From 4ed2b6ac38f536123dd102f30750e9396f6aeffd Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Sun, 30 Jan 2022 18:29:57 +0100
Subject: gnu: LLVM: Switch to 13 as the default.

* gnu/packages/llvm.scm (llvm, clang-runtime, clang, clang-toolchain): Use
version 13.
* gnu/packages/gnuzilla.scm (mozjs-78)[native-inputs]: Change from LLVM to LLVM-9.
* gnu/packages/rust.scm (rust-1.39, rust-1.40)[inputs]: Likewise.
* gnu/packages/debug.scm (c-reduce)[inputs]: Stick with CLANG-9 and/or LLVM-9.
* gnu/packages/diffoscope.scm (diffoscope)[inputs]: Likewise.
* gnu/packages/linux.scm (bcc, bpftrace)[inputs]: Likewise.
* gnu/packages/llvm.scm (libclc, libomp)[native-inputs]: Likewise.
* gnu/packages/games.scm (hedgewars)[native-inputs]: Likewise.
* gnu/packages/graphics.scm (openshadinglanguage)[native-inputs]: Likewise.
* gnu/packages/opencl.scm (pocl)[inputs]: Likewise.
---
 gnu/packages/gnuzilla.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index a9b5ed9fe9..1ee5248ced 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -567,7 +567,8 @@ in C/C++.")
     (native-inputs
      `(("autoconf" ,autoconf-2.13)
        ("automake" ,automake)
-       ("llvm" ,llvm)                   ;for llvm-objdump
+       ;; TODO(staging): Use the default LLVM in the next rebuild cycle.
+       ("llvm" ,llvm-9)                 ;for llvm-objdump
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)
        ("python" ,python-3)
-- 
cgit v1.2.3


From 9b709e332e68995fb1dda6893f4d86f50de27ab2 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 26 Aug 2021 16:14:37 +0300
Subject: gnu: mozjs-60: Add support for riscv64-linux.

* gnu/packages/gnuzilla.scm (mozjs-60)[source]: Add patch.
[arguments]: Add phase to update config scripts.
[inputs]: Add config.
* gnu/packages/patches/mozjs60-riscv64-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/gnuzilla.scm                          |  12 +-
 gnu/packages/patches/mozjs60-riscv64-support.patch | 122 +++++++++++++++++++++
 3 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/mozjs60-riscv64-support.patch

