mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: icecat: Update to 60.3.0-gnu1.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.3.0-gnu1. [source]: Switch back to the normal source URI. Remove patches that are no longer applicable. * gnu/packages/patches/icecat-CVE-2018-12383.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
e22842f5ca
commit
3b14494616
3 changed files with 3 additions and 169 deletions
|
@ -811,7 +811,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/hplip-remove-imageprocessor.patch \
|
||||
%D%/packages/patches/hydra-disable-darcs-test.patch \
|
||||
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
|
||||
%D%/packages/patches/icecat-CVE-2018-12383.patch \
|
||||
%D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \
|
||||
%D%/packages/patches/icecat-use-system-media-libs.patch \
|
||||
%D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch \
|
||||
|
|
|
@ -482,83 +482,21 @@ (define (mozilla-patch file-name changeset hash)
|
|||
(define-public icecat
|
||||
(package
|
||||
(name "icecat")
|
||||
(version "60.2.0-gnu1")
|
||||
(version "60.3.0-gnu1")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
;; Temporary URL pending official release:
|
||||
(uri "https://alpha.gnu.org/gnu/gnuzilla/60.2.0/icecat-60.2.0-gnu1.tar.bz2")
|
||||
#;
|
||||
(uri (string-append "mirror://gnu/gnuzilla/"
|
||||
(first (string-split version #\-))
|
||||
"/" name "-" version ".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"0lqx7g79x15941rhjr3qsfwsny6vzc7d7abdmvjy6jjbqkqlc1zl"))
|
||||
"0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1"))
|
||||
(patches
|
||||
(list
|
||||
(search-patch "icecat-avoid-bundled-libraries.patch")
|
||||
(search-patch "icecat-use-system-graphite2+harfbuzz.patch")
|
||||
(search-patch "icecat-use-system-media-libs.patch")
|
||||
(mozilla-patch "icecat-CVE-2018-12385.patch" "80a4a7ef2813" "1vgcbimpnfjqj934v0cryq1g13xac3wfmd4jyhcb5s60x8xyssf5")
|
||||
(search-patch "icecat-CVE-2018-12383.patch")
|
||||
(mozilla-patch "icecat-bug-1489744.patch" "6546ee839d30" "11mhvj77r789b428bfxqq5wdx8yr7lbrdjzr8qjj6fw197pldn51")
|
||||
(mozilla-patch "icecat-CVE-2018-12386.patch" "4808fcb2e6ca" "05sc881l7sh8bag8whd2ggdn198lskqcxq8f41scfpqscw6xs5d5")
|
||||
(mozilla-patch "icecat-CVE-2018-12387.patch" "b8f5c37486e1" "0lvmbh126m695kgdbasy1y5xh9n1j08cwdhn071mgvj6yn8cns5z")
|
||||
(mozilla-patch "icecat-bug-1464751.patch" "d5d00faf0465" "1mj7dbb06brwrk0mvap0z4lfl2hwz1cj6dwjvdrisxm046pdw98i")
|
||||
(mozilla-patch "icecat-bug-1472538.patch" "11462f2b98f2" "1nxgh0plzilylx8r73r7d74pv66qwjqxmd7nqii33p0snl2jjfzs")
|
||||
(mozilla-patch "icecat-bug-1478685.patch" "098585dc86fc" "1b0x4qdh6isvffmibvc8ad8z62m3iky9q6jq0z6gyvn8q252cqal")
|
||||
(mozilla-patch "icecat-bug-1486080.patch" "3f8d57d936ea" "0pz2c18wcgj44v0j8my9xbm90m4bsjcvzmavj569fi8bh6s6zz8p")
|
||||
(mozilla-patch "icecat-bug-1423278.patch" "878ceaee5634" "0i47s5nvrx9vqbnj6s9y9f4ffww20p8nviqa6frg676y1188xlyl")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt01.patch" "87be1b98ec9a" "15f4l18c7hz9aqn89gg3dwmdidfwgn10dywgpzydm8mps45amx7j")
|
||||
