~ruther/guix-local

e4e3068124baaffc9b986e7aa3831bc9ac7adf6e — Ian Eure 1 year, 2 months ago fd35135 
gnu: librewolf: Update to 134.0.1-1 [security fixes].

New upstream release.  Some minor tweaks needed, like switching from gzip to
pigz, updating icu4c, and ensuring it builds with the correct Rust version.

CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
CVE-2025-0238: Use-after-free when breaking lines in text
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON
               module
CVE-2025-0241: Memory corruption when using JavaScript Text
               Segmentation
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird
               115.19, and Thunderbird 128.6
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-0244: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird
               134

* gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1.

Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
patch browse .tar.gz 
1 files changed, 13 insertions(+), 11 deletions(-)

M gnu/packages/librewolf.scm

M gnu/packages/librewolf.scm => gnu/packages/librewolf.scm +13 -11
@@ 154,7 154,7 @@
                      #+(canonical-package xz)
                      #+(canonical-package sed)
                      #+(canonical-package grep)
                      #+(canonical-package gzip)
                      #+(canonical-package pigz)
                      #+(canonical-package tar)))
               (set-path-environment-variable
                "PYTHONPATH"


@@ 194,26 194,28 @@
        "torbrowser-compare-paths.patch"
        "librewolf-use-system-wide-dir.patch")))))

;; Define the versions of rust needed to build librewolf, trying to match
;; upstream.  See the file taskcluster/ci/toolchain/rust.yml at
;; https://searchfox.org under the particular firefox release, like
;; mozilla-esr102.
(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;;; Define the versions of rust needed to build firefox, trying to match
;;; upstream.  See table at [0], `Uses' column for the specific version.
;;; Using `rust' will likely lead to a newer version then listed in the table,
;;; but since in Guix only the latest packaged Rust is officially supported,
;;; it is a tradeoff worth making.
;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
(define rust-librewolf rust-1.81)

;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
(define %librewolf-build-id "20241130102406")
(define %librewolf-build-id "20250121184331")

(define-public librewolf
  (package
    (name "librewolf")
    (version "133.0-1")
    (version "134.0.1-1")
    (source
     (make-librewolf-source
      #:version version
      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
      #:firefox-hash "1rb54b62zcmhabmx3rsd5badv9wwih6h19a0g80c03qgwwy8b8g3"
      #:librewolf-hash "0bcjk3pkyq2w39n022kcpl8nqd8ng9653jc8gklfrfw9avwmpmk2"
      #:l10n firefox-l10n))
    (build-system gnu-build-system)
    (arguments


@@ 666,7 668,7 @@
                  gtk+
                  gtk+-2
                  hunspell
                  icu4c-73
                  icu4c-75
                  jemalloc
                  libcanberra
                  libevent