amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: librewolf: Update to 140.0.2-1 [security-fixes].

Browse source 
Contains fixes for:
CVE-2025-6424: Use-after-free in FontFaceSet
CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed
               a persistent UUID
CVE-2025-6426: No warning when opening executable terminal files on
               macOS
CVE-2025-6427: connect-src Content Security Policy restriction could
               be bypassed
CVE-2025-6428: Firefox for Android opened URLs specified in a link
               querystring parameter
CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding
               of youtube.com
CVE-2025-6430: Content-Disposition header ignored when a file is
               included in an embed or object tag
CVE-2025-6431: The prompt in Firefox for Android that asks before
               opening a link in an external application could be
               bypassed
CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy
CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a
               webpage with an invalid TLS certificate
CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking
               delay
CVE-2025-6435: Save as in Devtools could download files without
               sanitizing the extension
CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird
               140

* gnu/packages/librewolf.scm (librewolf): Update to 140.0.2-1.
* gnu/packages/patches/librewolf-use-system-wide-dir.patch: Adjust.

Change-Id: I786706575e04f32054f6a1142d606eb3ba6b22e3
This commit is contained in:
Ian Eure 2025-06-28 10:21:41 -07:00
parent 36badd3497
commit 5cefe19700
No known key found for this signature in database
GPG key ID: 8499AC88F1A71CF2
2 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
gnu/packages/librewolf.scm
View file

@ -212,17 +212,17 @@
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
;; or: (format-time-string "%Y%m%d%H%M%S")
(define %librewolf-build-id "20250613072513")
(define %librewolf-build-id "20250628094930")
(define-public librewolf
(package
(name "librewolf")
(version "139.0.4-1")
(version "140.0.2-1")
(source
(make-librewolf-source
#:version version
#:firefox-hash "1xc7481g9adrn98ivqgigvdjcpkyk6sa183qvpbwcjgrqczhapjk"
#:librewolf-hash "1izrhzzzdighcjm4mmdkalqzxzypn30fyxnbi8y0a489kdsn4j5c"
#:firefox-hash "00swi8y46r7yibi2klc0z23j33blydx60972fim6bmgm82l5bbkh"
#:librewolf-hash "06v57209s38sqzr77bk2jq3nzd3qjbxd736rwir8x8f0ff19j8n4"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments