Ubuntu
nss package

Merge ~paelzer/ubuntu/+source/nss:merge-1803707-disco-3.39-1 into ubuntu/+source/nss:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/nss
  3. merge-1803707-disco-3.39-1
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Robie Basak
Approved revision: eeeada1d0332a0755404ec9f2e82bcd9d6a4ce51
Merge reported by: Christian Ehrhardt 
Merged at revision: eeeada1d0332a0755404ec9f2e82bcd9d6a4ce51
Proposed branch: ~paelzer/ubuntu/+source/nss:merge-1803707-disco-3.39-1
Merge into: ubuntu/+source/nss:debian/sid
Diff against target: 219 lines (+130/-2)
4 files modified
debian/changelog (+123/-0)
debian/control (+3/-1)
debian/libnss3.links (+3/-0)
debian/rules (+1/-1)
Reviewer Review Type Date Requested Status
Robie Basak Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+358921@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

There is a PPA at:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3523/+packages

That also proves that we no more need the PPC FTBFS fix that I dropped.

Sponsoring this has to wait until nspr is complete, but Karl is ready to push it so that should be soon.
Also there is nothing bad in doing the review early.

Once I have the new nspr in proposed I'd intend to rebuild nss and then run test-nss.py from qa-regression tests on it.

Revision history for this message
Robie Basak (racb) wrote :

Did you forget to push the logical/reconstruct/deconstruct tags? I don't see a recent set.

review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Sorry, here they are:

To ssh://git.launchpad.net/~paelzer/ubuntu/+source/nss
 * [new tag] lp1803707/reconstruct/2%3.36.1-1ubuntu1 -> lp1803707/reconstruct/2%3.36.1-1ubuntu1
 * [new tag] lp1803707/old/ubuntu -> lp1803707/old/ubuntu
 * [new tag] lp1803707/old/debian -> lp1803707/old/debian
 * [new tag] lp1803707/new/debian -> lp1803707/new/debian
 * [new tag] lp1803707/logical/2%3.36.1-1ubuntu1 -> lp1803707/logical/2%3.36.1-1ubuntu1
 * [new tag] lp1803707/deconstruct/2%3.36.1-1ubuntu1 -> lp1803707/deconstruct/2%3.36.1-1ubuntu1

Revision history for this message
Robie Basak (racb) wrote :

$ git range-diff old/debian..paelzer/lp1803707/logical/2%3.36.1-1ubuntu1 new/debian..paelzer/merge-1803707-disco-3.39-1
1: 58c31039 = 1: 8ebf867f - d/libnss3.links: make freebl3 available as library (LP: 1744328)
2: a75d84d4 = 2: c378d1eb - d/control: add dh-exec to Build-Depends
3: caf5abf5 = 3: f052d968 - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
4: 95c075a0 < -: -------- - When building with -O3 on ppc64el this FTBFS, build with -Wno-error=maybe-uninitialized to avoid that
-: -------- > 4: 527dabf0 merge-changelogs
-: -------- > 5: cdb3fef4 reconstruct-changelog
-: -------- > 6: bea8361d update-maintainer
-: -------- > 7: 4063cb52 changelog: clear changelog for merge
-: -------- > 8: eeeada1d changelog: add merge bug reference

All previous delta transferred correctly. Matches changelog entry. The changelog is correct with correct bug reference, version string and target release. The FTBFS drop makes sense - when it builds we'll see if it works, and if it does then dropping the FTBFS delta is obviously correct.

All changes dropped were appropriately dropped. All previous delta still kept is still correct and appropriate to keep. No new changes.

merge-changelogs and update-maintainer look applied correctly.

lgtm

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks, the PPA already shows that it builds fine.
And since I intend to go after NSPR there will be another build before the upload - so twice the build checks for extra confidence :-)

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Most of the qa tests didn't work at all, so I fell back to the tests in python-nss which at least had a few working. Those worked after the upgrade just as much.

NSPR (build-dep) is complete and nss rebuilt fine against it and all self tests were good.
Uploading ....

