ieure pushed a commit to branch master
in repository guix.
commit 0b7c8ee635ab6a2d87e8c72969f5f165943836d3
Author: Ian Eure <[email protected]>
AuthorDate: Tue Mar 11 21:24:10 2025 -0700
gnu: librewolf: Update to 136.0-2 [security fixes].
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in
the Browser process
CVE-2025-1939: Tapjacking in Android Custom Tabs using transition
animations
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1940: Android Intent confirmation prompt tapjacking using
Select options
CVE-2024-9956: Passkey phishing within Bluetooth range
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase()
causes string to get longer
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed
the interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird
136, Firefox ESR 115.21, Firefox ESR 128.8, and
Thunderbird 128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird
136, Firefox ESR 128.8, and Thunderbird 128.8
CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird
136
* gnu/packages/librewolf.scm (librewolf): Update to 136.0-2.
Change-Id: Ia3b5777478fa8443471bd1e61898128cdeda4bcf
---
gnu/packages/librewolf.scm | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 7a356b6d91..344ab9532f 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -200,23 +200,23 @@
;;; but since in Guix only the latest packaged Rust is officially supported,
;;; it is a tradeoff worth making.
;;; 0:
https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
-;; 135.0 wants 1.83, but it's not available in Guix yet.
+;; 136.0 wants 1.84, but it's not available in Guix yet.
(define rust-librewolf rust-1.82)
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250209210057")
+(define %librewolf-build-id "20250306064037")
(define-public librewolf
(package
(name "librewolf")
- (version "135.0-1")
+ (version "136.0-2")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "0q5r2q6q56kyzl5pknrir9bzlhmzbvv9hi5gi4852izgcali4zl2"
- #:librewolf-hash "0fg4vji5xb17pgvq7jnfz4dq08gi0rl998xhj37hfm5zxs19y8jk"
+ #:firefox-hash "0mvg53fr9zi6pq2pwa6qzqi88brqig1wlzic9sz52i4knx733viv"
+ #:librewolf-hash "0zb5f6hml7nmyf8hms66s07ba97x2px2hgqqi4lmwr5hm9mf942z"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@@ -392,6 +392,17 @@
(lambda _
(setenv "MOZ_BUILD_DATE"
#$%librewolf-build-id)))
+ ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1927380
+ (add-before 'configure 'patch-icu-lookup
+ (lambda _
+ (let* ((file "js/moz.configure")
+ (old-content (call-with-input-file file
get-string-all)))
+ (substitute* file
+ (("icu-i18n >= 76.1" all)
+ (string-append all ", icu-uc >= 76.1")))
+ (if (string=? old-content
+ (pk (call-with-input-file file
get-string-all)))
+ (error "substitute did nothing, phase requires an
update")))))
(replace 'configure
(lambda* (#:key inputs outputs configure-flags
#:allow-other-keys)
@@ -671,7 +682,7 @@
gtk+
gtk+-2
hunspell
- icu4c-75
+ icu4c-76
jemalloc
libcanberra
libevent
@@ -679,7 +690,7 @@
libgnome
libjpeg-turbo
libnotify
- libpng-apng
+ libpng-apng-for-librewolf
libva
libvpx
libwebp
