Merge branch 'master' into staging

12 files changed, 955 insertions, 804 deletions

diff --git a/gnu/packages/patches/cpio-CVE-2016-2037.patch b/gnu/packages/patches/cpio-CVE-2016-2037.patch
deleted file mode 100644
index f1e068fb45..0000000000
--- a/gnu/packages/patches/cpio-CVE-2016-2037.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Fix CVE-2016-2037 (out of bounds write in process_copy_in()).
-
-Copied from upstream mailing list:
-https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
-
----
-
- Other calls to cpio_safer_name_suffix seem to be safe.
- .
- * src/copyin.c (process_copy_in):  Make sure that file_hdr.c_name
- has at least two bytes allocated.
- * src/util.c (cpio_safer_name_suffix): Document that use of this
- function requires to be careful.
-Author: Pavel Raiskup <praiskup@redhat.com>
-
----
- src/copyin.c | 2 ++
- src/util.c   | 5 ++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-Index: cpio-2.11+dfsg/src/copyin.c
-===================================================================
---- cpio-2.11+dfsg.orig/src/copyin.c
-+++ cpio-2.11+dfsg/src/copyin.c
-@@ -1433,6 +1433,8 @@ process_copy_in ()
- 	  break;
- 	}
- 
-+      if (file_hdr.c_namesize <= 1)
-+        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
-       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
- 			      false);
-       
-Index: cpio-2.11+dfsg/src/util.c
-===================================================================
---- cpio-2.11+dfsg.orig/src/util.c
-+++ cpio-2.11+dfsg/src/util.c
-@@ -1374,7 +1374,10 @@ set_file_times (int fd,
- }
- 
- /* Do we have to ignore absolute paths, and if so, does the filename
--   have an absolute path?  */
-+   have an absolute path?
-+   Before calling this function make sure that the allocated NAME buffer has
-+   capacity at least 2 bytes to allow us to store the "." string inside.  */
-+
- void
- cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
- 			bool strip_leading_dots)
diff --git a/gnu/packages/patches/docker-adjust-tests-for-changes-in-go.patch b/gnu/packages/patches/docker-adjust-tests-for-changes-in-go.patch
new file mode 100644
index 0000000000..82d92cd4de
--- /dev/null
+++ b/gnu/packages/patches/docker-adjust-tests-for-changes-in-go.patch
@@ -0,0 +1,67 @@
+From 4983ef7c1693ad6dfbe4e3809b12541241d7ff56 Mon Sep 17 00:00:00 2001
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Wed, 14 Aug 2019 02:51:08 +0200
+Subject: [PATCH] Adjust tests for changes in Go 1.12.8 / 1.11.13
+
+```
+00:38:11 === Failed
+00:38:11 === FAIL: opts TestParseDockerDaemonHost (0.00s)
+00:38:11     hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
+00:38:11     hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr
+00:38:11
+00:38:11 === FAIL: opts TestParseTCP (0.00s)
+00:38:11     hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
+00:38:11     hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
+```
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Upstream-commit: 683766613a8c1dca8f95b19ddb7e083bb3aef266
+Component: engine
+---
+ opts/hosts_test.go | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/opts/hosts_test.go b/opts/hosts_test.go
+index 8c54ec0f4b..7a0a943adf 100644
+--- a/opts/hosts_test.go
++++ b/opts/hosts_test.go
+@@ -53,8 +53,8 @@ func TestParseHost(t *testing.T) {
+ func TestParseDockerDaemonHost(t *testing.T) {
+ 	invalids := map[string]string{
+ 
+-		"tcp:a.b.c.d":                   "Invalid bind address format: tcp:a.b.c.d",
+-		"tcp:a.b.c.d/path":              "Invalid bind address format: tcp:a.b.c.d/path",
++		"tcp:a.b.c.d":                   "",
++		"tcp:a.b.c.d/path":              "",
+ 		"udp://127.0.0.1":               "Invalid bind address format: udp://127.0.0.1",
+ 		"udp://127.0.0.1:2375":          "Invalid bind address format: udp://127.0.0.1:2375",
+ 		"tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock",
+@@ -83,7 +83,7 @@ func TestParseDockerDaemonHost(t *testing.T) {
+ 		"localhost:5555/path":         "tcp://localhost:5555/path",
+ 	}
+ 	for invalidAddr, expectedError := range invalids {
+-		if addr, err := parseDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
++		if addr, err := parseDaemonHost(invalidAddr); err == nil || expectedError != "" && err.Error() != expectedError {
+ 			t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
+ 		}
+ 	}
+@@ -99,8 +99,8 @@ func TestParseTCP(t *testing.T) {
+ 		defaultHTTPHost = "tcp://127.0.0.1:2376"
+ 	)
+ 	invalids := map[string]string{
+-		"tcp:a.b.c.d":          "Invalid bind address format: tcp:a.b.c.d",
+-		"tcp:a.b.c.d/path":     "Invalid bind address format: tcp:a.b.c.d/path",
++		"tcp:a.b.c.d":          "",
++		"tcp:a.b.c.d/path":     "",
+ 		"udp://127.0.0.1":      "Invalid proto, expected tcp: udp://127.0.0.1",
+ 		"udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375",
+ 	}
+@@ -125,7 +125,7 @@ func TestParseTCP(t *testing.T) {
+ 		"localhost:5555/path":         "tcp://localhost:5555/path",
+ 	}
+ 	for invalidAddr, expectedError := range invalids {
+-		if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || err.Error() != expectedError {
++		if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || expectedError != "" && err.Error() != expectedError {
+ 			t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
+ 		}
+ 	}
diff --git a/gnu/packages/patches/fribidi-CVE-2019-18397.patch b/gnu/packages/patches/fribidi-CVE-2019-18397.patch
new file mode 100644
index 0000000000..aff1a669b2
--- /dev/null
+++ b/gnu/packages/patches/fribidi-CVE-2019-18397.patch
@@ -0,0 +1,26 @@
+https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568.patch
+
+From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
+From: Dov Grobgeld <dov.grobgeld@gmail.com>
+Date: Thu, 24 Oct 2019 09:37:29 +0300
+Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
+
+---
+ lib/fribidi-bidi.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
+index 6c84392..d384878 100644
+--- a/lib/fribidi-bidi.c
++++ b/lib/fribidi-bidi.c
+@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
+             }
+ 
+ 	  RL_LEVEL (pp) = level;
+-          RL_ISOLATE_LEVEL (pp) = isolate_level++;
++          RL_ISOLATE_LEVEL (pp) = isolate_level;
++          if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
++              isolate_level++;
+           base_level_per_iso_level[isolate_level] = new_level;
+ 
+ 	  if (!FRIBIDI_IS_NEUTRAL (override))
diff --git a/gnu/packages/patches/icecat-gnuzilla-fixes.patch b/gnu/packages/patches/icecat-gnuzilla-fixes.patch
index 41f0d2e3a3..e8e0946f57 100644
--- a/gnu/packages/patches/icecat-gnuzilla-fixes.patch
+++ b/gnu/packages/patches/icecat-gnuzilla-fixes.patch
@@ -1,241 +1,546 @@
-From 2676d4e1eb64e18d2e4722c0ea0babdc1f716fa4 Mon Sep 17 00:00:00 2001
+From 2abca7767c461a022317bf18fbec51e8b3ce6a92 Mon Sep 17 00:00:00 2001
 From: Mark H Weaver <mhw@netris.org>
-Date: Mon, 28 Oct 2019 01:54:19 -0400
-Subject: [PATCH 1/4] Update to 68.2.0-gnu1.
+Date: Thu, 31 Oct 2019 03:59:46 -0400
+Subject: [PATCH 1/2] Branding: fix patching of trademarkInfo within l10n
+ directory.
 
-* makeicecat: Update to FFMINOR to 2, and update the expected
-sha256sum of the firefox source tarball.
+This is a followup to commit 930298e1efff3e40721659d8fd7118cdd2477bd4.
+
+* makeicecat: Patch in the IceCat logo copyright notice in all
+brand.dtd files within l10n directory.
 ---
- makeicecat | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ makeicecat | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/makeicecat b/makeicecat
-index 97ee473..1bcf465 100644
+index 3ff2ead..4ff3e64 100755
 --- a/makeicecat
 +++ b/makeicecat
-@@ -21,7 +21,7 @@
- set -euxo pipefail
+@@ -226,7 +226,7 @@ cp $DATA/bookmarks.html.in browser/locales/generic/profile/bookmarks.html.in
+ 
+ # Custom legal about pages
  
- FFMAJOR=68
--FFMINOR=1
-+FFMINOR=2
- FFSUB=0
- GNUVERSION=1
- FFVERSION=$FFMAJOR.$FFMINOR.$FFSUB
-@@ -43,7 +43,7 @@ wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr
- wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
- gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
- gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
--echo -n f56f5fa5a4744be0b9acf259cb991254d708a50b9a0a12d1d846ffa5a6c409ac firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
-+echo -n 85f1c2eaf68ebedcbc0b78a342f6d16ef0865dedd426a1bba94b75c85f716f38 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+-find l10n -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "">/' -i
++find l10n -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "The IceCat logo is Copyright 2008-2015 Free Software Foundation, released under the terms of the GNU Lesser General Public License, version 3 or any later version.">/' -i
+ find l10n -wholename '*/brand.ftl' |xargs /bin/sed 's/^trademarkInfo = .*/trademarkInfo = The IceCat logo is Copyright 2008-2015 Free Software Foundation, released under the terms of the GNU Lesser General Public License, version 3 or any later version./' -i
  
- echo Extracting Firefox tarball
- tar -xf firefox-${FFVERSION}esr.source.tar.xz
+ for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
 -- 
 2.23.0
 
-From c3a7b761f11c75d3764779e731a7c7e86b072d2f Mon Sep 17 00:00:00 2001
+From 150af5dd8b502b66f325b9fe8bd0b2ae553326a4 Mon Sep 17 00:00:00 2001
 From: Mark H Weaver <mhw@netris.org>
-Date: Mon, 28 Oct 2019 04:18:26 -0400
-Subject: [PATCH 2/4] Disable MOZ_SERVICES_HEALTHREPORT and MOZ_DATA_REPORTING.
+Date: Wed, 30 Oct 2019 18:34:44 -0400
+Subject: [PATCH 2/2] Add first batch of IceCat-specific preferences.
 
-* data/patches/fix-data-reporting-check.patch: New file.
-* data/patches/legacy-profiles.patch: Rename to ...
-* data/patches/moz-configure-changes.patch: ... this,
-and set MOZ_SERVICES_HEALTHREPORT to False.
+* makeicecat: Add code to add IceCat-specific messages to l10n directory.
+* data/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/es-AR/browser/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/es-CL/browser/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/es-ES/browser/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/es-MX/browser/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/fr/browser/browser/preferences/preferences.ftl,
+data/files-to-append/l10n/it/browser/browser/preferences/preferences.ftl,
+data/patches/icecat-preferences.patch: New files.
 ---
- data/patches/fix-data-reporting-check.patch | 22 +++++++++++++++++++++
- data/patches/legacy-profiles.patch          | 11 -----------
- data/patches/moz-configure-changes.patch    | 14 +++++++++++++
- 3 files changed, 36 insertions(+), 11 deletions(-)
- create mode 100644 data/patches/fix-data-reporting-check.patch
- delete mode 100644 data/patches/legacy-profiles.patch
- create mode 100644 data/patches/moz-configure-changes.patch
+ .../en-US/browser/preferences/preferences.ftl |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ .../browser/preferences/preferences.ftl       |  36 ++++
+ data/patches/icecat-preferences.patch         | 155 ++++++++++++++++++
+ makeicecat                                    |  13 ++
+ 9 files changed, 420 insertions(+)
+ create mode 100644 data/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/es-AR/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/es-CL/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/es-ES/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/es-MX/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/fr/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/files-to-append/l10n/it/browser/browser/preferences/preferences.ftl
+ create mode 100644 data/patches/icecat-preferences.patch
 
