Latest upstream release: 3.21 Current version/release in rawhide: 3.20.1-2.fc24 URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.
Failed to kick off scratch build. list index out of range
Created attachment 1093786 [details] all changes for rebase To apply all changes in you local copy of nss for the master branch execute patch -p1 < allChanges.path. This is not suitable for review so I will attach the individual patches next.
Since the changes for rebasing nss-util and nss-softokn where easy ones I have taken the liberty of pushing them to the git repo but haven't done a build yet. I prefer to do a chain-build of all.
Created attachment 1093787 [details] changes to the nss-539183.patch The nss-539183.patch is a local patch needed in fedora and created by Wan-Teh Chan to deal with problems in Fedora and derived distributions. As per nss-3.21 we now use the -Werr option the build fails as socketDomain is assigned but never used. This change removes it.
Created attachment 1093788 [details] nss-539183.patch after the previously mentioned changes are applied
Created attachment 1093790 [details] pem module changes required to compile with -Werror option This patch is temporary where I tried to do the minimum amount of changes for it to build. As mentioned in the patch comments and the spec file a very different one will be required when we resume work on the code clean up being conducted on the interim upstream pem project.
Created attachment 1093803 [details] changes to nss.spec - in patch format
Comment on attachment 1093790 [details] pem module changes required to compile with -Werror option r- Issues: 1) Why are you using &error in a macro. it's not a function, you can use error as normal and check the value on return. Make sure it's initialized to CKR_OK before the call. 2) line 241 in your new file has a bug. if (rv) should be if (error != CKR_OK). 3) NIT, it's more readable if you say if (error != CKR_OK) rather than if (error). It means the same, but a casual reader isn't left guessing if error == 0 is success or failure. Your comment about handling SECStatus is right on. We should look more closely at the code, the name nobjs inplies that it expects number of objects, when it's returning a SECStatus. It looks like the function should have read semantics when it doesn't. bob
Created attachment 1093837 [details] pem module changes required to compile with -Werror option - V2 Address Bob's review comments from Comment 8.
Created attachment 1093938 [details] all changes for rebase V2
Comment on attachment 1093837 [details] pem module changes required to compile with -Werror option - V2 r+. OK, but I think the descrepancy between SECStatus and int is bigger than we thought. If the function is returning SECSuccess, then we are always treating the result as an error because we are checking the return value as things like <= 0 or < 1. SECSuccess = 0.
Comment on attachment 1093787 [details] changes to the nss-539183.patch Can you explain this change. Did the define disappear? Also, why isn't 539183 upstream yet? bob
see comment 12
(In reply to Bob Relyea from comment #12) > Comment on attachment 1093787 [details] > changes to the nss-539183.patch > > Can you explain this change. Did the define disappear? What define are referring to? If NSS_USE_SDP, I can't find it the upstream source tree and I have several branches checked old and new. Side note: gendiff made patches don't give enough lines of content, that's why have prefer using 'hg diff ...' on upstream source tree, so it's best to see them side by side against the original with meld or kdiff3. > > Also, why isn't 539183 upstream yet? It was created upstream, see Wan-Teh's comment at https://bugzilla.mozilla.org/show_bug.cgi?id=617723#c14 and one by Kai's made years later in reply to a request https://bugzilla.mozilla.org/show_bug.cgi?id=617723#c21 > > bob
Comment on attachment 1093788 [details] nss-539183.patch after the previously mentioned changes are applied r+ rrelyea
ok, r+
Comment on attachment 1093787 [details] changes to the nss-539183.patch The r+ was granted to the full patch after changes were applied.
requested info provided on Comment 16 :-)
nss-3.21.0-1.0.fc23 nss-softokn-3.21.0-1.0.fc23 nss-util-3.21.0-1.0.fc23 nspr-4.10.10-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-bc355f6cdd
nspr-4.10.10-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Jaromir, Since you added the STAGE2 bootstrap recipe for nspr, nss, nss-softokn, and nss-util, Bug 1258425 I made changes to the spec files such as this one: -%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64 +export NSS_DISABLE_GTESTS=1 + +%ifnarch noarch +%if 0%{__isa_bits} == 64 USE_64=1 export USE_64 %endif +%endif I think that the STAGE2-nspr, STAGE2-nss-util, STAGE2-nss-softokn, STAGE2-nss bootstrapping recipes need to be revised accordingly. If so, would you take care of this? Elio
nspr-4.10.10-2.fc23, nss-3.21.0-1.0.fc23, nss-softokn-3.21.0-1.0.fc23, nss-util-3.21.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update nss nspr nss-softokn nss-util' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-bc355f6cdd
nspr-4.10.10-2.fc22, nss-3.21.0-1.0.fc22, nss-softokn-3.21.0-1.0.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update nspr nss-softokn nss nss-util' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
nspr-4.10.10-2.fc23, nss-3.21.0-1.0.fc23, nss-softokn-3.21.0-1.0.fc23, nss-util-3.21.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
nspr-4.10.10-2.fc22 nss-3.21.0-1.1.fc22 nss-softokn-3.21.0-1.0.fc22 nss-util-3.21.0-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
Hello Elio. > Since you added the STAGE2 bootstrap recipe for nspr, nss, nss-softokn, and > nss-util, Bug 1258425 I made changes to the spec files such as this one: > > -%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64 > +export NSS_DISABLE_GTESTS=1 > + > +%ifnarch noarch > +%if 0%{__isa_bits} == 64 > USE_64=1 > export USE_64 > %endif > +%endif > > I think that the STAGE2-nspr, STAGE2-nss-util, STAGE2-nss-softokn, > STAGE2-nss bootstrapping recipes need to be revised accordingly. If so, > would you take care of this? Sure. STAGE2-nss* recipes already contain the following: --- if [ "$SUFFIX" = "64" ]; then USE_64=1 export USE_64 fi --- But I don't see that condition in the STAGE2-nspr recipe. Do you think, the Bug 1284017 might be related? Thanks.
> +export NSS_DISABLE_GTESTS=1 I somehow missed the very first '+' line. Why is this required on 64-bit architectures only? Thanks.
> > +export NSS_DISABLE_GTESTS=1 > > I somehow missed the very first '+' line. Why is this required on 64-bit > architectures only? Thanks. Sorry. I also missed the '-' and the ifarch condition is not present anymore. I'll include the variable as well.
ca-certificates-2015.2.6-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-6fb2c59536
ca-certificates-2015.2.6-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f9e5ca4e6a
ca-certificates-2015.2.6-1.0.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update ca-certificates' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-bd5b55f4d6
ca-certificates-2015.2.6-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update ca-certificates' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-6fb2c59536
ca-certificates-2015.2.6-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update ca-certificates' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f9e5ca4e6a
ca-certificates-2015.2.6-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
nspr-4.10.10-2.fc22 nss-3.21.0-1.1.fc22 nss-softokn-3.21.0-1.1.fc22 nss-util-3.21.0-1.0.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
nspr-4.10.10-2.fc22, nss-3.21.0-1.1.fc22, nss-softokn-3.21.0-1.1.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update nspr nss-softokn nss nss-util' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-ae4c9ec179
ca-certificates-2015.2.6-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
nspr-4.10.10-2.fc22, nss-3.21.0-1.1.fc22, nss-softokn-3.21.0-1.1.fc22, nss-util-3.21.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.