A bunch of changes for the SQLITE3 backend:

1) fix for bug #528467 (C_UnwrapKey didn't work with DSA and EC private keys)
2) fix for bug #526231 (C_GetAttributeValue didn't correctly work)
3) partial fix for bug #564011 (object ID race on keypairgen)
4) use sqlite3 in ports (there is no reason to compile the bundled one)

Approved by:	no objections by marcus and gnome team

7 files changed, 129 insertions, 87 deletions

diff --git a/security/nss/Makefile b/security/nss/Makefile
index 4c95a20c3a21..53acbb37015a 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	nss
 PORTVERSION=	${_MAJOR}.${_MINOR}.${_PATCH}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
@@ -16,14 +16,13 @@ MAINTAINER=	gnome@FreeBSD.org
 COMMENT=	Libraries to support development of security-enabled applications
 
 BUILD_DEPENDS=	zip:${PORTSDIR}/archivers/zip
-LIB_DEPENDS=	nspr4.1:${PORTSDIR}/devel/nspr
+LIB_DEPENDS=	nspr4.1:${PORTSDIR}/devel/nspr \
+		sqlite3.8:${PORTSDIR}/databases/sqlite3
 
 _MAJOR=	3
 _MINOR=	12
 _PATCH=	6
 
-OPTIONS=	SYSSQLITE3 "Use system SQLite3 (slower)" Off
-
 WRKSRC=		${WRKDIR}/${DISTNAME}/mozilla/security/nss
 
 MAKE_JOBS_UNSAFE=	yes
@@ -31,24 +30,12 @@ USE_LDCONFIG=	${PREFIX}/lib/nss
 USE_GMAKE=	yes
 USE_PERL5_BUILD=yes
 MAKE_ENV=	BSD_LDOPTS="${PTHREAD_LIBS} -L${LOCALBASE}/lib" \
-		BUILD_OPT=1 NSS_ENABLE_ECC=1
+		BUILD_OPT=1 NSS_ENABLE_ECC=1 NSS_USE_SYSTEM_SQLITE=1
 ALL_TARGET=	nss_build_all
 CFLAGS+=	-I${LOCALBASE}/include/nspr -L${LOCALBASE}/lib
 
 DIST=		${WRKSRC:H:H}/dist
 
-.include <bsd.port.pre.mk>
-
-.if defined(WITH_SYSSQLITE3)
-LIB_DEPENDS+=	sqlite3:${PORTSDIR}/databases/sqlite3
-EXTRA_PATCHES+=	${FILESDIR}/sqlite3-system.patch
-MAKE_ENV+=	NSS_USE_SYSTEM_SQLITE=1
-PLIST_SUB+=	SYSSQLITE3="@comment "
-.else
-EXTRA_PATCHES+=	${FILESDIR}/sqlite3-builtin.patch
-PLIST_SUB+=	SYSSQLITE3=""
-.endif
-
 EXTERNALS=	CVS dbm security/nss/cmd/zlib nsprpub security/dbm
 EXTRACT_AFTER_ARGS=| ${TAR} -xf -	\
 	${EXTERNALS:C,^,--exclude ${DISTNAME}/mozilla/,}
@@ -89,12 +76,9 @@ post-patch:
 	@cd ${WRKSRC} && \
 		${FIND} . -name "*.c" -o -name "*.h" | \
 		${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"|<nspr.h>|'
-.if !defined(WITH_SYSSQLITE3)
-	@${MV} ${WRKSRC}/lib/sqlite/sqlite.def ${WRKSRC}/lib/sqlite/nsssqlite.def
-.endif
 
