[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nss security update package ready for review

Hi Antoine

I do not find it strange (as I was one of the two that did it). You
are supposed to keep the changelog as far as I know. I mirrored the
changes in stable/jessie. I never checked the unstable version (I do
not think I did at least).

However the resulting package was the same (as jessie at least) as I
copied most of the changes from there. The only thing that was kept
was the changelog and some minor things.

The reason why the test suite is not run during build is that some
tests failed. They were not essential for nss to work, but they failed
the build.

I agree with you that it is better to update to the later version if
this is just an upstream bugfix release.

Best regards

// Ola

On 30 November 2016 at 22:05, Antoine Beaupré <anarcat@orangeseeds.org> wrote:
> I have looked at updating the nss package in wheezy to cover for a new
> security issue that came up. The package is ready for testing in:
>
> https://people.debian.org/~anarcat/debian/wheezy-lts/
>
> The diff between the upstream 2.26.2 release and the 2.26 release in
> wheezy is fairly small, so I felt it was better to upload the new
> version than to backport the patch. The same probably applies to wheezy.
>
> (The backport of 2.26-1 to jessie and wheezy was a bit strange, if you
> ask me: instead of just taking the package from stretch and adding a new
> changelog entry, the package from wheezy was updated with the upstream
> source. That seems backwards to me, because it makes it harder to import
> new packages from stretch in the future: we're forced to extract the
> upstream tarball and the .debian.tar.gz file on top of it...)
>
> Here's the debdiff:
>
>  debian/changelog                                  |   12
>  debian/changelog.n                                |  839 ----------------------
>  nss/.hg_archival.txt                              |    4
>  nss/external_tests/ssl_gtest/ssl_auth_unittest.cc |   69 +
>  nss/external_tests/ssl_gtest/tls_parser.h         |    1
>  nss/lib/nss/nss.h                                 |    4
>  nss/lib/softoken/softkver.h                       |    4
>  nss/lib/ssl/ssl3con.c                             |   94 +-
>  nss/lib/util/nssutil.h                            |    4
>
> Note that I remove an odd changelog.n file that crept up in the previous
> upload, no idea what that thing was.
>
>
>
> I have yet to run the test suite, I am not sure why it's not being ran
> during build. I do not expect any significant regressions considering
> the change is so small, however.
>
> A.
>
> --
> One has a moral responsibility to disobey unjust laws.
>                         - Martin Luther King, Jr.
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
Reply to: