Merge ~lucaskanashiro/ubuntu/+source/nss:focal-merge-3.49.1-1 into ubuntu/+source/nss:debian/sid

Proposed by Lucas Kanashiro
Status: Merged
Approved by: Andreas Hasenack
Approved revision: a9ecbd25eac7c9cc2eaec18d4cd7ea68b9a21f88
Merge reported by: Andreas Hasenack
Merged at revision: a9ecbd25eac7c9cc2eaec18d4cd7ea68b9a21f88
Proposed branch: ~lucaskanashiro/ubuntu/+source/nss:focal-merge-3.49.1-1
Merge into: ubuntu/+source/nss:debian/sid
Diff against target: 437 lines (+282/-2)
7 files modified
debian/changelog (+207/-0)
debian/control (+3/-1)
debian/libnss3.links (+3/-0)
debian/patches/disable_fips_enabled_read.patch (+49/-0)
debian/patches/series (+2/-0)
debian/patches/set-tls1.2-as-minimum.patch (+17/-0)
debian/rules (+1/-1)
Reviewer Review Type Date Requested Status
Canonical Server Pending
Andreas Hasenack Pending
Review via email: mp+377965@code.qastaging.launchpad.net

Description of the change

Merge version 2:3.49.1-1 from Debian. This version fixes a FTBFS on armhf, here are the changes:

  * New upstream release.
  * nss/lib/freebl/Makefile: Revert change from 2:3.48-1.
  * nss/coreconf/config.gypi, nss/lib/freebl/Makefile,
    nss/lib/freebl/aes-armv8.c, nss/lib/freebl/freebl.gyp,
    nss/lib/freebl/gcm-arm32-neon.c, nss/lib/freebl/gcm.c,
    nss/lib/freebl/rijndael.c: Fix freebl arm NEON code use, fixing FTBFS
    on armhf, and enabling runtime detection of NEON on armel. bz#1608327
  * Fixes CVE-2019-17023.

Our delta kept the same:

    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
    - Set TLSv1.2 as minimum TLS version. LP #1856428

The package builds fine all architectures as you can see in my PPA:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/focal-nss-merge-3.49.1-1

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagging and uploading a9ecbd25eac7c9cc2eaec18d4cd7ea68b9a21f88:

$ git push pkg upload/2%3.49.1-1ubuntu1
Enumerating objects: 44, done.
Counting objects: 100% (44/44), done.
Delta compression using up to 4 threads
Compressing objects: 100% (25/25), done.
Writing objects: 100% (37/37), 6.71 KiB | 312.00 KiB/s, done.
Total 37 (delta 16), reused 30 (delta 12)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/nss
 * [new tag] upload/2%3.49.1-1ubuntu1 -> upload/2%3.49.1-1ubuntu1

$ dput ubuntu ../nss_3.49.1-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../nss_3.49.1-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../nss_3.49.1-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading nss_3.49.1-1ubuntu1.dsc: done.
  Uploading nss_3.49.1.orig.tar.gz: done.
  Uploading nss_3.49.1-1ubuntu1.debian.tar.xz: done.
  Uploading nss_3.49.1-1ubuntu1_source.buildinfo: done.
  Uploading nss_3.49.1-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Please check its migration, thanks.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated into focal.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches