mirror of
https://codeberg.org/guix/guix.git
synced 2025-10-02 02:15:12 +00:00
ba2f9748f7
For Firefox/IceCat, this fixes at least CVE-2025-6427, CVE-2025-6428, CVE-2025-6431, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434, CVE-2025-6435 and CVE-2025-6436. For Thunderbird/Icedove, this fixes too many CVEs to be named here. Consult <https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird> to read the details. * gnu/packages/image.scm (libpng-apng-for-librewolf): Rename to... (libpng-apng-next): ... this. * gnu/packages/librewolf.scm (librewolf) [inputs]: Adjust accordingly. * gnu/packages/gnuzilla.scm (icecat-minimal): Update to 140.3.0. [#:configure-flags]: Add --disable-fhs. Remove --enable-official-branding. [#:phases] {apply-guix-specific-patches}: Apply icecat-fhs-configure-option.patch. {remove-cargo-frozen-flag}: Remove --frozen from rust.mk. {install}: Also install a policies.json file to disable the Sync feature. {install-desktop-entry}: Adjust and streamline. {install-icons}: Use the 'unofficial' branding directory. [inputs]: Replace libpng-apng with libpng-apng-next. Replace icu4c with icu4c-77. [native-search-paths]: Replace ICECAT_SYSTEM_DIR with MOZILLA_SYSTEM_DIR. (icecat-source): Remove obsolete cleanups. Switch tarball compression to zstd. (make-l10n-package): No longer set GUIX_PYTHONPATH. [#:phases] {build}: Register the "tb_common" mach site. [native-inputs]: Replace python-wrapper with python. Add python-aiohttp, python-async-timeout and python-dateutil. (mozilla-115-compare-locales, mozilla-115-locale, mozilla-115-locales) (update-mozilla-115-locales, all-mozilla-115-locales, %icecat-115-base-version) (%icecat-115-version, %icecat-115-build-id (icecat-115-source): Delete variables. (mozilla-l10n): Update to correct changeset. (format-locales): New procedure. (%icecat-locales): Update. (%icecat-base-version): Set to the version of mozjs. (%icecat-build-id): Bump. (%icedove-build-id): Bump. (%icedove-version): Set to 140.3.0. (thunderbird-comm-source): Update accordingly. [patches]: New field. (comm-source->locales+changeset): Delete variable. (%icedove-locales): Regenerate. (thunderbird-comm-l10n): Adjust URI, and switch to a git-fetch, to be able to use pre-releases (the official release tarballs lag behind those of Firefox). (icedove-source): Compress resulting tarball via zstd. Adjust patching based on changed file names and content. Make "comm" files writable. Patch MOZ_APP_NAME in "devtools/startup/DevToolsStartup.sys.mjs". Adjust services.settings.server value to avoid a warning. Adjust l10n copying, given we're now using a checkout again. (icedove-minimal) [#:phases] {configure}: Do not set PYTHON. Add 'ac_add_options --enable-rust-simd' flag. {do-not-verify-vendored-rust-dependencies}: New phase. {patch-cargo-checksums}: Sync with IceCat, add "comm" directory. {remove-cargo-frozen-flag}: Sync phase with that of IceCat. [inputs]: Sort. Add ffmpeg. Remove gtk+-2. Replace nss with nss-rapid. Replace icu4c with icu4c-77. [native-inputs]: Replace clang-15 with clang-20, llvm-15 with llvm-20. Replace rust-cbindgen-0.24 with rust-cbindgen. * gnu/packages/patches/icedove-observer-fix.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/patches/icecat-compare-paths.patch: Update. * gnu/packages/patches/icecat-use-system-wide-dir.patch: Rework, with the goal to of upstreaming it. Change-Id: Ib420388b9e7c7b59baa74920951afbda99cfe5a2
12 lines
516 B
Diff
12 lines
516 B
Diff
See comment in gnu/build/icecat-extension.scm.
|
|
|
|
--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
|
|
+++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
|
|
@@ -3753,6 +3753,7 @@
|
|
if (
|
|
newAddon ||
|
|
oldAddon.updateDate != xpiState.mtime ||
|
|
+ oldAddon.path != xpiState.path ||
|
|
(aUpdateCompatibility && this.isAppBundledLocation(installLocation)) ||
|
|
// update addon metadata if the addon in bundled into
|
|
// the omni jar and version or the resource URI pointing
|