Includes fixes for CVE-2020-16042, CVE-2020-26971, CVE-2020-26973,
CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, and
CVE-2020-35113.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
This follows up on 3eb34c66b4 which left an
unbound "nghttp2-1.41" variable.
* gnu/packages/node.scm (node): Update to 10.22.1.
(node-10.22): Remove variable.
* gnu/packages/gnuzilla.scm (icecat)[native-inputs]: Change from NODE-10.22 to
NODE.
(icedove)[native-inputs]: Likewise.
Includes fixes for CVE-2020-15999, CVE-2020-16012, CVE-2020-26951,
CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959,
CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, and
CVE-2020-26968.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-15683 and CVE-2020-15969.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
nss@3.57 includes a critical fix for building on aarch64.
* gnu/packages/nss.scm (nss-3.56): Update to 3.57 and rename to
* nss-3.57.
* gnu/packages/gnuzilla.scm (icedove)[inputs]: Update nss variable name.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnuzilla.scm (icecat)[arguments]<phases>: In the
patch-cargo-checksums phase, replace the inner "find-files" call
with the already found file name.
Signed-off-by: Mark H Weaver <mhw@netris.org>
It was necessary for icedove@68 which is now based on icecat@78.
* gnu/packages/gnuzilla.scm (mozilla-68-compare-locales): Remove.
(all-mozilla-68-locales): Remove.
(%icecat-68-version): Remove.
(icecat-68-source): Remove.
* gnu/packages/patches/icecat-68-makeicecat.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Modified-By: Mark H Weaver <mhw@netris.org>
Signed-off-by: Mark H Weaver <mhw@netris.org>
* gnu/packages/gnuzilla.scm (icedove): Update to 78.3.0.
[source]: Use source from Icecat 78.
[arguments]: Use more flexible approach for generating cargo checksums
from icecat. Update files in 'rename-to-icedove phase. Remove gone
configure flags and rename `--disable-ion` to `--disable-jit`.
[inputs]: Update icu4c to version 67 and nss to 3.56.
[native-inputs]: Use ESR 78 mercurial repo for thunderbird soruces.
Update rust and cargo to 1.41, rust-cbindgen to 0.14 and
node to 10.22.
Tested-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Signed-off-by: Mark H Weaver <mhw@netris.org>
Includes fixes for CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, and
CVE-2020-15678.
* gnu/packages/gnuzilla.scm (mozilla-compare-locales): Update to
RELEASE_8_0_0.
(all-mozilla-locales): Update to newer versions.
(mozilla-patch): Remove vestigial procedure.
(%icecat-version, %icecat-build-id): Update to 78.3.0-guix0-preview1.
(icecat-source): Update 'upstream-icecat-base-version', 'gnuzilla-commit', and
hashes. Reverse order of makeicecat-patch and gnuzilla-fixes-patch.
(icecat)[inputs]: Remove libogg, libvorbis, libvpx, icu4c, sqlite,
startup-notification, and zlib. Add several "UNBUNDLE-ME!" comments.
[native-inputs]: Update 'rust' and 'cargo' dependencies to version 1.41.
Update 'rust-cbindgen' dependency to version 0.14. Update 'node' dependency
to 10.22.
[arguments]<configure-flags>: Change --enable-default-toolkit value to
"cairo-gtk3-wayland". Change --with-unsigned-addon-scopes value to
"app,system". Add "--allow-addon-sideload". Remove
"--enable-startup-notification" and "--disable-gconf". Comment out
"--with-system-zlib", "--with-system-bz2", and "--with-system-icu".
<phases>: In the 'remove-bundled-libaries' phase, remove "modules/zlib" from
the list of directories to delete. Update the 'patch-cargo-checksums' phase
to update more modules.
(mozilla-68-compare-locales, all-mozilla-68-locales, %icecat-68-version)
(icecat-68-source): New variables preserving the previous icecat 68 source.
(icedove)[source]: Use 'icecat-68-source'.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to IceCat 78.
* gnu/packages/patches/icecat-68-makeicecat.patch: New file containing
the previous 'icecat-makeicecat.patch'.
* gnu/local.mk: Add 'icecat-68-makeicecat.patch'.
Includes fixes for CVE-2020-15663, CVE-2020-15664, and CVE-2020-15669.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, and
CVE-2020-15659.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
IceCat loads libXss.so at runtime to inhibit screen locking if other interfaces are unavailable.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: Add libxscrnsaver to
wrap-program arguments.
Signed-off-by: Jakub Kądziołka <kuba@kadziolka.net>
Includes fixes for CVE-2020-12417, CVE-2020-12418, CVE-2020-12419,
CVE-2020-12420, and CVE-2020-12421.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes. Remove
code that deleted the Onion Browser Button extension, which is no longer
bundled upstream.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Fixes <https://bugs.gnu.org/35728>.
The Onion Browser Button (tortm-browser-button@jeremybenthum) version 0.1.8,
available from addons.mozilla.org and bundled with IceCat, malfunctions with
both IceCat 68.9 and Firefox ESR 68.9. It tells the user that it's connected
to Tor, but fails to route traffic through it. The same happens on Debian 9
with its "firefox-esr" package.
Remove this extension from IceCat, pending further investigation.
* gnu/packages/gnuzilla.scm (icecat-source): Remove the "data/extensions/
tortm-browser-button@jeremybenthum" directory before running makeicecat.
Includes fixes for CVE-2020-12399 and CVE-2020-12405.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388,
CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Apply icecat-use-older-reveal-hidden-html.patch.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2020-6821, CVE-2020-6822, CVE-2020-6825,
CVE-2020-6827, and CVE-2020-6828.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2020-6819 and CVE-2020-6820.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Includes fixes for CVE-2019-20503, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, and CVE-2020-6814.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
Fixes <https://bugs.gnu.org/38045>. Thanks to Jakub Kądziołka
<kuba@kadziolka.net> and Amin Bandali <bandali@gnu.org> for their
helpful observations and suggestions.
This is a followup to commit 8e5567195f.
* gnu/packages/gnuzilla.scm (icecat)[inputs]: Add shared-mime-info.
[arguments]: Add elf and binary I/O modules to #:modules. Add code to
the 'fix-ffmpeg-runtime-linker' phase that sets the sandbox read-path
whitelist to include libavcodec's RUNPATH, as well as shared-mime-info.
Includes fixes for CVE-2019-17015, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17021, CVE-2019-17022, and CVE-2019-17024.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash of upstream firefox source tarball,
'upstream-icecat-base-version', and commit and hash of gnuzilla checkout.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes.
Includes fixes for CVE-2019-11745, CVE-2019-17005, CVE-2019-17008,
CVE-2019-17009, CVE-2019-17010, CVE-2019-17011, and CVE-2019-17012.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update hash for the firefox source tarball. Update to the
latest from gnuzilla.git. Don't apply icecat-gnuzilla-fixes.patch. Remove
determinism fix in makeicecat that is now upstream. Tweak a status message.
(icecat)[arguments]: Add "--with-unsigned-addon-scopes=app" configure flag.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update to the latest upstream commit on '68' branch.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes
that have been incorporated upstream, and add new pending changes,
notably the addition of several IceCat-specific preferences.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to changes in
icecat-gnuzilla-fixes.patch.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(%icecat-build-id): New variable.
(icecat-source): Update gnuzilla repo commit and hash.
(icecat)[arguments]: In the custom 'configure' phase, set the MOZ_BUILD_DATE
environment variable to the value of %icecat-build-id.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes that
are now in the upstream repository. Add more pending changes, including
disabling the MOZ_SERVICES_HEALTHREPORT and MOZ_BLOCK_PROFILE_DOWNGRADE
build flags, fixing a problem that prevented MOZ_DATA_REPORTING
from being disabled, and fixes to the branding.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes,
and changes in icecat-gnuzilla-fixes.patch. Remove a hunk that disabled
rewrites to aboutRights.dtd in the l10n directory.
This commit moves some important fixes into a patch applied to the upstream
gnuzilla git repository, whereas previously they were applied in such a way
that only benefitted Guix users.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: Delete files.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adapt accordingly.
* gnu/packages/gnuzilla.scm (icecat-source): Apply the new patch to the
gnuzilla checkout.
(icecat)[native-inputs]: Remove deleted patches.
[arguments]: In the 'wrap-program' phase, remove MOZ_LEGACY_PROFILES=1
from the wrapper.
Fixes CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, and CVE-2019-15903.
Note: IceCat 68 has not yet been released by the IceCat project. This is a
work-in-progress, and does not currently meet the privacy-respecting
standards of the IceCat project.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(mozilla-compare-locales, all-mozilla-locales): New variables.
(mozilla-locale): New procedure.
(mozilla-locales): New macro.
(icecat-source): Add code to populate the l10n directory. Remove the code
that copied the l10n directory from an older IceCat source tarball.
(icecat)[inputs]: Remove hunspell.
[native-inputs]: Comment out previous Guix-specific patches for now. Use the
newest rust, cargo, llvm, and clang. Add rust-cbindgen, node, nasm, python 3,
icecat-default-search-ddg.patch and icecat-disable-sync.patch.
[arguments]: In configure flags: remove "--disable-maintenance-service" and
"--enable-system-hunspell", and comment out flags to use system libraries
instead of bundled libraries for libevent, libogg, libvorbis, libvpx,
harfbuzz, graphite2, and sqlite. Add srfi-34 and srfi-35 to modules. Delete
fewer bundled libraries. Adapt the 'patch-source-shebangs' phase. Add a
custom 'build' phase that tries the standard 'build' phase up to 5 times.
In the 'wrap-program' phase, set MOZ_LEGACY_PROFILES=1 in the environment,
and add 'pulseaudio' to the front of LD_LIBRARY_PATH.
[description]: Add a warning that this is only a preview release.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
* gnu/packages/gnuzilla.scm (icecat)[arguments]: During custom
'patch-cargo-checksums phase, replace call to 'generate-checksums' with
call to 'generate-all-checksums'.
Includes fixes for CVE-2019-9811, CVE-2019-11709, CVE-2019-11711,
CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717,
CVE-2019-11719, CVE-2019-11729, and CVE-2019-11730.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.8.0-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
(icecat): Refresh some stale comments.
Includes fixes for CVE-2019-11707 and CVE-2019-11708.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.2-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
This includes updates to bundled extensions from the upstream
GNU IceCat 60.7.0-gnu1 release.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.0-guix2.
(icecat-source)[upstream-icecat-base-version]: Update to 60.7.0.
[upstream-icecat-source, gnuzilla-source]: Update hashes.
[origin]: Remove the substitutions that dealt with debian-specific package
code in the makeicecat script, since that code has been removed upstream.
(icecat)[arguments]: Adapt the 'install-desktop-entry' phase to avoid using
the Debian desktop file, which is no longer included in the IceCat sources.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes.
This commit changes the 'source' field of the 'icecat' package to
simply be 'icecat-source', which aims to be suitable for use on any
system that IceCat supports.
* gnu/packages/gnuzilla.scm (icecat)[source]: Change to simply
be 'icecat-source'.
[native-inputs]: Add 'patch', along with the Guix-specific patches
that were previously applied within 'source'.
[arguments]: Remove the 'ensure-no-mtimes-pre-1980' phase.
Add 'apply-guix-specific-patches' and 'remove-bundled-libraries'
phases. Touch 'configure' in the bootstrap phase. Return #t from
the 'augment-CPLUS_INCLUDE_PATH' phase. Reindent.
* gnu/packages/gnuzilla.scm (icecat-source): Check to make sure the
value of FFMAJOR in the 'makeicecat' script matches the major version
of IceCat being generated.
Includes fixes for CVE-2019-9810 and CVE-2019-9813.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.6.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
* gnu/packages/gnuzilla.scm (icecat-source): When packing the new IceCat
tarball, set the mtime of archived files to early 1980. Remove useless
'string-append' applied to one argument.
Includes fixes for CVE-2018-18335, CVE-2018-18356, and CVE-2019-5785.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.5.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
Includes fixes for CVE-2018-18500, CVE-2018-18501, and CVE-2018-18505.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.5.0-guix1.
[version]: Use %icecat-version.
[source]: Inherit from 'icecat-source'. Remove obsolete patches.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch,
gnu/packages/patches/icecat-use-system-graphite2+harfbuzz.patch,
gnu/packages/patches/icecat-use-system-media-libs.patch: Adapt to 60.5.0.