From patchwork Wed Jan 22 03:45:51 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Eure <ian@retrospec.tv>
X-Patchwork-Id: 37515
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 65A0327BBEA; Wed, 22 Jan 2025 03:47:32 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 2D42727BBE2
	for <patchwork@mira.cbaines.net>; Wed, 22 Jan 2025 03:47:31 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1taRhz-0005PQ-Hh; Tue, 21 Jan 2025 22:47:15 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1taRhn-0005OP-D7
 for guix-patches@gnu.org; Tue, 21 Jan 2025 22:47:03 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1taRhn-0002iM-4c
 for guix-patches@gnu.org; Tue, 21 Jan 2025 22:47:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:References:In-Reply-To:Date:From:To:Subject;
 bh=vCr3+7QncSav4JloVVpjfSy26s6mpwhhr3FBNQxq8R4=;
 b=FZ9O449bYg1MKg5Sgq5Qoh9zbZNd9ludsBKIlgYDEe22W/K6vXhRDbeK6p98uhDzW0WdaKEvf7+U8xzyKejvmXijSxSe4CDJRMbLIDb6R4mQlaJUPj/l2GYyO+M4w6Al9tJ0+nJWsNIgYATpbaYmW+Yn1qyqtabe9yHRE7j0LJlTPwX17Nn9aFD/+EIiI1iK9XJ1UbiXXdJCcH6xjWxTN3aZP1G8KDIWXTI6e7+3uJtk/7nuBdmx5C9o7cBS3VQPMxZ2Kj7VWg3h5DYr6H3ZS7kopy9i5OaV7bxF8hET2m1d4RdUbmOU2krboct6/BDMKj7vY7cBg+nOPoMC/ApGew==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1taRhm-0003sq-Vo
 for guix-patches@gnu.org; Tue, 21 Jan 2025 22:47:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#75499] [PATCH v2 4/4] gnu: librewolf: Update to 134.0.1-1
 [security fixes].
Resent-From: Ian Eure <ian@retrospec.tv>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 22 Jan 2025 03:47:02 +0000
Resent-Message-ID: <handler.75499.B75499.173751759014793@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 75499
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 75499@debbugs.gnu.org
Cc: Ian Eure <ian@retrospec.tv>
Received: via spool by 75499-submit@debbugs.gnu.org id=B75499.173751759014793
 (code B ref 75499); Wed, 22 Jan 2025 03:47:02 +0000
Received: (at 75499) by debbugs.gnu.org; 22 Jan 2025 03:46:30 +0000
Received: from localhost ([127.0.0.1]:58848 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1taRhC-0003q7-2n
 for submit@debbugs.gnu.org; Tue, 21 Jan 2025 22:46:30 -0500
Received: from fhigh-a1-smtp.messagingengine.com ([103.168.172.152]:58165)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ian@retrospec.tv>) id 1taRh1-0003ov-0H
 for 75499@debbugs.gnu.org; Tue, 21 Jan 2025 22:46:18 -0500
Received: from phl-compute-08.internal (phl-compute-08.phl.internal
 [10.202.2.48])
 by mailfhigh.phl.internal (Postfix) with ESMTP id CFF5F1140190;
 Tue, 21 Jan 2025 22:46:09 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
 by phl-compute-08.internal (MEProxy); Tue, 21 Jan 2025 22:46:09 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to; s=fm2; t=1737517569; x=
 1737603969; bh=vCr3+7QncSav4JloVVpjfSy26s6mpwhhr3FBNQxq8R4=; b=A
 AC1usy7rkeSvtWDCkREcgtxneFo6CEYZxXdUZrBWbRARKJwr/RNxE7LyccCM1UUc
 dwFzxB20uN07I9oClZvgjt9XFnf3xC60DpHaMNEcLROkKQl5Jq9PkSYSmPc+47+R
 9KmtvJNp570T4/jYOH6Uasu9FPUdJ0XdX0Zc69KDQG7wJalWM/QwAfPO+k0jPCxg
 Ra7PU9DH6PBgLPZp4/QIegIBidoCJWP4cULBEtvDCJi+lSHImMH4gLqaRxsX/0Pl
 ZSgSzInXIeFllVqPSmZ7wYQ4CM6WpZYGFs2kbxXmJWr7AXT1BdMGcTfT0pPXAbFR
 8gi3ItY8Eujy3/ib//xhA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; t=1737517569; x=1737603969; bh=v
 Cr3+7QncSav4JloVVpjfSy26s6mpwhhr3FBNQxq8R4=; b=BJEvNd9a8t3apm3ya
 FDrgi8npy5HoWlqr68uFeKA+ydVXL2N2DbdGGs5K1VlM7dYwb+Gjlzm3mjeXL0p2
 KJU7HoblOrNZ3DiWkHq+bhy+rIdBqV5PhrXmvReIWItpBOT4bOiV8M/ylQAjt1I0
 /xtpykXk1rXxQZXF3Z9op0JXwNoDUH8+SzNBI8BHYvXG4Hq1wqQ2mInDowO+eKVh
 xxI+1B2MVw/621fHCINwLGP9TOseXkIAN6HbaZsIE8PY4HCqRLI/bUQbEifGijWW
 RMK2kMQBDRn/+Dkex2J0/QOZZBESNSVGIGRd0uBMbC10/swYt64xQX6Gx1w9aX97
 WciTw==
X-ME-Sender: <xms:AWqQZ0KPXkSCZTlbEAyocOTyYUP5onLyO3QibsTUyHiBvRLcG12m7A>
 <xme:AWqQZ0JnxqVWolvMGnX9IfmufC407dMpNVN4egqmpoVVmZAYCQw0WYNZgLmymMPdI
 xbKIPdcncKc3ZHxIg>
X-ME-Received: 
 <xmr:AWqQZ0ubdzphV9SKWYkEoNy-YZU6aUa3lLg7qEXipbFdFd56YKunUC9A4AyyVM4-dO7AGDrIwFpSQk4qA3UZ8HpQz8kyApY2NTyNdpTiFkXogXy8oA>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefuddrudejfedgiedvucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
 rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevuf
 ffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehirghn
 sehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnhepleefgeffvdduueehke
 dtudefjeffheefffefhfekgfelhfetffejvefhudefieffnecuffhomhgrihhnpehsvggr
 rhgthhhfohigrdhorhhgpdhmohiiihhllhgrrdhorhhgnecuvehluhhsthgvrhfuihiivg
 eptdenucfrrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv
 pdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeejhe
 egleelseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhr
 ohhsphgvtgdrthhv
X-ME-Proxy: <xmx:AWqQZxbtedJNhzsvguZ-8ZaAV5Wd3OsgbXYLNpev3dQBydjtE4djww>
 <xmx:AWqQZ7Z6dwkLZ523PN53LnD__FZtq2WDjP4qO0sPDdcUxA81z0osSQ>
 <xmx:AWqQZ9BfzdRIRDc4oQg8t6BZKahMyakksv87MEadvx9SOrTFPPFiPg>
 <xmx:AWqQZxY95EUFgK10vf_j2SxWQdN2B-dil862dGQTNuCOAajzH9j5Bw>
 <xmx:AWqQZ6notvB7P-UNWyYFpS3KJrz7WaPgDBnYiEZy8dHebNxevhw9NfCS>
Feedback-ID: id9014242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 21 Jan 2025 22:46:09 -0500 (EST)
From: Ian Eure <ian@retrospec.tv>
Date: Tue, 21 Jan 2025 19:45:51 -0800
Message-ID: <20250122034553.19027-4-ian@retrospec.tv>
X-Mailer: git-send-email 2.47.1
In-Reply-To: <20250122034553.19027-1-ian@retrospec.tv>
References: <20250122034553.19027-1-ian@retrospec.tv>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

New upstream release.  Some minor tweaks needed, like switching from gzip to
pigz, updating icu4c, and ensuring it builds with the correct Rust version.

CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
CVE-2025-0238: Use-after-free when breaking lines in text
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON
               module
CVE-2025-0241: Memory corruption when using JavaScript Text
               Segmentation
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird
               115.19, and Thunderbird 128.6
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-0244: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird
               134

* gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1.

Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23
---
 gnu/packages/librewolf.scm | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 5bdf7a0f81..28abaefe53 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -154,7 +154,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
                       #+(canonical-package xz)
                       #+(canonical-package sed)
                       #+(canonical-package grep)
-                      #+(canonical-package gzip)
+                      #+(canonical-package pigz)
                       #+(canonical-package tar)))
                (set-path-environment-variable
                 "PYTHONPATH"
@@ -194,26 +194,28 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
         "torbrowser-compare-paths.patch"
         "librewolf-use-system-wide-dir.patch")))))
 
-;; Define the versions of rust needed to build librewolf, trying to match
-;; upstream.  See the file taskcluster/ci/toolchain/rust.yml at
-;; https://searchfox.org under the particular firefox release, like
-;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
+;;; Define the versions of rust needed to build firefox, trying to match
+;;; upstream.  See table at [0], `Uses' column for the specific version.
+;;; Using `rust' will likely lead to a newer version then listed in the table,
+;;; but since in Guix only the latest packaged Rust is officially supported,
+;;; it is a tradeoff worth making.
+;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
+(define rust-librewolf rust-1.81)
 
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241130102406")
+(define %librewolf-build-id "20250121184331")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "133.0-1")
+    (version "134.0.1-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
-      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
+      #:firefox-hash "1rb54b62zcmhabmx3rsd5badv9wwih6h19a0g80c03qgwwy8b8g3"
+      #:librewolf-hash "0bcjk3pkyq2w39n022kcpl8nqd8ng9653jc8gklfrfw9avwmpmk2"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
@@ -666,7 +668,7 @@ (define (runpaths-of-input label)
                   gtk+
                   gtk+-2
                   hunspell
-                  icu4c-73
+                  icu4c-75
                   jemalloc
                   libcanberra
                   libevent