* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update to the latest upstream commit on '68' branch.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes
that have been incorporated upstream, and add new pending changes,
notably the addition of several IceCat-specific preferences.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to changes in
icecat-gnuzilla-fixes.patch.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(%icecat-build-id): New variable.
(icecat-source): Update gnuzilla repo commit and hash.
(icecat)[arguments]: In the custom 'configure' phase, set the MOZ_BUILD_DATE
environment variable to the value of %icecat-build-id.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: Remove changes that
are now in the upstream repository. Add more pending changes, including
disabling the MOZ_SERVICES_HEALTHREPORT and MOZ_BLOCK_PROFILE_DOWNGRADE
build flags, fixing a problem that prevented MOZ_DATA_REPORTING
from being disabled, and fixes to the branding.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes,
and changes in icecat-gnuzilla-fixes.patch. Remove a hunk that disabled
rewrites to aboutRights.dtd in the l10n directory.
This commit moves some important fixes into a patch applied to the upstream
gnuzilla git repository, whereas previously they were applied in such a way
that only benefitted Guix users.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: Delete files.
* gnu/packages/patches/icecat-gnuzilla-fixes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adapt accordingly.
* gnu/packages/gnuzilla.scm (icecat-source): Apply the new patch to the
gnuzilla checkout.
(icecat)[native-inputs]: Remove deleted patches.
[arguments]: In the 'wrap-program' phase, remove MOZ_LEGACY_PROFILES=1
from the wrapper.
Fixes CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, and CVE-2019-15903.
Note: IceCat 68 has not yet been released by the IceCat project. This is a
work-in-progress, and does not currently meet the privacy-respecting
standards of the IceCat project.
* gnu/packages/patches/icecat-default-search-ddg.patch,
gnu/packages/patches/icecat-disable-sync.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (%icecat-version): Update.
(mozilla-compare-locales, all-mozilla-locales): New variables.
(mozilla-locale): New procedure.
(mozilla-locales): New macro.
(icecat-source): Add code to populate the l10n directory. Remove the code
that copied the l10n directory from an older IceCat source tarball.
(icecat)[inputs]: Remove hunspell.
[native-inputs]: Comment out previous Guix-specific patches for now. Use the
newest rust, cargo, llvm, and clang. Add rust-cbindgen, node, nasm, python 3,
icecat-default-search-ddg.patch and icecat-disable-sync.patch.
[arguments]: In configure flags: remove "--disable-maintenance-service" and
"--enable-system-hunspell", and comment out flags to use system libraries
instead of bundled libraries for libevent, libogg, libvorbis, libvpx,
harfbuzz, graphite2, and sqlite. Add srfi-34 and srfi-35 to modules. Delete
fewer bundled libraries. Adapt the 'patch-source-shebangs' phase. Add a
custom 'build' phase that tries the standard 'build' phase up to 5 times.
In the 'wrap-program' phase, set MOZ_LEGACY_PROFILES=1 in the environment,
and add 'pulseaudio' to the front of LD_LIBRARY_PATH.
[description]: Add a warning that this is only a preview release.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt.
Includes fixes for CVE-2019-9811, CVE-2019-11709, CVE-2019-11711,
CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717,
CVE-2019-11719, CVE-2019-11729, and CVE-2019-11730.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.8.0-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
(icecat): Refresh some stale comments.
Includes fixes for CVE-2019-11707 and CVE-2019-11708.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.2-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
This includes updates to bundled extensions from the upstream
GNU IceCat 60.7.0-gnu1 release.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.0-guix2.
(icecat-source)[upstream-icecat-base-version]: Update to 60.7.0.
[upstream-icecat-source, gnuzilla-source]: Update hashes.
[origin]: Remove the substitutions that dealt with debian-specific package
code in the makeicecat script, since that code has been removed upstream.
(icecat)[arguments]: Adapt the 'install-desktop-entry' phase to avoid using
the Debian desktop file, which is no longer included in the IceCat sources.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes.
