Google Git
Sign in
cos / third_party / overlays / chromiumos-overlay / 9aef9f8b8d7cd71f4e70e069b172004b26575788
commit9aef9f8b8d7cd71f4e70e069b172004b26575788[log] [tgz]
authorPavol Marko <pmarko@google.com>Thu Nov 26 14:47:02 2020 +0100
committerOleksandr Tymoshenko <ovt@google.com>Tue Dec 28 21:36:26 2021 +0000
treeadc7b314b8ced67526cd14bfad29414fbfe3f41f
parent1589e3bd1c5da74bf79edca503003db6d9b8a63e [diff]
dev-libs/nss: Add patch to prefer writable tokens for trust

Adds a patch to NSS which makes NSS prefer a writable token that already
contains the certificate when looking for a token that should be used to
store trust settings for a certificate.

This avoids the situation where if the token that already has trust
settings is read-only, NSS uses a fall-back logic to just select the
first writable token.

Contains exactly the non-test changes from
https://phabricator.services.mozilla.com/D99840

BUG=b/211098383
TEST=modifying trust through chrome://settings/certificates works,
also with built-in certs after CL:2561386 and CL:2567878
RELEASE_NOTE=None

cos-patch: security-high
Change-Id: I0940cd0de4655020cb9027b33e585022762d423c
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/chromiumos-overlay/+/26806
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Meena Shanmugam <meenashanmugam@google.com>
4 files changed
tree: adc7b314b8ced67526cd14bfad29414fbfe3f41f
  1. app-accessibility/
  2. app-admin/
  3. app-arch/
  4. app-benchmarks/
  5. app-crypt/
  6. app-emulation/
  7. app-i18n/
  8. app-laptop/
  9. app-misc/
  10. app-portage/
  11. app-shells/
  12. app-text/
  13. brillo-base/
  14. chromeos/
  15. chromeos-base/
  16. dev-cpp/
  17. dev-db/
  18. dev-embedded/
  19. dev-go/
  20. dev-haskell/
  21. dev-lang/
  22. dev-libs/
  23. dev-python/
  24. dev-rust/
  25. dev-util/
  26. dev-vcs/
  27. eclass/
  28. licenses/
  29. media-fonts/
  30. media-gfx/
  31. media-libs/
  32. media-plugins/
  33. media-sound/
  34. media-tv/
  35. media-video/
  36. metadata/
  37. net-analyzer/
  38. net-dialup/
  39. net-dns/
  40. net-firewall/
  41. net-fs/
  42. net-libs/
  43. net-misc/
  44. net-nds/
  45. net-print/
  46. net-vpn/
  47. net-wireless/
  48. profiles/
  49. proto/
  50. sci-electronics/
  51. sci-libs/
  52. sys-apps/
  53. sys-auth/
  54. sys-block/
  55. sys-boot/
  56. sys-devel/
  57. sys-firmware/
  58. sys-fs/
  59. sys-kernel/
  60. sys-libs/
  61. sys-power/
  62. sys-process/
  63. virtual/
  64. www-apache/
  65. www-servers/
  66. x11-apps/
  67. x11-base/
  68. x11-drivers/
  69. x11-libs/
  70. x11-misc/
  71. x11-themes/
  72. .gitignore
  73. OWNERS
  74. PRESUBMIT.cfg