Ubuntu
nss package

Merge ~lucaskanashiro/ubuntu/+source/nss:merge-focal into ubuntu/+source/nss:debian/sid

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/nss
  3. merge-focal
  4. Merge into debian/sid
Proposed by Lucas Kanashiro
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 3d3a453069c5b125047697ea9b9a9d48ad4d82af
Merge reported by: Christian Ehrhardt 
Merged at revision: 3d3a453069c5b125047697ea9b9a9d48ad4d82af
Proposed branch: ~lucaskanashiro/ubuntu/+source/nss:merge-focal
Merge into: ubuntu/+source/nss:debian/sid
Diff against target: 361 lines (+230/-2)
6 files modified
debian/changelog (+173/-0)
debian/control (+3/-1)
debian/libnss3.links (+3/-0)
debian/patches/disable_fips_enabled_read.patch (+49/-0)
debian/patches/series (+1/-0)
debian/rules (+1/-1)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+375115@code.launchpad.net

This proposal supersedes a proposal from 2019-10-31.

Description of the change

Merge version 2:3.47-1 from Debian. The delta from version 2:3.45-1ubuntu2 was applied on top of this new release:

* d/libnss3.links: make freebl3 available as library
* d/control: add dh-exec to Build-Depends
* d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
* Disable reading fips_enabled flag in FIPS mode. libnss is not a FIPS certified library.

According to upstream release notes the library in this new release is compatible with the version we have in the archive, so the version bump should not be a problem.

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

The package builds fine and it was uploaded to this PPA: https://launchpad.net/~lucaskanashiro/+archive/ubuntu/focal-nss-merge/

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Recommendation: switch on nonx86 architectures on the PPA to not hit late surprises on upload

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

build - ok
retained delta - ok (nothing upstreamable, not sure why debian dislikes freebl3)
changelog - ok

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

It has quite a long list of reverse dependencies which makes this dangerous.
I agree that we don't see a bump of the major number of the lib so it might be working out well.

I was checking
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes

It is a bit tricky, there were significant TLS changes announced for 3.47 in the 3.46 doc. Only to be listed still as future in 3.47 release note.

It also contains the statement you probably meant that it should be compatible.
Yeah it seems safe in that regard.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

But the notes also contain:
  "The HG tag is NSS_3_47_RTM. NSS 3.47 requires NSPR 4.23 or newer."

Well at least in f-proposed that is ok:
 libnspr4 | 2:4.23-1 | focal-proposed | amd64, arm64, armhf, i386, ppc64el, s390x

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yeah, overall this LGTM.
Be prepared that due to the longer list of dependencies there might be more potential hickups in tests. But that won't change, so if you are ok it can be sponsored.

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

> Recommendation: switch on nonx86 architectures on the PPA to not hit late
> surprises on upload

Thanks for the heads up Christian. Do you usually build packages for all architectures? Or do you have a small set that is "more valuable" in general?

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

> Yeah, overall this LGTM.
> Be prepared that due to the longer list of dependencies there might be more
> potential hickups in tests. But that won't change, so if you are ok it can be
> sponsored.

I am ok with it, could you please sponsor it?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I usually build all that the main archive builds for: amd64, i386, armhf, arm64, ppc64el, s390x.
As those are the ones that should work well on the actual upload.
No one cares about e.g. "powerpc" anymore these days.

As agreed, sponsoring ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tagged and uploaded to Focal

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/nss
 * [new tag] upload/2%3.47-1ubuntu1 -> upload/2%3.47-1ubuntu1

And I see https://launchpad.net/ubuntu/+source/nss/2:3.47-1ubuntu1 started building

