Merge #42729: firefox-61 and related updates (security)

(cherry picked from commit 8ad921dc94)
Fast-forwarded to get to master sooner.
This commit is contained in:
Vladimír Čunát 2018-06-29 20:55:43 +02:00
parent f8b0f68fd5
commit 2f4001f41a
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
4 changed files with 427 additions and 420 deletions

View File

@ -1,13 +1,14 @@
{ pname, version, updateScript ? null
, src, patches ? [], extraConfigureFlags ? [], extraMakeFlags ? [], overrides ? {}, meta
, src, patches ? [], extraConfigureFlags ? [], extraMakeFlags ? []
, overrides ? {}, extraNativeBuildInputs ? [], meta
, isTorBrowserLike ? false }:
{ lib, stdenv, pkgconfig, pango, perl, python, zip, libIDL
{ lib, stdenv, pkgconfig, pango, perl, python2, zip, libIDL
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, libnotify
, yasm, libGLU_combined, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification, libvpx
, cairo, icu, libpng, jemalloc
, cairo, icu, libpng, jemalloc, glib
, autoconf213, which, gnused, cargo, rustc, llvmPackages
, debugBuild ? false
@ -80,22 +81,22 @@ stdenv.mkDerivation (rec {
nspr libnotify xorg.pixman yasm libGLU_combined
xorg.libXScrnSaver xorg.scrnsaverproto
xorg.libXext xorg.xextproto sqlite unzip makeWrapper
hunspell libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc
libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc glib
]
++ lib.optionals (!isTorBrowserLike) [ nss ]
++ lib.optional (lib.versionOlder version "61") hunspell
++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optionals ffmpegSupport [ gstreamer gst-plugins-base ]
++ lib.optional gtk3Support gtk3
++ lib.optional gssSupport kerberos;
NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss";
NIX_CFLAGS_COMPILE = "-I${nspr.dev}/include/nspr -I${nss.dev}/include/nss -I${glib.dev}/include/gio-unix-2.0";
nativeBuildInputs =
[ autoconf213 which gnused pkgconfig perl python cargo rustc ]
++ lib.optional gtk3Support wrapGAppsHook;
[ autoconf213 which gnused pkgconfig perl python2 cargo rustc ]
++ lib.optional gtk3Support wrapGAppsHook ++ extraNativeBuildInputs;
preConfigure = ''
# remove distributed configuration files
@ -113,7 +114,7 @@ stdenv.mkDerivation (rec {
cxxLib=$( echo -n ${gcc}/include/c++/* )
archLib=$cxxLib/$( ${gcc}/bin/gcc -dumpmachine )
test -f layout/style/ServoBindings.toml && sed -i -e '/"-DMOZ_STYLO"/ a , "-cxx-isystem", "'$cxxLib'", "-isystem", "'$archLib'"' layout/style/ServoBindings.toml
test -f layout/style/ServoBindings.toml && sed -i -e '/"-DRUST_BINDGEN"/ a , "-cxx-isystem", "'$cxxLib'", "-isystem", "'$archLib'"' layout/style/ServoBindings.toml
'' + lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
@ -134,7 +135,6 @@ stdenv.mkDerivation (rec {
"--with-system-png" # needs APNG support
"--with-system-icu"
"--enable-system-ffi"
"--enable-system-hunspell"
"--enable-system-pixman"
"--enable-system-sqlite"
#"--enable-system-cairo"
@ -148,6 +148,7 @@ stdenv.mkDerivation (rec {
"--disable-gconf"
"--enable-default-toolkit=cairo-gtk${if gtk3Support then "3" else "2"}"
]
++ lib.optional (lib.versionOlder version "61") "--enable-system-hunspell"
++ lib.optionals (lib.versionAtLeast version "56" && !stdenv.hostPlatform.isi686) [
# on i686-linux: --with-libclang-path is not available in this configuration
"--with-libclang-path=${llvmPackages.libclang}/lib"

View File

@ -1,4 +1,4 @@
{ lib, callPackage, stdenv, overrideCC, gcc5, fetchurl, fetchFromGitHub, fetchpatch }:
{ lib, callPackage, stdenv, overrideCC, gcc5, fetchurl, fetchFromGitHub, fetchpatch, python3 }:
let
@ -6,10 +6,6 @@ let
nixpkgsPatches = [
./env_var_for_system_dir.patch
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
];
firefox60_aarch64_skia_patch = fetchpatch {
@ -24,15 +20,17 @@ rec {
firefox = common rec {
pname = "firefox";
version = "60.0.2";
version = "61.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "2my4v8al3swwbiqcp3a5y89imly6apc2p9q0cbkhbiz0sqylc0l02jh0qp95migmik56m4prwqdi81kgqs7cw5r2np3mm6sc1b45mkg";
sha512 = "0ww2j5gxr7h142lfi0xvckvd7vmnha72j8c0wyyqmmp1rr341f10vfd0hvawiagik4ih6dz8h5pmkl67zdnwqc3z75vwnci20ajlg2s";
};
patches = nixpkgsPatches ++ [
./no-buildconfig.patch
] ++ lib.optional stdenv.isAarch64 firefox60_aarch64_skia_patch;
];
extraNativeBuildInputs = [ python3 ];
meta = {
description = "A web browser built from Firefox source tree";
@ -47,13 +45,17 @@ rec {
firefox-esr-52 = common rec {
pname = "firefox-esr";
version = "52.8.1esr";
version = "52.9.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "a4883550fdf62e66b10f1de7416d3614a2cb0ce3a004d9a79ecc37a726794d7bbdb0a6767faab4ea97278d2192462597551fc13b7e9a9c38d043c2879d51095a";
sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9";
};
patches = nixpkgsPatches;
patches = nixpkgsPatches ++ [
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
];
meta = firefox.meta // {
description = "A web browser built from Firefox Extended Support Release source tree";
@ -66,14 +68,18 @@ rec {
firefox-esr-60 = common rec {
pname = "firefox-esr";
version = "60.0.2esr";
version = "60.1.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "0vbilh4iwqfzkj598zbgkmwbkxh4bia8gn7p9x6xd7yvhb6708p4dfkkbg61hdh3bddyaxx1zd0wi8qxfxbrx19mc6k9dpc6xz52iy1";
sha512 = "2bg7zvkpy1x2ryiazvk4nn5m94v0addbhrcrlcf9djnqjf14rp5q50lbiymhxxz0988vgpicsvizifb8gb3hi7b8g17rdw6438ddhh6";
};
patches = nixpkgsPatches ++ [
./no-buildconfig.patch
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
] ++ lib.optional stdenv.isAarch64 firefox60_aarch64_skia_patch;
meta = firefox.meta // {

View File

@ -8,11 +8,11 @@ let
in stdenv.mkDerivation rec {
name = "nss-${version}";
version = "3.36.4";
version = "3.38";
src = fetchurl {
url = "mirror://mozilla/security/nss/releases/NSS_3_36_4_RTM/src/${name}.tar.gz";
sha256 = "0si4g5bnhzkxy2f7rnaw86jfdzni5gvc7svxcf7ms8n97nrrdpik";
url = "mirror://mozilla/security/nss/releases/NSS_3_38_RTM/src/${name}.tar.gz";
sha256 = "0qigcy3d169cf67jzv3rbai0m6dn34vp8h2z696mz4yn10y3sr1c";
};
buildInputs = [ perl zlib sqlite ]