Bug 1336849 - nss-3.24 is available
Summary: nss-3.24 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-17 14:54 UTC by Upstream Release Monitoring
Modified: 2016-07-04 13:40 UTC (History)
6 users (show)

Fixed In Version: nss-3.24.0-1.2.fc24
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-18 18:55:22 UTC
Type: ---


Attachments (Terms of Use)
Rebase-helper rebase-helper-debug.log log file. See for details and report the eventual error to rebase-helper https://github.com/phracek/rebase-helper/issues. (5.66 KB, patch)
2016-05-17 14:57 UTC, Upstream Release Monitoring
no flags Details | Diff
all changes for nss-util rebase - in patch format (1.51 KB, patch)
2016-05-24 21:13 UTC, Elio Maldonado Batiz
no flags Details | Diff
all changes for nss-softokn rebase - in patch format (8.88 KB, patch)
2016-05-24 21:14 UTC, Elio Maldonado Batiz
no flags Details | Diff
all changes for nss rebase - in patch format (24.94 KB, patch)
2016-05-24 21:15 UTC, Elio Maldonado Batiz
no flags Details | Diff
nss.spec changes - in patch format (3.06 KB, patch)
2016-05-24 21:22 UTC, Elio Maldonado Batiz
no flags Details | Diff
changes so the test pass - temporay (2.88 KB, patch)
2016-05-24 21:52 UTC, Elio Maldonado Batiz
no flags Details | Diff

Description Upstream Release Monitoring 2016-05-17 14:54:01 UTC
Latest upstream release: 3.24
Current version/release in rawhide: 3.23.0-9.fc25
URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.

Based on the information from anitya:  https://release-monitoring.org/project/2503/

Comment 1 Upstream Release Monitoring 2016-05-17 14:57:38 UTC
Patching or scratch build for nss-3.23.0 failed.

Comment 2 Upstream Release Monitoring 2016-05-17 14:57:40 UTC
Created attachment 1158356 [details]
Rebase-helper rebase-helper-debug.log log file.
See for details and report the eventual error to rebase-helper https://github.com/phracek/rebase-helper/issues.

Comment 3 Upstream Release Monitoring 2016-05-17 14:57:42 UTC
Patches were not touched. All were applied properly

Comment 4 Elio Maldonado Batiz 2016-05-24 21:12:26 UTC
This rebase have been a bit difficult, nss-util and nss-softoken were straightforward but the nss rebase has been difficult. 

1) Due to some changes upstream in one of google tests until test framework I had to disable some of of the gtests. I'll bring that topic upstream. 

2) The second problem has to do with Rawhide where some of the ssl test suites are failing. 

Did a local rebase on my f23 and f24 systems and were I had no problems at all. It's only with Rawhide where I am getting those failures. I'm currently investigating and may have a temporary workaround which I'll explain later. I'll need help from some Bob and Nikos on it's analysis as I think it's related to the current work in in progress to enforce the system-wide crypto policy - Bug 1157720 which is Rawhide-only.  

Let me attach the changes I have made for nss-util, nss-softoken, and nss in Rawhide, the ones for other branches are similar, and I'll elaborate on the problem after that.

Comment 5 Elio Maldonado Batiz 2016-05-24 21:13:33 UTC
Created attachment 1161215 [details]
all changes for nss-util rebase - in patch format

Comment 6 Elio Maldonado Batiz 2016-05-24 21:14:26 UTC
Created attachment 1161216 [details]
all changes for nss-softokn rebase - in patch format

Comment 7 Elio Maldonado Batiz 2016-05-24 21:15:19 UTC
Created attachment 1161217 [details]
all changes for nss rebase - in patch format

Comment 8 Elio Maldonado Batiz 2016-05-24 21:22:42 UTC
Created attachment 1161218 [details]
nss.spec changes - in patch format

Comment 9 Elio Maldonado Batiz 2016-05-24 21:52:10 UTC
Created attachment 1161226 [details]
changes so the test pass - temporay

With attachment 1161218 [details] the brew build for Rawide failed as you can see on http://koji.fedoraproject.org/koji/taskinfo?taskID=14236223

I then tried the changes attached where I disabled 
Patch59: nss-check-policy-file.patch and all tests passed.

Scratch build at http://koji.fedoraproject.org/koji/taskinfo?taskID=14237602

I went ahead and installed that build on my Rawhide system and build with the original version nss.spec, that has the patch enabled, and all tests passed,

It's seems to me that for rawhide we may need to do some sort of bootstrapping build without the patch and once that one is on the buildroot override subsequent build will have no problems. 

Years ago, while doing split of nss into three packages, I had to do that kind of bootstrapping before I could be successful with the package split

Comment 10 Elio Maldonado Batiz 2016-05-24 21:55:59 UTC
Bob or Nikos, what is your advise? Do I need the bootstrapping I mentioned or is this a sign that something else regarding the policy enforcement needs work?

Comment 11 Elio Maldonado Batiz 2016-05-25 17:11:33 UTC
Comment on attachment 1161226 [details]
changes so the test pass - temporay

Assuming that we need a bootstrapping build there is a lot simpler way, without having to temporarily disable any patches, which is to comment out in the spec file the setting of two build time variables
#export POLICY_FILE=nss.config
#export POLICY_PATH=/etc/crypto-policies/back-ends

Comment 12 Bob Relyea 2016-05-25 19:22:03 UTC
Hmm it may be necessary. The question is is there an nss.config on the build platform, and is it turnning off cipher by default (that you may be testing)?


bob

Comment 13 Nikos Mavrogiannopoulos 2016-05-26 06:46:03 UTC
There is an nss.config on the build platform. It is part of the base system. For the test suite you'll need to override the system one with another policy specific for testing.

Comment 14 Fedora Update System 2016-05-29 17:47:42 UTC
nss-3.24.0-1.0.fc24 nss-softokn-3.24.0-1.0.fc24 nss-util-3.24.0-1.0.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa807cca6f

Comment 15 Fedora Update System 2016-05-31 03:54:40 UTC
nss-3.24.0-1.1.fc24, nss-softokn-3.24.0-1.0.fc24, nss-util-3.24.0-1.0.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa807cca6f

Comment 16 Fedora Update System 2016-06-03 02:39:31 UTC
nss-3.24.0-1.2.fc24 nss-softokn-3.24.0-1.0.fc24 nss-util-3.24.0-1.0.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa807cca6f

Comment 17 Fedora Update System 2016-06-03 09:27:57 UTC
nss-3.24.0-1.2.fc24, nss-softokn-3.24.0-1.0.fc24, nss-util-3.24.0-1.0.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa807cca6f

Comment 18 Fedora Update System 2016-06-18 18:55:12 UTC
nss-3.24.0-1.2.fc24, nss-softokn-3.24.0-1.0.fc24, nss-util-3.24.0-1.0.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.