GNU bug report logs - #70663
nss@3.99 is really hard to build

Previous Next

Full log

Message #31 received at 70663 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Christopher Baines <mail <at> cbaines.net>
Cc: 70663 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>,
 Ian Eure <ian <at> retrospec.tv>
Subject: Re: bug#70663: nss <at> 3.99 is really hard to build
Date: Tue, 14 May 2024 12:36:18 +0200

Hello Christopher.

Christopher Baines <mail <at> cbaines.net> writes:
> Had the changes waited for longer, then these failures should have been
> spotted by QA, I would guess that the revision might have failed to be
> processed, and if it was processed successfully, the nss failures should
> have shown up, so maybe we should start requiring [5] that not only are
> changes sent to guix-patches <at> gnu.org, but that QA processes them (to
> some extent) before merging?
>
> 5: https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html#

Yes, though note that the nss change did provide security fixes:

commit e584ff08b162c46ef587daca438e97d56bc20b32
Author: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Date:   Wed Apr 24 11:22:30 2024 -0400

    gnu: nss: Graft with version 3.98 [security fixes].
    
    This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743.
    
    * gnu/packages/nss.scm (nss) [replacement]: New field.
    (nss-3.98): Rename variable to...
    (nss/fixed): ... this.  Make it a hidden package.
    * gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with
    nss/fixed.
    
    Change-Id: I8cc667c53a270dfe00738bf731923f1342036624

I suppose the requirement to wait for QA should apply to security fixes
as well?

Thank you for all your work.

Regards,
Florian

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.