From 06167b3620cbc262d9913bef5411043cb43f04a3 Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Wed, 2 May 2018 16:09:59 +0200 Subject: [PATCH] Upstream patch to keep nicknames stable on repeated certificate import into SQL DB, mozbz#1458518 --- nss-moz1458518.patch | 33 +++++++++++++++++++++++++++++++++ nss.spec | 11 +++++++++-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 nss-moz1458518.patch diff --git a/nss-moz1458518.patch b/nss-moz1458518.patch new file mode 100644 index 0000000..516d756 --- /dev/null +++ b/nss-moz1458518.patch @@ -0,0 +1,33 @@ + +# HG changeset patch +# User Robert Relyea +# Date 1525268789 -7200 +# Node ID 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4 +# Parent 5a210945d2486d6443556ec578b22c05949e1049 +Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie + +diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c +--- a/lib/dev/devtoken.c ++++ b/lib/dev/devtoken.c +@@ -523,17 +523,19 @@ nssToken_ImportCertificate( + } + /* according to PKCS#11, label, ID, issuer, and serial number + * may change after the object has been created. For PKIX, the + * last two attributes can't change, so for now we'll only worry + * about the first two. + */ + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); +- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); ++ if (!rvObject->label && nickname) { ++ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); ++ } + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + /* reset the mutable attributes on the token */ + nssCKObject_SetAttributes(rvObject->handle, + cert_tmpl, ctsize, + session, slot); + if (!rvObject->label && nickname) { + rvObject->label = nssUTF8_Duplicate(nickname, NULL); + } + diff --git a/nss.spec b/nss.spec index fe9c64b..8604242 100644 --- a/nss.spec +++ b/nss.spec @@ -9,7 +9,7 @@ Name: nss Version: 3.36.1 # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 1.0%{?dist} +Release: 1.1%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -89,6 +89,8 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520 Patch59: nss-check-policy-file.patch Patch62: nss-skip-util-gtest.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1458518 +Patch63: nss-moz1458518.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -171,6 +173,7 @@ low level services. pushd nss %patch59 -p1 -b .check_policy_file %patch62 -p1 -b .skip_util_gtest +%patch63 -p1 -b .moz1458518 popd ######################################################### @@ -744,7 +747,11 @@ done %changelog -* Wed Apr 11 2018 Daiki Ueno - 3.36.1-2 +* Wed May 02 2018 Kai Engert - 3.36.1-1.1 +- Upstream patch to keep nicknames stable on repeated certificate + import into SQL DB, mozbz#1458518 + +* Wed Apr 11 2018 Daiki Ueno - 3.36.1-1.0 - Update to NSS 3.36.1 - Remove nss-3.14.0.0-disble-ocsp-test.patch - Fix partial injection of LDFLAGS