|
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch,
gnu/packages/patches/icecat-CVE-2015-4495.patch,
gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch,
gnu/packages/patches/icecat-libvpx-1.4.patch: Delete files.
* gnu/packages/patches/icecat-avoid-bundled-includes.patch: New file.
* gnu-system.am (dist_patch_DATA): Add new patch. Remove the deleted ones.
* gnu/packages/gnuzilla.scm (icecat): Update to 38.3.0-gnu1.
[source]: Add new patch. Remove the deleted ones.
[inputs]: Add libxcomposite.
[arguments]: Add 'ensure-no-mtimes-pre-1980' phase. Adapt
'remove-h264parse-from-blacklist' and
'arrange-to-link-libxul-with-libraries-it-might-dlopen' phases to the
new version.
|
|
WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213). I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603). I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).
* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
gnu/packages/patches/icecat-CVE-2015-4482.patch,
gnu/packages/patches/icecat-CVE-2015-4488.patch,
gnu/packages/patches/icecat-CVE-2015-4489.patch,
gnu/packages/patches/icecat-CVE-2015-4491.patch,
gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
|
