summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Brielmaier <jonathan.brielmaier@web.de>2023-04-12 00:12:21 +0200
committerJonathan Brielmaier <jonathan.brielmaier@web.de>2023-04-12 09:46:47 +0200
commita741b554cb66cd053a130b8b5b5926a30bec9d48 (patch)
tree312340beaf0c50ef8018f9cb9a904b15a413c81f
parent99c468b0647b1042ae4cd5f2d01f1e258235a837 (diff)
gnu: icedove: Update to 102.10.0 [security fixes].
Fixes CVE-2023-0547 and CVE-2023-29479. * gnu/packages/gnuzilla.scm (%icedove-version): Update to 102.10.0. (%icedove-build-id, thunderbird-comm-l10n): Update accordingly. (icecat-102.9.0-source): Remove.
-rw-r--r--gnu/packages/gnuzilla.scm180
1 files changed, 5 insertions, 175 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 00c6a8326b..0ffa61ffb5 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1114,178 +1114,8 @@ standards of the IceCat project.")
"ru" "sco" "si" "sk" "sl" "son" "sq" "sr" "sv-SE" "szl" "ta" "te" "th" "tl"
"tr" "trs" "uk" "ur" "uz" "vi" "xh" "zh-CN" "zh-TW"))
-(define icecat-102.9.0-source
- (let* ((base-version "102.9.0")
- (version "102.9.0-guix0-preview1")
- (major-version (first (string-split base-version #\.)))
- (minor-version (second (string-split base-version #\.)))
- (sub-version (third (string-split base-version #\.)))
-
- (upstream-firefox-version (string-append base-version "esr"))
- (upstream-firefox-source
- (origin
- (method url-fetch)
- (uri (string-append
- "https://ftp.mozilla.org/pub/firefox/releases/"
- upstream-firefox-version "/source/"
- "firefox-" upstream-firefox-version ".source.tar.xz"))
- (sha256
- (base32
- "1l8xlbba8sa9dg132k96ch8mz97i5lyhpvkxi8d85jh97xi79c1i"))))
-
- ;; The upstream-icecat-base-version may be older than the
- ;; base-version.
- (upstream-icecat-base-version base-version)
- (gnuzilla-commit "f55ede39713d1533734f37e39927cbb78abe1604")
- (gnuzilla-source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "git://git.savannah.gnu.org/gnuzilla.git")
- (commit gnuzilla-commit)))
- (file-name (git-file-name "gnuzilla"
- ;;upstream-icecat-base-version
- (string-take gnuzilla-commit 8)))
- (sha256
- (base32
- "0z15h3lxfn9pmj5bj62qim3h320dcd2v69xrg1phb7lh5gq0bylf"))))
-
- ;; 'search-patch' returns either a valid file name or #f, so wrap it
- ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
- (makeicecat-patch
- (local-file (assume-valid-file-name
- (search-patch "icecat-makeicecat.patch")))))
-
- (origin
- (method computed-origin-method)
- (file-name (string-append "icecat-" version ".tar.xz"))
- (sha256 #f)
- (uri
- (delay
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (let ((firefox-dir
- (string-append "firefox-" #$base-version))
- (icecat-dir
- (string-append "icecat-" #$version)))
-
- (set-path-environment-variable
- "PATH" '("bin")
- (list #+python
- #+(canonical-package bash)
- #+(canonical-package coreutils)
- #+(canonical-package findutils)
- #+(canonical-package patch)
- #+(canonical-package xz)
- #+(canonical-package sed)
- #+(canonical-package grep)
- #+(canonical-package bzip2)
- #+(canonical-package gzip)
- #+(canonical-package tar)))
-
- (set-path-environment-variable
- "PYTHONPATH"
- (list #+(format #f "lib/python~a/site-packages"
- (version-major+minor
- (package-version python))))
- '#+(cons python-jsonschema
- (map second
- (package-transitive-propagated-inputs
- python-jsonschema))))
-
- ;; Needed by the 'makeicecat' script.
- (setenv "RENAME_CMD" "rename")
-
- ;; We copy the gnuzilla source directory because it is
- ;; read-only in 'gnuzilla-source', and the makeicecat script
- ;; uses "cp -a" to copy parts of it and assumes that the
- ;; copies will be writable.
- (copy-recursively #+gnuzilla-source "/tmp/gnuzilla"
- #:log (%make-void-port "w"))
-
- (with-directory-excursion "/tmp/gnuzilla"
- (make-file-writable "makeicecat")
- (invoke "patch" "--force" "--no-backup-if-mismatch"
- "-p1" "--input" #+makeicecat-patch)
- (patch-shebang "makeicecat")
- (substitute* "makeicecat"
- (("^readonly FFMAJOR=(.*)" all ffmajor)
- (unless (string=? #$major-version
- (string-trim-both ffmajor))
- ;; The makeicecat script cannot be expected to work
- ;; properly on a different version of Firefox, even if
- ;; no errors occur during execution.
