GNU bug report logs -
#71121
[PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes]
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Wed, 22 May 2024 14:54:02 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#71121: [PATCH 0/3] Update LibreWolf to 126.0-1 [security fixes]
which was filed against the guix-patches package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 71121 <at> debbugs.gnu.org.
--
71121: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71121
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hi Ian,
Ian Eure <ian <at> retrospec.tv> writes:
> * gnu/packages/librewolf.scm (librewolf): Update to 126.0-1. Fixes
> CVE-2024-4367, CVE-2024-4764, CVE-2024-4765, CVE-2024-4766, CVE-2024-4767,
> CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4771, CVE-2024-4772,
> CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777,
> CVE-2024-4778.
>
> Change-Id: Iec010e516651588da389f747074cbd10f8c14377
I've moved some of the commit message explanations to match the
following template:
--8<---------------cut here---------------start------------->8---
$summary
$rationale/explanations
$gnu-changelog
--8<---------------cut here---------------end--------------->8---
along with some trivial adjustments, tested it could build reproducibly*
and pushed. Thank you for your work on this fine browser!
* as mentioned on IRC I did notice the build failing
non-deterministically when using a monstrous number of cores such as
180; that seems to be a shortcoming of cargo and/or the firefox build
system.
--
Thanks,
Maxim
[Message part 3 (message/rfc822, inline)]
This patch series changes how LibreWolf is built, and updates it to 126.0-1,
which contains fixes for: CVE-2024-4367, CVE-2024-4764, CVE-2024-4765,
CVE-2024-4766, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770,
CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775,
CVE-2024-4776, CVE-2024-4777, CVE-2024-4778.
Previously, LibreWolf has built from the upstream source release tarballs,
which are generated with an automated process: a script downloads the Firefox
source, patches it, and repacks it into the LibreWolf source tarball. This
process is now automated into the Guix package builds, so things are built
directly from the LibreWolf source repo and Firefox upstream release tarball.
This is how IceCat builds, and means we don't have to trust the results of an
external build process. This necessitated making all-mozilla-locales public
in (gnu packages gnuzilla), and adding the Santali locale to it.
LibreWolf 126.0-1 backports a fix for the encoding_rs library, needed to make
it build on newer versions of Rust. Unfortunately, this also fails to build
on Rust 1.75, which is what's currently in Guix. It was necessary to back
this out to get things building, and it'll likely need to be reapplied once
the rust-team branch merges.
Ian Eure (3):
gnu: all-mozilla-locales: Add Santali locale; make public.
gnu: librewolf: Rebuild source tarball
gnu: librewolf: Update to 126.0-1.
gnu/packages/gnuzilla.scm | 3 +-
gnu/packages/librewolf.scm | 127 +++++++++++++++++++++++++++++++++----
2 files changed, 116 insertions(+), 14 deletions(-)
--
2.41.0
This bug report was last modified 352 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.