* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-16042, CVE-2020-26971, CVE-2020-26973,
CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, and
CVE-2020-35113.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
This follows up on 3eb34c66b4 which left an
unbound "nghttp2-1.41" variable.
* gnu/packages/node.scm (node): Update to 10.22.1.
(node-10.22): Remove variable.
* gnu/packages/gnuzilla.scm (icecat)[native-inputs]: Change from NODE-10.22 to
NODE.
(icedove)[native-inputs]: Likewise.
Includes fixes for CVE-2020-15999, CVE-2020-16012, CVE-2020-26951,
CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959,
CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, and
CVE-2020-26968.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-15683 and CVE-2020-15969.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
nss@3.57 includes a critical fix for building on aarch64.
* gnu/packages/nss.scm (nss-3.56): Update to 3.57 and rename to
* nss-3.57.
* gnu/packages/gnuzilla.scm (icedove)[inputs]: Update nss variable name.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnuzilla.scm (icecat)[arguments]<phases>: In the
patch-cargo-checksums phase, replace the inner "find-files" call
with the already found file name.
Signed-off-by: Mark H Weaver <mhw@netris.org>
It was necessary for icedove@68 which is now based on icecat@78.
* gnu/packages/gnuzilla.scm (mozilla-68-compare-locales): Remove.
(all-mozilla-68-locales): Remove.
(%icecat-68-version): Remove.
(icecat-68-source): Remove.
* gnu/packages/patches/icecat-68-makeicecat.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Modified-By: Mark H Weaver <mhw@netris.org>
Signed-off-by: Mark H Weaver <mhw@netris.org>
* gnu/packages/gnuzilla.scm (icedove): Update to 78.3.0.
[source]: Use source from Icecat 78.
[arguments]: Use more flexible approach for generating cargo checksums
from icecat. Update files in 'rename-to-icedove phase. Remove gone
configure flags and rename `--disable-ion` to `--disable-jit`.
[inputs]: Update icu4c to version 67 and nss to 3.56.
[native-inputs]: Use ESR 78 mercurial repo for thunderbird soruces.
Update rust and cargo to 1.41, rust-cbindgen to 0.14 and
node to 10.22.
Tested-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Signed-off-by: Mark H Weaver <mhw@netris.org>
Includes fixes for CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, and
CVE-2020-15678.
* gnu/packages/gnuzilla.scm (mozilla-compare-locales): Update to
RELEASE_8_0_0.
(all-mozilla-locales): Update to newer versions.
(mozilla-patch): Remove vestigial procedure.
(%icecat-version, %icecat-build-id): Update to 78.3.0-guix0-preview1.
(icecat-source): Update 'upstream-icecat-base-version', 'gnuzilla-commit', and
hashes. Reverse order of makeicecat-patch and gnuzilla-fixes-patch.
(icecat)[inputs]: Remove libogg, libvorbis, libvpx, icu4c, sqlite,
startup-notification, and zlib. Add several "UNBUNDLE-ME!" comments.
[native-inputs]: Update 'rust' and 'cargo' dependencies to version 1.41.
Update 'rust-cbindgen' dependency to version 0.14. Update 'node' dependency
to 10.22.
[arguments]<configure-flags>: Change --enable-default-toolkit value to
"cairo-gtk3-wayland". Change --with-unsigned-addon-scopes value to
"app,system". Add "--allow-addon-sideload". Remove
"--enable-startup-notification" and "--disable-gconf". Comment out
"--with-system-zlib", "--with-system-bz2", and "--with-system-icu".
<phases>: In the 'remove-bundled-libaries' phase, remove "modules/zlib" from
the list of directories to delete. Update the 'patch-cargo-checksums' phase
to update more modules.
(mozilla-68-compare-locales, all-mozilla-68-locales, %icecat-68-version)
(icecat-68-source): New variables preserving the previous icecat 68 source.
(icedove)[source]: Use 'icecat-68-source'.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to IceCat 78.
* gnu/packages/patches/icecat-68-makeicecat.patch: New file containing
the previous 'icecat-makeicecat.patch'.
* gnu/local.mk: Add 'icecat-68-makeicecat.patch'.
Includes fixes for CVE-2020-15663, CVE-2020-15664, and CVE-2020-15669.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, and
CVE-2020-15659.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
IceCat loads libXss.so at runtime to inhibit screen locking if other interfaces are unavailable.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: Add libxscrnsaver to
wrap-program arguments.
Signed-off-by: Jakub Kądziołka <kuba@kadziolka.net>
Includes fixes for CVE-2020-12417, CVE-2020-12418, CVE-2020-12419,
CVE-2020-12420, and CVE-2020-12421.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes. Remove
code that deleted the Onion Browser Button extension, which is no longer
bundled upstream.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Fixes <https://bugs.gnu.org/35728>.
The Onion Browser Button (tortm-browser-button@jeremybenthum) version 0.1.8,
available from addons.mozilla.org and bundled with IceCat, malfunctions with
both IceCat 68.9 and Firefox ESR 68.9. It tells the user that it's connected
to Tor, but fails to route traffic through it. The same happens on Debian 9
with its "firefox-esr" package.
Remove this extension from IceCat, pending further investigation.
* gnu/packages/gnuzilla.scm (icecat-source): Remove the "data/extensions/
tortm-browser-button@jeremybenthum" directory before running makeicecat.
Includes fixes for CVE-2020-12399 and CVE-2020-12405.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388,
CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Apply icecat-use-older-reveal-hidden-html.patch.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2020-6821, CVE-2020-6822, CVE-2020-6825,
CVE-2020-6827, and CVE-2020-6828.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6819 and CVE-2020-6820.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2019-20503, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, and CVE-2020-6814.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Fixes <https://bugs.gnu.org/38045>. Thanks to Jakub Kądziołka
<kuba@kadziolka.net> and Amin Bandali <bandali@gnu.org> for their
helpful observations and suggestions.
This is a followup to commit 8e5567195f.
* gnu/packages/gnuzilla.scm (icecat)[inputs]: Add shared-mime-info.
[arguments]: Add elf and binary I/O modules to #:modules. Add code to
the 'fix-ffmpeg-runtime-linker' phase that sets the sandbox read-path
whitelist to include libavcodec's RUNPATH, as well as shared-mime-info.
Includes fixes for CVE-2019-17015, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17021, CVE-2019-17022, and CVE-2019-17024.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash of upstream firefox source tarball,
'upstream-icecat-base-version', and commit and hash of gnuzilla checkout.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes.
Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008,
CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash for the firefox source tarball. Update to the
latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove
determinism fix in makeicecat that is now upstream. Tweak a status message.
(icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update to the latest upstream commit on '68' branch.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes
that have been incorporated upstream, and add new pending changes,
notably the addition of several IceCat-specific preferences.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to changes in
icecat-gnuzilla-fixes.patch.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(%icecat-build-id): New variable.
(icecat-source): Update gnuzilla repo commit and hash.
(icecat)[arguments]: In the custom 'configure' phase, set the MOZ_BUILD_DATE
environment variable to the value of %icecat-build-id.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes that
are now in the upstream repository. Add more pending changes, including
disabling the MOZ_SERVICES_HEALTHREPORT and MOZ_BLOCK_PROFILE_DOWNGRADE
build flags, fixing a problem that prevented MOZ_DATA_REPORTING
from being disabled, and fixes to the branding.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes,
and changes in icecat-gnuzilla-fixes.patch. Remove a hunk that disabled
rewrites to aboutRights.dtd in the l10n directory.
This commit moves some important fixes into a patch applied to the upstream
gnuzilla git repository, whereas previously they were applied in such a way
that only benefitted Guix users.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: Delete files.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adapt accordingly.
* gnu/packages/gnuzilla.scm (icecat-source): Apply the new patch to the
gnuzilla checkout.
(icecat)[native-inputs]: Remove deleted patches.
[arguments]: In the 'wrap-program' phase, remove MOZ_LEGACY_PROFILES=1
from the wrapper.
Fixes CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, and CVE-2019-15903.
Note: IceCat 68 has not yet been released by the IceCat project. This is a
work-in-progress, and does not currently meet the privacy-respecting
standards of the IceCat project.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(mozilla-compare-locales, all-mozilla-locales): New variables.
(mozilla-locale): New procedure.
(mozilla-locales): New macro.
(icecat-source): Add code to populate the l10n directory. Remove the code
that copied the l10n directory from an older IceCat source tarball.
(icecat)[inputs]: Remove hunspell.
[native-inputs]: Comment out previous Guix-specific patches for now. Use the
newest rust, cargo, llvm, and clang. Add rust-cbindgen, node, nasm, python 3,
icecat-default-search-ddg.patch and icecat-disable-sync.patch.