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/nss
 * [new tag] upload/2%3.39-1ubuntu1 -> upload/2%3.39-1ubuntu1

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading nss_3.39-1ubuntu1.dsc: done.
  Uploading nss_3.39.orig.tar.gz: done.
  Uploading nss_3.39-1ubuntu1.debian.tar.xz: done.
  Uploading nss_3.39-1ubuntu1_source.buildinfo: done.
  Uploading nss_3.39-1ubuntu1_source.changes: done.
Successfully uploaded packages.

https://launchpad.net/ubuntu/+source/nss/2:3.39-1ubuntu1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 8365a02..3a2a518 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,15 @@
6+nss (2:3.39-1ubuntu1) disco; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes (LP: #1803707):
9+ - d/libnss3.links: make freebl3 available as library (LP 1744328)
10+ - d/control: add dh-exec to Build-Depends
11+ - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
12+ * Dropped changes:
13+ - d/rules: when building with -O3 on ppc64el this FTBFS, build with
14+ -Wno-error=maybe-uninitialized to avoid that
15+
16+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Nov 2018 14:27:39 +0100
17+
18 nss (2:3.39-1) unstable; urgency=medium
19
20 * New upstream release.
21@@ -30,6 +42,23 @@ nss (2:3.37-1) unstable; urgency=medium
22
23 -- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900
24
25+nss (2:3.36.1-1ubuntu1) cosmic; urgency=medium
26+
27+ * Merge with Debian unstable. Remaining changes:
28+ - d/libnss3.links: make freebl3 available as library (LP 1744328)
29+ - d/control: add dh-exec to Build-Depends
30+ - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
31+ - d/rules: when building with -O3 on ppc64el this FTBFS, build with
32+ -Wno-error=maybe-uninitialized to avoid that
33+ * Dropped changes:
34+ - revert switching to SQL default format (LP: 1746947) Dropping this
35+ adresses (LP: #1747411) and effectively means we now switch to the new
36+ default format after we ensured all depending packages are ready.
37+ * Added changes:
38+ - d/rules: extended the FTBFS to -O3 on ppc64el to only apply on ppc64el
39+
40+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 07 May 2018 17:08:46 +0200
41+
42 nss (2:3.36.1-1) unstable; urgency=medium
43
44 * New upstream release.
45@@ -43,6 +72,25 @@ nss (2:3.36-1) unstable; urgency=medium
46
47 -- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900
48
49+nss (2:3.35-2ubuntu2) bionic; urgency=medium
50+
51+ * d/p/lp1746947-revert-switch-default-to-sql.patch: the switch of the
52+ default is still causing too much issues in consumers of nss.
53+ So until resolved revert the switched default (LP: #1746947)
54+
55+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Feb 2018 11:36:07 +0100
56+
57+nss (2:3.35-2ubuntu1) bionic; urgency=medium
58+
59+ * Merge with Debian unstable. Remaining changes:
60+ - When building with -O3, build with -Wno-error=maybe-uninitialized.
61+ * Added Changes:
62+ - d/libnss3.links: make freebl3 available as library (LP: #1744328)
63+ + d/control: add dh-exec to Build-Depends
64+ + d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
65+
66+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 30 Jan 2018 14:04:20 +0100
67+
68 nss (2:3.35-2) unstable; urgency=medium
69
70 * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
71@@ -61,6 +109,13 @@ nss (2:3.34.1-1) unstable; urgency=medium
72
73 -- Mike Hommey <glandium@debian.org> Fri, 05 Jan 2018 20:15:40 +0900
74
75+nss (2:3.34-1ubuntu1) bionic; urgency=medium
76+
77+ * Merge with Debian; remaining changes:
78+ - When building with -O3, build with -Wno-error=maybe-uninitialized.
79+
80+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 14 Dec 2017 09:18:47 -0500
81+
82 nss (2:3.34-1) unstable; urgency=medium
83
84 * New upstream release:
85@@ -85,6 +140,28 @@ nss (2:3.32-2) unstable; urgency=medium
86
87 -- Mike Hommey <glandium@debian.org> Mon, 28 Aug 2017 07:39:59 +0900
88
89+nss (2:3.32-1ubuntu3) artful; urgency=medium
90+
91+ * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
92+ - debian/patches/CVE-2017-7805.patch: Simplify handling of
93+ CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
94+ - CVE-2017-7805
95+
96+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 29 Sep 2017 12:17:39 -0400
97+
98+nss (2:3.32-1ubuntu2) artful; urgency=medium
99+
100+ * Initialise curve variable in a test file, resolves FTBFS.
101+
