gnu: icecat: Update to 102.8.0-guix0-preview1 [security fixes].

Includes fixes for CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, and CVE-2023-25746. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Update gnuzilla commit, base version, and hashes. Remove the dependency on the Perl 'rename' program. * gnu/packages/patches/icecat-makeicecat.patch: Update to apply cleanly.
2023-02-14 15:46:35 -05:00 · 2023-02-14 15:46:35 -05:00 · 24e20d419b
commit 24e20d419b
parent c44149de97
2 changed files with 13 additions and 14 deletions
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016, 2017, 2018, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@ -477,8 +477,8 @@ in C/C++.")
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
-(define %icecat-version "102.7.0-guix0-preview1")
+(define %icecat-version "102.8.0-guix0-preview1")
-(define %icecat-build-id "20230117000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-build-id "20230214000000") ;must be of the form YYYYMMDDhhmmss
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@ -500,11 +500,11 @@ in C/C++.")
                  "firefox-" upstream-firefox-version ".source.tar.xz"))
            (sha256
             (base32
-              "1ahl66x8chnsz80capqa5ivyrqhc50s91zrcgz1jxd7w2ws61957"))))
+              "0j6afrgfsmd0adbbmffw4p1f2hznpck9d36z3bsjx36f7cjgdy27"))))
-         (upstream-icecat-base-version "102.7.0") ; maybe older than base-version
+         (upstream-icecat-base-version "102.8.0") ; maybe older than base-version
         ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "7f76da3cfd5d04fa38d894f6ea6ac5f2fd0ea837")
+         (gnuzilla-commit "03d9e3db5affe21db077c410ec08c313d6aa280e")
         (gnuzilla-source
          (origin
            (method git-fetch)
@ -516,7 +516,7 @@ in C/C++.")
                                      (string-take gnuzilla-commit 8)))
            (sha256
             (base32
-              "19i66qvwzgllgnlw270bxphymybjj1qb5hdznqi4i2dcgpcrq77l"))))
+              "12id87nsdwm6kra0gm3d3ww8kr0xxb4yllw9wcqmnrlnmspdc1n8"))))
         ;; 'search-patch' returns either a valid file name or #f, so wrap it
         ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
@ -540,8 +540,7 @@ in C/C++.")
                (set-path-environment-variable
                 "PATH" '("bin")
-                 (list #+rename
+                 (list #+python
                       #+python
                       #+(canonical-package bash)
                       #+(canonical-package coreutils)
                       #+(canonical-package findutils)
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@ -6,7 +6,7 @@ diff --git a/makeicecat b/makeicecat
 index bf2b7a6..bc3b19b 100755
 --- a/makeicecat
 +++ b/makeicecat
-@@ -58,7 +58,7 @@ readonly SOURCEDIR=icecat-${FFVERSION}
+@@ -56,7 +56,7 @@ readonly SOURCEDIR=icecat-${FFVERSION}
 # debug/shell options
 readonly DEVEL=0
 set -euo pipefail
@ -15,8 +15,8 @@ index bf2b7a6..bc3b19b 100755
 ###############################################################################
-@@ -459,7 +459,7 @@ configure_search()
+@@ -455,7 +455,7 @@ configure_search()
-     sed 's|ddg@|ddg-html@|' -i browser/components/search/extensions/ddg-html/manifest.json
+ 
     # Process various JSON pre-configuration dumps.
 -    python3 ../../tools/process-json-files.py . browser/components/extensions/schemas/
@ -24,7 +24,7 @@ index bf2b7a6..bc3b19b 100755
 }
 configure_mobile()
-@@ -855,12 +855,12 @@ finalize_sourceball()
+@@ -837,12 +837,12 @@ finalize_sourceball()
 # entry point
 ###############################################################################
@ -43,7 +43,7 @@ index bf2b7a6..bc3b19b 100755
 apply_patches
 configure
 configure_search
-@@ -872,4 +872,4 @@ prepare_macos_packaging
+@@ -854,4 +854,4 @@ prepare_macos_packaging
 configure_extensions
 configure_onboarding
 apply_bugfixes