[PATCH 0/3] Update LibreWolf to 125.0.2-1

  • Done
  • quality assurance status badge
Details
2 participants
  • Ian Eure
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Ian Eure
Severity
normal
I
I
Ian Eure wrote on 28 Apr 02:31 +0200
(address . guix-patches@gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cover.1714263218.git.ian@retrospec.tv
New upstream release. A few things to note:

- nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
- Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report. Switching to clang/LLVM 18 resolved the issue.

LibreWolf 125.0.2-1 resolves:

CVE-2024-3852 (high)
CVE-2024-3853 (high)
CVE-2024-3854 (high)
CVE-2024-3855 (high)
CVE-2024-3856 (high)
CVE-2024-3857 (high)
CVE-2024-3858 (high)
CVE-2024-3859 (moderate)
CVE-2024-3860 (moderate)
CVE-2024-3861 (moderate)
CVE-2024-3862 (moderate)
CVE-2024-3302 (low)
CVE-2024-3864 (high)
CVE-2024-3865 (high)

Ian Eure (3):
gnu: nss/fixed: Update to 3.99.
gnu: nss-certs: Update to 3.99.
gnu: librewolf: Update to 125.0.2-1.

gnu/packages/certs.scm | 6 +++---
gnu/packages/librewolf.scm | 15 ++++++++-------
gnu/packages/nss.scm | 4 ++--
3 files changed, 13 insertions(+), 12 deletions(-)


base-commit: 8d29f416a9378d30f63c2a95f1bd1a420d9ccab4
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 1/3] gnu: nss/fixed: Update to 3.99.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
46735d85e5c0bce5a6814ab04891c202f10a8637.1714263218.git.ian@retrospec.tv
* gnu/packages/nss.scm (nss/fixed): Update to 3.99.

Change-Id: I5a2b461c0a13212a45c81304f0ea2c2f4bb777c1
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 8f6ed06e63..162e748094 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -250,7 +250,7 @@ (define-public nss
(license license:mpl2.0)))
(define-public nss/fixed
- (let ((actual-version "3.98"))
+ (let ((actual-version "3.99"))
(hidden-package
(package
(inherit nss)
@@ -265,7 +265,7 @@ (define-public nss/fixed
"nss-" actual-version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 2/3] gnu: nss-certs: Update to 3.99.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
cd73b04b657a7f320513bea31aabdc61ae77415a.1714263218.git.ian@retrospec.tv
* gnu/packages/certs.scm (nss-certs): Update to 3.99.

Change-Id: I588bc385022df486e596cd6fc5a7363df919b80b
---
gnu/packages/certs.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (28 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..00c6a93b92 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -188,10 +188,10 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
(package
(inherit nss-certs)
- (version "3.98")
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -202,7 +202,7 @@ (define-public nss-certs-3.98
"nss-" version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))))
(define-public le-certs
(package
--
2.41.0
I
I
Ian Eure wrote on 28 Apr 02:42 +0200
[PATCH 3/3] gnu: librewolf: Update to 125.0.2-1.
(address . 70618@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)
0f9ae67c356f59e3e2a3cb1274c3d0abf9a7d34a.1714263218.git.ian@retrospec.tv
* gnu/packages/librewolf.scm (librewolf): Update to 125.0.2-1. Build with
LLVM/Clang 18; LLVM 13 (the default) segfaults on build. Minor style tweaks.

Change-Id: Ib515f1596b3ce2dd192baebf1a877b3c2dc8d7e2
---
gnu/packages/librewolf.scm | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)

Toggle diff (57 lines)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1717bad0b5..fa83857c96 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -93,17 +93,17 @@ (define-module (gnu packages librewolf)
;; upstream. See the file taskcluster/ci/toolchain/rust.yml at
;; https://searchfox.org under the particular firefox release, like
;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20240326080003")
+(define %librewolf-build-id "20240427150329")
(define-public librewolf
(package
(name "librewolf")
- (version "124.0.1-1")
+ (version "125.0.2-1")
(source
(origin
(method url-fetch)
@@ -115,7 +115,7 @@ (define-public librewolf
version
".source.tar.gz"))
(sha256
- (base32 "1sks49nywzhvq5mik4ipm3vyyxv49s9hq6bfyk5d9r6f0nlydllf"))))
+ (base32 "09qzdaq9l01in9h4q14vyinjvvffycha2iyjqj5p4dd5jh6q5zma"))))
(build-system gnu-build-system)
(arguments
(list
@@ -227,7 +227,8 @@ (define-public librewolf
"\""))))
(find-files "." "Cargo\\.lock$"))
(for-each generate-all-checksums
- '("build" "dom/media"
+ '("build"
+ "dom/media"
"dom/webauthn"
"gfx"
"intl"
@@ -597,8 +598,8 @@ (define-public librewolf
(native-inputs (list alsa-lib
autoconf-2.13
`(,rust-librewolf "cargo")
- clang
- llvm
+ clang-18
+ llvm-18
m4
nasm
node-lts
--
2.41.0
M
M
Maxim Cournoyer wrote on 28 Apr 16:42 +0200
Re: [bug#70618] [PATCH 0/3] Update LibreWolf to 125.0.2-1
(name . Ian Eure)(address . ian@retrospec.tv)(address . 70618-done@debbugs.gnu.org)
874jbleefg.fsf@gmail.com
Hi,

Ian Eure <ian@retrospec.tv> writes:

Toggle quote (27 lines)
> New upstream release. A few things to note:
>
> - nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
> - Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report. Switching to clang/LLVM 18 resolved the issue.
>
> LibreWolf 125.0.2-1 resolves:
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>
> Ian Eure (3):
> gnu: nss/fixed: Update to 3.99.
> gnu: nss-certs: Update to 3.99.
> gnu: librewolf: Update to 125.0.2-1.

Applied, thank you!

--
Thanks,
Maxim
Closed
?