From patchwork Mon Oct 28 22:20:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Eure X-Patchwork-Id: 69604 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C0C6427BBEC; Mon, 28 Oct 2024 22:21:38 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7766327BBE2 for ; Mon, 28 Oct 2024 22:21:36 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t5Y6k-0008IM-TX; Mon, 28 Oct 2024 18:21:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t5Y6i-0008HR-Mv for guix-patches@gnu.org; Mon, 28 Oct 2024 18:21:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t5Y6h-0003IJ-Cx for guix-patches@gnu.org; Mon, 28 Oct 2024 18:21:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=6gdTbF8y687U7MxFJVMRG2h8wJF+e9ohZqXl972MzxU=; b=SFHais5xr0wLqaSdfKu52JPfvTB6Wz4AdBmSpmtjTXrD50DHNV8JwI3fr2B+daRNCjOuhEdvTglKK2o29SV1tPNJ9/Z9whvxfv8hLjvO5FjUN+PDufV6sGynV8zfMXG+NUX/3nu6ZjfJR25BXND72YvFDlkIVnpTuMM83kT430LjGw4ZtXDwNxmtzh0ESEqkQcFJBsHmS6I8vP/z3GrY6X+dZHhEsgq77u9U6hymcGekFlo4ev9NM3CszGs9mF1qEF8N31G4ZKbaOZkUZcyHWFvax3Pb7Uy8y2jmhD2jSZlr9bpa8+PndCTCFKxWsjZk3v/inm5B4UW7YdomDHzDiw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t5Y6g-0008FD-Vc for guix-patches@gnu.org; Mon, 28 Oct 2024 18:21:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74070] [PATCH] gnu: librewolf: Update to 131.0.3-1 [security fixes]. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 28 Oct 2024 22:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74070 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74070@debbugs.gnu.org Cc: Ian Eure X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.173015404731633 (code B ref -1); Mon, 28 Oct 2024 22:21:02 +0000 Received: (at submit) by debbugs.gnu.org; 28 Oct 2024 22:20:47 +0000 Received: from localhost ([127.0.0.1]:55005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t5Y6Q-0008E8-EN for submit@debbugs.gnu.org; Mon, 28 Oct 2024 18:20:47 -0400 Received: from lists.gnu.org ([209.51.188.17]:58038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t5Y6O-0008Dy-Q5 for submit@debbugs.gnu.org; Mon, 28 Oct 2024 18:20:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t5Y6O-00089b-7X for guix-patches@gnu.org; Mon, 28 Oct 2024 18:20:44 -0400 Received: from fout-a1-smtp.messagingengine.com ([103.168.172.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t5Y6L-0003Gb-Vh for guix-patches@gnu.org; Mon, 28 Oct 2024 18:20:43 -0400 Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfout.phl.internal (Postfix) with ESMTP id AF7CB13802B8; Mon, 28 Oct 2024 18:20:38 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-10.internal (MEProxy); Mon, 28 Oct 2024 18:20:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm2; t=1730154038; x=1730240438; bh=6gdTbF8y687U7MxFJVMRG 2h8wJF+e9ohZqXl972MzxU=; b=XCV+kJ2arnxQxcv8rfN5jHJymyrFV35XpWbFE uAbv/F11RTaDyMHKpae3EyYiNgXdj/fOxHmxmcin5mrUv58/xDFOefx/Wrt1oGIC PqgjxRK5UZ13yv91zTAn2QQiytiBDEQv/EtH2Zn9UoYvryVMd9hoz9kUtsX8vJ8E uQPUXttFXYAyzgYqR4n1PdFYvv8X5Ms03N/YoTMJ1sSXNYGxUvNJ21JUJlPWCYVY IOjcxuHhAKEJ1YIgM1pQPVJnMRr8DiYw1+SapvgSM7TzdCB8LuSQ2q8gLBS2nHjf 1x/BZz/rN3l6/9GfRmV9h1gCFahVypEAuWlmWuMQaKkYeXbvw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1730154038; x=1730240438; bh=6gdTbF8y687U7MxFJVMRG2h8wJF+ e9ohZqXl972MzxU=; b=VxEzOCepFHCvIotuUA8Am7OgrgY1LzSMX+AOXvQt+aci XnK0Xp2xnpRUTnfP6kdOSIas7eDUdrMdN5ynb6ll133GvCzg/SJb5gLtzeYRcExm