From 6d55933ea138eb608d8f8149d45cf71fd65dd63d Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Tue, 14 Sep 2010 15:59:19 +0200 Subject: [PATCH] Add patch for Gnome bug #626066 (login to NSS on demand) Add patch for Gnome bug #626066 (login to NSS on demand)# with '#' will be ignored, and an empty message aborts the commit. --- evolution-2.31.92-gn626066.patch | 137 +++++++++++++++++++++++++++++++ evolution.spec | 7 +- 2 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 evolution-2.31.92-gn626066.patch diff --git a/evolution-2.31.92-gn626066.patch b/evolution-2.31.92-gn626066.patch new file mode 100644 index 0000000..5d25293 --- /dev/null +++ b/evolution-2.31.92-gn626066.patch @@ -0,0 +1,137 @@ +From c33a84d443f6a340fc247531b6bc8c9997b52aba Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Mon, 13 Sep 2010 20:00:25 +0000 +Subject: Bug 626066 - log in to NSS database on demand for changing trust + +--- +diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c +index 9c87c66..66ce69b 100644 +--- a/smime/gui/cert-trust-dialog.c ++++ b/smime/gui/cert-trust-dialog.c +@@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) + e_cert_trust_add_peer_trust (&trust, FALSE, + gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)), + FALSE); +- CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); ++ e_cert_db_change_cert_trust (icert, &trust); + break; + case GTK_RESPONSE_ACCEPT: { + /* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */ +@@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data) + trust_email, + trust_objsign); + +- CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust); ++ e_cert_db_change_cert_trust (icert, &trust); + } + + gtk_widget_destroy (dialog); +diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c +index d0823b8..5a5b204 100644 +--- a/smime/gui/certificate-manager.c ++++ b/smime/gui/certificate-manager.c +@@ -679,7 +679,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm) + trust_email, + trust_objsign); + +- CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust); ++ e_cert_db_change_cert_trust (icert, &trust); + } + + gtk_widget_destroy (dialog); +@@ -1097,18 +1097,13 @@ certificate_manager_config_new (EPreferencesWindow *window) + GtkWidget *parent; + GtkWidget *widget; + CertificateManagerData *cfm_data; +- PK11SlotInfo* slot; +- ECertDB *cert_db; + + shell = e_preferences_window_get_shell (window); + + g_return_val_if_fail (E_IS_SHELL (shell), NULL); + + /* We need to peek the db here to make sure it (and NSS) are fully initialized. */ +- +- cert_db = e_cert_db_peek(); +- slot = PK11_GetInternalKeySlot(); +- e_cert_db_login_to_slot(cert_db, slot); ++ e_cert_db_peek (); + + cfm_data = g_new0 (CertificateManagerData, 1); + +diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c +index 2e23df2..48458fa 100644 +--- a/smime/lib/e-cert-db.c ++++ b/smime/lib/e-cert-db.c +@@ -936,7 +936,18 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) + nickname, + &trust); + +- if (srv != SECSuccess && PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) { ++ /* ++ If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems ++ that the import *has* worked, but the setting of trust bits ++ failed -- so only set the trust. This *has* to be an NSS bug? ++ */ ++ if (srv != SECSuccess && ++ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && ++ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) ++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), ++ tmpCert, &trust); ++ ++ if (srv != SECSuccess) { + set_nss_error (error); + return FALSE; + } +@@ -971,6 +982,27 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error) + return TRUE; + } + } ++gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust) ++{ ++ SECStatus srv; ++ ++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), ++ cert, trust); ++ if (srv != SECSuccess && ++ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN && ++ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot())) ++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (), ++ cert, trust); ++ ++ if (srv != SECSuccess) { ++ glong err = PORT_GetError (); ++ g_warning ("CERT_ChangeCertTrust() failed: %s\n", ++ nss_error_to_string(err)); ++ return FALSE; ++ } ++ return TRUE; ++} ++ + + /* deleting certificates */ + gboolean +@@ -998,8 +1030,7 @@ e_cert_db_delete_cert (ECertDB *certdb, + CERTCertTrust trust; + + e_cert_trust_init_with_values (&trust, 0, 0, 0); +- CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), +- cert, &trust); ++ e_cert_db_change_cert_trust (cert, &trust); + } + + return TRUE; +diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h +index 7d5f185..6e1bc5a 100644 +--- a/smime/lib/e-cert-db.h ++++ b/smime/lib/e-cert-db.h +@@ -142,4 +142,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db, + gboolean e_cert_db_login_to_slot (ECertDB *cert_db, + PK11SlotInfo *slot); + ++gboolean e_cert_db_change_cert_trust (CERTCertificate *cert, ++ CERTCertTrust *trust); ++ + #endif /* _E_CERT_DB_H_ */ +-- +cgit v0.8.3.1 diff --git a/evolution.spec b/evolution.spec index 90dc467..f462b0b 100644 --- a/evolution.spec +++ b/evolution.spec @@ -55,6 +55,9 @@ Patch12: evolution-2.9.1-im-context-reset.patch # RH bug #589555 Patch13: evolution-2.30.1-help-contents.patch +# RH bug #626066 +Patch14: evolution-2.31.92-gn626066.patch + ## Dependencies ### Requires(pre): GConf2 @@ -207,6 +210,7 @@ This package contains the plugin to import Microsoft Personal Storage Table %patch10 -p1 -b .ldaphack %patch12 -p1 -b .im-context-reset %patch13 -p1 -b .help-contents +%patch14 -p1 -b .gn626066 mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -615,8 +619,9 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog -* Mon Sep 13 2010 Milan Crha - 2.31.92.fc14 +* Mon Sep 13 2010 Milan Crha - 2.31.92-1.fc14 - Update to 2.31.92 +- Add patch for Gnome bug #626066 (login to NSS on demand) * Mon Aug 30 2010 Milan Crha - 2.31.91-1.fc14 - Update to 2.31.91