On 2010/11/24 11:18, Landry Breuil wrote:
> On Mon, Nov 22, 2010 at 10:19:14AM +0000, Federico G. Schwindt wrote:
> > Hi,
> >
> > Move to system sqlite3. Should get rid of those fugly warnings.
> > Untested as it requires the sqlite3 update.
>
> > Index: patches/patch-security_nss_lib_softoken_sdb_c
> > ===================================================================
> > RCS file: patches/patch-security_nss_lib_softoken_sdb_c
> > diff -N -u -p patches/patch-security_nss_lib_softoken_sdb_c
> > --- /dev/null 22 Nov 2010 03:16:00 -0000
> > +++ patches/patch-security_nss_lib_softoken_sdb_c 22 Nov 2010 10:15:59
> > -0000
> > @@ -0,0 +1,18 @@
> > +$OpenBSD$
> > +--- security/nss/lib/softoken/sdb.c.orig Mon Nov 22 09:35:19 2010
> > ++++ security/nss/lib/softoken/sdb.c Mon Nov 22 09:40:01 2010
> > +@@ -614,6 +614,14 @@ sdb_openDB(const char *name, sqlite3 **sqlDB, int flag
> > + *sqlDB = NULL;
> > + return sqlerr;
> > + }
> > ++
> > ++ sqlerr = sqlite3_exec(sqlDB, "PRAGMA secure_delete = ON", NULL, 0,
> > NULL);
> > ++ if (sqlerr != SQLITE_OK) {
> > ++ sqlite3_close(*sqlDB);
> > ++ *sqlDB = NULL;
> > ++ return sqlerr;
> > ++ }
> > ++
> > + return SQLITE_OK;
> > + }
> > +
>
> That part should go into security/nss port.. firefox doesn't build its
> internal nss, it uses systemwide one. And i'm not sure/dont know if the
> sqlite usage in nss needs secure_delete.
> The configure script should be amended too i think, because i'm pretty
> sure it checks for it, or use the appropriate ac_ macro.
>
> And to avoid NIH, i'd rather use patches from pkgsrc-wip.
> http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/mozilla-common.mk.diff?r1=1.11;r2=1.12
> http://cvsweb.netbsd.se/cgi-bin/bsdweb.cgi/wip/xulrunner/patches/patch-al.diff?r1=1.5;r2=1.6
I think I prefer fgs' version which checks the return code
> Let's update sqlite to 3.7.x first..
*nod*
