Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 74ECE1A921F for ; Thu, 7 Apr 2022 19:08:45 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id C7B2E84FCA; Thu, 7 Apr 2022 19:08:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0CC9E84FC8 for ; Thu, 7 Apr 2022 19:08:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id pODSWART7oC0 for ; Thu, 7 Apr 2022 19:08:41 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 0039384D59 for ; Thu, 7 Apr 2022 19:08:40 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id E7E2BFB24; Thu, 7 Apr 2022 19:08:40 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1649358520170030" MIME-Version: 1.0 Date: Thu, 7 Apr 2022 19:08:40 +0000 From: "Taylor R Campbell" Subject: CVS commit: pkgsrc/devel/nss To: pkgsrc-changes@NetBSD.org Reply-To: riastradh@netbsd.org X-Mailer: log_accum Message-Id: <20220407190840.E7E2BFB24@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1649358520170030 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: riastradh Date: Thu Apr 7 19:08:40 UTC 2022 Modified Files: pkgsrc/devel/nss: Makefile distinfo pkgsrc/devel/nss/patches: patch-nss_lib_util_utilpars.c Added Files: pkgsrc/devel/nss/patches: patch-nss_cmd_certutil_certutil.c patch-nss_cmd_fipstest_fipstest.c patch-nss_cmd_pk11gcmtest_pk11gcmtest.c patch-nss_cmd_signtool_certgen.c patch-nss_cmd_signtool_util.c patch-nss_lib_certdb_alg1485.c patch-nss_lib_certdb_certdb.c patch-nss_lib_dbm_src_mktemp.c patch-nss_lib_nss_nssinit.c patch-nss_lib_softoken_legacydb_lowcert.c patch-nss_lib_util_oidstring.c patch-nss_lib_util_portreg.c Log Message: devel/nss: Patch ctype(3) abuse. To generate a diff of this commit: cvs rdiff -u -r1.225 -r1.226 pkgsrc/devel/nss/Makefile cvs rdiff -u -r1.149 -r1.150 pkgsrc/devel/nss/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/nss/patches/patch-nss_cmd_certutil_certutil.c \ pkgsrc/devel/nss/patches/patch-nss_cmd_fipstest_fipstest.c \ pkgsrc/devel/nss/patches/patch-nss_cmd_pk11gcmtest_pk11gcmtest.c \ pkgsrc/devel/nss/patches/patch-nss_cmd_signtool_certgen.c \ pkgsrc/devel/nss/patches/patch-nss_cmd_signtool_util.c \ pkgsrc/devel/nss/patches/patch-nss_lib_certdb_alg1485.c \ pkgsrc/devel/nss/patches/patch-nss_lib_certdb_certdb.c \ pkgsrc/devel/nss/patches/patch-nss_lib_dbm_src_mktemp.c \ pkgsrc/devel/nss/patches/patch-nss_lib_nss_nssinit.c \ pkgsrc/devel/nss/patches/patch-nss_lib_softoken_legacydb_lowcert.c \ pkgsrc/devel/nss/patches/patch-nss_lib_util_oidstring.c \ pkgsrc/devel/nss/patches/patch-nss_lib_util_portreg.c cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1649358520170030 Content-Disposition: inline Content-Length: 79197 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/devel/nss/Makefile diff -u pkgsrc/devel/nss/Makefile:1.225 pkgsrc/devel/nss/Makefile:1.226 --- pkgsrc/devel/nss/Makefile:1.225 Tue Apr 5 10:05:43 2022 +++ pkgsrc/devel/nss/Makefile Thu Apr 7 19:08:40 2022 @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.225 2022/04/05 10:05:43 riastradh Exp $ +# $NetBSD: Makefile,v 1.226 2022/04/07 19:08:40 riastradh Exp $ # # release notes # https://firefox-source-docs.mozilla.org/security/nss/releases/index.html DISTNAME= nss-${NSS_RELEASE:S/.0$//} NSS_RELEASE= 3.77.0 +PKGREVISION= 1 CATEGORIES= devel security MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=security/nss/releases/NSS_${NSS_DIST_DIR_VERSION:S/_0$//}_RTM/src/} Index: pkgsrc/devel/nss/distinfo diff -u pkgsrc/devel/nss/distinfo:1.149 pkgsrc/devel/nss/distinfo:1.150 --- pkgsrc/devel/nss/distinfo:1.149 