-diff --git a/data/patches/fix-data-reporting-check.patch b/data/patches/fix-data-reporting-check.patch
+diff --git a/data/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl b/data/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl
 new file mode 100644
-index 0000000..d586dc5
+index 0000000..2f90bcd
 --- /dev/null
-+++ b/data/patches/fix-data-reporting-check.patch
-@@ -0,0 +1,22 @@
-+--- a/old-configure.in.orig	1980-01-01 18:59:51.000000000 -0500
-++++ b/old-configure.in	2019-10-28 04:13:17.343606008 -0400
-+@@ -3116,7 +3116,7 @@
-+ dnl If we have any service that uploads data (and requires data submission
-+ dnl policy alert), set MOZ_DATA_REPORTING.
-+ dnl We need SUBST for build system and DEFINE for xul preprocessor.
-+-if test -n "$MOZ_TELEMETRY_REPORTING" || test -n "$MOZ_SERVICES_HEALTHREPORT" || test -n "$MOZ_CRASHREPORTER"; then
-++if test "$MOZ_TELEMETRY_REPORTING" = 1 || test "$MOZ_SERVICES_HEALTHREPORT" = 1 || test "$MOZ_CRASHREPORTER" = 1; then
-+   MOZ_DATA_REPORTING=1
-+   AC_DEFINE(MOZ_DATA_REPORTING)
-+   AC_SUBST(MOZ_DATA_REPORTING)
-+--- a/old-configure.orig	1980-01-01 18:59:51.000000000 -0500
-++++ b/old-configure	2019-10-28 04:15:41.772322191 -0400
-+@@ -12150,7 +12150,7 @@
-+ 
-+ 
-+ 
-+-if test -n "$MOZ_TELEMETRY_REPORTING" || test -n "$MOZ_SERVICES_HEALTHREPORT" || test -n "$MOZ_CRASHREPORTER"; then
-++if test "$MOZ_TELEMETRY_REPORTING" = 1 || test "$MOZ_SERVICES_HEALTHREPORT" = 1 || test "$MOZ_CRASHREPORTER" = 1; then
-+   MOZ_DATA_REPORTING=1
-+   cat >> confdefs.pytmp <<\EOF
-+     (''' MOZ_DATA_REPORTING ''', ' 1 ')
-diff --git a/data/patches/legacy-profiles.patch b/data/patches/legacy-profiles.patch
-deleted file mode 100644
-index 33e9e99..0000000
---- a/data/patches/legacy-profiles.patch
-+++ /dev/null
-@@ -1,11 +0,0 @@
----- a/browser/moz.configure.orig	1980-01-01 18:59:51.000000000 -0500
--+++ b/browser/moz.configure	2019-10-26 21:58:37.719617701 -0400
--@@ -7,7 +7,7 @@
-- imply_option('MOZ_PLACES', True)
-- imply_option('MOZ_SERVICES_HEALTHREPORT', True)
-- imply_option('MOZ_SERVICES_SYNC', True)
---imply_option('MOZ_DEDICATED_PROFILES', True)
--+imply_option('MOZ_DEDICATED_PROFILES', False)
-- imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
-- 
-- with only_when(target_is_linux & compile_environment):
-diff --git a/data/patches/moz-configure-changes.patch b/data/patches/moz-configure-changes.patch
++++ b/data/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = IceCat-specific privacy settings
++
++disable-javascript-option =
++    .label = Disable JavaScript
++disable-javascript-description = Disabling Javascript greatly improves privacy, security and <a href=\"https://www.gnu.org/philosophy/javascript-trap.html\">freedom</a>, but it will break many sites.
++
++disable-custom-fonts-option =
++    .label = Do not load custom fonts
++disable-custom-fonts-description = Custom fonts can be used for <a href=\"https://en.wikipedia.org/wiki/Device_fingerprint\">fingerprinting</a>. Disabling them improves privacy but may make some sites look wrong.
++
++isolate-request-first-party-option =
++    .label = Isolate requests to First Party domains
++isolate-request-first-party-description = This <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">improves privacy</a>, but it may interfere with login into some sites.
++
++auto-update-extensions-option =
++    .label = Automatically update extensions
++auto-update-extensions-description = Enabling automated updates is good for security, but would start Internet connections in the background.
++
++spoof-referers-option =
++    .label = Spoof Referers
++spoof-referers-description = <a href=\"https://en.wikipedia.org/wiki/HTTP_referer\">Referers</a> tell sites what link brought you there. This feature greatly improves your privacy, but it may break functionality on some sites.
++
++detect-captive-portal-option =
++    .label = Detect captive portal
++detect-captive-portal-description = <a href=\"https://en.wikipedia.org/wiki/Captive_portal\">Captive portals</a> are the sites that control access to public wireless networks in hotels, airports, cafes, etc. The detection service is useful if you connect to such netwoks, but it will start connections automatically.
++
++geolocation-option =
++    .label = Enable Geolocation
++geolocation-description = This is commonly used for maps, weather sites, and some stores. It is better to keep it off unless you really need it.
++
++webgl-option =
++    .label = Enable WebGL
++webgl-description = Needed to visualize 3D graphics, but it may expose you to security threats. Enable it only if you really use it.
+diff --git a/data/files-to-append/l10n/es-AR/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/es-AR/browser/browser/preferences/preferences.ftl
+new file mode 100644
+index 0000000..ad052b3
+--- /dev/null
++++ b/data/files-to-append/l10n/es-AR/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Ajustes de privacidad de IceCat
++
++disable-javascript-option =
++    .label = Desactivar JavaScript
++disable-javascript-description = Desactivar JavaScript mejora enormemente la privacidad, la seguridad en Internet y la <a href=\"https://www.gnu.org/philosophy/javascript-trap.es.html\">libertad</a> en su equipo, pero afectará a la funcionalidad de muchas páginas.
++
++disable-custom-fonts-option =
++    .label = No cargar fuentes personalizadas
++disable-custom-fonts-description = Las fuentes personalizadas pueden usarse para <a href=\"https://en.wikipedia.org/wiki/Device_fingerprint\">rastrear</a> al usuario. Desactivarlas mejora la privacidad pero puede afectar al aspecto visual de algunas páginas.
++
++isolate-request-first-party-option =
++    .label = Aislar las solicitudes a los Dominios Primarios
++isolate-request-first-party-description = Este ajuste <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">mejora la privacidad</a>, pero puede interferir con el inicio de sesión en algunas webs.
++
++auto-update-extensions-option =
++    .label = Actualizar las extensiones automáticamente
++auto-update-extensions-description = Activar las actualizaciones automáticas es bueno para la seguridad, pero precisa del establecimiento de conexiones a otros servidores en segundo plano.
++
++spoof-referers-option =
++    .label = Modificar los referers HTTP
++spoof-referers-description = Los <a href=\"https://es.wikipedia.org/wiki/Referer_(Cabecera_HTTP)\">referers</a> son cabeceras HTTP que informan a una página acerca de nuestro enlace de origen. Activar esta característica mejora enormemente su privacidad, pero puede afectar a la funcionalidad de algunas páginas.
++
++detect-captive-portal-option =
++    .label = Detectar los portales cautivos
++detect-captive-portal-description = Los <a href=\"https://es.wikipedia.org/wiki/Portal_cautivo\">portales cautivos</a> son las webs que registran y controlan el acceso a redes inalámbricas públicas en hoteles, aeropuertos, cafés y similares. El servicio que los detecta es práctico si se ve a menudo en la necesidad de usarlos, pero implica el establecimiento de conexiones en segundo plano.
++
++geolocation-option =
++    .label = Activar Geolocalización
++geolocation-description = Esta característica se usa habitualmente en mapas, páginas del tiempo y algunas tiendas. Es mejor desactivarla si realmente no necesita que identifiquen su ubicación.
++
++webgl-option =
++    .label = Activar WebGL
++webgl-description = Esta función necesaria para mostrar ciertos gráficos 3D en el navegador puede exponerle a ciertos riesgos de seguridad. Actívela solamente si va a usarla.
+diff --git a/data/files-to-append/l10n/es-CL/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/es-CL/browser/browser/preferences/preferences.ftl
+new file mode 100644
+index 0000000..ad052b3
+--- /dev/null
++++ b/data/files-to-append/l10n/es-CL/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Ajustes de privacidad de IceCat
++
++disable-javascript-option =
++    .label = Desactivar JavaScript
++disable-javascript-description = Desactivar JavaScript mejora enormemente la privacidad, la seguridad en Internet y la <a href=\"https://www.gnu.org/philosophy/javascript-trap.es.html\">libertad</a> en su equipo, pero afectará a la funcionalidad de muchas páginas.
++
++disable-custom-fonts-option =
++    .label = No cargar fuentes personalizadas
++disable-custom-fonts-description = Las fuentes personalizadas pueden usarse para <a href=\"https://en.wikipedia.org/wiki/Device_fingerprint\">rastrear</a> al usuario. Desactivarlas mejora la privacidad pero puede afectar al aspecto visual de algunas páginas.
++
++isolate-request-first-party-option =
++    .label = Aislar las solicitudes a los Dominios Primarios
++isolate-request-first-party-description = Este ajuste <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">mejora la privacidad</a>, pero puede interferir con el inicio de sesión en algunas webs.
++
++auto-update-extensions-option =
++    .label = Actualizar las extensiones automáticamente
++auto-update-extensions-description = Activar las actualizaciones automáticas es bueno para la seguridad, pero precisa del establecimiento de conexiones a otros servidores en segundo plano.
++
++spoof-referers-option =
++    .label = Modificar los referers HTTP
++spoof-referers-description = Los <a href=\"https://es.wikipedia.org/wiki/Referer_(Cabecera_HTTP)\">referers</a> son cabeceras HTTP que informan a una página acerca de nuestro enlace de origen. Activar esta característica mejora enormemente su privacidad, pero puede afectar a la funcionalidad de algunas páginas.
++
++detect-captive-portal-option =
++    .label = Detectar los portales cautivos
++detect-captive-portal-description = Los <a href=\"https://es.wikipedia.org/wiki/Portal_cautivo\">portales cautivos</a> son las webs que registran y controlan el acceso a redes inalámbricas públicas en hoteles, aeropuertos, cafés y similares. El servicio que los detecta es práctico si se ve a menudo en la necesidad de usarlos, pero implica el establecimiento de conexiones en segundo plano.
++
++geolocation-option =
++    .label = Activar Geolocalización
++geolocation-description = Esta característica se usa habitualmente en mapas, páginas del tiempo y algunas tiendas. Es mejor desactivarla si realmente no necesita que identifiquen su ubicación.
++
++webgl-option =
++    .label = Activar WebGL
++webgl-description = Esta función necesaria para mostrar ciertos gráficos 3D en el navegador puede exponerle a ciertos riesgos de seguridad. Actívela solamente si va a usarla.
+diff --git a/data/files-to-append/l10n/es-ES/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/es-ES/browser/browser/preferences/preferences.ftl
 new file mode 100644
-index 0000000..aa6f1a5
+index 0000000..ad052b3
 --- /dev/null
-+++ b/data/patches/moz-configure-changes.patch
-@@ -0,0 +1,14 @@
-+--- a/browser/moz.configure.orig	1980-01-01 18:59:51.000000000 -0500
-++++ b/browser/moz.configure	2019-10-28 01:36:13.132873871 -0400
-+@@ -5,9 +5,9 @@
-+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
++++ b/data/files-to-append/l10n/es-ES/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Ajustes de privacidad de IceCat
++
++disable-javascript-option =
++    .label = Desactivar JavaScript
++disable-javascript-description = Desactivar JavaScript mejora enormemente la privacidad, la seguridad en Internet y la <a href=\"https://www.gnu.org/philosophy/javascript-trap.es.html\">libertad</a> en su equipo, pero afectará a la funcionalidad de muchas páginas.
++
++disable-custom-fonts-option =
++    .label = No cargar fuentes personalizadas
++disable-custom-fonts-description = Las fuentes personalizadas pueden usarse para <a href=\"https://en.wikipedia.org/wiki/Device_fingerprint\">rastrear</a> al usuario. Desactivarlas mejora la privacidad pero puede afectar al aspecto visual de algunas páginas.
++
++isolate-request-first-party-option =
++    .label = Aislar las solicitudes a los Dominios Primarios
++isolate-request-first-party-description = Este ajuste <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">mejora la privacidad</a>, pero puede interferir con el inicio de sesión en algunas webs.
++
++auto-update-extensions-option =
++    .label = Actualizar las extensiones automáticamente
++auto-update-extensions-description = Activar las actualizaciones automáticas es bueno para la seguridad, pero precisa del establecimiento de conexiones a otros servidores en segundo plano.
++
++spoof-referers-option =
++    .label = Modificar los referers HTTP
++spoof-referers-description = Los <a href=\"https://es.wikipedia.org/wiki/Referer_(Cabecera_HTTP)\">referers</a> son cabeceras HTTP que informan a una página acerca de nuestro enlace de origen. Activar esta característica mejora enormemente su privacidad, pero puede afectar a la funcionalidad de algunas páginas.
++
++detect-captive-portal-option =
++    .label = Detectar los portales cautivos
++detect-captive-portal-description = Los <a href=\"https://es.wikipedia.org/wiki/Portal_cautivo\">portales cautivos</a> son las webs que registran y controlan el acceso a redes inalámbricas públicas en hoteles, aeropuertos, cafés y similares. El servicio que los detecta es práctico si se ve a menudo en la necesidad de usarlos, pero implica el establecimiento de conexiones en segundo plano.
++
++geolocation-option =
++    .label = Activar Geolocalización
++geolocation-description = Esta característica se usa habitualmente en mapas, páginas del tiempo y algunas tiendas. Es mejor desactivarla si realmente no necesita que identifiquen su ubicación.
++
++webgl-option =
++    .label = Activar WebGL
++webgl-description = Esta función necesaria para mostrar ciertos gráficos 3D en el navegador puede exponerle a ciertos riesgos de seguridad. Actívela solamente si va a usarla.
+diff --git a/data/files-to-append/l10n/es-MX/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/es-MX/browser/browser/preferences/preferences.ftl
+new file mode 100644
+index 0000000..ad052b3
+--- /dev/null
++++ b/data/files-to-append/l10n/es-MX/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Ajustes de privacidad de IceCat
++
++disable-javascript-option =
++    .label = Desactivar JavaScript
++disable-javascript-description = Desactivar JavaScript mejora enormemente la privacidad, la seguridad en Internet y la <a href=\"https://www.gnu.org/philosophy/javascript-trap.es.html\">libertad</a> en su equipo, pero afectará a la funcionalidad de muchas páginas.
++
++disable-custom-fonts-option =
++    .label = No cargar fuentes personalizadas
++disable-custom-fonts-description = Las fuentes personalizadas pueden usarse para <a href=\"https://en.wikipedia.org/wiki/Device_fingerprint\">rastrear</a> al usuario. Desactivarlas mejora la privacidad pero puede afectar al aspecto visual de algunas páginas.
++
++isolate-request-first-party-option =
++    .label = Aislar las solicitudes a los Dominios Primarios
++isolate-request-first-party-description = Este ajuste <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">mejora la privacidad</a>, pero puede interferir con el inicio de sesión en algunas webs.
++
++auto-update-extensions-option =
++    .label = Actualizar las extensiones automáticamente
++auto-update-extensions-description = Activar las actualizaciones automáticas es bueno para la seguridad, pero precisa del establecimiento de conexiones a otros servidores en segundo plano.
++
++spoof-referers-option =
++    .label = Modificar los referers HTTP
++spoof-referers-description = Los <a href=\"https://es.wikipedia.org/wiki/Referer_(Cabecera_HTTP)\">referers</a> son cabeceras HTTP que informan a una página acerca de nuestro enlace de origen. Activar esta característica mejora enormemente su privacidad, pero puede afectar a la funcionalidad de algunas páginas.
++
++detect-captive-portal-option =
++    .label = Detectar los portales cautivos
++detect-captive-portal-description = Los <a href=\"https://es.wikipedia.org/wiki/Portal_cautivo\">portales cautivos</a> son las webs que registran y controlan el acceso a redes inalámbricas públicas en hoteles, aeropuertos, cafés y similares. El servicio que los detecta es práctico si se ve a menudo en la necesidad de usarlos, pero implica el establecimiento de conexiones en segundo plano.
++
++geolocation-option =
++    .label = Activar Geolocalización
++geolocation-description = Esta característica se usa habitualmente en mapas, páginas del tiempo y algunas tiendas. Es mejor desactivarla si realmente no necesita que identifiquen su ubicación.
++
++webgl-option =
++    .label = Activar WebGL
++webgl-description = Esta función necesaria para mostrar ciertos gráficos 3D en el navegador puede exponerle a ciertos riesgos de seguridad. Actívela solamente si va a usarla.
+diff --git a/data/files-to-append/l10n/fr/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/fr/browser/browser/preferences/preferences.ftl
+new file mode 100644
+index 0000000..4008883
+--- /dev/null
++++ b/data/files-to-append/l10n/fr/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Vie privée de IceCat
++
++disable-javascript-option =
++    .label = Disable JavaScript
++disable-javascript-description = Désactiver JavaScript améliore grandement le respect de la vie privée, la sécurité et <a href=\"https://www.gnu.org/philosophy/javascript-trap.fr.html\">la liberté</a>, mais cela risque de rendre beaucoup de sites web inutilisables.
++
++disable-custom-fonts-option =
++    .label = Ne pas charger de polices personnalisées
++disable-custom-fonts-description = Les polices personnalisées peuvent être utilisées pour vous <a href=\"https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil\">identifier</a>. Les désactiver améliore le respect de la vie privée mais peut détérorier le rendu de certains sites.
++
++isolate-request-first-party-option =
++    .label = Isoler les requêtes vers les domaines de premier niveau
++isolate-request-first-party-description = Améliore <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">le respect de la vie privée</a>, mais peut interférer avec la page de login de certains sites web.
++
++auto-update-extensions-option =
++    .label = Mettre à jour les extensions automatiquement
++auto-update-extensions-description = Activer les mises à jour automatiques améliore votre sécurité, mais cela va ouvrir des connexions internet en arrière-plan.
++
++spoof-referers-option =
++    .label = Usurper l'identité des Referers
++spoof-referers-description = <a href=\"https://fr.wikipedia.org/wiki/R%C3%A9f%C3%A9rent_(informatique)\">Les Referers</a> indiquent aux sites web quel lien vous y a amené. Cette fonctionnalité améliore grandement le respect de la vie privée, mais peut entraîner la perte de fonctionnalités sur certains sites.
++
++detect-captive-portal-option =
++    .label = Détecter les portails captifs
++detect-captive-portal-description = <a href=\"https://fr.wikipedia.org/wiki/Portail_captif\">Les portails captifs</a> sont les sites qui contrôlent l'accès aux réseaux sans fils publics dans les hôtels, les aéroports, les bars, etc. Ce service de détection est utile si vous vous connectez à ce type de réseaux, mais cela entraîne l'ouverture automatique de connexions.
++
++geolocation-option =
++    .label = Activer la géolocalisation
++geolocation-description = Elle est utilisée couramment pour les cartes, les sites de prévisions météo, et certaines boutiques en ligne. Il vaut mieux la désactivez à moins d'en avoir réellement besoin.
++
++webgl-option =
++    .label = Activer WebGL
++webgl-description = Nécessaire afin de visualiser les graphisme en 3D, mais peut vous exposer à des menaces de sécurité. Activer WebGL seulement si vous l'utilisez réellement.
+diff --git a/data/files-to-append/l10n/it/browser/browser/preferences/preferences.ftl b/data/files-to-append/l10n/it/browser/browser/preferences/preferences.ftl
+new file mode 100644
+index 0000000..a1fe1b7
+--- /dev/null
++++ b/data/files-to-append/l10n/it/browser/browser/preferences/preferences.ftl
+@@ -0,0 +1,36 @@
++
++## IceCat-specific privacy settings
++
++icecat-privacy-group-header = Impostazioni sulla privacy di IceCat
++
++disable-javascript-option =
++    .label = Disabilita JavaScript
++disable-javascript-description = Disabilitare Javascript migliora notevolmente la privacy, la sicurezza e la <a href=\"https://www.gnu.org/philosophy/javascript-trap.it.html\">libertà</a>, ma compromette la funzionalità molti siti.
++
++disable-custom-fonts-option =
++    .label = Non caricare caratteri personalizzati
++disable-custom-fonts-description = I caratteri personalizzati possono essere utilizzati per il <a href=\"https://it.wikipedia.org/wiki/Device_fingerprint\">fingerprinting</a>. Disabilitarli migliora la privacy ma potrebbe far compromettere la visibilità di alcuni siti.
++
++isolate-request-first-party-option =
++    .label = Isolare le richieste ai domini proprietari
++isolate-request-first-party-description = Questo <a href=\"https://www.torproject.org/projects/torbrowser/design/#identifier-linkability\">migliora la privacy</a>, ma potrebbe interferire con il login in alcuni siti.
++
++auto-update-extensions-option =
++    .label = Aggiorna automaticamente le estensioni
++auto-update-extensions-description = Abilitare gli aggiornamenti automatici è positivo per la sicurezza, ma avvierebbe connessioni Internet in background.
++
++spoof-referers-option =
++    .label = Spoof Referers
++spoof-referers-description = <a href=\"https://it.wikipedia.org/wiki/Referer\">I referer</a> dicono ai siti quale link ti ha portato lì. Questa funzione migliora notevolmente la privacy, ma potrebbe compromettere la funzionalità  di alcuni siti.
++
++detect-captive-portal-option =
++    .label = Rileva il captive portal
++detect-captive-portal-description = <a href=\"https://it.wikipedia.org/wiki/Captive_portal\">I captive portal</a> sono i siti che controllano l'accesso alle reti wireless pubbliche negli hotel, negli aeroporti, nei bar, ecc. Il servizio di rilevamento è utile se ci si connette a tali reti, ma avvierà automaticamente le connessioni.
++
++geolocation-option =
++    .label = Abilita geolocalizzazione
++geolocation-description = Questo è comunemente usato per mappe, siti meteo e alcuni negozi online. È meglio tenerlo spento a meno che non se ne abbia veramente bisogno.
++
++webgl-option =
++    .label = Abilita WebGL
++webgl-description = Necessario per visualizzare la grafica 3D, ma potrebbe esporre a minacce alla sicurezza. Abilitare solo in caso di necessità.
+diff --git a/data/patches/icecat-preferences.patch b/data/patches/icecat-preferences.patch
+new file mode 100644
+index 0000000..86fdd06
+--- /dev/null
++++ b/data/patches/icecat-preferences.patch
+@@ -0,0 +1,155 @@
++--- a/browser/components/preferences/in-content/privacy.xul.orig	2019-10-16 15:29:49.000000000 -0400
+++++ b/browser/components/preferences/in-content/privacy.xul	2019-10-30 23:54:53.591633131 -0400
++@@ -594,6 +594,79 @@
++          data-l10n-id="addressbar-suggestions-settings"/>
++ </groupbox>
 + 
-+ imply_option('MOZ_PLACES', True)
-+-imply_option('MOZ_SERVICES_HEALTHREPORT', True)
-++imply_option('MOZ_SERVICES_HEALTHREPORT', False)
-+ imply_option('MOZ_SERVICES_SYNC', True)
-+-imply_option('MOZ_DEDICATED_PROFILES', True)
-++imply_option('MOZ_DEDICATED_PROFILES', False)
-+ imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
+++<!-- IceCat-specific privacy group -->
+++<groupbox id="iceCatPrivacyGroup"
+++          data-category="panePrivacy"
+++          hidden="true">
+++  <label><html:h2 data-l10n-id="icecat-privacy-group-header"/></label>
+++  <vbox>
+++    <checkbox id="disableJavaScript" data-l10n-id="disable-javascript-option"
+++              preference="javascript.enabled"
+++              onsyncfrompreference="return gPrivacyPane.readDisableJavaScriptOption();"
+++              onsynctopreference="return gPrivacyPane.writeDisableJavaScriptOption();"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="disable-javascript-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="disableCustomFonts" data-l10n-id="disable-custom-fonts-option"
+++              preference="browser.display.use_document_fonts"
+++              onsyncfrompreference="return gPrivacyPane.readDisableCustomFontsOption();"
+++              onsynctopreference="return gPrivacyPane.writeDisableCustomFontsOption();"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="disable-custom-fonts-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="isolateRequestFirstParty" data-l10n-id="isolate-request-first-party-option"
+++              preference="privacy.firstparty.isolate"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="isolate-request-first-party-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="autoUpdateExtensions" data-l10n-id="auto-update-extensions-option"
+++              preference="extensions.update.enabled"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="auto-update-extensions-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="spoofReferrers" data-l10n-id="spoof-referers-option"
+++              preference="network.http.referer.spoofSource"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="spoof-referers-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="detectCaptivePortal" data-l10n-id="detect-captive-portal-option"
+++              preference="captivedetect.canonicalURL"
+++              onsyncfrompreference="return gPrivacyPane.readDetectCaptiveOption();"
+++              onsynctopreference="return gPrivacyPane.writeDetectCaptiveOption();"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="detect-captive-portal-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="geolocation" data-l10n-id="geolocation-option"
+++              preference="browser.search.geoip.url"
+++              onsyncfrompreference="return gPrivacyPane.readGeolocationOption();"
+++              onsynctopreference="return gPrivacyPane.writeGeolocationOption();"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="geolocation-description"/>
+++    </vbox>
+++  </vbox>
+++  <vbox>
+++    <checkbox id="webgl" data-l10n-id="webgl-option"
+++              preference="webgl.disabled"
+++              onsyncfrompreference="return gPrivacyPane.readWebGLOption();"
+++              onsynctopreference="return gPrivacyPane.writeWebGLOption();"/>
+++    <vbox class="indent">
+++      <label data-l10n-id="webgl-description"/>
+++    </vbox>
+++  </vbox>
+++</groupbox>
+++
++ <hbox id="permissionsCategory"
++       class="subcategory"
++       hidden="true"
++--- a/browser/components/preferences/in-content/privacy.js.orig	2019-10-16 15:29:49.000000000 -0400
+++++ b/browser/components/preferences/in-content/privacy.js	2019-10-31 00:08:05.819561577 -0400
++@@ -93,6 +93,16 @@
++   { id: "browser.urlbar.suggest.history", type: "bool" },
++   { id: "browser.urlbar.suggest.openpage", type: "bool" },
 + 
-+ with only_when(target_is_linux & compile_environment):
--- 
-2.23.0
-
-From 62f50f15abc91483c6aa7a2ac7ebb972e6f9affd Mon Sep 17 00:00:00 2001
-From: Mark H Weaver <mhw@netris.org>
-Date: Mon, 28 Oct 2019 13:05:28 -0400
-Subject: [PATCH 3/4] Disable MOZ_BLOCK_PROFILE_DOWNGRADE.
-
-It would be desirable to prevent downgrades from one major version of
-IceCat to another.  However, as MOZ_BLOCK_PROFILE_DOWNGRADE is
-currently implemented, it prevents downgrades from one build of
-IceCat-68.2 to an earlier build of IceCat-68.2.  Until we can find a
-satisfactory solution, we disable this functionality entirely.
-
-* data/patches/moz-configure-changes.patch: Set
-MOZ_BLOCK_PROFILE_DOWNGRADE to 'False'.
----
- data/patches/moz-configure-changes.patch | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/data/patches/moz-configure-changes.patch b/data/patches/moz-configure-changes.patch
-index aa6f1a5..53091a4 100644
---- a/data/patches/moz-configure-changes.patch
-+++ b/data/patches/moz-configure-changes.patch
-@@ -1,6 +1,6 @@
- --- a/browser/moz.configure.orig	1980-01-01 18:59:51.000000000 -0500
--+++ b/browser/moz.configure	2019-10-28 01:36:13.132873871 -0400
--@@ -5,9 +5,9 @@
-++++ b/browser/moz.configure	2019-10-28 13:04:11.469562089 -0400
-+@@ -5,10 +5,10 @@
-  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-  
-  imply_option('MOZ_PLACES', True)
-@@ -8,7 +8,9 @@
- +imply_option('MOZ_SERVICES_HEALTHREPORT', False)
-  imply_option('MOZ_SERVICES_SYNC', True)
- -imply_option('MOZ_DEDICATED_PROFILES', True)
-+-imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
- +imply_option('MOZ_DEDICATED_PROFILES', False)
-- imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
-++imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', False)
-  
-  with only_when(target_is_linux & compile_environment):
-+     option(env='MOZ_NO_PIE_COMPAT',
--- 
-2.23.0
-
-From 036f74092d223976054f9eafd8caa056f5975c54 Mon Sep 17 00:00:00 2001
-From: Mark H Weaver <mhw@netris.org>
-Date: Mon, 28 Oct 2019 19:57:37 -0400
-Subject: [PATCH 4/4] Improve branding for version 68 ESR.
-
-* data/branding/icecat/locales/en-US/brand.dtd: Add brandProductName.
-* data/branding/icecat/locales/en-US/brand.ftl: Add
-brand-shorter-name, brand-full-name, brand-product-name,
-vendor-short-name, and trademarkInfo.
-* data/branding/icecat/locales/en-US/brand.properties: Add
-brandProductName.
-* makeicecat: Limit replacement of trademarkInfo.part1 of brand.dtd
-files to only be done within l10n directory.  Replace trademarkInfo of
-brand.ftl files within l10n directory.
----
- data/branding/icecat/locales/en-US/brand.dtd        | 1 +
- data/branding/icecat/locales/en-US/brand.ftl        | 5 +++++
- data/branding/icecat/locales/en-US/brand.properties | 1 +
- makeicecat                                          | 3 ++-
- 4 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/data/branding/icecat/locales/en-US/brand.dtd b/data/branding/icecat/locales/en-US/brand.dtd
-index 3788266..475ce7d 100644
---- a/data/branding/icecat/locales/en-US/brand.dtd
-+++ b/data/branding/icecat/locales/en-US/brand.dtd
-@@ -5,5 +5,6 @@
- <!ENTITY  brandShorterName      "IceCat">
- <!ENTITY  brandShortName        "IceCat">
- <!ENTITY  brandFullName         "GNU IceCat">
-+<!ENTITY  brandProductName      "IceCat">
- <!ENTITY  vendorShortName       "GNU">
- <!ENTITY  trademarkInfo.part1   "The IceCat logo is Copyright 2008-2015 Free Software Foundation, released under the terms of the GNU Lesser General Public License, version 3 or any later version.">
-diff --git a/data/branding/icecat/locales/en-US/brand.ftl b/data/branding/icecat/locales/en-US/brand.ftl
-index bd7fbe0..7c9fcc8 100644
---- a/data/branding/icecat/locales/en-US/brand.ftl
-+++ b/data/branding/icecat/locales/en-US/brand.ftl
-@@ -2,4 +2,9 @@
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- 
-+-brand-shorter-name = IceCat
- -brand-short-name = IceCat
-+-brand-full-name = GNU IceCat
-+-brand-product-name = IceCat
-+-vendor-short-name = GNU
-+trademarkInfo = The IceCat logo is Copyright 2008-2015 Free Software Foundation, released under the terms of the GNU Lesser General Public License, version 3 or any later version.
-diff --git a/data/branding/icecat/locales/en-US/brand.properties b/data/branding/icecat/locales/en-US/brand.properties
-index 85e2894..9b9cf97 100644
---- a/data/branding/icecat/locales/en-US/brand.properties
-+++ b/data/branding/icecat/locales/en-US/brand.properties
-@@ -5,6 +5,7 @@
- brandShorterName=IceCat
- brandShortName=IceCat
- brandFullName=IceCat
-+brandProductName=IceCat
- vendorShortName=GNU
- 
- syncBrandShortName=Sync
+++  // IceCat-specific
+++  { id: "javascript.enabled", type: "bool" },
+++  { id: "browser.display.use_document_fonts", type: "int" },
+++  { id: "privacy.firstparty.isolate", type: "bool" },
+++  { id: "extensions.update.enabled", type: "bool" },
+++  { id: "network.http.referer.spoofSource", type: "bool" },
+++  { id: "webgl.disabled", type: "bool" },
+++  { id: "captivedetect.canonicalURL", type: "string" },
+++  { id: "browser.search.geoip.url", type: "string" },
+++
++   // History
++   { id: "places.history.enabled", type: "bool" },
++   { id: "browser.formfill.enable", type: "bool" },
++@@ -587,6 +597,53 @@
++     SiteDataManager.updateSites();
++   },
++ 
+++  // ICECAT PREFERENCES
+++
+++  readDisableJavaScriptOption() {
+++    let pref = Preferences.get("javascript.enabled");
+++    return !pref.value;
+++  },
+++  writeDisableJavaScriptOption() {
+++    let checkbox = document.getElementById("disableJavaScript");
+++    return !checkbox.checked;
+++  },
+++
+++  readDisableCustomFontsOption() {
+++    let pref = Preferences.get("browser.display.use_document_fonts");
+++    return pref.value == 0;
+++  },
+++  writeDisableCustomFontsOption() {
+++    let checkbox = document.getElementById("disableCustomFonts");
+++    return checkbox.checked ? 0 : 1;
+++  },
+++
+++  readDetectCaptiveOption() {
+++    let pref = Preferences.get("captivedetect.canonicalURL");
+++    return pref.value !== "";
+++  },
+++  writeDetectCaptiveOption() {
+++    let checkbox = document.getElementById("detectCaptivePortal");
+++    return checkbox.checked ? "http://detectportal.firefox.com/success.txt" : "";
+++  },
+++
+++  readGeolocationOption() {
+++    let pref = Preferences.get("browser.search.geoip.url");
+++    return pref.value !== "";
+++  },
+++  writeGeolocationOption() {
+++    let checkbox = document.getElementById("geolocation");
+++    return checkbox.checked ? "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%" : "";
+++  },
+++
+++  readWebGLOption() {
+++    let pref = Preferences.get("webgl.disabled");
+++    return !pref.value;
+++  },
+++  writeWebGLOption() {
+++    let checkbox = document.getElementById("webgl");
+++    return !checkbox.checked;
+++  },
+++
++   // CONTENT BLOCKING
++ 
++   /**
 diff --git a/makeicecat b/makeicecat
-index 1bcf465..3ff2ead 100644
+index 4ff3e64..493d946 100755
 --- a/makeicecat
 +++ b/makeicecat
-@@ -226,7 +226,8 @@ cp $DATA/bookmarks.html.in browser/locales/generic/profile/bookmarks.html.in
+@@ -87,6 +87,19 @@ for patch in $DATA/patches/*.patch; do
+ done
+ shopt -u nullglob
  
- # Custom legal about pages
++for file_to_append in $(cd $DATA/files-to-append; find . -type f -print); do
++    echo Appending new data to the end of file: $file_to_append
++    cat $DATA/files-to-append/$file_to_append >> $file_to_append
++done
++
++for dir in l10n/*; do
++    if [[ $dir != l10n/compare-locales ]]; then
++        if [[ ! -e $DATA/files-to-append/$dir/browser/browser/preferences/preferences.ftl ]]; then
++            cat $DATA/files-to-append/browser/locales/en-US/browser/preferences/preferences.ftl >> $dir/browser/browser/preferences/preferences.ftl
++        fi
++    fi
++done
++
+ cp $DATA/Changelog.IceCat $DATA/README.IceCat .
  
--find -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "">/' -i
-+find l10n -wholename '*/brand.dtd' |xargs /bin/sed 's/trademarkInfo.part1.*/trademarkInfo.part1 "">/' -i
-+find l10n -wholename '*/brand.ftl' |xargs /bin/sed 's/^trademarkInfo = .*/trademarkInfo = The IceCat logo is Copyright 2008-2015 Free Software Foundation, released under the terms of the GNU Lesser General Public License, version 3 or any later version./' -i
- 
- for STRING in rights.intro-point3-unbranded rights.intro-point4a-unbranded rights.intro-point4b-unbranded rights.intro-point4c-unbranded
- do
+ ###############################################################################
 -- 
 2.23.0
 
diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch
index 90a79eebc9..66816070aa 100644
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -98,7 +98,7 @@ index b04c731..06d1f3f 100644
  
  shopt -s nullglob
  for patch in $DATA/patches/*.patch; do
-@@ -598,6 +598,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
+@@ -611,6 +611,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
  # Fix CVE-2012-3386
  /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true
  
diff --git a/gnu/packages/patches/java-svg-salamander-Fix-non-det.patch b/gnu/packages/patches/java-svg-salamander-Fix-non-det.patch
new file mode 100644
index 0000000000..418fa0867f
--- /dev/null
+++ b/gnu/packages/patches/java-svg-salamander-Fix-non-det.patch
@@ -0,0 +1,86 @@
+From c812efa9fcbfb49a571cc73af83c8da5cb951bcf Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Thu, 2 May 2019 19:05:33 +0200
+Subject: [PATCH] Fix non determinism and installation
+
+---
+ svg-core/build.xml                | 22 ----------------------
+ svg-core/nbproject/build-impl.xml |  1 -
+ 2 files changed, 23 deletions(-)
+
+diff --git a/svg-core/build.xml b/svg-core/build.xml
+index cc72eb7..0f9c3e6 100755
+--- a/svg-core/build.xml
++++ b/svg-core/build.xml
+@@ -102,7 +102,6 @@
+         <jar destfile="${maven-javadoc-jar}" update="false">

+             <manifest>

+                 <attribute name="Version" value="${version}"/>

+-                <attribute name="Date" value="${TODAY}"/>

+             </manifest>

+ 

+             <fileset dir="dist/javadoc">

+@@ -112,7 +111,6 @@
+         <jar destfile="${maven-sources-jar}" update="false">

+             <manifest>

+                 <attribute name="Version" value="${version}"/>

+-                <attribute name="Date" value="${TODAY}"/>

+             </manifest>

+ 

+             <fileset dir="src/main/java">

+@@ -126,7 +124,6 @@
+             <manifest>

+                 <attribute name="Main-Class" value="com.kitfox.svg.app.SVGPlayer"/>

+                 <attribute name="Version" value="${version}"/>

+-                <attribute name="Date" value="${TODAY}"/>

+             </manifest>

+ 

+             <fileset dir="build/classes">

+@@ -203,7 +200,6 @@
+             <manifest>

+                 <attribute name="Main-Class" value="com.kitfox.svg.app.SVGPlayer"/>

+                 <attribute name="Version" value="${version}"/>

+-                <attribute name="Date" value="${TODAY}"/>

+             </manifest>

+ 

+             <fileset dir="build/classes">

+@@ -213,24 +209,6 @@
+             </fileset>

+         </jar>

+ 

+-        <delete file="${key.location}"/>

+-        <genkey alias="${key.user}" storepass="${key.password}" keystore="${key.location}" validity="1000" verbose="true">

+-            <dname>

+-                <param name="CN" value="Mark McKay, mark@kitfox.com"/>

+-                <param name="OU" value="kitfox.com"/>

+-                <param name="O"  value="kitfox"/>

+-                <param name="L"  value="Toronto"/>

+-                <param name="S"  value="Ontario"/>

+-                <param name="C"  value="CA"/>

+-            </dname>

+-        </genkey>

+-

+-        <copy file="${dist.jar}" toFile="${project.www.jar}"/>

+-        <signjar jar="${project.www.jar}"

+-                 alias="${key.user}"

+-                 storepass="${key.password}"

+-                 keystore="${key.location}"/>

+-

+         <delete file="${project.tiny.jar}"/>

+         <jar destfile="${project.tiny.jar}" update="true">

+             <manifest>

+diff --git a/svg-core/nbproject/build-impl.xml b/svg-core/nbproject/build-impl.xml
+index b448d8a..37725ad 100755
+--- a/svg-core/nbproject/build-impl.xml
++++ b/svg-core/nbproject/build-impl.xml
+@@ -1045,7 +1045,6 @@ is divided into following sections:
+         </manifest>

+     </target>

+     <target depends="init,-init-macrodef-copylibs,compile,-pre-pre-jar,-pre-jar,-do-jar-create-manifest,-do-jar-copy-manifest,-do-jar-set-mainclass,-do-jar-set-profile,-do-jar-set-splashscreen" if="do.mkdist" name="-do-jar-copylibs">

+-        <j2seproject3:copylibs manifest="${tmp.manifest.file}"/>

+         <echo level="info">To run this application from the command line without Ant, try:</echo>

+         <property location="${dist.jar}" name="dist.jar.resolved"/>

+         <echo level="info">java -jar "${dist.jar.resolved}"</echo>

+-- 
+2.21.0
+
diff --git a/gnu/packages/patches/libvirt-create-machine-cgroup.patch b/gnu/packages/patches/libvirt-create-machine-cgroup.patch
new file mode 100644
index 0000000000..585ac237e1
--- /dev/null
+++ b/gnu/packages/patches/libvirt-create-machine-cgroup.patch
@@ -0,0 +1,48 @@
+From 9ca0b2955edea162b255b428e493cd8ffac52167 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
+ <rosen644835@gmail.com>
+Date: Fri, 1 Nov 2019 17:29:00 +0100
+Subject: [PATCH] vircgroup: Ensure /machine group is associated with its
+ parent.
+
+Call first virCgroupNew on the parent group virCgroupNewPartition if
+it is available on before the creation of the child group.  This
+ensures that the creation of a first level group on the unified
+architecture, as the check at virCgroupV2ParseControllersFile as the
+parent file is there.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1760233
+---
+ src/util/vircgroup.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
+index b46f20abfd..33c61f2d45 100644
+--- a/src/util/vircgroup.c
++++ b/src/util/vircgroup.c
+@@ -855,9 +855,6 @@ virCgroupNewPartition(const char *path,
+     if (virCgroupSetPartitionSuffix(path, &newPath) < 0)
+         goto cleanup;
+ 
+-    if (virCgroupNew(-1, newPath, NULL, controllers, group) < 0)
+-        goto cleanup;
+-
+     if (STRNEQ(newPath, "/")) {
+         char *tmp;
+         parentPath = g_strdup(newPath);
+@@ -868,7 +865,12 @@ virCgroupNewPartition(const char *path,
+ 
+         if (virCgroupNew(-1, parentPath, NULL, controllers, &parent) < 0)
+             goto cleanup;
++    }
+ 
++    if (virCgroupNew(-1, newPath, parent, controllers, group) < 0)
++        goto cleanup;
++
++    if (parent) {
+         if (virCgroupMakeGroup(parent, *group, create, VIR_CGROUP_NONE) < 0)
+             goto cleanup;
+     }
+-- 
+2.23.0
+
diff --git a/gnu/packages/patches/openmpi-psm2-priority.patch b/gnu/packages/patches/openmpi-psm2-priority.patch
new file mode 100644
index 0000000000..d9dd558010
--- /dev/null
+++ b/gnu/packages/patches/openmpi-psm2-priority.patch
@@ -0,0 +1,21 @@
+PSM2 is the only valid implementation for OmniPath (OPA).  UCX also
+supports OmniPath, but it does so via Verbs, thus getting much lower
+performance (typically 3 GiB/s instead of 10 GiB/s).
+
+To work around that, give the mtl_psm2 component a higher priority
+than the pml_ucx component.
+
+See <https://www.mail-archive.com/users@lists.open-mpi.org/msg33581.html>.
+
+--- openmpi-4.0.2/ompi/mca/mtl/psm2/mtl_psm2_component.c	2019-11-15 17:06:15.142076840 +0100
++++ openmpi-4.0.2/ompi/mca/mtl/psm2/mtl_psm2_component.c	2019-11-15 17:06:22.242009379 +0100
+@@ -126,7 +126,7 @@ ompi_mtl_psm2_component_register(void)
+         setenv("PSM2_DEVICES", "self,shm", 0);
+     }
+ 
+-    param_priority = 40;
++    param_priority = 55;
+     (void) mca_base_component_var_register (&mca_mtl_psm2_component.super.mtl_version,
+                                             "priority", "Priority of the PSM2 MTL component",
+                                             MCA_BASE_VAR_TYPE_INT, NULL, 0, 0,
+
diff --git a/gnu/packages/patches/patchelf-page-size.patch b/gnu/packages/patches/patchelf-page-size.patch
deleted file mode 100644
index 1c14047512..0000000000
--- a/gnu/packages/patches/patchelf-page-size.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Improve the determination of pageSize in patchelf.cc.
-
-Patch by Mark H Weaver <mhw@netris.org>.
-
---- patchelf/src/patchelf.cc.orig	1969-12-31 19:00:01.000000000 -0500
-+++ patchelf/src/patchelf.cc	2014-02-16 20:15:06.283203125 -0500
-@@ -21,11 +21,19 @@
- using namespace std;
- 
- 
--#ifdef MIPSEL
--/* The lemote fuloong 2f kernel defconfig sets a page size of 16KB */
--const unsigned int pageSize = 4096*4;
--#else
-+/* Note that some platforms support multiple page sizes.  Therefore,
-+   it is not enough to query the current page size.  'pageSize' must
-+   be the maximum architectural page size for the platform, which is
-+   typically defined in the corresponding ABI document.
-+
-+   XXX FIXME: This won't work when we're cross-compiling.  */
-+
-+#if defined __MIPSEL__ || defined __MIPSEB__ || defined __aarch64__
-+const unsigned int pageSize = 65536;
-+#elif defined __x86_64__ || defined __i386__ || defined __arm__
- const unsigned int pageSize = 4096;
-+#else
-+# error maximum architectural page size unknown for this platform
- #endif
- 
- 
---- patchelf/tests/no-rpath.sh.orig	2014-01-14 08:17:47.000000000 -0500
-+++ patchelf/tests/no-rpath.sh	2015-01-06 18:31:53.418172797 -0500
-@@ -1,23 +1,23 @@
- #! /bin/sh -e
- SCRATCH=scratch/$(basename $0 .sh)
- 
--rm -rf ${SCRATCH}
--mkdir -p ${SCRATCH}
-+if [ "$(uname -m)" = i686 -a "$(uname -s)" = Linux ]; then
-+    rm -rf ${SCRATCH}
-+    mkdir -p ${SCRATCH}
- 
--cp ${srcdir}/no-rpath ${SCRATCH}/
-+    cp ${srcdir}/no-rpath ${SCRATCH}/
- 
--oldRPath=$(../src/patchelf --print-rpath ${SCRATCH}/no-rpath)
--if test -n "$oldRPath"; then exit 1; fi
--../src/patchelf \
--  --set-interpreter "$(../src/patchelf --print-interpreter ../src/patchelf)" \
--  --set-rpath /foo:/bar:/xxxxxxxxxxxxxxx ${SCRATCH}/no-rpath
-+    oldRPath=$(../src/patchelf --print-rpath ${SCRATCH}/no-rpath)
-+    if test -n "$oldRPath"; then exit 1; fi
-+    ../src/patchelf \
-+      --set-interpreter "$(../src/patchelf --print-interpreter ../src/patchelf)" \
-+      --set-rpath /foo:/bar:/xxxxxxxxxxxxxxx ${SCRATCH}/no-rpath
- 
--newRPath=$(../src/patchelf --print-rpath ${SCRATCH}/no-rpath)
--if ! echo "$newRPath" | grep -q '/foo:/bar'; then
--    echo "incomplete RPATH"
--    exit 1
--fi
-+    newRPath=$(../src/patchelf --print-rpath ${SCRATCH}/no-rpath)
-+    if ! echo "$newRPath" | grep -q '/foo:/bar'; then
-+        echo "incomplete RPATH"
-+        exit 1
-+    fi
- 
--if [ "$(uname -m)" = i686 -a "$(uname -s)" = Linux ]; then
-     cd ${SCRATCH} && ./no-rpath
- fi
diff --git a/gnu/packages/patches/patchelf-rework-for-arm.patch b/gnu/packages/patches/patchelf-rework-for-arm.patch
deleted file mode 100644
index 6f4eb8f72b..0000000000
--- a/gnu/packages/patches/patchelf-rework-for-arm.patch
+++ /dev/null
@@ -1,473 +0,0 @@
-Rework the growing algorithm in patchelf to support ARM systems.
-See <https://github.com/NixOS/patchelf/issues/8>.
-This patch copied from:
-<https://github.com/sriemer/patchelf/commit/0a96239cea6b97b9a0fff80da576e58ca2dfb2a2>
-
-From 0a96239cea6b97b9a0fff80da576e58ca2dfb2a2 Mon Sep 17 00:00:00 2001
-From: Sebastian Parschauer <s.parschauer@gmx.de>
-Date: Sat, 28 Jun 2014 01:24:57 +0200
-Subject: [PATCH] Rework the growing algorithm
-
-On ARM systems there is no space in virtual memory for another LOAD
-area in front of the code LOAD area. So insert data to its end
-instead. At this location there should be enough space in virtual
-memory due to alignment. We can extend it until the end of the
-alignment but the file shift may be greater as it must be aligned
-to the page size. Do the same for the data LOAD area.
----
- src/patchelf.cc | 357 ++++++++++++++++++++++----------------------------------
- 1 file changed, 142 insertions(+), 215 deletions(-)
-
-diff --git a/src/patchelf.cc b/src/patchelf.cc
-index dcbfd38..4fce9e6 100644
---- a/src/patchelf.cc
-+++ b/src/patchelf.cc
-@@ -116,7 +116,11 @@ private:
- 
-     void sortShdrs();
- 
--    void shiftFile(unsigned int extraPages, Elf_Addr startPage);
-+    void shiftFileSingle(size_t fileShift, Elf_Off insertOff);
-+
-+    void shiftFile(size_t neededCode, size_t neededData,
-+                   Elf_Off codeOff[], Elf_Off dataOff[],
-+                   Elf_Addr *codePage, Elf_Addr *dataPage);
- 
-     string getSectionName(const Elf_Shdr & shdr);
- 
-@@ -130,13 +134,11 @@ private:
-         unsigned int size);
- 
-     void writeReplacedSections(Elf_Off & curOff,
--        Elf_Addr startAddr, Elf_Off startOffset);
-+        Elf_Addr startAddr, Elf_Off startOffset, bool isData);
- 
-     void rewriteHeaders(Elf_Addr phdrAddress);
- 
--    void rewriteSectionsLibrary();
--
--    void rewriteSectionsExecutable();
-+    void rewriteSectionsBinary();
- 
- public:
- 
-@@ -391,46 +393,119 @@ static unsigned int roundUp(unsigned int n, unsigned int m)
- 
- 
- template<ElfFileParams>
--void ElfFile<ElfFileParamNames>::shiftFile(unsigned int extraPages, Elf_Addr startPage)
-+void ElfFile<ElfFileParamNames>::shiftFileSingle(size_t fileShift,
-+        Elf_Off insertOff)
- {
--    /* Move the entire contents of the file `extraPages' pages
--       further. */
-     unsigned int oldSize = fileSize;
--    unsigned int shift = extraPages * pageSize;
--    growFile(fileSize + extraPages * pageSize);
--    memmove(contents + extraPages * pageSize, contents, oldSize);
--    memset(contents + sizeof(Elf_Ehdr), 0, shift - sizeof(Elf_Ehdr));
-+
-+    /* Grow at the end */
-+    growFile(fileSize + fileShift);
-+
-+    /* move the data from the insertion point
-+       to the end and zero inserted space */
-+    memmove(contents + insertOff + fileShift,
-+            contents + insertOff, oldSize - insertOff);
-+    memset(contents + insertOff, 0, fileShift);
- 
-     /* Adjust the ELF header. */
-     wri(hdr->e_phoff, sizeof(Elf_Ehdr));
--    wri(hdr->e_shoff, rdi(hdr->e_shoff) + shift);
-+    if (rdi(hdr->e_shoff) >= insertOff)
-+        wri(hdr->e_shoff, rdi(hdr->e_shoff) + fileShift);
- 
-     /* Update the offsets in the section headers. */
--    for (int i = 1; i < rdi(hdr->e_shnum); ++i)
--        wri(shdrs[i].sh_offset, rdi(shdrs[i].sh_offset) + shift);
-+    for (int i = 1; i < rdi(hdr->e_shnum); ++i) {
-+        if (rdi(shdrs[i].sh_offset) >= insertOff)
-+            wri(shdrs[i].sh_offset, rdi(shdrs[i].sh_offset) + fileShift);
-+    }
- 
-     /* Update the offsets in the program headers. */
-     for (int i = 0; i < rdi(hdr->e_phnum); ++i) {
--        wri(phdrs[i].p_offset, rdi(phdrs[i].p_offset) + shift);
--        if (rdi(phdrs[i].p_align) != 0 &&
--            (rdi(phdrs[i].p_vaddr) - rdi(phdrs[i].p_offset)) % rdi(phdrs[i].p_align) != 0) {
--            debug("changing alignment of program header %d from %d to %d\n", i,
--                rdi(phdrs[i].p_align), pageSize);
--            wri(phdrs[i].p_align, pageSize);
-+        if (rdi(phdrs[i].p_offset) >= insertOff)
-+            wri(phdrs[i].p_offset, rdi(phdrs[i].p_offset) + fileShift);
-+        /* Check for ELF load command alignment issue the same
-+           way as glibc/elf/dl-load.c does. This gives us the
-+           chance to run an interpreter explicitly. */
-+        if (rdi(phdrs[i].p_type) == PT_LOAD && ((rdi(phdrs[i].p_vaddr) -
-+          rdi(phdrs[i].p_offset)) & (rdi(phdrs[i].p_align) - 1)) != 0) {
-+             debug("changing alignment of program header %d from %d to %d\n",
-+                   i, rdi(phdrs[i].p_align), pageSize);
-+             wri(phdrs[i].p_align, pageSize);
-         }
-     }
-+}
-+
-+template<ElfFileParams>
-+void ElfFile<ElfFileParamNames>::shiftFile(size_t neededCode,
-+        size_t neededData, Elf_Off codeOff[], Elf_Off dataOff[],
-+        Elf_Addr *codePage, Elf_Addr *dataPage)
-+{
-+    /* Move some contents of the file further. The binary has one LOAD area
-+     * for code and one for data. There is virtual memory space between
-+     * these which we can use due to alignment.
-+     */
