summary refs log tree commit diff
diff options
context:
space:
mode:
authorJonathan Brielmaier <jonathan.brielmaier@web.de>2023-04-12 00:12:21 +0200
committerJonathan Brielmaier <jonathan.brielmaier@web.de>2023-04-12 09:46:47 +0200
commita741b554cb66cd053a130b8b5b5926a30bec9d48 (patch)
tree312340beaf0c50ef8018f9cb9a904b15a413c81f
parent99c468b0647b1042ae4cd5f2d01f1e258235a837 (diff)
downloadguix-a741b554cb66cd053a130b8b5b5926a30bec9d48.tar.gz
gnu: icedove: Update to 102.10.0 [security fixes].
Fixes CVE-2023-0547 and CVE-2023-29479.

* gnu/packages/gnuzilla.scm (%icedove-version): Update to 102.10.0.
(%icedove-build-id, thunderbird-comm-l10n): Update accordingly.
(icecat-102.9.0-source): Remove.
-rw-r--r--gnu/packages/gnuzilla.scm180
1 files changed, 5 insertions, 175 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 00c6a8326b..0ffa61ffb5 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1114,178 +1114,8 @@ standards of the IceCat project.")
     "ru" "sco" "si" "sk" "sl" "son" "sq" "sr" "sv-SE" "szl" "ta" "te" "th" "tl"
     "tr" "trs" "uk" "ur" "uz" "vi" "xh" "zh-CN" "zh-TW"))
 