(mozilla-patch "icecat-bug-1484559.patch" "99e58b5307ce" "02fdgbliwzi2r2376wg6k1rky1isfka0smac4ii2cll01jhpfrn6")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt02.patch" "f25ce451a492" "18nzg39iyxza1686180qk9cc88l5j2hf1h35d62lrqmdgd9vcj33")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt03.patch" "35c26bc231df" "0qh8d4z6y03h5xh7djci26a01l6zq667lg2k11f6zzg7z2j0h67x")
|
||||
(mozilla-patch "icecat-bug-1488061.patch" "050d0cfa8e3d" "05ql798ynbyz5pvyri4b95j4ixmgnny3zl7sd2ckfrrbm9mxh627")
|
||||
(mozilla-patch "icecat-bug-1434963-pt1.patch" "1e6dad87efed" "1v00a6cmgswjk54041jyv1ib129fxshpzwk6mn6lr0v5hylk3bx9")
|
||||
(mozilla-patch "icecat-bug-1434963-pt2.patch" "6558c46df9ea" "0vdy9dm9w5k1flhcfxwvvff0aa415b5mgmmq5r37i83686768xfb")
|
||||
(mozilla-patch "icecat-bug-1434963-pt3.patch" "686fcfa8abd6" "0ihqr11aq4b0y7mx7bwn8yzn25mv3k2gdphm951mj1g85qg35ann")
|
||||
(mozilla-patch "icecat-bug-1491132.patch" "14120e0c74d6" "188c5fbhqqhmlk88p70l6d97skh7xy4jhqdby1ri3h9ix967515j")
|
||||
(mozilla-patch "icecat-bug-1492065.patch" "ec4b5969c6ae" "18gfwn15kh0826vlg6lhrx3q4gv82i7v1k3y5jp72mvrjq154gy0")
|
||||
(mozilla-patch "icecat-bug-1492064.patch" "528cabdd9665" "0rdwpkfma24hn8namfb9saw4rgi9yyyj4af5h2ijrvadw6r8lyyn")
|
||||
(mozilla-patch "icecat-bug-1489757.patch" "46f19852aaa6" "0dga7mw847klm8x6il2fyzpjxqxxgx1q5cya658f1w66kxms1f29")
|
||||
(mozilla-patch "icecat-bug-1492897.patch" "c3a48066f383" "09n6sdck4jzzmznzrq0iixg5nsgrc5ibpdfsh3i7ppwad3fsy2m3")
|
||||
(mozilla-patch "icecat-bug-1492915.patch" "2d280e557331" "11x2n61pw5way9cg8lbrfl3lqvgfnbmcs1fwm78i06kmfwj0msk3")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt04.patch" "b80f94262165" "1hw43h4sgf77x323745rixyp6cci3fb6d3fnp33q82m4ssdb5623")
|
||||
(mozilla-patch "icecat-bug-1492484.patch" "1b3e6759cf3a" "1yn2cd2227ncg90c88ymdi5fyfs4hk335bd16vkkgljs0924yy0m")
|
||||
(mozilla-patch "icecat-bug-1493590.patch" "d9fe3b2025fc" "06783hj1aqms2f9a3mp18bk8hgijk3pz70bpccn173v4w0zlbbd4")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt05.patch" "20c59797e994" "1vxnhpirjsj040hrq9xmq2xhkpq4l5mnnzqy0nda92dfh47zvidj")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt06.patch" "1749661dfd28" "0g0sj2fgp3asj0yvxksnhrc59yxncn35bz5nzlvkpgdf7h06gscd")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt07.patch" "a511a9242406" "1hhfrvdmkccnhs4skbi06174x37rmvf4ic86xawyyzr67yga73b2")
|
||||
(mozilla-patch "icecat-bug-1495404.patch" "3232bb3b622f" "1pnaxf8r9h0wldjc4qgl7z3rk34fpz9h1vd3zmhswa6mvyln5jhg")
|
||||
(mozilla-patch "icecat-bug-1465388.patch" "a9577451dcc2" "0v29s0v3vv9vblkcachhh46qvwjcrmv2bkcdb7sj2asc503l0lqv")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt08.patch" "e965f6f6ed75" "0hh091854xj5j0x1r8pg46xmn00fqi5n212xhzbdpgyf96rsf513")
|
||||
(mozilla-patch "icecat-bug-1445528.patch" "8a503e022a29" "1y2ll3h0yz8sfdddjmk90qjfxcr1ffhw7a9ww3yw26gyhnbpg404")
|
||||
(mozilla-patch "icecat-bug-1409570.patch" "8d326641d1c0" "0w29s6dixi7b7q3nicshrp29n9sj5awssdln00yx664m8a8a8ihs")
|
||||
(mozilla-patch "icecat-bug-1496094.patch" "6cdd6d88eca9" "1ssqa4fy2xpbr63ph3av3hkpl92g4yszx402fq9d2xn9482q43dp")
|
||||
(mozilla-patch "icecat-CVE-2018-12391.patch" "0fa07c704ca4" "055xdyb3g2l4rj188235i579qnr50v19q36jjpliws9nik129iqy")
|
||||
