Delay new CK_GCM_PARAMS semantics until fedora 34 unless explicitly enabled.

2020-05-13 16:02:36 -07:00 · 2020-05-13 16:02:36 -07:00 · 614f823eb3
parent 26f93fa193
commit 614f823eb3
2 changed files with 30 additions and 1 deletions
--- a/nss-gcm-param-default-pkcs11v2.patch
+++ b/nss-gcm-param-default-pkcs11v2.patch
@ -0,0 +1,21 @@
+diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
+--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2	2020-05-13 13:44:11.312405744 -0700
+++ ./lib/util/pkcs11n.h	2020-05-13 13:45:23.951723660 -0700
+@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
+ typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
+ 
+ /* deprecated #defines. Drop in future NSS releases */
+-#ifdef NSS_PKCS11_2_0_COMPAT
+#ifndef NSS_PKCS11_3_0_STRICT
+ 
+ /* defines that were changed between NSS's PKCS #11 and the Oasis headers */
+ #define CKF_EC_FP CKF_EC_F_P
+@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
+ #define CKT_NETSCAPE_VALID CKT_NSS_VALID
+ #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
+ #else
+-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
+ typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
+ typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
+ #endif
--- a/nss.spec
+++ b/nss.spec
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@ -109,6 +109,11 @@ Patch4:           iquote.patch
 Patch12:          nss-signtool-format.patch
 # https://github.com/FStarLang/kremlin/issues/166
 Patch13:          nss-kremlin-ppc64le.patch
+%if 0%{?fedora} < 34
+%if 0%{?rhel} < 9
+Patch20:          nss-gcm-param-default-pkcs11v2.patch
+%endif
+%endif

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -887,6 +892,9 @@ update-crypto-policies &> /dev/null || :


 %changelog
+* Wed May 13 2020 Bob Relyea <rrelyea@redhat.com> - 3.52.0-2
+- Delay CK_GCM_PARAMS semantics until fedora 34
+
 * Mon May 11 2020 Daiki Ueno <dueno@redhat.com> - 3.52.0-1
 - Update to NSS 3.52