Incorporate more changes requested in upstream review and commited upstream (#1157720)
- still keeping two separate patches
This commit is contained in:
parent
ff192a931a
commit
7854e70d7e
@ -1,6 +1,54 @@
|
||||
--- ./lib/nss/nssinit.c.cond_ignore 2016-07-01 16:09:21.187499579 -0700
|
||||
+++ ./lib/nss/nssinit.c 2016-07-01 16:19:16.095862425 -0700
|
||||
@@ -529,16 +529,19 @@
|
||||
--- ./lib/nss/nssinit.c.cond_ignore 2016-07-14 06:07:08.607951998 -0700
|
||||
+++ ./lib/nss/nssinit.c 2016-07-14 06:11:07.698966728 -0700
|
||||
@@ -427,23 +427,21 @@
|
||||
if (lsecmodName) PORT_Free(lsecmodName);
|
||||
if (lupdateDir) PORT_Free(lupdateDir);
|
||||
if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
|
||||
if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
|
||||
if (lupdateID) PORT_Free(lupdateID);
|
||||
if (lupdateName) PORT_Free(lupdateName);
|
||||
|
||||
if (moduleSpec) {
|
||||
- module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
|
||||
+ module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE);
|
||||
PR_smprintf_free(moduleSpec);
|
||||
- if (module) {
|
||||
- if (!module->loaded) {
|
||||
- SECMOD_DestroyModule(module);
|
||||
- module = NULL;
|
||||
- }
|
||||
+ if (module && !module->loaded) {
|
||||
+ SECMOD_DestroyModule(module);
|
||||
+ return NULL;
|
||||
}
|
||||
}
|
||||
return module;
|
||||
}
|
||||
|
||||
/*
|
||||
* OK there are now lots of options here, lets go through them all:
|
||||
*
|
||||
@@ -511,41 +509,44 @@
|
||||
return PR_FAILURE;
|
||||
}
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static SECStatus
|
||||
nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
|
||||
- const char *secmodName, const char *updateDir,
|
||||
+ const char *secmodName, const char *updateDir,
|
||||
const char *updCertPrefix, const char *updKeyPrefix,
|
||||
const char *updateID, const char *updateName,
|
||||
NSSInitContext ** initContextPtr,
|
||||
NSSInitParameters *initParams,
|
||||
- PRBool readOnly, PRBool noCertDB,
|
||||
+ PRBool readOnly, PRBool noCertDB,
|
||||
PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
|
||||
PRBool optimizeSpace, PRBool noSingleThreadedModules,
|
||||
PRBool allowAlreadyInitializedModules,
|
||||
PRBool dontFinalizeModules)
|
||||
{
|
||||
SECMODModule *parent = NULL;
|
||||
PKIX_UInt32 actualMinorVersion = 0;
|
||||
@ -18,9 +66,41 @@
|
||||
if (!initContextPtr && nssIsInitted) {
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
-
|
||||
+
|
||||
/* make sure our lock and condition variable are initialized one and only
|
||||
@@ -678,32 +681,38 @@
|
||||
* one time */
|
||||
if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/*
|
||||
* if we haven't done basic initialization, single thread the
|
||||
@@ -632,20 +633,20 @@
|
||||
configStrings = pk11_config_strings;
|
||||
configName = pk11_config_name;
|
||||
passwordRequired = pk11_password_required;
|
||||
}
|
||||
|
||||
/* Skip the module init if we are already initted and we are trying
|
||||
* to init with noCertDB and noModDB */
|
||||
if (!(isReallyInitted && noCertDB && noModDB)) {
|
||||
- parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
- updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
+ parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
|
||||
+ updateDir, updCertPrefix, updKeyPrefix, updateID,
|
||||
updateName, configName, configStrings, passwordRequired,
|
||||
- readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
+ readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
|
||||
(initContextPtr != NULL));
|
||||
|
||||
if (parent == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -678,50 +679,54 @@
|
||||
dbpath = NULL;
|
||||
}
|
||||
if (dbpath) {
|
||||
@ -30,12 +110,12 @@
|
||||
}
|
||||
#ifdef POLICY_FILE
|
||||
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
||||
+ /* Load the system crypo policy file if it exists,
|
||||
+ /* Load the system crypto policy file if it exists,
|
||||
+ * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
||||
+ * variable has been set to 1. */
|
||||
+ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
||||
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", strlen("1")) != 0) {
|
||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
||||
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
||||
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
||||
SECMODModule *module = SECMOD_LoadModule(
|
||||
"name=\"Policy File\" "
|
||||
"parameters=\"configdir='sql:" POLICY_PATH "' "
|
||||
@ -61,3 +141,21 @@
|
||||
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
|
||||
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
|
||||
|
||||
if (pkixError != NULL) {
|
||||
goto loser;
|
||||
} else {
|
||||
char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
|
||||
if (ev && ev[0]) {
|
||||
CERT_SetUsePKIXForValidation(PR_TRUE);
|
||||
}
|
||||
}
|
||||
-
|
||||
-
|
||||
}
|
||||
|
||||
/*
|
||||
* Now mark the appropriate init state. If initContextPtr was passed
|
||||
* in, then return the new context pointer and add it to the
|
||||
* nssInitContextList. Otherwise set the global nss_isInitted flag
|
||||
*/
|
||||
PZ_Lock(nssInitLock);
|
||||
|
2
nss.spec
2
nss.spec
@ -794,7 +794,7 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jul 13 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
||||
* Thu Jul 14 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-6
|
||||
- Incorporate some changes requested in upstream review and commited upstream (#1157720)
|
||||
|
||||
* Fri Jul 01 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-5
|
||||
|
Loading…
Reference in New Issue
Block a user