Patch nsssysinit to set the default flags on the crypto module - #545779

2009-12-12 06:48:43 +00:00 · 2009-12-12 06:48:43 +00:00 · 911a125478
parent 43678392b1
commit 911a125478
2 changed files with 57 additions and 2 deletions
--- a/nss.spec
+++ b/nss.spec
@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.5
-Release:          1%{?dist}.4
+Release:          1%{?dist}.5
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -43,6 +43,7 @@ Patch2:           nss-nolocalsql.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           533125-ammend.patch
 Patch8:           nss-sysinit.patch
+Patch9:           nsssysinit.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -110,6 +111,7 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch7 -p0 -b .533125-ammend
 %patch8 -p0 -b .sysinit
+%patch9 -p0 -b .nsssysinit

 %build

@ -471,7 +473,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
-* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-2.1
+* Thu Dec 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.5
+- Fix nsssysinit to set the default flags on the crypto module (#545779)
+- Remove redundant header from the pem module
+
+* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1
 - Remove unneeded patch

 * Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1
--- a/nsssysinit.patch
+++ b/nsssysinit.patch
@ -0,0 +1,49 @@
+Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
+retrieving revision 1.1
+diff -u -p -r1.1 nsssysinit.c
+--- mozilla/security/nss/lib/sysinit/nsssysinit.c	8 Oct 2009 17:08:36 -0000	1.1
+++ mozilla/security/nss/lib/sysinit/nsssysinit.c	12 Dec 2009 03:34:17 -0000
+@@ -198,11 +198,20 @@ getFIPSMode(void)
+  * the decision making process.
+  *
+  */
+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] }  ";
+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] }  ";
+
+ static char **
+ get_list(char *filename, char *stripped_parameters)
+ {
+     char **module_list = PORT_ZNewArray(char *, 4);
+     char *userdb;
+    int isFIPS = getFIPSMode();
+    const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
+     int next = 0;
+ 
+     /* can't get any space */
+@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+ 	    "parameters=\"configdir='sql:%s' %s\" "
+-	    "NSS=\"flags=internal%s\"", 
+-		userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
+        "NSS=\"%sflags=internal%s\"",
+        userdb, stripped_parameters, nssflags,
+        isFIPS ? ",FIPS" : "");
+ 
+ 	/* now open the user's defined PKCS #11 modules */
+ 	/* skip the local user DB entry */
+@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
+ 	"library= "
+ 	"module=\"NSS system database\" "
+ 	"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
+-	"NSS=\"flags=internal,critical\"",filename);
+    "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
+ 
+     /* that was the last module */
+     module_list[next] = 0;