Thu Mar 31 18:10:52 2022 +++ pkgsrc/devel/nss/distinfo Thu Apr 7 19:08:40 2022 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.149 2022/03/31 18:10:52 wiz Exp $ +$NetBSD: distinfo,v 1.150 2022/04/07 19:08:40 riastradh Exp $ BLAKE2s (nss-3.77.tar.gz) = 3565c858677fbccb6b773125b34e2e8cb3e83b45bdd68f05ebfa12c32af11d8e SHA512 (nss-3.77.tar.gz) = bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e @@ -7,13 +7,25 @@ SHA1 (patch-md) = 8547c9414332c02221b967 SHA1 (patch-me) = ffb5f119764c158c0bd789bd18fc77c61f2e9d2b SHA1 (patch-mf) = 40e58385fb6f944f463bf00b9aad72bc4ea229d0 SHA1 (patch-mn) = 5b79783e48249044be1a904a6cfd20ba175b5fd4 +SHA1 (patch-nss_cmd_certutil_certutil.c) = 76acb4c30779fb44d24fb59fcfe555b238816197 +SHA1 (patch-nss_cmd_fipstest_fipstest.c) = 2f2028b9ab1e63bc7160acc0f0c61d843755ff76 +SHA1 (patch-nss_cmd_pk11gcmtest_pk11gcmtest.c) = b31cb30343f3983e0afa5d0f322207620257cb98 SHA1 (patch-nss_cmd_platlibs.mk) = 01f4350de601b29c94e8a791a28daca226866bb6 SHA1 (patch-nss_cmd_shlibsign_sign.sh) = 7948b7b502a4c148ee185836dde8a84d3aa388af +SHA1 (patch-nss_cmd_signtool_certgen.c) = 56bc3068543121d6bc34e7fdc41a021ae0c49364 +SHA1 (patch-nss_cmd_signtool_util.c) = ab9dc7cdcc6c33191edcb058b6004109bd5825d6 SHA1 (patch-nss_coreconf_OpenBSD.mk) = 944f71fcaaa7d5b2b3ed008341b1392a65480f2b SHA1 (patch-nss_coreconf_command.mk) = a7b682d367825b48f8802fa30cee83f10680bb74 +SHA1 (patch-nss_lib_certdb_alg1485.c) = 71f1b1b2ce839d105a5be61640ee21ed91e742dd +SHA1 (patch-nss_lib_certdb_certdb.c) = c3ce6300d981edf4054cabbd3ecb8bd6810718d5 +SHA1 (patch-nss_lib_dbm_src_mktemp.c) = e051e46ac36ea7670047b95d728e38b37af85b77 SHA1 (patch-nss_lib_freebl_aes-armv8.c) = aa698f61dd3d66ba707a9b5425bc15d057244ad7 SHA1 (patch-nss_lib_freebl_gcm-aarch64.c) = 311cfe7ca58e91285052d0ca27bd2df3f325071b SHA1 (patch-nss_lib_freebl_sha256-armv8.c) = 48ec50204493dd510099a3495f3b775c6bfa8828 -SHA1 (patch-nss_lib_util_utilpars.c) = 5d3000515b01037929730a752b7d7a0f46f06deb +SHA1 (patch-nss_lib_nss_nssinit.c) = bcef361041afa6bd2462b49142b5e56b8641f038 +SHA1 (patch-nss_lib_softoken_legacydb_lowcert.c) = 79b20197ec901480bce5c91ce1abb1bbfa73612e +SHA1 (patch-nss_lib_util_oidstring.c) = 76d792c9fd95c39c0bf75950a9c048fd43fd496c +SHA1 (patch-nss_lib_util_portreg.c) = 52ea179827ef562394bdbb5408765ab5e04daf58 +SHA1 (patch-nss_lib_util_utilpars.c) = 1739a132d23edf17cea131c7186dd72cb545e424 SHA1 (patch-nss_tests_all.sh) = b328778b538db66f5447f962f23afd6f650f7071 SHA1 (patch-nss_tests_merge_merge.sh) = 42a4866d226b1076740ba9a5e42c7604f2cb15a7 Index: pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c diff -u pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c:1.1 pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c:1.2 --- pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c:1.1 Sat Feb 24 11:35:48 2018 +++ pkgsrc/devel/nss/patches/patch-nss_lib_util_utilpars.c Thu Apr 7 19:08:40 2022 @@ -1,10 +1,21 @@ -$NetBSD: patch-nss_lib_util_utilpars.c,v 1.1 2018/02/24 11:35:48 ryoon Exp $ +$NetBSD: patch-nss_lib_util_utilpars.c,v 1.2 2022/04/07 19:08:40 riastradh Exp $ Revert Bug 1377940 to fix misc/libreoffice ---- nss/lib/util/utilpars.c.orig 2018-01-18 14:19:59.000000000 +0000 +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/util/utilpars.c.orig 2022-03-03 10:18:53.000000000 +0000 +++ nss/lib/util/utilpars.c -@@ -1111,8 +1111,12 @@ _NSSUTIL_EvaluateConfigDir(const char *c +@@ -274,7 +274,7 @@ NSSUTIL_ArgDecodeNumber(const char *num) + } + + for (; *num; num++) { +- if (isdigit(*num)) { ++ if (isdigit((unsigned char)*num)) { + digit = *num - '0'; + } else if ((*num >= 'a') && (*num <= 'f')) { + digit = *num - 'a' + 10; +@@ -1197,8 +1197,12 @@ _NSSUTIL_EvaluateConfigDir(const char *c NSSDBType dbType; PRBool checkEnvDefaultDB = PR_FALSE; *appName = NULL; Added files: Index: pkgsrc/devel/nss/patches/patch-nss_cmd_certutil_certutil.