Package: guix-patches;
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Mon, 9 Sep 2024 17:54:02 UTC
Severity: normal
Tags: patch
Done: Ian Eure <ian <at> retrospec.tv>
Message #71 received at 73152 <at> debbugs.gnu.org (full text, mbox):
From: Ian Eure <ian <at> retrospec.tv> To: 73152 <at> debbugs.gnu.org Cc: Ian Eure <ian <at> retrospec.tv> Subject: [PATCH v3 6/7] gnu: nss: Update to 3.101.3. Date: Wed, 7 May 2025 17:06:08 -0700
* gnu/packages/nss.scm (nss): Update to 3.101.3.
Change-Id: Iaf474377f0441e6ee16bcb30265fec6de3d9c76a
---
gnu/packages/nss.scm | 24 +++++++++-----
.../patches/nss-disable-broken-tests.patch | 33 +++++++++++++++++++
2 files changed, 49 insertions(+), 8 deletions(-)
create mode 100644 gnu/packages/patches/nss-disable-broken-tests.patch
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 1deb92c00f..424fa5cc66 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -42,7 +42,9 @@ (define-module (gnu packages nss)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages sqlite)
- #:use-module (gnu packages time))
+ #:use-module (gnu packages time)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-26))
(define-public nspr
(package
@@ -112,17 +114,18 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.99")
+ (version "3.101.3")
(source (origin
(method url-fetch)
(uri (nss-uri version))
(sha256
(base32
- "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
+ "1gkpbyh90aw9yhjnyj1bsp79s2bxab886d9ihkaw1i2kzqfvf3dg"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
- "nss-increase-test-timeout.patch"))
+ "nss-increase-test-timeout.patch"
+ "nss-disable-broken-tests.patch"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -181,7 +184,7 @@ (define-public nss
;; around that, set the time to roughly the release date.
(add-after 'unpack 'set-release-date
(lambda _
- (setenv "GUIX_NSS_RELEASE_DATE" "2024-01-23")))
+ (setenv "GUIX_NSS_RELEASE_DATE" "2025-02-05")))
(replace 'configure
(lambda _
(setenv "CC" #$(cc-for-target))
@@ -258,13 +261,15 @@ (define-public nss
(properties '((timeout . 216000))) ;60 hours
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
- (synopsis "Network Security Services")
+ (synopsis "Network Security Services (ESR)")
(description
"Network Security Services (@dfn{NSS}) is a set of libraries designed to
support cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
-security standards.")
+security standards.
+
+This package tracks the Extended Support Release (ESR) channel.")
(license license:mpl2.0)))
;; nss-rapid tracks the rapid release channel. Unless your package requires a
@@ -289,7 +294,10 @@ (define-public nss-rapid
"nss-" version ".tar.gz")))
(sha256
(base32
- "12y156frnhaqvwkla1c07gqr2lnp4yb3619g4088kk8qc4jnr95y"))))
+ "12y156frnhaqvwkla1c07gqr2lnp4yb3619g4088kk8qc4jnr95y"))
+ (patches
+ (remove (cut string-contains <> "nss-disable-broken-tests.patch")
+ (origin-patches (package-source nss))))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
diff --git a/gnu/packages/patches/nss-disable-broken-tests.patch b/gnu/packages/patches/nss-disable-broken-tests.patch
new file mode 100644
index 0000000000..8d6e101471
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-broken-tests.patch
@@ -0,0 +1,33 @@
+These tests are broken in 3.101.3.
+
+See https://bugzilla.mozilla.org/show_bug.cgi?id=1964304
+
+--- nss-3.101.3/nss/tests/tools/tools.sh 1969-12-31 16:00:01.000000000 -0800
++++ nss-3.101.3/nss/tests/tools/tools.sh 2025-05-05 16:36:47.835447542 -0700
+@@ -540,26 +540,6 @@
+ ret=$?
+ html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
+ check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- html_msg $ret 19 "Fail to list private key with bad iterator"
+- check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- echo "Fail to list private key with bad salt val=$ret"
+- html_msg $ret 19 "Fail to import private key with bad salt"
+- check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- echo "Fail to import private key with no length val=$ret"
+- html_msg $ret 19 "Fail to import private key with no length"
+- check_tmpfile
+ }
+
+ ############################## tools_p12 ###############################
\ No newline at end of file
--
2.49.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.