diff options
Diffstat (limited to 'pkgs/applications/networking/browsers/firefox')
3 files changed, 30 insertions, 196 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 66d499e779e..740d05ba046 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -110,12 +110,16 @@ let url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/build-arm-libopus.patch"; sha256 = "1zg56v3lc346fkzcjjx21vjip2s9hb2xw4pvza1dsfdnhsnzppfp"; }) - ] ++ lib.optional (lib.versionAtLeast ffversion "71") ./fix-ff71-lto.patch + ] + ++ lib.optional (lib.versionAtLeast ffversion "71") (fetchpatch { + url = "https://phabricator.services.mozilla.com/D56873?download=true"; + sha256 = "183949phd2n27nhiq85a04j4fjn0jxmldic6wcjrczsd8g2rrr5k"; + }) ++ patches; in -stdenv.mkDerivation rec { +stdenv.mkDerivation (rec { name = "${pname}-unwrapped-${version}"; version = browserVersion; @@ -363,4 +367,18 @@ stdenv.mkDerivation rec { inherit browserName; } // lib.optionalAttrs gtk3Support { inherit gtk3; }; -} +} // +# the build system verifies checksums of the bundled rust sources +# ./third_party/rust is be patched by our libtool fixup code in stdenv +# unfortunately we can't just set this to `false` when we do not want it. +# See https://github.com/NixOS/nixpkgs/issues/77289 for more details +lib.optionalAttrs (lib.versionAtLeast ffversion "72") { + # Ideally we would figure out how to tell the build system to not + # care about changed hashes as we are already doing that when we + # fetch the sources. Any further modifications of the source tree + # is on purpose by some of our tool (or by accident and a bug?). + dontFixLibtool = true; + + # on aarch64 this is also required + dontUpdateAutotoolsGnuConfigScripts = true; +}) diff --git a/pkgs/applications/networking/browsers/firefox/fix-ff71-lto.patch b/pkgs/applications/networking/browsers/firefox/fix-ff71-lto.patch deleted file mode 100644 index f48cad9e67a..00000000000 --- a/pkgs/applications/networking/browsers/firefox/fix-ff71-lto.patch +++ /dev/null @@ -1,100 +0,0 @@ -Original Patch: https://bugzilla.mozilla.org/show_bug.cgi?id=1601707#c6 - -Also fixes the issues with dom localstorage. - ---- a/dom/indexedDB/ActorsParent.cpp -+++ b/dom/indexedDB/ActorsParent.cpp -@@ -24311,11 +24311,11 @@ nsresult ObjectStoreAddOrPutRequestOp::DoDatabaseWork( - // if we allow overwrite or not. By not allowing overwrite we raise - // detectable errors rather than corrupting data. - DatabaseConnection::CachedStatement stmt; -- const auto& optReplaceDirective = (!mOverwrite || keyUnset) -- ? NS_LITERAL_CSTRING("") -- : NS_LITERAL_CSTRING("OR REPLACE "); - rv = aConnection->GetCachedStatement( -- NS_LITERAL_CSTRING("INSERT ") + optReplaceDirective + -+ NS_LITERAL_CSTRING("INSERT ") + -+ ((!mOverwrite || keyUnset) -+ ? NS_LITERAL_CSTRING("") -+ : NS_LITERAL_CSTRING("OR REPLACE ")) + - NS_LITERAL_CSTRING("INTO object_data " - "(object_store_id, key, file_ids, data) " - "VALUES (:") + -@@ -26076,9 +26076,6 @@ nsresult Cursor::OpenOp::DoIndexDatabaseWork(DatabaseConnection* aConnection) { - - const bool usingKeyRange = mOptionalKeyRange.isSome(); - -- const auto& indexTable = mCursor->mUniqueIndex -- ? NS_LITERAL_CSTRING("unique_index_data") -- : NS_LITERAL_CSTRING("index_data"); - - NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); - -@@ -26099,7 +26096,9 @@ nsresult Cursor::OpenOp::DoIndexDatabaseWork(DatabaseConnection* aConnection) { - "object_data.file_ids, " - "object_data.data " - "FROM ") + -- indexTable + -+ (mCursor->mUniqueIndex -+ ? NS_LITERAL_CSTRING("unique_index_data") -+ : NS_LITERAL_CSTRING("index_data")) + - NS_LITERAL_CSTRING( - " AS index_table " - "JOIN object_data " -@@ -26198,9 +26197,6 @@ nsresult Cursor::OpenOp::DoIndexKeyDatabaseWork( - - const bool usingKeyRange = mOptionalKeyRange.isSome(); - -- const auto& table = mCursor->mUniqueIndex -- ? NS_LITERAL_CSTRING("unique_index_data") -- : NS_LITERAL_CSTRING("index_data"); - - NS_NAMED_LITERAL_CSTRING(sortColumn, "sort_column"); - -@@ -26218,7 +26214,10 @@ nsresult Cursor::OpenOp::DoIndexKeyDatabaseWork( - NS_LITERAL_CSTRING( - "object_data_key " - " FROM ") + -- table + NS_LITERAL_CSTRING(" WHERE index_id = :") + -+ (mCursor->mUniqueIndex -+ ? NS_LITERAL_CSTRING("unique_index_data") -+ : NS_LITERAL_CSTRING("index_data")) + -+ NS_LITERAL_CSTRING(" WHERE index_id = :") + - kStmtParamNameId; - - const auto keyRangeClause = -diff --git a/dom/localstorage/ActorsParent.cpp b/dom/localstorage/ActorsParent.cpp -index 9c46c20670..642cef1701 100644 ---- a/dom/localstorage/ActorsParent.cpp -+++ b/dom/localstorage/ActorsParent.cpp -@@ -6959,13 +6959,10 @@ nsresult PrepareDatastoreOp::Start() { - MOZ_ASSERT(!QuotaClient::IsShuttingDownOnBackgroundThread()); - MOZ_ASSERT(MayProceed()); - -- const LSRequestCommonParams& commonParams = -- mForPreload -- ? mParams.get_LSRequestPreloadDatastoreParams().commonParams() -- : mParams.get_LSRequestPrepareDatastoreParams().commonParams(); -- - const PrincipalInfo& storagePrincipalInfo = -- commonParams.storagePrincipalInfo(); -+ mForPreload -+ ? mParams.get_LSRequestPreloadDatastoreParams().commonParams().storagePrincipalInfo() -+ : mParams.get_LSRequestPrepareDatastoreParams().commonParams().storagePrincipalInfo(); - - if (storagePrincipalInfo.type() == PrincipalInfo::TSystemPrincipalInfo) { - QuotaManager::GetInfoForChrome(&mSuffix, &mGroup, &mOrigin); -@@ -6996,10 +6993,9 @@ nsresult PrepareDatastoreOp::CheckExistingOperations() { - return NS_ERROR_FAILURE; - } - -- const LSRequestCommonParams& commonParams = -- mForPreload -- ? mParams.get_LSRequestPreloadDatastoreParams().commonParams() -- : mParams.get_LSRequestPrepareDatastoreParams().commonParams(); -+ const LSRequestCommonParams& preloadCommonParams = mParams.get_LSRequestPreloadDatastoreParams().commonParams(); -+ const LSRequestCommonParams& prepareCommonParams = mParams.get_LSRequestPrepareDatastoreParams().commonParams(); -+ const LSRequestCommonParams& commonParams = mForPreload ? preloadCommonParams : prepareCommonParams; - - const PrincipalInfo& storagePrincipalInfo = - commonParams.storagePrincipalInfo(); diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 105a0a18d6b..833b97ba86f 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -16,10 +16,10 @@ in rec { firefox = common rec { pname = "firefox"; - ffversion = "71.0"; + ffversion = "72.0.2"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "0hfjlhwdhfdfzd27d6p3h8ff5m2jphlaipv4zym48bn6g95if1x98q2lb87617bxfm31di4rckjvqb70g9sm3smil6p6bnw2dsvnq1g"; + sha512 = "13l23p2dqsf2cpdzaydqqq4kbxlc5jxggz9r2i49avn4q9bqx036zvsq512q1hk37bz2bwq8zdr0530s44zickinls150xq14kq732d"; }; patches = [ @@ -89,6 +89,7 @@ rec { meta = firefox.meta // { description = "A web browser built from Firefox Extended Support Release source tree"; + knownVulnerabilities = [ "Support ended around October 2019." ]; }; updateScript = callPackage ./update.nix { attrPath = "firefox-esr-60-unwrapped"; @@ -99,10 +100,10 @@ rec { firefox-esr-68 = common rec { pname = "firefox-esr"; - ffversion = "68.3.0esr"; + ffversion = "68.4.2esr"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz"; - sha512 = "31zisy4l07hhm9yvxz7sx04kz1f5rl20z1w072jxaabi42sw07xr6lcflv88gwl21y902n7vwd1q1zfavpnipn65wap4i0vm8c4m6pr"; + sha512 = "1n7ssx4w5b822bq8zcv6vsy5ph1xjyj9qh6zbnknym5bc0spzk19nrkrpl8a2m26z6xj2lgw1n19gjf4ab6jpfxv3cqq4qwmm0v2fz1"; }; patches = [ @@ -174,6 +175,7 @@ in { ./no-buildconfig.patch missing-documentation-patch ]; + meta.knownVulnerabilities = [ "Support ended around October 2019." ]; }; # Similarly to firefox-esr-52 above. @@ -195,94 +197,8 @@ in { meta.knownVulnerabilities = [ "Support ended in August 2018." ]; }; -}) // (let - - tbcommon = args: common (args // { - pname = "tor-browser"; - isTorBrowserLike = true; - - unpackPhase = '' - # fetchFromGitHub produces ro sources, root dir gets a name that - # is too long for shebangs. fixing - cp -a $src tor-browser - chmod -R +w tor-browser - cd tor-browser - - # set times for xpi archives - find . -exec touch -d'2010-01-01 00:00' {} \; - ''; - - meta = (args.meta or {}) // { - description = "A web browser built from TorBrowser source tree"; - longDescription = '' - This is a version of TorBrowser with bundle-related patches - reverted. - - I.e. it's a variant of Firefox with less fingerprinting and - some isolation features you can't get with any extensions. - - Or, alternatively, a variant of TorBrowser that works like any - other UNIX program and doesn't expect you to run it from a - bundle. - - It will use your default Firefox profile if you're not careful - even! Be careful! - - It will clash with firefox binary if you install both. But it - should not be a problem because you should run browsers in - separate users/VMs anyway. - - Create new profile by starting it as - - $ firefox -ProfileManager - - and then configure it to use your tor instance. - - Or just use `tor-browser-bundle` package that packs this - `tor-browser` back into a sanely-built bundle. - ''; - homepage = "https://www.torproject.org/projects/torbrowser.html"; - platforms = lib.platforms.unix; - license = with lib.licenses; [ mpl20 bsd3 ]; - }; - }); - -in rec { - - tor-browser-7-5 = (tbcommon { - ffversion = "52.9.0esr"; - tbversion = "7.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-52.9.0esr-7.5-2-slnos" - rev = "95bb92d552876a1f4260edf68fda5faa3eb36ad8"; - sha256 = "1ykn3yg4s36g2cpzxbz7s995c33ij8kgyvghx38z4i8siaqxdddy"; - }; - }).override { - gtk3Support = false; - }; - - tor-browser-8-5 = tbcommon rec { - ffversion = "60.9.0esr"; - tbversion = "8.5.6"; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-60.9.0esr-8.5-2-slnos" - rev = "0489ae3158cd8c0e16c2e78b94083d8cbf0209dc"; - sha256 = "0y5s7d8pg8ak990dp8d801j9823igaibfhv9hsa79nib5yllifzs"; - }; - - patches = [ - missing-documentation-patch - ]; - }; - - tor-browser = tor-browser-8-5; + tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; + tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452."; }) |