From 18338b85247d32ebd68a0a25ffd4abc7db0d8b08 Mon Sep 17 00:00:00 2001 From: Ian Eure Date: Sun, 15 Dec 2024 10:51:58 -0800 Subject: [PATCH] gnu: librewolf: Update to 134.0.1-1 [security fixes]. New upstream release. Some minor tweaks needed, like switching from gzip to pigz, updating icu4c, and ensuring it builds with the correct Rust version. CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack CVE-2025-0238: Use-after-free when breaking lines in text CVE-2025-0239: Alt-Svc ALPN validation failure when redirected CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on Firefox for Android CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134 * gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1. Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23 --- gnu/packages/librewolf.scm | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 5bdf7a0f81..28abaefe53 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -154,7 +154,7 @@ #+(canonical-package xz) #+(canonical-package sed) #+(canonical-package grep) - #+(canonical-package gzip) + #+(canonical-package pigz) #+(canonical-package tar))) (set-path-environment-variable "PYTHONPATH" @@ -194,26 +194,28 @@ "torbrowser-compare-paths.patch" "librewolf-use-system-wide-dir.patch"))))) -;; Define the versions of rust needed to build librewolf, trying to match -;; upstream. See the file taskcluster/ci/toolchain/rust.yml at -;; https://searchfox.org under the particular firefox release, like -;; mozilla-esr102. -(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. +;;; Define the versions of rust needed to build firefox, trying to match +;;; upstream. See table at [0], `Uses' column for the specific version. +;;; Using `rust' will likely lead to a newer version then listed in the table, +;;; but since in Guix only the latest packaged Rust is officially supported, +;;; it is a tradeoff worth making. +;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html +(define rust-librewolf rust-1.81) ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20241130102406") +(define %librewolf-build-id "20250121184331") (define-public librewolf (package (name "librewolf") - (version "133.0-1") + (version "134.0.1-1") (source (make-librewolf-source #:version version - #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9" - #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4")) + #:firefox-hash "1rb54b62zcmhabmx3rsd5badv9wwih6h19a0g80c03qgwwy8b8g3" + #:librewolf-hash "0bcjk3pkyq2w39n022kcpl8nqd8ng9653jc8gklfrfw9avwmpmk2" #:l10n firefox-l10n)) (build-system gnu-build-system) (arguments @@ -666,7 +668,7 @@ gtk+ gtk+-2 hunspell - icu4c-73 + icu4c-75 jemalloc libcanberra libevent