From 911a125478d22dc3a8c3fc381b0bd096830d471f Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldonado@fedoraproject.org>
Date: Sat, 12 Dec 2009 06:48:43 +0000
Subject: [PATCH] Patch nsssysinit to set the default flags on the crypto
 module - #545779

---
 nss.spec         | 10 ++++++++--
 nsssysinit.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 nsssysinit.patch

diff --git a/nss.spec b/nss.spec
index 40ea39c..7bdfb38 100644
--- a/nss.spec
+++ b/nss.spec
@@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.5
-Release:          1%{?dist}.4
+Release:          1%{?dist}.5
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -43,6 +43,7 @@ Patch2:           nss-nolocalsql.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           533125-ammend.patch
 Patch8:           nss-sysinit.patch
+Patch9:           nsssysinit.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -110,6 +111,7 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch7 -p0 -b .533125-ammend
 %patch8 -p0 -b .sysinit
+%patch9 -p0 -b .nsssysinit
 
 %build
 
@@ -471,7 +473,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
-* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-2.1
+* Thu Dec 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.5
+- Fix nsssysinit to set the default flags on the crypto module (#545779)
+- Remove redundant header from the pem module
+
+* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1
 - Remove unneeded patch
 
 * Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1
diff --git a/nsssysinit.patch b/nsssysinit.patch
new file mode 100644
index 0000000..53477b6
--- /dev/null
+++ b/nsssysinit.patch
@@ -0,0 +1,49 @@
+Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
+retrieving revision 1.1
+diff -u -p -r1.1 nsssysinit.c
+--- mozilla/security/nss/lib/sysinit/nsssysinit.c	8 Oct 2009 17:08:36 -0000	1.1
++++ mozilla/security/nss/lib/sysinit/nsssysinit.c	12 Dec 2009 03:34:17 -0000
+@@ -198,11 +198,20 @@ getFIPSMode(void)
+  * the decision making process.
+  *
+  */
++static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
++slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
++askpw=any timeout=30 ] }  ";
++static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
++slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
++askpw=any timeout=30 ] }  ";
++
+ static char **
+ get_list(char *filename, char *stripped_parameters)
+ {
+     char **module_list = PORT_ZNewArray(char *, 4);
+     char *userdb;
++    int isFIPS = getFIPSMode();
++    const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
+     int next = 0;
+ 
+     /* can't get any space */
+@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+ 	    "parameters=\"configdir='sql:%s' %s\" "
+-	    "NSS=\"flags=internal%s\"", 
+-		userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
++        "NSS=\"%sflags=internal%s\"",
++        userdb, stripped_parameters, nssflags,
++        isFIPS ? ",FIPS" : "");
+ 
+ 	/* now open the user's defined PKCS #11 modules */
+ 	/* skip the local user DB entry */
+@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
+ 	"library= "
+ 	"module=\"NSS system database\" "
+ 	"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
+-	"NSS=\"flags=internal,critical\"",filename);
++    "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
+ 
+     /* that was the last module */
+     module_list[next] = 0;