gnu: icecat: Update to 68.2.0-guix0-preview1 [security fixes].

Fixes CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, and CVE-2019-15903. Note: IceCat 68 has not yet been released by the IceCat project. This is a work-in-progress, and does not currently meet the privacy-respecting standards of the IceCat project. * gnu/packages/patches/icecat-default-search-ddg.patch, gnu/packages/patches/icecat-disable-sync.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (%icecat-version): Update. (mozilla-compare-locales, all-mozilla-locales): New variables. (mozilla-locale): New procedure. (mozilla-locales): New macro. (icecat-source): Add code to populate the l10n directory. Remove the code that copied the l10n directory from an older IceCat source tarball. (icecat)[inputs]: Remove hunspell. [native-inputs]: Comment out previous Guix-specific patches for now. Use the newest rust, cargo, llvm, and clang. Add rust-cbindgen, node, nasm, python 3, icecat-default-search-ddg.patch and icecat-disable-sync.patch. [arguments]: In configure flags: remove "--disable-maintenance-service" and "--enable-system-hunspell", and comment out flags to use system libraries instead of bundled libraries for libevent, libogg, libvorbis, libvpx, harfbuzz, graphite2, and sqlite. Add srfi-34 and srfi-35 to modules. Delete fewer bundled libraries. Adapt the 'patch-source-shebangs' phase. Add a custom 'build' phase that tries the standard 'build' phase up to 5 times. In the 'wrap-program' phase, set MOZ_LEGACY_PROFILES=1 in the environment, and add 'pulseaudio' to the front of LD_LIBRARY_PATH. [description]: Add a warning that this is only a preview release. * gnu/packages/patches/icecat-makeicecat.patch: Adapt.

gnu: icecat: Update to 68.2.0-guix0-preview1 [security fixes].
ad21d767 · Mark H Weaver · 88f95687 · ad21d767 · ad21d767 · ad21d767
Unverified Commit ad21d767 authored 5 years ago by Mark H Weaver
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -977,6 +977,8 @@ dist_patch_DATA =						\
  %D%/packages/patches/hplip-remove-imageprocessor.patch	\
  %D%/packages/patches/hydra-disable-darcs-test.patch		\
  %D%/packages/patches/icecat-makeicecat.patch			\
+  %D%/packages/patches/icecat-default-search-ddg.patch		\
+  %D%/packages/patches/icecat-disable-sync.patch		\
  %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
  %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch	\
  %D%/packages/patches/icecat-use-system-media-libs.patch	\

--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
--- a/gnu/packages/patches/icecat-default-search-ddg.patch
+++ b/gnu/packages/patches/icecat-default-search-ddg.patch
--- a/gnu/packages/patches/icecat-disable-sync.patch
+++ b/gnu/packages/patches/icecat-disable-sync.patch
+--- a/browser/app/profile/icecat.js.orig	1980-01-01 18:59:51.000000000 -0500
+++ b/browser/app/profile/icecat.js	2019-10-25 06:24:03.065989309 -0400
+@@ -2275,3 +2275,6 @@
+ pref("general.buildID.override", "Gecko/20100101");
+ pref("general.oscpu.override", "Windows NT 6.1");
+ pref("general.platform.override", "Win32");
+
+// Disable Firefox Accounts and Sign in to Sync.
+pref("identity.fxaccounts.enabled", false);
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -3,16 +3,16 @@ in a snippet without network access.  After this patch is applied, some
 additional changes will be made using 'substitute*'.

 diff --git a/makeicecat b/makeicecat
-index 5a4390b..fcfa143 100644
+index b04c731..06d1f3f 100644
 --- a/makeicecat
 +++ b/makeicecat
-@@ -29,55 +29,55 @@ SOURCEDIR=icecat-$FFVERSION
+@@ -30,55 +30,55 @@ SOURCEDIR=icecat-$FFVERSION
 
 DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data
 
-mkdir output
+-mkdir -p output
 -cd output
-+# mkdir output
+# mkdir -p output
 +# cd output
 
 ###############################################################################
@@ -23,9 +23,9 @@ index 5a4390b..fcfa143 100644
 -
 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz
 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
-gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355
+-gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
-echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+-echo -n f56f5fa5a4744be0b9acf259cb991254d708a50b9a0a12d1d846ffa5a6c409ac firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 -
 -echo Extracting Firefox tarball
 -tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -35,9 +35,9 @@ index 5a4390b..fcfa143 100644
 +# 
 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz
 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
-+# gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355
+# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
-+# echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+# echo -n f56f5fa5a4744be0b9acf259cb991254d708a50b9a0a12d1d846ffa5a6c409ac firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 +# 
 +# echo Extracting Firefox tarball
 +# tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -98,7 +98,22 @@ index 5a4390b..fcfa143 100644
 
 #for patch in $DATA/patches/*; do
 #    echo Patching with file: $patch
-@@ -590,6 +590,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
+@@ -226,10 +226,10 @@ cp $DATA/bookmarks.html.in browser/locales/generic/profile/bookmarks.html.in
+ 
+ find -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "">/' -i
+ 
+-for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
+-do
+- find -name aboutRights.dtd | xargs sed -i "s/ENTITY $STRING.*/ENTITY $STRING \"\">/"
+-done
+# for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
+# do
+#  find -name aboutRights.dtd | xargs sed -i "s/ENTITY $STRING.*/ENTITY $STRING \"\">/"
+# done
+ 
+ for STRING in rights-intro-point-2 rights-intro-point-3 rights-intro-point-4 rights-intro-point-5 rights-intro-point-6 rights-webservices rights-safebrowsing
+ do
+@@ -595,6 +595,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
 # Fix CVE-2012-3386
 /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true