Fix nss for resolving certmonger compile hanging

(cherry picked from commit bc403795e3a6f3209cf2d6cf65c1a5e27d7c7b59)
2021-02-09 20:06:59 +08:00 · 2021-02-09 20:06:59 +08:00 · 8bd799c6c9
commit 8bd799c6c9
parent 53e823f5e0
2 changed files with 34 additions and 1 deletions
--- a/0001-work-around-btrfs-sqlite.patch
+++ b/0001-work-around-btrfs-sqlite.patch
@ -0,0 +1,28 @@
+From 8c3347d43170dfddc88255e31e28c4d7e506d2fc Mon Sep 17 00:00:00 2001
+From: baizg1107 <preloyalwhite@163.com>
+Date: Tue, 9 Feb 2021 19:41:21 +0800
+Subject: [PATCH] work around btrfs sqlite
+
+---
+ nss/lib/softoken/sdb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/nss/lib/softoken/sdb.c b/nss/lib/softoken/sdb.c
+index de0fd1f..b2fc0d1 100644
+--- a/nss/lib/softoken/sdb.c
+++ b/nss/lib/softoken/sdb.c
+@@ -690,6 +690,11 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
+         openFlags = SQLITE_OPEN_READONLY;
+     } else {
+         openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+        /* btrfs and sqlite seem to incorrectly open readwrite.
+        * when the file is readonly explicitly reject that issue here */
+        if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS)  && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) {
+            return SQLITE_READONLY;
+        } 
+     }
+ 
+     /* Requires SQLite 3.5.0 or newer. */
+-- 
+2.23.0
+
--- a/nss.spec
+++ b/nss.spec
@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          6
+Release:          7
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@ -44,6 +44,7 @@ Patch1:           0001-CVE-2020-6829-and-CVE-2020-12400.patch
 Patch2:           0002-CVE-2020-6829-and-CVE-2020-12400.patch
 Patch3:           CVE-2020-12401.patch
 Patch4:           backport-CVE-2020-25648-tighten-CSS-handling-in-compatibility-mode.patch
+Patch5:		  0001-work-around-btrfs-sqlite.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -131,6 +132,7 @@ Help document for NSS
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1

 %build

@ -552,6 +554,9 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*

 %changelog
+* Tue Feb 9 2021 maminjie <maminjie1@huawei.com> - 3.54-7
+- fix 0002-keygen-rsa hanging of certmonger
+
 * Tue Jan 19 2021 zoulin <zoulin13@huawei.com> - 3.54-6
 - fix CVE-2020-25648