Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 780684 - app-arch/rpm: switch to new crypto provider (NSS is deprecated)
Summary: app-arch/rpm: switch to new crypto provider (NSS is deprecated)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Tony Vroon (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-07 01:56 UTC by Sam James
Modified: 2021-04-13 19:17 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-07 01:56:41 UTC 
configure in 4.16.0 mentions that NSS is deprecated. Only libgcrypt (default) and OpenSSL are supported now.
Comment 1 Larry the Git Cow gentoo-dev 2021-04-07 01:58:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7be914d238d7bba1728477547008e4efdf9bb8d4

commit 7be914d238d7bba1728477547008e4efdf9bb8d4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-04-07 01:52:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-04-07 01:57:42 +0000

    app-arch/rpm: add note about NSS deprecation to ebuild
    
    4.16.0 warns:
    "configure: WARNING: Using the nss library with rpm is deprecated and
    support will be removed in a future release!"
    
    Only libgcrypt (default) and openssl are not deprecated. Need to consider
    this for a revbump or future releases.
    
    Bug: https://bugs.gentoo.org/780684
    Signed-off-by: Sam James <sam@gentoo.org>

 app-arch/rpm/rpm-4.16.0.ebuild | 4 ++++
 1 file changed, 4 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2021-04-13 19:17:17 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46e2330f712a1c60bed71abc25eea1f4f499f150

commit 46e2330f712a1c60bed71abc25eea1f4f499f150
Author:     Tony Vroon <chainsaw@gentoo.org>
AuthorDate: 2021-04-13 19:16:21 +0000
Commit:     Tony Vroon <chainsaw@gentoo.org>
CommitDate: 2021-04-13 19:17:12 +0000

    app-arch/rpm: Version bump to 4.16.1.3
    
    Switch to new crypto provider libgcrypt, as NSS is deprecated. As flagged
    up by Sam James in bug #780684. This has potential to address some test
    suite failures, but even with -usersandbox I still drown in a sea of:
    mktemp: failed to create file via template
    '/var/tmp/portage/app-arch/rpm-4.16.1.3/temp/rpmXXXXXX':
    No such file or directory
    
    Addresses CVE-2021-20271, a security vulnerability in the signature check
    functionality. Also addresses undisclosed vulnerability CVE-2021-3421.
    As flagged up by John "ajak" Helmert III in bug #778533
    
    Bug: https://bugs.gentoo.org/778533
    Closes: https://bugs.gentoo.org/780684
    Signed-Off-By: Tony Vroon <chainsaw@gentoo.org>
    Package-Manager: Portage-3.0.17, Repoman-3.0.2

 app-arch/rpm/Manifest                        |   1 +
 app-arch/rpm/files/rpm-4.16.1.3-libdir.patch |  34 ++++++
 app-arch/rpm/rpm-4.16.1.3.ebuild             | 148 +++++++++++++++++++++++++++
 3 files changed, 183 insertions(+)