This release includes minor code changes and many certificate updates:
<https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes>
* gnu/packages/certs.scm (nss-certs): Update to 3.32.
* gnu/packages/gnuzilla.scm (nss): Update to 3.32.
[arguments]: Prevent another test file from being installed.
* gnu/packages/patches/nss-pkgconfig.patch: Adjust.
This adds fixes for CVE-2017-7757, CVE-2017-7758, and the remaining
5 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr52 repository, through ESR 52.2.
This documents that we include fixes for the following CVEs: CVE-2017-5472,
CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,
CVE-2017-7756, CVE-2017-7764, CVE-2017-7765, CVE-2017-7778, and that we
include 15 out of 20 patches for CVE-2017-5470.
* gnu/packages/gnuzilla.scm (icecat)[source]: Rename existing patches to
indicate their CVE assignments.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.1.0-gnu1. Remove patches
that are included in the new release. In the snippet, don't try to remove
dom/devicestorage, which has since been removed upstream. Add selected fixes
from upstream mozilla-esr52, up to the ESR 52.1.1 release.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gnuzilla.scm (icecat): Update to 52.0.2-gnu1.
[source]: Remove all patches except "icecat-avoid-bundled-libraries.patch".
Add selected fixes from the upstream mozilla-esr52 repository, up to 52.1.
Remove "dom/devicestorage" in the snippet.
[inputs]: Remove gstreamer and gst-plugins-base. Add ffmpeg and gtk+3. Move
yasm to native-inputs.
[native-inputs]: Add autoconf-2.13 and yasm.
[arguments]: In configure-flags, remove the following switches which are no
longer accepted: --enable-{pango,svg,canvas,mathml,gstreamer=1.0} and
"--disable-gnomevfs". Use "--enable-default-toolkit=cairo-gtk3" to switch to
Gtk+3. Remove the 'remove-h264parse-from-blacklist' phase. Adapt the
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase as needed. In
the 'configure' phase, set the AUTOCONF environment variable.
(mozilla-patch): Update the URL pattern to fetch from the mozilla-esr52
repository.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to mozilla-esr52.
* gnu/packages/patches/icecat-binutils.patch: Remove file.
* gnu/packages/patches/icecat-bug-1299500-pt10.patch: New file.
* gnu/local.mk (dist_patch_DATA): Remove "icecat-binutils.patch".
Add "icecat-bug-1299500-pt10.patch".
Suggested by Marius Bakke <mbakke@fastmail.com> in
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00440.html>.
* gnu/packages/patches/nss-disable-long-b64-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Add patch.
* gnu/packages/gnuzilla.scm (mozjs@24)[arguments]: Use
'substitute-keyword-arguments', override inherited 'configure.
[native-inputs]: Remove field to use inherited native-inputs.
[propagated-inputs]: Same.
* gnu/packages/gnuzilla.scm (mozjs@24)[source]: Add patch.
[arguments]: Add flag for building on aarch64-linux, delete failing test.
* gnu/packages/patches/mozjs24-aarch64-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/patches/nss-increase-test-timeout.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (nss)[source]: Use it.
Includes fixes for CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,
CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, and
CVE-2017-5410.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the
upstream mozilla-esr45 repository.