amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: librewolf: Update to 136.0-2 [security fixes].

Browse source 
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in
               the Browser process
CVE-2025-1939: Tapjacking in Android Custom Tabs using transition
               animations
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
               out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1940: Android Intent confirmation prompt tapjacking using
               Select options
CVE-2024-9956: Passkey phishing within Bluetooth range
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase()
               causes string to get longer
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed
               the interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird
               136, Firefox ESR 115.21, Firefox ESR 128.8, and
               Thunderbird 128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird
               136, Firefox ESR 128.8, and Thunderbird 128.8
CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird
               136

* gnu/packages/librewolf.scm (librewolf): Update to 136.0-2.

Change-Id: Ia3b5777478fa8443471bd1e61898128cdeda4bcf
This commit is contained in:
Ian Eure 2025-03-11 21:24:10 -07:00
parent dafdca07ea
commit 0b7c8ee635
No known key found for this signature in database
GPG key ID: 8499AC88F1A71CF2
1 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

25
gnu/packages/librewolf.scm
View file

@ -200,23 +200,23 @@
;;; but since in Guix only the latest packaged Rust is officially supported,
;;; it is a tradeoff worth making.
;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
;; 135.0 wants 1.83, but it's not available in Guix yet.
;; 136.0 wants 1.84, but it's not available in Guix yet.
(define rust-librewolf rust-1.82)
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
(define %librewolf-build-id "20250209210057")
(define %librewolf-build-id "20250306064037")
(define-public librewolf
(package
(name "librewolf")
(version "135.0-1")
(version "136.0-2")
(source
(make-librewolf-source
#:version version
#:firefox-hash "0q5r2q6q56kyzl5pknrir9bzlhmzbvv9hi5gi4852izgcali4zl2"
#:librewolf-hash "0fg4vji5xb17pgvq7jnfz4dq08gi0rl998xhj37hfm5zxs19y8jk"
#:firefox-hash "0mvg53fr9zi6pq2pwa6qzqi88brqig1wlzic9sz52i4knx733viv"
#:librewolf-hash "0zb5f6hml7nmyf8hms66s07ba97x2px2hgqqi4lmwr5hm9mf942z"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@ -392,6 +392,17 @@
(lambda _
(setenv "MOZ_BUILD_DATE"
#$%librewolf-build-id)))
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1927380
(add-before 'configure 'patch-icu-lookup
(lambda _
(let* ((file "js/moz.configure")
(old-content (call-with-input-file file get-string-all)))
(substitute* file
(("icu-i18n >= 76.1" all)
(string-append all ", icu-uc >= 76.1")))
(if (string=? old-content
(pk (call-with-input-file file get-string-all)))
(error "substitute did nothing, phase requires an update")))))
(replace 'configure
(lambda* (#:key inputs outputs configure-flags
#:allow-other-keys)
@ -671,7 +682,7 @@
gtk+
gtk+-2
hunspell
icu4c-75
icu4c-76
jemalloc
libcanberra
libevent
@ -679,7 +690,7 @@
libgnome
libjpeg-turbo
libnotify
libpng-apng
libpng-apng-for-librewolf
libva
libvpx
libwebp