[PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

OpenSubmitted by John Kehayias.
Details
2 participants
  • John Kehayias
  • Liliana Marie Prikler
Owner
unassigned
Severity
normal
J
J
John Kehayias wrote on 15 Jun 05:44 +0200
(name . Guix-patches)(address . guix-patches@gnu.org)
LrbVUVu9Vj5lQHfZlTEmfEWBNqgSIcGziWcgVysIdOMGv37-FuK7Lu8k_V2XAQQQMiJB-gzITAPVOmAnOH04hLIKiTWYQa77KZbVnUB831g=@protonmail.com
Hi Guix,

Over on IRC justkdng reported that nss was out of date: we have 3.72 and latest is 3.78. Well, there are sources for 3.79 but Mozilla says 3.78 is latest: https://firefox-source-docs.mozilla.org/security/nss/releases/index.html#mozilla-projects-nss-releases(and 3.79 failed to build for me...).

Part of the reason may be that guix refresh doesn't pick up a new version and says 3.72 is the latest. I did not investigate, but just noting it.

Attached is a patch to update nss and nss-certs to 3.78. I tested that they build on x86_64, including tests.

Since

$ guix refresh nss -l
Building the following 737 packages would ensure 1820 dependent packages are rebuilt...

I would guess this goes into either staging or core-updates, whatever will be merged next?

John
From 87e222ebcce5adff390a8f263aee9d022df48075 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Tue, 14 Jun 2022 23:41:22 -0400
Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

* gnu/packages/nss.scm (nss): Update to 3.78.
* gnu/packages/certs.scm (nss-certs): Likewise.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 53fb027563..cad23d97a4 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
     ;; XXX We used to refer to the nss package here, but that eventually caused
     ;; module cycles.  The below is a quick copy-paste job that must be kept in
     ;; sync manually.  Surely there's a better way…?
-    (version "3.71")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 5e719ad5b8..b6d7b7891d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -112,7 +112,7 @@ (define-public nss
     (name "nss")
     ;; Also update and test the nss-certs package, which duplicates version and
     ;; source to avoid a top-level variable reference & module cycle.
-    (version "3.72")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -123,7 +123,7 @@ (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0bnh683nij6s0gvjcgwhyw5d3yx9fpm42pxj5bm97r0ky6ghm9kf"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-- 
2.36.1
L
L
Liliana Marie Prikler wrote on 15 Jun 11:19 +0200
457a9efaf1d553494d749b1bde8217eb0d4d22e0.camel@ist.tugraz.at
Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
Toggle quote (3 lines)
> $ guix refresh nss -l
> Building the following 737 packages would ensure 1820 dependent
> packages are rebuilt...
1820 is core-updates material, but note that nss-certs has "only" 622
rebuilds. Note that both should be grafted on master due to their
security relevance.

Also,
Toggle quote (4 lines)
> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>
> * gnu/packages/nss.scm (nss): Update to 3.78.
> * gnu/packages/certs.scm (nss-certs): Likewise.
One package per patch, these are not linked.

Cheers
?