~ruther/guix-local

4918534be1ffc1896a59e2fb69a9eaaa3140a0b8 — Ian Eure 1 year, 1 month ago a1d9c3a 
gnu: nss: Update to 3.101.4.

* gnu/packages/nss.scm (nss): Update to 3.101.4.

Change-Id: I2a0d98f045034f66e0fea687696c77c64f4c853a
patch browse .tar.gz 
2 files changed, 49 insertions(+), 8 deletions(-)

M gnu/packages/nss.scm
A gnu/packages/patches/nss-disable-broken-tests.patch

M gnu/packages/nss.scm => gnu/packages/nss.scm +16 -8
@@ 42,7 42,9 @@
  #:use-module (gnu packages compression)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages sqlite)
  #:use-module (gnu packages time))
  #:use-module (gnu packages time)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26))

(define-public nspr
  (package


@@ 103,7 105,7 @@ in the Mozilla clients.")
    ;; IMPORTANT: Also update and test the nss-certs package, which duplicates
    ;; version and source to avoid a top-level variable reference & module
    ;; cycle.
    (version "3.99")
    (version "3.101.4")
    (source (origin
              (method url-fetch)
              (uri (let ((version-with-underscores


@@ 114,11 116,12 @@ in the Mozilla clients.")
                      "nss-" version ".tar.gz")))
              (sha256
               (base32
                "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
                "1sqvh49qi9vq55sbg42c5n0kz6w6ni383hgiyhaym6drsmbzb86a"))
              ;; Create nss.pc and nss-config.
              (patches (search-patches "nss-3.56-pkgconfig.patch"
                                       "nss-getcwd-nonnull.patch"
                                       "nss-increase-test-timeout.patch"))
                                       "nss-increase-test-timeout.patch"
                                       "nss-disable-broken-tests.patch"))
              (modules '((guix build utils)))
              (snippet
               '(begin


@@ 177,7 180,7 @@ in the Mozilla clients.")
          ;; around that, set the time to roughly the release date.
          (add-after 'unpack 'set-release-date
            (lambda _
              (setenv "GUIX_NSS_RELEASE_DATE" "2024-01-23")))
              (setenv "GUIX_NSS_RELEASE_DATE" "2025-02-05")))
          (replace 'configure
            (lambda _
              (setenv "CC" #$(cc-for-target))


@@ 257,13 260,15 @@ in the Mozilla clients.")
    (properties '((timeout . 216000)))  ;60 hours

    (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
    (synopsis "Network Security Services")
    (synopsis "Network Security Services (ESR)")
    (description
     "Network Security Services (@dfn{NSS}) is a set of libraries designed to
support cross-platform development of security-enabled client and server
applications.  Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
security standards.

This package tracks the Extended Support Release (ESR) channel.")
    (license license:mpl2.0)))

;; nss-rapid tracks the rapid release channel.  Unless your package requires a


@@ 288,7 293,10 @@ security standards.")
                     "nss-" version ".tar.gz")))
             (sha256
              (base32
               "03qwl3ps3xgc9pkc07qrsa4vd2r57mjwicv3gb483gfk2ashdvxc"))))
               "03qwl3ps3xgc9pkc07qrsa4vd2r57mjwicv3gb483gfk2ashdvxc"))
             (patches
              (remove (cut string-suffix? <> "nss-disable-broken-tests.patch")
                      (origin-patches (package-source nss))))))
   (arguments
    (substitute-keyword-arguments (package-arguments nss)
      ((#:phases phases)


A gnu/packages/patches/nss-disable-broken-tests.patch => gnu/packages/patches/nss-disable-broken-tests.patch +33 -0
@@ 0,0 1,33 @@
These tests are broken in 3.101.3.

See https://bugzilla.mozilla.org/show_bug.cgi?id=1964304

--- nss-3.101.3/nss/tests/tools/tools.sh	1969-12-31 16:00:01.000000000 -0800
+++ nss-3.101.3/nss/tests/tools/tools.sh	2025-05-05 16:36:47.835447542 -0700
@@ -540,26 +540,6 @@
   ret=$?
   html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
   check_tmpfile
-
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-  ret=$?
-  html_msg $ret 19 "Fail to list private key with bad iterator"
-  check_tmpfile
-
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-  ret=$?
-  echo "Fail to list private key with bad salt val=$ret"
-  html_msg $ret 19 "Fail to import private key with bad salt"
-  check_tmpfile
-
-  echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
-  ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
-  ret=$?
-  echo "Fail to import private key with no length val=$ret"
-  html_msg $ret 19 "Fail to import private key with no length"
-  check_tmpfile
 }
 
 ############################## tools_p12 ###############################
\ No newline at end of file