Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the
remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out
of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Document that we include fixes for CVE-2018-6126, CVE-2018-12359,
CVE-2018-12360, CVE-2018-12362, CVE-2018-12365, 1 out of 2 changesets for
CVE-2018-5156, and 10 out of 17 changesets for CVE-2018-5188.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
Document the fact that we include fixes for CVE-2018-5154, CVE-2018-5155,
CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
and 9/10 changesets for CVE-2018-5150.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
* gnu/packages/patches/icecat-bug-1452075.patch: Rename to...
* gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch: ...this.
* gnu/local.mk (dist_patch_DATA): Rename it.
Fixes <https://bugs.gnu.org/31356>.
Reported by Clément Lassieur <clement@lassieur.org>.
* gnu/packages/gnuzilla.scm (icecat)[inputs]: Change from FFMPEG to FFMPEG-3.4.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes
from the upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1452075.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: To configure-flags, add
"--with-distribution-id=org.gnu", "--disable-tests", "--disable-updater",
"--disable-crashreporter", "--disable-maintenance-service", and
"--disable-eme". Rename the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase to
'link-libxul-with-libraries'.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: Return #t from the
'install-icons' and 'wrap-program' phases. Use 'invoke' in the custom
configure phase.
Includes fixes for CVE-2018-5146 and CVE-2018-5147.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from
the upstream mozilla-esr52 repository.
Includes fixes for CVE-2018-5131 and the remaining 4 out of 9 changesets for
CVE-2018-5125.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
Document the fact that we include fixes for CVE-2018-5127, CVE-2018-5129,
CVE-2018-5130, CVE-2018-5144, CVE-2018-5145, and 5 out of 9 changesets for
CVE-2018-5125.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE
assignments.
* gnu/packages/patches/icecat-use-system-harfbuzz.patch,
gnu/packages/patches/icecat-use-system-graphite2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. Delete
"gfx/harfbuzz" and "gfx/graphite2" in the snippet.
[inputs]: Add harfbuzz and graphite2.
[arguments]: Add "--with-system-harfbuzz" and "--with-system-graphite2" to
configure-flags.
Includes fixes for CVE-2018-5104, CVE-2018-5097, CVE-2018-5099, and the
remaining 7 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository. Remove the local spectre mitigation patch
in favor of the (identical) changeset from upstream.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove it.
Document that our existing patches include fixes for CVE-2018-5091,
CVE-2018-5095, CVE-2018-5096, CVE-2018-5098, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5117, and 14 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[sources]: Relabel patches to reflect CVE
assignments.
Fixes <https://bugs.gnu.org/30097>.
Reported by Gábor Boskovits <boskovits@gmail.com>.
* gnu/packages/gnuzilla.scm (nspr)[arguments]: Add #:make-flags to prevent
indeterministic timestamps from being recorded.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Document that we include 18/19 changesets for CVE-2017-7826, and 1/2
changesets for CVE-2017-7828.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
Includes fixes for CVE-2017-7793, CVE-2017-7805, CVE-2017-7819, CVE-2017-7823,
and the remaining 3 out of 8 changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
Document the fact that we include fixes for CVE-2017-7814 and 5 out of 8
changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename some patches to reflect
CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.3.0-gnu1.
[source]: Remove outdated patches and add more selected fixes from
upstream mozilla-esr52.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add fixes for CVE-2017-7802,
CVE-2017-7803, CVE-2017-7807, and the remaining 6 out of 23 changesets for
CVE-2017-7779.
Document that our existing patches include fixes for CVE-2017-7753,
CVE-2017-7784, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,
CVE-2017-7798, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, and 17 out of 23
changesets for CVE-2017-7779.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
This release includes minor code changes and many certificate updates:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes>
* gnu/packages/certs.scm (nss-certs): Update to 3.32.
* gnu/packages/gnuzilla.scm (nss): Update to 3.32.
[arguments]: Prevent another test file from being installed.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust.
This adds fixes for CVE-2017-7757, CVE-2017-7758, and the remaining
5 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository, through ESR 52.2.
This documents that we include fixes for the following CVEs: CVE-2017-5472,
CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,
CVE-2017-7756, CVE-2017-7764, CVE-2017-7765, CVE-2017-7778, and that we
include 15 out of 20 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename existing patches to
indicate their CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.1.0-gnu1. Remove patches
that are included in the new release. In the snippet, don't try to remove
dom/devicestorage, which has since been removed upstream. Add selected fixes
from upstream mozilla-esr52, up to the ESR 52.1.1 release.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.0.2-gnu1.
[source]: Remove all patches except "icecat-avoid-bundled-libraries.patch".
Add selected fixes from the upstream mozilla-esr52 repository, up to 52.1.
Remove "dom/devicestorage" in the snippet.
[inputs]: Remove gstreamer and gst-plugins-base. Add ffmpeg and gtk+3. Move
yasm to native-inputs.
[native-inputs]: Add autoconf-2.13 and yasm.
[arguments]: In configure-flags, remove the following switches which are no
longer accepted: --enable-{pango,svg,canvas,mathml,gstreamer=1.0} and
"--disable-gnomevfs". Use "--enable-default-toolkit=cairo-gtk3" to switch to
Gtk+3. Remove the 'remove-h264parse-from-blacklist' phase. Adapt the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase as needed. In
the 'configure' phase, set the AUTOCONF environment variable.
(mozilla-patch): Update the URL pattern to fetch from the mozilla-esr52
repository.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to mozilla-esr52.
* gnu/packages/patches/icecat-binutils.patch: Remove file.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: New file.
* gnu/local.mk (dist_patch_DATA): Remove "icecat-binutils.patch".
Add "icecat-bug-1299500-pt10.patch".
Suggested by Marius Bakke <mbakke@fastmail.com> in
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00440.html>.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Add patch.
Marius Bakke