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is in the release pocket

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 4e90a94..6acea72 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
1nss (2:3.47-1ubuntu1) focal; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - d/libnss3.links: make freebl3 available as library (LP #1744328)
5 - d/control: add dh-exec to Build-Depends
6 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
7 - Disable reading fips_enabled flag in FIPS mode. libnss is
8 not a FIPS certified library. (LP #1837734)
9
10 -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 31 Oct 2019 16:18:35 -0300
11
1nss (2:3.47-1) unstable; urgency=medium12nss (2:3.47-1) unstable; urgency=medium
213
3 * New upstream release.14 * New upstream release.
@@ -5,6 +16,22 @@ nss (2:3.47-1) unstable; urgency=medium
516
6 -- Mike Hommey <glandium@debian.org> Wed, 23 Oct 2019 11:19:59 +090017 -- Mike Hommey <glandium@debian.org> Wed, 23 Oct 2019 11:19:59 +0900
718
19nss (2:3.45-1ubuntu2) eoan; urgency=medium
20
21 * Disable reading fips_enabled flag in FIPS mode. libnss is
22 not a FIPS certified library. (LP: #1837734)
23
24 -- Vineetha Kamath <vineetha.hari.pai@canonical.com> Tue, 23 Jul 2019 20:58:12 +0000
25
26nss (2:3.45-1ubuntu1) eoan; urgency=low
27
28 * Merge from Debian unstable. Remaining changes:
29 - d/libnss3.links: make freebl3 available as library (LP 1744328)
30 - d/control: add dh-exec to Build-Depends
31 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
32
33 -- Gianfranco Costamagna <locutusofborg@debian.org> Thu, 11 Jul 2019 11:49:44 +0200
34
8nss (2:3.45-1) unstable; urgency=medium35nss (2:3.45-1) unstable; urgency=medium
936
10 * New upstream release.37 * New upstream release.
@@ -53,6 +80,28 @@ nss (2:3.42.1-1) unstable; urgency=medium
5380
54 -- Mike Hommey <glandium@debian.org> Wed, 13 Feb 2019 13:19:39 +090081 -- Mike Hommey <glandium@debian.org> Wed, 13 Feb 2019 13:19:39 +0900
5582
83nss (2:3.42-1ubuntu2) disco; urgency=medium
84
85 * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
86 - debian/patches/CVE-2018-18508-1.patch: add null checks in
87 nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
88 nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
89 nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
90 - debian/patches/CVE-2018-18508-2.patch: add null checks in
91 nss/lib/smime/cmsmessage.c.
92 - CVE-2018-18508
93
94 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Feb 2019 12:04:49 +0100
95
96nss (2:3.42-1ubuntu1) disco; urgency=medium
97
98 * Merge with Debian unstable (LP: #1813593). Remaining changes:
99 - d/libnss3.links: make freebl3 available as library (LP 1744328)
100 - d/control: add dh-exec to Build-Depends
101 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
102
103 -- Karl Stenerud <kstenerud@gmail.com> Mon, 04 Feb 2019 11:03:32 +0100
104
56nss (2:3.42-1) unstable; urgency=medium105nss (2:3.42-1) unstable; urgency=medium
57106
58 * New upstream release.107 * New upstream release.
@@ -71,6 +120,18 @@ nss (2:3.40-1) unstable; urgency=medium
71120
72 -- Mike Hommey <glandium@debian.org> Fri, 02 Nov 2018 14:44:19 +0900121 -- Mike Hommey <glandium@debian.org> Fri, 02 Nov 2018 14:44:19 +0900
73122
123nss (2:3.39-1ubuntu1) disco; urgency=medium
124
125 * Merge with Debian unstable. Remaining changes (LP: #1803707):
126 - d/libnss3.links: make freebl3 available as library (LP 1744328)
127 - d/control: add dh-exec to Build-Depends
128 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
129 * Dropped changes:
130 - d/rules: when building with -O3 on ppc64el this FTBFS, build with
131 -Wno-error=maybe-uninitialized to avoid that
132
133 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Nov 2018 14:27:39 +0100
134
74nss (2:3.39-1) unstable; urgency=medium135nss (2:3.39-1) unstable; urgency=medium
75136
76 * New upstream release.137 * New upstream release.
@@ -103,6 +164,23 @@ nss (2:3.37-1) unstable; urgency=medium
103164
104 -- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900165 -- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900
105166
167nss (2:3.36.1-1ubuntu1) cosmic; urgency=medium
168
169 * Merge with Debian unstable. Remaining changes:
170 - d/libnss3.links: make freebl3 available as library (LP 1744328)
171 - d/control: add dh-exec to Build-Depends
172 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
173 - d/rules: when building with -O3 on ppc64el this FTBFS, build with
174 -Wno-error=maybe-uninitialized to avoid that
175 * Dropped changes:
176 - revert switching to SQL default format (LP: 1746947) Dropping this
177 adresses (LP: #1747411) and effectively means we now switch to the new
178 default format after we ensured all depending packages are ready.
179 * Added changes:
180 - d/rules: extended the FTBFS to -O3 on ppc64el to only apply on ppc64el
181
182 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 07 May 2018 17:08:46 +0200
183
106nss (2:3.36.1-1) unstable; urgency=medium184nss (2:3.36.1-1) unstable; urgency=medium
107185
108 * New upstream release.186 * New upstream release.
@@ -116,6 +194,25 @@ nss (2:3.36-1) unstable; urgency=medium
116194
117 -- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900195 -- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900
118196
197nss (2:3.35-2ubuntu2) bionic; urgency=medium
198
199 * d/p/lp1746947-revert-switch-default-to-sql.patch: the switch of the
200 default is still causing too much issues in consumers of nss.
201 So until resolved revert the switched default (LP: #1746947)
202
203 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Feb 2018 11:36:07 +0100
204
205nss (2:3.35-2ubuntu1) bionic; urgency=medium
206
207 * Merge with Debian unstable. Remaining changes:
208 - When building with -O3, build with -Wno-error=maybe-uninitialized.
209 * Added Changes:
210 - d/libnss3.links: make freebl3 available as library (LP: #1744328)
211 + d/control: add dh-exec to Build-Depends
212 + d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
213
214 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 30 Jan 2018 14:04:20 +0100
215
119nss (2:3.35-2) unstable; urgency=medium216nss (2:3.35-2) unstable; urgency=medium
120217
121 * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.218 * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
@@ -134,6 +231,13 @@ nss (2:3.34.1-1) unstable; urgency=medium
134231
135 -- Mike Hommey <glandium@debian.org> Fri, 05 Jan 2018 20:15:40 +0900232 -- Mike Hommey <glandium@debian.org> Fri, 05 Jan 2018 20:15:40 +0900
136233
234nss (2:3.34-1ubuntu1) bionic; urgency=medium
235
236 * Merge with Debian; remaining changes:
237 - When building with -O3, build with -Wno-error=maybe-uninitialized.
238
239 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 14 Dec 2017 09:18:47 -0500
240
137nss (2:3.34-1) unstable; urgency=medium241nss (2:3.34-1) unstable; urgency=medium
138242
139 * New upstream release:243 * New upstream release:
@@ -158,6 +262,28 @@ nss (2:3.32-2) unstable; urgency=medium
158262
159 -- Mike Hommey <glandium@debian.org> Mon, 28 Aug 2017 07:39:59 +0900263 -- Mike Hommey <glandium@debian.org> Mon, 28 Aug 2017 07:39:59 +0900
160264
265nss (2:3.32-1ubuntu3) artful; urgency=medium
266
267 * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
268 - debian/patches/CVE-2017-7805.patch: Simplify handling of
269 CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
270 - CVE-2017-7805
271
272 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 29 Sep 2017 12:17:39 -0400
273
