[PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

John Kehayias wrote on 15 Jun 2022 05:44

Recipients:(name . Guix-patches)(address . guix-patches@gnu.org)

Message-ID:LrbVUVu9Vj5lQHfZlTEmfEWBNqgSIcGziWcgVysIdOMGv37-FuK7Lu8k_V2XAQQQMiJB-gzITAPVOmAnOH04hLIKiTWYQa77KZbVnUB831g=@protonmail.com

Hi Guix,

Over on IRC justkdng reported that nss was out of date: we have 3.72 and latest is 3.78. Well, there are sources for 3.79 but Mozilla says 3.78 is latest: https://firefox-source-docs.mozilla.org/security/nss/releases/index.html#mozilla-projects-nss-releases(and 3.79 failed to build for me...).

Part of the reason may be that guix refresh doesn't pick up a new version and says 3.72 is the latest. I did not investigate, but just noting it.

Attached is a patch to update nss and nss-certs to 3.78. I tested that they build on x86_64, including tests.

Since

$ guix refresh nss -l

Building the following 737 packages would ensure 1820 dependent packages are rebuilt...

I would guess this goes into either staging or core-updates, whatever will be merged next?

John

From 87e222ebcce5adff390a8f263aee9d022df48075 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Tue, 14 Jun 2022 23:41:22 -0400
Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

* gnu/packages/nss.scm (nss): Update to 3.78.
* gnu/packages/certs.scm (nss-certs): Likewise.
---
 gnu/packages/certs.scm | 4 ++--
 gnu/packages/nss.scm   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

Toggle diff (46 lines)diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 53fb027563..cad23d97a4 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
     ;; XXX We used to refer to the nss package here, but that eventually caused
     ;; module cycles.  The below is a quick copy-paste job that must be kept in
     ;; sync manually.  Surely there's a better way…?
-    (version "3.71")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 5e719ad5b8..b6d7b7891d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -112,7 +112,7 @@ (define-public nss
     (name "nss")
     ;; Also update and test the nss-certs package, which duplicates version and
     ;; source to avoid a top-level variable reference & module cycle.
-    (version "3.72")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -123,7 +123,7 @@ (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0bnh683nij6s0gvjcgwhyw5d3yx9fpm42pxj5bm97r0ky6ghm9kf"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-- 
2.36.1

Liliana Marie Prikler wrote on 15 Jun 2022 11:19

Recipients:

Message-ID:457a9efaf1d553494d749b1bde8217eb0d4d22e0.camel@ist.tugraz.at

Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:

Toggle quote (3 lines)

> $ guix refresh nss -l

> Building the following 737 packages would ensure 1820 dependent

> packages are rebuilt...

1820 is core-updates material, but note that nss-certs has "only" 622

rebuilds. Note that both should be grafted on master due to their

security relevance.

Also,

Toggle quote (4 lines)

> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

> * gnu/packages/nss.scm (nss): Update to 3.78.

> * gnu/packages/certs.scm (nss-certs): Likewise.

One package per patch, these are not linked.

Cheers

John Kehayias wrote on 29 Aug 2022 22:05

Recipients:(name . Liliana Marie Prikler)(address . liliana.prikler@ist.tugraz.at)(address . 55990-done@debbugs.gnu.org)

Message-ID:87v8qa24uf.fsf@protonmail.com

Hello,

On Wed, Jun 15, 2022 at 11:19 AM, Liliana Marie Prikler wrote:

Toggle quote (9 lines)

> Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:

>> $ guix refresh nss -l

>> Building the following 737 packages would ensure 1820 dependent

>> packages are rebuilt...

> 1820 is core-updates material, but note that nss-certs has "only" 622

> rebuilds. Note that both should be grafted on master due to their

> security relevance.

Yes, you are right, sorry I missed that. But this has been supplanted by newer updates on the staging branch already. Closing.

Toggle quote (8 lines)> Also,
>> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>>
>> * gnu/packages/nss.scm (nss): Update to 3.78.
>> * gnu/packages/certs.scm (nss-certs): Likewise.
> One package per patch, these are not linked.
>
> Cheers

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 55990@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date