Re: WIP: mozilla-firefox and system sqlite3

Wed, 24 Nov 2010 04:19:50 -0800 

On Wed, Nov 24, 2010 at 11:18:51AM +0100, Landry Breuil wrote:
> On Mon, Nov 22, 2010 at 10:19:14AM +0000, Federico G. Schwindt wrote:
> > Hi,
> > 
> >   Move to system sqlite3. Should get rid of those fugly warnings.
> >   Untested as it requires the sqlite3 update.
> 
> > Index: patches/patch-security_nss_lib_softoken_sdb_c
> > ===================================================================
> > RCS file: patches/patch-security_nss_lib_softoken_sdb_c
> > diff -N -u -p patches/patch-security_nss_lib_softoken_sdb_c
> > --- /dev/null       22 Nov 2010 03:16:00 -0000
> > +++ patches/patch-security_nss_lib_softoken_sdb_c   22 Nov 2010 10:15:59 
> > -0000
> > @@ -0,0 +1,18 @@
> > +$OpenBSD$
> > +--- security/nss/lib/softoken/sdb.c.orig   Mon Nov 22 09:35:19 2010
> > ++++ security/nss/lib/softoken/sdb.c        Mon Nov 22 09:40:01 2010
> > +@@ -614,6 +614,14 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flag
> > +   *sqlDB = NULL;
> > +   return sqlerr;
> > +     }
> > ++
> > ++    sqlerr = sqlite3_exec(sqlDB, "PRAGMA secure_delete = ON", NULL, 0, 
> > NULL);
> > ++    if (sqlerr != SQLITE_OK) {
> > ++  sqlite3_close(*sqlDB);
> > ++  *sqlDB = NULL;
> > ++  return sqlerr;
> > ++    }
> > ++
> > +     return SQLITE_OK;
> > + }
> > + 
> 
> That part should go into security/nss port.. firefox doesn't build its
> internal nss, it uses systemwide one. And i'm not sure/dont know if the
> sqlite usage in nss needs secure_delete.

  Sure for the first bit.
  Now, if nss doesn't require secure_delete something is still not being
properly deleted.. Weird.

> The configure script should be amended too i think, because i'm pretty
> sure it checks for it, or use the appropriate ac_ macro.

  Sure. As I said, haven't tried it as I need the sqlite update first.

> And to avoid NIH, i'd rather use patches from pkgsrc-wip.
> http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/mozilla-common.mk.diff?r1=1.11;r2=1.12
> http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/patches/patch-al.diff?r1=1.5;r2=1.6

  I prefer mine. I originally had the same code but I changed my mind.
  After all secure_delete is required so not checking the return value
seems silly.

> Let's update sqlite to 3.7.x first..

  aha.

  f.-

Reply via email to