[nss] * Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9 - Fix nsssysinit to return userdb
Elio Maldonado
emaldonado at fedoraproject.org
Sat Jul 31 16:51:47 UTC 2010
commit a3ec3dfe11e01f70fe19e3e0dcddcc503ef70cd1
Author: Elio Maldonado <emaldona at redhat.com>
Date: Sat Jul 31 09:51:45 2010 -0700
* Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9
- Fix nsssysinit to return userdb ahead of systemdb (#603313)
nss-sysinit-userdb-first.patch | 65 ++++++++++++++++++++++++++++++++++++++++
nss.spec | 12 +++++--
2 files changed, 73 insertions(+), 4 deletions(-)
---
diff --git a/nss-sysinit-userdb-first.patch b/nss-sysinit-userdb-first.patch
new file mode 100755
index 0000000..cbfbb9a
--- /dev/null
+++ b/nss-sysinit-userdb-first.patch
@@ -0,0 +1,65 @@
+diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700
+@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
+ sysdb = getSystemDB();
+ userdb = getUserDB();
+
+- /* Don't open root's user DB */
++ /* return a list of databases to open. First the system database. */
++ if (sysdb) {
++ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
++ module_list[next++] = PR_smprintf(
++ "library= "
++ "module=\"NSS system database\" "
++ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
++ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++ }
++
++ /* Next the user database, but not for root. */
+ if (userdb != NULL && !userIsRoot()) {
+- /* return a list of databases to open. First the user Database */
+ module_list[next++] = PR_smprintf(
+ "library= "
+ "module=\"NSS User database\" "
+@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
+ userdb, stripped_parameters);
+ }
+
+-#if 0
+- /* This doesn't actually work. If we register
+- both this and the sysdb (in either order)
+- then only one of them actually shows up */
+-
+- /* Using a NULL filename as a Boolean flag to
+- * prevent registering both an application-defined
+- * db and the system db. rhbz #546211.
+- */
+- PORT_Assert(filename);
+- if (sysdb && PL_CompareStrings(filename, sysdb))
+- filename = NULL;
+- else if (userdb && PL_CompareStrings(filename, userdb))
+- filename = NULL;
+-
+- if (filename && !userIsRoot()) {
+- module_list[next++] = PR_smprintf(
+- "library= "
+- "module=\"NSS database\" "
+- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
+- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
+- }
+-#endif
+-
+- /* now the system database (always read only unless it's root) */
+- if (sysdb) {
+- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+- module_list[next++] = PR_smprintf(
+- "library= "
+- "module=\"NSS system database\" "
+- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
+- }
+-
+ /* that was the last module */
+ module_list[next] = 0;
+
diff --git a/nss.spec b/nss.spec
index 3646867..95f5a48 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.6
-Release: 8%{?dist}
+Release: 9%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -44,6 +44,7 @@ Patch3: renegotiate-transitional.patch
Patch4: validate-arguments.patch
Patch6: nss-enable-pem.patch
Patch7: nsspem-596674.patch
+Patch8: nss-sysinit-userdb-first.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -114,6 +115,7 @@ low level services.
%patch4 -p0 -b .validate
%patch6 -p0 -b .libpem
%patch7 -p0 -b .596674
+%patch8 -p0 -b .603313
%build
@@ -241,9 +243,8 @@ cd ./mozilla/security/nss/tests/
# nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
-
-# Temporarily disabling the ssl test suites
-# until bug 539183 gets resolved
+# For example, to disable the ssl test suites
+# you would uncomment the following lines
#%global nss_ssl_tests " "
#%global nss_ssl_run " "
@@ -487,6 +488,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9
+- Fix nsssysinit to return userdb ahead of systemdb (#603313)
+
* Tue Jun 08 2010 Dennis Gilmore <dennis at ausil.us> - 3.12.6-8
- Require and BuildRequire >= the listed version not =
More information about the scm-commits
mailing list