summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2022-07-03 11:30:19 +0000
committerMoonchild <moonchild@palemoon.org>2022-07-03 11:30:19 +0000
commit438c04383f16dd54f75e7ff4b715152c96f8aa6f (patch)
tree4bacede19183ec1f75cfd2926b6a10d9da3669ff /security
parentc830a5f49790266d3ebee99698b00ef3dfedbb3a (diff)
downloaduxp-438c04383f16dd54f75e7ff4b715152c96f8aa6f.tar.gz
Update NSS to 3.52.7
Diffstat (limited to 'security')
-rw-r--r--security/nss/coreconf/coreconf.dep1
-rw-r--r--security/nss/lib/nss/nss.h4
-rw-r--r--security/nss/lib/softoken/legacydb/lginit.c7
-rw-r--r--security/nss/lib/softoken/softkver.h4
-rw-r--r--security/nss/lib/util/nssutil.h4
-rw-r--r--security/nss/lib/util/secasn1d.c15
6 files changed, 20 insertions, 15 deletions
diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep
index 590d1bfaee..5182f75552 100644
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -10,4 +10,3 @@
*/
#error "Do not include this header file."
-
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 609a69f2ef..47e8ddafd8 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -22,10 +22,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.52.6" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.52.7" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 52
-#define NSS_VPATCH 6
+#define NSS_VPATCH 7
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c
index d3b4ff32fe..3cd4d8ea03 100644
--- a/security/nss/lib/softoken/legacydb/lginit.c
+++ b/security/nss/lib/softoken/legacydb/lginit.c
@@ -515,6 +515,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues,
SECITEM_HashCompare, NULL, 0);
if (lgdb_p->hashTable == NULL) {
+ PR_DestroyLock(lgdb_p->dbLock);
goto loser;
}
@@ -548,12 +549,6 @@ loser:
PORT_Free(sdb);
}
if (lgdb_p) {
- if (lgdb_p->dbLock) {
- PR_DestroyLock(lgdb_p->dbLock);
- }
- if (lgdb_p->hashTable) {
- PL_HashTableDestroy(lgdb_p->hashTable);
- }
PORT_Free(lgdb_p);
}
return error;
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index e458f77ccc..06d4e82bfd 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -17,10 +17,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.52.6" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.52.7" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 52
-#define SOFTOKEN_VPATCH 6
+#define SOFTOKEN_VPATCH 7
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index c8ff5eac2c..6267f4234a 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.52.6"
+#define NSSUTIL_VERSION "3.52.7"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 52
-#define NSSUTIL_VPATCH 6
+#define NSSUTIL_VPATCH 7
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c
index 14d460a173..c564115364 100644
--- a/security/nss/lib/util/secasn1d.c
+++ b/security/nss/lib/util/secasn1d.c
@@ -1114,7 +1114,7 @@ sec_asn1d_prepare_for_contents(sec_asn1d_state *state)
* inspection, too) then move this code into the switch statement
* below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
*/
- PORT_Assert(state->underlying_kind == SEC_ASN1_SET_OF || state->underlying_kind == SEC_ASN1_SEQUENCE_OF || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC) || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC));
+ PORT_Assert(state->underlying_kind == SEC_ASN1_SET_OF || state->underlying_kind == SEC_ASN1_SEQUENCE_OF || state->underlying_kind == (SEC_ASN1_SET_OF | SEC_ASN1_DYNAMIC) || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC));
if (state->contents_length != 0 || state->indefinite) {
const SEC_ASN1Template *subt;
@@ -2463,7 +2463,18 @@ sec_asn1d_parse_end_of_contents(sec_asn1d_state *state,
if (state->pending == 0) {
state->place = afterEndOfContents;
- state->endofcontents = PR_TRUE;
+ /* These end-of-contents octets either terminate a SEQUENCE, a GROUP,
+ * or a constructed string. The SEQUENCE case is unique in that the
+ * state parses its own end-of-contents octets and therefore should not
+ * have its `endofcontents` flag set. We identify the SEQUENCE case by
+ * checking whether the child state's template is pointing at a
+ * template terminator (see `sec_asn1d_next_in_sequence`).
+ */
+ if (state->child && state->child->theTemplate->kind == 0) {
+ state->endofcontents = PR_FALSE;
+ } else {
+ state->endofcontents = PR_TRUE;
+ }
}
return len;