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/local.mk b/gnu/local.mk
index dddda78efa..c284de9083 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1512,6 +1512,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/mozjs38-shell-version.patch		\
   %D%/packages/patches/mozjs38-tracelogger.patch		\
   %D%/packages/patches/mozjs38-version-detection.patch		\
+  %D%/packages/patches/mozjs60-riscv64-support.patch		\
   %D%/packages/patches/mrrescue-support-love-11.patch		\
   %D%/packages/patches/mtools-mformat-uninitialized.patch	\
   %D%/packages/patches/mumps-build-parallelism.patch		\
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 1ee5248ced..d5d11b59d1 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -364,7 +364,8 @@ in C/C++.")
               (file-name (git-file-name "mozjs" version))
               (sha256
                (base32
-                "1xl6avsj9gkgma71p56jzs7nasc767k3n1frnmri5pad4rj94bij"))))
+                "1xl6avsj9gkgma71p56jzs7nasc767k3n1frnmri5pad4rj94bij"))
+              (patches (search-patches "mozjs60-riscv64-support.patch"))))
     (arguments
      `(#:tests? #f ; FIXME: all tests pass, but then the check phase fails anyway.
        #:test-target "check-jstests"
@@ -419,6 +420,14 @@ in C/C++.")
                       (cons (string-append "--prefix=" out)
                             configure-flags))
                #t)))
+         (add-after 'unpack 'update-config-scripts
+           (lambda* (#:key native-inputs inputs #:allow-other-keys)
+             (for-each (lambda (file)
+                             (install-file
+                               (search-input-file
+                                 (or native-inputs inputs)
+                                 (string-append "/bin/" file)) "build/autoconf"))
+                           '("config.guess" "config.sub"))))
          (add-after 'unpack 'disable-broken-tests
            (lambda _
              ;; This test assumes that /bin exists and contains certain
@@ -428,6 +437,7 @@ in C/C++.")
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
+       ("config" ,config)
        ("which" ,which)
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)
diff --git a/gnu/packages/patches/mozjs60-riscv64-support.patch b/gnu/packages/patches/mozjs60-riscv64-support.patch
new file mode 100644
index 0000000000..c9fa2ba9b3
--- /dev/null
+++ b/gnu/packages/patches/mozjs60-riscv64-support.patch
@@ -0,0 +1,122 @@
+This is a combination of several upstream patches which weren't accepted.
+They were proposed by Fedora for spidermonkey 52 and were ultimately
+accepted years later after some changes for a later version. It was
+adapted slightly from both sets of patches to apply cleanly to mozjs-60.
+
+https://bugzilla.mozilla.org/show_bug.cgi?id=1318905
+https://bug1318905.bmoattachments.org/attachment.cgi?id=8812602
+https://bug1318905.bmoattachments.org/attachment.cgi?id=8812603
+https://bug1318905.bmoattachments.org/attachment.cgi?id=8812604
+https://phabricator.services.mozilla.com/D78623
+https://phabricator.services.mozilla.com/D78624
+https://phabricator.services.mozilla.com/D78625
+
+
+diff --git a/build/moz.configure/init.configure b/build/moz.configure/init.configure
+index 83b8d705..59131525 100644
+--- a/build/moz.configure/init.configure
++++ b/build/moz.configure/init.configure
+@@ -676,6 +676,9 @@ def split_triplet(triplet, allow_unknown=False):
+     elif cpu == 'sh4':
+         canonical_cpu = 'sh4'
+         endianness = 'little'
++    elif cpu.startswith('riscv64'):
++        canonical_cpu = 'riscv64'
++        endianness = 'little'
+     elif allow_unknown:
