rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update the cacert trust patch per upstream review (#633043) 

- Add comments to the new internal functions
- Rename macro to better reflect purpose and fix typos
- Patch matches the code as checked in upstream
This commit is contained in:
Elio Maldonado 2011-01-26 10:59:29 -08:00
parent 612496b72d
commit 5f7dfcf00d
2 changed files with 72 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
honor-user-trust-preferences.patch
View File

@ -4,7 +4,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
retrieving revision 1.30
diff -u -p -r1.30 pk11load.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 26 Jan 2011 18:11:57 -0000
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
char *oldModuleSpec;
@ -34,7 +34,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
retrieving revision 1.13
diff -u -p -r1.13 pk11priv.h
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 26 Jan 2011 18:11:47 -0000
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
@ -49,11 +49,38 @@ RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
retrieving revision 1.101
diff -u -p -r1.101 pk11slot.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000
@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 26 Jan 2011 18:11:20 -0000
@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
* times as tokens are removed and re-inserted.
*/
void
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
{
SECStatus rv;
char *tmp;
@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
}
static PK11SlotInfo *pk11InternalKeySlot = NULL;
+
+/*
+ * Set a new default internal keyslot. If one has already been set, clear it.
+ * passing NULL falls back the NSS normally selected default internal key
+ * slot
+ */
void
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
{
@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
}
+/*
+ * Set a new default internal keyslot if the normal key slot has not already
+ * been overrided. Subsequent calls to this function will be ignored unless
+ * pk11_SetInternalKeySlot is used to clear the current default.
+ */
+void
+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
+{
@ -70,18 +97,30 @@ Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.2
diff -u -p -r1.2 nsssysinit.c
retrieving revision 1.2.2.2
diff -u -p -r1.2 -r1.2.2.2
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000
@@ -221,7 +221,7 @@ getFIPSMode(void)
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
@@ -221,16 +221,16 @@ getFIPSMode(void)
* 2 for the key slot, and
* 3 for the crypto operations slot fips
*/
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
+#define ORDER_FLAGS "cipherOrder=100"
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
#define SLOT_FLAGS \
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
" askpw=any timeout=30 ]"
static const char *nssDefaultFlags =
- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
+ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
static const char *nssDefaultFIPSFlags =
- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
+ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
/*
* This function builds the list of databases and modules to load, and sets
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
@ -131,3 +170,24 @@ diff -u -p -r1.2 nsssysinit.c
}
/* that was the last module */
@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
/* determine what options the user was trying to open this database with */
/* filename is the directory pointed to by configdir= */
-/* stripped is the rest of the paramters with configdir= stripped out */
+/* stripped is the rest of the parameters with configdir= stripped out */
static SECStatus
-parse_paramters(char *parameters, char **filename, char **stripped)
+parse_parameters(char *parameters, char **filename, char **stripped)
{
char *sourcePrev;
char *sourceCurr;
@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
char **retString = NULL;
SECStatus rv;
- rv = parse_paramters(parameters, &filename, &stripped);
+ rv = parse_parameters(parameters, &filename, &stripped);
if (rv != SECSuccess) {
/* use defaults */
filename = getSystemDB();

5
nss.spec
View File

@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.9
Release: 2%{?dist}
Release: 3%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -490,6 +490,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%{_libdir}/libnssckfw.a
%changelog
* Wed Jan 26 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-3
- Update the cacert trust patch per upstream review (#633043)
* Wed Jan 19 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-2
- Fix to honor the user's cert trust preferences (#633043)
- Remove obsoleted patch