HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: icecat: Apply fixes for CVE-2015-{0801,0807,0815,0816}.
[jackhill/guix/guix.git] / gnu / packages / gnuzilla.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
3 ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
4 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
5 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
6 ;;;
7 ;;; This file is part of GNU Guix.
8 ;;;
9 ;;; GNU Guix is free software; you can redistribute it and/or modify it
10 ;;; under the terms of the GNU General Public License as published by
11 ;;; the Free Software Foundation; either version 3 of the License, or (at
12 ;;; your option) any later version.
13 ;;;
14 ;;; GNU Guix is distributed in the hope that it will be useful, but
15 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;;; GNU General Public License for more details.
18 ;;;
19 ;;; You should have received a copy of the GNU General Public License
20 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
21
22 (define-module (gnu packages gnuzilla)
23 #:use-module (gnu packages)
24 #:use-module ((guix licenses) #:prefix license:)
25 #:use-module (guix packages)
26 #:use-module (guix download)
27 #:use-module (guix build-system gnu)
28 #:use-module (gnu packages databases)
29 #:use-module (gnu packages glib)
30 #:use-module (gnu packages gstreamer)
31 #:use-module (gnu packages gtk)
32 #:use-module (gnu packages linux)
33 #:use-module (gnu packages perl)
34 #:use-module (gnu packages pkg-config)
35 #:use-module (gnu packages compression)
36 #:use-module (gnu packages fontutils)
37 #:use-module (gnu packages libevent)
38 #:use-module (gnu packages image)
39 #:use-module (gnu packages libffi)
40 #:use-module (gnu packages pulseaudio)
41 #:use-module (gnu packages python)
42 #:use-module (gnu packages xorg)
43 #:use-module (gnu packages gl)
44 #:use-module (gnu packages yasm)
45 #:use-module (gnu packages icu4c)
46 #:use-module (gnu packages video)
47 #:use-module (gnu packages xdisorg)
48 #:use-module (gnu packages zip))
49
50 (define-public mozjs
51 (package
52 (name "mozjs")
53 (version "17.0.0")
54 (source (origin
55 (method url-fetch)
56 (uri (string-append
57 "https://ftp.mozilla.org/pub/mozilla.org/js/"
58 name version ".tar.gz"))
59 (sha256
60 (base32
61 "1fig2wf4f10v43mqx67y68z6h77sy900d1w0pz9qarrqx57rc7ij"))))
62 (build-system gnu-build-system)
63 (native-inputs
64 `(("perl", perl)
65 ("python" ,python-2)))
66 (arguments
67 `(#:phases
68 (alist-cons-before
69 'configure 'chdir
70 (lambda _
71 (chdir "js/src"))
72 (alist-replace
73 'configure
74 ;; configure fails if it is followed by SHELL and CONFIG_SHELL
75 (lambda* (#:key outputs #:allow-other-keys)
76 (let ((out (assoc-ref outputs "out")))
77 (setenv "SHELL" (which "sh"))
78 (setenv "CONFIG_SHELL" (which "sh"))
79 (zero? (system*
80 "./configure" (string-append "--prefix=" out)))))
81 %standard-phases))))
82 (home-page
83 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey")
84 (synopsis "Mozilla javascript engine")
85 (description "SpiderMonkey is Mozilla's JavaScript engine written
86 in C/C++.")
87 (license license:mpl2.0))) ; and others for some files
88
89 (define-public nspr
90 (package
91 (name "nspr")
92 (version "4.10.8")
93 (source (origin
94 (method url-fetch)
95 (uri (string-append
96 "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v"
97 version "/src/nspr-" version ".tar.gz"))
98 (sha256
99 (base32
100 "05aaakz24ba2hdzlqx8qamwrsp7gni1acms8mr6m432wa9yaazjh"))))
101 (build-system gnu-build-system)
102 (native-inputs
103 `(("perl", perl)))
104 (arguments
105 `(#:tests? #f ; no check target
106 #:configure-flags
107 `("--enable-64bit")
108 #:phases
109 (alist-cons-before
110 'configure 'chdir
111 (lambda _
112 (chdir "nspr"))
113 %standard-phases)))
114 (home-page
115 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR")
116 (synopsis "Netscape API for system level and libc-like functions")
117 (description "Netscape Portable Runtime (NSPR) provides a
118 platform-neutral API for system level and libc-like functions. It is used
119 in the Mozilla clients.")
120 (license license:mpl2.0)))
121
122 (define-public nss
123 (package
124 (name "nss")
125 (version "3.17.4")
126 (source (origin
127 (method url-fetch)
128 (uri (string-append
129 "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/"
130 "releases/NSS_3_17_4_RTM/src/nss-3.17.4.tar.gz"))
131 (sha256
132 (base32
133 "0ycxzybgn4bq0i6j5zjdjl70n3s8a742yixyik4pw8x4h4cav60x"))
134 ;; Create nss.pc and nss-config.