This commit changes the 'source' field of the 'icecat' package to
simply be 'icecat-source', which aims to be suitable for use on any
system that IceCat supports.
* gnu/packages/gnuzilla.scm (icecat)[source]: Change to simply
be 'icecat-source'.
[native-inputs]: Add 'patch', along with the Guix-specific patches
that were previously applied within 'source'.
[arguments]: Remove the 'ensure-no-mtimes-pre-1980' phase.
Add 'apply-guix-specific-patches' and 'remove-bundled-libraries'
phases. Touch 'configure' in the bootstrap phase. Return #t from
the 'augment-CPLUS_INCLUDE_PATH' phase. Reindent.
* gnu/packages/gnuzilla.scm (icecat-source): Check to make sure the
value of FFMAJOR in the 'makeicecat' script matches the major version
of IceCat being generated.
Includes fixes for CVE-2019-9810 and CVE-2019-9813.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.6.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
* gnu/packages/gnuzilla.scm (icecat-source): When packing the new IceCat
tarball, set the mtime of archived files to early 1980. Remove useless
'string-append' applied to one argument.
Includes fixes for CVE-2018-18335, CVE-2018-18356, and CVE-2019-5785.
* gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.5.1-guix1.
(icecat-source)[upstream-firefox-source]: Update hash.
Includes fixes for CVE-2018-18500, CVE-2018-18501, and CVE-2018-18505.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.5.0-guix1.
[version]: Use %icecat-version.
[source]: Inherit from 'icecat-source'. Remove obsolete patches.
* gnu/packages/patches/icecat-avoid-bundled-libraries.patch,
gnu/packages/patches/icecat-use-system-graphite2+harfbuzz.patch,
gnu/packages/patches/icecat-use-system-media-libs.patch: Adapt to 60.5.0.
* gnu/packages/gnuzilla.scm (computed-origin-method): New variable.
(%icecat-version, icecat-source): New variables.
* gnu/packages/patches/icecat-makeicecat.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Includes fixes for CVE-2018-18494 and the remaining 7 out of 10 changesets
for CVE-2018-12405.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected changesets from
the upstream mozilla-esr60 repository.
Document that we include fixes for CVE-2018-17466, CVE-2018-18492,
CVE-2018-18493, CVE-2018-18498, and 3 out of 10 changesets for
CVE-2018-12405.
* gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect
CVE assignments.
* gnu/packages/gnuzilla.scm (icecat)[native-inputs]: Add 'llvm-3.9.1' and
'clang-3.9.1'.
[arguments]: In the configure-flags, use quasiquote, remove "--disable-stylo",
and add "--with-clang-path=..." and "--with-libclang-path=...".
Add 'augment-CPLUS_INCLUDE_PATH' phase. In the custom 'configure' phase,
set the CC environment variable to "gcc".
Tests would fail once certificates had expired, along these lines:
chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.114412.1.1
vfychain -d AllDB -pp -vv -o OID.2.16.840.1.114412.1.1 /tmp/guix-build-nss-3.39.drv-0/nss-3.39/nss/tests/libpkix/certs/PayPalEE.cert
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. PayPalEE :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
Using 'faketime' allows us to get deterministic results.
* gnu/packages/gnuzilla.scm (nss)[arguments]: In 'check' phase, run
'all.sh' under 'faketime'.
[native-inputs]: Add LIBFAKETIME.
* gnu/packages/gnuzilla.scm (icecat): Update to 60.3.0-gnu1.
[source]: Switch back to the normal source URI. Remove patches that
are no longer applicable.
* gnu/packages/patches/icecat-CVE-2018-12383.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Includes fixes for CVE-2018-12389, CVE-2018-12390, CVE-2018-12391,
CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, and
CVE-2018-12397.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add selected changesets from the
upstream mozilla-esr60 repository. Relabel some previously existing patches
to reflect CVE assignments.
