Latest upstream release: 3.15.4 Current version/release in Fedora Rawhide: 3.15.3.1-1.fc21 URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring
The list of bugs fixed on this upstream release is at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS&list_id=9180520 of particular note is 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl https://bugzilla.mozilla.org/show_bug.cgi?id=836019 as this affects the pem module. The PEM module has a source code file, rsawrapr.c, which is based on the softoken file of the same name. Softoken's rsawrapr.c has changed and some RSA functionality was moved to freebl/pkcs11.c. As a result of these changes the pem source file in question would not compile unless I made some change. I'll a patch for review.
Created attachment 849543 [details] All changes - for completeness, hard on the eyes I'll attch the changes to the spec file and individual patches with should be a lot easier to read and review.
Created attachment 849545 [details] Changes to nss.spec in patch format
Created attachment 849546 [details] pem module changes to sync. up with upstream softoken/freebl changes
Created attachment 849559 [details] Updated iquote.patch
Comment on attachment 849545 [details] Changes to nss.spec in patch format r+ rrelyea
Comment on attachment 849546 [details] pem module changes to sync. up with upstream softoken/freebl changes r+. NOTE: this does remove OEAP from pem, though I don't know if it was ever completely supported.
Elio, please explain iquote. bob
The iquote patch is to use the gcc compiler -quote dir option that adds the in source tree directory to the search patch for includes and have that picked up ahead of the system one. From the gcc man page http://linux.die.net/man/1/gcc -iquote dir Search dir only for header files requested with "#include " file ""; they are not searched for "#include < file >", before all directories specified by -I and before the standard system directories. If dir begins with "=", then the "=" will be replaced by the sysroot prefix; see --sysroot and -isysroot. Needed when we introduce new APIS, which now is the case.
In nss-softokn.spec I have these commentys # This patch uses the gcc-iquote dir option documented at # http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options # to place the in-tree directories at the head of the list on list of directories # to be searched for for header files. This ensures a build even when system freebl # headers are older. Such is the case when we are starting a major update. # NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl headers. # Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it. Patch10: iquote.patch I should add similar comments to nss.spec
No clarify, the I quote patch was already there I just updated it. From that ugly and hard to read attachment 849543 [details] the changes to iquote.patch were the following: # (7) Execute "local" rules. (OPTIONAL). # +--- nss/lib/nss/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 ++++ nss/lib/nss/Makefile 2014-01-07 13:30:04.466429634 -0800 +@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk + # (6) Execute "component" rules. (OPTIONAL) # + ####################################################################### + +- ++INCLUDES += -iquote $(DIST)/../public/nss ++INCLUDES += -iquote $(DIST)/../private/nss + + #######################################################################
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/nss-3.15.4-1.fc20,nss-softokn-3.15.4-1.fc20,nss-util-3.15.4-1.fc20
nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19
Package nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-3.15.4-1.fc19 nss-softokn-3.15.4-1.fc19 nss-util-3.15.4-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 then log in and leave karma (feedback).
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.