- Fix certificates trust order (#643134)
- Apply nss-sysinit-userdb-first.patch last
This commit is contained in:
Elio Maldonado
parent
27e3c89861
commit
7292dd3723
@ -1,19 +1,20 @@
|
||||
diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700
|
||||
@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_
|
||||
diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.603313 2010-10-15 13:57:42.719738316 -0700
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-10-15 14:07:51.704637349 -0700
|
||||
@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
|
||||
sysdb = getSystemDB();
|
||||
userdb = getUserDB();
|
||||
|
||||
- /* Don't open root's user DB */
|
||||
+ /* return a list of databases to open. First the system database. */
|
||||
+ /* return a list of databases to open. First the system database */
|
||||
+ if (sysdb) {
|
||||
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
||||
+ module_list[next++] = PR_smprintf(
|
||||
+ "library= "
|
||||
+ "module=\"NSS system database\" "
|
||||
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
+ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
+ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
||||
+ module_list[next++] = PR_smprintf(
|
||||
+ "library= "
|
||||
+ "module=\"NSS system database\" "
|
||||
+ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",
|
||||
+ sysdb, readonly, nssflags);
|
||||
+ }
|
||||
+
|
||||
+ /* Next the user database, but not for root. */
|
||||
@ -22,10 +23,23 @@ diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security
|
||||
module_list[next++] = PR_smprintf(
|
||||
"library= "
|
||||
"module=\"NSS User database\" "
|
||||
@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_
|
||||
userdb, stripped_parameters);
|
||||
}
|
||||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
|
||||
- "NSS=\"trustOrder=75 %sflags=internal%s\"",
|
||||
- userdb, stripped_parameters, nssflags,
|
||||
- isFIPS ? ",FIPS" : "");
|
||||
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
|
||||
+ userdb, stripped_parameters, nssflags,
|
||||
+ isFIPS ? ",FIPS" : "");
|
||||
|
||||
/* now open the user's defined PKCS #11 modules */
|
||||
/* skip the local user DB entry */
|
||||
@@ -281,41 +291,7 @@ get_list(char *filename, char *stripped_
|
||||
"module=\"NSS User database\" "
|
||||
"parameters=\"configdir='sql:%s' %s\" "
|
||||
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
|
||||
- userdb, stripped_parameters);
|
||||
- }
|
||||
-
|
||||
-#if 0
|
||||
- /* This doesn't actually work. If we register
|
||||
- both this and the sysdb (in either order)
|
||||
@ -57,9 +71,8 @@ diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security
|
||||
- "library= "
|
||||
- "module=\"NSS system database\" "
|
||||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
- }
|
||||
-
|
||||
/* that was the last module */
|
||||
module_list[next] = 0;
|
||||
- "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
+ userdb, stripped_parameters);
|
||||
}
|
||||
|
||||
/* that was the last module */
|
||||
|
||||
12
nss.spec
12
nss.spec
@ -6,7 +6,7 @@
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.12.8
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -42,9 +42,10 @@ Source12: %{name}-pem-20100809.tar.bz2
|
||||
Patch3: renegotiate-transitional.patch
|
||||
Patch6: nss-enable-pem.patch
|
||||
Patch7: nsspem-596674.patch
|
||||
Patch8: nss-sysinit-userdb-first.patch
|
||||
Patch9: 0001-Add-support-for-PKCS-8-encoded-private-keys.patch
|
||||
Patch10: 0001-Do-not-define-SEC_SkipTemplate.patch
|
||||
Patch11: nss-sysinit-fix-trustorder.patch
|
||||
Patch12: nss-sysinit-userdb-first.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
@ -116,9 +117,10 @@ low level services.
|
||||
%patch3 -p0 -b .transitional
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch7 -p0 -b .596674
|
||||
%patch8 -p0 -b .603313
|
||||
%patch9 -p1 -b .pkcs8privatekey
|
||||
%patch10 -p1 -b .noskiptemplate
|
||||
%patch11 -p1 -b .643134
|
||||
%patch12 -p0 -b .603313
|
||||
|
||||
|
||||
%build
|
||||
@ -490,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
%{_libdir}/libnssckfw.a
|
||||
|
||||
%changelog
|
||||
* Wed Oct 18 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-6
|
||||
- Fix certificates trust order (#643134)
|
||||
- Apply nss-sysinit-userdb-first.patch last
|
||||
|
||||
* Wed Oct 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.8-5
|
||||
- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user