On Mon, Nov 22, 2010 at 10:19:14AM +0000, Federico G. Schwindt wrote:
> Hi,
>
> Move to system sqlite3. Should get rid of those fugly warnings.
> Untested as it requires the sqlite3 update.
> Index: patches/patch-security_nss_lib_softoken_sdb_c
> ===================================================================
> RCS file: patches/patch-security_nss_lib_softoken_sdb_c
> diff -N -u -p patches/patch-security_nss_lib_softoken_sdb_c
> --- /dev/null 22 Nov 2010 03:16:00 -0000
> +++ patches/patch-security_nss_lib_softoken_sdb_c 22 Nov 2010 10:15:59
> -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +--- security/nss/lib/softoken/sdb.c.orig Mon Nov 22 09:35:19 2010
> ++++ security/nss/lib/softoken/sdb.c Mon Nov 22 09:40:01 2010
> +@@ -614,6 +614,14 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flag
> + *sqlDB = NULL;
> + return sqlerr;
> + }
> ++
> ++ sqlerr = sqlite3_exec(sqlDB, "PRAGMA secure_delete = ON", NULL, 0,
> NULL);
> ++ if (sqlerr != SQLITE_OK) {
> ++ sqlite3_close(*sqlDB);
> ++ *sqlDB = NULL;
> ++ return sqlerr;
> ++ }
> ++
> + return SQLITE_OK;
> + }
> +
That part should go into security/nss port.. firefox doesn't build its
internal nss, it uses systemwide one. And i'm not sure/dont know if the
sqlite usage in nss needs secure_delete.
The configure script should be amended too i think, because i'm pretty
sure it checks for it, or use the appropriate ac_ macro.
And to avoid NIH, i'd rather use patches from pkgsrc-wip.
http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/mozilla-common.mk.diff?r1=1.11;r2=1.12
http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/patches/patch-al.diff?r1=1.5;r2=1.6
Let's update sqlite to 3.7.x first..
Landry
