Upstream patch to keep nicknames stable on repeated certificate import into SQL DB, mozbz#1458518

This commit is contained in:
Kai Engert 2018-05-02 16:09:59 +02:00
parent 7ac2515ded
commit 06167b3620
2 changed files with 42 additions and 2 deletions

33
nss-moz1458518.patch Normal file
View File

@ -0,0 +1,33 @@
# HG changeset patch
# User Robert Relyea <rrelyea@redhat.com>
# Date 1525268789 -7200
# Node ID 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4
# Parent 5a210945d2486d6443556ec578b22c05949e1049
Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie
diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -523,17 +523,19 @@ nssToken_ImportCertificate(
}
/* according to PKCS#11, label, ID, issuer, and serial number
* may change after the object has been created. For PKIX, the
* last two attributes can't change, so for now we'll only worry
* about the first two.
*/
NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+ if (!rvObject->label && nickname) {
+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+ }
NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
/* reset the mutable attributes on the token */
nssCKObject_SetAttributes(rvObject->handle,
cert_tmpl, ctsize,
session, slot);
if (!rvObject->label && nickname) {
rvObject->label = nssUTF8_Duplicate(nickname, NULL);
}

View File

@ -9,7 +9,7 @@ Name: nss
Version: 3.36.1 Version: 3.36.1
# for Rawhide, please always use release >= 2 # for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 1.0%{?dist} Release: 1.1%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -89,6 +89,8 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
Patch59: nss-check-policy-file.patch Patch59: nss-check-policy-file.patch
Patch62: nss-skip-util-gtest.patch Patch62: nss-skip-util-gtest.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1458518
Patch63: nss-moz1458518.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -171,6 +173,7 @@ low level services.
pushd nss pushd nss
%patch59 -p1 -b .check_policy_file %patch59 -p1 -b .check_policy_file
%patch62 -p1 -b .skip_util_gtest %patch62 -p1 -b .skip_util_gtest
%patch63 -p1 -b .moz1458518
popd popd
######################################################### #########################################################
@ -744,7 +747,11 @@ done
%changelog %changelog
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-2 * Wed May 02 2018 Kai Engert <kaie@redhat.com> - 3.36.1-1.1
- Upstream patch to keep nicknames stable on repeated certificate
import into SQL DB, mozbz#1458518
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-1.0
- Update to NSS 3.36.1 - Update to NSS 3.36.1
- Remove nss-3.14.0.0-disble-ocsp-test.patch - Remove nss-3.14.0.0-disble-ocsp-test.patch
- Fix partial injection of LDFLAGS - Fix partial injection of LDFLAGS