diff --git a/SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch b/SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch new file mode 100644 index 00000000..5bf7023f --- /dev/null +++ b/SOURCES/0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch @@ -0,0 +1,102 @@ +From c7783ffebee147c3491c58656d9b77c74cdf3667 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 21 Apr 2017 13:32:25 +0200 +Subject: [PATCH] remove implementation of the WaitForSlotEvent callback + +This reverts commit eefef2286183f1c895f408202367a0e4cb3b44c8. +--- + src/ckpem.h | 1 - + src/pinst.c | 13 +------------ + src/pobject.c | 19 ++++++++++++------- + 3 files changed, 13 insertions(+), 20 deletions(-) + +diff --git a/src/ckpem.h b/src/ckpem.h +index b4fff2c..e6ecc5f 100644 +--- a/src/ckpem.h ++++ b/src/ckpem.h +@@ -211,7 +211,6 @@ struct pemInternalObjectStr { + NSS_EXTERN_DATA pemInternalObject **pem_objs; + NSS_EXTERN_DATA int pem_nobjs; + NSS_EXTERN_DATA int token_needsLogin[]; +-NSS_EXTERN_DATA NSSCKMDSlot *lastEventSlot; + + struct pemTokenStr { + PRBool logged_in; +diff --git a/src/pinst.c b/src/pinst.c +index 9cfbf45..5ac0ff3 100644 +--- a/src/pinst.c ++++ b/src/pinst.c +@@ -53,7 +53,6 @@ static PRBool pemInitialized = PR_FALSE; + pemInternalObject **pem_objs; + int pem_nobjs = 0; + int token_needsLogin[NUM_SLOTS]; +-NSSCKMDSlot *lastEventSlot; + + /* + * simple cert decoder to avoid the cost of asn1 engine +@@ -833,16 +832,6 @@ pem_mdInstance_ModuleHandlesSessionObjects + return CK_TRUE; + } + +-static NSSCKMDSlot * +-pem_mdInstance_WaitForSlotEvent( +- NSSCKMDInstance * mdInstance, +- NSSCKFWInstance * fwInstance, +- CK_BBOOL block, +- CK_RV * pError) +-{ +- return lastEventSlot; +-} +- + NSS_IMPLEMENT_DATA const NSSCKMDInstance + pem_mdInstance = { + (void *) NULL, /* etc */ +@@ -855,6 +844,6 @@ pem_mdInstance = { + pem_mdInstance_GetLibraryVersion, + pem_mdInstance_ModuleHandlesSessionObjects, + pem_mdInstance_GetSlots, +- pem_mdInstance_WaitForSlotEvent, ++ NULL, /* WaitForSlotEvent */ + (void *) NULL /* null terminator */ + }; +diff --git a/src/pobject.c b/src/pobject.c +index 6551d06..1227737 100644 +--- a/src/pobject.c ++++ b/src/pobject.c +@@ -1212,6 +1212,7 @@ pem_CreateObject + /* Brute force: find the id of the certificate, if any, in this slot */ + int i; + SECItem certDER; ++ CK_SESSION_HANDLE hSession; + PRBool added; + + nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */); +@@ -1259,14 +1260,18 @@ pem_CreateObject + * the token was removed so we can force a login. + */ + if (cipher && added) { +- /* remember the slot for pem_mdInstance_WaitForSlotEvent() */ +- lastEventSlot = NSSCKFWSlot_GetMDSlot(fwSlot); +- ++ /* FIXME: Why 1.0s? Is it enough? Isn't it too much? ++ * What about e.g. 3.14s? */ ++ PRIntervalTime onesec = PR_SecondsToInterval(1); + token_needsLogin[slotID - 1] = PR_TRUE; +- /* FIXME: dirty hack relying on NSS internals */ +- CK_SESSION_HANDLE hSession = +- NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession); +- NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession); ++ ++ /* We have to sleep so that NSS will notice that the token was ++ * removed. ++ */ ++ PR_Sleep(onesec); ++ hSession = ++ NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession); ++ NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession); + } else { + *pError = CKR_KEY_UNEXTRACTABLE; + } +-- +2.9.3 + diff --git a/SPECS/nss-pem.spec b/SPECS/nss-pem.spec new file mode 100644 index 00000000..ae331dfd --- /dev/null +++ b/SPECS/nss-pem.spec @@ -0,0 +1,63 @@ +Name: nss-pem +Version: 1.0.3 +Release: 4%{?dist} +Summary: PEM file reader for Network Security Services (NSS) + +License: MPLv1.1 +URL: https://github.com/kdudka/nss-pem +Source0: https://github.com/kdudka/nss-pem/releases/download/%{name}-%{version}/%{name}-%{version}.tar.xz +Patch1: 0001-nss-pem-1.0.3-drop-wait-for-slot-event-cb.patch + +BuildRequires: cmake +BuildRequires: nss-pkcs11-devel + +# require at least the version of nss that nss-pem was built against (#1428965) +Requires: nss%{?_isa} >= %(nss-config --version 2>/dev/null || echo 0) + +# make the nss-pem pkg conflict with all nss builds with bundled nss-pem +Conflicts: nss%{?_isa} < 3.28.2-2.el7 + +%description +PEM file reader for Network Security Services (NSS), implemented as a PKCS#11 +module. + +%prep +%setup -q +%patch1 -p1 + +%build +mkdir build +cd build +%cmake ../src +make %{?_smp_mflags} VERBOSE=yes + +%install +cd build +make install DESTDIR=%{buildroot} + +%check +cd build +ctest %{?_smp_mflags} --output-on-failure + +%files +%{_libdir}/libnsspem.so +%license COPYING + +%changelog +* Wed Apr 26 2017 Kamil Dudka 1.0.3-4 +- fix missing prototypes detected by Covscan + +* Tue Apr 25 2017 Kamil Dudka 1.0.3-3 +- remove implementation of the WaitForSlotEvent callback (#1445384) + +* Mon Mar 06 2017 Kamil Dudka 1.0.3-2 +- require at least the version of nss that nss-pem was built against (#1428965) + +* Wed Mar 01 2017 Kamil Dudka 1.0.3-1 +- update to latest upstream bugfix release (#1427917) + +* Tue Feb 14 2017 Kamil Dudka 1.0.2-2 +- explicitly conflict with all nss builds with bundled nss-pem + +* Tue Jan 24 2017 Kamil Dudka 1.0.2-1 +- imported into RHEL-7