GNU bug report logs - #67512
[PATCH 0/5] Add LibreWolf

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Tue, 28 Nov 2023 20:12:01 UTC

Severity: normal

Tags: patch

Done: Andrew Tropin <andrew <at> trop.in>

Bug is archived. No further changes may be made.

Full log

Message #232 received at 67512 <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 67512 <at> debbugs.gnu.org, guix-devel <at> gnu.org, guix-security <at> gnu.org,
 Mark H Weaver <mhw <at> netris.org>, andrew <at> trop.in
Subject: Re: bug#67512: [PATCH v7 0/3] Add LibreWolf
Date: Sat, 27 Apr 2024 10:19:46 -0700

Clément Lassieur <clement <at> lassieur.org> writes:

> On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:
>
>> On 2024-04-06 08:04, Ian Eure wrote:
>>
>>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid 
>>> rebuilding thousands of packages.
>>>
>>> Rebases.
>>>
>>> Ian Eure (3):
>>>   gnu: Add nss-3.98.
>>>   gnu: Add nss-certs-3.98.
>>>   gnu: Add librewolf.
>>>
>>>  gnu/packages/certs.scm     |  16 +
>>>  gnu/packages/librewolf.scm | 621 
>>>  +++++++++++++++++++++++++++++++++++++
>>>  gnu/packages/nss.scm       |  45 +++
>>>  3 files changed, 682 insertions(+)
>>>  create mode 100644 gnu/packages/librewolf.scm
>>>
>>>
>>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>>
>> Hi Ian,
>>
>> tested those patches, didn't notice any issues.
>>
>> Added pipewire to LD_LIBRARY_PATH to make screensharing on 
>> wayland to
>> work.
>>
>> Added librewolf.scm to gnu/local.mk.
>>
>> Pushed as
>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>>
>> Thank you very much for you work!
>
> Thank you Andrew for reviewing.
>
> Now that this is pushed, is there anyone maintaining this 
> "librewolf"
> package?  This is serious work, with security updates quite 
> often.
>

Hi Clement,

I’m planning to continue sending patches for updates and the like. 
Getting a working updater is close to the top of my list.


> Right now the package is subject to
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>

The version in Guix is the latest available.  I’ll send in a patch 
when the next release happens; I’m waiting on upstream for that.

Thanks,

 — Ian
This bug report was last modified 1 year and 83 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.