summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnuzilla.scm68
-rw-r--r--gnu/packages/patches/icecat-CVE-2018-12383.patch103
3 files changed, 3 insertions, 169 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 68a87b1255..48ee438a6e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -811,7 +811,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/hplip-remove-imageprocessor.patch	\
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
-  %D%/packages/patches/icecat-CVE-2018-12383.patch		\
   %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch	\
   %D%/packages/patches/icecat-use-system-media-libs.patch	\
   %D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch  \
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 1dd0e930d3..36ac0dfe6a 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -482,83 +482,21 @@ security standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "60.2.0-gnu1")
+    (version "60.3.0-gnu1")
     (source
      (origin
       (method url-fetch)
-      ;; Temporary URL pending official release:
-      (uri "https://alpha.gnu.org/gnu/gnuzilla/60.2.0/icecat-60.2.0-gnu1.tar.bz2")
-      #;
       (uri (string-append "mirror://gnu/gnuzilla/"
                           (first (string-split version #\-))
                           "/" name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "0lqx7g79x15941rhjr3qsfwsny6vzc7d7abdmvjy6jjbqkqlc1zl"))
+        "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1"))
       (patches
        (list
         (search-patch  "icecat-avoid-bundled-libraries.patch")
         (search-patch  "icecat-use-system-graphite2+harfbuzz.patch")
-        (search-patch  "icecat-use-system-media-libs.patch")
-        (mozilla-patch "icecat-CVE-2018-12385.patch"      "80a4a7ef2813" "1vgcbimpnfjqj934v0cryq1g13xac3wfmd4jyhcb5s60x8xyssf5")
-        (search-patch  "icecat-CVE-2018-12383.patch")
-        (mozilla-patch "icecat-bug-1489744.patch"         "6546ee839d30" "11mhvj77r789b428bfxqq5wdx8yr7lbrdjzr8qjj6fw197pldn51")
-        (mozilla-patch "icecat-CVE-2018-12386.patch"      "4808fcb2e6ca" "05sc881l7sh8bag8whd2ggdn198lskqcxq8f41scfpqscw6xs5d5")
-        (mozilla-patch "icecat-CVE-2018-12387.patch"      "b8f5c37486e1" "0lvmbh126m695kgdbasy1y5xh9n1j08cwdhn071mgvj6yn8cns5z")
-        (mozilla-patch "icecat-bug-1464751.patch"         "d5d00faf0465" "1mj7dbb06brwrk0mvap0z4lfl2hwz1cj6dwjvdrisxm046pdw98i")
-        (mozilla-patch "icecat-bug-1472538.patch"         "11462f2b98f2" "1nxgh0plzilylx8r73r7d74pv66qwjqxmd7nqii33p0snl2jjfzs")
-        (mozilla-patch "icecat-bug-1478685.patch"         "098585dc86fc" "1b0x4qdh6isvffmibvc8ad8z62m3iky9q6jq0z6gyvn8q252cqal")
-        (mozilla-patch "icecat-bug-1486080.patch"         "3f8d57d936ea" "0pz2c18wcgj44v0j8my9xbm90m4bsjcvzmavj569fi8bh6s6zz8p")
-        (mozilla-patch "icecat-bug-1423278.patch"         "878ceaee5634" "0i47s5nvrx9vqbnj6s9y9f4ffww20p8nviqa6frg676y1188xlyl")
-        (mozilla-patch "icecat-CVE-2018-12390-pt01.patch" "87be1b98ec9a" "15f4l18c7hz9aqn89gg3dwmdidfwgn10dywgpzydm8mps45amx7j")
-        (mozilla-patch "icecat-bug-1484559.patch"         "99e58b5307ce" "02fdgbliwzi2r2376wg6k1rky1isfka0smac4ii2cll01jhpfrn6")
-        (mozilla-patch "icecat-CVE-2018-12390-pt02.patch" "f25ce451a492" "18nzg39iyxza1686180qk9cc88l5j2hf1h35d62lrqmdgd9vcj33")
-        (mozilla-patch "icecat-CVE-2018-12390-pt03.patch" "35c26bc231df" "0qh8d4z6y03h5xh7djci26a01l6zq667lg2k11f6zzg7z2j0h67x")
-        (mozilla-patch "icecat-bug-1488061.patch"         "050d0cfa8e3d" "05ql798ynbyz5pvyri4b95j4ixmgnny3zl7sd2ckfrrbm9mxh627")
-        (mozilla-patch "icecat-bug-1434963-pt1.patch"     "1e6dad87efed" "1v00a6cmgswjk54041jyv1ib129fxshpzwk6mn6lr0v5hylk3bx9")
-        (mozilla-patch "icecat-bug-1434963-pt2.patch"     "6558c46df9ea" "0vdy9dm9w5k1flhcfxwvvff0aa415b5mgmmq5r37i83686768xfb")
-        (mozilla-patch "icecat-bug-1434963-pt3.patch"     "686fcfa8abd6" "0ihqr11aq4b0y7mx7bwn8yzn25mv3k2gdphm951mj1g85qg35ann")
-        (mozilla-patch "icecat-bug-1491132.patch"         "14120e0c74d6" "188c5fbhqqhmlk88p70l6d97skh7xy4jhqdby1ri3h9ix967515j")
-        (mozilla-patch "icecat-bug-1492065.patch"         "ec4b5969c6ae" "18gfwn15kh0826vlg6lhrx3q4gv82i7v1k3y5jp72mvrjq154gy0")
-        (mozilla-patch "icecat-bug-1492064.patch"         "528cabdd9665" "0rdwpkfma24hn8namfb9saw4rgi9yyyj4af5h2ijrvadw6r8lyyn")
-        (mozilla-patch "icecat-bug-1489757.patch"         "46f19852aaa6" "0dga7mw847klm8x6il2fyzpjxqxxgx1q5cya658f1w66kxms1f29")
-        (mozilla-patch "icecat-bug-1492897.patch"         "c3a48066f383" "09n6sdck4jzzmznzrq0iixg5nsgrc5ibpdfsh3i7ppwad3fsy2m3")
-        (mozilla-patch "icecat-bug-1492915.patch"         "2d280e557331" "11x2n61pw5way9cg8lbrfl3lqvgfnbmcs1fwm78i06kmfwj0msk3")
-        (mozilla-patch "icecat-CVE-2018-12390-pt04.patch" "b80f94262165" "1hw43h4sgf77x323745rixyp6cci3fb6d3fnp33q82m4ssdb5623")
-        (mozilla-patch "icecat-bug-1492484.patch"         "1b3e6759cf3a" "1yn2cd2227ncg90c88ymdi5fyfs4hk335bd16vkkgljs0924yy0m")
-        (mozilla-patch "icecat-bug-1493590.patch"         "d9fe3b2025fc" "06783hj1aqms2f9a3mp18bk8hgijk3pz70bpccn173v4w0zlbbd4")
-        (mozilla-patch "icecat-CVE-2018-12390-pt05.patch" "20c59797e994" "1vxnhpirjsj040hrq9xmq2xhkpq4l5mnnzqy0nda92dfh47zvidj")
-        (mozilla-patch "icecat-CVE-2018-12390-pt06.patch" "1749661dfd28" "0g0sj2fgp3asj0yvxksnhrc59yxncn35bz5nzlvkpgdf7h06gscd")
-        (mozilla-patch "icecat-CVE-2018-12390-pt07.patch" "a511a9242406" "1hhfrvdmkccnhs4skbi06174x37rmvf4ic86xawyyzr67yga73b2")
-        (mozilla-patch "icecat-bug-1495404.patch"         "3232bb3b622f" "1pnaxf8r9h0wldjc4qgl7z3rk34fpz9h1vd3zmhswa6mvyln5jhg")
-        (mozilla-patch "icecat-bug-1465388.patch"         "a9577451dcc2" "0v29s0v3vv9vblkcachhh46qvwjcrmv2bkcdb7sj2asc503l0lqv")
-        (mozilla-patch "icecat-CVE-2018-12390-pt08.patch" "e965f6f6ed75" "0hh091854xj5j0x1r8pg46xmn00fqi5n212xhzbdpgyf96rsf513")
-        (mozilla-patch "icecat-bug-1445528.patch"         "8a503e022a29" "1y2ll3h0yz8sfdddjmk90qjfxcr1ffhw7a9ww3yw26gyhnbpg404")
-        (mozilla-patch "icecat-bug-1409570.patch"         "8d326641d1c0" "0w29s6dixi7b7q3nicshrp29n9sj5awssdln00yx664m8a8a8ihs")
-        (mozilla-patch "icecat-bug-1496094.patch"         "6cdd6d88eca9" "1ssqa4fy2xpbr63ph3av3hkpl92g4yszx402fq9d2xn9482q43dp")
-        (mozilla-patch "icecat-CVE-2018-12391.patch"      "0fa07c704ca4" "055xdyb3g2l4rj188235i579qnr50v19q36jjpliws9nik129iqy")
-        (mozilla-patch "icecat-bug-1462162.patch"         "739e898cb7c8" "17m9y0pskmqx15dkgkw4k93njph14mpsf37wb1azwkq3xx7s0fhx")
-        (mozilla-patch "icecat-bug-1492764.patch"         "16310ab35452" "1kq5r3w9i4n6q9msmw2qsqa0jd4qw1mjlyyz8aq14fwlbkhvv199")
-        (mozilla-patch "icecat-CVE-2018-12390-pt09.patch" "9b669d047d55" "063ig49gx9468nvc9w8259j819qfdjvq0sbbz8n4kj5r6hcxjc5l")
-        (mozilla-patch "icecat-CVE-2018-12390-pt10.patch" "9d51e65c797a" "0m23cq9zl22w80dvx5rlgpbam1l3d6v56h7g9wzamzl21bwxq9fv")
-        (mozilla-patch "icecat-CVE-2018-12390-pt11.patch" "efc0596dd381" "1alvbb6wvawxxh6isisk9c40vhdiv59fy0af0n10yn1dgy8ffv5i")
-        (mozilla-patch "icecat-CVE-2018-12393.patch"      "c4fb48bb5d28" "09izww9dsg9n8cish8f3y7phxibsnd12bfkcxd7rzcdhg10nr4pl")
-        (mozilla-patch "icecat-CVE-2018-12390-pt12.patch" "b3359becd7b1" "188byxmbgrvrid2fcz34w5xdvaw571frxx1c6nqaa9k03iljdzjr")
-        (mozilla-patch "icecat-CVE-2018-12390-pt13.patch" "791c8ecf252d" "02h37594aba0pklxm3g7w1wv8vz9xmcf30fd0az8pfaccsklmx74")
-        (mozilla-patch "icecat-bug-1494328.patch"         "333276fac37c" "0qyq42jl0al63m6pwj9gva7nj82l76szzbj7sklsygx0a9mqs13z")
-        (mozilla-patch "icecat-CVE-2018-12397.patch"      "cb73374a0e4e" "0x2s1nwgwdag9df5hkwzvjj0qznp5c3d6w6y63rn2y287jn9m3vl")
-        (mozilla-patch "icecat-CVE-2018-12392.patch"      "f6bb138ad0ab" "0f0z9dsyw2a11p4p31mdyic571153jpfgy2q04i4v6dmmcz76pm3")
-        (mozilla-patch "icecat-CVE-2018-12396.patch"      "f27145bd5502" "0vznmlm1fbl3ynax2zpi6xxzr9qp9b83afr3mv90jgrhlgpzdbcz")
-        (mozilla-patch "icecat-CVE-2018-12395-pt1.patch"  "133a99a8f3ca" "0im7m4jmc273mg9kih0i70hxsgzy04j6ydm9zmaz2933hkhdf4iw")
-        (mozilla-patch "icecat-CVE-2018-12395-pt2.patch"  "82176a4a9b14" "0g3yqx4854d4mx5a0ghb7p7saj6y5d5bm2lfhabvkwybcd477zmc")
-        (mozilla-patch "icecat-bug-1474265.patch"         "e8abd9a8ce6e" "1q2sv5h081rvnhsx6g1y8a43hwv6hsg0cr6zdcij58mkgzf6hyvd")
-        (mozilla-patch "icecat-bug-1492737-pt1.patch"     "eeb9060379dc" "1d2mf0x4rni7anvi0sgra4dg87fmc6g7zhizzl9jv2x8va27ycbp")
-        (mozilla-patch "icecat-bug-1492737-pt2.patch"     "99eae0d15092" "0f9j6cvhrbrrxa95p4pkcn285r9wmi9yj13nwj5x0gkglwx6idbk")
-        (mozilla-patch "icecat-CVE-2018-12389-pt1.patch"  "23b23e12c548" "0nsdycggki5rhh59yvmh41nf1ahjmgii89fx38jryprhspy3wg62")
-        (mozilla-patch "icecat-CVE-2018-12390-pt14.patch" "023133ff02ec" "1g22qxnmgiy8bgrn2nv6har6vpz4p2h5pdas8ib1yyz7p2ic8652")
-        (mozilla-patch "icecat-CVE-2018-12390-pt15.patch" "9461988ff462" "0yq2cr5grqskr0kz4nxcwmnywy9g0xyv6k6q44i490jcj8x2y1vw")
-        (mozilla-patch "icecat-CVE-2018-12390-pt16.patch" "09939be135d8" "1546xlk368v4hnjd3hf4w868i6m8r4wfd34qxz4wg1cdpr4m5mik")
-        (mozilla-patch "icecat-CVE-2018-12389-pt2.patch"  "ea9412b18ca8" "0fmdncrylbmjh0bcb6dmw1rq7zww8a0v9v9p1pxqfz0vbc6v9l5d")))
+        (search-patch  "icecat-use-system-media-libs.patch")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/patches/icecat-CVE-2018-12383.patch b/gnu/packages/patches/icecat-CVE-2018-12383.patch
deleted file mode 100644
index 17ca0f3773..0000000000
--- a/gnu/packages/patches/icecat-CVE-2018-12383.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-Based on upstream changeset:
-  https://hg.mozilla.org/releases/mozilla-esr60/rev/300efdbc9fe1
-but with the git binary patch and related test changes omitted,
-and adapted to apply cleanly to GNU IceCat.
