From 24e20d419b404e4b43c12d70f0839502b09714b6 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 14 Feb 2023 15:46:35 -0500
Subject: gnu: icecat: Update to 102.8.0-guix0-preview1 [security fixes].

Includes fixes for CVE-2023-0767, CVE-2023-25728, CVE-2023-25729,
CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742,
CVE-2023-25743, CVE-2023-25744, and CVE-2023-25746.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Remove the dependency on the Perl 'rename' program.
* gnu/packages/patches/icecat-makeicecat.patch: Update to apply cleanly.
---
 gnu/packages/gnuzilla.scm                    | 17 ++++++++---------
 gnu/packages/patches/icecat-makeicecat.patch | 10 +++++-----
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d6145cada2..b2e0870fea 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016, 2017, 2018, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@@ -477,8 +477,8 @@ in C/C++.")
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
-(define %icecat-version "102.7.0-guix0-preview1")
-(define %icecat-build-id "20230117000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "102.8.0-guix0-preview1")
+(define %icecat-build-id "20230214000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -500,11 +500,11 @@ in C/C++.")
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "1ahl66x8chnsz80capqa5ivyrqhc50s91zrcgz1jxd7w2ws61957"))))
+              "0j6afrgfsmd0adbbmffw4p1f2hznpck9d36z3bsjx36f7cjgdy27"))))
 
-         (upstream-icecat-base-version "102.7.0") ; maybe older than base-version
+         (upstream-icecat-base-version "102.8.0") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "7f76da3cfd5d04fa38d894f6ea6ac5f2fd0ea837")
+         (gnuzilla-commit "03d9e3db5affe21db077c410ec08c313d6aa280e")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -516,7 +516,7 @@ in C/C++.")
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "19i66qvwzgllgnlw270bxphymybjj1qb5hdznqi4i2dcgpcrq77l"))))
+              "12id87nsdwm6kra0gm3d3ww8kr0xxb4yllw9wcqmnrlnmspdc1n8"))))
 
          ;; 'search-patch' returns either a valid file name or #f, so wrap it
          ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
@@ -540,8 +540,7 @@ in C/C++.")
 
                 (set-path-environment-variable
                  "PATH" '("bin")
-                 (list #+rename
-                       #+python
+                 (list #+python
                        #+(canonical-package bash)
                        #+(canonical-package coreutils)
                        #+(canonical-package findutils)
diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch
index c46cb27ff6..940ca36b6c 100644
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -6,7 +6,7 @@ diff --git a/makeicecat b/makeicecat
 index bf2b7a6..bc3b19b 100755
 --- a/makeicecat
 +++ b/makeicecat
-@@ -58,7 +58,7 @@ readonly SOURCEDIR=icecat-${FFVERSION}
+@@ -56,7 +56,7 @@ readonly SOURCEDIR=icecat-${FFVERSION}
  # debug/shell options
  readonly DEVEL=0
  set -euo pipefail
@@ -15,8 +15,8 @@ index bf2b7a6..bc3b19b 100755
  
  
  ###############################################################################
-@@ -459,7 +459,7 @@ configure_search()
-     sed 's|ddg@|ddg-html@|' -i browser/components/search/extensions/ddg-html/manifest.json
+@@ -455,7 +455,7 @@ configure_search()
+ 
  
      # Process various JSON pre-configuration dumps.
 -    python3 ../../tools/process-json-files.py . browser/components/extensions/schemas/
@@ -24,7 +24,7 @@ index bf2b7a6..bc3b19b 100755
  }
  
  configure_mobile()
-@@ -855,12 +855,12 @@ finalize_sourceball()
+@@ -837,12 +837,12 @@ finalize_sourceball()
  # entry point
  ###############################################################################
  
@@ -43,7 +43,7 @@ index bf2b7a6..bc3b19b 100755
  apply_patches
  configure
  configure_search
-@@ -872,4 +872,4 @@ prepare_macos_packaging
+@@ -854,4 +854,4 @@ prepare_macos_packaging
  configure_extensions
  configure_onboarding
  apply_bugfixes
-- 
cgit v1.2.3