[arguments]: In configure flags: remove "--disable-maintenance-service" and
"--enable-system-hunspell", and comment out flags to use system libraries
instead of bundled libraries for libevent, libogg, libvorbis, libvpx,
harfbuzz, graphite2, and sqlite. Add srfi-34 and srfi-35 to modules. Delete
fewer bundled libraries. Adapt the 'patch-source-shebangs' phase. Add a
custom 'build' phase that tries the standard 'build' phase up to 5 times.
In the 'wrap-program' phase, set MOZ_LEGACY_PROFILES=1 in the environment,
and add 'pulseaudio' to the front of LD_LIBRARY_PATH.
[description]: Add a warning that this is only a preview release.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: During custom
'patch-cargo-checksums phase, replace call to 'generate-checksums' with
call to 'generate-all-checksums'.
Includes fixes for CVE-2019-9811, CVE-2019-11709, CVE-2019-11711,
CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717,
CVE-2019-11719, CVE-2019-11729, and CVE-2019-11730.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.8.0-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
(icecat): Refresh some stale comments.
Includes fixes for CVE-2019-11707 and CVE-2019-11708.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.2-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
This includes updates to bundled extensions from the upstream
GNU IceCat 60.7.0-gnu1 release.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.0-guix2.
(icecat-source)[upstream-icecat-base-version]: Update to 60.7.0.
[upstream-icecat-source, gnuzilla-source]: Update hashes.
[origin]: Remove the substitutions that dealt with debian-specific package
code in the makeicecat script, since that code has been removed upstream.
(icecat)[arguments]: Adapt the 'install-desktop-entry' phase to avoid using
the Debian desktop file, which is no longer included in the IceCat sources.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes.
This commit changes the 'source' field of the 'icecat' package to
simply be 'icecat-source', which aims to be suitable for use on any
system that IceCat supports.
* gnu/packages/gnuzilla.scm (icecat)[source]: Change to simply
be 'icecat-source'.
[native-inputs]: Add 'patch', along with the Guix-specific patches
that were previously applied within 'source'.
[arguments]: Remove the 'ensure-no-mtimes-pre-1980' phase.
Add 'apply-guix-specific-patches' and 'remove-bundled-libraries'
phases. Touch 'configure' in the bootstrap phase. Return #t from
the 'augment-CPLUS_INCLUDE_PATH' phase. Reindent.
* gnu/packages/gnuzilla.scm (icecat-source): Check to make sure the
value of FFMAJOR in the 'makeicecat' script matches the major version
of IceCat being generated.
Includes fixes for CVE-2019-9810 and CVE-2019-9813.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.6.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
* gnu/packages/gnuzilla.scm (icecat-source): When packing the new IceCat
tarball, set the mtime of archived files to early 1980. Remove useless
'string-append' applied to one argument.
Includes fixes for CVE-2018-18335, CVE-2018-18356, and CVE-2019-5785.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.5.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
Includes fixes for CVE-2018-18500, CVE-2018-18501, and CVE-2018-18505.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.5.0-guix1.
[version]: Use %icecat-version.
[source]: Inherit from 'icecat-source'. Remove obsolete patches.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch,
gnu/packages/patches/icecat-use-system-graphite2+harfbuzz.patch,
gnu/packages/patches/icecat-use-system-media-libs.patch: Adapt to 60.5.0.
* gnu/packages/gnuzilla.scm (computed-origin-method): New variable.
(%icecat-version, icecat-source): New variables.
* gnu/packages/patches/icecat-makeicecat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2018-18494 and the remaining 7 out of 10 changesets
for CVE-2018-12405.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected changesets from
the upstream mozilla-esr60 repository.
Document that we include fixes for CVE-2018-17466, CVE-2018-18492,
CVE-2018-18493, CVE-2018-18498, and 3 out of 10 changesets for
CVE-2018-12405.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect
CVE assignments.
* gnu/packages/gnuzilla.scm (icecat)[native-inputs]: Add 'llvm-3.9.1' and
'clang-3.9.1'.
[arguments]: In the configure-flags, use quasiquote, remove "--disable-stylo",
and add "--with-clang-path=..." and "--with-libclang-path=...".
Add 'augment-CPLUS_INCLUDE_PATH' phase. In the custom 'configure' phase,
set the CC environment variable to "gcc".
