aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2020-07-24 21:17:53 +0200
committerMarius Bakke <marius@gnu.org>2020-07-25 16:16:06 +0200
commit4c19be148566c1666996322981980d6c1b82f765 (patch)
treed2e6214668232482a0cf3b50b56764158c1e4776
parent8b3c0df1a9bbe70ecb6d2e1c19dad62f774a6452 (diff)
downloadguix-4c19be148566c1666996322981980d6c1b82f765.tar
guix-4c19be148566c1666996322981980d6c1b82f765.tar.gz
gnu: NSS: Update to 3.55 [security fixes].
This release fixes CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12403. * gnu/packages/patches/nss-pkgconfig.patch: Adjust patch context. * gnu/packages/nss.scm (nss): Update to 3.55. [arguments]: Add "all" to #:make-flags. Remove obsolete deletions. * gnu/packages/certs.scm (nss-certs): Update to 3.55.
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/nss.scm18
-rw-r--r--gnu/packages/patches/nss-pkgconfig.patch5
3 files changed, 11 insertions, 16 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7f4dca5f56..b892c2a958 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -76,7 +76,7 @@
(define-public nss-certs
(package
(name "nss-certs")
- (version "3.52.1")
+ (version "3.55")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -87,7 +87,7 @@
"nss-" version ".tar.gz")))
(sha256
(base32
- "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))))
+ "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))))
(build-system gnu-build-system)
(outputs '("out"))
(native-inputs
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 67894a0761..7d324d9cf7 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -72,7 +72,7 @@ in the Mozilla clients.")
(define-public nss
(package
(name "nss")
- (version "3.52.1")
+ (version "3.55")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -83,7 +83,7 @@ in the Mozilla clients.")
"nss-" version ".tar.gz")))
(sha256
(base32
- "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"))
+ "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-increase-test-timeout.patch"))
@@ -108,7 +108,8 @@ in the Mozilla clients.")
(string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
;; Add $out/lib/nss to RPATH.
(string-append "RPATH=" rpath)
- (string-append "LDFLAGS=" rpath)))
+ (string-append "LDFLAGS=" rpath)
+ "all"))
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)
@@ -138,7 +139,7 @@ in the Mozilla clients.")
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2020-02-01" "./nss/tests/all.sh")))
+ (invoke "faketime" "2020-07-01" "./nss/tests/all.sh")))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@@ -160,15 +161,6 @@ in the Mozilla clients.")
(copy-recursively "dist/public/nss" inc)
(copy-recursively (string-append obj "/bin") bin)
(copy-recursively (string-append obj "/lib") lib)
-
- ;; FIXME: libgtest1.so is installed in the above step, and it's
- ;; (unnecessarily) linked with several NSS libraries, but
- ;; without the needed rpaths, causing the 'validate-runpath'
- ;; phase to fail. Here we simply delete libgtest1.so, since it
- ;; seems to be used only during the tests.
- (delete-file (string-append lib "/libgtest1.so"))
- (delete-file (string-append lib "/libgtestutil.so"))
-
#t))))))
(inputs
`(("sqlite" ,sqlite)
diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch
index e3145aa4cf..4b9e0506f2 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -217,9 +217,12 @@ Later adapted to apply cleanly to nss-3.21.
+
--- nss-3.21/nss/manifest.mn
+++ nss-3.21/nss/manifest.mn
-@@ -10,4 +10,4 @@
+@@ -10,7 +10,7 @@
RELEASE = nss
-DIRS = coreconf lib cmd cpputil gtests
+DIRS = coreconf lib cmd cpputil gtests config
+
+ lib: coreconf
+ cmd: lib