GNU bug report logs - #76189
[PATCH] gnu: librewolf: Update to 135.0-1 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Tue, 11 Feb 2025 01:57:01 UTC

Severity: normal

Tags: patch

Done: Ian Eure <ian <at> retrospec.tv>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ian Eure <ian <at> retrospec.tv>
To: 76189 <at> debbugs.gnu.org
Cc: Ian Eure <ian <at> retrospec.tv>
Subject: [bug#76189] [PATCH] gnu: librewolf: Update to 135.0-1 [security fixes].
Date: Mon, 10 Feb 2025 17:55:34 -0800

New upstream version.  Contains fixes for:

CVE-2025-1009: Use-after-free in XSLT
CVE-2025-1010: Use-after-free in Custom Highlight
CVE-2025-1018: Fullscreen notification is not displayed when
               fullscreen is re-requested
CVE-2025-1011: A bug in WebAssembly code generation could result in a
               crash
CVE-2025-1012: Use-after-free during concurrent delazification
CVE-2025-1019: Fullscreen notification not properly displayed
CVE-2025-1013: Potential opening of private browsing tabs in normal
               browsing windows
CVE-2025-1014: Certificate length was not properly checked
CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird
               135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird
               115.20, and Thunderbird 128.7
CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird
               135, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird
               135

* gnu/packages/librewolf.scm (librewolf): Update to 135.0-1.

Change-Id: I7054fc9df31d59bb0d42e02b1f359cf3e6c1a43d
---
 gnu/packages/librewolf.scm | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 59c7e3a4a3..e5e91fb91e 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -200,22 +200,23 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
 ;;; but since in Guix only the latest packaged Rust is officially supported,
 ;;; it is a tradeoff worth making.
 ;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
-(define rust-librewolf rust-1.81)
+;; 135.0 wants 1.83, but it's not available in Guix yet.
+(define rust-librewolf rust-1.82)
 
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250121184331")
+(define %librewolf-build-id "20250209210057")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "134.0.2-1")
+    (version "135.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "09yxacfcklgjqbqvcac32llwmlb16d9jhfp2mif9qs7s2gzvfvkc"
-      #:librewolf-hash "1qa3crgazfvmsqx8dm0k78yk9cb11w1lf74x6x8ixjq5ifsdh1ws"
+      #:firefox-hash "0q5r2q6q56kyzl5pknrir9bzlhmzbvv9hi5gi4852izgcali4zl2"
+      #:librewolf-hash "0fg4vji5xb17pgvq7jnfz4dq08gi0rl998xhj37hfm5zxs19y8jk"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
-- 
2.48.1
This bug report was last modified 94 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.