diff mbox series

[bug#55990,staging/core-updates] gnu: nss, nss-certs: Update to 3.78.

Message ID LrbVUVu9Vj5lQHfZlTEmfEWBNqgSIcGziWcgVysIdOMGv37-FuK7Lu8k_V2XAQQQMiJB-gzITAPVOmAnOH04hLIKiTWYQa77KZbVnUB831g=@protonmail.com
State Accepted
Headers show
Series [bug#55990,staging/core-updates] gnu: nss, nss-certs: Update to 3.78. | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

John Kehayias June 15, 2022, 3:44 a.m. UTC 
Hi Guix,

Over on IRC justkdng reported that nss was out of date: we have 3.72 and latest is 3.78. Well, there are sources for 3.79 but Mozilla says 3.78 is latest: https://firefox-source-docs.mozilla.org/security/nss/releases/index.html#mozilla-projects-nss-releases (and 3.79 failed to build for me...).

Part of the reason may be that guix refresh doesn't pick up a new version and says 3.72 is the latest. I did not investigate, but just noting it.

Attached is a patch to update nss and nss-certs to 3.78. I tested that they build on x86_64, including tests.

Since

$ guix refresh nss -l
Building the following 737 packages would ensure 1820 dependent packages are rebuilt...

I would guess this goes into either staging or core-updates, whatever will be merged next?

John

Comments

Liliana Marie Prikler June 15, 2022, 9:19 a.m. UTC | #1 
Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
> $ guix refresh nss -l
> Building the following 737 packages would ensure 1820 dependent
> packages are rebuilt...
1820 is core-updates material, but note that nss-certs has "only" 622
rebuilds.  Note that both should be grafted on master due to their
security relevance.

Also,
> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
> 
> * gnu/packages/nss.scm (nss): Update to 3.78.
> * gnu/packages/certs.scm (nss-certs): Likewise.
One package per patch, these are not linked.

Cheers
John Kehayias Aug. 29, 2022, 8:05 p.m. UTC | #2 
Hello,


On Wed, Jun 15, 2022 at 11:19 AM, Liliana Marie Prikler wrote:

> Am Mittwoch, dem 15.06.2022 um 03:44 +0000 schrieb John Kehayias:
>> $ guix refresh nss -l
>> Building the following 737 packages would ensure 1820 dependent
>> packages are rebuilt...
> 1820 is core-updates material, but note that nss-certs has "only" 622
> rebuilds.  Note that both should be grafted on master due to their
> security relevance.
>

Yes, you are right, sorry I missed that. But this has been supplanted by newer updates on the staging branch already. Closing.

> Also,
>> Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.
>>
>> * gnu/packages/nss.scm (nss): Update to 3.78.
>> * gnu/packages/certs.scm (nss-certs): Likewise.
> One package per patch, these are not linked.
>
> Cheers
diff mbox series

Patch

From 87e222ebcce5adff390a8f263aee9d022df48075 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Tue, 14 Jun 2022 23:41:22 -0400
Subject: [PATCH] gnu: nss, nss-certs: Update to 3.78.

* gnu/packages/nss.scm (nss): Update to 3.78.
* gnu/packages/certs.scm (nss-certs): Likewise.
---
 gnu/packages/certs.scm | 4 ++--
 gnu/packages/nss.scm   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 53fb027563..cad23d97a4 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -131,7 +131,7 @@  (define-public nss-certs
     ;; XXX We used to refer to the nss package here, but that eventually caused
     ;; module cycles.  The below is a quick copy-paste job that must be kept in
     ;; sync manually.  Surely there's a better way…?
-    (version "3.71")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -142,7 +142,7 @@  (define-public nss-certs
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 5e719ad5b8..b6d7b7891d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -112,7 +112,7 @@  (define-public nss
     (name "nss")
     ;; Also update and test the nss-certs package, which duplicates version and
     ;; source to avoid a top-level variable reference & module cycle.
-    (version "3.72")
+    (version "3.78")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -123,7 +123,7 @@  (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0bnh683nij6s0gvjcgwhyw5d3yx9fpm42pxj5bm97r0ky6ghm9kf"))
+                "0048lqnxfx0qd94adpb6a1cpsmcsggvq82p851ridhc7wx0z6mgl"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-- 
2.36.1