 do-install:
-	${MKDIR} -p ${PREFIX}/include/nss/nss ${PREFIX}/lib/nss
+	${MKDIR} ${PREFIX}/include/nss/nss ${PREFIX}/lib/nss
 	${FIND} ${DIST}/public/nss -type l \
 	    	-exec ${INSTALL_DATA} {} ${PREFIX}/include/nss/nss \;
 	${INSTALL_DATA} ${DIST}/FreeBSD${OSREL:C/.$/*/}_OPT.OBJ/lib/*.so.1 \
@@ -110,4 +94,4 @@ do-install:
 	${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${PREFIX}/bin
 	${INSTALL_DATA} ${WRKDIR}/nss.pc ${PREFIX}/libdata/pkgconfig
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/nss/files/sqlite3-system.patch b/security/nss/files/patch-lib_softoken_manifest.mn
index b1e95c2ab887..b1e95c2ab887 100644
--- a/security/nss/files/sqlite3-system.patch
+++ b/security/nss/files/patch-lib_softoken_manifest.mn
diff --git a/security/nss/files/patch-lib_softoken_pkcs11c.c b/security/nss/files/patch-lib_softoken_pkcs11c.c
new file mode 100644
index 000000000000..8d65974a633a
--- /dev/null
+++ b/security/nss/files/patch-lib_softoken_pkcs11c.c
@@ -0,0 +1,22 @@
+--- lib/softoken/pkcs11c.c.orig	2010-05-05 14:36:05.000000000 +0000
++++ lib/softoken/pkcs11c.c	2010-05-05 14:37:25.000000000 +0000
+@@ -4602,9 +4602,6 @@
+ 	    break;
+         case NSSLOWKEYDSAKey:
+ 	    keyType = CKK_DSA;
+-	    crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
+-						CKR_KEY_TYPE_INCONSISTENT;
+-	    if(crv != CKR_OK) break;
+ 	    crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, 
+ 						sizeof(keyType));
+ 	    if(crv != CKR_OK) break;
+@@ -4638,9 +4635,6 @@
+ #ifdef NSS_ENABLE_ECC
+         case NSSLOWKEYECKey:
+ 	    keyType = CKK_EC;
+-	    crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
+-						CKR_KEY_TYPE_INCONSISTENT;
+-	    if(crv != CKR_OK) break;
+ 	    crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType, 
+ 						sizeof(keyType));
+ 	    if(crv != CKR_OK) break;
diff --git a/security/nss/files/patch-lib_softoken_sdb.c b/security/nss/files/patch-lib_softoken_sdb.c
new file mode 100644
index 000000000000..9489bc6857f1
--- /dev/null
+++ b/security/nss/files/patch-lib_softoken_sdb.c
@@ -0,0 +1,75 @@
+--- lib/softoken/sdb.c.orig	2010-05-03 12:43:00.000000000 +0000
++++ lib/softoken/sdb.c	2010-05-03 13:09:55.000000000 +0000
+@@ -827,16 +827,8 @@
+ 	goto loser;
+     }
+ 
+-    getStr = sqlite3_mprintf("");
+-    for (i=0; getStr && i < count; i++) {
+-	if (i==0) {
+-	    newStr = sqlite3_mprintf("a%x", template[i].type);
+-	} else {
+-	    newStr = sqlite3_mprintf("%s, a%x", getStr, template[i].type);
+-	}
+-	sqlite3_free(getStr);
+-	getStr = newStr;
+-    }
++  for (i=0; i < count; i++) {
++    getStr = sqlite3_mprintf("a%x", template[i].type);
+ 
+     if (getStr == NULL) {
+ 	error = CKR_HOST_MEMORY;
+@@ -852,6 +844,11 @@
+     }
+ 
+     sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
++    if (sqlerr == SQLITE_ERROR) {
++	template[i].ulValueLen = -1;
++	error = CKR_ATTRIBUTE_TYPE_INVALID;
++	continue;
++    } else
+     if (sqlerr != SQLITE_OK) { goto loser; }
+     sqlerr = sqlite3_bind_int(stmt, 1, object_id);
+     if (sqlerr != SQLITE_OK) { goto loser; }
+@@ -861,17 +858,15 @@
+ 	    PR_Sleep(SDB_BUSY_RETRY_TIME);
+ 	}
+ 	if (sqlerr == SQLITE_ROW) {
+-	    for (i=0; i < count; i++) {
+-		int column = i;
+ 	    	int blobSize;
+ 	    	const char *blobData;
+ 
+-	    	blobSize = sqlite3_column_bytes(stmt, column);
+-		blobData = sqlite3_column_blob(stmt, column);
++	    	blobSize = sqlite3_column_bytes(stmt, 0);
++		blobData = sqlite3_column_blob(stmt, 0);
+ 		if (blobData == NULL) {
+ 		    template[i].ulValueLen = -1;
+ 		    error = CKR_ATTRIBUTE_TYPE_INVALID; 
+-		    continue;
++		    break;
+ 		}
+ 		/* If the blob equals our explicit NULL value, then the 
+ 		 * attribute is a NULL. */
+@@ -884,15 +879,18 @@
+ 		    if (template[i].ulValueLen < blobSize) {
+ 			template[i].ulValueLen = -1;
+ 		    	error = CKR_BUFFER_TOO_SMALL;
