Bug 1049229

Summary: nss-3.15.4 is available
Product: [Fedora] Fedora Reporter: Upstream Release Monitoring <upstream-release-monitoring>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: amarecek, emaldona, kdudka, kengert, rcritten, rrelyea
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.15.4-1.fc19 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-21 05:49:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
All changes - for completeness, hard on the eyes
none
Changes to nss.spec in patch format
rrelyea: review+
pem module changes to sync. up with upstream softoken/freebl changes
rrelyea: review+
Updated iquote.patch rrelyea: review+

Description Upstream Release Monitoring 2014-01-07 09:12:13 UTC 
Latest upstream release: 3.15.4
Current version/release in Fedora Rawhide: 3.15.3.1-1.fc21
URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Elio Maldonado Batiz 2014-01-13 19:04:54 UTC 
The list of bugs fixed on this upstream release is at 
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS&list_id=9180520

of particular note is 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl
https://bugzilla.mozilla.org/show_bug.cgi?id=836019
as this affects the pem module. The PEM module  has a source code file, rsawrapr.c, which is based on the softoken file of the same name. Softoken's rsawrapr.c has changed and some RSA functionality was moved to freebl/pkcs11.c. As a result of these changes the pem source file in question would not compile unless I made some change. I'll a patch for review.
Comment 2 Elio Maldonado Batiz 2014-01-13 19:08:14 UTC 
Created attachment 849543 [details]
All changes - for completeness, hard on the eyes

I'll attch the changes to the spec file and individual patches with should be a lot easier to read and review.
Comment 3 Elio Maldonado Batiz 2014-01-13 19:13:04 UTC 
Created attachment 849545 [details]
Changes to nss.spec in patch format
Comment 4 Elio Maldonado Batiz 2014-01-13 19:16:25 UTC 
Created attachment 849546 [details]
pem module changes to sync. up with upstream softoken/freebl changes
Comment 5 Elio Maldonado Batiz 2014-01-13 19:20:00 UTC 
Created attachment 849559 [details]
Updated iquote.patch
Comment 6 Bob Relyea 2014-01-16 18:54:39 UTC 
Comment on attachment 849545 [details]
Changes to nss.spec in patch format

r+ rrelyea
Comment 7 Bob Relyea 2014-01-16 18:57:22 UTC 
Comment on attachment 849546 [details]
pem module changes to sync. up with upstream softoken/freebl changes

r+. NOTE: this does remove OEAP from pem, though I don't know if it was ever completely supported.
Comment 8 Bob Relyea 2014-01-16 18:59:22 UTC 
Elio, please explain iquote.

bob
Comment 9 Elio Maldonado Batiz 2014-01-16 19:25:00 UTC 
The iquote patch is to use the gcc compiler -quote dir option that adds the  in source tree directory to the search patch for includes and have that picked up ahead of the system one. 

From the gcc man page http://linux.die.net/man/1/gcc

-iquote dir
Search dir only for header files requested with "#include " file ""; they are not searched for "#include < file >", before all directories specified by -I and before the standard system directories. If dir begins with "=", then the "=" will be replaced by the sysroot prefix; see --sysroot and -isysroot. 

Needed when we introduce new APIS, which now is the case.
Comment 10 Elio Maldonado Batiz 2014-01-16 19:28:12 UTC 
In nss-softokn.spec I have these commentys

# This patch uses the gcc-iquote dir option documented at
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
# to place the in-tree directories at the head of the list on list of directories
# to be searched for for header files. This ensures a build even when system freebl 
# headers are older. Such is the case when we are starting a major update.
# NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl headers. 
# Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it.
Patch10:           iquote.patch

I should add similar comments to nss.spec
Comment 11 Elio Maldonado Batiz 2014-01-16 19:41:01 UTC 
No clarify, the I quote patch was already there I just updated it. From that ugly and hard to read attachment 849543 [details] the changes to iquote.patch were the following:

  # (7) Execute "local" rules. (OPTIONAL).                              #
+--- nss/lib/nss/Makefile.iquote	2014-01-03 11:59:10.000000000 -0800
++++ nss/lib/nss/Makefile	2014-01-07 13:30:04.466429634 -0800
+@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (6) Execute "component" rules. (OPTIONAL)                           #
+ #######################################################################
+ 
+-
++INCLUDES += -iquote $(DIST)/../public/nss
++INCLUDES += -iquote $(DIST)/../private/nss
+ 
+ #######################################################################
Comment 12 Fedora Update System 2014-01-17 21:05:38 UTC 
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/nss-3.15.4-1.fc20,nss-softokn-3.15.4-1.fc20,nss-util-3.15.4-1.fc20
Comment 13 Fedora Update System 2014-01-17 21:18:48 UTC 
nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19
Comment 14 Fedora Update System 2014-01-19 04:02:33 UTC 
Package nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-3.15.4-1.fc19 nss-softokn-3.15.4-1.fc19 nss-util-3.15.4-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19
then log in and leave karma (feedback).
Comment 15 Fedora Update System 2014-01-21 05:49:57 UTC 
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2014-02-04 02:46:33 UTC 
nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.