r1723 - in /unstable/evolution/debian: changelog patches/04_login-to-nss-on-demand.patch patches/series
corsac at users.alioth.debian.org
corsac at users.alioth.debian.org
Mon Sep 13 19:43:12 UTC 2010
Author: corsac
Date: Mon Sep 13 19:43:06 2010
New Revision: 1723
URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=1723
Log:
04_login-to-nss-on-demand added, only init nss when needed.
Added:
unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch
Modified:
unstable/evolution/debian/changelog
unstable/evolution/debian/patches/series
Modified: unstable/evolution/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/changelog?rev=1723&op=diff
==============================================================================
--- unstable/evolution/debian/changelog (original)
+++ unstable/evolution/debian/changelog Mon Sep 13 19:43:06 2010
@@ -3,8 +3,9 @@
* debian/patches:
- 03_correctly-init-nss added, fix nss initialisation by login to NSS
database before invoking certificate manager.
-
- -- Yves-Alexis Perez <corsac at debian.org> Sun, 12 Sep 2010 20:00:59 +0200
+ - 04_login-to-nss-on-demand added, only init nss when needed.
+
+ -- Yves-Alexis Perez <corsac at debian.org> Mon, 13 Sep 2010 20:54:55 +0200
evolution (2.30.3-1) unstable; urgency=low
Added: unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch?rev=1723&op=file
==============================================================================
--- unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch (added)
+++ unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch Mon Sep 13 19:43:06 2010
@@ -1,0 +1,127 @@
+diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c
+index 9c87c66..66ce69b 100644
+--- a/smime/gui/cert-trust-dialog.c
++++ b/smime/gui/cert-trust-dialog.c
+@@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ e_cert_trust_add_peer_trust (&trust, FALSE,
+ gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)),
+ FALSE);
+- CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++ e_cert_db_change_cert_trust (icert, &trust);
+ break;
+ case GTK_RESPONSE_ACCEPT: {
+ /* just *what on earth* was chris thinking here!?!?! copied from certificate-manager.c */
+@@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ trust_email,
+ trust_objsign);
+
+- CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust);
++ e_cert_db_change_cert_trust (icert, &trust);
+ }
+
+ gtk_widget_destroy (dialog);
+diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c
+index f0c68f2..a59b54e 100644
+--- a/smime/gui/certificate-manager.c
++++ b/smime/gui/certificate-manager.c
+@@ -592,7 +592,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm)
+ trust_email,
+ trust_objsign);
+
+- CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++ e_cert_db_change_cert_trust (icert, &trust);
+ }
+
+ gtk_widget_destroy (dialog);
+@@ -1000,15 +1000,11 @@ certificate_manager_config_init (EShell *shell)
+ CertificateManagerData *cfm_data;
+ GtkWidget *preferences_window;
+ GtkWidget *widget;
+- PK11SlotInfo* slot;
+- ECertDB *cert_db;
+
+ g_return_if_fail (E_IS_SHELL (shell));
+
+ /* We need to peek the db here to make sure it (and NSS) are fully initialized. */
+- cert_db = e_cert_db_peek();
+- slot = PK11_GetInternalKeySlot();
+- e_cert_db_login_to_slot(cert_db, slot);
++ e_cert_db_peek ();
+
+ cfm_data = g_new0 (CertificateManagerData, 1);
+
+diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
+index 52545f3..c3517ba 100644
+--- a/smime/lib/e-cert-db.c
++++ b/smime/lib/e-cert-db.c
+@@ -66,6 +66,7 @@
+ #include "p12plcy.h"
+ #include "pk11func.h"
+ #include "nssckbi.h"
++#include <secerr.h>
+ #include "secmod.h"
+ #include "certdb.h"
+ #include "plstr.h"
+@@ -716,6 +717,16 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ srv = CERT_AddTempCertToPerm(tmpCert,
+ nickname,
+ &trust);
++ /*
++ If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems
++ that the import *has* worked, but the setting of trust bits
++ failed -- so only set the trust. This *has* to be an NSS bug?
++ */
++ if (srv != SECSuccess &&
++ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++ tmpCert, &trust);
+
+ if (srv != SECSuccess) {
+ /* XXX gerror */
+@@ -752,6 +763,23 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ return TRUE;
+ }
+ }
++gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust)
++{
++ SECStatus srv;
++
++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++ cert, trust);
++ if (srv != SECSuccess &&
++ PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++ e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++ srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++ cert, trust);
++
++ if (srv != SECSuccess)
++ return FALSE;
++ return TRUE;
++}
++
+
+ /* deleting certificates */
+ gboolean
+@@ -779,8 +807,7 @@ e_cert_db_delete_cert (ECertDB *certdb,
+ CERTCertTrust trust;
+
+ e_cert_trust_init_with_values (&trust, 0, 0, 0);
+- srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
+- cert, &trust);
++ srv = e_cert_db_change_cert_trust (cert, &trust);
+ }
+
+ /*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/
+diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
+index 0e19e00..25c8dfd 100644
+--- a/smime/lib/e-cert-db.h
++++ b/smime/lib/e-cert-db.h
+@@ -135,4 +135,7 @@ gboolean e_cert_db_export_pkcs12_file (ECertDB *cert_db,
+ gboolean e_cert_db_login_to_slot (ECertDB *cert_db,
+ PK11SlotInfo *slot);
+
++gboolean e_cert_db_change_cert_trust (CERTCertificate *cert,
++ CERTCertTrust *trust);
++
+ #endif /* _E_CERT_DB_H_ */
Modified: unstable/evolution/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/patches/series?rev=1723&op=diff
==============================================================================
--- unstable/evolution/debian/patches/series (original)
+++ unstable/evolution/debian/patches/series Mon Sep 13 19:43:06 2010
@@ -1,2 +1,3 @@
02_let-nss-search-for-nssckbi.patch
03_correctly-init-nss.patch
+04_login-to-nss-on-demand.patch
More information about the pkg-evolution-commits
mailing list