+         canonical_cpu = cpu
+         endianness = 'unknown'
+diff --git a/js/src/jit/AtomicOperations.h b/js/src/jit/AtomicOperations.h
+index a8970b0d..6b947a3f 100644
+--- a/js/src/jit/AtomicOperations.h
++++ b/js/src/jit/AtomicOperations.h
+@@ -375,7 +375,7 @@ AtomicOperations::isLockfreeJS(int32_t size)
+ # endif
+ #elif defined(__ppc__) || defined(__PPC__)
+ # include "jit/none/AtomicOperations-feeling-lucky.h"
+-#elif defined(__sparc__)
++#elif defined(__sparc__) || defined(__riscv)
+ # include "jit/none/AtomicOperations-feeling-lucky.h"
+ #elif defined(__ppc64__) || defined(__PPC64__) || defined(__ppc64le__) || defined(__PPC64LE__)
+ # include "jit/none/AtomicOperations-feeling-lucky.h"
+diff --git a/js/src/jit/none/AtomicOperations-feeling-lucky.h b/js/src/jit/none/AtomicOperations-feeling-lucky.h
+index da572284..6ce40c89 100644
+--- a/js/src/jit/none/AtomicOperations-feeling-lucky.h
++++ b/js/src/jit/none/AtomicOperations-feeling-lucky.h
+@@ -49,6 +49,12 @@
+ #  define GNUC_COMPATIBLE
+ #endif
+ 
++#if defined(__riscv) && __riscv_xlen == 64
++#  define HAS_64BIT_ATOMICS
++#  define HAS_64BIT_LOCKFREE
++#  define GNUC_COMPATIBLE
++#endif
++
+ #ifdef __sparc__
+ #  define GNUC_COMPATIBLE
+ #  ifdef  __LP64__
+diff --git a/js/src/jit/none/MacroAssembler-none.h b/js/src/jit/none/MacroAssembler-none.h
+index 80143dc8..b430fedb 100644
+--- a/js/src/jit/none/MacroAssembler-none.h
++++ b/js/src/jit/none/MacroAssembler-none.h
+@@ -402,6 +402,10 @@ class MacroAssemblerNone : public Assembler
+ #endif
+ };
+ 
++    struct AutoPrepareForPatching {
++        explicit AutoPrepareForPatching(MacroAssemblerNone&) {}
++    };
++
+ typedef MacroAssemblerNone MacroAssemblerSpecific;
+ 
+ class ABIArgGenerator
+diff --git a/mfbt/tests/TestPoisonArea.cpp b/mfbt/tests/TestPoisonArea.cpp
+index 06c24ed0..c3fed0df 100644
+--- a/mfbt/tests/TestPoisonArea.cpp
++++ b/mfbt/tests/TestPoisonArea.cpp
+@@ -160,6 +160,9 @@
+ #elif defined __aarch64__
+ #define RETURN_INSTR 0xd65f03c0 /* ret */
+ 
++#elif defined __riscv
++#define RETURN_INSTR 0x80828082 /* ret; ret */
++
+ #elif defined __ia64
+ struct ia64_instr { uint32_t mI[4]; };
+ static const ia64_instr _return_instr =
+diff --git a/python/mozbuild/mozbuild/configure/constants.py b/python/mozbuild/mozbuild/configure/constants.py
+index 33ae5a45..11a01d3b 100644
+--- a/python/mozbuild/mozbuild/configure/constants.py
++++ b/python/mozbuild/mozbuild/configure/constants.py
+@@ -50,6 +50,7 @@ CPU_bitness = {
+     'mips64': 64,
+     'ppc': 32,
+     'ppc64': 64,
++    'riscv64': 64,
+     's390': 32,
+     's390x': 64,
+     'sh4': 32,
+@@ -82,6 +84,7 @@ CPU_preprocessor_checks = OrderedDict((
+     ('s390', '__s390__'),
+     ('ppc64', '__powerpc64__'),
+     ('ppc', '__powerpc__'),
++    ('riscv64', '__riscv && __riscv_xlen == 64'),
+     ('Alpha', '__alpha__'),
+     ('hppa', '__hppa__'),
+     ('sparc64', '__sparc__ && __arch64__'),
+diff --git a/python/mozbuild/mozbuild/test/configure/test_toolchain_configure.py b/python/mozbuild/mozbuild/test/configure/test_toolchain_configure.py
+index cb7ff709..9da41adf 100755
+--- a/python/mozbuild/mozbuild/test/configure/test_toolchain_configure.py
++++ b/python/mozbuild/mozbuild/test/configure/test_toolchain_configure.py
+@@ -1165,6 +1165,10 @@ class LinuxCrossCompileToolchainTest(BaseToolchainTest):
+         'sh4-unknown-linux-gnu': little_endian + {
+             '__sh__': 1,
+         },
++        'riscv64-unknown-linux-gnu': little_endian + {
++            '__riscv': 1,
++            '__riscv_xlen': 64,
++        },
+     }
+ 
+     PLATFORMS['powerpc64le-unknown-linux-gnu'] = \
-- 
cgit v1.2.3


