[patch] PR461: don't use the NSS provider bundled with the browser
Deepak Bhole
dbhole at redhat.com
Mon Apr 12 13:36:50 PDT 2010
* Matthias Klose <doko at ubuntu.com> [2010-04-11 21:35]:
> Seen this at least with firefox, would be nice if somebody could
> check that for chromium as well.
>
> The firefox start script in MOZILLA_FIVE_HOME sets LD_LIBRARY_PATH
> to include MOZILLA_FIVE_HOME and a number of subdirectories of
> MOZILLA_FIVE_HOME. The current NSS provider code seems to honor
> LD_LIBRARY_PATH, and loads the libnss3.so provided by the browser.
>
> Caused by: java.io.IOException: An incompatible version of NSS is
> already loaded, 3.7 or later required
> at sun.security.pkcs11.Secmod.isInitialized(Secmod.java:130)
> at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:168)
>
> (wondering why the nss version shipped with firefox 3.6.3 identifies itself as 3.7).
>
> However the openjdk build is configured for the nss version
> configured at build time, and you can run it with more than one
> browser.
>
> My current solution/workaround is to pass a modified LD_LIBRARY_PATH
> to the subprocess such that the libnss3.so which was configured at
> build time is always used.
>
> Something like this, or another fix should go to the 1.8 branch as well.
>
> Matthias
>
There is a problem with the patch (see below).
> @@ -1458,6 +1535,7 @@
> NPError error = NPERR_NO_ERROR;
>
> gchar** command_line;
> + gchar** environment;
>
> if (plugin_debug)
> {
> @@ -1480,7 +1558,10 @@
> command_line[4] = NULL;
> }
>
> - if (!g_spawn_async (NULL, command_line, NULL, (GSpawnFlags) G_SPAWN_DO_NOT_REAP_CHILD,
> + plugin_filter_environment();
> +
> + if (!g_spawn_async (NULL, command_line, environment,
> + (GSpawnFlags) G_SPAWN_DO_NOT_REAP_CHILD,
> NULL, NULL, &appletviewer_pid, &channel_error))
> {
> if (channel_error)
> @@ -1495,6 +1576,8 @@
> error = NPERR_GENERIC_ERROR;
> }
>
> + g_strfreev (environment);
> +
> g_free (command_line[0]);
Variable 'environment' is never set, but it is being used..
Cheers,
Deepak
> command_line[0] = NULL;
> g_free (command_line[1]);
More information about the distro-pkg-dev
mailing list