274nss (2:3.32-1ubuntu2) artful; urgency=medium
275
276 * Initialise curve variable in a test file, resolves FTBFS.
277
278 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 24 Aug 2017 07:21:27 -0400
279
280nss (2:3.32-1ubuntu1) artful; urgency=medium
281
282 * Merge with Debian; remaining changes:
283 - When building with -O3, build with -Wno-error=maybe-uninitialized.
284
285 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Aug 2017 13:09:20 -0400
286
161nss (2:3.32-1) unstable; urgency=medium287nss (2:3.32-1) unstable; urgency=medium
162288
163 * New upstream release.289 * New upstream release.
@@ -217,6 +343,39 @@ nss (2:3.27.1-1) experimental; urgency=medium
217343
218 -- Mike Hommey <glandium@debian.org> Sat, 19 Nov 2016 08:29:17 +0900344 -- Mike Hommey <glandium@debian.org> Sat, 19 Nov 2016 08:29:17 +0900
219345
346nss (2:3.28.4-0ubuntu2) artful; urgency=medium
347
348 * SECURITY UPDATE: DoS via empty SSLv2 messages
349 - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
350 nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
351 added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
352 nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
353 nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
354 - CVE-2017-7502
355
356 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Jun 2017 08:12:38 -0400
357
358nss (2:3.28.4-0ubuntu1) artful; urgency=medium
359
360 * Updated to upstream 3.28.4 to fix security issues and get a new CA
361 certificate bundle.
362 * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
363 - CVE-2016-2183
364 * SECURITY UPDATE: out-of-bounds write in Base64 decoding
365 - CVE-2017-5461
366 * debian/patches/*.patch: refreshed for new version.
367 * debian/control: bump libnspr4-dev to 4.13.1.
368 * debian/libnss3.symbols: added new symbols.
369
370 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 27 Apr 2017 13:13:44 -0400
371
372nss (2:3.26.2-1ubuntu1) zesty; urgency=medium
373
374 * Merge with Debian; remaining changes:
375 - When building with -O3, build with -Wno-error=maybe-uninitialized.
376
377 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 02 Dec 2016 08:48:03 -0500
378
220nss (2:3.26.2-1) unstable; urgency=medium379nss (2:3.26.2-1) unstable; urgency=medium
221380
222 * New upstream release.381 * New upstream release.
@@ -230,6 +389,13 @@ nss (2:3.26-2) unstable; urgency=medium
230389
231 -- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2016 10:02:23 +0900390 -- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2016 10:02:23 +0900
232391
392nss (2:3.26-1ubuntu1) yakkety; urgency=medium
393
394 * Merge with Debian; remaining changes:
395 - When building with -O3, build with -Wno-error=maybe-uninitialized.
396
397 -- Matthias Klose <doko@ubuntu.com> Tue, 06 Sep 2016 14:39:56 +0200
398
233nss (2:3.26-1) unstable; urgency=medium399nss (2:3.26-1) unstable; urgency=medium
234400
235 * New upstream release.401 * New upstream release.
@@ -244,6 +410,12 @@ nss (2:3.26-1) unstable; urgency=medium
244410
245 -- Mike Hommey <glandium@debian.org> Tue, 16 Aug 2016 16:33:15 +0900411 -- Mike Hommey <glandium@debian.org> Tue, 16 Aug 2016 16:33:15 +0900
246412
413nss (2:3.25-1ubuntu1) yakkety; urgency=medium
414
415 * When building with -O3, build with -Wno-error=maybe-uninitialized.
416
417 -- Matthias Klose <doko@ubuntu.com> Thu, 04 Aug 2016 11:36:54 +0200
418
247nss (2:3.25-1) unstable; urgency=medium419nss (2:3.25-1) unstable; urgency=medium
248420
249 * New upstream release.421 * New upstream release.
@@ -275,6 +447,7 @@ nss (2:3.21-1.1) unstable; urgency=medium
275 * Fix FTBFS on hppa. Closes: #808990447 * Fix FTBFS on hppa. Closes: #808990
276448
277 -- Adam Borowski <kilobyte@angband.pl> Sun, 14 Feb 2016 14:46:40 +0100449 -- Adam Borowski <kilobyte@angband.pl> Sun, 14 Feb 2016 14:46:40 +0100