From f1d20dc649943b2fe3934520c3f5c1f8524eac2b Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 8 Feb 2022 02:10:51 -0500
Subject: gnu: icecat: Update to 91.6.0-guix0-preview1 [security fixes].

Includes fixes for CVE-2022-22754, CVE-2022-22756, CVE-2022-22759,
CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, and CVE-2022-22764.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
---
 gnu/packages/gnuzilla.scm | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d5d11b59d1..d08dc6bca7 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -716,8 +716,8 @@ in C/C++.")
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
-(define %icecat-version "91.5.0-guix0-preview1")
-(define %icecat-build-id "20220111000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "91.6.0-guix0-preview1")
+(define %icecat-build-id "20220208000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -739,11 +739,11 @@ in C/C++.")
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "04y8nj1f065b3dn354f1ns3cm9xp4kljr5ippvmfdqr7cb4xjp7l"))))
+              "1889p8si83dglyblmyj8z5mh600v1klr50swka5mhf9c2lr2i03y"))))
 
-         (upstream-icecat-base-version "91.5.0") ; maybe older than base-version
+         (upstream-icecat-base-version "91.6.0") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "c0a504578cb694522c65bb6c36396df8142d4a2a")
+         (gnuzilla-commit "6c4accb674d2df8be0aabfa03f7679f66bbf70f5")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -755,7 +755,7 @@ in C/C++.")
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "016g8vdr6w6six4f705cmbdrfknmy4bk1qjjrvsdpah4bf6c2s2c"))))
+              "14yivx4zwap2z02gj9waaccigji8ibyq40dxw5smk9w2cmcsdvic"))))
 
          ;; 'search-patch' returns either a valid file name or #f, so wrap it
          ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
-- 
cgit v1.2.3


From a4667135284db2f0956a87fc7444c866b046ad31 Mon Sep 17 00:00:00 2001
From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Date: Fri, 11 Feb 2022 13:25:10 +0100
Subject: gnu: icedove: Update to 91.6.

* gnu/packages/gnuzilla.scm (icedove): Update to 91.6.
---
 gnu/packages/gnuzilla.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d08dc6bca7..cc76793722 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1338,11 +1338,11 @@ standards of the IceCat project.")
        (cpe-version . ,(first (string-split version #\-)))))))
 
 ;; Update this together with icecat!
-(define %icedove-build-id "20220111000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-build-id "20220208000000") ;must be of the form YYYYMMDDhhmmss
 (define-public icedove
   (package
     (name "icedove")
-    (version "91.5")
+    (version "91.6")
     (source icecat-source)
     (properties
      `((cpe-name . "thunderbird_esr")))
@@ -1628,7 +1628,7 @@ standards of the IceCat project.")
         ;; in the Thunderbird release tarball.  We don't use the release
         ;; tarball because it duplicates the Icecat sources and only adds the
         ;; "comm" directory, which is provided by this repository.
-        ,(let ((changeset "bcd2aab51cd0889d506d29455210d65602b97430"))
+        ,(let ((changeset "676bfbddd4b3ed77f818b6b07d9d8a79c61be4da"))
            (origin
              (method hg-fetch)
              (uri (hg-reference
@@ -1637,7 +1637,7 @@ standards of the IceCat project.")
              (file-name (string-append "thunderbird-" version "-checkout"))
              (sha256
               (base32
-               "0aj8a8qbm71n34yi58y04bn4h9zz2rciz0cm3hh58rsmcqs1s9ym")))))
+               "1laif9h51s7v8vlqjsd6y2y9267kr7l208xjs00z6462r6kzjvab")))))
        ("cargo" ,rust "cargo")
        ("clang" ,clang-11)
        ("llvm" ,llvm-11)
-- 
cgit v1.2.3


From 29091731a0c6cb649cdfd72297575fe2bb2a9591 Mon Sep 17 00:00:00 2001
From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Date: Thu, 17 Feb 2022 11:43:12 +0100
Subject: gnu: icedove: Update to 91.6.1 [fixes CVE-2022-0566].

* gnu/packages/gnuzilla.scm (icedove): Update to 91.6.1.
---
 gnu/packages/gnuzilla.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index cc76793722..39156e113b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1338,11 +1338,11 @@ standards of the IceCat project.")
        (cpe-version . ,(first (string-split version #\-)))))))
 
 ;; Update this together with icecat!
-(define %icedove-build-id "20220208000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-build-id "20220215000000") ;must be of the form YYYYMMDDhhmmss
 (define-public icedove
   (package
     (name "icedove")
-    (version "91.6")
+    (version "91.6.1")
     (source icecat-source)
     (properties
      `((cpe-name . "thunderbird_esr")))
@@ -1628,7 +1628,7 @@ standards of the IceCat project.")
         ;; in the Thunderbird release tarball.  We don't use the release
         ;; tarball because it duplicates the Icecat sources and only adds the
         ;; "comm" directory, which is provided by this repository.
-        ,(let ((changeset "676bfbddd4b3ed77f818b6b07d9d8a79c61be4da"))
+        ,(let ((changeset "ead04f72567a3f690d9ad5218a7e5e2d264cb067"))
            (origin
              (method hg-fetch)
              (uri (hg-reference
@@ -1637,7 +1637,7 @@ standards of the IceCat project.")
              (file-name (string-append "thunderbird-" version "-checkout"))
              (sha256
               (base32
-               "1laif9h51s7v8vlqjsd6y2y9267kr7l208xjs00z6462r6kzjvab")))))
+               "0vyfvjw6bl0f2jlg87iigmmpd677ydzbgmn7bgvlfbf4xyplyzbh")))))
        ("cargo" ,rust "cargo")
        ("clang" ,clang-11)
        ("llvm" ,llvm-11)
-- 
cgit v1.2.3


