public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge #42729: firefox-61 and related updates (security)

Browse Source
This commit is contained in:
Vladimír Čunát 2018-06-29 20:55:43 +02:00
commit 8ad921dc94
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
4 changed files with 427 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

786
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
View File

File diff suppressed because it is too large Load Diff

23
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -1,13 +1,14 @@
{ pname, version, updateScript ? null { pname, version, updateScript ? null
, src, patches ? [], extraConfigureFlags ? [], extraMakeFlags ? [], overrides ? {}, meta , src, patches ? [], extraConfigureFlags ? [], extraMakeFlags ? []
, overrides ? {}, extraNativeBuildInputs ? [], meta
, isTorBrowserLike ? false }: , isTorBrowserLike ? false }:
{ lib, stdenv, pkgconfig, pango, perl, python, zip, libIDL { lib, stdenv, pkgconfig, pango, perl, python2, zip, libIDL
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg , libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, libnotify , freetype, fontconfig, file, nspr, nss, libnotify
, yasm, libGLU_combined, sqlite, unzip, makeWrapper , yasm, libGLU_combined, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification, libvpx , hunspell, libevent, libstartup_notification, libvpx
, cairo, icu, libpng, jemalloc , cairo, icu, libpng, jemalloc, glib
, autoconf213, which, gnused, cargo, rustc, llvmPackages , autoconf213, which, gnused, cargo, rustc, llvmPackages
, debugBuild ? false , debugBuild ? false
@ -80,22 +81,22 @@ stdenv.mkDerivation (rec {
nspr libnotify xorg.pixman yasm libGLU_combined nspr libnotify xorg.pixman yasm libGLU_combined
xorg.libXScrnSaver xorg.scrnsaverproto xorg.libXScrnSaver xorg.scrnsaverproto
xorg.libXext xorg.xextproto sqlite unzip makeWrapper xorg.libXext xorg.xextproto sqlite unzip makeWrapper
hunspell libevent libstartup_notification libvpx /* cairo */ libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc icu libpng jemalloc glib
] ]
++ lib.optionals (!isTorBrowserLike) [ nss ] ++ lib.optionals (!isTorBrowserLike) [ nss ]
++ lib.optional (lib.versionOlder version "61") hunspell
++ lib.optional alsaSupport alsaLib ++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed ++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optionals ffmpegSupport [ gstreamer gst-plugins-base ] ++ lib.optionals ffmpegSupport [ gstreamer gst-plugins-base ]
++ lib.optional gtk3Support gtk3 ++ lib.optional gtk3Support gtk3
++ lib.optional gssSupport kerberos; ++ lib.optional gssSupport kerberos;
NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss"; NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss -I${glib.dev}/include/gio-unix-2.0";
nativeBuildInputs = nativeBuildInputs =
[ autoconf213 which gnused pkgconfig perl python cargo rustc ] [ autoconf213 which gnused pkgconfig perl python2 cargo rustc ]
++ lib.optional gtk3Support wrapGAppsHook; ++ lib.optional gtk3Support wrapGAppsHook ++ extraNativeBuildInputs;
preConfigure = '' preConfigure = ''
# remove distributed configuration files # remove distributed configuration files
@ -113,7 +114,7 @@ stdenv.mkDerivation (rec {
cxxLib=$( echo -n ${gcc}/include/c++/* ) cxxLib=$( echo -n ${gcc}/include/c++/* )
archLib=$cxxLib/$( ${gcc}/bin/gcc -dumpmachine ) archLib=$cxxLib/$( ${gcc}/bin/gcc -dumpmachine )
test -f layout/style/ServoBindings.toml && sed -i -e '/"-DMOZ_STYLO"/ a , "-cxx-isystem", "'$cxxLib'", "-isystem", "'$archLib'"' layout/style/ServoBindings.toml test -f layout/style/ServoBindings.toml && sed -i -e '/"-DRUST_BINDGEN"/ a , "-cxx-isystem", "'$cxxLib'", "-isystem", "'$archLib'"' layout/style/ServoBindings.toml
'' + lib.optionalString googleAPISupport '' '' + lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox. # Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
@ -134,7 +135,6 @@ stdenv.mkDerivation (rec {
"--with-system-png" # needs APNG support "--with-system-png" # needs APNG support
"--with-system-icu" "--with-system-icu"
"--enable-system-ffi" "--enable-system-ffi"
"--enable-system-hunspell"
"--enable-system-pixman" "--enable-system-pixman"
"--enable-system-sqlite" "--enable-system-sqlite"
#"--enable-system-cairo" #"--enable-system-cairo"
@ -148,6 +148,7 @@ stdenv.mkDerivation (rec {
"--disable-gconf" "--disable-gconf"
"--enable-default-toolkit=cairo-gtk${if gtk3Support then "3" else "2"}" "--enable-default-toolkit=cairo-gtk${if gtk3Support then "3" else "2"}"
] ]
++ lib.optional (lib.versionOlder version "61") "--enable-system-hunspell"
++ lib.optionals (lib.versionAtLeast version "56" && !stdenv.hostPlatform.isi686) [ ++ lib.optionals (lib.versionAtLeast version "56" && !stdenv.hostPlatform.isi686) [
# on i686-linux: --with-libclang-path is not available in this configuration # on i686-linux: --with-libclang-path is not available in this configuration
"--with-libclang-path=${llvmPackages.libclang}/lib" "--with-libclang-path=${llvmPackages.libclang}/lib"

