|
| From: | guix-commits |
| Subject: | 04/34: gnu: NSS: Update to 3.55 [security fixes]. |
| Date: | Sat, 25 Jul 2020 14:53:57 -0400 (EDT) |
mbakke pushed a commit to branch wip-staging
in repository guix.
commit 4c19be148566c1666996322981980d6c1b82f765
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Fri Jul 24 21:17:53 2020 +0200
gnu: NSS: Update to 3.55 [security fixes].
This release fixes CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and
CVE-2020-12403.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust patch context.
* gnu/packages/nss.scm (nss): Update to 3.55.
[arguments]: Add "all" to #:make-flags. Remove obsolete deletions.
* gnu/packages/certs.scm (nss-certs): Update to 3.55.
---
gnu/packages/certs.scm | 4 ++--
gnu/packages/nss.scm | 18 +++++-------------
gnu/packages/patches/nss-pkgconfig.patch | 5 ++++-
3 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7f4dca5..b892c2a 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -76,7 +76,7 @@
(define-public nss-certs
(package
(name "nss-certs")
- (version "3.52.1")
+ (version "3.55")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -87,7 +87,7 @@
"nss-" version ".tar.gz")))
(sha256
(base32
- "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))))
+ "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))))
(build-system gnu-build-system)
(outputs '("out"))
(native-inputs
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 67894a0..7d324d9 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -72,7 +72,7 @@ in the Mozilla clients.")
(define-public nss
(package
(name "nss")
- (version "3.52.1")
+ (version "3.55")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -83,7 +83,7 @@ in the Mozilla clients.")
"nss-" version ".tar.gz")))
(sha256
(base32
- "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))
+ "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-increase-test-timeout.patch"))
@@ -108,7 +108,8 @@ in the Mozilla clients.")
(string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
;; Add $out/lib/nss to RPATH.
(string-append "RPATH=" rpath)
- (string-append "LDFLAGS=" rpath)))
+ (string-append "LDFLAGS=" rpath)
+ "all"))
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)
@@ -138,7 +139,7 @@ in the Mozilla clients.")
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2020-02-01" "./nss/tests/all.sh")))
+ (invoke "faketime" "2020-07-01" "./nss/tests/all.sh")))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@@ -160,15 +161,6 @@ in the Mozilla clients.")
(copy-recursively "dist/public/nss" inc)
(copy-recursively (string-append obj "/bin") bin)
(copy-recursively (string-append obj "/lib") lib)
-
- ;; FIXME: libgtest1.so is installed in the above step, and
it's
- ;; (unnecessarily) linked with several NSS libraries, but
- ;; without the needed rpaths, causing the 'validate-runpath'
- ;; phase to fail. Here we simply delete libgtest1.so, since
it
- ;; seems to be used only during the tests.
- (delete-file (string-append lib "/libgtest1.so"))
- (delete-file (string-append lib "/libgtestutil.so"))
-
#t))))))
(inputs
`(("sqlite" ,sqlite)
diff --git a/gnu/packages/patches/nss-pkgconfig.patch
b/gnu/packages/patches/nss-pkgconfig.patch
index e3145aa..4b9e050 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -217,9 +217,12 @@ Later adapted to apply cleanly to nss-3.21.
+
--- nss-3.21/nss/manifest.mn
+++ nss-3.21/nss/manifest.mn
-@@ -10,4 +10,4 @@
+@@ -10,7 +10,7 @@
RELEASE = nss
-DIRS = coreconf lib cmd cpputil gtests
+DIRS = coreconf lib cmd cpputil gtests config
+
+ lib: coreconf
+ cmd: lib
| [Prev in Thread] | Current Thread | [Next in Thread] |