From 6c3c4f7088bb0aae953d25f2bbfdaae5129686f3 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sun, 6 Mar 2022 23:02:22 -0500
Subject: gnu: icecat: Update to 91.6.1-guix0-preview1 [security fixes].

Includes fixes for CVE-2022-26485 and CVE-2022-26486.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
---
 gnu/packages/gnuzilla.scm | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 39156e113b..2071184388 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -716,8 +716,8 @@ in C/C++.")
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
-(define %icecat-version "91.6.0-guix0-preview1")
-(define %icecat-build-id "20220208000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "91.6.1-guix0-preview1")
+(define %icecat-build-id "20220306000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -739,11 +739,11 @@ in C/C++.")
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "1889p8si83dglyblmyj8z5mh600v1klr50swka5mhf9c2lr2i03y"))))
+              "1pv59dip6k93mk3q65n406ncd5m8wz50kpwn8qvpllv1nw8y1n7r"))))
 
-         (upstream-icecat-base-version "91.6.0") ; maybe older than base-version
+         (upstream-icecat-base-version "91.6.1") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "6c4accb674d2df8be0aabfa03f7679f66bbf70f5")
+         (gnuzilla-commit "63c47b0424a09738f45d45f30dbc30b7d6c5a41d")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -755,7 +755,7 @@ in C/C++.")
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "14yivx4zwap2z02gj9waaccigji8ibyq40dxw5smk9w2cmcsdvic"))))
+              "15jwd29h1p786ys8fa3i163yhh7dcl09r8fikr72bbnak43pnkkr"))))
 
          ;; 'search-patch' returns either a valid file name or #f, so wrap it
          ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
-- 
cgit v1.2.3


From dc1e2ce72cb0decd1ee4c381245d33dc81cf809b Mon Sep 17 00:00:00 2001
From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Date: Mon, 7 Mar 2022 18:27:39 +0100
Subject: gnu: icedove: Update to 91.6.2.

* gnu/packages/gnuzilla.scm (icedove): Update to 91.6.2.
---
 gnu/packages/gnuzilla.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 2071184388..10c329503e 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1338,11 +1338,11 @@ standards of the IceCat project.")
        (cpe-version . ,(first (string-split version #\-)))))))
 
 ;; Update this together with icecat!
-(define %icedove-build-id "20220215000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-build-id "20220305000000") ;must be of the form YYYYMMDDhhmmss
 (define-public icedove
   (package
     (name "icedove")
-    (version "91.6.1")
+    (version "91.6.2")
     (source icecat-source)
     (properties
      `((cpe-name . "thunderbird_esr")))
@@ -1628,7 +1628,7 @@ standards of the IceCat project.")
         ;; in the Thunderbird release tarball.  We don't use the release
         ;; tarball because it duplicates the Icecat sources and only adds the
         ;; "comm" directory, which is provided by this repository.
-        ,(let ((changeset "ead04f72567a3f690d9ad5218a7e5e2d264cb067"))
+        ,(let ((changeset "b70db8a4e475ef9e7eea400994594d45f69c61fb"))
            (origin
              (method hg-fetch)
              (uri (hg-reference
@@ -1637,7 +1637,7 @@ standards of the IceCat project.")
              (file-name (string-append "thunderbird-" version "-checkout"))
              (sha256
               (base32
-               "0vyfvjw6bl0f2jlg87iigmmpd677ydzbgmn7bgvlfbf4xyplyzbh")))))
+               "0a5vs6i091viwr7hbaj7bsrinjmaq39ahjj9iyphsz0szhr2j8qh")))))
        ("cargo" ,rust "cargo")
        ("clang" ,clang-11)
        ("llvm" ,llvm-11)
-- 
cgit v1.2.3


From 0d14f8a8702ec8016ac58e5778a754b3105ef418 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Mon, 7 Mar 2022 18:39:08 -0500
Subject: gnu: icecat: Update to 91.7.0-guix0-preview1 [security fixes].

