packages/nss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix nss for resolving certmonger compile hanging

Browse Source 
(cherry picked from commit bc403795e3a6f3209cf2d6cf65c1a5e27d7c7b59)
This commit is contained in:
baizg1107 2021-02-09 20:06:59 +08:00 committed by openeuler-sync-bot
parent 53e823f5e0
commit 8bd799c6c9
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0001-work-around-btrfs-sqlite.patch Normal file
View File

@ -0,0 +1,28 @@
From 8c3347d43170dfddc88255e31e28c4d7e506d2fc Mon Sep 17 00:00:00 2001
From: baizg1107 <preloyalwhite@163.com>
Date: Tue, 9 Feb 2021 19:41:21 +0800
Subject: [PATCH] work around btrfs sqlite
---
nss/lib/softoken/sdb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/nss/lib/softoken/sdb.c b/nss/lib/softoken/sdb.c
index de0fd1f..b2fc0d1 100644
--- a/nss/lib/softoken/sdb.c
+++ b/nss/lib/softoken/sdb.c
@@ -690,6 +690,11 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
openFlags = SQLITE_OPEN_READONLY;
} else {
openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+ /* btrfs and sqlite seem to incorrectly open readwrite.
+ * when the file is readonly explicitly reject that issue here */
+ if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) {
+ return SQLITE_READONLY;
+ }
}
/* Requires SQLite 3.5.0 or newer. */
--
2.23.0

7
nss.spec
View File

@ -14,7 +14,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: %{nss_version} Version: %{nss_version}
Release: 6 Release: 7
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Provides: nss-system-init Provides: nss-system-init
@ -44,6 +44,7 @@ Patch1: 0001-CVE-2020-6829-and-CVE-2020-12400.patch
Patch2: 0002-CVE-2020-6829-and-CVE-2020-12400.patch Patch2: 0002-CVE-2020-6829-and-CVE-2020-12400.patch
Patch3: CVE-2020-12401.patch Patch3: CVE-2020-12401.patch
Patch4: backport-CVE-2020-25648-tighten-CSS-handling-in-compatibility-mode.patch Patch4: backport-CVE-2020-25648-tighten-CSS-handling-in-compatibility-mode.patch
Patch5: 0001-work-around-btrfs-sqlite.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -131,6 +132,7 @@ Help document for NSS
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
@ -552,6 +554,9 @@ update-crypto-policies &>/dev/null||:
%doc %{_mandir}/man* %doc %{_mandir}/man*
%changelog %changelog
* Tue Feb 9 2021 maminjie <maminjie1@huawei.com> - 3.54-7
- fix 0002-keygen-rsa hanging of certmonger
* Tue Jan 19 2021 zoulin <zoulin13@huawei.com> - 3.54-6 * Tue Jan 19 2021 zoulin <zoulin13@huawei.com> - 3.54-6
- fix CVE-2020-25648 - fix CVE-2020-25648