rpms/nss/devel 545779.patch, NONE, 1.1 nss.spec, 1.133, 1.134 nsssysinit.patch, 1.1, NONE
Elio Maldonado
emaldonado at fedoraproject.org
Thu Dec 31 00:07:37 UTC 2009
Author: emaldonado
Update of /cvs/pkgs/rpms/nss/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4584
Modified Files:
nss.spec
Added Files:
545779.patch
Removed Files:
nsssysinit.patch
Log Message:
Renamed nsssysinit.patch to 545779.patch
545779.patch:
nsssysinit.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- NEW FILE 545779.patch ---
Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.1
diff -u -p -r1.1 nsssysinit.c
--- mozilla/security/nss/lib/sysinit/nsssysinit.c 8 Oct 2009 17:08:36 -0000 1.1
+++ mozilla/security/nss/lib/sysinit/nsssysinit.c 12 Dec 2009 03:34:17 -0000
@@ -198,11 +198,20 @@ getFIPSMode(void)
* the decision making process.
*
*/
+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+
static char **
get_list(char *filename, char *stripped_parameters)
{
char **module_list = PORT_ZNewArray(char *, 4);
char *userdb;
+ int isFIPS = getFIPSMode();
+ const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
int next = 0;
/* can't get any space */
@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
- "NSS=\"flags=internal%s\"",
- userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
+ "NSS=\"%sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS system database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
- "NSS=\"flags=internal,critical\"",filename);
+ "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
/* that was the last module */
module_list[next] = 0;
Index: nss.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nss/devel/nss.spec,v
retrieving revision 1.133
retrieving revision 1.134
diff -u -p -r1.133 -r1.134
--- nss.spec 26 Dec 2009 05:14:22 -0000 1.133
+++ nss.spec 31 Dec 2009 00:07:36 -0000 1.134
@@ -44,7 +44,7 @@ Patch6: nss-enable-pem.patch
Patch7: 533125-ammend.patch
Patch8: nss-sysinit.patch
Patch9: 540387.patch
-Patch10: nsssysinit.patch
+Patch10: 545779.patch
Patch11: 546221.patch
%description
@@ -479,8 +479,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/ns
%changelog
* Fri Dec 25 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.5-1.11
-- Fix an error introduced when adapting the patch for
- rhbz #546211
+- Fix an error introduced when adapting the patch for rhbz #546211
* Sat Dec 19 2009 Elio maldonado<emaldona at redhat.com> - 3.12.5-1.9
- Remove left over trace statements from nsssysinit patching
--- nsssysinit.patch DELETED ---
More information about the scm-commits
mailing list