+-			continue;
++			break;
+ 		    }
+ 	    	    PORT_Memcpy(template[i].pValue, blobData, blobSize);
+ 		}
+ 		template[i].ulValueLen = blobSize;
+-	    }
+ 	    found = 1;
+ 	}
+     } while (!sdb_done(sqlerr,&retry));
++    sqlite3_reset(stmt);
++    sqlite3_finalize(stmt);
++    stmt = NULL;
++  }
+ 
+ loser:
+     /* fix up the error if necessary */
diff --git a/security/nss/files/patch-lib_softoken_sftkdb.c b/security/nss/files/patch-lib_softoken_sftkdb.c
new file mode 100644
index 000000000000..494ea115fe83
--- /dev/null
+++ b/security/nss/files/patch-lib_softoken_sftkdb.c
@@ -0,0 +1,26 @@
+--- lib/softoken/sftkdb.c.orig	2010-05-18 16:12:16.000000000 +0200
++++ lib/softoken/sftkdb.c	2010-05-18 16:14:37.000000000 +0200
+@@ -766,6 +766,11 @@
+ 	if (attr == NULL) {
+ 	    return CKR_TEMPLATE_INCOMPLETE;
+ 	}
++	if (attr->ulValueLen == 0) {
++	    /* key is to generic to determine that it's unique, usually
++	     * happens in the key gen case */
++	    return CKR_OBJECT_HANDLE_INVALID;
++	}
+ 	findTemplate[1] = *attr;
+ 	count = 2;
+ 	break;
+@@ -827,6 +832,11 @@
+     }
+     crv = sftkdb_getFindTemplate(objectType, objTypeData,
+ 			findTemplate, &count, ptemplate, len);
++    if (crv == CKR_OBJECT_HANDLE_INVALID) {
++	/* key is to generic to determine that it's unique, usually
++         * happens in the key gen case, go ahead and just create it */
++	return CKR_OK;
++    }
+     if (crv != CKR_OK) {
+ 	return crv;
+     }
diff --git a/security/nss/files/sqlite3-builtin.patch b/security/nss/files/sqlite3-builtin.patch
deleted file mode 100644
index 80a65db348c8..000000000000
--- a/security/nss/files/sqlite3-builtin.patch
+++ /dev/null
@@ -1,63 +0,0 @@
---- cmd/platlibs.mk.orig	2009-08-31 17:56:52.000000000 +0200
-+++ cmd/platlibs.mk	2009-08-31 17:53:35.000000000 +0200
-@@ -80,7 +80,7 @@
- endif
- endif
- 
--SQLITE=-lsqlite3
-+SQLITE=-lnsssqlite3
- 
- ifdef NSS_DISABLE_DBM
- DBMLIB = $(NULL)
-@@ -129,7 +129,7 @@
- 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
- 	$(PKIXLIB) \
- 	$(DBMLIB) \
--	$(DIST)/lib/$(LIB_PREFIX)sqlite3.$(LIB_SUFFIX) \
-+	$(DIST)/lib/$(LIB_PREFIX)nsssqlite3.$(LIB_SUFFIX) \
- 	$(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
- 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
- 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
---- lib/sqlite/manifest.mn.orig	2010-01-09 06:04:37.000000000 +0100
-+++ lib/sqlite/manifest.mn	2010-03-28 22:52:27.000000000 +0200
-@@ -38,9 +38,9 @@
- 
- MODULE = nss
- 
--LIBRARY_NAME = sqlite
-+LIBRARY_NAME = nsssqlite
- LIBRARY_VERSION = 3
--MAPFILE = $(OBJDIR)/sqlite.def
-+MAPFILE = $(OBJDIR)/nsssqlite.def
- DEFINES += -DSQLITE_THREADSAFE=1
- 
- EXPORTS = \
---- lib/softoken/config.mk.orig	2009-08-31 17:55:03.000000000 +0200
-+++ lib/softoken/config.mk	2009-08-31 17:55:15.000000000 +0200
-@@ -57,7 +57,7 @@
- 	-L$(DIST)/lib \
- 	-L$(NSSUTIL_LIB_DIR) \
- 	-lnssutil3 \
--	-lsqlite3 \
-+	-lnsssqlite3 \
- 	-L$(NSPR_LIB_DIR) \
- 	-lplc4 \
- 	-lplds4 \
-@@ -66,7 +66,7 @@
- else # ! NS_USE_GCC
- 
- EXTRA_SHARED_LIBS += \
--	$(DIST)/lib/sqlite3.lib \
-+	$(DIST)/lib/nsssqlite3.lib \
- 	$(DIST)/lib/nssutil3.lib \
- 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
- 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
-@@ -83,7 +83,7 @@
- 	-L$(DIST)/lib \
- 	-L$(NSSUTIL_LIB_DIR) \
- 	-lnssutil3 \
--	-lsqlite3 \
-+	-lnsssqlite3 \
- 	-L$(NSPR_LIB_DIR) \
- 	-lplc4 \
- 	-lplds4 \
diff --git a/security/nss/pkg-plist b/security/nss/pkg-plist
index 421bb8b45ac8..49c15bc8cdd8 100644
--- a/security/nss/pkg-plist
+++ b/security/nss/pkg-plist
@@ -130,8 +130,6 @@ lib/nss/libsmime3.so
 lib/nss/libsmime3.so.1
 lib/nss/libsoftokn3.so
 lib/nss/libsoftokn3.so.1
-%%SYSSQLITE3%%lib/nss/libnsssqlite3.so
-%%SYSSQLITE3%%lib/nss/libnsssqlite3.so.1
 lib/nss/libssl3.so
 lib/nss/libssl3.so.1
 libdata/pkgconfig/nss.pc