JhXexm+S4nkjDxyR1giSweCUOt05oEDsMCZGRhWXZjOCrRKHoLXOeK1hsqXWcdis IQpLX32Yc7ttGEVcPDFE6Bu42AgirrQsvaoFo3QTv9wLyq/KhlQJQaVs1nbjavma TOOQMpJyUWMRegIkli+xBhUNfYhggbIkVzTpB2wO7JC6YhDadbIhT43urNeS8S6S zyDTC4I2SpmJi7E5iHsRmvjUh64kTUUaEioAidt8yA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdejledgudefvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhes rhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpefhjefgleetudekhfdufe eikeduteefhefgtddttedtudehheduteetleekfeehleenucffohhmrghinhepghhithhh uhgsrdgtohhmpdgtohguvggsvghrghdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgs pghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhuihigqd hprghttghhvghssehgnhhurdhorhhgpdhrtghpthhtohepihgrnhesrhgvthhrohhsphgv tgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 28 Oct 2024 18:20:37 -0400 (EDT) From: Ian Eure Date: Mon, 28 Oct 2024 15:20:33 -0700 Message-ID: <20241028222033.9927-1-ian@retrospec.tv> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Received-SPF: pass client-ip=103.168.172.144; envelope-from=ian@retrospec.tv; helo=fout-a1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches New upstream bugfix version. This release switches to the firefox-l10n repository, necessitating rework of locale handling. Fixes CVE: CVE-2024-9936: Undefined behavior in selection node cache * gnu/packages/librewolf-pending.scm (librewolf): Update to 131.0.3-1. Change-Id: I468d5995fb9c89b46fef06481f984648f9eeb1b2 --- gnu/packages/librewolf.scm | 67 +++++++------------ .../librewolf-neuter-locale-download.patch | 17 +++++ 2 files changed, 41 insertions(+), 43 deletions(-) create mode 100644 gnu/packages/patches/librewolf-neuter-locale-download.patch diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index d696a3058f..ea50ed4a43 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -111,10 +111,21 @@ (define (librewolf-source-origin version hash) (commit version) (recursive? #t))) (file-name (git-file-name "librewolf-source" version)) + (patches (search-patches "patches/librewolf-neuter-locale-download.patch")) (sha256 (base32 hash)))) (define computed-origin-method (@@ (guix packages) computed-origin-method)) +(define firefox-l10n + (let ((commit "bdfd4e10606204450a3e88d219ecf2b252349c2b")) + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mozilla-l10n/firefox-l10n.git") + (commit commit))) + (file-name (git-file-name "firefox-l10n" commit)) + (sha256 (base32 "0i31b1024jck6467j9phcqvac32psl4nkyb0nm4h9zzyj8zw31xp"))))) + (define* (make-librewolf-source #:key version firefox-hash librewolf-hash) (let* ((ff-src (firefox-source-origin (car (string-split version #\-)) @@ -168,34 +179,10 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash) ;; Stage locales. (begin - (format #t "Staging locales...~%") - (force-output) - (mkdir "l10n-staging") - (with-directory-excursion "l10n-staging" - (for-each - (lambda (locale-dir) - (let ((locale - (string-drop - (basename locale-dir) - (+ 32 ; length of hash - (string-length "-mozilla-locale-"))))) - (format #t " ~a~%" locale) - (force-output) - (copy-recursively locale-dir locale - #:log (%make-void-port "w")) - (for-each make-file-writable (find-files locale)) - (with-directory-excursion locale - (when (file-exists? ".hgtags") - (delete-file ".hgtags"))))) - '#+all-mozilla-locales))) - - ;; Patch build script to use staged locales. - (begin - (substitute* '("scripts/generate-locales.sh") - (("wget") "# wget") - (("unzip") "# unzip") - (("mv browser/locales/l10n/\\$1-\\*/") - "mv ../l10n-staging/$1/"))) + (substitute* "scripts/librewolf-patches.py" + (("l10n_dir = Path(\"..