Bug 1279912 - nss-3.21 is available
nss-3.21 is available
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
: FutureFeature, Reopened, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-10 08:03 EST by Upstream Release Monitoring
Modified: 2015-11-30 18:24 EST (History)
5 users (show)

See Also:
Fixed In Version: nss-3.21.0-1.0.fc23, nss-sofokn-3.21.0-1.0.fc23, nss-util-3.21.0-1.0.fc23 nss-3.21.0-1.0.fc23 nss-3.21.0-1.1.fc22
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-30 18:24:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
all changes for rebase (15.12 KB, patch)
2015-11-13 13:25 EST, Elio Maldonado Batiz
no flags Details | Diff
changes to the nss-539183.patch (2.51 KB, patch)
2015-11-13 13:45 EST, Elio Maldonado Batiz
no flags Details | Diff
nss-539183.patch after the previously mentioned changes are applied (1.60 KB, patch)
2015-11-13 13:48 EST, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
pem module changes required to compile with -Werror option (6.11 KB, patch)
2015-11-13 14:00 EST, Elio Maldonado Batiz
rrelyea: review-
Details | Diff
changes to nss.spec - in patch format (4.60 KB, patch)
2015-11-13 14:07 EST, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
pem module changes required to compile with -Werror option - V2 (5.39 KB, patch)
2015-11-13 15:32 EST, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
all changes for rebase V2 (14.37 KB, patch)
2015-11-13 17:38 EST, Elio Maldonado Batiz
no flags Details | Diff

  None (edit)
Description Upstream Release Monitoring 2015-11-10 08:03:28 EST
Latest upstream release: 3.21
Current version/release in rawhide: 3.20.1-2.fc24
URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.
Comment 1 Upstream Release Monitoring 2015-11-10 08:05:07 EST
Failed to kick off scratch build.

list index out of range
Comment 2 Elio Maldonado Batiz 2015-11-13 13:25 EST
Created attachment 1093786 [details]
all changes for rebase

To apply all changes in you local copy of nss for the master branch execute patch -p1 < allChanges.path. This is not suitable for review so I will attach the individual patches next.
Comment 3 Elio Maldonado Batiz 2015-11-13 13:29:17 EST
Since the changes for rebasing nss-util and nss-softokn where easy ones I have taken the liberty of pushing them to the git repo but haven't done a build yet. I prefer to do a chain-build of all.
Comment 4 Elio Maldonado Batiz 2015-11-13 13:45 EST
Created attachment 1093787 [details]
changes to the nss-539183.patch

The nss-539183.patch is a local patch needed in fedora and created by Wan-Teh Chan to deal with problems in Fedora and derived distributions. As per nss-3.21 we now use the -Werr option the build fails as socketDomain is assigned but never used. This change removes it.
Comment 5 Elio Maldonado Batiz 2015-11-13 13:48 EST
Created attachment 1093788 [details]
nss-539183.patch after the previously mentioned changes are applied
Comment 6 Elio Maldonado Batiz 2015-11-13 14:00 EST
Created attachment 1093790 [details]
pem module changes required to compile with -Werror option

This patch is temporary where I tried to do the minimum amount of changes for it to build. As mentioned in the patch comments and the spec file a very different one will be required when we resume work on the code clean up being conducted on the interim upstream pem project.
Comment 7 Elio Maldonado Batiz 2015-11-13 14:07 EST
Created attachment 1093803 [details]
changes to nss.spec - in patch format
Comment 8 Bob Relyea 2015-11-13 14:41:26 EST
Comment on attachment 1093790 [details]
pem module changes required to compile with -Werror option

r-

Issues:

1) Why are you using &error in a macro. it's not a function, you can use error as normal and check the value on return. Make sure it's initialized to CKR_OK before the call.
2) line 241 in your new file has a bug. if (rv) should be if (error != CKR_OK).
3) NIT, it's more readable if you say if (error != CKR_OK) rather than if (error). It means the same, but a casual reader isn't left guessing if error == 0 is success or failure.

Your comment about handling SECStatus is right on. We should look more closely at the code, the name nobjs inplies that it expects number of objects, when it's returning a SECStatus. It looks like the function should have read semantics when it doesn't.

bob
Comment 9 Elio Maldonado Batiz 2015-11-13 15:32 EST
Created attachment 1093837 [details]
pem module changes required to compile with -Werror option - V2

Address Bob's review comments from Comment 8.
Comment 10 Elio Maldonado Batiz 2015-11-13 17:38 EST
Created attachment 1093938 [details]
all changes for rebase V2
Comment 11 Bob Relyea 2015-11-13 17:46:11 EST
Comment on attachment 1093837 [details]
pem module changes required to compile with -Werror option - V2

r+. OK, but I think the descrepancy between SECStatus and int is bigger than we thought. If the function is returning SECSuccess, then we are always treating the result as an error because we are checking the return value as things like <= 0 or < 1. SECSuccess = 0.
Comment 12 Bob Relyea 2015-11-13 17:51:13 EST
Comment on attachment 1093787 [details]
changes to the nss-539183.patch

Can you explain this change. Did the define disappear?

Also, why isn't 539183 upstream yet?

bob
Comment 13 Bob Relyea 2015-11-13 17:51:45 EST
see comment 12
Comment 14 Elio Maldonado Batiz 2015-11-13 19:14:24 EST
(In reply to Bob Relyea from comment #12)
> Comment on attachment 1093787 [details]
> changes to the nss-539183.patch
> 
> Can you explain this change. Did the define disappear?
What define are referring to?

If NSS_USE_SDP, I can't find it the upstream source tree and I have several branches checked old and new.

Side note: gendiff made patches don't give enough lines of content, that's why have prefer using 'hg diff ...' on upstream source tree, so it's best to see them side by side against the original with meld or kdiff3.

> 
> Also, why isn't 539183 upstream yet? 

It was created upstream, see Wan-Teh's comment at 
https://bugzilla.mozilla.org/show_bug.cgi?id=617723#c14

and one by Kai's made years later in reply to a request
https://bugzilla.mozilla.org/show_bug.cgi?id=617723#c21

> 
> bob
Comment 15 Bob Relyea 2015-11-13 20:39:03 EST
Comment on attachment 1093788 [details]
nss-539183.patch after the previously mentioned changes are applied

r+ rrelyea
Comment 16 Bob Relyea 2015-11-13 20:39:47 EST
ok, r+
Comment 17 Elio Maldonado Batiz 2015-11-13 20:46:19 EST
Comment on attachment 1093787 [details]
changes to the nss-539183.patch

The r+ was granted to the full patch after changes were applied.
Comment 18 Elio Maldonado Batiz 2015-11-13 20:49:26 EST
requested info provided on Comment 16 :-)
Comment 19 Fedora Update System 2015-11-16 15:57:21 EST
nss-3.21.0-1.0.fc23 nss-softokn-3.21.0-1.0.fc23 nss-util-3.21.0-1.0.fc23 nspr-4.10.10-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-bc355f6cdd
Comment 20 Fedora Update System 2015-11-16 20:16:28 EST
nspr-4.10.10-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Comment 21 Elio Maldonado Batiz 2015-11-17 14:56:03 EST
Jaromir, 

Since you added the STAGE2 bootstrap recipe for nspr, nss, nss-softokn, and nss-util, Bug 1258425 I made changes to the spec files such as this one:

-%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
+export NSS_DISABLE_GTESTS=1
+
+%ifnarch noarch
+%if 0%{__isa_bits} == 64
 USE_64=1
 export USE_64
 %endif
+%endif

I think that the STAGE2-nspr, STAGE2-nss-util, STAGE2-nss-softokn, STAGE2-nss bootstrapping recipes need to be revised accordingly. If so, would you take care of this?

