[bug#71832,v6,0/3,SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid

Message ID	20240817193240.27089-1-ian@retrospec.tv
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#71832] [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid References: <20240629035716.21504-1-ian@retrospec.tv> In-Reply-To: <20240629035716.21504-1-ian@retrospec.tv> Resent-From: Ian Eure <ian@retrospec.tv> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 17 Aug 2024 19:34:03 +0000 Resent-Message-ID: <handler.71832.B71832.17239232429331@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 71832@debbugs.gnu.org Cc: Ian Eure <ian@retrospec.tv>, guix-security@gnu.org Feedback-ID: id9014242:Fastmail From: Ian Eure <ian@retrospec.tv> Date: Sat, 17 Aug 2024 12:32:37 -0700 Message-ID: <20240817193240.27089-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches
Series	Update LibreWolf to 129.0.1-1; add nss-rapid \| expand [bug#71832,v6,0/3,SECURITY] Update LibreWolf to 129.0.1-1; add nss-rapid [bug#71832,v6,1/3] gnu: gnuzilla: Add skr to all-mozilla-locales. [bug#71832,v6,2/3] gnu: Add nss-rapid. [bug#71832,v6,3/3] gnu: librewolf: Update to 129.0.1-1.

Message ID

20240817193240.27089-1-ian@retrospec.tv

Headers

Subject: [bug#71832] [PATCH v6 0/3] [SECURITY] Update LibreWolf to 129.0.1-1;
 add nss-rapid
References: <20240629035716.21504-1-ian@retrospec.tv>
In-Reply-To: <20240629035716.21504-1-ian@retrospec.tv>
Resent-From: Ian Eure <ian@retrospec.tv>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 17 Aug 2024 19:34:03 +0000
Resent-Message-ID: <handler.71832.B71832.17239232429331@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: 71832@debbugs.gnu.org
Cc: Ian Eure <ian@retrospec.tv>, guix-security@gnu.org
Feedback-ID: id9014242:Fastmail
From: Ian Eure <ian@retrospec.tv>
Date: Sat, 17 Aug 2024 12:32:37 -0700
Message-ID: <20240817193240.27089-1-ian@retrospec.tv>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org

Series

Update LibreWolf to 129.0.1-1; add nss-rapid | expand

Message

Ian Eure Aug. 17, 2024, 7:32 p.m. UTC

vs. the previous versions of this patch series, v6:

- Updates LibreWolf to 129.0.1-1, the latest upstream.
- Updates nss-rapid, to version 3.103, the latest upstream.
- Adds the skr locale to all-mozilla-locales.
- Backs out improvements not directly related to updating the browser version, to make review easier.

In addition to the CVEs fixed in 128.0, this includes fixes for[1]:

    CVE-2024-7518: Fullscreen notification dialog can be obscured by document content
    CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
    CVE-2024-7520: Type confusion in WebAssembly
    CVE-2024-7521: Incomplete WebAssembly exception handing
    CVE-2024-7522: Out of bounds read in editor component
    CVE-2024-7523: Document content could partially obscure security prompts
    CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
    CVE-2024-7525: Missing permission check when creating a StreamFilter
    CVE-2024-7526: Uninitialized memory used by WebGL
    CVE-2024-7527: Use-after-free in JavaScript garbage collection
    CVE-2024-7528: Use-after-free in IndexedDB
    CVE-2024-7529: Document content could partially obscure security prompts
    CVE-2024-7530: Use-after-free in JavaScript code coverage collection
    CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge

[1]: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/

Ian Eure (3):
  gnu: gnuzilla: Add skr to all-mozilla-locales.
  gnu: Add nss-rapid.
  gnu: librewolf: Update to 129.0.1-1.

 gnu/packages/gnuzilla.scm  |  1 +
 gnu/packages/librewolf.scm | 12 +++----
 gnu/packages/nss.scm       | 67 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+), 6 deletions(-)

--
2.45.2

Comments

Vagrant Cascadian Aug. 18, 2024, 3:46 a.m. UTC | #1

On 2024-08-17, Ian Eure wrote:
> - Updates LibreWolf to 129.0.1-1, the latest upstream.
> - Updates nss-rapid, to version 3.103, the latest upstream.
> - Adds the skr locale to all-mozilla-locales.
> - Backs out improvements not directly related to updating the browser version, to make review easier.

It builds and runs fine for me, so overall I think this should be merged
sooner than later (despite some of my minor comments on the nss-rapid
patch)... given the previous iterations of patches over several months
and the growing list of CVE fixes...

If there are no strong objections and nobody beats me to it, I will
merge these patches in the next couple days.

Thanks for working on librewolf! Sorry the update process has been
lagging!

live well,
  vagrant

Vagrant Cascadian Aug. 20, 2024, 5:46 a.m. UTC | #2

On 2024-08-17, Vagrant Cascadian wrote:
> On 2024-08-17, Ian Eure wrote:
>> - Updates LibreWolf to 129.0.1-1, the latest upstream.
>> - Updates nss-rapid, to version 3.103, the latest upstream.
>> - Adds the skr locale to all-mozilla-locales.
>> - Backs out improvements not directly related to updating the browser version, to make review easier.
>
> It builds and runs fine for me, so overall I think this should be merged
> sooner than later (despite some of my minor comments on the nss-rapid
> patch)... given the previous iterations of patches over several months
> and the growing list of CVE fixes...
>
> If there are no strong objections and nobody beats me to it, I will
> merge these patches in the next couple days.

Pushed as 58faaf4eaadafa09a97ab31103eb54bd2076a699.

live well,
  vagrant