- (error "makeicecat major version mismatch"))
- (string-append "readonly FFMAJOR=" #$major-version "\n"))
- (("^readonly FFMINOR=.*")
- (string-append "readonly FFMINOR=" #$minor-version "\n"))
- (("^readonly FFSUB=.*")
- (string-append "readonly FFSUB=" #$sub-version "\n"))
- (("^readonly DATADIR=.*")
- "readonly DATADIR=/tmp/gnuzilla/data\n")
- (("^readonly SOURCEDIR=.*")
- (string-append "readonly SOURCEDIR=" icecat-dir "\n"))
- (("/bin/sed")
- #+(file-append (canonical-package sed) "/bin/sed"))))
-
- (format #t "Unpacking upstream firefox tarball...~%")
- (force-output)
- (invoke "tar" "xf" #+upstream-firefox-source)
- (rename-file firefox-dir icecat-dir)
-
- (with-directory-excursion icecat-dir
- (format #t "Populating l10n directory...~%")
- (force-output)
- (mkdir "l10n")
- (with-directory-excursion "l10n"
- (for-each
- (lambda (locale-dir)
- (let ((locale
- (string-drop (basename locale-dir)
- (+ 32 ; length of hash
- (string-length "-mozilla-locale-")))))
- (format #t " ~a~%" locale)
- (force-output)
- (copy-recursively locale-dir locale
- #:log (%make-void-port "w"))
- (for-each make-file-writable (find-files locale))
- (with-directory-excursion locale
- (when (file-exists? ".hgtags")
- (delete-file ".hgtags"))
- (mkdir-p "browser/chrome/browser/preferences")
- (call-with-output-file
- "browser/chrome/browser/preferences/advanced-scripts.dtd"
- (lambda (port) #f)))))
- '#+all-mozilla-locales)
- (copy-recursively #+mozilla-compare-locales
- "compare-locales"
- #:log (%make-void-port "w"))
- (delete-file "compare-locales/.gitignore")
- (delete-file "compare-locales/.hgignore")
- (delete-file "compare-locales/.hgtags")))
-
- (format #t "Running makeicecat script...~%")
- (force-output)
- (invoke "bash" "/tmp/gnuzilla/makeicecat")
-
- (format #t "Packing IceCat source tarball...~%")
- (force-output)
- (setenv "XZ_DEFAULTS" (string-join (%xz-parallel-args)))
- (invoke "tar" "cfa" #$output
- ;; Avoid non-determinism in the archive. We set the
- ;; mtime of files in the archive to early 1980 because
- ;; the build process fails if the mtime of source
- ;; files is pre-1980, due to the creation of zip
- ;; archives.
- "--mtime=@315619200" ; 1980-01-02 UTC
- "--owner=root:0"
- "--group=root:0"
- "--sort=name"
- icecat-dir)))))))))
-
-(define %icedove-build-id "20230328000000") ;must be of the form YYYYMMDDhhmmss
-(define %icedove-version "102.9.1")
+(define %icedove-build-id "20230411000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-version "102.10.0")
;; Provides the "comm" folder which is inserted into the icecat source.
;; Avoids the duplication of Icecat's source tarball.
@@ -1294,11 +1124,11 @@ standards of the IceCat project.")
(method hg-fetch)
(uri (hg-reference
(url "https://hg.mozilla.org/releases/comm-esr102")
- (changeset "a8965ef0b30705f497df3df718db60d9dc2c304f")))
+ (changeset "d8df3bebc4b529388b62b9cb4df152f13910fbe3")))
(file-name (string-append "thunderbird-" %icedove-version "-checkout"))
(sha256
(base32
- "14lj30a9hmiwxpriyfls245y1wj2j3hfwrsbf7s5d9ligjqldjag"))))
+ "1m46nxnq4jpp4p6qqw68pphhccxlz4zzbyyb8iq26zvp42x7ic8f"))))
(define (comm-source->locales+changeset source)
"Given SOURCE, a checkout of the Thunderbird 'comm' component, return the
@@ -1359,7 +1189,7 @@ list of languages supported as well as the currently used changeset."
;; Extract the base Icecat tarball, renaming its top-level
;; directory.
(invoke "tar" "--transform" (string-append "s,[^/]*," #$name ",")
- "-xf" #$icecat-102.9.0-source)
+ "-xf" #$icecat-source)
(chdir #$name)
;; Merge the Thunderdbird localization data.