guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

04/34: gnu: NSS: Update to 3.55 [security fixes].


From: guix-commits
Subject: 04/34: gnu: NSS: Update to 3.55 [security fixes].
Date: Sat, 25 Jul 2020 16:46:37 -0400 (EDT)

mbakke pushed a commit to branch staging
in repository guix.

commit 4c19be148566c1666996322981980d6c1b82f765
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Fri Jul 24 21:17:53 2020 +0200

    gnu: NSS: Update to 3.55 [security fixes].
    
    This release fixes CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and
    CVE-2020-12403.
    
    * gnu/packages/patches/nss-pkgconfig.patch: Adjust patch context.
    * gnu/packages/nss.scm (nss): Update to 3.55.
    [arguments]: Add "all" to #:make-flags.  Remove obsolete deletions.
    * gnu/packages/certs.scm (nss-certs): Update to 3.55.
---
 gnu/packages/certs.scm                   |  4 ++--
 gnu/packages/nss.scm                     | 18 +++++-------------
 gnu/packages/patches/nss-pkgconfig.patch |  5 ++++-
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7f4dca5..b892c2a 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -76,7 +76,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.52.1")
+    (version "3.55")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -87,7 +87,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))))
+                "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 67894a0..7d324d9 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -72,7 +72,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.52.1")
+    (version "3.55")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -83,7 +83,7 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))
+                "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-pkgconfig.patch"
                                        "nss-increase-test-timeout.patch"))
@@ -108,7 +108,8 @@ in the Mozilla clients.")
                (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
                ;; Add $out/lib/nss to RPATH.
                (string-append "RPATH=" rpath)
-               (string-append "LDFLAGS=" rpath)))
+               (string-append "LDFLAGS=" rpath)
+               "all"))
        #:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (ice-9 ftw)
@@ -138,7 +139,7 @@ in the Mozilla clients.")
              ;; leading to test failures:
              ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
              ;; work around that, set the time to roughly the release date.
-             (invoke "faketime" "2020-02-01" "./nss/tests/all.sh")))
+             (invoke "faketime" "2020-07-01" "./nss/tests/all.sh")))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out"))
@@ -160,15 +161,6 @@ in the Mozilla clients.")
                  (copy-recursively "dist/public/nss" inc)
                  (copy-recursively (string-append obj "/bin") bin)
                  (copy-recursively (string-append obj "/lib") lib)
-
-                 ;; FIXME: libgtest1.so is installed in the above step, and 
it's
-                 ;; (unnecessarily) linked with several NSS libraries, but
-                 ;; without the needed rpaths, causing the 'validate-runpath'
-                 ;; phase to fail.  Here we simply delete libgtest1.so, since 
it
-                 ;; seems to be used only during the tests.
-                 (delete-file (string-append lib "/libgtest1.so"))
-                 (delete-file (string-append lib "/libgtestutil.so"))
-
                  #t))))))
     (inputs
      `(("sqlite" ,sqlite)
diff --git a/gnu/packages/patches/nss-pkgconfig.patch 
b/gnu/packages/patches/nss-pkgconfig.patch
index e3145aa..4b9e050 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -217,9 +217,12 @@ Later adapted to apply cleanly to nss-3.21.
 +
 --- nss-3.21/nss/manifest.mn
 +++ nss-3.21/nss/manifest.mn
-@@ -10,4 +10,4 @@
+@@ -10,7 +10,7 @@
  
  RELEASE = nss
  
 -DIRS = coreconf lib cmd cpputil gtests
 +DIRS = coreconf lib cmd cpputil gtests config
+ 
+ lib: coreconf
+ cmd: lib



reply via email to

[Prev in Thread] Current Thread [Next in Thread]