diff options
| author | Mark H Weaver <mhw@netris.org> | 2023-02-14 15:46:35 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2023-02-15 01:36:33 -0500 |
| commit | 24e20d419b404e4b43c12d70f0839502b09714b6 (patch) | |
| tree | e290609d6a3d0226e6c3fce311023f8529b94797 | |
| parent | c44149de9702743b866e5bae2e0773c31d9bc29d (diff) | |
gnu: icecat: Update to 102.8.0-guix0-preview1 [security fixes].
Includes fixes for CVE-2023-0767, CVE-2023-25728, CVE-2023-25729,
CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742,
CVE-2023-25743, CVE-2023-25744, and CVE-2023-25746.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Remove the dependency on the Perl 'rename' program.
* gnu/packages/patches/icecat-makeicecat.patch: Update to apply cleanly.
| -rw-r--r-- | gnu/packages/gnuzilla.scm | 17 | ||||
| -rw-r--r-- | gnu/packages/patches/icecat-makeicecat.patch | 10 |
2 files changed, 13 insertions, 14 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index d6145cada2..b2e0870fea 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2016, 2017, 2018, 2019, 2021 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> @@ -477,8 +477,8 @@ in C/C++.") ;; XXXX: Workaround 'snippet' limitations. (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define %icecat-version "102.7.0-guix0-preview1") -(define %icecat-build-id "20230117000000") ;must be of the form YYYYMMDDhhmmss +(define %icecat-version "102.8.0-guix0-preview1") +(define %icecat-build-id "20230214000000") ;must be of the form YYYYMMDDhhmmss ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat' @@ -500,11 +500,11 @@ in C/C++.") "firefox-" upstream-firefox-version ".source.tar.xz")) (sha256 (base32 - "1ahl66x8chnsz80capqa5ivyrqhc50s91zrcgz1jxd7w2ws61957")))) + "0j6afrgfsmd0adbbmffw4p1f2hznpck9d36z3bsjx36f7cjgdy27")))) - (upstream-icecat-base-version "102.7.0") ; maybe older than base-version + (upstream-icecat-base-version "102.8.0") ; maybe older than base-version ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version)) - (gnuzilla-commit "7f76da3cfd5d04fa38d894f6ea6ac5f2fd0ea837") + (gnuzilla-commit "03d9e3db5affe21db077c410ec08c313d6aa280e") (gnuzilla-source (origin (method git-fetch) @@ -516,7 +516,7 @@ in C/C++.") (string-take gnuzilla-commit 8))) (sha256 (base32 - "19i66qvwzgllgnlw270bxphymybjj1qb5hdznqi4i2dcgpcrq77l")))) + "12id87nsdwm6kra0gm3d3ww8kr0xxb4yllw9wcqmnrlnmspdc1n8")))) ;; 'search-patch' returns either a valid file name or #f, so wrap it ;; in 'assume-valid-file-name' to avoid 'local-file' warnings. @@ -540,8 +540,7 @@ in C/C++.") (set-path-environment-variable "PATH" '("bin") - (list #+rename - #+python + (list #+python #+(canonical-package bash) #+(canonical-package coreutils) #+(canonical-package findutils) diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch index c46cb27ff6..940ca36b6c 100644 --- a/gnu/packages/patches/icecat-makeicecat.patch +++ b/gnu/packages/patches/icecat-makeicecat.patch @@ -6,7 +6,7 @@ diff --git a/makeicecat b/makeicecat index bf2b7a6..bc3b19b 100755 --- a/makeicecat +++ b/makeicecat -@@ -58,7 +58,7 @@ readonly SOURCEDIR=icecat-${FFVERSION} +@@ -56,7 +56,7 @@ readonly SOURCEDIR=icecat-${FFVERSION} # debug/shell options readonly DEVEL=0 set -euo pipefail @@ -15,8 +15,8 @@ index bf2b7a6..bc3b19b 100755 ############################################################################### -@@ -459,7 +459,7 @@ configure_search() - sed 's|ddg@|ddg-html@|' -i browser/components/search/extensions/ddg-html/manifest.json +@@ -455,7 +455,7 @@ configure_search() + # Process various JSON pre-configuration dumps. - python3 ../../tools/process-json-files.py . browser/components/extensions/schemas/ @@ -24,7 +24,7 @@ index bf2b7a6..bc3b19b 100755 } configure_mobile() -@@ -855,12 +855,12 @@ finalize_sourceball() +@@ -837,12 +837,12 @@ finalize_sourceball() # entry point ############################################################################### @@ -43,7 +43,7 @@ index bf2b7a6..bc3b19b 100755 apply_patches configure configure_search -@@ -872,4 +872,4 @@ prepare_macos_packaging +@@ -854,4 +854,4 @@ prepare_macos_packaging configure_extensions configure_onboarding apply_bugfixes |