aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/gnuzilla.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2019-11-16 16:53:52 -0500
committerMark H Weaver <mhw@netris.org>2019-12-04 06:36:45 -0500
commit34369f310319b040d18864ff7435b8ee5f9a26a6 (patch)
tree6d2f9f50c8bed1a5ba8a343563e5b4bdd1ef457f /gnu/packages/gnuzilla.scm
parent269c827c691087dabdfcb5d1b32b7647ba3bc8b8 (diff)
downloadguix-34369f310319b040d18864ff7435b8ee5f9a26a6.tar
guix-34369f310319b040d18864ff7435b8ee5f9a26a6.tar.gz
gnu: icecat: Update to 68.3.0-guix0-preview1 [security fixes].
Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008, CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012. * gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Update hash for the firefox source tarball. Update to the latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove determinism fix in makeicecat that is now upstream. Tweak a status message. (icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag. * gnu/packages/patches/icecat-makeicecat.patch: Adapt.
Diffstat (limited to 'gnu/packages/gnuzilla.scm')
-rw-r--r--gnu/packages/gnuzilla.scm24
1 files changed, 11 insertions, 13 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index fa8086671f..a4e9a0e592 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -550,8 +550,8 @@ from forcing GEXP-PROMISE."
#:system system
#:guile-for-build guile)))
-(define %icecat-version "68.2.0-guix0-preview3")
-(define %icecat-build-id "20191031000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "68.3.0-guix0-preview1")
+(define %icecat-build-id "20191204000000") ;must be of the form YYYYMMDDhhmmss
;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -573,11 +573,11 @@ from forcing GEXP-PROMISE."
"firefox-" upstream-firefox-version ".source.tar.xz"))
(sha256
(base32
- "0f3gf5gwhxabm6xs29nlxmfqdw3fs7v458vq1fydrglfyvmc5wc5"))))
+ "0sfwp9vyjizj1lkvj6z51r85dl41q3l8380fkdyqdbp7f2d18cg1"))))
- (upstream-icecat-base-version "68.2.0") ; maybe older than base-version
+ (upstream-icecat-base-version "68.3.0") ; maybe older than base-version
;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
- (gnuzilla-commit "930298e1efff3e40721659d8fd7118cdd2477bd4")
+ (gnuzilla-commit "85e99badac11983f6d50b0d9942f66a30f55b8e5")
(gnuzilla-source
(origin
(method git-fetch)
@@ -589,10 +589,8 @@ from forcing GEXP-PROMISE."
(string-take gnuzilla-commit 8)))
(sha256
(base32
- "14g57b0262qq5s0w8b1lrk8wkvg7m068dfi0ilvhg2q5jrxk3cd0"))))
+ "00mb734yvm0r7i64mbg7hvrvhbwkcii9f9hjgwi37aizd9k0n78a"))))
- (gnuzilla-fixes-patch
- (local-file (search-patch "icecat-gnuzilla-fixes.patch")))
(makeicecat-patch
(local-file (search-patch "icecat-makeicecat.patch"))))
@@ -639,8 +637,6 @@ from forcing GEXP-PROMISE."
(with-directory-excursion "/tmp/gnuzilla"
(make-file-writable "makeicecat")
(invoke "patch" "--force" "--no-backup-if-mismatch"
- "-p1" "--input" #+gnuzilla-fixes-patch)
- (invoke "patch" "--force" "--no-backup-if-mismatch"
"-p1" "--input" #+makeicecat-patch)
(patch-shebang "makeicecat")
(substitute* "makeicecat"
@@ -658,8 +654,6 @@ from forcing GEXP-PROMISE."
(string-append "FFSUB=" #$sub-version "\n"))
(("^DATA=.*")
"DATA=/tmp/gnuzilla/data\n")
- (("^find extensions/gnu/ ")
- "find extensions/gnu/ | sort ")
(("/bin/sed")
#+(file-append (canonical-package sed) "/bin/sed"))))
@@ -703,7 +697,7 @@ from forcing GEXP-PROMISE."
(force-output)
(invoke "bash" "/tmp/gnuzilla/makeicecat"))
- (format #t "Packing new IceCat tarball...~%")
+ (format #t "Packing IceCat source tarball...~%")
(force-output)
(invoke "tar" "cfa" #$output
;; Avoid non-determinism in the archive. We set the
@@ -811,6 +805,10 @@ from forcing GEXP-PROMISE."
"--with-distribution-id=org.gnu"
+ ;; Do not require addons in the global app
+ ;; directory to be signed by Mozilla.
+ "--with-unsigned-addon-scopes=app"
+
"--enable-startup-notification"
"--enable-pulseaudio"