Closed Bug 507482 Opened 11 years ago Closed 11 years ago

NSS 3.12.3 (and later) doesn't build on AIX 5.1

Categories

(NSS :: Libraries, defect, P1, blocker)

3.12.3
PowerPC
AIX
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.4

People

(Reporter: nelson, Assigned: christophe.ravel.bugs)

References

()

Details

(Whiteboard: FIPS)

Attachments

(4 files)

Awwwwww FIPS!

We need to build 3.12.3 and/or 3.12.4 on AIX, but in softoknt.h

90 NSS_AUDIT_UNWRAP_KEY,
91 NSS_AUDIT_WRAP_KEY,
                     ^ AIX won't allow this
92 } NSSAuditType;
Priority: -- → P1
Whiteboard: FIPS
Target Milestone: --- → 3.12.4
Likewise, 
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/certi.h&rev=1.30&mark=371#368

368 typedef enum { 369 certRevocationStatusRevoked = 0, 370 certRevocationStatusValid = 1,
371 certRevocationStatusUnknown = 2,
                                   ^ AIX says no
372 } CERTRevocationStatus;
Assignee: nobody → christophe.ravel.bugs
Attachment #391895 - Flags: superreview?(glen.beasley)
Attachment #391895 - Flags: review?(nelson)
Not sure if this patch is within the FIPS boundaries. Asking for superreview from Glen anyway.
Attachment #391896 - Flags: superreview?(glen.beasley)
Attachment #391896 - Flags: review?(nelson)
"../../../../../../dist/private/nss/pkixt.h", line 503.30: 1506-275 (S) Unexpected text ',' encountered.
"../../../../../../dist/private/nss/pkixt.h", line 510.27: 1506-275 (S) Unexpected text ',' encountered.
Summary: softoken in NSS 3.12.3 (and later) doesn't build on AIX → NSS 3.12.3 (and later) doesn't build on AIX 5.1
Attachment #391898 - Flags: review?(nelson)
"/h/guybrush.red.iplanet.com/export/mccrel3/security/securitytip/builds/20090730.1/wozzeck_Solaris8/mozilla/security/nss/cmd/lib/pk11table.h", line 77.19: 1506-275 (S) Unexpected text ',' encountered.
"/h/guybrush.red.iplanet.com/export/mccrel3/security/securitytip/builds/20090730.1/wozzeck_Solaris8/mozilla/security/nss/cmd/lib/pk11table.h", line 106.21: 1506-275 (S) Unexpected text ',' encountered.
Attachment #391900 - Flags: review?(nelson)
Attachment #391896 - Flags: superreview?(glen.beasley) → superreview+
That seems to be all we need to build on AIX 5.1. I applied these 4 changes to my build workspace and the build is complete.
Attachment #391895 - Flags: review?(nelson) → review+
Comment on attachment 391895 [details] [diff] [review]
fix for softoknt.h (checked in)

I'm giving this patch r+ because it is correct.  But this code is clearly inside the FIPS boundary, so we need to decide if it can be committed now, or not.  
Glen?  Bob?
Comment on attachment 391896 [details] [diff] [review]
fix for certi.h (checked in)

This patch can go in immediately.  It is NOT inside the FIPS boundary.
Attachment #391896 - Flags: review?(nelson) → review+
Comment on attachment 391898 [details] [diff] [review]
fix for pkixt.h (checked in)

This patch can go in immediately since it is outside the FIPS boundary.
Attachment #391898 - Flags: review?(nelson) → review+
Comment on attachment 391900 [details] [diff] [review]
fix for pk11table.h (checked in)

I believe this fix can go in immediately, as it only affects a test program and not the libraries being FIPS validated.
Attachment #391900 - Flags: review?(nelson) → review+
Checking in lib/certdb/certi.h;
/cvsroot/mozilla/security/nss/lib/certdb/certi.h,v  <--  certi.h
new revision: 1.31; previous revision: 1.30
done
Checking in lib/libpkix/include/pkixt.h;
/cvsroot/mozilla/security/nss/lib/libpkix/include/pkixt.h,v  <--  pkixt.h
new revision: 1.19; previous revision: 1.18
done
Checking in cmd/lib/pk11table.h;
/cvsroot/mozilla/security/nss/cmd/lib/pk11table.h,v  <--  pk11table.h
new revision: 1.8; previous revision: 1.7
done
Attachment #391896 - Attachment description: fix for certi.h → fix for certi.h (checked in)
Attachment #391898 - Attachment description: fix for pkixt.h → fix for pkixt.h (checked in)
Attachment #391900 - Attachment description: fix for pk11table.h → fix for pk11table.h (checked in)
Attachment #391895 - Attachment description: fix for softoknt.h → fix for softoknt.h (waiting for FIPS approval)
Attachment #391895 - Flags: superreview?(glen.beasley) → superreview+
Checking in softoknt.h;
/cvsroot/mozilla/security/nss/lib/softoken/softoknt.h,v  <--  softoknt.h
new revision: 1.6; previous revision: 1.5
done
Comment on attachment 391895 [details] [diff] [review]
fix for softoknt.h (checked in)

Change approved for FIPS by the lab.
Attachment #391895 - Attachment description: fix for softoknt.h (waiting for FIPS approval) → fix for softoknt.h (checked in)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Duplicate of this bug: 512102
You need to log in before you can comment on or make changes to this bug.