135 (patches (list (search-patch "nss-pkgconfig.patch")))))
136 (build-system gnu-build-system)
137 (outputs '("out" "bin"))
138 (arguments
139 '(#:parallel-build? #f ; failed
140 #:make-flags
141 (let* ((out (assoc-ref %outputs "out"))
142 (nspr (string-append (assoc-ref %build-inputs "nspr")))
143 (rpath (string-append "-Wl,-rpath=" out "/lib/nss")))
144 (list "-C" "nss" (string-append "PREFIX=" out)
145 "NSDISTMODE=copy"
146 "NSS_USE_SYSTEM_SQLITE=1"
147 (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
148 ;; Add $out/lib/nss to RPATH.
149 (string-append "RPATH=" rpath)
150 (string-append "LDFLAGS=" rpath)))
151 #:modules ((guix build gnu-build-system)
152 (guix build utils)
153 (ice-9 ftw)
154 (ice-9 match)
155 (srfi srfi-26))
156 #:imported-modules ((guix build gnu-build-system)
157 (guix build utils))
158 #:phases
159 (alist-replace
160 'configure
161 (lambda* (#:key system inputs #:allow-other-keys)
162 ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
163 (when (string-prefix? "x86_64" system)
164 (setenv "USE_64" "1"))
165 #t)
166 (alist-replace
167 'check
168 (lambda _
169 ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
170 ;; The later requires a working DNS or /etc/hosts.
171 (setenv "DOMSUF" "(none)")
172 (setenv "USE_IP" "TRUE")
173 (setenv "IP_ADDRESS" "127.0.0.1")
174 (zero? (system* "./nss/tests/all.sh")))
175 (alist-replace
176 'install
177 (lambda* (#:key outputs #:allow-other-keys)
178 (let* ((out (assoc-ref outputs "out"))
179 (bin (string-append (assoc-ref outputs "bin") "/bin"))
180 (inc (string-append out "/include/nss"))
181 (lib (string-append out "/lib/nss"))
182 (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
183 ((obj) (string-append "dist/" obj)))))
184 ;; Install nss-config to $out/bin.
185 (mkdir-p (string-append out "/bin"))
186 (copy-file (string-append obj "/bin/nss-config")
187 (string-append out "/bin/nss-config"))
188 (delete-file (string-append obj "/bin/nss-config"))
189 ;; Install nss.pc to $out/lib/pkgconfig.
190 (mkdir-p (string-append out "/lib/pkgconfig"))
191 (copy-file (string-append obj "/lib/pkgconfig/nss.pc")
192 (string-append out "/lib/pkgconfig/nss.pc"))
193 (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
194 (rmdir (string-append obj "/lib/pkgconfig"))
195 ;; Install other files.
196 (copy-recursively "dist/public/nss" inc)
197 (copy-recursively (string-append obj "/bin") bin)
198 (copy-recursively (string-append obj "/lib") lib)))
199 %standard-phases)))))
200 (inputs
201 `(("sqlite" ,sqlite)
202 ("zlib" ,zlib)))
203 (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
204 (native-inputs `(("perl" ,perl)))
205 (home-page
206 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
207 (synopsis "Network Security Services")
208 (description
209 "Network Security Services (NSS) is a set of libraries designed to support
210 cross-platform development of security-enabled client and server applications.
211 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
212 PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
213 standards.")
