The `file->bytevector' new procedure uses a memory mapped bytevector, so
parsing the ELF file reads only the sections needed, not the whole file.
* guix/scripts/pack.scm (wrapped-package): Use file->bytevector.
* guix/build/gremlin.scm (file-dynamic-info): Likewise.
(validate-needed-in-runpath): Likewise.
(strip-runpath): Likewise, and write to bytevector directly, avoiding a port.
(set-file-runpath): Likewise.
* tests/gremlin.scm (read-elf): Delete procedure.
("elf-dynamic-info-needed, executable"): Use file-dynamic-info.
("strip-runpath"): Likewise.
("elf-dynamic-info-soname"): Likewise.
guix/build/debug-link.scm (set-debuglink-crc): Use file->bytevector.
* tests/debug-link.scm (read-elf): Delete procedure.
("elf-debuglink"): Rename to...
("elf-debuglink, no .gnu_debuglink section"): ... this.
("elf-debuglink", "set-debuglink-crc"): Use external store, and adjust to use
file->bytevector.
* gnu/packages/gnuzilla.scm (icecat-minimal) [#:phases]
{build-sandbox-whitelist}: Use `file-runpath'.
* gnu/packages/librewolf.scm (librewolf): Likewise.
Fixes: <https://issues.guix.gnu.org/59365>
Fixes: #1262
Change-Id: I43b77ed0cdc38994ea89d3d401e0d136aa6b187a
Includes fixes for CVE-2025-11708, CVE-2025-11709, CVE-2025-11710,
CVE-2025-11711, CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, and
CVE-2025-11715.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update 'gnuzilla-commit' and hashes.
(icecat-140.3-source): New variable.
(icedove-source): Use 'icecat-140.3-source'.
ffmpeg@8 is not supported and breaks runtime support for some codecs. See:
<https://bugzilla.mozilla.org/show_bug.cgi?id=1962139>.
* gnu/packages/gnuzilla.scm (icecat-minimal) [inputs]: Build with ffmpeg-6.
Change-Id: Ibf0d56654905d402bed97c6cf012b1ff7f68de4e
Fixes Mozilla bug 1980812 (Websites take way too long to load):
Improved reliability when HTTP/3 connections fail. IceCat no longer
forces HTTP/2 during fallback, allowing the server to choose the
protocol and preventing stalls on some sites.
* gnu/packages/gnuzilla.scm (%icecat-base-version): Uncouple from
mozjs and update.
(%icecat-build-id): Update.
(icecat-source): Uncouple 'upstream-firefox-source' from mozjs source.
Update 'gnuzilla-commit' and hashes.
For Firefox/IceCat, this fixes at least CVE-2025-6427, CVE-2025-6428,
CVE-2025-6431, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434, CVE-2025-6435 and
CVE-2025-6436.
For Thunderbird/Icedove, this fixes too many CVEs to be named here. Consult
<https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird> to
read the details.
* gnu/packages/image.scm (libpng-apng-for-librewolf): Rename to...
(libpng-apng-next): ... this.
* gnu/packages/librewolf.scm (librewolf) [inputs]: Adjust accordingly.
* gnu/packages/gnuzilla.scm (icecat-minimal): Update to 140.3.0.
[#:configure-flags]: Add --disable-fhs. Remove --enable-official-branding.
[#:phases] {apply-guix-specific-patches}: Apply
icecat-fhs-configure-option.patch.
{remove-cargo-frozen-flag}: Remove --frozen from rust.mk.
{install}: Also install a policies.json file to disable the Sync feature.
{install-desktop-entry}: Adjust and streamline.
{install-icons}: Use the 'unofficial' branding directory.
[inputs]: Replace libpng-apng with libpng-apng-next. Replace icu4c with
icu4c-77.
[native-search-paths]: Replace ICECAT_SYSTEM_DIR with MOZILLA_SYSTEM_DIR.
(icecat-source): Remove obsolete cleanups. Switch tarball compression to
zstd.
(make-l10n-package): No longer set GUIX_PYTHONPATH.
