This also fixes the firefox package. VA-API runs in the RDD (Remote Data
Decoder) sandbox in firefox and thus needs to have specified everything it
needs access to. Using commit b7a0935420ee630a29b7e5ac73a32ba1eb24f00b of
Guix's icecat package, we can get all the dependencies needed and add that to
LD_LIBRARY_PATH. These are then accessible in the RDD sandbox, allowing
VA-API to fully load and work for hardware video decoding support.
* nongnu/package/mozilla.scm (firefox-esr)[modules]: Add (srfi srfi-1), (rnrs
bytevectors), (rnrs io ports), (guix elf), and (guix build gremlin).
[phases]{wrap-program}: New functions RUNPATH-OF and RUNPATHS-OF-INPUT. Use
these for RDD-WHITELIST, the runpaths of mesa and ffmpeg. Add this list to
LD_LIBRARY_PATH.
Upstream Guix now defaults to rust 1.60, so remove unneeded bootstrapping.
* nongnu/packages/mozilla.scm (rust-firefox-1.58, rust-firefox-1.59,
rust-firefox-1.60): Remove variables.
(rust-firefox-1.61): Bootstrap from rust instead of rust-firefox-1.60.
(furst-firefox-esr): Set to be rust.
Fixes CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959,
CVE-2022-40960, CVE-2022-40961, CVE-2022-40962.
* nongnu/packages/mozilla.scm (rust-firefox-1.61): New variable.
(rust-firefox): Update to rust-firefox-1.61.
(firefox)[native-inputs]: Use it. Update to 105.0.
Better match upstream with which rust version is used to build firefox-esr.
* nongnu/packages/mozilla.scm (rust-firefox-1.60, rust-firefox-esr): New
variables.
(firefox-esr)[native-inputs]: Use rust-firefox-esr.
This fixes CVE-2022-38472, CVE-2022-38473, CVE-2022-38474,
CVE-2022-38475, CVE-2022-38477 and CVE-2022-38478.
* nongnu/packages/mozilla.scm (firefox): Update to 104.0.
[arguments]: Replace node with node-lts as now >= 12.2 is required.
This fixes CVE-2022-38472, CVE-2022-38473, CVE-2022-38476,
CVE-2022-38477 and CVE-2022-38478.
* nongnu/packages/mozilla.scm (firefox-esr): Update to 102.2.0esr.
* nongnu/packages/mozilla.scm (firefox-esr): New variable, previously package
definition of firefox.
[phases]: New phase set-build-id moved from configure. In configure set
MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE which replaced MACH_USE_SYSTEM_PYTHON.
Set GUIX_PYTHON_PATH.
[inputs]: Use icu4c-71.
[native-inputs]: Use rust-cbindgen-0.23.
[description]: Mention that it's now the ESR branch.
(%firefox-esr-build-id): New variable.
(firefox-esr/wayland): New variable. Adjusted packaged definition of
firefox/wayland.
(firefox): Inherit from firefox-esr.
Co-authored-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Firefox 101 requires rust >= 1.59 which is currently not in upstream
Guix. So lets bootstrap one.
* nongnu/packages/mozilla.scm (rust-uri, rust-bootstrapped-package): New
procedures from guix/gnu/packages/rust.scm.
(rust-firefox-1.58, rust-firefox-1.59, rust-firefox): New variables.
(firefox)[native-inputs]: Replace rust with rust-firefox.
* nongnu/packages/mozilla.scm (firefox)[arguments]: Rewrite
'wrap-program phase to work with gexp. Call udev as eudev which is its
real package name.
[inputs]: Convert to new style.
[native-inputs]: Dito.
* nongnu/packages/mozilla.scm (firefox)[arguments]: Use Gexp to remove uses of
%BUILD-INPUTS and output references. Also remove trailing #t.
Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Visual fix for GNOME < 40.
* nongnu/packages/mozilla.scm (firefox)[arguments]: Set StartupWMClass
in 'install-desktop-entry phase.
Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
This fixes CVE-2022-22753, CVE-2022-22754, CVE-2022-22755,
CVE-2022-22756, CVE-2022-22757, CVE-2022-22758, CVE-2022-22759,
CVE-2022-22760, CVE-2022-22761, CVE-2022-22762, CVE-2022-22764 and
CVE-2022-0511.
* nongnu/packages/mozilla.scm (firefox): Update to 97.0.
[native-inputs]: Add now required alsa-lib. Use clang-12 and llvm-12 as
older versions fail to build firefox.
* nongnu/packages/mozilla.scm (firefox)[arguments]: Pass --with-wasi-sysroot
to configure. Set WASM_CC and WASM_CXX to wasm32-wasi-clang-toolchain.
[native-inputs]: Add wasm32-wasi-clang-toolchain.
Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Fixes CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43540, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,
CVE-2021-43544, CVE-2021-43545, CVE-2021-43546 and MOZ-2021-0009.
* nongnu/packages/mozilla.scm (firefox): Update to 95.0.
[arguments]: Disable WASM sandbox for now as it requires further
packaging.