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_cmd_certutil_certutil.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_cmd_certutil_certutil.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,15 @@ +$NetBSD: patch-nss_cmd_certutil_certutil.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/cmd/certutil/certutil.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/cmd/certutil/certutil.c +@@ -3977,7 +3977,7 @@ shutdown: + newargv[1] = nextcommand; + nextarg = nextcommand; + while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v"))) { +- while (isspace(*space)) { ++ while (isspace((unsigned char)*space)) { + *space = '\0'; + space++; + } Index: pkgsrc/devel/nss/patches/patch-nss_cmd_fipstest_fipstest.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_cmd_fipstest_fipstest.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_cmd_fipstest_fipstest.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,1420 @@ +$NetBSD: patch-nss_cmd_fipstest_fipstest.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/cmd/fipstest/fipstest.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/cmd/fipstest/fipstest.c +@@ -128,7 +128,7 @@ from_hex_str(unsigned char *buf, unsigne + + /* count the hex digits */ + nxdigit = 0; +- for (nxdigit = 0; isxdigit(str[nxdigit]); nxdigit++) { ++ for (nxdigit = 0; isxdigit((unsigned char)str[nxdigit]); nxdigit++) { + /* empty body */ + } + if (nxdigit == 0) { +@@ -336,7 +336,7 @@ tdea_kat_mmt(char *reqfn) + /* NumKeys */ + if (strncmp(&buf[0], "NumKeys", 7) == 0) { + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + numKeys = buf[i]; +@@ -360,10 +360,10 @@ tdea_kat_mmt(char *reqfn) + if (numKeys == 0) { + if (strncmp(buf, "KEYs", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + key[j + 8] = key[j]; + key[j + 16] = key[j]; +@@ -375,10 +375,10 @@ tdea_kat_mmt(char *reqfn) + /* KEY1 = ... */ + if (strncmp(buf, "KEY1", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + fputs(buf, resp); +@@ -387,10 +387,10 @@ tdea_kat_mmt(char *reqfn) + /* KEY2 = ... */ + if (strncmp(buf, "KEY2", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 8; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 8; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + fputs(buf, resp); +@@ -399,10 +399,10 @@ tdea_kat_mmt(char *reqfn) + /* KEY3 = ... */ + if (strncmp(buf, "KEY3", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 16; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 16; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + fputs(buf, resp); +@@ -414,7 +414,7 @@ tdea_kat_mmt(char *reqfn) + if (strncmp(buf, "IV", 2) == 0) { + mode = NSS_DES_EDE3_CBC; + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof iv; i += 2, j++) { +@@ -431,10 +431,10 @@ tdea_kat_mmt(char *reqfn) + goto loser; + } + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &plaintext[j]); + } + plaintextlen = j; +@@ -461,10 +461,10 @@ tdea_kat_mmt(char *reqfn) + } + + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + ciphertextlen = j; +@@ -779,7 +779,7 @@ tdea_mct(int mode, char *reqfn) + /* NumKeys */ + if (strncmp(&buf[0], "NumKeys", 7) == 0) { + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + numKeys = atoi(&buf[i]); +@@ -788,10 +788,10 @@ tdea_mct(int mode, char *reqfn) + /* KEY1 = ... */ + if (strncmp(buf, "KEY1", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + continue; +@@ -799,10 +799,10 @@ tdea_mct(int mode, char *reqfn) + /* KEY2 = ... */ + if (strncmp(buf, "KEY2", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 8; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 8; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + continue; +@@ -810,10 +810,10 @@ tdea_mct(int mode, char *reqfn) + /* KEY3 = ... */ + if (strncmp(buf, "KEY3", 4) == 0) { + i = 4; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 16; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 16; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + continue; +@@ -822,7 +822,7 @@ tdea_mct(int mode, char *reqfn) + /* IV = ... */ + if (strncmp(buf, "IV", 2) == 0) { + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof iv; i += 2, j++) { +@@ -840,7 +840,7 @@ tdea_mct(int mode, char *reqfn) + } + /* PT[0] = PT */ + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof plaintext; i += 2, j++) { +@@ -863,10 +863,10 @@ tdea_mct(int mode, char *reqfn) + } + /* CT[0] = CT */ + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + +@@ -1071,10 +1071,10 @@ aes_gcm(char *reqfn, int encrypt) + /* KEY = ... */ + if (strncmp(buf, "Key", 3) == 0) { + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; +@@ -1084,7 +1084,7 @@ aes_gcm(char *reqfn, int encrypt) + /* IV = ... */ + if (strncmp(buf, "IV", 2) == 0) { + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof iv; i += 2, j++) { +@@ -1101,10 +1101,10 @@ aes_gcm(char *reqfn, int encrypt) + } + + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &plaintext[j]); + } + plaintextlen = j; +@@ -1119,10 +1119,10 @@ aes_gcm(char *reqfn, int encrypt) + } + + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + ciphertextlen = j; +@@ -1131,10 +1131,10 @@ aes_gcm(char *reqfn, int encrypt) + } + if (strncmp(buf, "AAD", 3) == 0) { + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &aad[j]); + } + aadlen = j; +@@ -1183,10 +1183,10 @@ aes_gcm(char *reqfn, int encrypt) + } + + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j + ciphertextlen]); + } + ciphertextlen += j; +@@ -1282,10 +1282,10 @@ aes_kat_mmt(char *reqfn) + /* KEY = ... */ + if (strncmp(buf, "KEY", 3) == 0) { + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; +@@ -1296,7 +1296,7 @@ aes_kat_mmt(char *reqfn) + if (strncmp(buf, "IV", 2) == 0) { + mode = NSS_AES_CBC; + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof iv; i += 2, j++) { +@@ -1313,10 +1313,10 @@ aes_kat_mmt(char *reqfn) + } + + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &plaintext[j]); + } + plaintextlen = j; +@@ -1347,10 +1347,10 @@ aes_kat_mmt(char *reqfn) + } + + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + ciphertextlen = j; +@@ -1486,10 +1486,10 @@ aes_ecb_mct(char *reqfn) + if (strncmp(buf, "KEY", 3) == 0) { + /* Key[0] = Key */ + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; +@@ -1503,7 +1503,7 @@ aes_ecb_mct(char *reqfn) + } + /* PT[0] = PT */ + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof plaintext; i += 2, j++) { +@@ -1601,10 +1601,10 @@ aes_ecb_mct(char *reqfn) + } + /* CT[0] = CT */ + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + +@@ -1771,10 +1771,10 @@ aes_cbc_mct(char *reqfn) + if (strncmp(buf, "KEY", 3) == 0) { + /* Key[0] = Key */ + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; +@@ -1784,7 +1784,7 @@ aes_cbc_mct(char *reqfn) + if (strncmp(buf, "IV", 2) == 0) { + /* IV[0] = IV */ + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof iv; i += 2, j++) { +@@ -1800,7 +1800,7 @@ aes_cbc_mct(char *reqfn) + } + /* PT[0] = PT */ + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < sizeof plaintext; i += 2, j++) { +@@ -1912,10 +1912,10 @@ aes_cbc_mct(char *reqfn) + } + /* CT[0] = CT */ + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &ciphertext[j]); + } + +@@ -2417,7 +2417,7 @@ ecdsa_keypair_test(char *reqfn) + + src = &buf[1]; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -2528,7 +2528,7 @@ ecdsa_pkv_test(char *reqfn) + + src = &buf[1]; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -2565,7 +2565,7 @@ ecdsa_pkv_test(char *reqfn) + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); +@@ -2579,7 +2579,7 @@ ecdsa_pkv_test(char *reqfn) + continue; + } + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1 + len], len, &buf[i]); +@@ -2653,7 +2653,7 @@ ecdsa_siggen_test(char *reqfn) + + src = &buf[1]; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -2688,10 +2688,10 @@ ecdsa_siggen_test(char *reqfn) + ECPrivateKey *ecpriv; + + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; +@@ -2814,7 +2814,7 @@ ecdsa_sigver_test(char *reqfn) + + src = &buf[1]; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -2869,10 +2869,10 @@ ecdsa_sigver_test(char *reqfn) + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + i = 3; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { ++ for (j = 0; isxdigit((unsigned char)buf[i]); i += 2, j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; +@@ -2897,7 +2897,7 @@ ecdsa_sigver_test(char *reqfn) + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, +@@ -2911,7 +2911,7 @@ ecdsa_sigver_test(char *reqfn) + continue; + } + i = 2; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1 + flen], flen, +@@ -2933,7 +2933,7 @@ ecdsa_sigver_test(char *reqfn) + if (buf[0] == 'R') { + fputs(buf, ecdsaresp); + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + sigvalid = from_hex_str(sig, olen, &buf[i]); +@@ -2943,7 +2943,7 @@ ecdsa_sigver_test(char *reqfn) + if (buf[0] == 'S') { + fputs(buf, ecdsaresp); + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + if (sigvalid) { +@@ -3043,7 +3043,7 @@ ecdh_functional(char *reqfn, PRBool resp + while (*src && *src == ' ') + src++; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -3128,7 +3128,7 @@ ecdh_functional(char *reqfn, PRBool resp + if (strncmp(buf, "QeCAVSx", 7) == 0) { + fputs(buf, ecdhresp); + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(&pubkey.data[1], len, &buf[i]); +@@ -3138,7 +3138,7 @@ ecdh_functional(char *reqfn, PRBool resp + if (strncmp(buf, "QeCAVSy", 7) == 0) { + fputs(buf, ecdhresp); + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(&pubkey.data[1 + len], len, &buf[i]); +@@ -3296,7 +3296,7 @@ ecdh_verify(char *reqfn, PRBool response + while (*src && *src == ' ') + src++; + dst = &curve[4]; +- *dst++ = tolower(*src); ++ *dst++ = tolower((unsigned char)*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; +@@ -3381,7 +3381,7 @@ ecdh_verify(char *reqfn, PRBool response + if (strncmp(buf, "QeCAVSx", 7) == 0) { + fputs(buf, ecdhresp); + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(&pubkey.data[1], len, &buf[i]); +@@ -3391,7 +3391,7 @@ ecdh_verify(char *reqfn, PRBool response + if (strncmp(buf, "QeCAVSy", 7) == 0) { + fputs(buf, ecdhresp); + i = 7; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(&pubkey.data[1 + len], len, &buf[i]); +@@ -3400,7 +3400,7 @@ ecdh_verify(char *reqfn, PRBool response + if (strncmp(buf, "deIUT", 5) == 0) { + fputs(buf, ecdhresp); + i = 5; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(private_data, len, &buf[i]); +@@ -3420,7 +3420,7 @@ ecdh_verify(char *reqfn, PRBool response + (strncmp(buf, "HashZZ", 6) == 0)) { + fputs(buf, ecdhresp); + i = (buf[0] == 'C') ? 