import nss-3.67.0-4.el8_4
This commit is contained in:
parent
610c3a152d
commit
64511750df
|
@ -0,0 +1,63 @@
|
||||||
|
diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c
|
||||||
|
--- a/lib/softoken/sdb.c
|
||||||
|
+++ b/lib/softoken/sdb.c
|
||||||
|
@@ -1519,16 +1519,18 @@ sdb_Begin(SDB *sdb)
|
||||||
|
|
||||||
|
sqlerr = sqlite3_prepare_v2(sqlDB, BEGIN_CMD, -1, &stmt, NULL);
|
||||||
|
|
||||||
|
do {
|
||||||
|
sqlerr = sqlite3_step(stmt);
|
||||||
|
if (sqlerr == SQLITE_BUSY) {
|
||||||
|
PR_Sleep(SDB_BUSY_RETRY_TIME);
|
||||||
|
}
|
||||||
|
+ /* don't retry BEGIN transaction*/
|
||||||
|
+ retry = 0;
|
||||||
|
} while (!sdb_done(sqlerr, &retry));
|
||||||
|
|
||||||
|
if (stmt) {
|
||||||
|
sqlite3_reset(stmt);
|
||||||
|
sqlite3_finalize(stmt);
|
||||||
|
}
|
||||||
|
|
||||||
|
loser:
|
||||||
|
diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
|
||||||
|
--- a/lib/softoken/sftkdb.c
|
||||||
|
+++ b/lib/softoken/sftkdb.c
|
||||||
|
@@ -1521,17 +1521,17 @@ sftkdb_DestroyObject(SFTKDBHandle *handl
|
||||||
|
if (handle == NULL) {
|
||||||
|
return CKR_TOKEN_WRITE_PROTECTED;
|
||||||
|
}
|
||||||
|
db = SFTK_GET_SDB(handle);
|
||||||
|
objectID &= SFTK_OBJ_ID_MASK;
|
||||||
|
|
||||||
|
crv = (*db->sdb_Begin)(db);
|
||||||
|
if (crv != CKR_OK) {
|
||||||
|
- goto loser;
|
||||||
|
+ return crv;
|
||||||
|
}
|
||||||
|
crv = (*db->sdb_DestroyObject)(db, objectID);
|
||||||
|
if (crv != CKR_OK) {
|
||||||
|
goto loser;
|
||||||
|
}
|
||||||
|
/* if the database supports meta data, delete any old signatures
|
||||||
|
* that we may have added */
|
||||||
|
if ((db->sdb_flags & SDB_HAS_META) == SDB_HAS_META) {
|
||||||
|
@@ -2456,17 +2456,17 @@ sftkdb_Update(SFTKDBHandle *handle, SECI
|
||||||
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* put the whole update under a transaction. This allows us to handle
|
||||||
|
* any possible race conditions between with the updateID check.
|
||||||
|
*/
|
||||||
|
crv = (*handle->db->sdb_Begin)(handle->db);
|
||||||
|
if (crv != CKR_OK) {
|
||||||
|
- goto loser;
|
||||||
|
+ return crv;
|
||||||
|
}
|
||||||
|
inTransaction = PR_TRUE;
|
||||||
|
|
||||||
|
/* some one else has already updated this db */
|
||||||
|
if (sftkdb_hasUpdate(sftkdb_TypeString(handle),
|
||||||
|
handle->db, handle->updateID)) {
|
||||||
|
crv = CKR_OK;
|
||||||
|
goto done;
|
|
@ -47,7 +47,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
|
@ -153,6 +153,8 @@ Patch230: nss-3.66-no-small-primes.patch
|
||||||
Patch232: nss-3.66-fix-gtest-parsing.patch
|
Patch232: nss-3.66-fix-gtest-parsing.patch
|
||||||
# no upstream bug yet
|
# no upstream bug yet
|
||||||
Patch233: nss-3.67-fix-coverity-issues.patch
|
Patch233: nss-3.67-fix-coverity-issues.patch
|
||||||
|
# no upstream bug yet
|
||||||
|
Patch234: nss-3.67-fix-sdb-timeout.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
|
@ -925,6 +927,14 @@ update-crypto-policies --no-reload &> /dev/null || :
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 29 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
|
||||||
|
- Better fix for the sdb timeout. The issue wasn't a race, it was
|
||||||
|
the sqlite timeout waiting to begin a transaction under heavy
|
||||||
|
thread usage.
|
||||||
|
|
||||||
|
* Mon Jun 28 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-3
|
||||||
|
- Fix sdb race condition
|
||||||
|
|
||||||
* Fri Jun 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-2
|
* Fri Jun 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-2
|
||||||
- Fix coverity issues
|
- Fix coverity issues
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue