From patchwork Thu May 8 00:06:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Eure X-Patchwork-Id: 42382 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 11C4A27BC4B; Thu, 8 May 2025 01:07:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4B21927BC49 for ; Thu, 8 May 2025 01:07:23 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uConC-0003Ch-Nj; Wed, 07 May 2025 20:07:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uCon4-0003Br-Lq for guix-patches@gnu.org; Wed, 07 May 2025 20:07:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uCon2-0005Ws-Na for guix-patches@gnu.org; Wed, 07 May 2025 20:07:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=iNkisRNV9cmKuH5vpfiFZ2w1Jjtd4JgAlzIexLzj4p8=; b=UI6KPYwHrsO9SldJnSKamcHC+Dh/XT5wGpoUrE4/ZhrKFDzPUCGy3hyikJMBM2QMUjZemB3/m3YWEocbbrEd70LGfEifS332jFFTBxVzfCOCtnL0KlA9Y0Lo37IbOmzVNeNgPZtIISu+Y8xC9bZyxwlNukHAObgnqbNZSN++hSHjhj6BZ+k29RMC3JuU1i5Uii/1k2ydgX45Ar2GtXzeOeQ3NT28oTp4xdCGGvyLCH3Yiqh/nlqx0+UCFYYZQtq2gq62FQlBmLwQdd1uxl90lhwddztl+5ZD3KYeayYvM5tSCJ+jgRRzwA1Niew4T3lroQMGlVPhjsm2dD5iC99h6g==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uCon2-0001aL-HG for guix-patches@gnu.org; Wed, 07 May 2025 20:07:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#73152] [PATCH v3 6/7] gnu: nss: Update to 3.101.3. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 08 May 2025 00:07:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73152 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73152@debbugs.gnu.org Cc: Ian Eure Received: via spool by 73152-submit@debbugs.gnu.org id=B73152.17466627965975 (code B ref 73152); Thu, 08 May 2025 00:07:04 +0000 Received: (at 73152) by debbugs.gnu.org; 8 May 2025 00:06:36 +0000 Received: from localhost ([127.0.0.1]:50039 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uComZ-0001YH-D6 for submit@debbugs.gnu.org; Wed, 07 May 2025 20:06:35 -0400 Received: from fhigh-b5-smtp.messagingengine.com ([202.12.124.156]:40579) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uComR-0001WZ-Iv for 73152@debbugs.gnu.org; Wed, 07 May 2025 20:06:28 -0400 Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id 279E5254009B; Wed, 7 May 2025 20:06:22 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Wed, 07 May 2025 20:06:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1746662782; x= 1746749182; bh=iNkisRNV9cmKuH5vpfiFZ2w1Jjtd4JgAlzIexLzj4p8=; b=O 8OJQyd9FKCO59oImY5zhix27teA/gKfFsHi9EsA1bQliFWyL8OwYL/eMwU+p3Y/u 19bmpJW2WEduU//Rqf6Iv3bIlTqBgNu3s2kIndNp/knv/9iB1995dbxKIxIrUHTt fJTLWXJBZ4nVirVfy3EQ9HZmT5r2GuTKEBHqRtHzc+EZYBkeVdY2fhKOTOlwvPUw DavsN/lAwOukvxEs2jleJbS85M5/QKGEP9mqukGn86asSqgEKmhfYiA+MsbQY8yk ousEQmQau+VNqPA55ZJMmDdF6IGDf5qJs2N4P0UZkrkIdYe+p+Ntb8uJbGmX2/OG nFiFqgA9fmyLzRDd4x+BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; t=1746662782; x=1746749182; bh=i NkisRNV9cmKuH5vpfiFZ2w1Jjtd4JgAlzIexLzj4p8=; b=mdnJpQ08IVsZRzTjP 2/4qRbaXMx22c7iIl9cGQsl1ESK0TIeYqKyGMOo3vjTZ3HtvEkIqV4x4FHPuUyxC b2HLivYtzmCXWp52R6M7dchxwmtX/fHj7wLctUcrUtdqut3EPHhYH2TqwSCPSquJ 1vRvPFWu7QC4yCNgmKoy5qkOZtIJ7mTInahXw9DiA5uO1qIjgOhJnJ1Xdt68UYkN GbWEocejVJTY2pZuHEcsifwlW/XxHuLgHwXaWE57whFeONCV4PLHwGDUfnJsXfGk wYEBCBJ8WODSMB/giD/jziI1aE8aK9uul+KOmxIkRP4bAjkorzCKO/w1d1oGo+m/ 5j0kQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvkeekvdehucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf evufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehi rghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnhepgfetieffvdelje elieeiveeggeelgeeiveejkeefveeludfgheettefgueffvefhnecuffhomhgrihhnpehm ohiiihhllhgrrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggprhgtphhtthhopedv pdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeejfeduhedvseguvggssghughhsrd hgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 7 May 2025 20:06:21 -0400 (EDT) From: Ian Eure Date: Wed, 7 May 2025 17:06:08 -0700 Message-ID: <20250508000613.11272-6-ian@retrospec.tv> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250508000613.11272-1-ian@retrospec.tv> References: <20250508000613.11272-1-ian@retrospec.tv> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/nss.scm (nss): Update to 3.101.3. Change-Id: Iaf474377f0441e6ee16bcb30265fec6de3d9c76a --- gnu/packages/nss.scm | 24 +++++++++----- .../patches/nss-disable-broken-tests.patch | 33 +++++++++++++++++++ 2 files changed, 49 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/nss-disable-broken-tests.patch diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 1deb92c00f..424fa5cc66 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -42,7 +42,9 @@ (define-module (gnu packages nss) #:use-module (gnu packages compression) #:use-module (gnu packages perl) #:use-module (gnu packages sqlite) - #:use-module (gnu packages time)) + #:use-module (gnu packages time) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26)) (define-public nspr (package @@ -112,17 +114,18 @@ (define-public nss ;; IMPORTANT: Also update and test the nss-certs package, which duplicates ;; version and source to avoid a top-level variable reference & module ;; cycle. - (version "3.99") + (version "3.101.3") (source (origin (method url-fetch) (uri (nss-uri version)) (sha256 (base32 - "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw")) + "1gkpbyh90aw9yhjnyj1bsp79s2bxab886d9ihkaw1i2kzqfvf3dg")) ;; Create nss.pc and nss-config. (patches (search-patches "nss-3.56-pkgconfig.patch" "nss-getcwd-nonnull.patch" - "nss-increase-test-timeout.patch")) + "nss-increase-test-timeout.patch" + "nss-disable-broken-tests.patch")) (modules '((guix build utils))) (snippet '(begin @@ -181,7 +184,7 @@ (define-public nss ;; around that, set the time to roughly the release date. (add-after 'unpack 'set-release-date (lambda _ - (setenv "GUIX_NSS_RELEASE_DATE" "2024-01-23"))) + (setenv "GUIX_NSS_RELEASE_DATE" "2025-02-05"))) (replace 'configure (lambda _ (setenv "CC" #$(cc-for-target)) @@ -258,13 +261,15 @@ (define-public nss (properties '((timeout . 216000))) ;60 hours (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") - (synopsis "Network Security Services") + (synopsis "Network Security Services (ESR)") (description "Network Security Services (@dfn{NSS}) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other -security standards.") +security standards. + +This package tracks the Extended Support Release (ESR) channel.") (license license:mpl2.0))) ;; nss-rapid tracks the rapid release channel. Unless your package requires a @@ -289,7 +294,10 @@ (define-public nss-rapid "nss-" version ".tar.gz"))) (sha256 (base32 - "12y156frnhaqvwkla1c07gqr2lnp4yb3619g4088kk8qc4jnr95y")))) + "12y156frnhaqvwkla1c07gqr2lnp4yb3619g4088kk8qc4jnr95y")) + (patches + (remove (cut string-contains <> "nss-disable-broken-tests.patch") + (origin-patches (package-source nss)))))) (arguments (substitute-keyword-arguments (package-arguments nss) ((#:phases phases) diff --git a/gnu/packages/patches/nss-disable-broken-tests.patch b/gnu/packages/patches/nss-disable-broken-tests.patch new file mode 100644 index 0000000000..8d6e101471 --- /dev/null +++ b/gnu/packages/patches/nss-disable-broken-tests.patch @@ -0,0 +1,33 @@ +These tests are broken in 3.101.3. + +See https://bugzilla.mozilla.org/show_bug.cgi?id=1964304 + +--- nss-3.101.3/nss/tests/tools/tools.sh 1969-12-31 16:00:01.000000000 -0800 ++++ nss-3.101.3/nss/tests/tools/tools.sh 2025-05-05 16:36:47.835447542 -0700 +@@ -540,26 +540,6 @@ + ret=$? + html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file" + check_tmpfile +- +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 +- ret=$? +- html_msg $ret 19 "Fail to list private key with bad iterator" +- check_tmpfile +- +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 +- ret=$? +- echo "Fail to list private key with bad salt val=$ret" +- html_msg $ret 19 "Fail to import private key with bad salt" +- check_tmpfile +- +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 +- ret=$? +- echo "Fail to import private key with no length val=$ret" +- html_msg $ret 19 "Fail to import private key with no length" +- check_tmpfile + } + + ############################## tools_p12 ############################### \ No newline at end of file