Accepting request 875772 from home:hellcp:branches:security:idm

- Add nss-btrfs-sqlite.patch to address bmo#1690232 OBS-URL: https://build.opensuse.org/request/show/875772 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=353
2021-02-28 12:47:39 +00:00 · 2021-02-28 12:47:39 +00:00 · bac7e766cb
commit bac7e766cb
parent 5de44ac988
3 changed files with 25 additions and 0 deletions
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sun Feb 28 12:01:32 UTC 2021 - Sasi Olin <hel@lcp.world>
+
+- Add nss-btrfs-sqlite.patch to address bmo#1690232
+
 -------------------------------------------------------------------
 Sun Feb 21 14:46:47 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@ -68,6 +68,7 @@ Patch24:        nss-fips-use-strong-random-pool.patch
 Patch25:        nss-fips-detect-fips-mode-fixes.patch
 Patch26:        nss-fips-combined-hash-sign-dsa-ecdsa.patch
 Patch27:        nss-fips-aes-keywrap-post.patch
+Patch28:        nss-btrfs-sqlite.patch
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
 BuildRequires:  gcc9-c++
@ -223,6 +224,7 @@ cd nss
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1

 # additional CA certificates
 #cd security/nss/lib/ckfw/builtins
--- a/nss-btrfs-sqlite.patch
+++ b/nss-btrfs-sqlite.patch
@ -0,0 +1,18 @@
+diff -up ./lib/softoken/sdb.c.orig ./lib/softoken/sdb.c
+--- ./lib/softoken/sdb.c.orig   2020-12-11 22:49:26.961726193 -0500
+++ ./lib/softoken/sdb.c        2020-12-11 23:01:30.739122494 -0500
+@@ -690,8 +690,14 @@ sdb_openDB(const char *name, sqlite3 **s
+         openFlags = SQLITE_OPEN_READONLY;
+     } else {
+         openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+        /* btrfs and sqlite seem to incorrectly open readwrite.
+        * when the file is readonly explicitly reject that issue here */
+        if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS)  && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) {
+            return SQLITE_READONLY;
+        }
+     }
+
+
+     /* Requires SQLite 3.5.0 or newer. */
+     sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL);
+     if (sqlerr != SQLITE_OK) {