Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Oct 2013 00:33:53 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: commit 47a2724 removed NSS and NSPR  runtime version checks from
 --list=build-info

... to avoid conflicts in case the runtime version is too old.

I suggest re-adding that information, at least for DEBUG builds.


According to
https://bugzilla.mozilla.org/show_bug.cgi?id=673115
the functionality to report the NSS runtime version has been added on
2011-08-01 00:08:40 PDT for 3.13.

On my Fedora 18 system (Fedora 18 most likely reaches end of life in
december) I have NSS library version 3.15.2.

On August, 19th, when I built john on bull, bull had
NSS library version: 3.14.3.0
NSPR library version: 4.9.5

Since
https://bugzilla.mozilla.org/show_bug.cgi?id=673381
the runtime version is available at the end of the about:support info in
firefox (added upstream on 2012-03-13 05:42:37 PDT):


On my Fedora 18 system, about:support shows these library versions (at
the end of the page, after tons of other more or less useful stuff):

Library Versions
	Expected minimum version	Version in use
NSPR	4.10	4.10.1
NSS	3.15.1	3.15.2 Extended ECC
NSSSMIME	3.15.1	3.15.2 Extended ECC
NSSSSL	3.15.1	3.15.2 Extended ECC
NSSUTIL	3.15.1	3.15.2

So, firefox 24.0 requires at least NSS library version 3.15.1.


Are there really any systems around where NSS library version is smaller
than 3.13?
Since magnum removed that functionality, may be he had a system with an
older runtime version?


Can we at least re-add the runtime library version withing #ifdef DEBUG
... #endif?


The same applies to the runtime info of the NSPR library version that
has been implemented with version 4.8.9, had been added to
--list=build-info with commit 03234df.
I'd also like to see that information.

May be just use #ifdef DEBUG ... #endif as well.
Then, there is a way to get this information.
(If the DEBUG version causes a run time error, that's useful information
as well.)
And it is easier to permanently add this information even without #ifdef
DEBUG, once we are sure nobody is using libraries that old anymore.


When I first committed the --list=build-info change to report the NSS
and NSPR library version (commit 81ef017, Sun Dec 30 19:35:13 2012
+0100; that was still on john.c instead of listconf.c), I had a system with
NSS library version: 3.13.6.0       (loaded: 3.14.0.1 Extended ECC)
NSPR library version: 4.9.2

(Apparently, I used the available NSS library update to test the
reporting of a different runtime version of the NSS library.
Probably NSPR had been updated as well. But I don't know what the NSPR
run time version was at that time.
I would need to dig through my old backups to find out which Fedora
version and which NSPR library version I used at that time. But I don't
think I want to spend time on that.
Fedora 18 had been released on 2013-01-15, so it was either Fedora 16 or
Fedora 17.)

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