Tests would fail once certificates had expired, along these lines:
chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.114412.1.1
vfychain -d AllDB -pp -vv -o OID.2.16.840.1.114412.1.1 /tmp/guix-build-nss-3.39.drv-0/nss-3.39/nss/tests/libpkix/certs/PayPalEE.cert
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. PayPalEE :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
Using 'faketime' allows us to get deterministic results.
* gnu/packages/gnuzilla.scm (nss)[arguments]: In 'check' phase, run
'all.sh' under 'faketime'.
[native-inputs]: Add LIBFAKETIME.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.3.0-gnu1.
[source]: Switch back to the normal source URI. Remove patches that
are no longer applicable.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Includes fixes for CVE-2018-12389, CVE-2018-12390, CVE-2018-12391,
CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, and
CVE-2018-12397.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected changesets from the
upstream mozilla-esr60 repository. Relabel some previously existing patches
to reflect CVE assignments.
Includes fixes for CVE-2018-12386 and CVE-2018-12387.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr60 repository.
Works around <https://bugs.gnu.org/32833>.
* gnu/packages/gnuzilla.scm (icecat)[source]: In snippet, don't remove NSS.
[inputs]: Remove 'nspr' and 'nss'.
[arguments]: Remove --with-system-{nspr,nss} from configure flags.
* gnu/packages/patches/icecat-use-system-media-libs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Add
another hunk to enable removal of libevent.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. In the snippet, add
libevent, libogg, libvorbis, and libtremor to the list of bundled libraries to
remove. Add a comment regarding theora. Remove comments regarding unbundling
cairo, which is no longer supported.
[inputs]: Add libevent, libogg, and libvorbis.
[arguments]: Add --with-system-{libevent,ogg,vorbis} to configure flags.
Add custom bootstrap phase. Add comments.
Includes fixes for CVE-2018-12383 and CVE-2018-12385.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to apply
cleanly to IceCat 60.
* gnu/packages/gnuzilla.scm (mozilla-patch): Update to fetch from
mozilla-esr60.
(icecat): Add selected changesets from upstream mozilla-esr60.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.2.0-gnu1.
[source]: Download pre-release from alpha.gnu.org. Remove obsolete patches.
Comment out the code to delete the bundled copies of libevent, cairo,
harfbuzz, and graphite2.
[inputs]: Use the latest ffmpeg. Comment out libevent, cairo, harfbuzz, and
graphite2.
[native-inputs]: Add rust and cargo.
[arguments]: Remove --enable-gio and --disable-gnomeui. Add --disable-stylo.
Comment out --with-system-{libevent,harfbuzz,graphite2}, --enable-system-cairo.
Import %cargo-build-system-modules. Add 'patch-cargo-checksums' phase.
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch,
gnu/packages/patches/icecat-bug-1413868-pt1.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/gnuzilla.scm (mozjs-52): New variable.
(cherry picked from commit f67db495aa6e29692e368a13130a40541d5d8273)
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the
remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out
of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Document that we include fixes for CVE-2018-6126, CVE-2018-12359,
CVE-2018-12360, CVE-2018-12362, CVE-2018-12365, 1 out of 2 changesets for
CVE-2018-5156, and 10 out of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
Document the fact that we include fixes for CVE-2018-5154, CVE-2018-5155,
CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
and 9/10 changesets for CVE-2018-5150.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
* gnu/packages/patches/icecat-bug-1452075.patch: Rename to...
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch: ...this.
* gnu/local.mk (dist_patch_DATA): Rename it.
Fixes <https://bugs.gnu.org/31356>.
Reported by Clément Lassieur <clement@lassieur.org>.
* gnu/packages/gnuzilla.scm (icecat)[inputs]: Change from FFMPEG to FFMPEG-3.4.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes
from the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1452075.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: To configure-flags, add
"--with-distribution-id=org.gnu", "--disable-tests", "--disable-updater",
"--disable-crashreporter", "--disable-maintenance-service", and
"--disable-eme". Rename the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase to
'link-libxul-with-libraries'.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: Return #t from the
'install-icons' and 'wrap-program' phases. Use 'invoke' in the custom
configure phase.
Includes fixes for CVE-2018-5146 and CVE-2018-5147.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
Includes fixes for CVE-2018-5131 and the remaining 4 out of 9 changesets for
CVE-2018-5125.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
Document the fact that we include fixes for CVE-2018-5127, CVE-2018-5129,
CVE-2018-5130, CVE-2018-5144, CVE-2018-5145, and 5 out of 9 changesets for
CVE-2018-5125.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
* gnu/packages/patches/icecat-use-system-harfbuzz.patch,
gnu/packages/patches/icecat-use-system-graphite2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. Delete
"gfx/harfbuzz" and "gfx/graphite2" in the snippet.
[inputs]: Add harfbuzz and graphite2.
[arguments]: Add "--with-system-harfbuzz" and "--with-system-graphite2" to
configure-flags.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
Document that our existing patches include fixes for CVE-2018-5091,
CVE-2018-5095, CVE-2018-5096, CVE-2018-5098, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5117, and 14 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[sources]: Relabel patches to reflect CVE
assignments.
Fixes <https://bugs.gnu.org/30097>.
Reported by Gábor Boskovits <boskovits@gmail.com>.
* gnu/packages/gnuzilla.scm (nspr)[arguments]: Add #:make-flags to prevent
indeterministic timestamps from being recorded.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Document that we include 18/19 changesets for CVE-2017-7826, and 1/2
changesets for CVE-2017-7828.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
Includes fixes for CVE-2017-7793, CVE-2017-7805, CVE-2017-7819, CVE-2017-7823,
and the remaining 3 out of 8 changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
Document the fact that we include fixes for CVE-2017-7814 and 5 out of 8
changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename some patches to reflect
CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.3.0-gnu1.
[source]: Remove outdated patches and add more selected fixes from
upstream mozilla-esr52.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add fixes for CVE-2017-7802,
CVE-2017-7803, CVE-2017-7807, and the remaining 6 out of 23 changesets for
CVE-2017-7779.
Document that our existing patches include fixes for CVE-2017-7753,
CVE-2017-7784, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,
CVE-2017-7798, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, and 17 out of 23
changesets for CVE-2017-7779.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
This release includes minor code changes and many certificate updates:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes>
* gnu/packages/certs.scm (nss-certs): Update to 3.32.
* gnu/packages/gnuzilla.scm (nss): Update to 3.32.
[arguments]: Prevent another test file from being installed.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust.
This adds fixes for CVE-2017-7757, CVE-2017-7758, and the remaining
5 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository, through ESR 52.2.
This documents that we include fixes for the following CVEs: CVE-2017-5472,
CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,
CVE-2017-7756, CVE-2017-7764, CVE-2017-7765, CVE-2017-7778, and that we
include 15 out of 20 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename existing patches to
indicate their CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.1.0-gnu1. Remove patches
that are included in the new release. In the snippet, don't try to remove
dom/devicestorage, which has since been removed upstream. Add selected fixes
from upstream mozilla-esr52, up to the ESR 52.1.1 release.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.0.2-gnu1.
[source]: Remove all patches except "icecat-avoid-bundled-libraries.patch".
Add selected fixes from the upstream mozilla-esr52 repository, up to 52.1.
Remove "dom/devicestorage" in the snippet.
[inputs]: Remove gstreamer and gst-plugins-base. Add ffmpeg and gtk+3. Move
yasm to native-inputs.
[native-inputs]: Add autoconf-2.13 and yasm.
[arguments]: In configure-flags, remove the following switches which are no
longer accepted: --enable-{pango,svg,canvas,mathml,gstreamer=1.0} and
"--disable-gnomevfs". Use "--enable-default-toolkit=cairo-gtk3" to switch to
Gtk+3. Remove the 'remove-h264parse-from-blacklist' phase. Adapt the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase as needed. In
the 'configure' phase, set the AUTOCONF environment variable.
(mozilla-patch): Update the URL pattern to fetch from the mozilla-esr52
repository.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to mozilla-esr52.
* gnu/packages/patches/icecat-binutils.patch: Remove file.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: New file.
* gnu/local.mk (dist_patch_DATA): Remove "icecat-binutils.patch".
Add "icecat-bug-1299500-pt10.patch".
Suggested by Marius Bakke <mbakke@fastmail.com> in
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00440.html>.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Add patch.
* gnu/packages/gnuzilla.scm (mozjs@24)[arguments]: Use
'substitute-keyword-arguments', override inherited 'configure.
[native-inputs]: Remove field to use inherited native-inputs.
[propagated-inputs]: Same.
* gnu/packages/gnuzilla.scm (mozjs@24)[source]: Add patch.
[arguments]: Add flag for building on aarch64-linux, delete failing test.
* gnu/packages/patches/mozjs24-aarch64-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