[#:phases] {build}: Register the "tb_common" mach site.
[native-inputs]: Replace python-wrapper with python. Add python-aiohttp,
python-async-timeout and python-dateutil.
(mozilla-115-compare-locales, mozilla-115-locale, mozilla-115-locales)
(update-mozilla-115-locales, all-mozilla-115-locales, %icecat-115-base-version)
(%icecat-115-version, %icecat-115-build-id
(icecat-115-source): Delete variables.
(mozilla-l10n): Update to correct changeset.
(format-locales): New procedure.
(%icecat-locales): Update.
(%icecat-base-version): Set to the version of mozjs.
(%icecat-build-id): Bump.
(%icedove-build-id): Bump.
(%icedove-version): Set to 140.3.0.
(thunderbird-comm-source): Update accordingly.
[patches]: New field.
(comm-source->locales+changeset): Delete variable.
(%icedove-locales): Regenerate.
(thunderbird-comm-l10n): Adjust URI, and switch to a git-fetch, to be able to
use pre-releases (the official release tarballs lag behind those of Firefox).
(icedove-source): Compress resulting tarball via zstd. Adjust patching based
on changed file names and content. Make "comm" files writable. Patch
MOZ_APP_NAME in "devtools/startup/DevToolsStartup.sys.mjs". Adjust
services.settings.server value to avoid a warning.
Adjust l10n copying, given we're now using a checkout again.
(icedove-minimal) [#:phases] {configure}: Do not set PYTHON. Add
'ac_add_options --enable-rust-simd' flag.
{do-not-verify-vendored-rust-dependencies}: New phase.
{patch-cargo-checksums}: Sync with IceCat, add "comm" directory.
{remove-cargo-frozen-flag}: Sync phase with that of IceCat.
[inputs]: Sort. Add ffmpeg. Remove gtk+-2. Replace nss with nss-rapid.
Replace icu4c with icu4c-77.
[native-inputs]: Replace clang-15 with clang-20, llvm-15 with llvm-20. Replace
rust-cbindgen-0.24 with rust-cbindgen.
* gnu/packages/patches/icedove-observer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/icecat-compare-paths.patch: Update.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: Rework, with the goal
to of upstreaming it.
Change-Id: Ib420388b9e7c7b59baa74920951afbda99cfe5a2
The new strings data tarball has a top level directory that must be stripped,
unlike the Hg checkout that was used previously.
* gnu/packages/gnuzilla.scm (icedove-source): Strip top level directory of
THUNDERBIRD-COMM-L10N.
Fixes: #2552
Change-Id: I0aa188dc1319c6db75c3ead5dd8b508cca009477
Includes fixes for MFSA-RESERVE-2025-2 (Memory safety bugs),
MFSA-RESERVE-2025-1977130 (Uninitialized memory in the JavaScript
Engine component), MFSA-RESERVE-2025-1979527 (Sandbox escape due to
invalid pointer in the Audio/Video: GMP component), and
MFSA-RESERVE-2025-1979782 (Same-origin policy bypass in the Graphics:
Canvas2D component).
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update 'gnuzilla-commit' and hashes.
Icedove was unable to find the GPU via PCI, it failed to find libGL.so.1
and was unable to use vaapi. All of them were related with missing
dependencies and wrappers.
* gnu/packages/gnuzilla.scm (icedove)[inputs]: Add pciutils and libva.
[arguments]<#:phases>: Wrap pciutils, libva and mesa.
Change-Id: Ic6e07804bbde2ac3f375144190abf653185edbc5
* gnu/packages/gnuzilla.scm (icecat-minimal)[native-inputs]: Replace
llvm-17 and clang-17 with llvm-20 and clang-20.
Change-Id: Iac280d23fd2975246b2960373688d8eefd230cda
Includes fixes for CVE-2025-6424, CVE-2025-6425, CVE-2025-6426,
CVE-2025-6429, and CVE-2025-6430.
