diff options
author | Marius Bakke <marius@gnu.org> | 2020-07-24 21:17:53 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-07-25 16:16:06 +0200 |
commit | 4c19be148566c1666996322981980d6c1b82f765 (patch) | |
tree | d2e6214668232482a0cf3b50b56764158c1e4776 | |
parent | 8b3c0df1a9bbe70ecb6d2e1c19dad62f774a6452 (diff) | |
download | guix-4c19be148566c1666996322981980d6c1b82f765.tar guix-4c19be148566c1666996322981980d6c1b82f765.tar.gz |
gnu: NSS: Update to 3.55 [security fixes].
This release fixes CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and
CVE-2020-12403.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust patch context.
* gnu/packages/nss.scm (nss): Update to 3.55.
[arguments]: Add "all" to #:make-flags. Remove obsolete deletions.
* gnu/packages/certs.scm (nss-certs): Update to 3.55.
-rw-r--r-- | gnu/packages/certs.scm | 4 | ||||
-rw-r--r-- | gnu/packages/nss.scm | 18 | ||||
-rw-r--r-- | gnu/packages/patches/nss-pkgconfig.patch | 5 |
3 files changed, 11 insertions, 16 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 7f4dca5f56..b892c2a958 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -76,7 +76,7 @@ (define-public nss-certs (package (name "nss-certs") - (version "3.52.1") + (version "3.55") (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -87,7 +87,7 @@ "nss-" version ".tar.gz"))) (sha256 (base32 - "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w")))) + "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw")))) (build-system gnu-build-system) (outputs '("out")) (native-inputs diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 67894a0761..7d324d9cf7 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -72,7 +72,7 @@ in the Mozilla clients.") (define-public nss (package (name "nss") - (version "3.52.1") + (version "3.55") (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -83,7 +83,7 @@ in the Mozilla clients.") "nss-" version ".tar.gz"))) (sha256 (base32 - "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w")) + "0100hm7n1xrp144xy665z46s0wf1jpkqkncc6bk2w22snhyjwsgw")) ;; Create nss.pc and nss-config. (patches (search-patches "nss-pkgconfig.patch" "nss-increase-test-timeout.patch")) @@ -108,7 +108,8 @@ in the Mozilla clients.") (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr") ;; Add $out/lib/nss to RPATH. (string-append "RPATH=" rpath) - (string-append "LDFLAGS=" rpath))) + (string-append "LDFLAGS=" rpath) + "all")) #:modules ((guix build gnu-build-system) (guix build utils) (ice-9 ftw) @@ -138,7 +139,7 @@ in the Mozilla clients.") ;; leading to test failures: ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To ;; work around that, set the time to roughly the release date. - (invoke "faketime" "2020-02-01" "./nss/tests/all.sh"))) + (invoke "faketime" "2020-07-01" "./nss/tests/all.sh"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -160,15 +161,6 @@ in the Mozilla clients.") (copy-recursively "dist/public/nss" inc) (copy-recursively (string-append obj "/bin") bin) (copy-recursively (string-append obj "/lib") lib) - - ;; FIXME: libgtest1.so is installed in the above step, and it's - ;; (unnecessarily) linked with several NSS libraries, but - ;; without the needed rpaths, causing the 'validate-runpath' - ;; phase to fail. Here we simply delete libgtest1.so, since it - ;; seems to be used only during the tests. - (delete-file (string-append lib "/libgtest1.so")) - (delete-file (string-append lib "/libgtestutil.so")) - #t)))))) (inputs `(("sqlite" ,sqlite) diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch index e3145aa4cf..4b9e0506f2 100644 --- a/gnu/packages/patches/nss-pkgconfig.patch +++ b/gnu/packages/patches/nss-pkgconfig.patch @@ -217,9 +217,12 @@ Later adapted to apply cleanly to nss-3.21. + --- nss-3.21/nss/manifest.mn +++ nss-3.21/nss/manifest.mn -@@ -10,4 +10,4 @@ +@@ -10,7 +10,7 @@ RELEASE = nss -DIRS = coreconf lib cmd cpputil gtests +DIRS = coreconf lib cmd cpputil gtests config + + lib: coreconf + cmd: lib |