(mozilla-patch "icecat-bug-1462162.patch" "739e898cb7c8" "17m9y0pskmqx15dkgkw4k93njph14mpsf37wb1azwkq3xx7s0fhx")
|
||||
(mozilla-patch "icecat-bug-1492764.patch" "16310ab35452" "1kq5r3w9i4n6q9msmw2qsqa0jd4qw1mjlyyz8aq14fwlbkhvv199")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt09.patch" "9b669d047d55" "063ig49gx9468nvc9w8259j819qfdjvq0sbbz8n4kj5r6hcxjc5l")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt10.patch" "9d51e65c797a" "0m23cq9zl22w80dvx5rlgpbam1l3d6v56h7g9wzamzl21bwxq9fv")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt11.patch" "efc0596dd381" "1alvbb6wvawxxh6isisk9c40vhdiv59fy0af0n10yn1dgy8ffv5i")
|
||||
(mozilla-patch "icecat-CVE-2018-12393.patch" "c4fb48bb5d28" "09izww9dsg9n8cish8f3y7phxibsnd12bfkcxd7rzcdhg10nr4pl")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt12.patch" "b3359becd7b1" "188byxmbgrvrid2fcz34w5xdvaw571frxx1c6nqaa9k03iljdzjr")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt13.patch" "791c8ecf252d" "02h37594aba0pklxm3g7w1wv8vz9xmcf30fd0az8pfaccsklmx74")
|
||||
(mozilla-patch "icecat-bug-1494328.patch" "333276fac37c" "0qyq42jl0al63m6pwj9gva7nj82l76szzbj7sklsygx0a9mqs13z")
|
||||
(mozilla-patch "icecat-CVE-2018-12397.patch" "cb73374a0e4e" "0x2s1nwgwdag9df5hkwzvjj0qznp5c3d6w6y63rn2y287jn9m3vl")
|
||||
(mozilla-patch "icecat-CVE-2018-12392.patch" "f6bb138ad0ab" "0f0z9dsyw2a11p4p31mdyic571153jpfgy2q04i4v6dmmcz76pm3")
|
||||
(mozilla-patch "icecat-CVE-2018-12396.patch" "f27145bd5502" "0vznmlm1fbl3ynax2zpi6xxzr9qp9b83afr3mv90jgrhlgpzdbcz")
|
||||
(mozilla-patch "icecat-CVE-2018-12395-pt1.patch" "133a99a8f3ca" "0im7m4jmc273mg9kih0i70hxsgzy04j6ydm9zmaz2933hkhdf4iw")
|
||||
(mozilla-patch "icecat-CVE-2018-12395-pt2.patch" "82176a4a9b14" "0g3yqx4854d4mx5a0ghb7p7saj6y5d5bm2lfhabvkwybcd477zmc")
|
||||
(mozilla-patch "icecat-bug-1474265.patch" "e8abd9a8ce6e" "1q2sv5h081rvnhsx6g1y8a43hwv6hsg0cr6zdcij58mkgzf6hyvd")
|
||||
(mozilla-patch "icecat-bug-1492737-pt1.patch" "eeb9060379dc" "1d2mf0x4rni7anvi0sgra4dg87fmc6g7zhizzl9jv2x8va27ycbp")
|
||||
(mozilla-patch "icecat-bug-1492737-pt2.patch" "99eae0d15092" "0f9j6cvhrbrrxa95p4pkcn285r9wmi9yj13nwj5x0gkglwx6idbk")
|
||||
(mozilla-patch "icecat-CVE-2018-12389-pt1.patch" "23b23e12c548" "0nsdycggki5rhh59yvmh41nf1ahjmgii89fx38jryprhspy3wg62")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt14.patch" "023133ff02ec" "1g22qxnmgiy8bgrn2nv6har6vpz4p2h5pdas8ib1yyz7p2ic8652")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt15.patch" "9461988ff462" "0yq2cr5grqskr0kz4nxcwmnywy9g0xyv6k6q44i490jcj8x2y1vw")
|
||||
(mozilla-patch "icecat-CVE-2018-12390-pt16.patch" "09939be135d8" "1546xlk368v4hnjd3hf4w868i6m8r4wfd34qxz4wg1cdpr4m5mik")
|
||||
(mozilla-patch "icecat-CVE-2018-12389-pt2.patch" "ea9412b18ca8" "0fmdncrylbmjh0bcb6dmw1rq7zww8a0v9v9p1pxqfz0vbc6v9l5d")))
|
||||
(search-patch "icecat-use-system-media-libs.patch")))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
'(begin
|
||||
|
|
|
@ -1,103 +0,0 @@
|
|||
Based on upstream changeset:
|
||||
https://hg.mozilla.org/releases/mozilla-esr60/rev/300efdbc9fe1
|
||||
but with the git binary patch and related test changes omitted,
|
||||
and adapted to apply cleanly to GNU IceCat.
