summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2020-06-30 19:12:18 -0400
committerMark H Weaver <mhw@netris.org>2020-07-01 12:45:08 -0400
commitf74e9277c186be4bd8101fa3c6924f0cb04e4c13 (patch)
tree86e21a3f46edb86d55885bd41d0da660c269de6b
parentade0f8ea0cbcabcd94cb4212abebd8c143c7d69d (diff)
downloadguix-f74e9277c186be4bd8101fa3c6924f0cb04e4c13.tar.gz
gnu: icecat: Update to 68.10.0-guix0-preview1 [security-fixes].
Includes fixes for CVE-2020-12417, CVE-2020-12418, CVE-2020-12419,
CVE-2020-12420, and CVE-2020-12421.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.  Remove
code that deleted the Onion Browser Button extension, which is no longer
bundled upstream.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
-rw-r--r--gnu/packages/gnuzilla.scm18
-rw-r--r--gnu/packages/patches/icecat-makeicecat.patch4
2 files changed, 8 insertions, 14 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 3bffe12577..cc3acd6b9b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -556,8 +556,8 @@ from forcing GEXP-PROMISE."
                       #:system system
                       #:guile-for-build guile)))
 
-(define %icecat-version "68.9.0-guix0-preview1")
-(define %icecat-build-id "20200602000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "68.10.0-guix0-preview1")
+(define %icecat-build-id "20200630000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -579,11 +579,11 @@ from forcing GEXP-PROMISE."
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "01s41p985g6v544lf08zch3myssn5c76jwmkzzd68zd9m3hhalck"))))
+              "0azdinwqjfv2q37gqpxmfvzsk86pvsi6cjaq1310zs26gric5j1f"))))
 
-         (upstream-icecat-base-version "68.9.0") ; maybe older than base-version
+         (upstream-icecat-base-version "68.10.0") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "d7acf32ad905a3382cb2353577a96d29aa58f589")
+         (gnuzilla-commit "76dced64ce0e72fe3030dc2f7b22cda8e36b165e")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -595,7 +595,7 @@ from forcing GEXP-PROMISE."
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "0m49zm05m3n95diij2zyvpm74q66zxjhv9rp8zvaab0h7v2s09n9"))))
+              "0xcg6h0da63qyv7h575xjrbkzqqcjhwjd45x9h9qmpxiaibi9g3d"))))
 
          (makeicecat-patch
           (local-file (search-patch "icecat-makeicecat.patch")))
@@ -648,12 +648,6 @@ from forcing GEXP-PROMISE."
                           "-p1" "--input" #+makeicecat-patch)
                   (invoke "patch" "--force" "--no-backup-if-mismatch"
                           "-p1" "--input" #+gnuzilla-fixes-patch)
-
-                  ;; Remove the bundled tortm-browser-button extension,
-                  ;; which doesn't seem to be working properly.
-                  (delete-file-recursively
-                   "data/extensions/tortm-browser-button@jeremybenthum")
-
                   (patch-shebang "makeicecat")
                   (substitute* "makeicecat"
                     (("^FFMAJOR=(.*)" all ffmajor)
diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch
index d3d95cbf28..cff0b7ad45 100644
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -25,7 +25,7 @@ index 8be2362..48716f2 100755
 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 -gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
--echo -n 935105e1a8a97d64daffb372690e2b566b5f07641f01470929dbbc82d20d4407 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+-echo -n 2ec8c2627e46e80fc208584966a2ded7a0a9ff76b55ffccec0623b89b98ded2b firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 -
 -echo Extracting Firefox tarball
 -tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -37,7 +37,7 @@ index 8be2362..48716f2 100755
 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 +# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
-+# echo -n 935105e1a8a97d64daffb372690e2b566b5f07641f01470929dbbc82d20d4407 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
++# echo -n 2ec8c2627e46e80fc208584966a2ded7a0a9ff76b55ffccec0623b89b98ded2b firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 +# 
 +# echo Extracting Firefox tarball
 +# tar -xf firefox-${FFVERSION}esr.source.tar.xz