GNU bug report logs -
#75026
[PATCH core-updates 0/7] Update gnutls and curl.
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Wed, 21 May 2025 16:33:35 +0900
with message-id <87tt5e8lkg.fsf <at> gmail.com>
and subject line Re: [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8.
has caused the debbugs.gnu.org bug report #75026,
regarding [PATCH core-updates 0/7] Update gnutls and curl.
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
75026: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=75026
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Maxim Cournoyer (7):
gnu: gnutls: Update to 3.8.8.
gnu: gnutls: Enable zstd compression.
gnu: gnutls: Streamline mips64el conditionals.
gnu: brotli: Update to 1.1.0.
gnu: libidn: Update to 1.42.
gnu: curl: Update to 8.11.1 and ungraft.
gnu: curl: Enable zstd support.
gnu/local.mk | 2 -
gnu/packages/compression.scm | 47 ++--
gnu/packages/curl.scm | 59 +++---
gnu/packages/libidn.scm | 4 +-
gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ------------------
.../gnutls-skip-trust-store-test.patch | 15 --
gnu/packages/tls.scm | 50 ++---
7 files changed, 74 insertions(+), 303 deletions(-)
delete mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch
delete mode 100644 gnu/packages/patches/gnutls-skip-trust-store-test.patch
base-commit: 42ba1aa8b3090f3a4957d36be14e93c5e36f1825
--
2.46.0
[Message part 3 (message/rfc822, inline)]
Hi Ludovic,
Ludovic Courtès <ludo <at> gnu.org> writes:
[...]
>> + #~(list (string-append
>> + "XFAIL_TESTS="
>> + ;; This test checks that the default trust store is
>> + ;; readable; expect it to fail since the trust store
>> + ;; doesn't exist in the build environment.
>> + "trust-store "
>
> This suggests that the patch above was still useful, after all? (The
> patch still applies apparently:
> <https://ci.guix.gnu.org/build/6753571/log>.)
There was an issue where the certificates added were not trusted by
p11-kit, despite being added to something called the 'trust_paths',
haha! The trick was to expose them via an 'anchors/' subdirectory.
p11-kit special-case this for trusted .pem certificates made available
via a directory.
> Also, lack of the patch might trigger failures in the test suites of
> dependents. What does ‘guix build -P1 gnutls’ say?
>
>> + ;; This one fails only inside the build environment, for
>> + ;; reasons unknown (see:
>> + ;; <https://gitlab.com/gnutls/gnutls/-/issues/1634>).
>> + "tls13/compress-cert-neg2 "))
>
> This is weird, would be interesting to investigate, maybe stracing the
> test to see why it would fail in the build environment and not outside
> of it?
That's been resolved via the '--with-zlib=link configuration flag.
I'll close this series and submit a fresh one, since the curl updates
has been moved to another series.
--
Thanks,
Maxim
This bug report was last modified 23 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.