GNU bug report logs -
#74628
[PATCH 0/2] gnu: librewolf: Update to 133.0-1 [security fixes].
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Sat, 30 Nov 2024 18:32:02 UTC
Severity: normal
Tags: patch
Done: Hilton Chain <hako <at> ultrarare.space>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 74628 in the body.
You can then email your comments to 74628 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#74628; Package
guix-patches.
(Sat, 30 Nov 2024 18:32:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ian Eure <ian <at> retrospec.tv>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 30 Nov 2024 18:32:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Straightforward update, only requires an nss-rapid version bump.
Ian Eure (2):
gnu: nss-rapid: Update to 3.107.
gnu: librewolf: Update to 133.0-1 [security fixes].
gnu/packages/librewolf.scm | 8 ++++----
gnu/packages/nss.scm | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74628; Package
guix-patches.
(Sat, 30 Nov 2024 18:33:03 GMT)
Full text and
rfc822 format available.
Message #8 received at 74628 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/nss.scm (nss-rapid): Update to 3.107.
Change-Id: I05c6e9c6633ed222d26b76ae5def35179f31f317
---
gnu/packages/nss.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 86b3743656..aaa9848501 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -333,7 +333,7 @@ (define-public nss-rapid
(package
(inherit nss)
(name "nss-rapid")
- (version "3.105")
+ (version "3.107")
(source (origin
(inherit (package-source nss))
(uri (let ((version-with-underscores
@@ -344,7 +344,7 @@ (define-public nss-rapid
"nss-" version ".tar.gz")))
(sha256
(base32
- "06an746lrnmp7mnr866cjxngkrw8c5ngdykw425q4p6ai264r3lf"))))
+ "0ab7kpyg54aha86aw0ak70ckmfj1ih7d9x8mlrqhf59q7r3rczkz"))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
@@ -376,7 +376,7 @@ (define-public nss-rapid
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2024-09-2" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-11-29" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))))))
(synopsis "Network Security Services (Rapid Release)")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74628; Package
guix-patches.
(Sat, 30 Nov 2024 18:33:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 74628 <at> debbugs.gnu.org (full text, mbox):
New upstream version. Fixes CVEs:
CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
on Android
CVE-2024-11692: Select list elements could be shown over another site
CVE-2024-11701: Misleading Address Bar State During Navigation
Interruption
CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
Mode on Android
CVE-2024-11693: Download Protections were bypassed by .library-ms
files on Windows
CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
Shims
CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
Whitespace Characters
CVE-2024-11703: Password access without authentication via PIN bypass
on Android
CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
CVE-2024-11697: Improper Keypress Handling in Executable File
Confirmation Dialog
CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
Decryption Handling
CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
Transition on macOS
CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
CVE-2024-11708: Data race with PlaybackParams
CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
128.5, and Thunderbird 128.5
* gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.
Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
---
gnu/packages/librewolf.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index ad387b1cac..5d432cfad8 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -199,17 +199,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241119164012")
+(define %librewolf-build-id "20241130102406")
(define-public librewolf
(package
(name "librewolf")
- (version "132.0.2-1")
+ (version "133.0-1")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "1s8h4sf78i5ybzv5pvdpx09fb04gdly7pzgivh8kzqdlyij1g7ij"
- #:librewolf-hash "0qyi0w92vj5yqljrkzcif2jiz3ispyglg4awywyiqd874i0p8c7c"))
+ #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
+ #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74628; Package
guix-patches.
(Sat, 30 Nov 2024 21:17:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 74628 <at> debbugs.gnu.org (full text, mbox):
Hi!
Patches apply successfully, both nss-rapid and librewolf build fine on
x86_64.
Librewolf starts and opens a couple of sites.
LGTM.
Reply sent
to
Hilton Chain <hako <at> ultrarare.space>:
You have taken responsibility.
(Mon, 02 Dec 2024 00:04:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ian Eure <ian <at> retrospec.tv>:
bug acknowledged by developer.
(Mon, 02 Dec 2024 00:04:04 GMT)
Full text and
rfc822 format available.
Message #19 received at 74628-done <at> debbugs.gnu.org (full text, mbox):
Hi Ian,
On Sun, 01 Dec 2024 02:31:31 +0800,
Ian Eure wrote:
>
> Straightforward update, only requires an nss-rapid version bump.
>
> Ian Eure (2):
> gnu: nss-rapid: Update to 3.107.
> gnu: librewolf: Update to 133.0-1 [security fixes].
>
> gnu/packages/librewolf.scm | 8 ++++----
> gnu/packages/nss.scm | 6 +++---
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> --
> 2.46.0
Applied as 395abb86a61e9ea9ed49a25e4ba3f44ac80cebb4 and
41fd9cfc65e0284173c9cb45117f8b47bd88874d, thanks!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 30 Dec 2024 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 166 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.