gnu: icecat: Update to 68.3.0-guix0-preview1 [security fixes].

Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008, CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012. * gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Update hash for the firefox source tarball. Update to the latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove determinism fix in makeicecat that is now upstream. Tweak a status message. (icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag. * gnu/packages/patches/icecat-makeicecat.patch: Adapt.
author: Mark H Weaver <mhw@netris.org> 2019-11-16 16:53:52 -0500
committer: Mark H Weaver <mhw@netris.org> 2019-12-04 06:36:45 -0500
commit: 34369f310319b040d18864ff7435b8ee5f9a26a6 (patch)
tree: 6d2f9f50c8bed1a5ba8a343563e5b4bdd1ef457f /gnu/packages/gnuzilla.scm
parent: 269c827c691087dabdfcb5d1b32b7647ba3bc8b8 (diff)
download: guix-34369f310319b040d18864ff7435b8ee5f9a26a6.tar.gz
1 files changed, 11 insertions, 13 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index fa8086671f..a4e9a0e592 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -550,8 +550,8 @@ from forcing GEXP-PROMISE."
                       #:system system
                       #:guile-for-build guile)))
 
-(define %icecat-version "68.2.0-guix0-preview3")
-(define %icecat-build-id "20191031000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "68.3.0-guix0-preview1")
+(define %icecat-build-id "20191204000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -573,11 +573,11 @@ from forcing GEXP-PROMISE."
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "0f3gf5gwhxabm6xs29nlxmfqdw3fs7v458vq1fydrglfyvmc5wc5"))))
+              "0sfwp9vyjizj1lkvj6z51r85dl41q3l8380fkdyqdbp7f2d18cg1"))))
 
-         (upstream-icecat-base-version "68.2.0") ; maybe older than base-version
+         (upstream-icecat-base-version "68.3.0") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "930298e1efff3e40721659d8fd7118cdd2477bd4")
+         (gnuzilla-commit "85e99badac11983f6d50b0d9942f66a30f55b8e5")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -589,10 +589,8 @@ from forcing GEXP-PROMISE."
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "14g57b0262qq5s0w8b1lrk8wkvg7m068dfi0ilvhg2q5jrxk3cd0"))))
+              "00mb734yvm0r7i64mbg7hvrvhbwkcii9f9hjgwi37aizd9k0n78a"))))
 
-         (gnuzilla-fixes-patch
-          (local-file (search-patch "icecat-gnuzilla-fixes.patch")))
          (makeicecat-patch
           (local-file (search-patch "icecat-makeicecat.patch"))))
 
@@ -639,8 +637,6 @@ from forcing GEXP-PROMISE."
                 (with-directory-excursion "/tmp/gnuzilla"
                   (make-file-writable "makeicecat")
                   (invoke "patch" "--force" "--no-backup-if-mismatch"
-                          "-p1" "--input" #+gnuzilla-fixes-patch)
-                  (invoke "patch" "--force" "--no-backup-if-mismatch"
                           "-p1" "--input" #+makeicecat-patch)
                   (patch-shebang "makeicecat")
                   (substitute* "makeicecat"
@@ -658,8 +654,6 @@ from forcing GEXP-PROMISE."
                      (string-append "FFSUB=" #$sub-version "\n"))
                     (("^DATA=.*")
                      "DATA=/tmp/gnuzilla/data\n")
-                    (("^find extensions/gnu/ ")
-                     "find extensions/gnu/ | sort ")
                     (("/bin/sed")
                      #+(file-append (canonical-package sed) "/bin/sed"))))
 
@@ -703,7 +697,7 @@ from forcing GEXP-PROMISE."
                   (force-output)
                   (invoke "bash" "/tmp/gnuzilla/makeicecat"))
 
-                (format #t "Packing new IceCat tarball...~%")
+                (format #t "Packing IceCat source tarball...~%")
                 (force-output)
                 (invoke "tar" "cfa" #$output
                         ;; Avoid non-determinism in the archive.  We set the
@@ -811,6 +805,10 @@ from forcing GEXP-PROMISE."
 
                            "--with-distribution-id=org.gnu"
 
+                           ;; Do not require addons in the global app
+                           ;; directory to be signed by Mozilla.
+                           "--with-unsigned-addon-scopes=app"
+
                            "--enable-startup-notification"
                            "--enable-pulseaudio"
author	Mark H Weaver <mhw@netris.org>	2019-11-16 16:53:52 -0500
committer	Mark H Weaver <mhw@netris.org>	2019-12-04 06:36:45 -0500
commit	34369f310319b040d18864ff7435b8ee5f9a26a6 (patch)
tree	6d2f9f50c8bed1a5ba8a343563e5b4bdd1ef457f /gnu/packages/gnuzilla.scm
parent	269c827c691087dabdfcb5d1b32b7647ba3bc8b8 (diff)
download	guix-34369f310319b040d18864ff7435b8ee5f9a26a6.tar.gz