[bug#55990] [PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

[bug#55990] [PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

[John Kehayias via Guix-patches via]

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

Hi Guix,

Over on IRC justkdng reported that nss was out of date: we have 3.72 and latest is 3.78. Well, there are sources for 3.79 but Mozilla says 3.78 is latest: https://firefox-source-docs.mozilla.org/security/nss/releases/index.html#mozilla-projects-nss-releases (and 3.79 failed to build for me...).

Part of the reason may be that guix refresh doesn't pick up a new version and says 3.72 is the latest. I did not investigate, but just noting it.

Attached is a patch to update nss and nss-certs to 3.78. I tested that they build on x86_64, including tests.

Since

$ guix refresh nss -l
Building the following 737 packages would ensure 1820 dependent packages are rebuilt...

I would guess this goes into either staging or core-updates, whatever will be merged next?

John

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-nss-nss-certs-Update-to-3.78.patch --]
[-- Type: text/x-patch; name=0001-gnu-nss-nss-certs-Update-to-3.78.patch, Size: 2458 bytes --]

From 87e222ebcce5adff390a8f263aee9d022df48075 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Tue, 14 Jun 2022 23:41:22 -0400
Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

* gnu/packages/nss.scm (nss): Update to 3.78.
* gnu/packages/certs.scm (nss-certs): Likewise.
---
 gnu/packages/certs.scm | 4 ++--
 gnu/packages/nss.scm   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 53fb027563..cad23d97a4 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@ (define-public nss-certs
     ;; XXX We used to refer to the nss package here, but that eventually caused
     ;; module cycles.  The below is a quick copy-paste job that must be kept in
     ;; sync manually.  Surely there's a better way…?
-    (version "3.71")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -142,7 +142,7 @@ (define-public nss-certs
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 5e719ad5b8..b6d7b7891d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -112,7 +112,7 @@ (define-public nss
     (name "nss")
     ;; Also update and test the nss-certs package, which duplicates version and
     ;; source to avoid a top-level variable reference & module cycle.
-    (version "3.72")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -123,7 +123,7 @@ (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0bnh683nij6s0gvjcgwhyw5d3yx9fpm42pxj5bm97r0ky6ghm9kf"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-- 
2.36.1

[bug#55990] [PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

[Liliana Marie Prikler]

Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
> $ guix refresh nss -l
> Building the following 737 packages would ensure 1820 dependent
> packages are rebuilt...
1820 is core-updates material, but note that nss-certs has "only" 622
rebuilds.  Note that both should be grafted on master due to their
security relevance.

Also,
> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
> 
> * gnu/packages/nss.scm (nss): Update to 3.78.
> * gnu/packages/certs.scm (nss-certs): Likewise.
One package per patch, these are not linked.

Cheers

bug#55990: [PATCH staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

[John Kehayias via Guix-patches via]

Hello,


On Wed, Jun 15, 2022 at 11:19 AM, Liliana Marie Prikler wrote:

> Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
>> $ guix refresh nss -l
>> Building the following 737 packages would ensure 1820 dependent
>> packages are rebuilt...
> 1820 is core-updates material, but note that nss-certs has "only" 622
> rebuilds.  Note that both should be grafted on master due to their
> security relevance.
>

Yes, you are right, sorry I missed that. But this has been supplanted by newer updates on the staging branch already. Closing.

> Also,
>> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>>
>> * gnu/packages/nss.scm (nss): Update to 3.78.
>> * gnu/packages/certs.scm (nss-certs): Likewise.
> One package per patch, these are not linked.
>
> Cheers