Implement version check for NSS
The configure script does not detect a version incompatibility, resulting in failing builds. This is especially relevant on stable release GNU/Linux distributions which do not ship the latest NSS libraries in the stock repositories.
Steps to reproduce:
- Install a distributions NSS libraries/development package, i.e. on openSUSE "mozilla-nss-devel", ensuring the version you install is < 3.54. If the tool
nss-configis installed, the version can be verified using
nss-config --version(however this binary is usually shipped in a separate package).
- Download Tor sources.
What is the current bug behavior?
If the installed NSS libraries are not new enough, make will fail:
make all-am make: Entering directory '/home/georg/new/tor' CC src/lib/crypt_ops/src_lib_libtor_crypt_ops_a-crypto_rand.o In file included from src/lib/crypt_ops/crypto_rand.c:53:0: /usr/include/nss3/pk11pub.h:951:1: error: function declaration isn’t a prototype [-Werror=strict-prototypes] int SECMOD_GetSystemFIPSEnabled(); ^~~ cc1: all warnings being treated as errors make: *** [Makefile:15160: src/lib/crypt_ops/src_lib_libtor_crypt_ops_a-crypto_rand.o] Error 1 make: Leaving directory '/home/georg/new/tor' make: *** [Makefile:6180: all] Error 2
What is the expected behavior?
The configure script should detect this and complain before the user attempts to compile the software. The configure output should show
libnss (--enable-nss): as "no" and print a warning if the installed NSS libraries version is lower than 3.55.
- Tested on 0.4.6.4-rc and 0.4.5.8
- Tested on openSUSE Leap 15.2
- Tested with Source tarballs as well as Git repository clone
Alternatively to upgrading the package, the user can work around the issue by manually editing /usr/include/nss3/pk11pub.h (location might be different between distributions) and performing the following change at the end of the file: