gnu: icecat: Add fixes for CVE-2015-{4473,4482,4488,4489,4491,4492}.

WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213).  I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603).  I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).

* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
  gnu/packages/patches/icecat-CVE-2015-4482.patch,
  gnu/packages/patches/icecat-CVE-2015-4488.patch,
  gnu/packages/patches/icecat-CVE-2015-4489.patch,
  gnu/packages/patches/icecat-CVE-2015-4491.patch,
  gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.

1 files changed, 7 insertions, 1 deletions

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 0200039f5c..bfd1f5dc7b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -240,7 +240,13 @@ standards.")
       (sha256
        (base32
         "11wx29mb5pcg4mgk07a6vjwh52ca90k0x4m9wv0v3y5dmp88f01p"))
-      (patches (map search-patch '("icecat-CVE-2015-4495.patch"
+      (patches (map search-patch '("icecat-CVE-2015-4473-partial.patch"
+                                   "icecat-CVE-2015-4482.patch"
+                                   "icecat-CVE-2015-4488.patch"
+                                   "icecat-CVE-2015-4489.patch"
+                                   "icecat-CVE-2015-4491.patch"
+                                   "icecat-CVE-2015-4492.patch"
+                                   "icecat-CVE-2015-4495.patch"
                                    "icecat-enable-acceleration-and-webgl.patch"
                                    "icecat-freetype-2.6.patch"
                                    "icecat-libvpx-1.4.patch")))