gnu: icecat: Rebundle NSPR and NSS [security fix].

Works around <https://bugs.gnu.org/32833>.

* gnu/packages/gnuzilla.scm (icecat)[source]: In snippet, don't remove NSS.
[inputs]: Remove 'nspr' and 'nss'.
[arguments]: Remove --with-system-{nspr,nss} from configure flags.
This commit is contained in:
Mark H Weaver 2018-09-25 17:13:59 -04:00
parent 94e96f7f68
commit 6d32887937
No known key found for this signature in database
GPG key ID: 7CEF29847562C516

View file

@ -519,6 +519,13 @@ (define-public icecat
;; FIXME: A script from the bundled nspr is used. ;; FIXME: A script from the bundled nspr is used.
;;"nsprpub" ;;"nsprpub"
;; ;;
;; FIXME: With the update to IceCat 60, using system NSS
;; broke certificate validation. See
;; <https://bugs.gnu.org/32833>. For now, we use
;; the bundled NSPR and NSS. TODO: Investigate,
;; and try to unbundle these libraries again.
;; UNBUNDLE-ME! "security/nss"
;;
;; TODO: Use more system media libraries. See: ;; TODO: Use more system media libraries. See:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422> ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
;; * libtheora: esr60 wants v1.2, not yet released. ;; * libtheora: esr60 wants v1.2, not yet released.
@ -541,7 +548,6 @@ (define-public icecat
"media/libvorbis" "media/libvorbis"
;; "media/libtheora" ; wants theora-1.2, not yet released ;; "media/libtheora" ; wants theora-1.2, not yet released
"media/libtremor" "media/libtremor"
"security/nss"
"gfx/harfbuzz" "gfx/harfbuzz"
"gfx/graphite2" "gfx/graphite2"
"js/src/ctypes/libffi" "js/src/ctypes/libffi"
@ -588,8 +594,10 @@ (define-public icecat
("pulseaudio" ,pulseaudio) ("pulseaudio" ,pulseaudio)
("mesa" ,mesa) ("mesa" ,mesa)
("mit-krb5" ,mit-krb5) ("mit-krb5" ,mit-krb5)
("nspr" ,nspr) ;; See <https://bugs.gnu.org/32833>
("nss" ,nss) ;; and related comments in the 'snippet' above.
;; UNBUNDLE-ME! ("nspr" ,nspr)
;; UNBUNDLE-ME! ("nss" ,nss)
("sqlite" ,sqlite) ("sqlite" ,sqlite)
("startup-notification" ,startup-notification) ("startup-notification" ,startup-notification)
("unzip" ,unzip) ("unzip" ,unzip)
@ -653,8 +661,12 @@ (define-public icecat
;; "--with-system-theora" ; wants theora-1.2, not yet released ;; "--with-system-theora" ; wants theora-1.2, not yet released
"--with-system-libvpx" "--with-system-libvpx"
"--with-system-icu" "--with-system-icu"
"--with-system-nspr"
"--with-system-nss" ;; See <https://bugs.gnu.org/32833>
;; and related comments in the 'snippet' above.
;; UNBUNDLE-ME! "--with-system-nspr"
;; UNBUNDLE-ME! "--with-system-nss"
"--with-system-harfbuzz" "--with-system-harfbuzz"
"--with-system-graphite2" "--with-system-graphite2"
"--enable-system-pixman" "--enable-system-pixman"