From a2be2c68812faa8bf8cbc3ea8a7d98233e64ae9d Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 9 Jan 2020 13:55:25 -0500 Subject: [PATCH] gnu: icecat: Update to 68.4.1-guix0-preview1 [fixes CVE-2019-17026]. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Update hash of upstream firefox source tarball, 'upstream-icecat-base-version', and commit and hash of gnuzilla checkout. * gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes. --- gnu/packages/gnuzilla.scm | 12 ++++++------ gnu/packages/patches/icecat-makeicecat.patch | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index df93c2e509..62b4390eab 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -550,8 +550,8 @@ (define* (computed-origin-method gexp-promise hash-algo hash #:system system #:guile-for-build guile))) -(define %icecat-version "68.4.0-guix0-preview1") -(define %icecat-build-id "20200107000000") ;must be of the form YYYYMMDDhhmmss +(define %icecat-version "68.4.1-guix0-preview1") +(define %icecat-build-id "20200108000000") ;must be of the form YYYYMMDDhhmmss ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat' @@ -573,11 +573,11 @@ (define icecat-source "firefox-" upstream-firefox-version ".source.tar.xz")) (sha256 (base32 - "077r2v7q94g8pszkl537lry0dcg9086287m9bmc0g0b98b9nzasq")))) + "0q7kv70w1d33m12hkzyay6nkgvz9qczrl6hqx0n1c6grs097f2m0")))) - (upstream-icecat-base-version "68.4.0") ; maybe older than base-version + (upstream-icecat-base-version "68.4.1") ; maybe older than base-version ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version)) - (gnuzilla-commit "235b4d1181a32b71c61f6464504de8d0dae9f566") + (gnuzilla-commit "2d1b1bc45fdae5a99c4e8ea25593ebb9c8d7bfdf") (gnuzilla-source (origin (method git-fetch) @@ -589,7 +589,7 @@ (define icecat-source (string-take gnuzilla-commit 8))) (sha256 (base32 - "0fy9my1p8d60ibya7mc0310bglk2lrgl4bzy943k6jn9xxh8877f")))) + "0hc9sx3yb71xvr9s1p0z5fx8jfqpssb8wz0h2nzhy2nyp9bb2jzl")))) (makeicecat-patch (local-file (search-patch "icecat-makeicecat.patch")))) diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch index fde209e8e3..172b1dcadd 100644 --- a/gnu/packages/patches/icecat-makeicecat.patch +++ b/gnu/packages/patches/icecat-makeicecat.patch @@ -25,7 +25,7 @@ index 8be2362..48716f2 100755 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc -gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc --echo -n 58ab6fd342698107585da91e240c02e9b1067ca667143abfbee89184cf16f91c firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +-echo -n a00a7712d0f919162ce8181a9a3fc3e9ef37adf1caff0945a863b4c0c1d9f360 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - - -echo Extracting Firefox tarball -tar -xf firefox-${FFVERSION}esr.source.tar.xz @@ -37,7 +37,7 @@ index 8be2362..48716f2 100755 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc +# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc -+# echo -n 58ab6fd342698107585da91e240c02e9b1067ca667143abfbee89184cf16f91c firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - ++# echo -n a00a7712d0f919162ce8181a9a3fc3e9ef37adf1caff0945a863b4c0c1d9f360 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +# +# echo Extracting Firefox tarball +# tar -xf firefox-${FFVERSION}esr.source.tar.xz