102+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 24 Aug 2017 07:21:27 -0400
103+
104+nss (2:3.32-1ubuntu1) artful; urgency=medium
105+
106+ * Merge with Debian; remaining changes:
107+ - When building with -O3, build with -Wno-error=maybe-uninitialized.
108+
109+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 23 Aug 2017 13:09:20 -0400
110+
111 nss (2:3.32-1) unstable; urgency=medium
112
113 * New upstream release.
114@@ -144,6 +221,39 @@ nss (2:3.27.1-1) experimental; urgency=medium
115
116 -- Mike Hommey <glandium@debian.org> Sat, 19 Nov 2016 08:29:17 +0900
117
118+nss (2:3.28.4-0ubuntu2) artful; urgency=medium
119+
120+ * SECURITY UPDATE: DoS via empty SSLv2 messages
121+ - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
122+ nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
123+ added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
124+ nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
125+ nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
126+ - CVE-2017-7502
127+
128+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Jun 2017 08:12:38 -0400
129+
130+nss (2:3.28.4-0ubuntu1) artful; urgency=medium
131+
132+ * Updated to upstream 3.28.4 to fix security issues and get a new CA
133+ certificate bundle.
134+ * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
135+ - CVE-2016-2183
136+ * SECURITY UPDATE: out-of-bounds write in Base64 decoding
137+ - CVE-2017-5461
138+ * debian/patches/*.patch: refreshed for new version.
139+ * debian/control: bump libnspr4-dev to 4.13.1.
140+ * debian/libnss3.symbols: added new symbols.
141+
142+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 27 Apr 2017 13:13:44 -0400
143+
144+nss (2:3.26.2-1ubuntu1) zesty; urgency=medium
145+
146+ * Merge with Debian; remaining changes:
147+ - When building with -O3, build with -Wno-error=maybe-uninitialized.
148+
149+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 02 Dec 2016 08:48:03 -0500
150+
151 nss (2:3.26.2-1) unstable; urgency=medium
152
153 * New upstream release.
154@@ -157,6 +267,13 @@ nss (2:3.26-2) unstable; urgency=medium
155
156 -- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2016 10:02:23 +0900
157
158+nss (2:3.26-1ubuntu1) yakkety; urgency=medium
159+
160+ * Merge with Debian; remaining changes:
161+ - When building with -O3, build with -Wno-error=maybe-uninitialized.
162+
163+ -- Matthias Klose <doko@ubuntu.com> Tue, 06 Sep 2016 14:39:56 +0200
164+
165 nss (2:3.26-1) unstable; urgency=medium
166
167 * New upstream release.
168@@ -171,6 +288,12 @@ nss (2:3.26-1) unstable; urgency=medium
169
170 -- Mike Hommey <glandium@debian.org> Tue, 16 Aug 2016 16:33:15 +0900
171
172+nss (2:3.25-1ubuntu1) yakkety; urgency=medium
173+
174+ * When building with -O3, build with -Wno-error=maybe-uninitialized.
175+
176+ -- Matthias Klose <doko@ubuntu.com> Thu, 04 Aug 2016 11:36:54 +0200
177+
178 nss (2:3.25-1) unstable; urgency=medium
179
180 * New upstream release.
181diff --git a/debian/control b/debian/control
182index 90afcdc..54c1ae6 100644
183--- a/debian/control
184+++ b/debian/control
185@@ -1,9 +1,11 @@
186 Source: nss
187 Section: libs
188 Priority: optional
189-Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
190+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
191+XSBC-Original-Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
192 Uploaders: Mike Hommey <glandium@debian.org>
193 Build-Depends: debhelper (>= 9.20160403),
194+ dh-exec,
195 dpkg-dev (>= 1.17.14),
196 libnspr4-dev (>= 2:4.12),
197 zlib1g-dev,
198diff --git a/debian/libnss3.links b/debian/libnss3.links
199new file mode 100755
200index 0000000..717ff94
201--- /dev/null
202+++ b/debian/libnss3.links
203@@ -0,0 +1,3 @@
204+#!/usr/bin/dh-exec
205+usr/lib/${DEB_HOST_MULTIARCH}/nss/libfreebl3.so usr/lib/${DEB_HOST_MULTIARCH}/libfreebl3.so
206+usr/lib/${DEB_HOST_MULTIARCH}/nss/libfreeblpriv3.so usr/lib/${DEB_HOST_MULTIARCH}/libfreeblpriv3.so
207diff --git a/debian/rules b/debian/rules
208index 880a07e..e5091f2 100755
209--- a/debian/rules
210+++ b/debian/rules
211@@ -175,7 +175,7 @@ override_dh_strip:
212
213 ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
214 # Check FIPS mode correctly works
215- mkdir debian/tmp
216+ mkdir -p debian/tmp
217 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null
218 LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null
219 endif

Subscribers

People subscribed via source and target branches