GNU bug report logs -
#75499
[PATCH 0/3] gnu: librewolf: Update to 133.0.3-1.
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Sat, 11 Jan 2025 17:28:02 UTC
Severity: normal
Tags: patch
Done: Z572 <zhengjunjie <at> iscas.ac.cn>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
New upstream release. Some minor tweaks needed, like switching from gzip to
pigz, updating icu4c, and ensuring it builds with the correct Rust version.
CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
CVE-2025-0238: Use-after-free when breaking lines in text
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON
module
CVE-2025-0241: Memory corruption when using JavaScript Text
Segmentation
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird
134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird
115.19, and Thunderbird 128.6
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird
134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-0244: Address bar spoofing using an invalid protocol scheme
on Firefox for Android
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme
on Firefox for Android
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird
134
* gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1.
Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23
---
gnu/packages/librewolf.scm | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 5bdf7a0f81..28abaefe53 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -154,7 +154,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
#+(canonical-package xz)
#+(canonical-package sed)
#+(canonical-package grep)
- #+(canonical-package gzip)
+ #+(canonical-package pigz)
#+(canonical-package tar)))
(set-path-environment-variable
"PYTHONPATH"
@@ -194,26 +194,28 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
"torbrowser-compare-paths.patch"
"librewolf-use-system-wide-dir.patch")))))
-;; Define the versions of rust needed to build librewolf, trying to match
-;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
-;; https://searchfox.org under the particular firefox release, like
-;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
+;;; Define the versions of rust needed to build firefox, trying to match
+;;; upstream. See table at [0], `Uses' column for the specific version.
+;;; Using `rust' will likely lead to a newer version then listed in the table,
+;;; but since in Guix only the latest packaged Rust is officially supported,
+;;; it is a tradeoff worth making.
+;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
+(define rust-librewolf rust-1.81)
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241130102406")
+(define %librewolf-build-id "20250121184331")
(define-public librewolf
(package
(name "librewolf")
- (version "133.0-1")
+ (version "134.0.1-1")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
- #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
+ #:firefox-hash "1rb54b62zcmhabmx3rsd5badv9wwih6h19a0g80c03qgwwy8b8g3"
+ #:librewolf-hash "0bcjk3pkyq2w39n022kcpl8nqd8ng9653jc8gklfrfw9avwmpmk2"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@@ -666,7 +668,7 @@ (define (runpaths-of-input label)
gtk+
gtk+-2
hunspell
- icu4c-73
+ icu4c-75
jemalloc
libcanberra
libevent
--
2.47.1
This bug report was last modified 124 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.