450
278nss (2:3.21-1) unstable; urgency=medium451nss (2:3.21-1) unstable; urgency=medium
279452
280 * New upstream release.453 * New upstream release.
diff --git a/debian/control b/debian/control
index 90afcdc..54c1ae6 100644
--- a/debian/control
+++ b/debian/control
@@ -1,9 +1,11 @@
1Source: nss1Source: nss
2Section: libs2Section: libs
3Priority: optional3Priority: optional
4Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
5Uploaders: Mike Hommey <glandium@debian.org>6Uploaders: Mike Hommey <glandium@debian.org>
6Build-Depends: debhelper (>= 9.20160403),7Build-Depends: debhelper (>= 9.20160403),
8 dh-exec,
7 dpkg-dev (>= 1.17.14),9 dpkg-dev (>= 1.17.14),
8 libnspr4-dev (>= 2:4.12),10 libnspr4-dev (>= 2:4.12),
9 zlib1g-dev,11 zlib1g-dev,
diff --git a/debian/libnss3.links b/debian/libnss3.links
10new file mode 10075512new file mode 100755
index 0000000..717ff94
--- /dev/null
+++ b/debian/libnss3.links
@@ -0,0 +1,3 @@
1#!/usr/bin/dh-exec
2usr/lib/${DEB_HOST_MULTIARCH}/nss/libfreebl3.so usr/lib/${DEB_HOST_MULTIARCH}/libfreebl3.so
3usr/lib/${DEB_HOST_MULTIARCH}/nss/libfreeblpriv3.so usr/lib/${DEB_HOST_MULTIARCH}/libfreeblpriv3.so
diff --git a/debian/patches/disable_fips_enabled_read.patch b/debian/patches/disable_fips_enabled_read.patch
0new file mode 1006444new file mode 100644
index 0000000..7a87954
--- /dev/null
+++ b/debian/patches/disable_fips_enabled_read.patch
@@ -0,0 +1,49 @@
1commit 16996a9156c9ff2924bdb19ff43d40617a41c912
2Author: Vineetha Kamath <vineetha.hari.pai@canonical.com>
3Date: Tue Jul 23 15:32:32 2019 -0400
4
5From: Vineetha Kamath<vineetha.hari.pai@canonical.com>
6Decription: Disable libgcrypt reading /proc/sys/crypto/fips_enabled
7file and going into FIPS mode. libnss is not a FIPS
8certified library.
9Bug-Ubuntu: http://bugs.launchpad.net/bugs/1837734
10Forwarded: not-needed
11
12diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c
13index 22f9781..8433377 100644
14--- a/nss/lib/freebl/nsslowhash.c
15+++ b/nss/lib/freebl/nsslowhash.c
16@@ -27,11 +27,13 @@ static int
17 nsslow_GetFIPSEnabled(void)
18 {
19 #ifdef LINUX
20- FILE *f;
21+ FILE *f = NULL;
22 char d;
23 size_t size;
24
25+#if 0
26 f = fopen("/proc/sys/crypto/fips_enabled", "r");
27+#endif
28 if (!f)
29 return 0;
30
31diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c
32index bd0fac2..81f9b17 100644
33--- a/nss/lib/sysinit/nsssysinit.c
34+++ b/nss/lib/sysinit/nsssysinit.c
35@@ -168,11 +168,13 @@ getFIPSEnv(void)
36 static PRBool
37 getFIPSMode(void)
38 {
39- FILE *f;
40+ FILE *f = NULL;
41 char d;
42 size_t size;
43
44+#if 0
45 f = fopen("/proc/sys/crypto/fips_enabled", "r");
46+#endif
47 if (!f) {
48 /* if we don't have a proc flag, fall back to the
49 * environment variable */
diff --git a/debian/patches/series b/debian/patches/series
index c1bd63f..3f8bf6a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
280_security_tools.patch280_security_tools.patch
385_security_load.patch385_security_load.patch
438_hppa.patch438_hppa.patch
5disable_fips_enabled_read.patch
diff --git a/debian/rules b/debian/rules
index ec951d3..b4c7302 100755
--- a/debian/rules
+++ b/debian/rules
@@ -175,7 +175,7 @@ override_dh_strip:
175175
176ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))176ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
177 # Check FIPS mode correctly works177 # Check FIPS mode correctly works
178 mkdir debian/tmp178 mkdir -p debian/tmp
179 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null179 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null
180 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null180 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null
181endif181endif

Subscribers

People subscribed via source and target branches