diff mbox series

[bug#78249] gnu: librewolf: Update to 137.0-1 [security fixes].

Message ID 20250504231932.20519-2-ian@retrospec.tv
State New
Headers
Series [bug#78249] gnu: librewolf: Update to 137.0-1 [security fixes]. |

Commit Message

Ian Eure May 4, 2025, 11:19 p.m. UTC 
  Contains fixes for:

CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
               being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
               137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
               137

* gnu/packages/librewolf.scm (librewolf): Update to 137.0-1.

Change-Id: I23d8cbefc242e57c19b4e98660fd22bd1dda8d6a
---
 gnu/packages/librewolf.scm | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1cb7084f23..ae4d64534c 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -206,17 +206,17 @@  (define rust-librewolf rust-1.82)
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250327215540")
+(define %librewolf-build-id "20250401171639")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "136.0.4-1")
+    (version "137.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "0hn2ywyacgg8n47qz1q2l8bf32mszj3vnpkl6kag3wmqqbhvja2a"
-      #:librewolf-hash "045il4xrji2zh1scx3aiy6hx6jv098232aycda6bhsh27szbsrfa"
+      #:firefox-hash "07d9rdxmp48gbk41y1c6gggzziv9aqdhjwgi6c0hrf6chcppxi0y"
+      #:librewolf-hash "164bvissxzhzlwjafp9pdyhhg8hhdxh8w61ifkak497qm4yf8af7"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
@@ -236,8 +236,6 @@  (define-public librewolf
                               "--with-system-ffi"
                               "--enable-system-pixman"
                               "--enable-jemalloc"
-
-                              ;; see https://bugs.gnu.org/32833
                               "--with-system-nspr"
                               "--with-system-nss"
 
@@ -312,7 +310,7 @@  (define (write-setting key value)
                      (libavcodec (string-append ffmpeg
                                                 "/lib/libavcodec.so")))
                 ;; Arrange to load libavcodec.so by its absolute file name.
-                (substitute* 
+                (substitute*
                     "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
                   (("libavcodec\\.so")
                    libavcodec)))))
@@ -405,7 +403,7 @@  (define (write-setting key value)
                    (string-append all ", icu-uc >= 76.1")))
                 (if (string=? old-content
                               (pk (call-with-input-file file get-string-all)))
-                    (error 
+                    (error
                      "substitute did nothing, phase requires an update")))))
           (replace 'configure
             (lambda* (#:key inputs outputs configure-flags
@@ -478,7 +476,7 @@  (define write-flags
               (invoke "./mach" "configure")))
           (add-before 'build 'fix-addons-placeholder
             (lambda _
-              (substitute* 
+              (substitute*
                   "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
                 (("addons.mozilla.org")
                  "gnuzilla.gnu.org"))))