From 614f823eb30b6ac0f0c6ea54ac9b5d26cd0f9cfe Mon Sep 17 00:00:00 2001
From: Bob Relyea <rrelyea@redhat.com>
Date: Wed, 13 May 2020 16:02:36 -0700
Subject: [PATCH]  Delay new CK_GCM_PARAMS semantics until fedora 34 unless
 explicitly enabled.

---
 nss-gcm-param-default-pkcs11v2.patch | 21 +++++++++++++++++++++
 nss.spec                             | 10 +++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 nss-gcm-param-default-pkcs11v2.patch

diff --git a/nss-gcm-param-default-pkcs11v2.patch b/nss-gcm-param-default-pkcs11v2.patch
new file mode 100644
index 0000000..2d6cba8
--- /dev/null
+++ b/nss-gcm-param-default-pkcs11v2.patch
@@ -0,0 +1,21 @@
+diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
+--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2	2020-05-13 13:44:11.312405744 -0700
++++ ./lib/util/pkcs11n.h	2020-05-13 13:45:23.951723660 -0700
+@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
+ typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
+ 
+ /* deprecated #defines. Drop in future NSS releases */
+-#ifdef NSS_PKCS11_2_0_COMPAT
++#ifndef NSS_PKCS11_3_0_STRICT
+ 
+ /* defines that were changed between NSS's PKCS #11 and the Oasis headers */
+ #define CKF_EC_FP CKF_EC_F_P
+@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
+ #define CKT_NETSCAPE_VALID CKT_NSS_VALID
+ #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
+ #else
+-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
++/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
+ typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
+ typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
+ #endif
diff --git a/nss.spec b/nss.spec
index fe76971..d7d288f 100644
--- a/nss.spec
+++ b/nss.spec
@@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@@ -109,6 +109,11 @@ Patch4:           iquote.patch
 Patch12:          nss-signtool-format.patch
 # https://github.com/FStarLang/kremlin/issues/166
 Patch13:          nss-kremlin-ppc64le.patch
+%if 0%{?fedora} < 34
+%if 0%{?rhel} < 9
+Patch20:          nss-gcm-param-default-pkcs11v2.patch
+%endif
+%endif
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -887,6 +892,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Wed May 13 2020 Bob Relyea <rrelyea@redhat.com> - 3.52.0-2
+- Delay CK_GCM_PARAMS semantics until fedora 34
+
 * Mon May 11 2020 Daiki Ueno <dueno@redhat.com> - 3.52.0-1
 - Update to NSS 3.52