Add patch for Gnome bug #626066 (login to NSS on demand)

evolution-2.31.92-gn626066.patch

@@ -0,0 +1,137 @@
+From c33a84d443f6a340fc247531b6bc8c9997b52aba Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse@intel.com>
+Date: Mon, 13 Sep 2010 20:00:25 +0000
+Subject: Bug 626066 - log in to NSS database on demand for changing trust
+
+---
+diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c
+index 9c87c66..66ce69b 100644
+--- a/smime/gui/cert-trust-dialog.c
++++ b/smime/gui/cert-trust-dialog.c
+@@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ 		e_cert_trust_add_peer_trust (&trust, FALSE,
+ 					     gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)),
+ 					     FALSE);
+-		CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++		e_cert_db_change_cert_trust (icert, &trust);
+ 		break;
+ 	case GTK_RESPONSE_ACCEPT: {
+ 		/* just *what on earth* was chris thinking here!?!?!  copied from certificate-manager.c */
+@@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ 						   trust_email,
+ 						   trust_objsign);
+ 
+-			CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust);
++			e_cert_db_change_cert_trust (icert, &trust);
+ 		}
+ 
+ 		gtk_widget_destroy (dialog);
+diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c
+index d0823b8..5a5b204 100644
+--- a/smime/gui/certificate-manager.c
++++ b/smime/gui/certificate-manager.c
+@@ -679,7 +679,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm)
+ 							   trust_email,
+ 							   trust_objsign);
+ 
+-				CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++				e_cert_db_change_cert_trust (icert, &trust);
+ 			}
+ 
+ 			gtk_widget_destroy (dialog);
+@@ -1097,18 +1097,13 @@ certificate_manager_config_new (EPreferencesWindow *window)
+ 	GtkWidget *parent;
+ 	GtkWidget *widget;
+ 	CertificateManagerData *cfm_data;
+-	PK11SlotInfo* slot;
+-	ECertDB *cert_db;
+ 
+ 	shell = e_preferences_window_get_shell (window);
+ 
+ 	g_return_val_if_fail (E_IS_SHELL (shell), NULL);
+ 
+ 	/* We need to peek the db here to make sure it (and NSS) are fully initialized. */
+-
+-	cert_db = e_cert_db_peek();
+-	slot = PK11_GetInternalKeySlot();
+-	e_cert_db_login_to_slot(cert_db, slot);
++	e_cert_db_peek ();
+ 
+ 	cfm_data = g_new0 (CertificateManagerData, 1);
+ 
+diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
+index 2e23df2..48458fa 100644
+--- a/smime/lib/e-cert-db.c
++++ b/smime/lib/e-cert-db.c
+@@ -936,7 +936,18 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ 					     nickname,
+ 					     &trust);
+ 
+-		if (srv != SECSuccess && PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
++		/*
++		  If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems
++		  that the import *has* worked, but the setting of trust bits
++		  failed -- so only set the trust. This *has* to be an NSS bug?
++		*/
++		if (srv != SECSuccess &&
++		    PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++		    e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++			srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++						    tmpCert, &trust);
++
++		if (srv != SECSuccess) {
+ 			set_nss_error (error);
+ 			return FALSE;
+ 		}
+@@ -971,6 +982,27 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ 		return TRUE;
+ 	}
+ }
++gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust)
++{
++	SECStatus srv;
++
++	srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++				    cert, trust);
++	if (srv != SECSuccess &&
++	    PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++	    e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++		srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++					    cert, trust);
++
++	if (srv != SECSuccess) {
++		glong err = PORT_GetError ();
++		g_warning ("CERT_ChangeCertTrust() failed: %s\n",
++			   nss_error_to_string(err));
++		return FALSE;
++	}
++	return TRUE;
++}
++
+ 
+ /* deleting certificates */
+ gboolean
+@@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb,
+ 		CERTCertTrust trust;
+ 
+ 		e_cert_trust_init_with_values (&trust, 0, 0, 0);
+-		CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
+-					   cert, &trust);
++		e_cert_db_change_cert_trust (cert, &trust);
+ 	}
+ 
+ 	return TRUE;
+diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
+index 7d5f185..6e1bc5a 100644
+--- a/smime/lib/e-cert-db.h
++++ b/smime/lib/e-cert-db.h
+@@ -142,4 +142,7 @@ gboolean             e_cert_db_export_pkcs12_file (ECertDB *cert_db,
+ gboolean             e_cert_db_login_to_slot      (ECertDB *cert_db,
+ 						   PK11SlotInfo *slot);
+ 
++gboolean	     e_cert_db_change_cert_trust  (CERTCertificate *cert,
++						   CERTCertTrust *trust);
++
+ #endif /* _E_CERT_DB_H_ */
+--
+cgit v0.8.3.1

evolution.spec

@@ -33,7 +33,7 @@
 
 Name: evolution
 Version: 2.31.92
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/Productivity
 Summary: Mail and calendar client for GNOME
 License: GPLv2+ and GFDL
@@ -55,6 +55,9 @@ Patch12: evolution-2.9.1-im-context-reset.patch
 # RH bug #589555
 Patch13: evolution-2.30.1-help-contents.patch
 
+# Gnome bug #626066
+Patch14: evolution-2.31.92-gn626066.patch
+
 ## Dependencies ###
 
 Requires(pre): GConf2
@@ -207,6 +210,7 @@ This package contains the plugin to import Microsoft Personal Storage Table
 %patch10 -p1 -b .ldaphack
 %patch12 -p1 -b .im-context-reset
 %patch13 -p1 -b .help-contents
+%patch14 -p1 -b .gn626066
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -615,7 +619,10 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
-* Mon Sep 13 2010 Milan Crha <mcrha@redhat.com> - 2.31.92.fc15
+* Tue Sep 14 2010 Milan Crha <mcrha@redhat.com> - 2.31.92-2.fc15
+- Add patch for Gnome bug #626066 (login to NSS on demand)
+
+* Mon Sep 13 2010 Milan Crha <mcrha@redhat.com> - 2.31.92-1.fc15
 - Update to 2.31.92
 
 * Mon Aug 30 2010 Milan Crha <mcrha@redhat.com> - 2.31.91-1.fc14