|
||||
|
||||
# HG changeset patch
|
||||
# User David Keeler <dkeeler@mozilla.com>
|
||||
# Date 1531860660 25200
|
||||
# Node ID 300efdbc9fe1f9165428c7934861033935b5abfa
|
||||
# Parent 80a4a7ef281374dbb2afda8edac54665b14b9ef8
|
||||
Bug 1475775 - Clean up old NSS DB file after upgrade if necessary. r=franziskus, r=mattn, a=RyanVM
|
||||
|
||||
Reviewers: franziskus, mattn
|
||||
|
||||
Bug #: 1475775
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D2202
|
||||
|
||||
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
|
||||
--- a/security/manager/ssl/nsNSSComponent.cpp
|
||||
+++ b/security/manager/ssl/nsNSSComponent.cpp
|
||||
@@ -1935,16 +1935,61 @@ AttemptToRenameBothPKCS11ModuleDBVersion
|
||||
NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
|
||||
nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
|
||||
legacyModuleDBFilename);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
|
||||
}
|
||||
+
|
||||
+// When we changed from the old dbm database format to the newer sqlite
|
||||
+// implementation, the upgrade process left behind the existing files. Suppose a
|
||||
+// user had not set a password for the old key3.db (which is about 99% of
|
||||
+// users). After upgrading, both the old database and the new database are
|
||||
+// unprotected. If the user then sets a password for the new database, the old
|
||||
+// one will not be protected. In this scenario, we should probably just remove
|
||||
+// the old database (it would only be relevant if the user downgraded to a
|
||||
+// version of IceCat before 58, but we have to trade this off against the
|
||||
+// user's old private keys being unexpectedly unprotected after setting a
|
||||
+// password).
|
||||
+// This was never an issue on Android because we always used the new
|
||||
+// implementation.
|
||||
+static void
|
||||
+MaybeCleanUpOldNSSFiles(const nsACString& profilePath)
|
||||
+{
|
||||
+ UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
+ if (!slot) {
|
||||
+ return;
|
||||
+ }
|
||||
+ // Unfortunately we can't now tell the difference between "there already was a
|
||||
+ // password when the upgrade happened" and "there was not a password but then
|
||||
+ // the user added one after upgrading".
|
||||
+ bool hasPassword = PK11_NeedLogin(slot.get()) &&
|
||||
+ !PK11_NeedUserInit(slot.get());
|
||||
+ if (!hasPassword) {
|
||||
+ return;
|
||||
+ }
|
||||
+ nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
|
||||
+ if (!dbFile) {
|
||||
+ return;
|
||||
+ }
|
||||
+ nsresult rv = dbFile->InitWithNativePath(profilePath);
|
||||
+ if (NS_FAILED(rv)) {
|
||||
+ return;
|
||||
+ }
|
||||
+ NS_NAMED_LITERAL_CSTRING(keyDBFilename, "key3.db");
|
||||
+ rv = dbFile->AppendNative(keyDBFilename);
|
||||
+ if (NS_FAILED(rv)) {
|
||||
+ return;
|
||||
+ }
|
||||
+ // Since this isn't a directory, the `recursive` argument to `Remove` is
|
||||
+ // irrelevant.
|
||||
+ Unused << dbFile->Remove(false);
|
||||
+}
|
||||
#endif // ifndef ANDROID
|
||||
|
||||
// Given a profile directory, attempt to initialize NSS. If nocertdb is true,
|
||||
// (or if we don't have a profile directory) simply initialize NSS in no DB mode
|
||||
// and return. Otherwise, first attempt to initialize in read/write mode, and
|
||||
// then read-only mode if that fails. If both attempts fail, we may be failing
|
||||
// to initialize an NSS DB collection that has FIPS mode enabled. Attempt to
|
||||
// ascertain if this is the case, and if so, rename the offending PKCS#11 module
|
||||
@@ -1966,16 +2011,19 @@ InitializeNSSWithFallbacks(const nsACStr
|
||||
|
||||
// Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
|
||||
#ifndef ANDROID
|
||||
PRErrorCode savedPRErrorCode1;
|
||||
#endif // ifndef ANDROID
|
||||
SECStatus srv = ::mozilla::psm::InitializeNSS(profilePath, false, !safeMode);
|
||||
if (srv == SECSuccess) {
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
|
||||
+#ifndef ANDROID
|
||||
+ MaybeCleanUpOldNSSFiles(profilePath);
|
||||
+#endif // ifndef ANDROID
|
||||
return NS_OK;
|
||||
}
|
||||
#ifndef ANDROID
|
||||
savedPRErrorCode1 = PR_GetError();
|
||||
PRErrorCode savedPRErrorCode2;
|
||||
#endif // ifndef ANDROID
|
||||
// That failed. Try read-only mode.
|
||||
srv = ::mozilla::psm::InitializeNSS(profilePath, true, !safeMode);
|
Loading…
Reference in a new issue