diff options
author | Jonathan Brielmaier <jonathan.brielmaier@web.de> | 2023-04-12 00:12:21 +0200 |
---|---|---|
committer | Jonathan Brielmaier <jonathan.brielmaier@web.de> | 2023-04-12 09:46:47 +0200 |
commit | a741b554cb66cd053a130b8b5b5926a30bec9d48 (patch) | |
tree | 312340beaf0c50ef8018f9cb9a904b15a413c81f | |
parent | 99c468b0647b1042ae4cd5f2d01f1e258235a837 (diff) |
gnu: icedove: Update to 102.10.0 [security fixes].
Fixes CVE-2023-0547 and CVE-2023-29479.
* gnu/packages/gnuzilla.scm (%icedove-version): Update to 102.10.0.
(%icedove-build-id, thunderbird-comm-l10n): Update accordingly.
(icecat-102.9.0-source): Remove.
-rw-r--r-- | gnu/packages/gnuzilla.scm | 180 |
1 files changed, 5 insertions, 175 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 00c6a8326b..0ffa61ffb5 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1114,178 +1114,8 @@ standards of the IceCat project.") "ru" "sco" "si" "sk" "sl" "son" "sq" "sr" "sv-SE" "szl" "ta" "te" "th" "tl" "tr" "trs" "uk" "ur" "uz" "vi" "xh" "zh-CN" "zh-TW")) -(define icecat-102.9.0-source - (let* ((base-version "102.9.0") - (version "102.9.0-guix0-preview1") - (major-version (first (string-split base-version #\.))) - (minor-version (second (string-split base-version #\.))) - (sub-version (third (string-split base-version #\.))) - - (upstream-firefox-version (string-append base-version "esr")) - (upstream-firefox-source - (origin - (method url-fetch) - (uri (string-append - "https://ftp.mozilla.org/pub/firefox/releases/" - upstream-firefox-version "/source/" - "firefox-" upstream-firefox-version ".source.tar.xz")) - (sha256 - (base32 - "1l8xlbba8sa9dg132k96ch8mz97i5lyhpvkxi8d85jh97xi79c1i")))) - - ;; The upstream-icecat-base-version may be older than the - ;; base-version. - (upstream-icecat-base-version base-version) - (gnuzilla-commit "f55ede39713d1533734f37e39927cbb78abe1604") - (gnuzilla-source - (origin - (method git-fetch) - (uri (git-reference - (url "git://git.savannah.gnu.org/gnuzilla.git") - (commit gnuzilla-commit))) - (file-name (git-file-name "gnuzilla" - ;;upstream-icecat-base-version - (string-take gnuzilla-commit 8))) - (sha256 - (base32 - "0z15h3lxfn9pmj5bj62qim3h320dcd2v69xrg1phb7lh5gq0bylf")))) - - ;; 'search-patch' returns either a valid file name or #f, so wrap it - ;; in 'assume-valid-file-name' to avoid 'local-file' warnings. - (makeicecat-patch - (local-file (assume-valid-file-name - (search-patch "icecat-makeicecat.patch"))))) - - (origin - (method computed-origin-method) - (file-name (string-append "icecat-" version ".tar.xz")) - (sha256 #f) - (uri - (delay - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils)) - (let ((firefox-dir - (string-append "firefox-" #$base-version)) - (icecat-dir - (string-append "icecat-" #$version))) - - (set-path-environment-variable - "PATH" '("bin") - (list #+python - #+(canonical-package bash) - #+(canonical-package coreutils) - #+(canonical-package findutils) - #+(canonical-package patch) - #+(canonical-package xz) - #+(canonical-package sed) - #+(canonical-package grep) - #+(canonical-package bzip2) - #+(canonical-package gzip) - #+(canonical-package tar))) - - (set-path-environment-variable - "PYTHONPATH" - (list #+(format #f "lib/python~a/site-packages" - (version-major+minor - (package-version python)))) - '#+(cons python-jsonschema - (map second - (package-transitive-propagated-inputs - python-jsonschema)))) - - ;; Needed by the 'makeicecat' script. - (setenv "RENAME_CMD" "rename") - - ;; We copy the gnuzilla source directory because it is - ;; read-only in 'gnuzilla-source', and the makeicecat script - ;; uses "cp -a" to copy parts of it and assumes that the - ;; copies will be writable. - (copy-recursively #+gnuzilla-source "/tmp/gnuzilla" - #:log (%make-void-port "w")) - - (with-directory-excursion "/tmp/gnuzilla" - (make-file-writable "makeicecat") - (invoke "patch" "--force" "--no-backup-if-mismatch" - "-p1" "--input" #+makeicecat-patch) - (patch-shebang "makeicecat") - (substitute* "makeicecat" - (("^readonly FFMAJOR=(.