* gnu/packages/gnuzilla.scm (mozilla-115-compare-locales)
(mozilla-115-locale, mozilla-115-locales, update-mozilla-115-locales)
(all-mozilla-115-locales, %icecat-115-base-version)
(%icecat-115-version %icecat-115-build-id, icecat-115-source): New
bindings, retaining the previous meanings (before this commit) of
mozilla-compare-locales, mozilla-locale, mozilla-locales,
update-mozilla-locales, all-mozilla-locales, %icecat-base-version,
%icecat-version, %icecat-build-id, and icecat-source, respectively.
(mozilla-locale, mozilla-locales, update-mozilla-locales)
(all-mozilla-locales): Remove bindings.
(mozilla-compare-locales): Switch to new Github URL.
(mozilla-l10n): New variable.
(%icecat-locales): Move definition above "%icecat-base-version".
Add new locales "sat" and "skr".
(%icecat-base-version, %icecat-version, %icecat-build-id): Update.
(icecat-source): Update 'gnuzilla-commit' and hashes.
Remove 'upstream-icecat-base-version' local variable
and associated comments. Modify the code
within (with-directory-excursion "l10n" ...) to adapt to new
upstream handling of locales.
(icecat-minimal) [inputs]: Switch from 'ffmpeg-5' to 'ffmpeg'.
Update the comment on why we are still using the bundled NSS.
[native-inputs]: Switch from 'rust-cbindgen-0.24' to 'rust-cbindgen'.
[arguments]: Add "--enable-rust-simd" to configure-flags.
Adapt 'remove-cargo-frozen-flag' phase to work on IceCat 128.
(comm-source->locales+changeset): Use 'update-mozilla-115-locales'.
(icedove-source): Use 'icecat-115-source'.
* gnu/packages/patches/icecat-use-system-wide-dir.patch,
gnu/packages/patches/icecat-compare-paths.patch: Adapt to IceCat 128.
* gnu/packages/patches/icecat-102-makeicecat.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
Includes fixes for CVE-2025-5262, CVE-2025-5263, CVE-2025-5264, and
CVE-2025-5265.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2025-4918 and CVE-2025-4919.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2025-2817, CVE-2025-4082, CVE-2025-4083,
and CVE-2025-4084.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
* gnu/packages/gnuzilla.scm (mozjs)[arguments]<#:phases>: Delete test suite
non262/Date/15.9.5.7.js.
Change-Id: I480c78d208ccecda8a5467461a0e5c7228262f9d
It fails to build and has no dependent packages.
* gnu/packages/gnuzilla.scm (mozjs-102): Delete variable.
Change-Id: I16f67810fddd338b5e55a61b57975a83426bdf54
Includes fixes for CVE-2025-2857 and CVE-2025-3028.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
No packages depend on this version anymore.
* gnu/packages/gnuzilla.scm (mozjs-91): Delete variable.
Change-Id: Icc4efd0fc8b3728e4e6c6953fe3266262358d193
Signed-off-by: Andreas Enge <andreas@enge.fr>
Includes fixes for CVE-2024-43097, CVE-2025-1930, CVE-2025-1931,
CVE-2025-1933, and CVE-2025-1937.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2025-1009, CVE-2025-1010, CVE-2025-1012, and
CVE-2025-1016.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2025-0238 and CVE-2025-0242.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-version)
(%icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2024-11692, CVE-2024-11693, and CVE-2024-11697.
* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit and hash.
Includes fixes for CVE-2024-11691 and CVE-2024-11694.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
(icecat-minimal)[native-inputs]: Use version 17 of llvm and clang.
Includes fixes for CVE-2024-10458, CVE-2024-10459, and CVE-2024-10463.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Includes fixes for CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, and
CVE-2024-9401.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Fixes <https://issues.guix.gnu.org/73192>
* gnu/packages/gnuzilla.scm (make-l10n-package)[arguments]<#:phases>:
On 'build phase unconditionally use 'system*' to invoke 'mach', as
'invoke' does not work for icedove any longer.
Reported-by: bdju <bdju@tilde.team>.
Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Includes fixes for CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, and
CVE-2024-8384.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