Includes fixes for CVE-2022-26381, CVE-2022-26383, CVE-2022-26384,
CVE-2022-26386, and CVE-2022-26387.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
---
 gnu/packages/gnuzilla.scm | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 10c329503e..a9e0449f87 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -716,8 +716,8 @@ in C/C++.")
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
-(define %icecat-version "91.6.1-guix0-preview1")
-(define %icecat-build-id "20220306000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "91.7.0-guix0-preview1")
+(define %icecat-build-id "20220307000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -739,11 +739,11 @@ in C/C++.")
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "1pv59dip6k93mk3q65n406ncd5m8wz50kpwn8qvpllv1nw8y1n7r"))))
+              "0npf1w6ic14zjn2h5zp8il4l0s61l9mykgnbcinxc47gw6myjflw"))))
 
-         (upstream-icecat-base-version "91.6.1") ; maybe older than base-version
+         (upstream-icecat-base-version "91.7.0") ; maybe older than base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "63c47b0424a09738f45d45f30dbc30b7d6c5a41d")
+         (gnuzilla-commit "76e23c5f1bcebc22f7936baa29f75c6c9415935e")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -755,7 +755,7 @@ in C/C++.")
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "15jwd29h1p786ys8fa3i163yhh7dcl09r8fikr72bbnak43pnkkr"))))
+              "1qvhpyws73f5is7l5isiag6lbqj9gkbdkc9gj29lhhhgla8j6qyg"))))
 
          ;; 'search-patch' returns either a valid file name or #f, so wrap it
          ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
-- 
cgit v1.2.3


From 62fd3cf5b76cd4c5ce460704bcdd549c1f2077dd Mon Sep 17 00:00:00 2001
From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
Date: Fri, 11 Mar 2022 01:18:54 +0100
Subject: gnu: icedove: Update to 91.7 [fixes CVE-2022-26386].

* gnu/packages/gnuzilla.scm (icedove): Update to 91.7.
---
 gnu/packages/gnuzilla.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/gnuzilla.scm')

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index a9e0449f87..2096f712bb 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1338,11 +1338,11 @@ standards of the IceCat project.")
        (cpe-version . ,(first (string-split version #\-)))))))
 
 ;; Update this together with icecat!
-(define %icedove-build-id "20220305000000") ;must be of the form YYYYMMDDhhmmss
+(define %icedove-build-id "20220308000000") ;must be of the form YYYYMMDDhhmmss
 (define-public icedove
   (package
     (name "icedove")
-    (version "91.6.2")
+    (version "91.7")
     (source icecat-source)
     (properties
      `((cpe-name . "thunderbird_esr")))
@@ -1628,7 +1628,7 @@ standards of the IceCat project.")
         ;; in the Thunderbird release tarball.  We don't use the release
         ;; tarball because it duplicates the Icecat sources and only adds the
         ;; "comm" directory, which is provided by this repository.
-        ,(let ((changeset "b70db8a4e475ef9e7eea400994594d45f69c61fb"))
+        ,(let ((changeset "39ccd0b9ea033f3292af90667e470b98a79eb8c9"))
            (origin
              (method hg-fetch)
              (uri (hg-reference
@@ -1637,7 +1637,7 @@ standards of the IceCat project.")
              (file-name (string-append "thunderbird-" version "-checkout"))
              (sha256
               (base32
-               "0a5vs6i091viwr7hbaj7bsrinjmaq39ahjj9iyphsz0szhr2j8qh")))))
+               "0zk6f3yxqq5dn4dh96jmip3xy66n4lnai5fan31kl2l63vfcm1ag")))))
        ("cargo" ,rust "cargo")
        ("clang" ,clang-11)
        ("llvm" ,llvm-11)
-- 
cgit v1.2.3