-
-# HG changeset patch
-# User David Keeler <dkeeler@mozilla.com>
-# Date 1531860660 25200
-# Node ID 300efdbc9fe1f9165428c7934861033935b5abfa
-# Parent  80a4a7ef281374dbb2afda8edac54665b14b9ef8
-Bug 1475775 - Clean up old NSS DB file after upgrade if necessary. r=franziskus, r=mattn, a=RyanVM
-
-Reviewers: franziskus, mattn
-
-Bug #: 1475775
-
-Differential Revision: https://phabricator.services.mozilla.com/D2202
-
-diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
---- a/security/manager/ssl/nsNSSComponent.cpp
-+++ b/security/manager/ssl/nsNSSComponent.cpp
-@@ -1935,16 +1935,61 @@ AttemptToRenameBothPKCS11ModuleDBVersion
-   NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
-   nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
-                                               legacyModuleDBFilename);
-   if (NS_FAILED(rv)) {
-     return rv;
-   }
-   return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
- }
-+
-+// When we changed from the old dbm database format to the newer sqlite
-+// implementation, the upgrade process left behind the existing files. Suppose a
-+// user had not set a password for the old key3.db (which is about 99% of
-+// users). After upgrading, both the old database and the new database are
-+// unprotected. If the user then sets a password for the new database, the old
-+// one will not be protected. In this scenario, we should probably just remove
-+// the old database (it would only be relevant if the user downgraded to a
-+// version of IceCat before 58, but we have to trade this off against the
-+// user's old private keys being unexpectedly unprotected after setting a
-+// password).
-+// This was never an issue on Android because we always used the new
-+// implementation.
-+static void
-+MaybeCleanUpOldNSSFiles(const nsACString& profilePath)
-+{
-+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
-+  if (!slot) {
-+    return;
-+  }
-+  // Unfortunately we can't now tell the difference between "there already was a
-+  // password when the upgrade happened" and "there was not a password but then
-+  // the user added one after upgrading".
-+  bool hasPassword = PK11_NeedLogin(slot.get()) &&
-+                     !PK11_NeedUserInit(slot.get());
-+  if (!hasPassword) {
-+    return;
-+  }
-+  nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
-+  if (!dbFile) {
-+    return;
-+  }
-+  nsresult rv = dbFile->InitWithNativePath(profilePath);
-+  if (NS_FAILED(rv)) {
-+    return;
-+  }
-+  NS_NAMED_LITERAL_CSTRING(keyDBFilename, "key3.db");
-+  rv = dbFile->AppendNative(keyDBFilename);
-+  if (NS_FAILED(rv)) {
-+    return;
-+  }
-+  // Since this isn't a directory, the `recursive` argument to `Remove` is
-+  // irrelevant.
-+  Unused << dbFile->Remove(false);
-+}
- #endif // ifndef ANDROID
- 
- // Given a profile directory, attempt to initialize NSS. If nocertdb is true,
- // (or if we don't have a profile directory) simply initialize NSS in no DB mode
- // and return. Otherwise, first attempt to initialize in read/write mode, and
- // then read-only mode if that fails. If both attempts fail, we may be failing
- // to initialize an NSS DB collection that has FIPS mode enabled. Attempt to
- // ascertain if this is the case, and if so, rename the offending PKCS#11 module
-@@ -1966,16 +2011,19 @@ InitializeNSSWithFallbacks(const nsACStr
- 
-   // Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
- #ifndef ANDROID
-   PRErrorCode savedPRErrorCode1;
- #endif // ifndef ANDROID
-   SECStatus srv = ::mozilla::psm::InitializeNSS(profilePath, false, !safeMode);
-   if (srv == SECSuccess) {
-     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
-+#ifndef ANDROID
-+    MaybeCleanUpOldNSSFiles(profilePath);
-+#endif // ifndef ANDROID
-     return NS_OK;
-   }
- #ifndef ANDROID
-   savedPRErrorCode1 = PR_GetError();
-   PRErrorCode savedPRErrorCode2;
- #endif // ifndef ANDROID
-   // That failed. Try read-only mode.
-   srv = ::mozilla::psm::InitializeNSS(profilePath, true, !safeMode);