[nss] - Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last
Elio Maldonado
emaldonado at fedoraproject.org
Mon Oct 18 22:54:39 UTC 2010
commit 7292dd3723289429e6a6419f8267c0d41e199e86
Author: Elio Maldonado <emaldona at redhat.com>
Date: Mon Oct 18 15:54:32 2010 -0700
- Fix certificates trust order (#643134)
- Apply nss-sysinit-userdb-first.patch last
nss-sysinit-userdb-first.patch | 51 +++++++++++++++++++++++++---------------
nss.spec | 12 +++++++--
2 files changed, 41 insertions(+), 22 deletions(-)
---
diff --git a/nss-sysinit-userdb-first.patch b/nss-sysinit-userdb-first.patch
index cbfbb9a..f3ea0ab 100755
--- a/nss-sysinit-userdb-first.patch
+++ b/nss-sysinit-userdb-first.patch
@@ -1,19 +1,20 @@
-diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
---- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700
-@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
+diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 2010-10-15 13:57:42.719738316 -0700
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-10-15 14:07:51.704637349 -0700
+@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
sysdb = getSystemDB();
userdb = getUserDB();
- /* Don't open root's user DB */
-+ /* return a list of databases to open. First the system database. */
++ /* return a list of databases to open. First the system database */
+ if (sysdb) {
-+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+ module_list[next++] = PR_smprintf(
-+ "library= "
-+ "module=\"NSS system database\" "
-+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
++ module_list[next++] = PR_smprintf(
++ "library= "
++ "module=\"NSS system database\" "
++ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
++ "NSS=\"trustOrder=80 %sflags=internal,critical\"",
++ sysdb, readonly, nssflags);
+ }
+
+ /* Next the user database, but not for root. */
@@ -22,10 +23,23 @@ diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security
module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS User database\" "
-@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
- userdb, stripped_parameters);
- }
+ "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+- "NSS=\"trustOrder=75 %sflags=internal%s\"",
+- userdb, stripped_parameters, nssflags,
+- isFIPS ? ",FIPS" : "");
++ "NSS=\"trustOrder=75 %sflags=internal%s\"",
++ userdb, stripped_parameters, nssflags,
++ isFIPS ? ",FIPS" : "");
+ /* now open the user's defined PKCS #11 modules */
+ /* skip the local user DB entry */
+@@ -281,41 +291,7 @@ get_list(char *filename, char *stripped_
+ "module=\"NSS User database\" "
+ "parameters=\"configdir='sql:%s' %s\" "
+ "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
+- userdb, stripped_parameters);
+- }
+-
-#if 0
- /* This doesn't actually work. If we register
- both this and the sysdb (in either order)
@@ -57,9 +71,8 @@ diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security
- "library= "
- "module=\"NSS system database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
-- }
--
- /* that was the last module */
- module_list[next] = 0;
+- "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
++ userdb, stripped_parameters);
+ }
+ /* that was the last module */
diff --git a/nss.spec b/nss.spec
index a200433..d163044 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.8
-Release: 5%{?dist}
+Release: 6%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -42,9 +42,10 @@ Source12: %{name}-pem-20100809.tar.bz2
Patch3: renegotiate-transitional.patch
Patch6: nss-enable-pem.patch
Patch7: nsspem-596674.patch
-Patch8: nss-sysinit-userdb-first.patch
Patch9: 0001-Add-support-for-PKCS-8-encoded-private-keys.patch
Patch10: 0001-Do-not-define-SEC_SkipTemplate.patch
+Patch11: nss-sysinit-fix-trustorder.patch
+Patch12: nss-sysinit-userdb-first.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -116,9 +117,10 @@ low level services.
%patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem
%patch7 -p0 -b .596674
-%patch8 -p0 -b .603313
%patch9 -p1 -b .pkcs8privatekey
%patch10 -p1 -b .noskiptemplate
+%patch11 -p1 -b .643134
+%patch12 -p0 -b .603313
%build
@@ -490,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%{_libdir}/libnssckfw.a
%changelog
+* Wed Oct 18 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-6
+- Fix certificates trust order (#643134)
+- Apply nss-sysinit-userdb-first.patch last
+
* Wed Oct 06 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-5
- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)
More information about the scm-commits
mailing list