Upstream patch to keep nicknames stable on repeated certificate import into SQL DB, mozbz#1458518
This commit is contained in:
parent
7ac2515ded
commit
06167b3620
33
nss-moz1458518.patch
Normal file
33
nss-moz1458518.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Robert Relyea <rrelyea@redhat.com>
|
||||||
|
# Date 1525268789 -7200
|
||||||
|
# Node ID 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4
|
||||||
|
# Parent 5a210945d2486d6443556ec578b22c05949e1049
|
||||||
|
Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie
|
||||||
|
|
||||||
|
diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c
|
||||||
|
--- a/lib/dev/devtoken.c
|
||||||
|
+++ b/lib/dev/devtoken.c
|
||||||
|
@@ -523,17 +523,19 @@ nssToken_ImportCertificate(
|
||||||
|
}
|
||||||
|
/* according to PKCS#11, label, ID, issuer, and serial number
|
||||||
|
* may change after the object has been created. For PKIX, the
|
||||||
|
* last two attributes can't change, so for now we'll only worry
|
||||||
|
* about the first two.
|
||||||
|
*/
|
||||||
|
NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
|
||||||
|
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
|
||||||
|
- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
|
||||||
|
+ if (!rvObject->label && nickname) {
|
||||||
|
+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
|
||||||
|
+ }
|
||||||
|
NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
|
||||||
|
/* reset the mutable attributes on the token */
|
||||||
|
nssCKObject_SetAttributes(rvObject->handle,
|
||||||
|
cert_tmpl, ctsize,
|
||||||
|
session, slot);
|
||||||
|
if (!rvObject->label && nickname) {
|
||||||
|
rvObject->label = nssUTF8_Duplicate(nickname, NULL);
|
||||||
|
}
|
||||||
|
|
11
nss.spec
11
nss.spec
@ -9,7 +9,7 @@ Name: nss
|
|||||||
Version: 3.36.1
|
Version: 3.36.1
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 1.0%{?dist}
|
Release: 1.1%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -89,6 +89,8 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||||
Patch59: nss-check-policy-file.patch
|
Patch59: nss-check-policy-file.patch
|
||||||
Patch62: nss-skip-util-gtest.patch
|
Patch62: nss-skip-util-gtest.patch
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1458518
|
||||||
|
Patch63: nss-moz1458518.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -171,6 +173,7 @@ low level services.
|
|||||||
pushd nss
|
pushd nss
|
||||||
%patch59 -p1 -b .check_policy_file
|
%patch59 -p1 -b .check_policy_file
|
||||||
%patch62 -p1 -b .skip_util_gtest
|
%patch62 -p1 -b .skip_util_gtest
|
||||||
|
%patch63 -p1 -b .moz1458518
|
||||||
popd
|
popd
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
@ -744,7 +747,11 @@ done
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-2
|
* Wed May 02 2018 Kai Engert <kaie@redhat.com> - 3.36.1-1.1
|
||||||
|
- Upstream patch to keep nicknames stable on repeated certificate
|
||||||
|
import into SQL DB, mozbz#1458518
|
||||||
|
|
||||||
|
* Wed Apr 11 2018 Daiki Ueno <dueno@redhat.com> - 3.36.1-1.0
|
||||||
- Update to NSS 3.36.1
|
- Update to NSS 3.36.1
|
||||||
- Remove nss-3.14.0.0-disble-ocsp-test.patch
|
- Remove nss-3.14.0.0-disble-ocsp-test.patch
|
||||||
- Fix partial injection of LDFLAGS
|
- Fix partial injection of LDFLAGS
|
||||||
|
Loading…
Reference in New Issue
Block a user