summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-01-08 13:30:52 -0500
committerMark H Weaver <mhw@netris.org>2016-01-08 15:29:50 -0500
commitbea25ae83cfb1c80b6ec384546f3ce240b229023 (patch)
tree667365f0b2a0984e6cdd277832a36fa6d3d23f00
parent17ad0a2714271dd3567808637f451d86f1291cab (diff)
downloadguix-bea25ae83cfb1c80b6ec384546f3ce240b229023.tar.gz
gnu: nss: Update to 3.21 [fixes CVE-2015-7575].
* gnu/packages/gnuzilla.scm (nss): Update to 3.21.
  [arguments]: In configure phase, setenv CC=gcc.
* gnu/packages/patches/nss-pkgconfig.patch: Adapt to NSS 3.21.
-rw-r--r--gnu/packages/gnuzilla.scm5
-rw-r--r--gnu/packages/patches/nss-pkgconfig.patch27
2 files changed, 16 insertions, 16 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 40a13e7939..96f4653ce6 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -167,7 +167,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    (version "3.20.2")
+    (version "3.21")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -178,7 +178,7 @@ in the Mozilla clients.")
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "11pjjcp0mvcyx0ildyz20s9jlqzxsb6a9jlvcq5x1g3zsmckl6hl"))
+                "0fbjx3xsdm4gjc1gyzy2z315cvyw7yilsm7p9w75rpbwgl15nyiz"))
               ;; Create nss.pc and nss-config.
               (patches (list (search-patch "nss-pkgconfig.patch")))))
     (build-system gnu-build-system)
@@ -205,6 +205,7 @@ in the Mozilla clients.")
        (alist-replace
         'configure
         (lambda* (#:key system inputs #:allow-other-keys)
+          (setenv "CC" "gcc")
           ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
           (when (string-prefix? "x86_64" system)
             (setenv "USE_64" "1"))
diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch
index 80c0c5b009..e611f69bea 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -7,8 +7,10 @@ Modifications:
   Remove optional patching in nss/Makefile.
   Include -L$libdir in output from "nss-config --libs".
 
---- nss-3.17.1/nss/config/Makefile
-+++ nss-3.17.1/nss/config/Makefile
+Later adapted to apply cleanly to nss-3.21.
+
+--- nss-3.21/nss/config/Makefile
++++ nss-3.21/nss/config/Makefile
 @@ -0,0 +1,40 @@
 +CORE_DEPTH = ..
 +DEPTH      = ..
@@ -50,8 +52,8 @@ Modifications:
 +
 +dummy: all export libs
 +
---- nss-3.17.1/nss/config/nss-config.in
-+++ nss-3.17.1/nss/config/nss-config.in
+--- nss-3.21/nss/config/nss-config.in
++++ nss-3.21/nss/config/nss-config.in
 @@ -0,0 +1,145 @@
 +#!/bin/sh
 +
@@ -198,8 +200,8 @@ Modifications:
 +      echo $libdirs
 +fi
 +
---- nss-3.17.1/nss/config/nss.pc.in
-+++ nss-3.17.1/nss/config/nss.pc.in
+--- nss-3.21/nss/config/nss.pc.in
++++ nss-3.21/nss/config/nss.pc.in
 @@ -0,0 +1,12 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -213,14 +215,11 @@ Modifications:
 +Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
 +Cflags: -I${includedir}
 +
---- nss-3.17.1/nss/manifest.mn
-+++ nss-3.17.1/nss/manifest.mn
-@@ -10,7 +10,7 @@
+--- nss-3.21/nss/manifest.mn
++++ nss-3.21/nss/manifest.mn
+@@ -10,4 +10,4 @@
  
  RELEASE = nss
  
--DIRS = coreconf lib cmd
-+DIRS = coreconf lib cmd config
- 
- ifdef NSS_BUILD_GTESTS
- DIRS += external_tests
+-DIRS = coreconf lib cmd external_tests
++DIRS = coreconf lib cmd external_tests config