Bug 898431: Update to NSS 3.15.4 beta 7 (NSS_3_15_4_BETA7), r=me, a=bbajaj
authorBrian Smith <brian@briansmith.org>
Wed, 04 Dec 2013 23:35:42 -0800
changeset 166666 d53119cbd9e5c495eebcdb897cb1a514d99d7489
parent 166665 19b14891fbd70f4c35e8ce8a4e623fdf1c4b52a5
child 166667 5b7edf1432472363786370382013ec47962c394f
push id3066
push userakeybl@mozilla.com
push dateMon, 09 Dec 2013 19:58:46 +0000
treeherdermozilla-beta@a31a0dce83aa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme, bbajaj
bugs898431
milestone27.0a2
Bug 898431: Update to NSS 3.15.4 beta 7 (NSS_3_15_4_BETA7), r=me, a=bbajaj
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/freebl/unix_rand.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_4_BETA6
+NSS_3_15_4_BETA7
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -13484,16 +13484,44 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\005\071\021\105\020\224
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "Security Communication EV RootCA1"
 #
 # Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Serial Number: 0 (0x0)
 # Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
 # Not Valid Before: Wed Jun 06 02:12:32 2007
 # Not Valid After : Sat Jun 06 02:12:32 2037
--- a/security/nss/lib/freebl/unix_rand.c
+++ b/security/nss/lib/freebl/unix_rand.c
@@ -978,16 +978,18 @@ size_t RNG_FileUpdate(const char *fileNa
 	/* Read from the underlying file descriptor directly to bypass stdio
 	 * buffering and avoid reading more bytes than we need from
 	 * /dev/urandom. NOTE: we can't use fread with unbuffered I/O because
 	 * fread may return EOF in unbuffered I/O mode on Android.
 	 *
 	 * Moreover, we read into a buffer of size BUFSIZ, so buffered I/O
 	 * has no performance advantage. */
 	fd = fileno(file);
+	/* 'file' was just opened, so this should not fail. */
+	PORT_Assert(fd != -1);
 	while (limit > fileBytes) {
 	    bytes = PR_MIN(sizeof buffer, limit - fileBytes);
 	    bytes = read(fd, buffer, bytes);
 	    if (bytes <= 0)
 		break;
 	    RNG_RandomUpdate(buffer, bytes);
 	    fileBytes      += bytes;
 	    totalFileBytes += bytes;
@@ -1145,16 +1147,18 @@ size_t RNG_SystemRNG(void *dest, size_t 
 	return rng_systemFromNoise(dest, maxLen);
     }
     /* Read from the underlying file descriptor directly to bypass stdio
      * buffering and avoid reading more bytes than we need from /dev/urandom.
      * NOTE: we can't use fread with unbuffered I/O because fread may return
      * EOF in unbuffered I/O mode on Android.
      */
     fd = fileno(file);
+    /* 'file' was just opened, so this should not fail. */
+    PORT_Assert(fd != -1);
     while (maxLen > fileBytes) {
 	bytes = maxLen - fileBytes;
 	bytes = read(fd, buffer, bytes);
 	if (bytes <= 0)
 	    break;
 	fileBytes += bytes;
 	buffer += bytes;
     }