Fix compatibility with NSS 3.97

https://github.com/dogtagpki/jss/pull/992
2024-02-08 12:15:32 -05:00 · 2024-02-08 12:15:32 -05:00 · 9eff0686ac
commit 9eff0686ac
parent e722059771
2 changed files with 47 additions and 1 deletions
--- a/jss-5.4.2-nss-3.97.patch
+++ b/jss-5.4.2-nss-3.97.patch
@ -0,0 +1,40 @@
+From 130d543f3a7c33196bef386b4ee87ccc4ed53d0b Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Wed, 7 Feb 2024 14:59:31 -0600
+Subject: [PATCH] Update kea_alg_defs to match NSS 3.97
+
+The kea_alg_defs array in SSLCipher.c has been updated to match
+the one defined in NSS 3.97. The assertion that compares the size
+of the array with ssl_kea_size has also been removed. These
+changes will allow JSS to work with the newer NSS 3.97 on Fedora
+Rawhide as well as the older NSS versions on other platforms.
+
+Resolves: https://github.com/dogtagpki/jss/issues/991
+---
+ native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
+index 4f2dacb0b..ea739617a 100644
+--- a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
+++ b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
+@@ -23,7 +23,7 @@ static const CK_MECHANISM_TYPE auth_alg_defs[] = {
+ };
+ PR_STATIC_ASSERT(PR_ARRAY_SIZE(auth_alg_defs) == ssl_auth_size);
+ 
+-/* Copied from NSS's ssl3con.c. */
+/* Copied from NSS 3.97's ssl3con.c. */
+ static const CK_MECHANISM_TYPE kea_alg_defs[] = {
+     CKM_INVALID_MECHANISM, /* ssl_kea_null */
+     CKM_RSA_PKCS,          /* ssl_kea_rsa */
+@@ -33,8 +33,9 @@ static const CK_MECHANISM_TYPE kea_alg_defs[] = {
+     CKM_ECDH1_DERIVE,      /* ssl_kea_ecdh_psk */
+     CKM_DH_PKCS_DERIVE,    /* ssl_kea_dh_psk */
+     CKM_INVALID_MECHANISM, /* ssl_kea_tls13_any */
+    CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid */
+    CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid_psk */
+ };
+-PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);
+ 
+ #ifdef HAVE_NSS_CIPHER_SUITE_INFO_KDFHASH
+ /* Not present in ssl3con.c. */
--- a/jss.spec
+++ b/jss.spec
@ -27,7 +27,7 @@ Summary:        Java Security Services (JSS)
 URL:            https://github.com/dogtagpki/jss
 License:        MPL-1.1 or GPL-2.0-or-later or LGPL-2.1-or-later
 Version:        5.4.2
-Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.3
+Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.4

 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@ -45,6 +45,9 @@ Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch

+# https://github.com/dogtagpki/jss/pull/992
+Patch:          jss-5.4.2-nss-3.97.patch
+
 %if 0%{?fedora} && 0%{?fedora} > 35
 ExclusiveArch: %{java_arches}
 %else
@ -215,6 +218,9 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA

 ################################################################################
 %changelog
+* Thu Feb 08 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 5.4.2-1.4
+- Fix compatibility with NSS 3.97
+
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.2-1.3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild