mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-14 19:05:10 -05:00
ad21d767df
Fixes CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, and CVE-2019-15903.
Note: IceCat 68 has not yet been released by the IceCat project. This is a
work-in-progress, and does not currently meet the privacy-respecting
standards of the IceCat project.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(mozilla-compare-locales, all-mozilla-locales): New variables.
(mozilla-locale): New procedure.
(mozilla-locales): New macro.
(icecat-source): Add code to populate the l10n directory. Remove the code
that copied the l10n directory from an older IceCat source tarball.
(icecat)[inputs]: Remove hunspell.
[native-inputs]: Comment out previous Guix-specific patches for now. Use the
newest rust, cargo, llvm, and clang. Add rust-cbindgen, node, nasm, python 3,
icecat-default-search-ddg.patch and icecat-disable-sync.patch.
[arguments]: In configure flags: remove "--disable-maintenance-service" and
"--enable-system-hunspell", and comment out flags to use system libraries
instead of bundled libraries for libevent, libogg, libvorbis, libvpx,
harfbuzz, graphite2, and sqlite. Add srfi-34 and srfi-35 to modules. Delete
fewer bundled libraries. Adapt the 'patch-source-shebangs' phase. Add a
custom 'build' phase that tries the standard 'build' phase up to 5 times.
In the 'wrap-program' phase, set MOZ_LEGACY_PROFILES=1 in the environment,
and add 'pulseaudio' to the front of LD_LIBRARY_PATH.
[description]: Add a warning that this is only a preview release.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
125 lines
5 KiB
Diff
125 lines
5 KiB
Diff
Make some of the changes needed to the 'makeicecat' script, to allow it to run
|
|
in a snippet without network access. After this patch is applied, some
|
|
additional changes will be made using 'substitute*'.
|
|
|
|
diff --git a/makeicecat b/makeicecat
|
|
index b04c731..06d1f3f 100644
|
|
--- a/makeicecat
|
|
+++ b/makeicecat
|
|
@@ -30,55 +30,55 @@ SOURCEDIR=icecat-$FFVERSION
|
|
|
|
DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data
|
|
|
|
-mkdir -p output
|
|
-cd output
|
|
+# mkdir -p output
|
|
+# cd output
|
|
|
|
###############################################################################
|
|
# Retrieve FF source code
|
|
###############################################################################
|
|
|
|
-rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf
|
|
-
|
|
-wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz
|
|
-wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
|
|
-gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
|
|
-gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
|
|
-echo -n f56f5fa5a4744be0b9acf259cb991254d708a50b9a0a12d1d846ffa5a6c409ac firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
|
|
-
|
|
-echo Extracting Firefox tarball
|
|
-tar -xf firefox-${FFVERSION}esr.source.tar.xz
|
|
-
|
|
-mv firefox-${FFVERSION} $SOURCEDIR
|
|
+# rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf
|
|
+#
|
|
+# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz
|
|
+# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
|
|
+# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
|
|
+# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
|
|
+# echo -n f56f5fa5a4744be0b9acf259cb991254d708a50b9a0a12d1d846ffa5a6c409ac firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
|
|
+#
|
|
+# echo Extracting Firefox tarball
|
|
+# tar -xf firefox-${FFVERSION}esr.source.tar.xz
|
|
+#
|
|
+# mv firefox-${FFVERSION} $SOURCEDIR
|
|
|
|
###############################################################################
|
|
# Retrieve l10n
|
|
###############################################################################
|
|
|
|
-mkdir l10n
|
|
-cd l10n
|
|
-while read line;do
|
|
- line=$(echo $line |cut -d' ' -f1)
|
|
- #[ $line = "es-ES" ] || continue # To speed up testing
|
|
- [ $line = "en-US" ] && continue
|
|
- hg clone https://hg.mozilla.org/l10n-central/$line
|
|
- mkdir -p $line/browser/chrome/browser/preferences
|
|
- touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd
|
|
- rm -rf $line/.hg*
|
|
-done < ../$SOURCEDIR/browser/locales/shipped-locales
|
|
-cd ..
|
|
-
|
|
-mv l10n $SOURCEDIR
|
|
-
|
|
-hg clone http://hg.mozilla.org/l10n/compare-locales/
|
|
-cd compare-locales/
|
|
-hg checkout RELEASE_3_3_0
|
|
-cd ..
|
|
-rm compare-locales/.hg* compare-locales/.git* -rf
|
|
-mv compare-locales $SOURCEDIR/l10n
|
|
+# mkdir l10n
|
|
+# cd l10n
|
|
+# while read line;do
|
|
+# line=$(echo $line |cut -d' ' -f1)
|
|
+# #[ $line = "es-ES" ] || continue # To speed up testing
|
|
+# [ $line = "en-US" ] && continue
|
|
+# hg clone https://hg.mozilla.org/l10n-central/$line
|
|
+# mkdir -p $line/browser/chrome/browser/preferences
|
|
+# touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd
|
|
+# rm -rf $line/.hg*
|
|
+# done < ../$SOURCEDIR/browser/locales/shipped-locales
|
|
+# cd ..
|
|
+#
|
|
+# mv l10n $SOURCEDIR
|
|
+#
|
|
+# hg clone http://hg.mozilla.org/l10n/compare-locales/
|
|
+# cd compare-locales/
|
|
+# hg checkout RELEASE_3_3_0
|
|
+# cd ..
|
|
+# rm compare-locales/.hg* compare-locales/.git* -rf
|
|
+# mv compare-locales $SOURCEDIR/l10n
|
|
|
|
#######################################################
|
|
|
|
-cd $SOURCEDIR
|
|
+# cd $SOURCEDIR
|
|
|
|
#for patch in $DATA/patches/*; do
|
|
# echo Patching with file: $patch
|
|
@@ -226,10 +226,10 @@ cp $DATA/bookmarks.html.in browser/locales/generic/profile/bookmarks.html.in
|
|
|
|
find -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "">/' -i
|
|
|
|
-for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
|
|
-do
|
|
- find -name aboutRights.dtd | xargs sed -i "s/ENTITY $STRING.*/ENTITY $STRING \"\">/"
|
|
-done
|
|
+# for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
|
|
+# do
|
|
+# find -name aboutRights.dtd | xargs sed -i "s/ENTITY $STRING.*/ENTITY $STRING \"\">/"
|
|
+# done
|
|
|
|
for STRING in rights-intro-point-2 rights-intro-point-3 rights-intro-point-4 rights-intro-point-5 rights-intro-point-6 rights-webservices rights-safebrowsing
|
|
do
|
|
@@ -595,6 +595,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
|
|
# Fix CVE-2012-3386
|
|
/bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true
|
|
|
|
-cd ..
|
|
-echo Packaging tarball
|
|
-tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR
|
|
+# cd ..
|
|
+# echo Packaging tarball
|
|
+# tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR
|