bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 03:55:08 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: librewolf: Update to 147.0.1-3 [security-fixes].

Browse source 
Contains fixes for:
CVE-2026-0877: Mitigation bypass in the DOM: Security component
CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in
               the Graphics: CanvasWebGL component
CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in
               the Graphics component
CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
               component
CVE-2026-0881: Sandbox escape in the Messaging System component
CVE-2026-0882: Use-after-free in the IPC component
CVE-2026-0883: Information disclosure in the Networking component
CVE-2026-0884: Use-after-free in the JavaScript Engine component
CVE-2026-0885: Use-after-free in the JavaScript: GC component
CVE-2026-0886: Incorrect boundary conditions in the Graphics component
CVE-2026-0887: Clickjacking issue, information disclosure in the PDF
               Viewer component
CVE-2026-0888: Information disclosure in the XML component
CVE-2026-0889: Denial-of-service in the DOM: Service Workers component
CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop
               component
CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7,
               Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
CVE-2026-0892: Memory safety bugs fixed in Firefox 147 and Thunderbird
               147

* gnu/packages/librewolf.scm (librewolf-bsys6): New variable.
* gnu/packages/librewolf.scm (make-librewolf-source): Don’t attempt to GPG
sign the source tarball, the key isn’t available.
* gnu/packages/librewolf.scm (librewolf): Update to 147.0.1-3.
[native-inputs] Add librewolf-bsys6.
[phases 'patch-icu-lookup]: Delete.
[phases 'install-desktop-entry]: Use the .desktop file template from librewolf-bsys6.

Change-Id: Ic7ff0197294cbb2485cb8db2f42f4fb499e39277
This commit is contained in:
Ian Eure 2026-01-13 18:25:03 -08:00
parent 679e30988b
commit 2c34e9ccb6
No known key found for this signature in database
GPG key ID: 8499AC88F1A71CF2
1 changed files with 47 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
gnu/packages/librewolf.scm
View file

@ -184,6 +184,10 @@
(("^ff_source_tarball:=.*")
(string-append "ff_source_tarball:=" #+ff-src)))
;; Neuter GPG signing of the tarball.
(substitute* '("Makefile")
(("if [ -f pk.asc ].*") ""))
;; Stage locales.
(begin
(substitute* "scripts/librewolf-patches.py"
@ -216,6 +220,16 @@
"media/libwebp"
"modules/zlib"))))))
(define librewolf-bsys6
(let ((commit "e0397b2b95aa14e1a83be460681ffbeb0b41ca3f"))
(origin
(method git-fetch)
(uri (git-reference
(url "https://codeberg.org/librewolf/bsys6.git")
(commit commit)))
(file-name (git-file-name "librewolf-bsys6" commit))
(sha256 (base32 "16b2z1b89y0lm9b9xrvvfa5j0av4ibmcgkksnnqxmn2qrz04awzw")))))
;;; Define the versions of rust needed to build firefox, trying to match
;;; upstream. See table at [0], `Uses' column for the specific version.
;;; Using `rust' will likely lead to a newer version then listed in the table,
@ -228,17 +242,17 @@
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
;; or: (format-time-string "%Y%m%d%H%M%S")
(define %librewolf-build-id "20251219212454")
(define %librewolf-build-id "20260118150544")
(define-public librewolf
(package
(name "librewolf")
(version "146.0.1-1")
(version "147.0.1-3")
(source
(make-librewolf-source
#:version version
#:firefox-hash "1swih4jljq162vgdl2m2d8xn4s4hj4vjqcfww59kk4kkhh78lrz9"
#:librewolf-hash "13gxagaibv0bmn34rz3hfkfy7rgdksl635znmrq24l8v80y792ii"
#:firefox-hash "1jvx0q134nfa19jbdjr3cj2xi8fc6ggmr6glqj9d8bvpqd52gs09"
#:librewolf-hash "1290vvbbinlaff60n1gabdggam7ayslrr3rnlpkwprab77gq45yh"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@ -421,18 +435,6 @@
(lambda _
(setenv "MOZ_BUILD_DATE"
#$%librewolf-build-id)))
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1927380
(add-before 'configure 'patch-icu-lookup
(lambda _
(let* ((file "js/moz.configure")
(old-content (call-with-input-file file get-string-all)))
(substitute* file
(("icu-i18n >= 76.1" all)
(string-append all ", icu-uc >= 76.1")))
(if (string=? old-content
(pk (call-with-input-file file get-string-all)))
(error
"substitute did nothing, phase requires an update")))))
(replace 'configure
(lambda* (#:key inputs outputs configure-flags
#:allow-other-keys)
@ -575,26 +577,21 @@
`("MOZ_ALLOW_DOWNGRADE" =
("1"))))))
(add-after 'wrap-program 'install-desktop-entry
(lambda* (#:key outputs #:allow-other-keys)
(let* ((desktop-file
"toolkit/mozapps/installer/linux/rpm/mozilla.desktop")
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((desktop-file-name "librewolf.desktop")
(desktop-file-template
(search-input-file inputs "assets/linux.librewolf.desktop.in"))
(applications (string-append #$output
"/share/applications")))
(substitute* desktop-file
(("^Exec=@MOZ_APP_NAME@")
(string-append "Exec="
#$output "/bin/librewolf %u"))
(("@MOZ_APP_DISPLAYNAME@")
"LibreWolf")
(("@MOZ_APP_REMOTINGNAME@")
"LibreWolf")
(("^Icon=@MOZ_APP_NAME@")
(copy-file desktop-file-template desktop-file-name)
(substitute* desktop-file-name
(("MYDIR/librewolf")
(string-append #$output "/bin/librewolf"))
(("^Icon=librewolf")
(string-append "Icon="
#$output
"/share/icons/hicolor/128x128/apps/librewolf.png")))
(copy-file desktop-file "librewolf.desktop")
(install-file "librewolf.desktop" applications))))
(install-file desktop-file-name applications))))
(add-after 'install-desktop-entry 'install-icons
(lambda* (#:key outputs #:allow-other-keys)
(let ((icon-source-dir (string-append #$output
@ -640,7 +637,7 @@
gtk+
gtk+-2
hunspell
icu4c-76
icu4c-78
jemalloc
libcanberra
libevent
@ -674,10 +671,13 @@
unzip
zip
zlib))
(native-inputs (list alsa-lib
(native-inputs
(list
alsa-lib
autoconf-2.13
`(,rust-librewolf "cargo")
clang-18
librewolf-bsys6
llvm-18
m4
nasm