diff --git a/nss-sysinit-userdb-first.patch b/nss-sysinit-userdb-first.patch new file mode 100755 index 0000000..cbfbb9a --- /dev/null +++ b/nss-sysinit-userdb-first.patch @@ -0,0 +1,65 @@ +diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig ./mozilla/security/nss/lib/sysinit/nsssysinit.c +--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.orig 2010-06-17 09:17:30.732643399 -0700 ++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-06-17 09:20:22.691642397 -0700 +@@ -263,9 +263,18 @@ get_list(char *filename, char *stripped_ + sysdb = getSystemDB(); + userdb = getUserDB(); + +- /* Don't open root's user DB */ ++ /* return a list of databases to open. First the system database. */ ++ if (sysdb) { ++ const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; ++ module_list[next++] = PR_smprintf( ++ "library= " ++ "module=\"NSS system database\" " ++ "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " ++ "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); ++ } ++ ++ /* Next the user database, but not for root. */ + if (userdb != NULL && !userIsRoot()) { +- /* return a list of databases to open. First the user Database */ + module_list[next++] = PR_smprintf( + "library= " + "module=\"NSS User database\" " +@@ -284,40 +293,6 @@ get_list(char *filename, char *stripped_ + userdb, stripped_parameters); + } + +-#if 0 +- /* This doesn't actually work. If we register +- both this and the sysdb (in either order) +- then only one of them actually shows up */ +- +- /* Using a NULL filename as a Boolean flag to +- * prevent registering both an application-defined +- * db and the system db. rhbz #546211. +- */ +- PORT_Assert(filename); +- if (sysdb && PL_CompareStrings(filename, sysdb)) +- filename = NULL; +- else if (userdb && PL_CompareStrings(filename, userdb)) +- filename = NULL; +- +- if (filename && !userIsRoot()) { +- module_list[next++] = PR_smprintf( +- "library= " +- "module=\"NSS database\" " +- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " +- "NSS=\"%sflags=internal\"",filename, filename, nssflags); +- } +-#endif +- +- /* now the system database (always read only unless it's root) */ +- if (sysdb) { +- const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; +- module_list[next++] = PR_smprintf( +- "library= " +- "module=\"NSS system database\" " +- "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " +- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); +- } +- + /* that was the last module */ + module_list[next] = 0; + diff --git a/nss.spec b/nss.spec index 3646867..95f5a48 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.6 -Release: 8%{?dist} +Release: 9%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -44,6 +44,7 @@ Patch3: renegotiate-transitional.patch Patch4: validate-arguments.patch Patch6: nss-enable-pem.patch Patch7: nsspem-596674.patch +Patch8: nss-sysinit-userdb-first.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -114,6 +115,7 @@ low level services. %patch4 -p0 -b .validate %patch6 -p0 -b .libpem %patch7 -p0 -b .596674 +%patch8 -p0 -b .603313 %build @@ -241,9 +243,8 @@ cd ./mozilla/security/nss/tests/ # nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress - -# Temporarily disabling the ssl test suites -# until bug 539183 gets resolved +# For example, to disable the ssl test suites +# you would uncomment the following lines #%global nss_ssl_tests " " #%global nss_ssl_run " " @@ -487,6 +488,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Fri Jul 31 2010 Elio Maldonado - 3.12.6-9 +- Fix nsssysinit to return userdb ahead of systemdb (#603313) + * Tue Jun 08 2010 Dennis Gilmore - 3.12.6-8 - Require and BuildRequire >= the listed version not =