10 : 6; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(cavsHashBuf, fips_hashLen(hash), &buf[i]); +@@ -3577,11 +3577,11 @@ dh_functional(char *reqfn, PRBool respon + } + if (buf[0] == 'P') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.prime.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.prime.len = j; + break; + } +@@ -3595,11 +3595,11 @@ dh_functional(char *reqfn, PRBool respon + /* Q = ... */ + if (buf[0] == 'Q') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.subPrime.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.subPrime.len = j; + break; + } +@@ -3613,11 +3613,11 @@ dh_functional(char *reqfn, PRBool respon + /* G = ... */ + if (buf[0] == 'G') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.base.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.base.len = j; + break; + } +@@ -3638,7 +3638,7 @@ dh_functional(char *reqfn, PRBool respon + if (strncmp(buf, "YephemCAVS", 10) == 0) { + fputs(buf, dhresp); + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(pubkeydata, pqg.prime.len, &buf[i]); +@@ -3771,11 +3771,11 @@ dh_verify(char *reqfn, PRBool response) + } + if (buf[0] == 'P') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.prime.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.prime.len = j; + break; + } +@@ -3789,11 +3789,11 @@ dh_verify(char *reqfn, PRBool response) + /* Q = ... */ + if (buf[0] == 'Q') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.subPrime.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.subPrime.len = j; + break; + } +@@ -3807,11 +3807,11 @@ dh_verify(char *reqfn, PRBool response) + /* G = ... */ + if (buf[0] == 'G') { + i = 1; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + for (j = 0; j < pqg.base.len; i += 2, j++) { +- if (!isxdigit(buf[i])) { ++ if (!isxdigit((unsigned char)buf[i])) { + pqg.base.len = j; + break; + } +@@ -3832,7 +3832,7 @@ dh_verify(char *reqfn, PRBool response) + if (strncmp(buf, "YephemCAVS", 10) == 0) { + fputs(buf, dhresp); + i = 10; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(pubkeydata, pqg.prime.len, &buf[i]); +@@ -3844,7 +3844,7 @@ dh_verify(char *reqfn, PRBool response) + if (strncmp(buf, "XephemIUT", 9) == 0) { + fputs(buf, dhresp); + i = 9; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(privkeydata, pqg.subPrime.len, &buf[i]); +@@ -3862,7 +3862,7 @@ dh_verify(char *reqfn, PRBool response) + (strncmp(buf, "HashZZ", 6) == 0)) { + fputs(buf, dhresp); + i = buf[0] == 'C' ? 10 : 6; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + from_hex_str(cavsHashBuf, fips_hashLen(hash), &buf[i]); +@@ -3908,7 +3908,7 @@ loser: + PRBool + isblankline(char *b) + { +- while (isspace(*b)) ++ while (isspace((unsigned char)*b)) + b++; + if ((*b == '\n') || (*b == 0)) { + return PR_TRUE; +@@ -4067,7 +4067,7 @@ drbg(char *reqfn) + if (strncmp(buf, "[PredictionResistance", 21) == 0) { + #ifdef HANDLE_PREDICTION_RESISTANCE + i = 21; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + if (strncmp(buf, "False", 5) == 0) { +@@ -4200,11 +4200,11 @@ drbg(char *reqfn) + if (entropyInput) { + memset(entropyInput, 0, entropyInputLen); + i = 18; +- while (isspace(buf[i]) || buf[i] == '=') { ++ while (isspace((unsigned char)buf[i]) || buf[i] == '=') { + i++; + } + +- for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j start) { ++ while (isspace((unsigned char)*end) && end > start) { + end--; + } + *(end + 1) = '\0'; Index: pkgsrc/devel/nss/patches/patch-nss_lib_certdb_alg1485.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_certdb_alg1485.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_certdb_alg1485.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,33 @@ +$NetBSD: patch-nss_lib_certdb_alg1485.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/certdb/alg1485.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/certdb/alg1485.c +@@ -402,7 +402,7 @@ ParseRFC1485AVA(PLArenaPool* arena, cons + } + + /* is this a dotted decimal OID attribute type ? */ +- if (!PL_strncasecmp("oid.", tagBuf, 4) || isdigit(tagBuf[0])) { ++ if (!PL_strncasecmp("oid.", tagBuf, 4) || isdigit((unsigned char)tagBuf[0])) { + rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf)); + isDottedOid = (PRBool)(rv == SECSuccess); + } else { +@@ -1332,7 +1332,7 @@ CERT_GetCertificateEmailAddress(CERTCert + } + if (rawEmailAddr) { + for (i = 0; i <= (int)PORT_Strlen(rawEmailAddr); i++) { +- rawEmailAddr[i] = tolower(rawEmailAddr[i]); ++ rawEmailAddr[i] = tolower((unsigned char)rawEmailAddr[i]); + } + } + +@@ -1358,7 +1358,7 @@ appendStringToBuf(char* dest, char* src, + if (dest && src && src[0] && *pRemaining > (len = PL_strlen(src))) { + PRUint32 i; + for (i = 0; i < len; ++i) +- dest[i] = tolower(src[i]); ++ dest[i] = tolower((unsigned char)src[i]); + dest[len] = 0; + dest += len + 1; + *pRemaining -= len + 1; Index: pkgsrc/devel/nss/patches/patch-nss_lib_certdb_certdb.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_certdb_certdb.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_certdb_certdb.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,24 @@ +$NetBSD: patch-nss_lib_certdb_certdb.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/certdb/certdb.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/certdb/certdb.c +@@ -1313,7 +1313,7 @@ sec_lower_string(char *s) + } + + while (*s) { +- *s = PORT_Tolower(*s); ++ *s = PORT_Tolower((unsigned char)*s); + s++; + } + +@@ -2304,7 +2304,7 @@ CERT_FixupEmailAddr(const char *emailAdd + + /* make it lower case */ + while (*str) { +- *str = tolower(*str); ++ *str = tolower((unsigned char)*str); + str++; + } + Index: pkgsrc/devel/nss/patches/patch-nss_lib_dbm_src_mktemp.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_dbm_src_mktemp.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_dbm_src_mktemp.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,15 @@ +$NetBSD: patch-nss_lib_dbm_src_mktemp.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/dbm/src/mktemp.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/dbm/src/mktemp.c +@@ -137,7 +137,7 @@ _gettemp(char *path, register int *doope + if (*trv == 'z') + *trv++ = 'a'; + else { +- if (isdigit(*trv)) ++ if (isdigit((unsigned char)*trv)) + *trv = 'a'; + else + ++*trv; Index: pkgsrc/devel/nss/patches/patch-nss_lib_nss_nssinit.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_nss_nssinit.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_nss_nssinit.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,36 @@ +$NetBSD: patch-nss_lib_nss_nssinit.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/nss/nssinit.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/nss/nssinit.c +@@ -1323,25 +1323,25 @@ NSS_VersionCheck(const char *importedVer + #define NSS_VERSION_VARIABLE __nss_base_version + #include "verref.h" + +- while (isdigit(*ptr)) { ++ while (isdigit((unsigned char)*ptr)) { + vmajor = 10 * vmajor + *ptr - '0'; + ptr++; + } + if (*ptr == '.') { + ptr++; +- while (isdigit(*ptr)) { ++ while (isdigit((unsigned char)*ptr)) { + vminor = 10 * vminor + *ptr - '0'; + ptr++; + } + if (*ptr == '.') { + ptr++; +- while (isdigit(*ptr)) { ++ while (isdigit((unsigned char)*ptr)) { + vpatch = 10 * vpatch + *ptr - '0'; + ptr++; + } + if (*ptr == '.') { + ptr++; +- while (isdigit(*ptr)) { ++ while (isdigit((unsigned char)*ptr)) { + vbuild = 10 * vbuild + *ptr - '0'; + ptr++; + } Index: pkgsrc/devel/nss/patches/patch-nss_lib_softoken_legacydb_lowcert.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_softoken_legacydb_lowcert.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_softoken_legacydb_lowcert.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,24 @@ +$NetBSD: patch-nss_lib_softoken_legacydb_lowcert.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/softoken/legacydb/lowcert.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/softoken/legacydb/lowcert.c +@@ -615,7 +615,7 @@ nsslowcert_GetCertificateEmailAddress(NS + /* make it lower case */ + str = emailAddr; + while (str && *str) { +- *str = tolower(*str); ++ *str = tolower((unsigned char)*str); + str++; + } + return emailAddr; +@@ -717,7 +717,7 @@ nsslowcert_FixupEmailAddr(char *emailAdd + + /* make it lower case */ + while (*str) { +- *str = tolower(*str); ++ *str = tolower((unsigned char)*str); + str++; + } + Index: pkgsrc/devel/nss/patches/patch-nss_lib_util_oidstring.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_util_oidstring.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_util_oidstring.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,15 @@ +$NetBSD: patch-nss_lib_util_oidstring.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/util/oidstring.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/util/oidstring.c +@@ -50,7 +50,7 @@ SEC_StringToOID(PLArenaPool *pool, SECIt + } + do { + PRUint32 decimal = 0; +- while (len > 0 && isdigit(*from)) { ++ while (len > 0 && isdigit((unsigned char)*from)) { + PRUint32 addend = (*from++ - '0'); + --len; + if (decimal > max_decimal) /* overflow */ Index: pkgsrc/devel/nss/patches/patch-nss_lib_util_portreg.c diff -u /dev/null pkgsrc/devel/nss/patches/patch-nss_lib_util_portreg.c:1.1 --- /dev/null Thu Apr 7 19:08:40 2022 +++ pkgsrc/devel/nss/patches/patch-nss_lib_util_portreg.c Thu Apr 7 19:08:40 2022 @@ -0,0 +1,24 @@ +$NetBSD: patch-nss_lib_util_portreg.c,v 1.1 2022/04/07 19:08:40 riastradh Exp $ + +Fix ctype(3) abuse: https://bugzilla.mozilla.org/show_bug.cgi?id=1246768 + +--- nss/lib/util/portreg.c.orig 2022-03-03 10:18:53.000000000 +0000 ++++ nss/lib/util/portreg.c +@@ -275,7 +275,7 @@ _shexp_match(const char *str, const char + if (exp[y] == '\\') + ++y; + if (case_insensitive) { +- matched |= (toupper(str[x]) == toupper(exp[y])); ++ matched |= (toupper((unsigned char)str[x]) == toupper((unsigned char)exp[y])); + } else { + matched |= (str[x] == exp[y]); + } +@@ -299,7 +299,7 @@ _shexp_match(const char *str, const char + /* fall through */ + default: + if (case_insensitive) { +- if (toupper(str[x]) != toupper(exp[y])) ++ if (toupper((unsigned char)str[x]) != toupper((unsigned char)exp[y])) + return NOMATCH; + } else { + if (str[x] != exp[y]) --_----------=_1649358520170030--