GNU bug report logs -
#71121
[PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes]
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Wed, 22 May 2024 14:54:02 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sat, 01 Jun 2024 07:33:27 -0400
with message-id <87mso4c2yg.fsf <at> gmail.com>
and subject line Re: [bug#71121] [PATCH v2 3/3] gnu: librewolf: Update to 126.0-1.
has caused the debbugs.gnu.org bug report #71121,
regarding [PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes]
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
71121: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71121
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
This patch series changes how LibreWolf is built, and updates it to 126.0-1,
which contains fixes for: CVE-2024-4367, CVE-2024-4764, CVE-2024-4765,
CVE-2024-4766, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770,
CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775,
CVE-2024-4776, CVE-2024-4777, CVE-2024-4778.
Previously, LibreWolf has built from the upstream source release tarballs,
which are generated with an automated process: a script downloads the Firefox
source, patches it, and repacks it into the LibreWolf source tarball. This
process is now automated into the Guix package builds, so things are built
directly from the LibreWolf source repo and Firefox upstream release tarball.
This is how IceCat builds, and means we don't have to trust the results of an
external build process. This necessitated making all-mozilla-locales public
in (gnu packages gnuzilla), and adding the Santali locale to it.
LibreWolf 126.0-1 backports a fix for the encoding_rs library, needed to make
it build on newer versions of Rust. Unfortunately, this also fails to build
on Rust 1.75, which is what's currently in Guix. It was necessary to back
this out to get things building, and it'll likely need to be reapplied once
the rust-team branch merges.
Ian Eure (3):
gnu: all-mozilla-locales: Add Santali locale; make public.
gnu: librewolf: Rebuild source tarball
gnu: librewolf: Update to 126.0-1.
gnu/packages/gnuzilla.scm | 3 +-
gnu/packages/librewolf.scm | 127 +++++++++++++++++++++++++++++++++----
2 files changed, 116 insertions(+), 14 deletions(-)
--
2.41.0
[Message part 3 (message/rfc822, inline)]
Hi Ian,
Ian Eure <ian <at> retrospec.tv> writes:
> * gnu/packages/librewolf.scm (librewolf): Update to 126.0-1. Fixes
> CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767,
> CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772,
> CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777,
> CVE-2024-4778.
>
> Change-Id: Iec010e516651588da389f747074cbd10f8c14377
I've moved some of the commit message explanations to match the
following template:
--8<---------------cut here---------------start------------->8---
$summary
$rationale/explanations
$gnu-changelog
--8<---------------cut here---------------end--------------->8---
along with some trivial adjustments, tested it could build reproducibly*
and pushed. Thank you for your work on this fine browser!
* as mentioned on IRC I did notice the build failing
non-deterministically when using a monstrous number of cores such as
180; that seems to be a shortcoming of cargo and/or the firefox build
system.
--
Thanks,
Maxim
This bug report was last modified 352 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.