32
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -1,4 +1,4 @@
{ lib, callPackage, stdenv, overrideCC, gcc5, fetchurl, fetchFromGitHub, fetchpatch }: { lib, callPackage, stdenv, overrideCC, gcc5, fetchurl, fetchFromGitHub, fetchpatch, python3 }:
let let
@ -6,10 +6,6 @@ let
nixpkgsPatches = [ nixpkgsPatches = [
./env_var_for_system_dir.patch ./env_var_for_system_dir.patch
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
]; ];
firefox60_aarch64_skia_patch = fetchpatch { firefox60_aarch64_skia_patch = fetchpatch {
@ -24,15 +20,17 @@ rec {
firefox = common rec { firefox = common rec {
pname = "firefox"; pname = "firefox";
version = "60.0.2"; version = "61.0";
src = fetchurl { src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "2my4v8al3swwbiqcp3a5y89imly6apc2p9q0cbkhbiz0sqylc0l02jh0qp95migmik56m4prwqdi81kgqs7cw5r2np3mm6sc1b45mkg"; sha512 = "0ww2j5gxr7h142lfi0xvckvd7vmnha72j8c0wyyqmmp1rr341f10vfd0hvawiagik4ih6dz8h5pmkl67zdnwqc3z75vwnci20ajlg2s";
}; };
patches = nixpkgsPatches ++ [ patches = nixpkgsPatches ++ [
./no-buildconfig.patch ./no-buildconfig.patch
] ++ lib.optional stdenv.isAarch64 firefox60_aarch64_skia_patch; ];
extraNativeBuildInputs = [ python3 ];
meta = { meta = {
description = "A web browser built from Firefox source tree"; description = "A web browser built from Firefox source tree";
@ -47,13 +45,17 @@ rec {
firefox-esr-52 = common rec { firefox-esr-52 = common rec {
pname = "firefox-esr"; pname = "firefox-esr";
version = "52.8.1esr"; version = "52.9.0esr";
src = fetchurl { src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "a4883550fdf62e66b10f1de7416d3614a2cb0ce3a004d9a79ecc37a726794d7bbdb0a6767faab4ea97278d2192462597551fc13b7e9a9c38d043c2879d51095a"; sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9";
}; };
patches = nixpkgsPatches; patches = nixpkgsPatches ++ [
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
];
meta = firefox.meta // { meta = firefox.meta // {
description = "A web browser built from Firefox Extended Support Release source tree"; description = "A web browser built from Firefox Extended Support Release source tree";
@ -66,14 +68,18 @@ rec {
firefox-esr-60 = common rec { firefox-esr-60 = common rec {
pname = "firefox-esr"; pname = "firefox-esr";
version = "60.0.2esr"; version = "60.1.0esr";
src = fetchurl { src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "0vbilh4iwqfzkj598zbgkmwbkxh4bia8gn7p9x6xd7yvhb6708p4dfkkbg61hdh3bddyaxx1zd0wi8qxfxbrx19mc6k9dpc6xz52iy1"; sha512 = "2bg7zvkpy1x2ryiazvk4nn5m94v0addbhrcrlcf9djnqjf14rp5q50lbiymhxxz0988vgpicsvizifb8gb3hi7b8g17rdw6438ddhh6";
}; };
patches = nixpkgsPatches ++ [ patches = nixpkgsPatches ++ [
./no-buildconfig.patch ./no-buildconfig.patch
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
] ++ lib.optional stdenv.isAarch64 firefox60_aarch64_skia_patch; ] ++ lib.optional stdenv.isAarch64 firefox60_aarch64_skia_patch;
meta = firefox.meta // { meta = firefox.meta // {

6
pkgs/development/libraries/nss/default.nix
View File

@ -8,11 +8,11 @@ let
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "nss-${version}"; name = "nss-${version}";
version = "3.36.4"; version = "3.38";
src = fetchurl { src = fetchurl {
url = "mirror://mozilla/security/nss/releases/NSS_3_36_4_RTM/src/${name}.tar.gz"; url = "mirror://mozilla/security/nss/releases/NSS_3_38_RTM/src/${name}.tar.gz";
sha256 = "0si4g5bnhzkxy2f7rnaw86jfdzni5gvc7svxcf7ms8n97nrrdpik"; sha256 = "0qigcy3d169cf67jzv3rbai0m6dn34vp8h2z696mz4yn10y3sr1c";
}; };
buildInputs = [ perl zlib sqlite ] buildInputs = [ perl zlib sqlite ]