Date: Thu, 28 Jul 2005 18:42:30 -0400 From: Mikhail Teterin <mi+mx@aldan.algebra.com> To: Joe Marcus Clarke <marcus@marcuscom.com> Cc: gnome@freebsd.org, kris@freebsd.org, Mikhail Teterin <mi+kde@aldan.algebra.com> Subject: Re: updating security/nss Message-ID: <200507281842.30681.mi%2Bmx@aldan.algebra.com> In-Reply-To: <1122529970.25076.15.camel@shumai.marcuscom.com> References: <200507272315.14407.mi%2Bmx@aldan.algebra.com> <200507280143.43228@aldan> <1122529970.25076.15.camel@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> http://www.marcuscom.com/downloads/nss.diff Ok. Here it is. I build both -- your version and mine and ran the vendor's tests (was a little trickier with yours, of course). The results (output.log, dbtest.log, cert.log) are exactly the same. Except in your version there is an unfixed complaint about using gets() in certutil. Here is where my version is better :-) 1.1) Your version seems to go through considerable pains to get and build nss-dbm-3.10.tar.gz -- mine just uses -lc's implementation (accomplished by the port's Makefile excluding dbm and by the new patch-sysdb patch). We do not need to build the Netscape's dbm part. Not for NSS, nor for the browsers... 1.2) Instead of zlib, my version uses -lz and does not install the bin/example and the bin/minigzip (accomplished by the port's Makefile excluding security/nss/cmd/zlib and by the new hunks in patch-cmd::platlibs.mk). 1.3) And, of course, my version makes running tests as easy as "make test" (test-target in the port's Makefile and patch-tests). 1.4) Perhaps, least importantly, I fix some warnings (including the gets()). Common shortcomings: 2.1) There is no need for patch-Makefile any more. Build seems to quietly skip the non-existing directories. But your version accidentally removed the $FreeBSD$ version from this patch, instead simply deleting it altogether. 2.2) In both of our versions there is a problem on amd64 :-( The crlutil appears to have a memory corruption -- look at output.log around the "Generating CRL for range 40-42 TestCA authority" on amd64. I intend to debug this with Purify on Linux/i386 and-or Solaris/sparc64 and report to maintainers. Now, not to be impolite, but merely blunt: after this examination, I do not see a single reason, why your version is better than mine. It is the same in some respects and worse in others. Honestly, you should just take mine -- unless you do find faults in it. But you'll need to conduct an examination of your own for that :-) Thank you. Yours, -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507281842.30681.mi%2Bmx>