Update NSPR to 4.12 and NSS to 3.23 on iOS

nss/lib/softoken/sdb.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements PKCS 11 on top of our existing security modules
  *
  * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
  *   This implementation has two slots:
  *      slot 1 is our generic crypto support. It does not require login.
  *   It supports Public Key ops, and all they bulk ciphers and hashes. 
@@ skipping 217 matching lines @@
         "/var/tmp",
         "/usr/tmp",
         "/tmp",
         NULL     /* List terminator */
     };
     unsigned int i;
     struct stat buf;
     const char *zDir = NULL;
 
     azDirs[0] = sqlite3_temp_directory;
-    azDirs[1] = getenv("TMPDIR");
+    azDirs[1] = PR_GetEnvSecure("TMPDIR");
 
     for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
         zDir = azDirs[i];
         if (zDir == NULL) continue;
         if (stat(zDir, &buf)) continue;
         if (!S_ISDIR(buf.st_mode)) continue;
         if (access(zDir, 07)) continue;
         break;
     }
 
@@ skipping 1606 matching lines @@
       * NSS_SDB_USE_CACHE environment variable is set to "no": cache will not
       *   be used.
       *
       * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
       *   always be used.
       *
       * It is expected that most applications would use the "auto" selection,
       * the environment variable is primarily to simplify testing, and to 
       * correct potential corner cases where  */
 
-     env = PR_GetEnv("NSS_SDB_USE_CACHE");
+     env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
 
      if (env && PORT_Strcasecmp(env,"no") == 0) {
         enableCache = PR_FALSE;
      } else if (env && PORT_Strcasecmp(env,"yes") == 0) {
         enableCache = PR_TRUE;
      } else {
         char *tempDir = NULL;
         PRUint32 tempOps = 0;
         /*
          *  Use PR_Access to determine how expensive it
@@ skipping 130 matching lines @@
             goto loser;
         }
     }
 #endif
 
     /* how long does it take to test for a non-existant file in our working
      * directory? Allows us to test if we may be on a network file system */
     accessOps = 1;
     {
         char *env;
-        env = PR_GetEnv("NSS_SDB_USE_CACHE");
+        env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
         /* If the environment variable is set to yes or no, sdb_init() will
          * ignore the value of accessOps, and we can skip the measuring.*/
         if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
                      (PORT_Strcasecmp(env, "yes") != 0))){
            accessOps = sdb_measureAccess(directory);
         }
     }
 
     /*
      * open the cert data base
@@ skipping 51 matching lines @@
 s_shutdown()
 {
 #ifdef SQLITE_UNSAFE_THREADS
     if (sqlite_lock) {
         PR_DestroyLock(sqlite_lock);
         sqlite_lock = NULL;
     }
 #endif
     return CKR_OK;
 }