214 (license license:mpl2.0)))
215
216 (define-public icecat
217 (package
218 (name "icecat")
219 (version "31.5.0")
220 (source
221 (origin
222 (method url-fetch)
223 (uri (string-append "mirror://gnu/gnuzilla/"
224 version "/" name "-" version ".tar.bz2"))
225 (sha256
226 (base32
227 "1rr4axghaypdkrf60i1qp6dz4cd29ya02fs3vyffvp4x9kgcq2dd"))
228 (patches (map search-patch '("icecat-CVE-2015-0815-pt1.patch"
229 "icecat-CVE-2015-0815-pt2.patch"
230 "icecat-bug-1127780.patch"
231 "icecat-CVE-2015-0807.patch"
232 "icecat-CVE-2015-0815-pt3.patch"
233 "icecat-CVE-2015-0817.patch"
234 "icecat-CVE-2015-0816.patch"
235 "icecat-CVE-2015-0818-pt1.patch"
236 "icecat-bug-1145870.patch"
237 "icecat-CVE-2015-0818-pt2.patch"
238 "icecat-CVE-2015-0801.patch")))))
239 (build-system gnu-build-system)
240 (inputs
241 `(("alsa-lib" ,alsa-lib)
242 ("bzip2" ,bzip2)
243 ("cairo" ,cairo)
244 ("dbus" ,dbus)
245 ("dbus-glib" ,dbus-glib)
246 ("glib" ,glib)
247 ("gstreamer" ,gstreamer)
248 ("gst-plugins-base" ,gst-plugins-base)
249 ("gtk+" ,gtk+-2)
250 ("pango" ,pango)
251 ("freetype" ,freetype)
252 ("libxft" ,libxft)
253 ("libevent" ,libevent)
254 ("libxt" ,libxt)
255 ("libffi" ,libffi)
256 ("libvpx" ,libvpx)
257 ("icu4c" ,icu4c)
258 ("pixman" ,pixman)
259 ("pulseaudio" ,pulseaudio)
260 ("mesa" ,mesa)
261 ("nspr" ,nspr)
262 ("nss" ,nss)
263 ("unzip" ,unzip)
264 ("yasm" ,yasm)
265 ("zip" ,zip)
266 ("zlib" ,zlib)))
267 (native-inputs
268 `(("perl" ,perl)
269 ("python" ,python-2) ; Python 3 not supported
270 ("python2-pysqlite" ,python2-pysqlite)
271 ("pkg-config" ,pkg-config)))
272 (arguments
273 `(#:tests? #f ; no check target
274 #:out-of-source? #t ; must be built outside of the source directory
275
276 #:configure-flags '(;; Building with debugging symbols takes ~5GiB, so
277 ;; disable it.
278 "--disable-debug"
279 "--disable-debug-symbols"
280
281 "--enable-pulseaudio"
282 "--enable-gstreamer=1.0"
283
284 "--with-system-zlib"
285 "--with-system-bz2" ; FIXME: not used
286 "--with-system-libevent"
287 "--with-system-libvpx"
288 "--with-system-icu"
289 "--with-system-nspr"
290 "--with-system-nss"
291 "--enable-system-pixman"
292 "--enable-system-cairo"
293 "--enable-system-ffi"
294
295 ;; Fails with "configure: error: System
296 ;; SQLite library is not compiled with
297 ;; SQLITE_ENABLE_UNLOCK_NOTIFY."
298 ;; "--enable-system-sqlite"
299
300 ;; Fails with "--with-system-png won't work because
301 ;; the system's libpng doesn't have APNG support".
302 ;; According to
303 ;; http://sourceforge.net/projects/libpng-apng/ ,
304 ;; "the Animated Portable Network Graphics (APNG)
305 ;; is an unofficial extension of the Portable
306 ;; Network Graphics (PNG) format";
307 ;; we probably do not wish to support it.
308 ;; "--with-system-png"
309
310 ;; Fails with "libjpeg-turbo JCS_EXTENSIONS
311 ;; required".
312 ;; According to
313 ;; http://sourceforge.net/projects/libjpeg-turbo/ ,
314 ;; "libjpeg-turbo is a derivative of libjpeg that
315 ;; uses MMX, SSE, SSE2, and NEON SIMD instructions
316 ;; to accelerate baseline JPEG compression/
317 ;; decompression", so we had better not use it
318 ;; "--with-system-jpeg"
319 )
320
321 #:phases
322 (alist-replace
323 'configure
324 ;; configure does not work followed by both "SHELL=..." and
325 ;; "CONFIG_SHELL=..."; set environment variables instead
326 (lambda* (#:key outputs configure-flags #:allow-other-keys)
327 (let* ((out (assoc-ref outputs "out"))
328 (bash (which "bash"))
329 (abs-srcdir (getcwd))
330 (srcdir (string-append "../" (basename abs-srcdir)))
331 (flags `(,(string-append "--prefix=" out)
332 ,(string-append "--with-l10n-base="
333 abs-srcdir "/l10n")
334 ,@configure-flags)))
335 (setenv "SHELL" bash)
336 (setenv "CONFIG_SHELL" bash)
337 (mkdir "../build")
338 (chdir "../build")
339 (format #t "build directory: ~s~%" (getcwd))
340 (format #t "configure flags: ~s~%" flags)
341 (zero? (apply system* bash
342 (string-append srcdir "/configure")
343 flags))))
344 %standard-phases)))
345 (home-page "http://www.gnu.org/software/gnuzilla/")
346 (synopsis "Entirely free browser derived from Mozilla Firefox")
347 (description
348 "IceCat is the GNU version of the Firefox browser. It is entirely free
349 software, which does not recommend non-free plugins and addons. It also
350 features built-in privacy-protecting features.")
351 (license license:mpl2.0))) ; and others, see toolkit/content/license.html
jackhill's copy of GNU Guix: https://guix.gnu.org/