[PATCH 0/3] Update LibreWolf to 125.0.2-1

  • Done
  • quality assurance status badge
Details
2 participants
  • Ian Eure
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Ian Eure
Severity
normal
I
I
Ian Eure wrote on 28 Apr 02:31 +0200
(address . guix-patches@gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1714263218.git.ian@retrospec.tv
New upstream release. A few things to note:

- nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
- Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report. Switching to clang/LLVM 18 resolved the issue.

LibreWolf 125.0.2-1 resolves:

CVE-2024-3852 (high)
CVE-2024-3853 (high)
CVE-2024-3854 (high)
CVE-2024-3855 (high)
CVE-2024-3856 (high)
CVE-2024-3857 (high)
CVE-2024-3858 (high)
CVE-2024-3859 (moderate)
CVE-2024-3860 (moderate)
CVE-2024-3861 (moderate)
CVE-2024-3862 (moderate)
CVE-2024-3302 (low)
CVE-2024-3864 (high)
CVE-2024-3865 (high)

Ian Eure (3):
gnu: nss/fixed: Update to 3.99.
gnu: nss-certs: Update to 3.99.
gnu: librewolf: Update to 125.0.2-1.

gnu/packages/certs.scm | 6 +++---
gnu/packages/librewolf.scm | 15 ++++++++-------
gnu/packages/nss.scm | 4 ++--
3 files changed, 13 insertions(+), 12 deletions(-)


base-commit: 8d29f416a9378d30f63c2a95f1bd1a420d9ccab4
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 1/3] gnu: nss/fixed: Update to 3.99.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
46735d85e5c0bce5a6814ab04891c202f10a8637.1714263218.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss/fixed): Update to 3.99.

Change-Id: I5a2b461c0a13212a45c81304f0ea2c2f4bb777c1
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 8f6ed06e63..162e748094 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -250,7 +250,7 @@ (define-public nss
(license license:mpl2.0)))
(define-public nss/fixed
- (let ((actual-version "3.98"))
+ (let ((actual-version "3.99"))
(hidden-package
(package
(inherit nss)
@@ -265,7 +265,7 @@ (define-public nss/fixed
"nss-" actual-version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 2/3] gnu: nss-certs: Update to 3.99.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cd73b04b657a7f320513bea31aabdc61ae77415a.1714263218.git.ian@retrospec.tv
* gnu/packages/certs.scm (nss-certs): Update to 3.99.

Change-Id: I588bc385022df486e596cd6fc5a7363df919b80b
---
gnu/packages/certs.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (28 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..00c6a93b92 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -188,10 +188,10 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
(package
(inherit nss-certs)
- (version "3.98")
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -202,7 +202,7 @@ (define-public nss-certs-3.98
"nss-" version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))))
(define-public le-certs
(package
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 3/3] gnu: librewolf: Update to 125.0.2-1.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
0f9ae67c356f59e3e2a3cb1274c3d0abf9a7d34a.1714263218.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): Update to 125.0.2-1. Build with
LLVM/Clang 18; LLVM 13 (the default) segfaults on build. Minor style tweaks.

Change-Id: Ib515f1596b3ce2dd192baebf1a877b3c2dc8d7e2
---
gnu/packages/librewolf.scm | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)

Toggle diff (57 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1717bad0b5..fa83857c96 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -93,17 +93,17 @@ (define-module (gnu packages librewolf)
;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
;; https://searchfox.org under the particular firefox release, like
;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20240326080003")
+(define %librewolf-build-id "20240427150329")
(define-public librewolf
(package
(name "librewolf")
- (version "124.0.1-1")
+ (version "125.0.2-1")
(source
(origin
(method url-fetch)
@@ -115,7 +115,7 @@ (define-public librewolf
version
".source.tar.gz"))
(sha256
- (base32 "1sks49nywzhvq5mik4ipm3vyyxv49s9hq6bfyk5d9r6f0nlydllf"))))
+ (base32 "09qzdaq9l01in9h4q14vyinjvvffycha2iyjqj5p4dd5jh6q5zma"))))
(build-system gnu-build-system)
(arguments
(list
@@ -227,7 +227,8 @@ (define-public librewolf
"\""))))
(find-files "." "Cargo\\.lock$"))
(for-each generate-all-checksums
- '("build" "dom/media"
+ '("build"
+ "dom/media"
"dom/webauthn"
"gfx"
"intl"
@@ -597,8 +598,8 @@ (define-public librewolf
(native-inputs (list alsa-lib
autoconf-2.13
`(,rust-librewolf "cargo")
- clang
- llvm
+ clang-18
+ llvm-18
m4
nasm
node-lts
--
2.41.0
M
M
Maxim Cournoyer wrote on 28 Apr 16:42 +0200
Re: [bug#70618] [PATCH 0/3] Update LibreWolf to 125.0.2-1
(name . Ian Eure)(address . ian@retrospec.tv)(address . 70618-done@debbugs.gnu.org)
874jbleefg.fsf@gmail.com
Hi,

Ian Eure <ian@retrospec.tv> writes:

Toggle quote (27 lines)
> New upstream release. A few things to note:
>
> - nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
> - Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report. Switching to clang/LLVM 18 resolved the issue.
>
> LibreWolf 125.0.2-1 resolves:
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>
> Ian Eure (3):
> gnu: nss/fixed: Update to 3.99.
> gnu: nss-certs: Update to 3.99.
> gnu: librewolf: Update to 125.0.2-1.

Applied, thank you!

--
Thanks,
Maxim
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 70618@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 70618
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch