diff options
| author | Mark H Weaver <mhw@netris.org> | 2020-09-06 21:48:00 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2020-09-22 11:32:12 -0400 |
| commit | c7011ff850420fdbe1319b3d218bd362f2f9d618 (patch) | |
| tree | beb720ec94c555f8cf2c472aa395626482359fef /gnu/packages/patches | |
| parent | ce642b8f066292b2ef382bb23a245ea7dffcbb65 (diff) | |
| download | guix-c7011ff850420fdbe1319b3d218bd362f2f9d618.tar.gz | |
gnu: icecat: Update to 78.3.0-guix0-preview1 [security-fixes].
Includes fixes for CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, and CVE-2020-15678. * gnu/packages/gnuzilla.scm (mozilla-compare-locales): Update to RELEASE_8_0_0. (all-mozilla-locales): Update to newer versions. (mozilla-patch): Remove vestigial procedure. (%icecat-version, %icecat-build-id): Update to 78.3.0-guix0-preview1. (icecat-source): Update 'upstream-icecat-base-version', 'gnuzilla-commit', and hashes. Reverse order of makeicecat-patch and gnuzilla-fixes-patch. (icecat)[inputs]: Remove libogg, libvorbis, libvpx, icu4c, sqlite, startup-notification, and zlib. Add several "UNBUNDLE-ME!" comments. [native-inputs]: Update 'rust' and 'cargo' dependencies to version 1.41. Update 'rust-cbindgen' dependency to version 0.14. Update 'node' dependency to 10.22. [arguments]<configure-flags>: Change --enable-default-toolkit value to "cairo-gtk3-wayland". Change --with-unsigned-addon-scopes value to "app,system". Add "--allow-addon-sideload". Remove "--enable-startup-notification" and "--disable-gconf". Comment out "--with-system-zlib", "--with-system-bz2", and "--with-system-icu". <phases>: In the 'remove-bundled-libaries' phase, remove "modules/zlib" from the list of directories to delete. Update the 'patch-cargo-checksums' phase to update more modules. (mozilla-68-compare-locales, all-mozilla-68-locales, %icecat-68-version) (icecat-68-source): New variables preserving the previous icecat 68 source. (icedove)[source]: Use 'icecat-68-source'. * gnu/packages/patches/icecat-makeicecat.patch: Adapt to IceCat 78. * gnu/packages/patches/icecat-68-makeicecat.patch: New file containing the previous 'icecat-makeicecat.patch'. * gnu/local.mk: Add 'icecat-68-makeicecat.patch'.
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/icecat-68-makeicecat.patch | 110 | ||||
| -rw-r--r-- | gnu/packages/patches/icecat-makeicecat.patch | 14 |
2 files changed, 117 insertions, 7 deletions
diff --git a/gnu/packages/patches/icecat-68-makeicecat.patch b/gnu/packages/patches/icecat-68-makeicecat.patch new file mode 100644 index 0000000000..265725ce36 --- /dev/null +++ b/gnu/packages/patches/icecat-68-makeicecat.patch @@ -0,0 +1,110 @@ +Make some of the changes needed to the 'makeicecat' script, to allow it to run +in a snippet without network access. After this patch is applied, some +additional changes will be made using 'substitute*'. + +diff --git a/makeicecat b/makeicecat +index 8be2362..48716f2 100755 +--- a/makeicecat ++++ b/makeicecat +@@ -31,55 +31,55 @@ SOURCEDIR=icecat-$FFVERSION + + DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data + +-mkdir -p output +-cd output ++# mkdir -p output ++# cd output + + ############################################################################### + # Retrieve FF source code + ############################################################################### + +-rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf +- +-wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz +-wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc +-gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 +-gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc +-echo -n ae692bf2a15908cacbb9d4c7ccf78525a87410ff3f13befedc1926f849bc27cc firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +- +-echo Extracting Firefox tarball +-tar -xf firefox-${FFVERSION}esr.source.tar.xz +- +-mv firefox-${FFVERSION} $SOURCEDIR ++# rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf ++# ++# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz ++# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc ++# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 ++# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc ++# echo -n ae692bf2a15908cacbb9d4c7ccf78525a87410ff3f13befedc1926f849bc27cc firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - ++# ++# echo Extracting Firefox