[nss] Update the cacert trust patch per upstream review (#633043)
Elio Maldonado
emaldonado at fedoraproject.org
Wed Jan 26 19:03:21 UTC 2011
commit 5f7dfcf00d4876f6f9aa0c6d05fdfded6753800e
Author: Elio Maldonado <emaldona at redhat.com>
Date: Wed Jan 26 10:59:29 2011 -0800
Update the cacert trust patch per upstream review (#633043)
- Add comments to the new internal functions
- Rename macro to better reflect purpose and fix typos
- Patch matches the code as checked in upstream
honor-user-trust-preferences.patch | 76 ++++++++++++++++++++++++++++++++----
nss.spec | 5 ++-
2 files changed, 72 insertions(+), 9 deletions(-)
---
diff --git a/honor-user-trust-preferences.patch b/honor-user-trust-preferences.patch
index e9414de..093d1c1 100644
--- a/honor-user-trust-preferences.patch
+++ b/honor-user-trust-preferences.patch
@@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
retrieving revision 1.30
diff -u -p -r1.30 pk11load.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000
++++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 26 Jan 2011 18:11:57 -0000
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
char *oldModuleSpec;
@@ -34,7 +34,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
retrieving revision 1.13
diff -u -p -r1.13 pk11priv.h
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000
++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 26 Jan 2011 18:11:47 -0000
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
@@ -49,11 +49,38 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
retrieving revision 1.101
diff -u -p -r1.101 pk11slot.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
-+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000
-@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 26 Jan 2011 18:11:20 -0000
+@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
+ * times as tokens are removed and re-inserted.
+ */
+ void
+-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
++PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
+ {
+ SECStatus rv;
+ char *tmp;
+@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
+ }
+
+ static PK11SlotInfo *pk11InternalKeySlot = NULL;
++
++/*
++ * Set a new default internal keyslot. If one has already been set, clear it.
++ * passing NULL falls back the NSS normally selected default internal key
++ * slot
++ */
+ void
+ pk11_SetInternalKeySlot(PK11SlotInfo *slot)
+ {
+@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
}
++/*
++ * Set a new default internal keyslot if the normal key slot has not already
++ * been overrided. Subsequent calls to this function will be ignored unless
++ * pk11_SetInternalKeySlot is used to clear the current default.
++ */
+void
+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
+{
@@ -70,18 +97,30 @@ Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.2
-diff -u -p -r1.2 nsssysinit.c
+retrieving revision 1.2.2.2
+diff -u -p -r1.2 -r1.2.2.2
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
-+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000
-@@ -221,7 +221,7 @@ getFIPSMode(void)
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
+@@ -221,16 +221,16 @@ getFIPSMode(void)
* 2 for the key slot, and
* 3 for the crypto operations slot fips
*/
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
-+#define ORDER_FLAGS "cipherOrder=100"
++#define CIPHER_ORDER_FLAGS "cipherOrder=100"
#define SLOT_FLAGS \
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
" askpw=any timeout=30 ]"
+
+ static const char *nssDefaultFlags =
+- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
++ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
+
+ static const char *nssDefaultFIPSFlags =
+- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
++ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
+
+ /*
+ * This function builds the list of databases and modules to load, and sets
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
@@ -131,3 +170,24 @@ diff -u -p -r1.2 nsssysinit.c
}
/* that was the last module */
+@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
+
+ /* determine what options the user was trying to open this database with */
+ /* filename is the directory pointed to by configdir= */
+-/* stripped is the rest of the paramters with configdir= stripped out */
++/* stripped is the rest of the parameters with configdir= stripped out */
+ static SECStatus
+-parse_paramters(char *parameters, char **filename, char **stripped)
++parse_parameters(char *parameters, char **filename, char **stripped)
+ {
+ char *sourcePrev;
+ char *sourceCurr;
+@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
+ char **retString = NULL;
+ SECStatus rv;
+
+- rv = parse_paramters(parameters, &filename, &stripped);
++ rv = parse_parameters(parameters, &filename, &stripped);
+ if (rv != SECSuccess) {
+ /* use defaults */
+ filename = getSystemDB();
diff --git a/nss.spec b/nss.spec
index 8c53cbb..a096f5d 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.9
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -490,6 +490,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%{_libdir}/libnssckfw.a
%changelog
+* Wed Jan 26 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-3
+- Update the cacert trust patch per upstream review (#633043)
+
* Wed Jan 19 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-2
- Fix to honor the user's cert trust preferences (#633043)
- Remove obsoleted patch
More information about the scm-commits
mailing list