Elio
Comment 22 Fedora Update System 2015-11-18 11:51:57 EST
nspr-4.10.10-2.fc23, nss-3.21.0-1.0.fc23, nss-softokn-3.21.0-1.0.fc23, nss-util-3.21.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update nss nspr nss-softokn nss-util'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-bc355f6cdd
Comment 23 Fedora Update System 2015-11-18 19:22:30 EST
nspr-4.10.10-2.fc22, nss-3.21.0-1.0.fc22, nss-softokn-3.21.0-1.0.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update nspr nss-softokn nss nss-util'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Comment 24 Fedora Update System 2015-11-19 04:51:53 EST
nspr-4.10.10-2.fc23, nss-3.21.0-1.0.fc23, nss-softokn-3.21.0-1.0.fc23, nss-util-3.21.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 25 Fedora Update System 2015-11-21 11:06:00 EST
nspr-4.10.10-2.fc22 nss-3.21.0-1.1.fc22 nss-softokn-3.21.0-1.0.fc22 nss-util-3.21.0-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Comment 26 Jaromír Cápík 2015-11-23 10:30:04 EST
Hello Elio.

> Since you added the STAGE2 bootstrap recipe for nspr, nss, nss-softokn, and
> nss-util, Bug 1258425 I made changes to the spec files such as this one:
> 
> -%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
> +export NSS_DISABLE_GTESTS=1
> +
> +%ifnarch noarch
> +%if 0%{__isa_bits} == 64
>  USE_64=1
>  export USE_64
>  %endif
> +%endif
> 
> I think that the STAGE2-nspr, STAGE2-nss-util, STAGE2-nss-softokn,
> STAGE2-nss bootstrapping recipes need to be revised accordingly. If so,
> would you take care of this?

Sure.
STAGE2-nss* recipes already contain the following:

---
if [ "$SUFFIX" = "64" ]; then
  USE_64=1
  export USE_64
fi
---

But I don't see that condition in the STAGE2-nspr recipe.

Do you think, the Bug 1284017 might be related?

Thanks.
Comment 27 Jaromír Cápík 2015-11-23 10:34:53 EST
> +export NSS_DISABLE_GTESTS=1

I somehow missed the very first '+' line. Why is this required on 64-bit architectures only? Thanks.
Comment 28 Jaromír Cápík 2015-11-23 10:39:06 EST
> > +export NSS_DISABLE_GTESTS=1
> 
> I somehow missed the very first '+' line. Why is this required on 64-bit
> architectures only? Thanks.

Sorry. I also missed the '-' and the ifarch condition is not present anymore. I'll include the variable as well.
Comment 29 Fedora Update System 2015-11-23 12:39:04 EST
ca-certificates-2015.2.6-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-6fb2c59536
Comment 30 Fedora Update System 2015-11-23 12:39:09 EST
ca-certificates-2015.2.6-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f9e5ca4e6a
Comment 31 Fedora Update System 2015-11-23 19:23:32 EST
ca-certificates-2015.2.6-1.0.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update ca-certificates'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-bd5b55f4d6
Comment 32 Fedora Update System 2015-11-23 19:53:51 EST
ca-certificates-2015.2.6-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update ca-certificates'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-6fb2c59536
Comment 33 Fedora Update System 2015-11-23 21:22:39 EST
ca-certificates-2015.2.6-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update ca-certificates'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f9e5ca4e6a
Comment 34 Fedora Update System 2015-11-25 16:52:00 EST
ca-certificates-2015.2.6-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 35 Fedora Update System 2015-11-26 12:15:22 EST
nspr-4.10.10-2.fc22 nss-3.21.0-1.1.fc22 nss-softokn-3.21.0-1.1.fc22 nss-util-3.21.0-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Comment 36 Fedora Update System 2015-11-26 17:54:20 EST
nspr-4.10.10-2.fc22, nss-3.21.0-1.1.fc22, nss-softokn-3.21.0-1.1.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update nspr nss-softokn nss nss-util'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Comment 37 Fedora Update System 2015-11-30 18:22:07 EST
ca-certificates-2015.2.6-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 38 Fedora Update System 2015-11-30 18:24:46 EST
nspr-4.10.10-2.fc22, nss-3.21.0-1.1.fc22, nss-softokn-3.21.0-1.1.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.