-(define icecat-102.9.0-source
-  (let* ((base-version "102.9.0")
-         (version "102.9.0-guix0-preview1")
-         (major-version (first  (string-split base-version #\.)))
-         (minor-version (second (string-split base-version #\.)))
-         (sub-version   (third  (string-split base-version #\.)))
-
-         (upstream-firefox-version (string-append base-version "esr"))
-         (upstream-firefox-source
-          (origin
-            (method url-fetch)
-            (uri (string-append
-                  "https://ftp.mozilla.org/pub/firefox/releases/"
-                  upstream-firefox-version "/source/"
-                  "firefox-" upstream-firefox-version ".source.tar.xz"))
-            (sha256
-             (base32
-              "1l8xlbba8sa9dg132k96ch8mz97i5lyhpvkxi8d85jh97xi79c1i"))))
-
-         ;; The upstream-icecat-base-version may be older than the
-         ;; base-version.
-         (upstream-icecat-base-version base-version)
-         (gnuzilla-commit "f55ede39713d1533734f37e39927cbb78abe1604")
-         (gnuzilla-source
-          (origin
-            (method git-fetch)
-            (uri (git-reference
-                  (url "git://git.savannah.gnu.org/gnuzilla.git")
-                  (commit gnuzilla-commit)))
-            (file-name (git-file-name "gnuzilla"
-                                      ;;upstream-icecat-base-version
-                                      (string-take gnuzilla-commit 8)))
-            (sha256
-             (base32
-              "0z15h3lxfn9pmj5bj62qim3h320dcd2v69xrg1phb7lh5gq0bylf"))))
-
-         ;; 'search-patch' returns either a valid file name or #f, so wrap it
-         ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
-         (makeicecat-patch
-          (local-file (assume-valid-file-name
-                       (search-patch "icecat-makeicecat.patch")))))
-
-    (origin
-      (method computed-origin-method)
-      (file-name (string-append "icecat-" version ".tar.xz"))
-      (sha256 #f)
-      (uri
-       (delay
-        (with-imported-modules '((guix build utils))
-          #~(begin
-              (use-modules (guix build utils))
-              (let ((firefox-dir
-                     (string-append "firefox-" #$base-version))
-                    (icecat-dir
-                     (string-append "icecat-" #$version)))
-
-                (set-path-environment-variable
-                 "PATH" '("bin")
-                 (list #+python
-                       #+(canonical-package bash)
-                       #+(canonical-package coreutils)
-                       #+(canonical-package findutils)
-                       #+(canonical-package patch)
-                       #+(canonical-package xz)
-                       #+(canonical-package sed)
-                       #+(canonical-package grep)
-                       #+(canonical-package bzip2)
-                       #+(canonical-package gzip)
-                       #+(canonical-package tar)))
-
-                (set-path-environment-variable
-                 "PYTHONPATH"
-                 (list #+(format #f "lib/python~a/site-packages"
-                                 (version-major+minor
-                                  (package-version python))))
-                 '#+(cons python-jsonschema
-                          (map second
-                               (package-transitive-propagated-inputs
-                                python-jsonschema))))
-
-                ;; Needed by the 'makeicecat' script.
-                (setenv "RENAME_CMD" "rename")
-
-                ;; We copy the gnuzilla source directory because it is
-                ;; read-only in 'gnuzilla-source', and the makeicecat script
-                ;; uses "cp -a" to copy parts of it and assumes that the
-                ;; copies will be writable.
-                (copy-recursively #+gnuzilla-source "/tmp/gnuzilla"
-                                  #:log (%make-void-port "w"))
-
-                (with-directory-excursion "/tmp/gnuzilla"
-                  (make-file-writable "makeicecat")
-                  (invoke "patch" "--force" "--no-backup-if-mismatch"
-                          "-p1" "--input" #+makeicecat-patch)
-                  (patch-shebang "makeicecat")
-                  (substitute* "makeicecat"
-                    (("^readonly FFMAJOR=(.*)" all ffmajor)
-                     (unless (string=? #$major-version
-                                       (string-trim-both ffmajor))
-                       ;; The makeicecat script cannot be expected to work
-                       ;; properly on a different version of Firefox, even if
-                       ;; no errors occur during execution.
-                       (error "makeicecat major version mismatch"))
-                     (string-append "readonly FFMAJOR=" #$major-version "\n"))
-                    (("^readonly FFMINOR=.*")
-                     (string-append "readonly FFMINOR=" #$minor-version "\n"))
-                    (("^readonly FFSUB=.*")
-                     (string-append "readonly FFSUB=" #$sub-version "\n"))
-                    (("^readonly DATADIR=.*")
-                     "readonly DATADIR=/tmp/gnuzilla/data\n")
-                    (("^readonly SOURCEDIR=.*")
-                     (string-append "readonly SOURCEDIR=" icecat-dir "\n"))
-                    (("/bin/sed")
-                     #+(file-append (canonical-package sed) "/bin/sed"))))
-
-                (format #t "Unpacking upstream firefox tarball...~%")
-                (force-output)
-                (invoke "tar" "xf" #+upstream-firefox-source)
-                (rename-file firefox-dir icecat-dir)
-
-                (with-directory-excursion icecat-dir
-                  (format #t "Populating l10n directory...~%")
-                  (force-output)
-                  (mkdir "l10n")
-                  (with-directory-excursion "l10n"
-                    (for-each
-                     (lambda (locale-dir)
-                       (let ((locale
-                              (string-drop (basename locale-dir)
-                                           (+ 32  ; length of hash
-                                              (string-length "-mozilla-locale-")))))
-                         (format #t "  ~a~%" locale)
-                         (force-output)
-                         (copy-recursively locale-dir locale
-                                           #:log (%make-void-port "w"))
-                         (for-each make-file-writable (find-files locale))
-                         (with-directory-excursion locale
-                           (when (file-exists? ".hgtags")
-                             (delete-file ".hgtags"))
-                           (mkdir-p "browser/chrome/browser/preferences")
-                           (call-with-output-file
-                               "browser/chrome/browser/preferences/advanced-scripts.dtd"
-                             (lambda (port) #f)))))
-                     '#+all-mozilla-locales)
-                    (copy-recursively #+mozilla-compare-locales
-                                      "compare-locales"
-                                      #:log (%make-void-port "w"))
-                    (delete-file "compare-locales/.gitignore")
-                    (delete-file "compare-locales/.hgignore")
-                    (delete-file "compare-locales/.hgtags")))
-
-                (format #t "Running makeicecat script...~%")
-                (force-output)
-                (invoke "bash" "/tmp/gnuzilla/makeicecat")
-
-                (format #t "Packing IceCat source tarball...~%")
-                (force-output)
-                (setenv "XZ_DEFAULTS" (string-join (%xz-parallel-args)))
-                (invoke "tar" "cfa" #$output
-                        ;; Avoid non-determinism in the archive.  We set the
-                        ;; mtime of files in the archive to early 1980 because
-                        ;; the build process fails if the mtime of source
-                        ;; files is pre-1980, due to the creation of zip
-                        ;; archives.
-                        "--mtime=@315619200" ; 1980-01-02 UTC
-                        "--owner=root:0"
-                        "--group=root:0"
-                        "--sort=name"
-                        icecat-dir)))))))))
-
-(define %icedove-build-id "20230328000000") ;must be of the form YYYYMMDDhhmmss
-(define %icedove-version "102.9.1")
+(define %icedove-build-id "20230411000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-version "102.10.0")
 
 ;; Provides the "comm" folder which is inserted into the icecat source.
 ;; Avoids the duplication of Icecat's source tarball.
@@ -1294,11 +1124,11 @@ standards of the IceCat project.")
     (method hg-fetch)
     (uri (hg-reference
           (url "https://hg.mozilla.org/releases/comm-esr102")
-          (changeset "a8965ef0b30705f497df3df718db60d9dc2c304f")))
+          (changeset "d8df3bebc4b529388b62b9cb4df152f13910fbe3")))
     (file-name (string-append "thunderbird-" %icedove-version "-checkout"))
     (sha256
      (base32
-      "14lj30a9hmiwxpriyfls245y1wj2j3hfwrsbf7s5d9ligjqldjag"))))
+      "1m46nxnq4jpp4p6qqw68pphhccxlz4zzbyyb8iq26zvp42x7ic8f"))))
 
 (define (comm-source->locales+changeset source)
   "Given SOURCE, a checkout of the Thunderbird 'comm' component, return the
@@ -1359,7 +1189,7 @@ list of languages supported as well as the currently used changeset."
                ;; Extract the base Icecat tarball, renaming its top-level
                ;; directory.
                (invoke "tar" "--transform" (string-append "s,[^/]*," #$name ",")
-                       "-xf" #$icecat-102.9.0-source)
+                       "-xf" #$icecat-source)
                (chdir #$name)
 
                ;; Merge the Thunderdbird localization data.