diff options
author | Mark H Weaver <mhw@netris.org> | 2018-09-25 17:13:59 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2018-09-25 19:59:08 -0400 |
commit | 6d328879378fac95240005233331f596fb5c68ed (patch) | |
tree | cb6c74596ab19fda42f3f449df847bb0a6d0149c | |
parent | 94e96f7f68c3b9053fdb5dee5b0ab614163aaa08 (diff) | |
download | guix-6d328879378fac95240005233331f596fb5c68ed.tar.gz |
gnu: icecat: Rebundle NSPR and NSS [security fix].
Works around <https://bugs.gnu.org/32833>. * gnu/packages/gnuzilla.scm (icecat)[source]: In snippet, don't remove NSS. [inputs]: Remove 'nspr' and 'nss'. [arguments]: Remove --with-system-{nspr,nss} from configure flags.
-rw-r--r-- | gnu/packages/gnuzilla.scm | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 6834d82426..ea3b61c231 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -519,6 +519,13 @@ security standards.") ;; FIXME: A script from the bundled nspr is used. ;;"nsprpub" ;; + ;; FIXME: With the update to IceCat 60, using system NSS + ;; broke certificate validation. See + ;; <https://bugs.gnu.org/32833>. For now, we use + ;; the bundled NSPR and NSS. TODO: Investigate, + ;; and try to unbundle these libraries again. + ;; UNBUNDLE-ME! "security/nss" + ;; ;; TODO: Use more system media libraries. See: ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422> ;; * libtheora: esr60 wants v1.2, not yet released. @@ -541,7 +548,6 @@ security standards.") "media/libvorbis" ;; "media/libtheora" ; wants theora-1.2, not yet released "media/libtremor" - "security/nss" "gfx/harfbuzz" "gfx/graphite2" "js/src/ctypes/libffi" @@ -588,8 +594,10 @@ security standards.") ("pulseaudio" ,pulseaudio) ("mesa" ,mesa) ("mit-krb5" ,mit-krb5) - ("nspr" ,nspr) - ("nss" ,nss) + ;; See <https://bugs.gnu.org/32833> + ;; and related comments in the 'snippet' above. + ;; UNBUNDLE-ME! ("nspr" ,nspr) + ;; UNBUNDLE-ME! ("nss" ,nss) ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) @@ -653,8 +661,12 @@ security standards.") ;; "--with-system-theora" ; wants theora-1.2, not yet released "--with-system-libvpx" "--with-system-icu" - "--with-system-nspr" - "--with-system-nss" + + ;; See <https://bugs.gnu.org/32833> + ;; and related comments in the 'snippet' above. + ;; UNBUNDLE-ME! "--with-system-nspr" + ;; UNBUNDLE-ME! "--with-system-nss" + "--with-system-harfbuzz" "--with-system-graphite2" "--enable-system-pixman" |