[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCHES] gnu: nss: Update to 3.30.2 [fixes CVE-2017-5461].
From: |
Mark H Weaver |
Subject: |
[PATCHES] gnu: nss: Update to 3.30.2 [fixes CVE-2017-5461]. |
Date: |
Thu, 20 Apr 2017 18:29:26 -0400 |
These patches update nss to 3.30.2 and disable long b64 tests which fail
on some systems including armhf. I'll push them soon after some light
testing.
Mark
From c1ba9c385a23ede10cb5e79c24f66dbb86c1f6fe Mon Sep 17 00:00:00 2001
From: Mark H Weaver <address@hidden>
Date: Thu, 20 Apr 2017 14:55:31 -0400
Subject: [PATCH 1/2] gnu: nss: Update to 3.30.2 [fixes CVE-2017-5461].
* gnu/packages/gnuzilla.scm (nss): Update to 3.30.2.
---
gnu/packages/gnuzilla.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 87695329c..59f790a6e 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -194,7 +194,7 @@ in the Mozilla clients.")
(define-public nss
(package
(name "nss")
- (version "3.30")
+ (version "3.30.2")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -205,7 +205,7 @@ in the Mozilla clients.")
"nss-" version ".tar.gz")))
(sha256
(base32
- "1agkkwb51si4raw46p44vl3d0l7wzvdjcblpcdjjz6aymq6h1h58"))
+ "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-increase-test-timeout.patch"))))
--
2.12.2
From e07aa7534aa97617ce15fa07c244dc6f901af92f Mon Sep 17 00:00:00 2001
From: Mark H Weaver <address@hidden>
Date: Thu, 20 Apr 2017 17:42:52 -0400
Subject: [PATCH 2/2] gnu: nss: Disable long b64 tests.
Suggested by Marius Bakke <address@hidden> in
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00440.html>.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Add patch.
---
gnu/local.mk | 1 +
gnu/packages/gnuzilla.scm | 1 +
.../patches/nss-disable-long-b64-tests.patch | 34 ++++++++++++++++++++++
3 files changed, 36 insertions(+)
create mode 100644 gnu/packages/patches/nss-disable-long-b64-tests.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index ec27e8765..ed3683f19 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -814,6 +814,7 @@ dist_patch_DATA =
\
%D%/packages/patches/ngircd-handle-zombies.patch \
%D%/packages/patches/ninja-zero-mtime.patch \
%D%/packages/patches/node-9077.patch \
+ %D%/packages/patches/nss-disable-long-b64-tests.patch \
%D%/packages/patches/nss-increase-test-timeout.patch \
%D%/packages/patches/nss-pkgconfig.patch \
%D%/packages/patches/ntfs-3g-CVE-2017-0358.patch \
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 59f790a6e..fd058d022 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -208,6 +208,7 @@ in the Mozilla clients.")
"096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
+ "nss-disable-long-b64-tests.patch"
"nss-increase-test-timeout.patch"))))
(build-system gnu-build-system)
(outputs '("out" "bin"))
diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch
b/gnu/packages/patches/nss-disable-long-b64-tests.patch
new file mode 100644
index 000000000..612d94128
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-long-b64-tests.patch
@@ -0,0 +1,34 @@
+Disable long b64 tests, which consistently fail on armhf.
+This is based on an excerpt of the following upstream patch:
+
+ https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7
+
+(we exclude the part of the upstream patch that reverts
+an earlier failed attempt, and adapt the file names)
+
+diff --git a/gtests/util_gtest/util_b64_unittest.cc
b/gtests/util_gtest/util_b64_unittest.cc
+--- a/nss/gtests/util_gtest/util_b64_unittest.cc
++++ b/nss/gtests/util_gtest/util_b64_unittest.cc
+@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest)
+
+ TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
+
+ TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
+ EXPECT_TRUE(TestFakeEncode(100));
+ }
+
+ // These takes a while ...
+-TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
+ EXPECT_TRUE(TestFakeDecode(0x66666666));
+ }
+-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) {
TestFakeEncode(0x3fffffff); }
+-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) {
++ TestFakeEncode(0x3fffffff);
++}
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) {
+ EXPECT_FALSE(TestFakeEncode(0x40000000));
+ }
+
+ } // namespace nss_test
--
2.12.2
signature.asc
Description: PGP signature
- [PATCHES] gnu: nss: Update to 3.30.2 [fixes CVE-2017-5461].,
Mark H Weaver <=