Drop sqlite3, nss and nspr backports from our APT repository (#6496) · Issues · tails / tails

Drop sqlite3, nss and nspr backports from our APT repository

Originally created by @intrigeri on #6496 (Redmine)

In bugfix/use-our-own-sqlite we have imported libnss3, libnss3-1d, libnspr4, libnspr4-0d, libsqlite3-0 and sqlite3 backports into our APT repository, as:

our current browser (24.2.0esr-0+tails3~bpo60+1) depends on these packages;
these packages were dropped from mozilla.debian.net’s squeeze-backports repository.

This workaround will (hopefully) be useless once we rebase the browser on Iceweasel 24.2.0esr-1.

Dropping these packages will make us install an old, unsafe version of NSS. We should therefore check that Iceweasel does not use the system one:

xulrunner 24.2.0esr-1 ships /usr/lib/xulrunner-24.0/libnss3.so, which the –0 one does not
xulrunner 24.2.0esr-1’s ldd /usr/lib/xulrunner-24.0/libxul.so says it is linked on the system /usr/lib/libnss3.so, but it says /usr/lib/xulrunner-24.0/libxul.so: /usr/lib/libsmime3.so: version `NSS_3.15' not found (required by /usr/lib/xulrunner-24.0/libxul.so); does this mean it won’t / can’t use the system NSS?
On Tails 0.22, lsof | grep nss | grep icew says it has loaded /lib/libnss_{nis,files,compat}, /usr/lib/libnss3.so and various libs from /usr/lib/nss/; while with 24.2.0esr-1, it has loaded /lib/libnss_{nis,files,compat} and /usr/lib/xulrunner-24.0/libnss*.so, so we should be safe.

Still, other apps will be using an old, unsafe NSS. Only Pidgin depends on this package. We should probably upload a fixed version to squeeze-backports: #6497 (closed).

Feature Branch: feature/torbrowser-24.2.0esr-1+tails1

Related issues

Blocks #6497 (closed)

_Originally created by @intrigeri on [#6496 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6496)_

In `bugfix/use-our-own-sqlite` we have imported `libnss3`, `libnss3-1d`,
`libnspr4`, `libnspr4-0d`, `libsqlite3-0` and `sqlite3` backports into
our APT repository, as:

1.  our current browser (24.2.0esr-0+tails3\~bpo60+1) depends on these
    packages;
2.  these packages were dropped from mozilla.debian.net’s
    squeeze-backports repository.

This workaround will (hopefully) be useless once we rebase the browser
on Iceweasel 24.2.0esr-1.

Dropping these packages will make us install an old, unsafe version of
NSS. We should therefore check that Iceweasel does *not* use the system
one:

- xulrunner 24.2.0esr-1 ships `/usr/lib/xulrunner-24.0/libnss3.so`,
    which the –0 one does not
  - xulrunner 24.2.0esr-1’s `ldd /usr/lib/xulrunner-24.0/libxul.so` says
    it is linked on the system `/usr/lib/libnss3.so`, but it says
    ``/usr/lib/xulrunner-24.0/libxul.so: /usr/lib/libsmime3.so: version
    `NSS_3.15' not found (required by
    /usr/lib/xulrunner-24.0/libxul.so)``; does this mean it won’t /
    can’t use the system NSS?
  - On Tails 0.22, `lsof | grep nss | grep icew` says it has loaded
    `/lib/libnss_{nis,files,compat}`, `/usr/lib/libnss3.so` and various
    libs from `/usr/lib/nss/`; while with 24.2.0esr-1, it has loaded
    `/lib/libnss_{nis,files,compat}` and
    `/usr/lib/xulrunner-24.0/libnss*.so`, so we should be safe.

Still, other apps will be using an old, unsafe NSS. Only Pidgin depends
on this package. We should probably upload a fixed version to
squeeze-backports: tails/tails#6497.

Feature Branch: feature/torbrowser-24.2.0esr-1+tails1

### Related issues

- **Blocks** tails/tails#6497

Edited May 15, 2020 by intrigeri

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.