[nss-softokn] - Bug 770999 - Fix segmentation violation when turning on fips mode

Fri Dec 30 22:42:05 UTC 2011

commit d63e2bcec060be760e870391f96419e8163e6b2e
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Fri Dec 30 14:40:31 2011 -0800

    - Bug 770999 - Fix segmentation violation when turning on fips mode
    
    - Replace the prelink patch with the one submitted upstream
    - Reintroduce the iquote patch but don't apply it unless needed

 iquote.patch                     |   25 +++++++++++++++++++++++++
 nss-softokn-3.12.4-prelink.patch |   24 +++++++-----------------
 nss-softokn.spec                 |   19 ++++++++++++++++++-
 3 files changed, 50 insertions(+), 18 deletions(-)
---

diff --git a/iquote.patch b/iquote.patch
new file mode 100644
index 0000000..30a0ef6
--- /dev/null
+++ b/iquote.patch
@@ -0,0 +1,25 @@
+diff -up ./mozilla/security/coreconf/location.mk.iquote ./mozilla/security/coreconf/location.mk
+--- ./mozilla/security/coreconf/location.mk.iquote	2010-06-11 17:58:32.000000000 -0700
++++ ./mozilla/security/coreconf/location.mk	2011-12-13 21:36:05.966187158 -0800
+@@ -85,6 +85,10 @@ endif
+ 
+ ifdef NSSUTIL_INCLUDE_DIR
+     INCLUDES += -I$(NSSUTIL_INCLUDE_DIR)
++    ifdef IN_TREE_FREEBL_HEADERS_FIRST
++        INCLUDES += -iquote $(DIST)/../public/nss
++        INCLUDES += -iquote $(DIST)/../private/nss
++    endif
+ endif
+ 
+ ifndef NSSUTIL_LIB_DIR
+diff -up ./mozilla/security/nss/cmd/bltest/Makefile.iquote ./mozilla/security/nss/cmd/bltest/Makefile
+--- ./mozilla/security/nss/cmd/bltest/Makefile.iquote	2004-04-25 08:02:39.000000000 -0700
++++ ./mozilla/security/nss/cmd/bltest/Makefile	2011-12-13 21:39:40.891182125 -0800
+@@ -77,6 +77,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
++INCLUDES += -iquote $(DIST)/../private/nss
+ 
+ 
+ #######################################################################
diff --git a/nss-softokn-3.12.4-prelink.patch b/nss-softokn-3.12.4-prelink.patch
index 2ac26a3..0c55e5b 100644
--- a/nss-softokn-3.12.4-prelink.patch
+++ b/nss-softokn-3.12.4-prelink.patch
@@ -1,20 +1,10 @@
-diff -up ./mozilla/security/nss/lib/freebl/Makefile.prelink ./mozilla/security/nss/lib/freebl/Makefile
-diff -up ./mozilla/security/nss/lib/freebl/shvfy.c.prelink ./mozilla/security/nss/lib/freebl/shvfy.c
---- ./mozilla/security/nss/lib/freebl/shvfy.c.prelink	2011-12-13 09:02:42.554226434 -0800
-+++ ./mozilla/security/nss/lib/freebl/shvfy.c	2011-12-13 09:05:51.152222223 -0800
-@@ -486,6 +486,9 @@ BLAPI_SHVerifyFile(const char *shName)
- 
- 
- loser:
-+    if (shName != NULL) {
-+	PR_Free(shName);
-+    }
-     if (checkName != NULL) {
- 	PORT_Free(checkName);
-     }
-diff -up ./mozilla/security/nss/lib/freebl/stubs.c.prelink ./mozilla/security/nss/lib/freebl/stubs.c
---- ./mozilla/security/nss/lib/freebl/stubs.c.prelink	2011-12-13 09:02:13.210227199 -0800
-+++ ./mozilla/security/nss/lib/freebl/stubs.c	2011-12-13 09:07:01.296220776 -0800
+Index: mozilla/security/nss/lib/freebl/stubs.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/freebl/stubs.c,v
+retrieving revision 1.11
+diff -u -p -r1.11 stubs.c
+--- mozilla/security/nss/lib/freebl/stubs.c	30 Mar 2011 01:20:12 -0000	1.11
++++ mozilla/security/nss/lib/freebl/stubs.c	20 Oct 2011 15:45:40 -0000
 @@ -156,6 +156,7 @@ STUB_DECLARE(void,PR_DestroyCondVar,(PRC
  STUB_DECLARE(void,PR_Free,(void *ptr));
  STUB_DECLARE(char * ,PR_GetLibraryFilePathname,(const char *name,
diff --git a/nss-softokn.spec b/nss-softokn.spec
index 9190ba5..1ac32db 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -17,7 +17,7 @@
 Summary:          Network Security Services Softoken Module
 Name:             nss-softokn
 Version:          3.13.1
-Release:          14%{?dist}
+Release:          15%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -56,6 +56,14 @@ Patch2:           nss-softokn-3.12.4-prelink.patch
 Patch5:           drbg.patch
 # TODO: Open upstream bug and submmit a patch for this
 Patch8:           softoken-minimal-test-dependencies.patch
+# This patch uses the gcc-iquote dir option  documented at
+# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
+# to place the in-tree directories at the head of the list on list of directories
+# to be searched for for header files. This is ensures a build even when system freebl 
+# headers are older. Such is the case when we are starting a major update.
+# NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl headers. 
+# Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it.
+Patch9:           iquote.patch
 
 %description
 Network Security Services Softoken Cryptographic Module
@@ -109,6 +117,8 @@ Header and Library files for doing development with Network Security Services.
 %patch2 -p0 -b .prelink
 %patch5 -p0 -b .drbg
 %patch8 -p0 -b .crypto
+# activate if needed when doing a major update with new apis
+#%patch9 -p0 -b .iquote
 
 %build
 
@@ -153,6 +163,9 @@ USE_64=1
 export USE_64
 %endif
 
+# uncomment if the iguote patch is activated
+#export IN_TREE_FREEBL_HEADERS_FIRST=1
+
 # Compile softokn plus needed support
 %{__make} -C ./mozilla/security/coreconf
 %{__make} -C ./mozilla/security/dbm
@@ -373,6 +386,10 @@ done
 %{_includedir}/nss3/shsign.h
 
 %changelog
+* Fri Dec 30 2011 Elio Maldonado <emaldona at redhat.com> - 3.13.1-15
+- Bug 770999 - Fix segmentation violation when turning on fips mode
+- Reintroduce the iquote patch but don't apply it unless needed
+
 * Tue Dec 13 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-14
 - Restore the update to 3.13.1
 - Update the patch for freebl to deal with prelinked shared libraries
