For Firefox/IceCat, this fixes at least CVE-2025-6427, CVE-2025-6428,
CVE-2025-6431, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434, CVE-2025-6435 and
CVE-2025-6436.
For Thunderbird/Icedove, this fixes too many CVEs to be named here. Consult
<https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird> to
read the details.
* gnu/packages/image.scm (libpng-apng-for-librewolf): Rename to...
(libpng-apng-next): ... this.
* gnu/packages/librewolf.scm (librewolf) [inputs]: Adjust accordingly.
* gnu/packages/gnuzilla.scm (icecat-minimal): Update to 140.3.0.
[#:configure-flags]: Add --disable-fhs. Remove --enable-official-branding.
[#:phases] {apply-guix-specific-patches}: Apply
icecat-fhs-configure-option.patch.
{remove-cargo-frozen-flag}: Remove --frozen from rust.mk.
{install}: Also install a policies.json file to disable the Sync feature.
{install-desktop-entry}: Adjust and streamline.
{install-icons}: Use the 'unofficial' branding directory.
[inputs]: Replace libpng-apng with libpng-apng-next. Replace icu4c with
icu4c-77.
[native-search-paths]: Replace ICECAT_SYSTEM_DIR with MOZILLA_SYSTEM_DIR.
(icecat-source): Remove obsolete cleanups. Switch tarball compression to
zstd.
(make-l10n-package): No longer set GUIX_PYTHONPATH.
[#:phases] {build}: Register the "tb_common" mach site.
[native-inputs]: Replace python-wrapper with python. Add python-aiohttp,
python-async-timeout and python-dateutil.
(mozilla-115-compare-locales, mozilla-115-locale, mozilla-115-locales)
(update-mozilla-115-locales, all-mozilla-115-locales, %icecat-115-base-version)
(%icecat-115-version, %icecat-115-build-id
(icecat-115-source): Delete variables.
(mozilla-l10n): Update to correct changeset.
(format-locales): New procedure.
(%icecat-locales): Update.
(%icecat-base-version): Set to the version of mozjs.
(%icecat-build-id): Bump.
(%icedove-build-id): Bump.
(%icedove-version): Set to 140.3.0.
(thunderbird-comm-source): Update accordingly.
[patches]: New field.
(comm-source->locales+changeset): Delete variable.
(%icedove-locales): Regenerate.
(thunderbird-comm-l10n): Adjust URI, and switch to a git-fetch, to be able to
use pre-releases (the official release tarballs lag behind those of Firefox).
(icedove-source): Compress resulting tarball via zstd. Adjust patching based
on changed file names and content. Make "comm" files writable. Patch
MOZ_APP_NAME in "devtools/startup/DevToolsStartup.sys.mjs". Adjust
services.settings.server value to avoid a warning.
Adjust l10n copying, given we're now using a checkout again.
(icedove-minimal) [#:phases] {configure}: Do not set PYTHON. Add
'ac_add_options --enable-rust-simd' flag.
{do-not-verify-vendored-rust-dependencies}: New phase.
{patch-cargo-checksums}: Sync with IceCat, add "comm" directory.
{remove-cargo-frozen-flag}: Sync phase with that of IceCat.
[inputs]: Sort. Add ffmpeg. Remove gtk+-2. Replace nss with nss-rapid.
Replace icu4c with icu4c-77.
[native-inputs]: Replace clang-15 with clang-20, llvm-15 with llvm-20. Replace
rust-cbindgen-0.24 with rust-cbindgen.
* gnu/packages/patches/icedove-observer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/icecat-compare-paths.patch: Update.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: Rework, with the goal
to of upstreaming it.
Change-Id: Ib420388b9e7c7b59baa74920951afbda99cfe5a2
* gnu/packages/image.scm (ggg): Update to 0.4.16.
[arguments]: Modified the log.sh to log.bash due to upstream rename. Removed
unneeded mkdir-p calls.
[inputs]: Added imagemagick runtime dependency which was missing.
Change-Id: Ie48eefc2a42396f4070d2051df6ea2521459f1e2
Signed-off-by: jgart <jgart@dismail.de>
* gnu/packages/image.scm (mtpaint): Update to 3.50.12.
[native-inputs]: Drop labels.
[inputs]: Drop labels. Replace gtk+-2 by gtk.
[arguments]: Use gexps.
<#:phases>: Replace 'configure phase.
Change-Id: Ia8129b4331add95390e22eb0b918789c60300afe
* gnu/packages/image.scm (libjxl)[arguments]: When building for
i686-linux allow a larger difference between the expected and actual
test outcome.
Change-Id: Id80e8b15c3d55eb1957b56682b2b352b79b1a4f7
Adjust patterns where "allows to X" to use "allows Xing" or similar forms.
* gnu/packages/build-tools.scm (potato-make): Use "Allows Xing" form.
* gnu/packages/image.scm (pngcheck): Likewise.
* gnu/packages/qt.scm (kddockwidgets): Likewise.
* gnu/packages/tex.scm (texlive-biblatex-shortfields): Use "Allow Xing" form.
(texlive-drawmatrix): Likewise. (texlive-mathsemantics): Use "allow Y Xing"
form. (texlive-xlop): Use "allow Xing" form. (texlive-texlogfilter):
Likewise.
* gnu/packages/image.scm (libsixel)[arguments]: Adjust the
configure-flags to install the bash completion script into the standard
directory.
Change-Id: I12a52f8565474ec63e2bd1fa15e5412555a81c31
The upstream tarball was modified in place. The only difference is the
removal of three bytes (the Unicode BOM) in 14 MSBuild files
(make????.v16) which shouldn't be used by the Guix package—and indeed,
apart from its hash, the build output has not changed.
* gnu/packages/image.scm (ijg-libjpeg)[source]: Update sha256.
Change-Id: I2f9875f7b8588162c45864aa75a5dbc4513b7cf7
Until now users would have to cargo cult or inspect the private
%default-modules variable of (guix build-systems gnu) to discover which
modules to include when extending the used modules via the #:modules argument.
The renaming was automated via the command:
$ git grep -l %gnu-build-system-modules
| xargs sed 's/%gnu-build-system-modules/%default-gnu-imported-modules/' -i
* guix/build-system/gnu.scm (%gnu-build-system-modules): Rename to...
(%default-gnu-imported-modules): ... this.
(%default-modules): Rename to...
(%default-gnu-modules): ... this. Export.
(dist-package, gnu-build, gnu-cross-build): Adjust accordingly.
Change-Id: Idef307fff13cb76f3182d782b26e1cd3a5c757ee