tarball ++# tar -xf firefox-${FFVERSION}esr.source.tar.xz ++# ++# mv firefox-${FFVERSION} $SOURCEDIR + + ############################################################################### + # Retrieve l10n + ############################################################################### + +-mkdir l10n +-cd l10n +-while read line;do +- line=$(echo $line |cut -d' ' -f1) +- #[ $line = "es-ES" ] || continue # To speed up testing +- [ $line = "en-US" ] && continue +- hg clone https://hg.mozilla.org/l10n-central/$line +- mkdir -p $line/browser/chrome/browser/preferences +- touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd +- rm -rf $line/.hg* +-done < ../$SOURCEDIR/browser/locales/shipped-locales +-cd .. +- +-mv l10n $SOURCEDIR +- +-hg clone http://hg.mozilla.org/l10n/compare-locales/ +-cd compare-locales/ +-hg checkout RELEASE_3_3_0 +-cd .. +-rm compare-locales/.hg* compare-locales/.git* -rf +-mv compare-locales $SOURCEDIR/l10n ++# mkdir l10n ++# cd l10n ++# while read line;do ++# line=$(echo $line |cut -d' ' -f1) ++# #[ $line = "es-ES" ] || continue # To speed up testing ++# [ $line = "en-US" ] && continue ++# hg clone https://hg.mozilla.org/l10n-central/$line ++# mkdir -p $line/browser/chrome/browser/preferences ++# touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd ++# rm -rf $line/.hg* ++# done < ../$SOURCEDIR/browser/locales/shipped-locales ++# cd .. ++# ++# mv l10n $SOURCEDIR ++# ++# hg clone http://hg.mozilla.org/l10n/compare-locales/ ++# cd compare-locales/ ++# hg checkout RELEASE_3_3_0 ++# cd .. ++# rm compare-locales/.hg* compare-locales/.git* -rf ++# mv compare-locales $SOURCEDIR/l10n + + ####################################################### + +-cd $SOURCEDIR ++# cd $SOURCEDIR + + shopt -s nullglob + for patch in $DATA/patches/*.patch; do +@@ -603,6 +603,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in + # Fix CVE-2012-3386 + /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true + +-cd .. +-echo Packaging tarball +-tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR ++# cd .. ++# echo Packaging tarball ++# tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch index 265725ce36..8e1263085a 100644 --- a/gnu/packages/patches/icecat-makeicecat.patch +++ b/gnu/packages/patches/icecat-makeicecat.patch @@ -25,7 +25,7 @@ index 8be2362..48716f2 100755 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc -gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc --echo -n ae692bf2a15908cacbb9d4c7ccf78525a87410ff3f13befedc1926f849bc27cc firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +-echo -n 85273e22d6c31ccd000d72af47530cea3dc52f63f06e53701d9c6c82f68f7bf7 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - - -echo Extracting Firefox tarball -tar -xf firefox-${FFVERSION}esr.source.tar.xz @@ -37,7 +37,7 @@ index 8be2362..48716f2 100755 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc +# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc -+# echo -n ae692bf2a15908cacbb9d4c7ccf78525a87410ff3f13befedc1926f849bc27cc firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - ++# echo -n 85273e22d6c31ccd000d72af47530cea3dc52f63f06e53701d9c6c82f68f7bf7 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +# +# echo Extracting Firefox tarball +# tar -xf firefox-${FFVERSION}esr.source.tar.xz @@ -63,9 +63,9 @@ index 8be2362..48716f2 100755 - -mv l10n $SOURCEDIR - --hg clone http://hg.mozilla.org/l10n/compare-locales/ +-hg clone https://hg.mozilla.org/l10n/compare-locales/ -cd compare-locales/ --hg checkout RELEASE_3_3_0 +-hg checkout RELEASE_8_0_0 -cd .. -rm compare-locales/.hg* compare-locales/.git* -rf -mv compare-locales $SOURCEDIR/l10n @@ -84,9 +84,9 @@ index 8be2362..48716f2 100755 +# +# mv l10n $SOURCEDIR +# -+# hg clone http://hg.mozilla.org/l10n/compare-locales/ ++# hg clone https://hg.mozilla.org/l10n/compare-locales/ +# cd compare-locales/ -+# hg checkout RELEASE_3_3_0 ++# hg checkout RELEASE_8_0_0 +# cd .. +# rm compare-locales/.hg* compare-locales/.git* -rf +# mv compare-locales $SOURCEDIR/l10n @@ -98,7 +98,7 @@ index 8be2362..48716f2 100755 shopt -s nullglob for patch in $DATA/patches/*.patch; do -@@ -603,6 +603,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in +@@ -598,6 +598,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in # Fix CVE-2012-3386 /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true |