\", \"l10n\")") + (string-append + "l10n_dir = \"" #+firefox-l10n "\"")))) ;; Run the build script (invoke "make" "all") @@ -212,18 +199,18 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum. ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20241010143544") +(define %librewolf-build-id "20241019075849") (define-public librewolf (package (name "librewolf") - (version "131.0.2-1") + (version "131.0.3-1") (source (origin - (inherit (make-librewolf-source - #:version version - #:firefox-hash "05knnwfxqd3mb6a5y2yh73sn4g648dxnz9kpkmpj9madr55863h4" - #:librewolf-hash "1knx485kdjv8d0rn5ai1x1jp0403dvxz9m7lpim1y2d2ilyi26x7")))) + (inherit (make-librewolf-source + #:version version + #:firefox-hash "1l30y1pf2kkhnnnazj2x7j1hy3sxz6x9vjj3lbx3wi9pfzwz6zbs" + #:librewolf-hash "0ayl43nq3h9a3b4nl7sfmil43v0k3x1bmxl7c7ws8710dj2674rc")))) (build-system gnu-build-system) (arguments (list @@ -325,14 +312,7 @@ (define (write-setting key value) ;; Lock the preferences so they can't be enabled. (substitute* "lw/librewolf.cfg" (("defaultPref\\(\"browser\\.ml\\.") - "lockPref(\"browser.ml.")) - ;; Correct a preference typo - ;; see https://codeberg.org/librewolf/issues/issues/1919#issuecomment-2325954 - ;; Remove this in the next update. - (substitute* "lw/librewolf.cfg" - (("browser\\.ml\\.enabled") - "browser.ml.enable")) - )) + "lockPref(\"browser.ml.")))) (add-after 'patch-source-shebangs 'patch-cargo-checksums (lambda _ (use-modules (guix build cargo-utils)) @@ -417,6 +397,7 @@ (define (write-setting key value) (which "bash")) (setenv "MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE" "system") + (setenv "LANG" "en_US.utf8") ;; This should use the host info probably (does it ;; build on non-x86_64 though?) (setenv "GUIX_PYTHONPATH" @@ -625,7 +606,7 @@ (define (runpaths-of-input label) (substitute* desktop-file (("^Exec=@MOZ_APP_NAME@") (string-append "Exec=" - #$output "/bin/librewolf %u")) + #$output "/bin/librewolf")) (("@MOZ_APP_DISPLAYNAME@") "LibreWolf") (("@MOZ_APP_REMOTINGNAME@") diff --git a/gnu/packages/patches/librewolf-neuter-locale-download.patch b/gnu/packages/patches/librewolf-neuter-locale-download.patch new file mode 100644 index 0000000000..da300542f5 --- /dev/null +++ b/gnu/packages/patches/librewolf-neuter-locale-download.patch @@ -0,0 +1,17 @@ +diff --git a/scripts/librewolf-patches.py b/scripts/librewolf-patches.py +index 48dc6bc..01a6c58 100755 +--- a/scripts/librewolf-patches.py ++++ b/scripts/librewolf-patches.py +@@ -147,12 +147,6 @@ def librewolf_patches(): + with open(file, "w") as f: + f.write("{}-{}".format(version,release)) + +- print("-> Downloading locales from https://github.com/mozilla-l10n/firefox-l10n") +- with TemporaryDirectory() as tmpdir: +- exec(f"wget -qO {tmpdir}/l10n.zip 'https://codeload.github.com/mozilla-l10n/firefox-l10n/zip/refs/heads/main'") +- exec(f"unzip -qo {tmpdir}/l10n.zip -d {tmpdir}/l10n") +- exec(f"mv {tmpdir}/l10n/firefox-l10n-main lw/l10n") +- + print("-> Patching appstrings.properties") + # Why is "Firefox" hardcoded there??? + exec("find . -path '*/appstrings.properties' -exec sed -i s/Firefox/LibreWolf/ {} \;")