-+    unsigned int memShift = neededCode;
-+    unsigned int fileShift = roundUp(neededCode, pageSize);
-+    unsigned int maxMemShift = 0;
-+
-+    if (neededCode > 0) {
-+        /* find the LOAD program header for code and extend it */
-+        for (int i = 0; i < rdi(hdr->e_phnum); ++i) {
-+            if (rdi(phdrs[i].p_type) == PT_LOAD &&
-+              rdi(phdrs[i].p_flags) & PF_X) {
-+                codeOff[1] = rdi(phdrs[i].p_filesz);
-+                codeOff[0] = codeOff[1] + rdi(phdrs[i].p_offset);
-+                maxMemShift = rdi(phdrs[i].p_memsz) % rdi(phdrs[i].p_align);
-+                if (maxMemShift == 0)
-+                    continue;
-+                maxMemShift = rdi(phdrs[i].p_align) - maxMemShift;
-+                if (maxMemShift == 0 || memShift > maxMemShift)
-+                    continue;
-+                *codePage = rdi(phdrs[i].p_vaddr);
-+                wri(phdrs[i].p_filesz, rdi(phdrs[i].p_filesz) + memShift);
-+                wri(phdrs[i].p_memsz, rdi(phdrs[i].p_memsz) + memShift);
-+                break;
-+            }
-+        }
-+        debug("codeOff: %#lx, memShift: %d, maxMemShift: %d, fileShift: %d\n",
-+              codeOff[1], memShift, maxMemShift, fileShift);
-+        if (codeOff[1] == 0 || maxMemShift == 0)
-+            goto out;
-+
-+        shiftFileSingle(fileShift, codeOff[0]);
-+    }
-+
-+    /* +++ Do the same for the data LOAD area  +++ */
-+    memShift = neededData;
-+    fileShift = roundUp(neededData, pageSize);
-+    maxMemShift = 0;
-+    if (neededData > 0) {
-+        /* find the LOAD program header for data and extend it */
-+        for (int i = 0; i < rdi(hdr->e_phnum); ++i) {
-+            if (rdi(phdrs[i].p_type) == PT_LOAD &&
-+              rdi(phdrs[i].p_flags) & PF_W) {
-+                dataOff[1] = rdi(phdrs[i].p_filesz);
-+                dataOff[0] = dataOff[1] + rdi(phdrs[i].p_offset);
-+                maxMemShift = rdi(phdrs[i].p_memsz) % rdi(phdrs[i].p_align);
-+                if (maxMemShift == 0)
-+                    continue;
-+                maxMemShift = rdi(phdrs[i].p_align) - maxMemShift;
-+                if (maxMemShift == 0 || memShift > maxMemShift)
-+                    continue;
-+                *dataPage = rdi(phdrs[i].p_vaddr);
-+                wri(phdrs[i].p_filesz, rdi(phdrs[i].p_filesz) + memShift);
-+                wri(phdrs[i].p_memsz, rdi(phdrs[i].p_memsz) + memShift);
-+                break;
-+            }
-+        }
-+        debug("dataOff: %#lx, memShift: %d, maxMemShift: %d, fileShift: %d\n",
-+              dataOff[1], memShift, maxMemShift, fileShift);
-+        if (dataOff[1] == 0 || maxMemShift == 0)
-+            goto out;
- 
--    /* Add a segment that maps the new program/section headers and
--       PT_INTERP segment into memory.  Otherwise glibc will choke. */
--    phdrs.resize(rdi(hdr->e_phnum) + 1);
--    wri(hdr->e_phnum, rdi(hdr->e_phnum) + 1);
--    Elf_Phdr & phdr = phdrs[rdi(hdr->e_phnum) - 1];
--    wri(phdr.p_type, PT_LOAD);
--    wri(phdr.p_offset, 0);
--    wri(phdr.p_vaddr, wri(phdr.p_paddr, startPage));
--    wri(phdr.p_filesz, wri(phdr.p_memsz, shift));
--    wri(phdr.p_flags, PF_R | PF_W);
--    wri(phdr.p_align, pageSize);
-+        shiftFileSingle(fileShift, dataOff[0]);
-+    }
-+out:
-+    return;
- }
- 
- 
-@@ -491,7 +566,7 @@ string & ElfFile<ElfFileParamNames>::replaceSection(const SectionName & sectionN
- 
- template<ElfFileParams>
- void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff,
--    Elf_Addr startAddr, Elf_Off startOffset)
-+    Elf_Addr startAddr, Elf_Off startOffset, bool isData = false)
- {
-     /* Overwrite the old section contents with 'X's.  Do this
-        *before* writing the new section contents (below) to prevent
-@@ -501,6 +576,9 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff,
-     {
-         string sectionName = i->first;
-         Elf_Shdr & shdr = findSection(sectionName);
-+        if ((!isData && rdi(shdr.sh_flags) & SHF_WRITE) ||
-+         (isData && ~(rdi(shdr.sh_flags)) & SHF_WRITE))
-+            continue;
-         memset(contents + rdi(shdr.sh_offset), 'X', rdi(shdr.sh_size));
-     }
- 
-@@ -509,6 +587,9 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff,
-     {
-         string sectionName = i->first;
-         Elf_Shdr & shdr = findSection(sectionName);
-+        if ((!isData && rdi(shdr.sh_flags) & SHF_WRITE) ||
-+         (isData && ~(rdi(shdr.sh_flags)) & SHF_WRITE))
-+            continue;
-         debug("rewriting section `%s' from offset 0x%x (size %d) to offset 0x%x (size %d)\n",
-             sectionName.c_str(), rdi(shdr.sh_offset), rdi(shdr.sh_size), curOff, i->second.size());
- 
-@@ -546,201 +627,47 @@ void ElfFile<ElfFileParamNames>::writeReplacedSections(Elf_Off & curOff,
-         curOff += roundUp(i->second.size(), sectionAlignment);
-     }
- 
--    replacedSections.clear();
-+    if (isData)
-+        replacedSections.clear();
- }
- 
- 
- template<ElfFileParams>
--void ElfFile<ElfFileParamNames>::rewriteSectionsLibrary()
-+void ElfFile<ElfFileParamNames>::rewriteSectionsBinary()
- {
--    /* For dynamic libraries, we just place the replacement sections
--       at the end of the file.  They're mapped into memory by a
--       PT_LOAD segment located directly after the last virtual address
--       page of other segments. */
--    Elf_Addr startPage = 0;
--    for (unsigned int i = 0; i < phdrs.size(); ++i) {
--        Elf_Addr thisPage = roundUp(rdi(phdrs[i].p_vaddr) + rdi(phdrs[i].p_memsz), pageSize);
--        if (thisPage > startPage) startPage = thisPage;
--    }
--
--    debug("last page is 0x%llx\n", (unsigned long long) startPage);
-+    Elf_Off codeOff[2] = {0}, dataOff[2] = {0};
-+    Elf_Addr codePage = 0, dataPage = 0;
-+    size_t neededCode = 0, neededData = 0, oldCode = 0, oldData = 0;
-+    Elf_Shdr shdr = findSection(".text");
-+    Elf_Addr firstPage = rdi(shdr.sh_addr) - rdi(shdr.sh_offset);
- 
-+    debug("first page is 0x%llx\n", (unsigned long long) firstPage);
- 
--    /* Compute the total space needed for the replaced sections and
--       the program headers. */
--    off_t neededSpace = (phdrs.size() + 1) * sizeof(Elf_Phdr);
-+    /* Compute the total space needed for the replaced sections */
-     for (ReplacedSections::iterator i = replacedSections.begin();
--         i != replacedSections.end(); ++i)
--        neededSpace += roundUp(i->second.size(), sectionAlignment);
--    debug("needed space is %d\n", neededSpace);
--
--
--    size_t startOffset = roundUp(fileSize, pageSize);
--
--    growFile(startOffset + neededSpace);
--
--
--    /* Even though this file is of type ET_DYN, it could actually be
--       an executable.  For instance, Gold produces executables marked
--       ET_DYN.  In that case we can still hit the kernel bug that
--       necessitated rewriteSectionsExecutable().  However, such
--       executables also tend to start at virtual address 0, so
--       rewriteSectionsExecutable() won't work because it doesn't have
--       any virtual address space to grow downwards into.  As a
--       workaround, make sure that the virtual address of our new
--       PT_LOAD segment relative to the first PT_LOAD segment is equal
--       to its offset; otherwise we hit the kernel bug.  This may
--       require creating a hole in the executable.  The bigger the size
--       of the uninitialised data segment, the bigger the hole. */
--    if (isExecutable) {
--        if (startOffset >= startPage) {
--            debug("shifting new PT_LOAD segment by %d bytes to work around a Linux kernel bug\n", startOffset - startPage);
--        } else {
--            size_t hole = startPage - startOffset;
--            /* Print a warning, because the hole could be very big. */
--            fprintf(stderr, "warning: working around a Linux kernel bug by creating a hole of %zu bytes in ‘%s’\n", hole, fileName.c_str());
--            assert(hole % pageSize == 0);
--            /* !!! We could create an actual hole in the file here,
--               but it's probably not worth the effort. */
--            growFile(fileSize + hole);
--            startOffset += hole;
--        }
--        startPage = startOffset;
--    }
--
--
--    /* Add a segment that maps the replaced sections and program
--       headers into memory. */
--    phdrs.resize(rdi(hdr->e_phnum) + 1);
--    wri(hdr->e_phnum, rdi(hdr->e_phnum) + 1);
--    Elf_Phdr & phdr = phdrs[rdi(hdr->e_phnum) - 1];
--    wri(phdr.p_type, PT_LOAD);
--    wri(phdr.p_offset, startOffset);
--    wri(phdr.p_vaddr, wri(phdr.p_paddr, startPage));
--    wri(phdr.p_filesz, wri(phdr.p_memsz, neededSpace));
--    wri(phdr.p_flags, PF_R | PF_W);
--    wri(phdr.p_align, pageSize);
--
--
--    /* Write out the replaced sections. */
--    Elf_Off curOff = startOffset + phdrs.size() * sizeof(Elf_Phdr);
--    writeReplacedSections(curOff, startPage, startOffset);
--    assert((off_t) curOff == startOffset + neededSpace);
--
--
--    /* Move the program header to the start of the new area. */
--    wri(hdr->e_phoff, startOffset);
--
--    rewriteHeaders(startPage);
--}
--
--
--template<ElfFileParams>
--void ElfFile<ElfFileParamNames>::rewriteSectionsExecutable()
--{
--    /* Sort the sections by offset, otherwise we won't correctly find
--       all the sections before the last replaced section. */
--    sortShdrs();
--
--
--    /* What is the index of the last replaced section? */
--    unsigned int lastReplaced = 0;
--    for (unsigned int i = 1; i < rdi(hdr->e_shnum); ++i) {
--        string sectionName = getSectionName(shdrs[i]);
--        if (replacedSections.find(sectionName) != replacedSections.end()) {
--            debug("using replaced section `%s'\n", sectionName.c_str());
--            lastReplaced = i;
--        }
--    }
--
--    assert(lastReplaced != 0);
--
--    debug("last replaced is %d\n", lastReplaced);
--
--    /* Try to replace all sections before that, as far as possible.
--       Stop when we reach an irreplacable section (such as one of type
--       SHT_PROGBITS).  These cannot be moved in virtual address space
--       since that would invalidate absolute references to them. */
--    assert(lastReplaced + 1 < shdrs.size()); /* !!! I'm lazy. */
--    size_t startOffset = rdi(shdrs[lastReplaced + 1].sh_offset);
--    Elf_Addr startAddr = rdi(shdrs[lastReplaced + 1].sh_addr);
--    string prevSection;
--    for (unsigned int i = 1; i <= lastReplaced; ++i) {
--        Elf_Shdr & shdr(shdrs[i]);
--        string sectionName = getSectionName(shdr);
--        debug("looking at section `%s'\n", sectionName.c_str());
--        /* !!! Why do we stop after a .dynstr section? I can't
--           remember! */
--        if ((rdi(shdr.sh_type) == SHT_PROGBITS && sectionName != ".interp")
--            || prevSection == ".dynstr")
--        {
--            startOffset = rdi(shdr.sh_offset);
--            startAddr = rdi(shdr.sh_addr);
--            lastReplaced = i - 1;
--            break;
-+         i != replacedSections.end(); ++i) {
-+        shdr = findSection(i->first);
-+        if (rdi(shdr.sh_flags) & SHF_WRITE) {
-+            oldData += rdi(shdr.sh_size);
-+            neededData += roundUp(i->second.size(), sectionAlignment);
-         } else {
--            if (replacedSections.find(sectionName) == replacedSections.end()) {
