From patchwork Sun May  4 23:19:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Eure <ian@retrospec.tv>
X-Patchwork-Id: 42303
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 63D2127BC4B; Mon,  5 May 2025 00:20:16 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id BCBAA27BC49
	for <patchwork@mira.cbaines.net>; Mon,  5 May 2025 00:20:15 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1uBicz-0007jz-QZ; Sun, 04 May 2025 19:20:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1uBicv-0007ip-Jd
 for guix-patches@gnu.org; Sun, 04 May 2025 19:20:06 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1uBics-0004Y8-Fx
 for guix-patches@gnu.org; Sun, 04 May 2025 19:20:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:References:In-Reply-To:Date:From:To:Subject;
 bh=nuVsU1Tfvz2ogHhqXDLH3VIqkIInhRTA7dvEFOj0G/4=;
 b=i7t46fIOceeYWC3egsSoD6GWBuJ8wvFgYOIYfQzcJ0+z4jK3mhJrjVGwSW53MGSaBNlIAEy4g60ETznjyerPpIFgs5HJx+8F19NQThRoySEQOKsEyKWL5AXERKc4MGhzri46VyM89LAq08daIjM3rRJGkYiW2Q/CoY3vGJJ0QZZwyQv2k0wGzcbRthcDFL/wOpYWEpR82XEGuGxY2I2cW1l4siJdiFC1r5BvGf5sSYrGEoRocFikBhpE9cBsPedU92C2V3uSAvkc7RbheAW4NCppu1abGMmrmcgVSqP1JVFxVleF8aG6FLlH99KjP7T1+x0CAYhOb7GdPQJYUAl5sw==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uBics-00085H-B9
 for guix-patches@gnu.org; Sun, 04 May 2025 19:20:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#78249] [PATCH] gnu: librewolf: Update to 137.0-1 [security
 fixes].
Resent-From: Ian Eure <ian@retrospec.tv>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 04 May 2025 23:20:02 +0000
Resent-Message-ID: <handler.78249.B78249.174640078631020@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78249
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78249@debbugs.gnu.org
Cc: Ian Eure <ian@retrospec.tv>
Received: via spool by 78249-submit@debbugs.gnu.org id=B78249.174640078631020
 (code B ref 78249); Sun, 04 May 2025 23:20:02 +0000
Received: (at 78249) by debbugs.gnu.org; 4 May 2025 23:19:46 +0000
Received: from localhost ([127.0.0.1]:35030 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1uBicb-000846-Cx
 for submit@debbugs.gnu.org; Sun, 04 May 2025 19:19:46 -0400
Received: from fhigh-b1-smtp.messagingengine.com ([202.12.124.152]:60525)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ian@retrospec.tv>) id 1uBicZ-00083b-60
 for 78249@debbugs.gnu.org; Sun, 04 May 2025 19:19:43 -0400
Received: from phl-compute-04.internal (phl-compute-04.phl.internal
 [10.202.2.44])
 by mailfhigh.stl.internal (Postfix) with ESMTP id C0563254022B;
 Sun,  4 May 2025 19:19:37 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-04.internal (MEProxy); Sun, 04 May 2025 19:19:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to; s=fm2; t=1746400777; x=
 1746487177; bh=nuVsU1Tfvz2ogHhqXDLH3VIqkIInhRTA7dvEFOj0G/4=; b=o
 qgJD/kSZK0MNzf2vnKkpW24tjRvjkjwmqZ/hrMTQNEjjjn+uTa6dIDaLbw/S7wVB
 6L2VEchroqv4iC78Oxx0CfhZowl/x2nR1Dyo3mLE61oCeIf3j0SiDodZ+U5ChnVM
 EphudN8uKCE33sShO2xfDXUql0Dv1l7uSadK/MEh7mlbLIQaNibHSgV2Wd6JdzFs
 5f2bE9bvc4zQS8XpyH6r3wPBpGjc55fe/KWfIQRoByg4LXtvZU+sD+12GLwXW6Cs
 DY3OD1kUlc5HnAL4kdLI2TZyhh2acGrqMTbdw7mROfmFPsaj31J91DFg8g4LSNDM
 qNBFbqI8Nq9G0hhhUKBDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; t=1746400777; x=1746487177; bh=n
 uVsU1Tfvz2ogHhqXDLH3VIqkIInhRTA7dvEFOj0G/4=; b=dzfF3tuqgg74seTie
 c++9A6fHKxkKBYNCJhYP/wQ9f5gkRJeqze9QOrYBP+7oaix18Y0+yaGLuKFgRUk1
 DBagawqYiakVwOnKxk7kqQxk1dodHmcq4gYwj0cV4T8xtmK2NC2PQ3i1ycNP7XnI
 aybkCVgckpEqZa8g/JmX6l3k6/N+axMwhN4uPBpkYbxJmiXanNyXoKQDxBDRL+SL
 2hfKJT15K2aIxNYy0v7TBBHB5w8qQFUe5/xjtnr0jYJYdV1g/TpSZxTeYeTdlMqu
 GCBKsucY251yeXyu6XB+u7Ege5VOGltKsh6MT+aalxyjTOI/4zYGMdSL6pm7BaEd
 nb3tA==
X-ME-Sender: <xms:CfYXaHGLIUAzYGu5DL4ar2sw4qFgHzKOJDCobjXKiWxmQ0Kf4LDIog>
 <xme:CfYXaEUBskNjAO3WIsMlvN8nbN0mx6uRzCoEn79jAmJbB2zhfc7lJl5GI_G6XbwtC
 3Pi7yPyZB7kjkARxg>
X-ME-Received: 
 <xmr:CfYXaJLg6rjBOoW10FngoTS2gJkOJ5MwWQG8uz-xCYWYxFlxiYpLaj8q6DovBKJK_nXhXAU__5ReG3wdbNP8JyJIIdTnJYkf4k5tHLJsoqQm>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvjeelheduucetufdoteggodetrf
 dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
 pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf
 evufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefkrghnucfguhhrvgcuoehi
 rghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnhepudekudeuiefgue
 dtteelveekvefhhfdvudegteduleduledutedtledtvdejgffgnecuffhomhgrihhnpehg
 nhhurdhorhhgpdhmohiiihhllhgrrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc
 frrghrrghmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhvpdhnsggp
 rhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeejkedvgeelse
 guvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhrohhsphgv
 tgdrthhv
X-ME-Proxy: <xmx:CfYXaFE2QKnmf6K0Kxtlsp3PxtJSHb2kg6rYh1KIU_MTv-NdA8MQBQ>
 <xmx:CfYXaNWqE04mCrZKOsTvh3u5vIqWpGRbAEpDI9TderdV17KTJ1gAxQ>
 <xmx:CfYXaAO3HZ2vLm_cR-zzP7-PiB5ydbVi4Pt-RpzQ2TCgZjuOfOkqlQ>
 <xmx:CfYXaM0vdVtu5kXpQNE4Ku9ISE-4pRDPbaGgbxD9RUTsBFQBeGVTmg>
 <xmx:CfYXaK1yHRw0CQS_96M3s5cNd6byBwrG6298kQCujJYcKZzXsp4EqSwD>
Feedback-ID: id9014242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 4 May 2025 19:19:36 -0400 (EDT)
From: Ian Eure <ian@retrospec.tv>
Date: Sun,  4 May 2025 16:19:30 -0700
Message-ID: <20250504231932.20519-2-ian@retrospec.tv>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <20250504231932.20519-1-ian@retrospec.tv>
References: <20250504231932.20519-1-ian@retrospec.tv>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Contains fixes for:

CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
               being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
               137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
               137

* gnu/packages/librewolf.scm (librewolf): Update to 137.0-1.

Change-Id: I23d8cbefc242e57c19b4e98660fd22bd1dda8d6a
---
 gnu/packages/librewolf.scm | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1cb7084f23..ae4d64534c 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -206,17 +206,17 @@ (define rust-librewolf rust-1.82)
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250327215540")
+(define %librewolf-build-id "20250401171639")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "136.0.4-1")
+    (version "137.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "0hn2ywyacgg8n47qz1q2l8bf32mszj3vnpkl6kag3wmqqbhvja2a"
-      #:librewolf-hash "045il4xrji2zh1scx3aiy6hx6jv098232aycda6bhsh27szbsrfa"
+      #:firefox-hash "07d9rdxmp48gbk41y1c6gggzziv9aqdhjwgi6c0hrf6chcppxi0y"
+      #:librewolf-hash "164bvissxzhzlwjafp9pdyhhg8hhdxh8w61ifkak497qm4yf8af7"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
@@ -236,8 +236,6 @@ (define-public librewolf
                               "--with-system-ffi"
                               "--enable-system-pixman"
                               "--enable-jemalloc"
-
-                              ;; see https://bugs.gnu.org/32833
                               "--with-system-nspr"
                               "--with-system-nss"
 
@@ -312,7 +310,7 @@ (define (write-setting key value)
                      (libavcodec (string-append ffmpeg
                                                 "/lib/libavcodec.so")))
                 ;; Arrange to load libavcodec.so by its absolute file name.
-                (substitute* 
+                (substitute*
                     "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
                   (("libavcodec\\.so")
                    libavcodec)))))
@@ -405,7 +403,7 @@ (define (write-setting key value)
                    (string-append all ", icu-uc >= 76.1")))
                 (if (string=? old-content
                               (pk (call-with-input-file file get-string-all)))
-                    (error 
+                    (error
                      "substitute did nothing, phase requires an update")))))
           (replace 'configure
             (lambda* (#:key inputs outputs configure-flags
@@ -478,7 +476,7 @@ (define write-flags
               (invoke "./mach" "configure")))
           (add-before 'build 'fix-addons-placeholder
             (lambda _
-              (substitute* 
+              (substitute*
                   "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
                 (("addons.mozilla.org")
                  "gnuzilla.gnu.org"))))