*)" all ffmajor) - (unless (string=? #$major-version - (string-trim-both ffmajor)) - ;; The makeicecat script cannot be expected to work - ;; properly on a different version of Firefox, even if - ;; no errors occur during execution. - (error "makeicecat major version mismatch")) - (string-append "readonly FFMAJOR=" #$major-version "\n")) - (("^readonly FFMINOR=.*") - (string-append "readonly FFMINOR=" #$minor-version "\n")) - (("^readonly FFSUB=.*") - (string-append "readonly FFSUB=" #$sub-version "\n")) - (("^readonly DATADIR=.*") - "readonly DATADIR=/tmp/gnuzilla/data\n") - (("^readonly SOURCEDIR=.*") - (string-append "readonly SOURCEDIR=" icecat-dir "\n")) - (("/bin/sed") - #+(file-append (canonical-package sed) "/bin/sed")))) - - (format #t "Unpacking upstream firefox tarball...~%") - (force-output) - (invoke "tar" "xf" #+upstream-firefox-source) - (rename-file firefox-dir icecat-dir) - - (with-directory-excursion icecat-dir - (format #t "Populating l10n directory...~%") - (force-output) - (mkdir "l10n") - (with-directory-excursion "l10n" - (for-each - (lambda (locale-dir) - (let ((locale - (string-drop (basename locale-dir) - (+ 32 ; length of hash - (string-length "-mozilla-locale-"))))) - (format #t " ~a~%" locale) - (force-output) - (copy-recursively locale-dir locale - #:log (%make-void-port "w")) - (for-each make-file-writable (find-files locale)) - (with-directory-excursion locale - (when (file-exists? ".hgtags") - (delete-file ".hgtags")) - (mkdir-p "browser/chrome/browser/preferences") - (call-with-output-file - "browser/chrome/browser/preferences/advanced-scripts.dtd" - (lambda (port) #f))))) - '#+all-mozilla-locales) - (copy-recursively #+mozilla-compare-locales - "compare-locales" - #:log (%make-void-port "w")) - (delete-file "compare-locales/.gitignore") - (delete-file "compare-locales/.hgignore") - (delete-file "compare-locales/.hgtags"))) - - (format #t "Running makeicecat script...~%") - (force-output) - (invoke "bash" "/tmp/gnuzilla/makeicecat") - - (format #t "Packing IceCat source tarball...~%") - (force-output) - (setenv "XZ_DEFAULTS" (string-join (%xz-parallel-args))) - (invoke "tar" "cfa" #$output - ;; Avoid non-determinism in the archive. We set the - ;; mtime of files in the archive to early 1980 because - ;; the build process fails if the mtime of source - ;; files is pre-1980, due to the creation of zip - ;; archives. - "--mtime=@315619200" ; 1980-01-02 UTC - "--owner=root:0" - "--group=root:0" - "--sort=name" - icecat-dir))))))))) - -(define %icedove-build-id "20230328000000") ;must be of the form YYYYMMDDhhmmss -(define %icedove-version "102.9.1") +(define %icedove-build-id "20230411000000") ;must be of the form YYYYMMDDhhmmss +(define %icedove-version "102.10.0") ;; Provides the "comm" folder which is inserted into the icecat source. ;; Avoids the duplication of Icecat's source tarball. @@ -1294,11 +1124,11 @@ standards of the IceCat project.") (method hg-fetch) (uri (hg-reference (url "https://hg.mozilla.org/releases/comm-esr102") - (changeset "a8965ef0b30705f497df3df718db60d9dc2c304f"))) + (changeset "d8df3bebc4b529388b62b9cb4df152f13910fbe3"))) (file-name (string-append "thunderbird-" %icedove-version "-checkout")) (sha256 (base32 - "14lj30a9hmiwxpriyfls245y1wj2j3hfwrsbf7s5d9ligjqldjag")))) + "1m46nxnq4jpp4p6qqw68pphhccxlz4zzbyyb8iq26zvp42x7ic8f")))) (define (comm-source->locales+changeset source) "Given SOURCE, a checkout of the Thunderbird 'comm' component, return the @@ -1359,7 +1189,7 @@ list of languages supported as well as the currently used changeset." ;; Extract the base Icecat tarball, renaming its top-level ;; directory. (invoke "tar" "--transform" (string-append "s,[^/]*," #$name ",") - "-xf" #$icecat-102.9.0-source) + "-xf" #$icecat-source) (chdir #$name) ;; Merge the Thunderdbird localization data. |