[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/03: gnu: icecat: Rebundle NSPR and NSS [security fix].
From: |
Mark H. Weaver |
Subject: |
03/03: gnu: icecat: Rebundle NSPR and NSS [security fix]. |
Date: |
Tue, 25 Sep 2018 20:06:14 -0400 (EDT) |
mhw pushed a commit to branch master
in repository guix.
commit 6d328879378fac95240005233331f596fb5c68ed
Author: Mark H Weaver <address@hidden>
Date: Tue Sep 25 17:13:59 2018 -0400
gnu: icecat: Rebundle NSPR and NSS [security fix].
Works around <https://bugs.gnu.org/32833>.
* gnu/packages/gnuzilla.scm (icecat)[source]: In snippet, don't remove NSS.
[inputs]: Remove 'nspr' and 'nss'.
[arguments]: Remove --with-system-{nspr,nss} from configure flags.
---
gnu/packages/gnuzilla.scm | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 6834d82..ea3b61c 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -519,6 +519,13 @@ security standards.")
;; FIXME: A script from the bundled nspr is used.
;;"nsprpub"
;;
+ ;; FIXME: With the update to IceCat 60, using system NSS
+ ;; broke certificate validation. See
+ ;; <https://bugs.gnu.org/32833>. For now, we use
+ ;; the bundled NSPR and NSS. TODO: Investigate,
+ ;; and try to unbundle these libraries again.
+ ;; UNBUNDLE-ME! "security/nss"
+ ;;
;; TODO: Use more system media libraries. See:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
;; * libtheora: esr60 wants v1.2, not yet released.
@@ -541,7 +548,6 @@ security standards.")
"media/libvorbis"
;; "media/libtheora" ; wants theora-1.2, not yet released
"media/libtremor"
- "security/nss"
"gfx/harfbuzz"
"gfx/graphite2"
"js/src/ctypes/libffi"
@@ -588,8 +594,10 @@ security standards.")
("pulseaudio" ,pulseaudio)
("mesa" ,mesa)
("mit-krb5" ,mit-krb5)
- ("nspr" ,nspr)
- ("nss" ,nss)
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the 'snippet' above.
+ ;; UNBUNDLE-ME! ("nspr" ,nspr)
+ ;; UNBUNDLE-ME! ("nss" ,nss)
("sqlite" ,sqlite)
("startup-notification" ,startup-notification)
("unzip" ,unzip)
@@ -653,8 +661,12 @@ security standards.")
;; "--with-system-theora" ; wants theora-1.2, not
yet released
"--with-system-libvpx"
"--with-system-icu"
- "--with-system-nspr"
- "--with-system-nss"
+
+ ;; See <https://bugs.gnu.org/32833>
+ ;; and related comments in the 'snippet' above.
+ ;; UNBUNDLE-ME! "--with-system-nspr"
+ ;; UNBUNDLE-ME! "--with-system-nss"
+
"--with-system-harfbuzz"
"--with-system-graphite2"
"--enable-system-pixman"