GNU bug report logs - #76189
[PATCH] gnu: librewolf: Update to 135.0-1 [security fixes].

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 76189 in the body.
You can then email your comments to 76189 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: guix-patches <at> gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>
Subject: [PATCH] gnu: librewolf: Update to 135.0-1 [security fixes].
Date: Mon, 10 Feb 2025 17:55:34 -0800

New upstream version.  Contains fixes for:

CVE-2025-1009: Use-after-free in XSLT
CVE-2025-1010: Use-after-free in Custom Highlight
CVE-2025-1018: Fullscreen notification is not displayed when
               fullscreen is re-requested
CVE-2025-1011: A bug in WebAssembly code generation could result in a
               crash
CVE-2025-1012: Use-after-free during concurrent delazification
CVE-2025-1019: Fullscreen notification not properly displayed
CVE-2025-1013: Potential opening of private browsing tabs in normal
               browsing windows
CVE-2025-1014: Certificate length was not properly checked
CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird
               135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird
               115.20, and Thunderbird 128.7
CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird
               135, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird
               135

* gnu/packages/librewolf.scm (librewolf): Update to 135.0-1.

Change-Id: I7054fc9df31d59bb0d42e02b1f359cf3e6c1a43d
---
 gnu/packages/librewolf.scm | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 59c7e3a4a3..e5e91fb91e 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -200,22 +200,23 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
 ;;; but since in Guix only the latest packaged Rust is officially supported,
 ;;; it is a tradeoff worth making.
 ;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
-(define rust-librewolf rust-1.81)
+;; 135.0 wants 1.83, but it's not available in Guix yet.
+(define rust-librewolf rust-1.82)
 
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250121184331")
+(define %librewolf-build-id "20250209210057")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "134.0.2-1")
+    (version "135.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "09yxacfcklgjqbqvcac32llwmlb16d9jhfp2mif9qs7s2gzvfvkc"
-      #:librewolf-hash "1qa3crgazfvmsqx8dm0k78yk9cb11w1lf74x6x8ixjq5ifsdh1ws"
+      #:firefox-hash "0q5r2q6q56kyzl5pknrir9bzlhmzbvv9hi5gi4852izgcali4zl2"
+      #:librewolf-hash "0fg4vji5xb17pgvq7jnfz4dq08gi0rl998xhj37hfm5zxs19y8jk"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
-- 
2.48.1

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.