 03:08:28 -0000
-@@ -124,17 +124,17 @@ extern PRBool SEC_PKCS7VerifySignature(S
-  *	The verification checks that the signing cert is valid and trusted
-  *	for the purpose specified by "certusage".
-  *
-  *	In addition, if "keepcerts" is true, add any new certificates found
-  *	into our local database.
-  */
- extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
- 					       SECCertUsage certusage,
--					       SECItem *detached_digest,
-+					       const SECItem *detached_digest,
- 					       HASH_HashType digest_type,
- 					       PRBool keepcerts);
- 
- /*
-  * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
-  *      The passed-in contentInfo is espected to be Signed, and these
-  *      functions return the specified portion of the full signer name.
-  *
-Index: mozilla/security/nss/lib/util/base64.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/util/base64.h,v
-retrieving revision 1.4
-diff -u -8 -p -r1.4 base64.h
---- mozilla/security/nss/lib/util/base64.h	25 Apr 2012 14:50:16 -0000	1.4
-+++ mozilla/security/nss/lib/util/base64.h	27 Nov 2012 03:08:29 -0000
-@@ -26,17 +26,17 @@ extern char *BTOA_DataToAscii(const unsi
- ** Return an PORT_Alloc'd string which is the base64 decoded version
- ** of the input string; set *lenp to the length of the returned data.
- */
- extern unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp);
-  
- /*
- ** Convert from ascii to binary encoding of an item.
- */
--extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii);
-+extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii);
- 
- /*
- ** Convert from binary encoding of an item to ascii.
- */
- extern char *BTOA_ConvertItemToAscii(SECItem *binary_item);
- 
- SEC_END_PROTOS
- 
-Index: mozilla/security/nss/lib/util/nssb64d.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/util/nssb64d.c,v
-retrieving revision 1.9
-diff -u -8 -p -r1.9 nssb64d.c
---- mozilla/security/nss/lib/util/nssb64d.c	25 Apr 2012 14:50:16 -0000	1.9
-+++ mozilla/security/nss/lib/util/nssb64d.c	27 Nov 2012 03:08:29 -0000
-@@ -804,17 +804,17 @@ ATOB_AsciiToData(const char *string, uns
-     *lenp = dummy->len;
-     return dummy->data;
- }
-  
- /*
- ** Convert from ascii to binary encoding of an item.
- */
- SECStatus
--ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii)
-+ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
- {
-     SECItem *dummy;
- 
-     if (binary_item == NULL) {
- 	PORT_SetError (SEC_ERROR_INVALID_ARGS);
- 	return SECFailure;
-     }
- 
deleted file mode 100644
--- a/security/patches/bug-812802.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Index: mozilla/security/nss/cmd/addbuiltin/addbuiltin.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/cmd/addbuiltin/addbuiltin.c,v
-retrieving revision 1.19
-diff -u -8 -p -r1.19 addbuiltin.c
---- mozilla/security/nss/cmd/addbuiltin/addbuiltin.c	4 Jul 2012 15:21:47 -0000	1.19
-+++ mozilla/security/nss/cmd/addbuiltin/addbuiltin.c	27 Nov 2012 03:48:11 -0000
-@@ -468,16 +468,29 @@ int main(int argc, char **argv)
- 	    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
- 	            progName);
- 	    exit(1);
- 	}
- #endif
- 	infile = PR_STDIN;
-     }
- 
-+#if defined(WIN32)
-+    /* We must put stdout into O_BINARY mode or else the output will include
-+    ** carriage returns.
-+    */
-+    {
-+	int smrv = _setmode(_fileno(stdout), _O_BINARY);
-+	if (smrv == -1) {
-+	    fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
-+	    exit(1);
-+	}
-+    }
-+#endif
-+
-     nickname = strdup(addbuiltin.options[opt_Nickname].arg);
-     
-     NSS_NoDB_Init(NULL);
- 
-     if (addbuiltin.options[opt_Distrust].activated ||
-         addbuiltin.options[opt_DistrustCRL].activated) {
-       addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
-       addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;