From 8bd799c6c90b27bcf48b1447a71705ec9f37a51f Mon Sep 17 00:00:00 2001
From: baizg1107 <preloyalwhite@163.com>
Date: Tue, 9 Feb 2021 20:06:59 +0800
Subject: [PATCH] Fix nss for resolving certmonger compile hanging

(cherry picked from commit bc403795e3a6f3209cf2d6cf65c1a5e27d7c7b59)
---
 0001-work-around-btrfs-sqlite.patch | 28 ++++++++++++++++++++++++++++
 nss.spec                            |  7 ++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 0001-work-around-btrfs-sqlite.patch

diff --git a/0001-work-around-btrfs-sqlite.patch b/0001-work-around-btrfs-sqlite.patch
new file mode 100644
index 0000000..05e9468
--- /dev/null
+++ b/0001-work-around-btrfs-sqlite.patch
@@ -0,0 +1,28 @@
+From 8c3347d43170dfddc88255e31e28c4d7e506d2fc Mon Sep 17 00:00:00 2001
+From: baizg1107 <preloyalwhite@163.com>
+Date: Tue, 9 Feb 2021 19:41:21 +0800
+Subject: [PATCH] work around btrfs sqlite
+
+---
+ nss/lib/softoken/sdb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/nss/lib/softoken/sdb.c b/nss/lib/softoken/sdb.c
+index de0fd1f..b2fc0d1 100644
+--- a/nss/lib/softoken/sdb.c
++++ b/nss/lib/softoken/sdb.c
+@@ -690,6 +690,11 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
+         openFlags = SQLITE_OPEN_READONLY;
+     } else {
+         openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
++        /* btrfs and sqlite seem to incorrectly open readwrite.
++        * when the file is readonly explicitly reject that issue here */
++        if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS)  && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) {
++            return SQLITE_READONLY;
++        } 
+     }
+ 
+     /* Requires SQLite 3.5.0 or newer. */
+-- 
+2.23.0
+
diff --git a/nss.spec b/nss.spec
index e0c5a05..cf7a67e 100644
--- a/nss.spec
+++ b/nss.spec
@@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          6
+Release:          7
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@@ -44,6 +44,7 @@ Patch1:           0001-CVE-2020-6829-and-CVE-2020-12400.patch
 Patch2:           0002-CVE-2020-6829-and-CVE-2020-12400.patch
 Patch3:           CVE-2020-12401.patch
 Patch4:           backport-CVE-2020-25648-tighten-CSS-handling-in-compatibility-mode.patch
+Patch5:		  0001-work-around-btrfs-sqlite.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -131,6 +132,7 @@ Help document for NSS
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 
@@ -552,6 +554,9 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*
 
 %changelog
+* Tue Feb 9 2021 maminjie <maminjie1@huawei.com> - 3.54-7
+- fix 0002-keygen-rsa hanging of certmonger
+
 * Tue Jan 19 2021 zoulin <zoulin13@huawei.com> - 3.54-6
 - fix CVE-2020-25648