--                debug("replacing section `%s' which is in the way\n", sectionName.c_str());
--                replaceSection(sectionName, rdi(shdr.sh_size));
--            }
-+            oldCode += rdi(shdr.sh_size);
-+            neededCode += roundUp(i->second.size(), sectionAlignment);
-         }
--        prevSection = sectionName;
-     }
- 
--    debug("first reserved offset/addr is 0x%x/0x%llx\n",
--        startOffset, (unsigned long long) startAddr);
--
--    assert(startAddr % pageSize == startOffset % pageSize);
--    Elf_Addr firstPage = startAddr - startOffset;
--    debug("first page is 0x%llx\n", (unsigned long long) firstPage);
--
--    /* Right now we assume that the section headers are somewhere near
--       the end, which appears to be the case most of the time.
--       Therefore they're not accidentally overwritten by the replaced
--       sections. !!!  Fix this. */
--    assert((off_t) rdi(hdr->e_shoff) >= startOffset);
--
--
--    /* Compute the total space needed for the replaced sections, the
--       ELF header, and the program headers. */
--    size_t neededSpace = sizeof(Elf_Ehdr) + phdrs.size() * sizeof(Elf_Phdr);
--    for (ReplacedSections::iterator i = replacedSections.begin();
--         i != replacedSections.end(); ++i)
--        neededSpace += roundUp(i->second.size(), sectionAlignment);
--
--    debug("needed space is %d\n", neededSpace);
--
--    /* If we need more space at the start of the file, then grow the
--       file by the minimum number of pages and adjust internal
--       offsets. */
--    if (neededSpace > startOffset) {
--
--        /* We also need an additional program header, so adjust for that. */
--        neededSpace += sizeof(Elf_Phdr);
--        debug("needed space is %d\n", neededSpace);
--
--        unsigned int neededPages = roundUp(neededSpace - startOffset, pageSize) / pageSize;
--        debug("needed pages is %d\n", neededPages);
--        if (neededPages * pageSize > firstPage)
--            error("virtual address space underrun!");
--
--        firstPage -= neededPages * pageSize;
--        startOffset += neededPages * pageSize;
--
--        shiftFile(neededPages, firstPage);
--    }
--
--
--    /* Clear out the free space. */
--    Elf_Off curOff = sizeof(Elf_Ehdr) + phdrs.size() * sizeof(Elf_Phdr);
--    debug("clearing first %d bytes\n", startOffset - curOff);
--    memset(contents + curOff, 0, startOffset - curOff);
-+    debug("needed space is C: %d, D: %d\n", neededCode, neededData);
- 
-+    /* If we need more space within the file, then grow the
-+       file and adjust internal offsets. */
-+    shiftFile(neededCode, neededData, codeOff, dataOff, &codePage,
-+              &dataPage);
-+    assert(codeOff[0] > 0);
- 
-     /* Write out the replaced sections. */
--    writeReplacedSections(curOff, firstPage, 0);
--    assert((off_t) curOff == neededSpace);
--
-+    debug("codePage: %#lx, dataPage: %#lx\n", codePage, dataPage);
-+    writeReplacedSections(codeOff[0], codePage + codeOff[1], codeOff[0]);
-+    writeReplacedSections(dataOff[0], dataPage + dataOff[1], dataOff[0], true);
- 
-     rewriteHeaders(firstPage + rdi(hdr->e_phoff));
- }
-@@ -758,10 +685,10 @@ void ElfFile<ElfFileParamNames>::rewriteSections()
- 
-     if (rdi(hdr->e_type) == ET_DYN) {
-         debug("this is a dynamic library\n");
--        rewriteSectionsLibrary();
-+        rewriteSectionsBinary();
-     } else if (rdi(hdr->e_type) == ET_EXEC) {
-         debug("this is an executable\n");
--        rewriteSectionsExecutable();
-+        rewriteSectionsBinary();
-     } else error("unknown ELF type");
- }
- 
--- 
-2.1.2
-
diff --git a/gnu/packages/patches/udiskie-no-appindicator.patch b/gnu/packages/patches/udiskie-no-appindicator.patch
new file mode 100644
index 0000000000..c19099cdaa
--- /dev/null
+++ b/gnu/packages/patches/udiskie-no-appindicator.patch
@@ -0,0 +1,155 @@
+Remove the support for Unity's appindicator.
+
+diff -Naur udiskie-1.7.7/completions/_udiskie udiskie-1.7.7a/completions/_udiskie
+--- udiskie-1.7.7/completions/_udiskie	2019-02-17 18:28:58.000000000 +0100
++++ udiskie-1.7.7a/completions/_udiskie	2019-10-29 14:21:04.556193639 +0100
+@@ -21,8 +21,6 @@
+     '(-a)'{-A,--no-automount}"[disable automounting]"
+     '(-N)'{-n,--notify}"[show popup notifications]"
+     '(-n)'{-N,--no-notify}"[disable notifications]"
+-    '(--no-appindicator)'--appindicator"[use appindicator for status icon]"
+-    '(--appindicator)'--no-appindicator"[don't use appindicator]"
+     '(-T -s)'{-t,--tray}"[show tray icon]"
+     '(-T -t)'{-s,--smart-tray}"[auto hide tray icon]"
+     '(-t -s)'{-T,--no-tray}"[disable tray icon]"
+diff -Naur udiskie-1.7.7/doc/udiskie.8.txt udiskie-1.7.7a/doc/udiskie.8.txt
+--- udiskie-1.7.7/doc/udiskie.8.txt	2019-02-17 18:28:58.000000000 +0100
++++ udiskie-1.7.7a/doc/udiskie.8.txt	2019-10-29 14:21:52.304570344 +0100
+@@ -95,12 +95,6 @@
+ *-F, \--no-file-manager*::
+ 	Disable browsing.
+ 
+-*-appindicator*::
+-	Use AppIndicator3 for the status icon. Use this on Ubuntu/Unity if no icon is shown.
+-
+-*--no-appindicator*::
+-	Use Gtk.StatusIcon for the status icon (default).
+-
+ *--password-cache MINUTES*::
+ 	Cache passwords for LUKS partitions and set the timeout.
+ 
+diff -Naur udiskie-1.7.7/udiskie/appindicator.py udiskie-1.7.7a/udiskie/appindicator.py
+--- udiskie-1.7.7/udiskie/appindicator.py	2019-02-17 18:28:58.000000000 +0100
++++ udiskie-1.7.7a/udiskie/appindicator.py	1970-01-01 01:00:00.000000000 +0100
+@@ -1,61 +0,0 @@
+-"""
+-Status icon using AppIndicator3.
+-"""
+-
+-from gi.repository import Gtk
+-from gi.repository import AppIndicator3
+-
+-from udiskie.async_ import Async
+-
+-
+-class AppIndicatorIcon(object):
+-
+-    """
+-    Show status icon using AppIndicator as backend. Replaces
+-    `udiskie.tray.StatusIcon` on ubuntu/unity.
+-    """
+-
+-    def __init__(self, menumaker, _icons):
+-        self._maker = menumaker
+-        self._menu = Gtk.Menu()
+-        self._indicator = AppIndicator3.Indicator.new(
+-            'udiskie',
+-            _icons.get_icon_name('media'),
+-            AppIndicator3.IndicatorCategory.HARDWARE)
+-        self._indicator.set_status(AppIndicator3.IndicatorStatus.PASSIVE)
+-        self._indicator.set_menu(self._menu)
+-        # Get notified before menu is shown, see:
+-        # https://bugs.launchpad.net/screenlets/+bug/522152/comments/15
+-        dbusmenuserver = self._indicator.get_property('dbus-menu-server')
+-        self._dbusmenuitem = dbusmenuserver.get_property('root-node')
+-        self._conn = self._dbusmenuitem.connect('about-to-show', self._on_show)
+-        self.task = Async()
+-        menumaker._quit_action = self.destroy
+-        # Populate menu initially, so libdbusmenu does not ignore the
+-        # 'about-to-show':
+-        self._maker(self._menu)
+-
+-    def destroy(self):
+-        self.show(False)
+-        self._dbusmenuitem.disconnect(self._conn)
+-        self.task.callback()
+-
+-    @property
+-    def visible(self):
+-        status = self._indicator.get_status()
+-        return status == AppIndicator3.IndicatorStatus.ACTIVE
+-
+-    def show(self, show=True):
+-        if show == self.visible:
+-            return
+-        status = (AppIndicator3.IndicatorStatus.ACTIVE if show else
+-                  AppIndicator3.IndicatorStatus.PASSIVE)
+-        self._indicator.set_status(status)
+-
+-    def _on_show(self, menu):
+-        # clear menu:
+-        for item in self._menu.get_children():
+-            self._menu.remove(item)
+-        # repopulate:
+-        self._maker(self._menu)
+-        self._menu.show_all()
+diff -Naur udiskie-1.7.7/udiskie/cli.py udiskie-1.7.7a/udiskie/cli.py
+--- udiskie-1.7.7/udiskie/cli.py	2019-02-17 18:28:58.000000000 +0100
++++ udiskie-1.7.7a/udiskie/cli.py	2019-10-29 14:18:22.678919186 +0100
+@@ -376,9 +376,6 @@
+         -T, --no-tray                           Disable tray icon
+         -m MENU, --menu MENU                    Tray menu [flat/nested]
+ 
+-        --appindicator                          Use appindicator for status icon
+-        --no-appindicator                       Don't use appindicator
+-
+         --password-cache MINUTES                Set password cache timeout
+         --no-password-cache                     Disable password cache
+ 
+@@ -400,7 +397,6 @@
+         'notify': True,
+         'tray': False,
+         'menu': 'flat',
+-        'appindicator': False,
+         'file_manager': 'xdg-open',
+         'password_prompt': 'builtin:gui',
+         'password_cache': False,
+@@ -415,7 +411,6 @@
+             '--no-tray': False,
+             '--smart-tray': 'auto'}),
+         'menu': Value('--menu'),
+-        'appindicator': Switch('appindicator'),
+         'file_manager': OptionalValue('--file-manager'),
+         'password_prompt': OptionalValue('--password-prompt'),
+         'password_cache': OptionalValue('--password-cache'),
+@@ -541,11 +536,7 @@
+             raise ValueError("Invalid menu: %s" % (options['menu'],))
+ 
+         menu_maker = udiskie.tray.UdiskieMenu(self, icons, actions, flat)
+-        if options['appindicator']:
+-            import udiskie.appindicator
+-            TrayIcon = udiskie.appindicator.AppIndicatorIcon
+-        else:
+-            TrayIcon = udiskie.tray.TrayIcon
++        TrayIcon = udiskie.tray.TrayIcon
+         trayicon = TrayIcon(menu_maker, icons)
+         return udiskie.tray.UdiskieStatusIcon(trayicon, menu_maker, smart)
+ 
+diff -Naur udiskie-1.7.7/udiskie.egg-info/SOURCES.txt udiskie-1.7.7a/udiskie.egg-info/SOURCES.txt
+--- udiskie-1.7.7/udiskie.egg-info/SOURCES.txt	2019-02-17 19:42:25.000000000 +0100
++++ udiskie-1.7.7a/udiskie.egg-info/SOURCES.txt	2019-10-29 14:40:09.333315287 +0100
+@@ -24,7 +24,6 @@
+ test/test_cache.py
+ test/test_match.py
+ udiskie/__init__.py
+-udiskie/appindicator.py
+ udiskie/async_.py
+ udiskie/automount.py
+ udiskie/cache.py
+@@ -46,4 +45,4 @@
+ udiskie.egg-info/dependency_links.txt
+ udiskie.egg-info/entry_points.txt
+ udiskie.egg-info/requires.txt
+-udiskie.egg-info/top_level.txt
+\ Pas de fin de ligne à la fin du fichier
++udiskie.egg-info/top_level.txt
diff --git a/gnu/packages/patches/vlc-fix-test_libvlc_slaves.patch b/gnu/packages/patches/vlc-fix-test_libvlc_slaves.patch
new file mode 100644
index 0000000000..9bc6d35f18
--- /dev/null
+++ b/gnu/packages/patches/vlc-fix-test_libvlc_slaves.patch
@@ -0,0 +1,35 @@
+From 4186c94104ee528abd6860611b49515f3e6ec644 Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Fri, 18 Oct 2019 10:34:07 +0200
+Subject: [PATCH] input/item: sort before attaching slaves
+
+The order of readdir() is completely filesystem dependent.
+
+Slaves should be attached using the same order across multiple OSses/access
+modules.
+
+This fixes the test_libvlc_slaves on some system when the entry order from
+readdir() is different.
+
+This patch need to be backported to VLC 3.0.
+---
+ src/input/item.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/input/item.c b/src/input/item.c
+index e8db39ca28..fbd74cc95f 100644
+--- a/src/input/item.c
++++ b/src/input/item.c
+@@ -1809,8 +1809,8 @@ void vlc_readdir_helper_finish(struct vlc_readdir_helper *p_rdh, bool b_success)
+ {
+     if (b_success)
+     {
+-        rdh_attach_slaves(p_rdh, p_rdh->p_node);
+         rdh_sort(p_rdh->p_node);
++        rdh_attach_slaves(p_rdh, p_rdh->p_node);
+     }
+     free(p_rdh->psz_ignored_exts);
+ 
+-- 
+2.20.1
+