[nss] * Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9 - Fix nsssysinit to return userdb

Elio Maldonado emaldonado at fedoraproject.org
Sat Jul 31 16:51:47 UTC 2010 

commit a3ec3dfe11e01f70fe19e3e0dcddcc503ef70cd1
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Sat Jul 31 09:51:45 2010 -0700

    * Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9
    - Fix nsssysinit to return userdb ahead of systemdb (#603313)

 nss-sysinit-userdb-first.patch |   65 ++++++++++++++++++++++++++++++++++++++++
 nss.spec                       |   12 +++++--
 2 files changed, 73 insertions(+), 4 deletions(-)
---
diff --git a/nss-sysinit-userdb-first.patch b/nss-sysinit-userdb-first.patch
new file mode 100755
index 0000000..cbfbb9a
--- /dev/null
+++ b/nss-sysinit-userdb-first.patch
@@ -0,0 +1,65 @@
+diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig	2010-06-17 09:17:30.732643399 -0700
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-06-17 09:20:22.691642397 -0700
+@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
+     sysdb = getSystemDB();
+     userdb = getUserDB();
+ 
+-    /* Don't open root's user DB */
++    /* return a list of databases to open. First the system database. */
++    if (sysdb) {
++	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
++	    module_list[next++] = PR_smprintf(
++	      "library= "
++	      "module=\"NSS system database\" "
++	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
++	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++    }
++
++    /* Next the user database, but not for root. */
+     if (userdb != NULL && !userIsRoot()) {
+-	/* return a list of databases to open. First the user Database */
+ 	module_list[next++] = PR_smprintf(
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
+ 		userdb, stripped_parameters);
+ 	}
+ 
+-#if 0
+-	/* This doesn't actually work. If we register
+-		both this and the sysdb (in either order)
+-		then only one of them actually shows up */
+-
+-    /* Using a NULL filename as a Boolean flag to
+-     * prevent registering both an application-defined
+-     * db and the system db. rhbz #546211.
+-     */
+-    PORT_Assert(filename);
+-    if (sysdb && PL_CompareStrings(filename, sysdb))
+-	    filename = NULL;
+-    else if (userdb && PL_CompareStrings(filename, userdb))
+-	    filename = NULL;
+-
+-    if (filename && !userIsRoot()) {
+-	    module_list[next++] = PR_smprintf(
+-	      "library= "
+-	      "module=\"NSS database\" "
+-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
+-	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
+-    }
+-#endif
+-
+-    /* now the system database (always read only unless it's root) */
+-    if (sysdb) {
+-	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+-	    module_list[next++] = PR_smprintf(
+-	      "library= "
+-	      "module=\"NSS system database\" "
+-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
+-    }
+-
+     /* that was the last module */
+     module_list[next] = 0;
+ 
diff --git a/nss.spec b/nss.spec
index 3646867..95f5a48 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.6
-Release:          8%{?dist}
+Release:          9%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -44,6 +44,7 @@ Patch3:           renegotiate-transitional.patch
 Patch4:           validate-arguments.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           nsspem-596674.patch
+Patch8:           nss-sysinit-userdb-first.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -114,6 +115,7 @@ low level services.
 %patch4 -p0 -b .validate
 %patch6 -p0 -b .libpem
 %patch7 -p0 -b .596674
+%patch8 -p0 -b .603313
 
 
 %build
@@ -241,9 +243,8 @@ cd ./mozilla/security/nss/tests/
 #  nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
-
-# Temporarily disabling the ssl test suites
-# until bug 539183 gets resolved
+#  For example, to disable the ssl test suites
+#  you would uncomment the following lines
 #%global nss_ssl_tests " "
 #%global nss_ssl_run " "
 
@@ -487,6 +488,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Fri Jul 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-9
+- Fix nsssysinit to return userdb ahead of systemdb (#603313)
+
 * Tue Jun 08 2010 Dennis Gilmore <dennis at ausil.us> - 3.12.6-8
 - Require and BuildRequire >= the listed version not =

More information about the scm-commits mailing list