[PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

  • Done
  • quality assurance status badge
Details
2 participants
  • John Kehayias
  • Liliana Marie Prikler
Owner
unassigned
Submitted by
John Kehayias
Severity
normal

Debbugs page

John Kehayias wrote 3 years ago
(name . Guix-patches)(address . guix-patches@gnu.org)
LrbVUVu9Vj5lQHfZlTEmfEWBNqgSIcGziWcgVysIdOMGv37-FuK7Lu8k_V2XAQQQMiJB-gzITAPVOmAnOH04hLIKiTWYQa77KZbVnUB831g=@protonmail.com
Hi Guix,

Over on IRC justkdng reported that nss was out of date: we have 3.72 and latest is 3.78. Well, there are sources for 3.79 but Mozilla says 3.78 is latest: https://firefox-source-docs.mozilla.org/security/nss/releases/index.html#mozilla-projects-nss-releases(and 3.79 failed to build for me...).

Part of the reason may be that guix refresh doesn't pick up a new version and says 3.72 is the latest. I did not investigate, but just noting it.

Attached is a patch to update nss and nss-certs to 3.78. I tested that they build on x86_64, including tests.

Since

$ guix refresh nss -l
Building the following 737 packages would ensure 1820 dependent packages are rebuilt...

I would guess this goes into either staging or core-updates, whatever will be merged next?

John
From 87e222ebcce5adff390a8f263aee9d022df48075 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Tue, 14 Jun 2022 23:41:22 -0400
Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

* gnu/packages/nss.scm (nss): Update to 3.78.
* gnu/packages/certs.scm (nss-certs): Likewise.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 53fb027563..cad23d97a4 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
;; XXX We used to refer to the nss package here, but that eventually caused
;; module cycles. The below is a quick copy-paste job that must be kept in
;; sync manually. Surely there's a better way…?
- (version "3.71")
+ (version "3.78")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
"nss-" version ".tar.gz")))
(sha256
(base32
- "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+ "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 5e719ad5b8..b6d7b7891d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -112,7 +112,7 @@ (define-public nss
(name "nss")
;; Also update and test the nss-certs package, which duplicates version and
;; source to avoid a top-level variable reference & module cycle.
- (version "3.72")
+ (version "3.78")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -123,7 +123,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "0bnh683nij6s0gvjcgwhyw5d3yx9fpm42pxj5bm97r0ky6ghm9kf"))
+ "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
--
2.36.1
Liliana Marie Prikler wrote 3 years ago
(name . John Kehayias)(address . john.kehayias@protonmail.com)(address . 55990@debbugs.gnu.org)
457a9efaf1d553494d749b1bde8217eb0d4d22e0.camel@ist.tugraz.at
Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
Toggle quote (3 lines)
> $ guix refresh nss -l
> Building the following 737 packages would ensure 1820 dependent
> packages are rebuilt...
1820 is core-updates material, but note that nss-certs has "only" 622
rebuilds. Note that both should be grafted on master due to their
security relevance.

Also,
Toggle quote (4 lines)
> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>
> * gnu/packages/nss.scm (nss): Update to 3.78.
> * gnu/packages/certs.scm (nss-certs): Likewise.
One package per patch, these are not linked.

Cheers
John Kehayias wrote 3 years ago
(name . Liliana Marie Prikler)(address . liliana.prikler@ist.tugraz.at)(address . 55990-done@debbugs.gnu.org)
87v8qa24uf.fsf@protonmail.com
Hello,


On Wed, Jun 15, 2022 at 11:19 AM, Liliana Marie Prikler wrote:

Toggle quote (9 lines)
> Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
>> $ guix refresh nss -l
>> Building the following 737 packages would ensure 1820 dependent
>> packages are rebuilt...
> 1820 is core-updates material, but note that nss-certs has "only" 622
> rebuilds. Note that both should be grafted on master due to their
> security relevance.
>

Yes, you are right, sorry I missed that. But this has been supplanted by newer updates on the staging branch already. Closing.

Toggle quote (8 lines)
> Also,
>> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>>
>> * gnu/packages/nss.scm (nss): Update to 3.78.
>> * gnu/packages/certs.scm (nss-certs): Likewise.
> One package per patch, these are not linked.
>
> Cheers
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 55990@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 55990
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help