GNU bug report logs -
#78249
[PATCH 0/3] gnu: librewolf: Update to 138.0.1-2 [security fixes].
Previous Next
Reported by: Ian Eure <ian <at> retrospec.tv>
Date: Sun, 4 May 2025 23:19:02 UTC
Severity: normal
Tags: patch
Done: Ian Eure <ian <at> retrospec.tv>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Contains fixes for:
CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
137
* gnu/packages/librewolf.scm (librewolf): Update to 137.0-1.
Change-Id: I23d8cbefc242e57c19b4e98660fd22bd1dda8d6a
---
gnu/packages/librewolf.scm | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1cb7084f23..ae4d64534c 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -206,17 +206,17 @@ (define rust-librewolf rust-1.82)
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250327215540")
+(define %librewolf-build-id "20250401171639")
(define-public librewolf
(package
(name "librewolf")
- (version "136.0.4-1")
+ (version "137.0-1")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "0hn2ywyacgg8n47qz1q2l8bf32mszj3vnpkl6kag3wmqqbhvja2a"
- #:librewolf-hash "045il4xrji2zh1scx3aiy6hx6jv098232aycda6bhsh27szbsrfa"
+ #:firefox-hash "07d9rdxmp48gbk41y1c6gggzziv9aqdhjwgi6c0hrf6chcppxi0y"
+ #:librewolf-hash "164bvissxzhzlwjafp9pdyhhg8hhdxh8w61ifkak497qm4yf8af7"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@@ -236,8 +236,6 @@ (define-public librewolf
"--with-system-ffi"
"--enable-system-pixman"
"--enable-jemalloc"
-
- ;; see https://bugs.gnu.org/32833
"--with-system-nspr"
"--with-system-nss"
@@ -312,7 +310,7 @@ (define (write-setting key value)
(libavcodec (string-append ffmpeg
"/lib/libavcodec.so")))
;; Arrange to load libavcodec.so by its absolute file name.
- (substitute*
+ (substitute*
"dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
(("libavcodec\\.so")
libavcodec)))))
@@ -405,7 +403,7 @@ (define (write-setting key value)
(string-append all ", icu-uc >= 76.1")))
(if (string=? old-content
(pk (call-with-input-file file get-string-all)))
- (error
+ (error
"substitute did nothing, phase requires an update")))))
(replace 'configure
(lambda* (#:key inputs outputs configure-flags
@@ -478,7 +476,7 @@ (define write-flags
(invoke "./mach" "configure")))
(add-before 'build 'fix-addons-placeholder
(lambda _
- (substitute*
+ (substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org")
"gnuzilla.gnu.org"))))
--
2.49.0
This bug report was last modified 4 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.