summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-09-25 17:13:59 -0400
committerMark H Weaver <mhw@netris.org>2018-09-25 19:59:08 -0400
commit6d328879378fac95240005233331f596fb5c68ed (patch)
treecb6c74596ab19fda42f3f449df847bb0a6d0149c
parent94e96f7f68c3b9053fdb5dee5b0ab614163aaa08 (diff)
downloadguix-6d328879378fac95240005233331f596fb5c68ed.tar.gz
gnu: icecat: Rebundle NSPR and NSS [security fix].
Works around <https://bugs.gnu.org/32833>.

* gnu/packages/gnuzilla.scm (icecat)[source]: In snippet, don't remove NSS.
[inputs]: Remove 'nspr' and 'nss'.
[arguments]: Remove --with-system-{nspr,nss} from configure flags.
-rw-r--r--gnu/packages/gnuzilla.scm22
1 files changed, 17 insertions, 5 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 6834d82426..ea3b61c231 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -519,6 +519,13 @@ security standards.")
                       ;; FIXME: A script from the bundled nspr is used.
                       ;;"nsprpub"
                       ;;
+                      ;; FIXME: With the update to IceCat 60, using system NSS
+                      ;;        broke certificate validation.  See
+                      ;;        <https://bugs.gnu.org/32833>.  For now, we use
+                      ;;        the bundled NSPR and NSS.  TODO: Investigate,
+                      ;;        and try to unbundle these libraries again.
+                      ;; UNBUNDLE-ME! "security/nss"
+                      ;;
                       ;; TODO: Use more system media libraries.  See:
                       ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
                       ;;   * libtheora: esr60 wants v1.2, not yet released.
@@ -541,7 +548,6 @@ security standards.")
                       "media/libvorbis"
                       ;; "media/libtheora" ; wants theora-1.2, not yet released
                       "media/libtremor"
-                      "security/nss"
                       "gfx/harfbuzz"
                       "gfx/graphite2"
                       "js/src/ctypes/libffi"
@@ -588,8 +594,10 @@ security standards.")
        ("pulseaudio" ,pulseaudio)
        ("mesa" ,mesa)
        ("mit-krb5" ,mit-krb5)
-       ("nspr" ,nspr)
-       ("nss" ,nss)
+       ;; See <https://bugs.gnu.org/32833>
+       ;;   and related comments in the 'snippet' above.
+       ;; UNBUNDLE-ME! ("nspr" ,nspr)
+       ;; UNBUNDLE-ME! ("nss" ,nss)
        ("sqlite" ,sqlite)
        ("startup-notification" ,startup-notification)
        ("unzip" ,unzip)
@@ -653,8 +661,12 @@ security standards.")
                            ;; "--with-system-theora" ; wants theora-1.2, not yet released
                            "--with-system-libvpx"
                            "--with-system-icu"
-                           "--with-system-nspr"
-                           "--with-system-nss"
+                           
+                           ;; See <https://bugs.gnu.org/32833>
+                           ;;   and related comments in the 'snippet' above.
+                           ;; UNBUNDLE-ME! "--with-system-nspr"
+                           ;; UNBUNDLE-ME! "--with-system-nss"
+                           
                            "--with-system-harfbuzz"
                            "--with-system-graphite2"
                            "--enable-system-pixman"