)]}'
{
  "commit": "1223bc4cee3fcdbcb1f6a3ff4ff7a3ab1d875b8a",
  "tree": "a4b75828aa30f6ad310badf209e6907c50c8f35f",
  "parents": [
    "f032cfab6158e981a6ea0c369c5366e654e668a6"
  ],
  "author": {
    "name": "Ray Strode",
    "email": "rstrode@redhat.com",
    "time": "Sat Oct 18 22:12:48 2014 -0400"
  },
  "committer": {
    "name": "Gerd Hoffmann",
    "email": "kraxel@redhat.com",
    "time": "Tue Oct 28 11:38:18 2014 +0100"
  },
  "message": "libcacard: Lock NSS cert db when selecting an applet on an emulated card\n\nWhen a process in a guest uses an emulated smartcard, libcacard running\non the host passes the PIN from the guest to the PK11_Authenticate NSS\nfunction. The first time PK11_Authenticate is called the passed in PIN\nis used to unlock the certificate database. Subsequent calls to\nPK11_Authenticate will transparently succeed, regardless of the passed in\nPIN. This is a convenience for applications provided by NSS.\n\nOf course, the guest may have many applications using the one emulated\nsmart card all driven from the same host QEMU process.  That means if a\nuser enters the right PIN in one program in the guest, and then enters the\nwrong PIN in another program in the guest, the wrong PIN will still\nsuccessfully unlock the virtual smartcard.\n\nThis commit forces the NSS certificate database to be locked anytime an\napplet is selected on an emulated smartcard by calling vcard_emul_logout.\n\nSigned-off-by: Ray Strode \u003crstrode@redhat.com\u003e\nReviewed-By: Robert Relyea \u003crrelyea@redhat.com\u003e\nReviewed-By: Alon Levy \u003calevy@redhat.com\u003e\nSigned-off-by: Gerd Hoffmann \u003ckraxel@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "87ad5166a8f994bf4649d05bff77d86c54966a6a",
      "old_mode": 33188,
      "old_path": "libcacard/vcard.c",
      "new_id": "d140a8ed1a58f901490db21fe0dbefab970e7516",
      "new_mode": 33188,
      "new_path": "libcacard/vcard.c"
    }
  ]
}