Document that our existing patches include fixes for CVE-2018-5091,
CVE-2018-5095, CVE-2018-5096, CVE-2018-5098, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5117, and 14 out of 21 changesets for CVE-2018-5089.
* gnu/packages/gnuzilla.scm (icecat)[sources]: Relabel patches to reflect CVE
assignments.
Fixes <https://bugs.gnu.org/30097>.
Reported by Gábor Boskovits <boskovits@gmail.com>.
* gnu/packages/gnuzilla.scm (nspr)[arguments]: Add #:make-flags to prevent
indeterministic timestamps from being recorded.
* gnu/packages/patches/icecat-glibc-2.26.patch: New file.
* gnu/packages/gnuzilla.scm (icecat)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add more fixes from the
upstream mozilla-esr52 repository, plus a backported mitigation for
Spectre from Firefox 57.0.4.
* gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Add fixes for CVE-2017-7830, the remaining 1/2 changesets for CVE-2017-7828,
the remaining 1/19 changesets for CVE-2017-7826, and selected other fixes.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
* gnu/packages/patches/icecat-bug-1348660-pt5.patch,
gnu/packages/patches/icecat-bug-1415133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Document that we include 18/19 changesets for CVE-2017-7826, and 1/2
changesets for CVE-2017-7828.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
Includes fixes for CVE-2017-7793, CVE-2017-7805, CVE-2017-7819, CVE-2017-7823,
and the remaining 3 out of 8 changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository.
Document the fact that we include fixes for CVE-2017-7814 and 5 out of 8
changesets for CVE-2017-7810.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename some patches to reflect
CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.3.0-gnu1.
[source]: Remove outdated patches and add more selected fixes from
upstream mozilla-esr52.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add fixes for CVE-2017-7802,
CVE-2017-7803, CVE-2017-7807, and the remaining 6 out of 23 changesets for
CVE-2017-7779.
Document that our existing patches include fixes for CVE-2017-7753,
CVE-2017-7784, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792,
CVE-2017-7798, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, and 17 out of 23
changesets for CVE-2017-7779.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename patches to reflect CVE
assignments.
This release includes minor code changes and many certificate updates:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes>
* gnu/packages/certs.scm (nss-certs): Update to 3.32.
* gnu/packages/gnuzilla.scm (nss): Update to 3.32.
[arguments]: Prevent another test file from being installed.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust.
This adds fixes for CVE-2017-7757, CVE-2017-7758, and the remaining
5 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository, through ESR 52.2.
This documents that we include fixes for the following CVEs: CVE-2017-5472,
CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,
CVE-2017-7756, CVE-2017-7764, CVE-2017-7765, CVE-2017-7778, and that we
include 15 out of 20 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename existing patches to
indicate their CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.1.0-gnu1. Remove patches
that are included in the new release. In the snippet, don't try to remove
dom/devicestorage, which has since been removed upstream. Add selected fixes
from upstream mozilla-esr52, up to the ESR 52.1.1 release.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.0.2-gnu1.
[source]: Remove all patches except "icecat-avoid-bundled-libraries.patch".
Add selected fixes from the upstream mozilla-esr52 repository, up to 52.1.
Remove "dom/devicestorage" in the snippet.
[inputs]: Remove gstreamer and gst-plugins-base. Add ffmpeg and gtk+3. Move
yasm to native-inputs.
[native-inputs]: Add autoconf-2.13 and yasm.
[arguments]: In configure-flags, remove the following switches which are no
longer accepted: --enable-{pango,svg,canvas,mathml,gstreamer=1.0} and
"--disable-gnomevfs". Use "--enable-default-toolkit=cairo-gtk3" to switch to
Gtk+3. Remove the 'remove-h264parse-from-blacklist' phase. Adapt the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase as needed. In
the 'configure' phase, set the AUTOCONF environment variable.
(mozilla-patch): Update the URL pattern to fetch from the mozilla-esr52
repository.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to mozilla-esr52.
* gnu/packages/patches/icecat-binutils.patch: Remove file.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: New file.
* gnu/local.mk (dist_patch_DATA): Remove "icecat-binutils.patch".
Add "icecat-bug-1299500-pt10.patch".
Suggested by Marius Bakke <mbakke@fastmail.com> in
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00440.html>.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Add patch.
* gnu/packages/gnuzilla.scm (mozjs@24)[arguments]: Use
'substitute-keyword-arguments', override inherited 'configure.
[native-inputs]: Remove field to use inherited native-inputs.
[propagated-inputs]: Same.
* gnu/packages/gnuzilla.scm (mozjs@24)[source]: Add patch.
[arguments]: Add flag for building on aarch64-linux, delete failing test.
* gnu/packages/patches/mozjs24-aarch64-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/nss-increase-test-timeout.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Use it.
Includes fixes for CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,
CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, and
CVE-2017-5410.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr45 repository.
Document that the following CVEs are fixed: CVE-2016-9893, CVE-2016-9895,
CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901,
CVE-2016-9902, CVE-2016-9904, and CVE-2016-9905. Note that these are all of
the CVEs fixed in Firefox ESR 45.6.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add comments to patches that
have since been assigned CVEs.
* gnu/packages/gnuzilla.scm (icecat): Update to 45.5.1-gnu1.
[source]: Remove temporary URI for 45.3 beta. Fix URI computation. Remove
outdated patches. Add more cherry-picked bug fixes from upstream
mozilla-esr45. Use 'list' instead of quasiquote in 'patches' field.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add fixes for
CVE-2016-9079 and other selected fixes from the upstream mozilla-esr45
repository.
* gnu/packages/gnuzilla.scm (icecat)[source]: Remove bundled libjpeg, which
is actually libjpeg-turbo.
[inputs]: Add libjpeg-turbo.
[arguments]: Use it.
This reverts commit eaf72e218e.
IceCat misbehaves with gtk+3, most notably the scroll bar handles are
invisible. Here we revert back to gtk+2 until these problems can be
addressed.
This is a followup to commit 1a87aa7567.
* gnu/packages/gnuzilla.scm (icecat)[sources][patches]: Remove patch for
CVE-2016-5296, which is for a bundled copy of pixman that is
subsequently deleted by a snippet.
Includes fixes for CVE-2016-5290, CVE-2016-5291, CVE-2016-5297, CVE-2016-9064,
and CVE-2016-9066.
* gnu/packages/gnuzilla.scm (icecat)[source][patches]: Add fixes for
aforementioned CVEs and other selected fixes from Firefox ESR 45.5.0. Note
that the first six patches of CVE-2016-5290 and the patch for CVE-2016-9066
were already present, but were labeled by mozilla bug number instead of CVE.
* gnu/packages/patches/icecat-CVE-2016-9064.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/icecat-binutils.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Use it.