Bug 1109769

Summary: Rebase python-nss to 0.15
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: python-nssAssignee: John Dennis <jdennis>
Status: CLOSED ERRATA QA Contact: Karel Srot <ksrot>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: jdennis, ksrot
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-nss-0.15.0-1.el7 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:26:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1082754    

Description Martin Kosek 2014-06-16 10:39:06 UTC 
Rebase python-nss to 0.15 as it contains CSR extension parsing fixes critical for IPA 4.0 (rebase Bug 1109726).
Comment 1 John Dennis 2014-06-16 13:26:28 UTC 
package changes are done, we just need the ACK's
Comment 3 John Dennis 2014-07-14 15:47:53 UTC 
re comment #2

Hi Karel

The changes for any given release are always documented in the ChangeLog. This is installed with the main package under /usr/share/doc/python-nss*/ChangLog or in the source tree under doc/ChangeLog. I've included the 0.15.0 section below. A unit test (test_cert_request.py) was added to exercise the bug and the new functionality. I don't see any major risk, this is mostly characterized as a bug fix due to inadequences in NSS itself that we can work around inside the Python binding. Given there is a unit test to cover changes restricted to one small area I feel the risk is small. I'll comment on the test plan in a seperate comment.

2014-01-29  John Dennis  <jdennis> 0.15.0

  External Changes
  ----------------

  The primary enhancements in this version is fixing access to extensions
  in a CertificateRequest and giving access to CertificateRequest attributes.
  There is a bug in NSS which hides the existence of extensions in a
  CSR if the extensions are not contained in the first CSR
  attribute. This was fixable in python-nss without requiring a patch
  to NSS. Formerly python-nss did not provide access to the attributes
  in a CSR only the extensions, with this release all components of a
  CSR can be accessed. See test/test_cert_request.py for examples.

  * Add ability to read PEM data from a string.

  * Add more build instructions to README. Source README into package
    long description.

  * A SecItem now converts almost all DER encoded data to a string
    when it's str method is invoked, formerly it was limited to only a
    few objects.

  * The following classes were added:

    - CERTAttribute

  * The following class methods were added:

    - CertAttribute.format_lines
    - CertAttribute.format
    - nss.SecItem.get_integer

  * The following class properties were added:

    - CertificateRequest.attributes
    - CertAttribute.type_oid
    - CertAttribute.type_tag
    - CertAttribute.type_str
    - CertAttribute.values

  * The following module functions were added:

    - base64_to_binary

  * The following files were added:

    - test_cert_request
Comment 6 Karel Srot 2015-01-06 09:26:17 UTC 
Hi John,

it seems that the run_tests script is not included in the binary rpm package (but it is present in srpm). Was it excluded intentionally?
Comment 7 John Dennis 2015-01-06 15:31:13 UTC 
Hi Karel:

No, it was not intentional the run_tests script is absent. It's a bug in the upstream setup.py install_doc command. The install_doc command has a manifest of files to install specified by a regular expression, the regular expression omitted the run_tests script.

I've patched the manifest to fix the problem. Do you want a new build that includes the run_tests script or is a new build more trouble than it's worth? I can do either.

Also, we're up to python-nss version 0.16.0 in RHEL7 due to bug #1155703, the errata does have the correct 0.16.0 builds.
Comment 9 Karel Srot 2015-01-07 06:52:32 UTC 
missing run_tests script reported as bug 1179573.
Comment 13 errata-xmlrpc 2015-03-05 10:26:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0443.html