diff options
| author | Ian Eure <ian@retrospec.tv> | 2025-02-10 17:55:34 -0800 |
|---|---|---|
| committer | Ian Eure <ian@retrospec.tv> | 2025-02-14 16:02:57 -0800 |
| commit | a38d71b2e55711f547d468b0df641fc4488074d0 (patch) | |
| tree | f9eb2516aa1f24f816ac0e0fe9865247c8cc9b71 | |
| parent | 93551174af7a96d61f22f013ad1b9935106bf040 (diff) | |
| download | guix-a38d71b2e55711f547d468b0df641fc4488074d0.tar.gz guix-a38d71b2e55711f547d468b0df641fc4488074d0.zip | |
gnu: librewolf: Update to 135.0-1 [security fixes].
New upstream version. Contains fixes for:
CVE-2025-1009: Use-after-free in XSLT
CVE-2025-1010: Use-after-free in Custom Highlight
CVE-2025-1018: Fullscreen notification is not displayed when
fullscreen is re-requested
CVE-2025-1011: A bug in WebAssembly code generation could result in a
crash
CVE-2025-1012: Use-after-free during concurrent delazification
CVE-2025-1019: Fullscreen notification not properly displayed
CVE-2025-1013: Potential opening of private browsing tabs in normal
browsing windows
CVE-2025-1014: Certificate length was not properly checked
CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird
135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird
115.20, and Thunderbird 128.7
CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird
135, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird
135
* gnu/packages/librewolf.scm (librewolf): Update to 135.0-1.
Change-Id: I7054fc9df31d59bb0d42e02b1f359cf3e6c1a43d
| -rw-r--r-- | gnu/packages/librewolf.scm | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index 59c7e3a4a3..e5e91fb91e 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -200,22 +200,23 @@ ;;; but since in Guix only the latest packaged Rust is officially supported, ;;; it is a tradeoff worth making. ;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html -(define rust-librewolf rust-1.81) +;; 135.0 wants 1.83, but it's not available in Guix yet. +(define rust-librewolf rust-1.82) ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20250121184331") +(define %librewolf-build-id "20250209210057") (define-public librewolf (package (name "librewolf") - (version "134.0.2-1") + (version "135.0-1") (source (make-librewolf-source #:version version - #:firefox-hash "09yxacfcklgjqbqvcac32llwmlb16d9jhfp2mif9qs7s2gzvfvkc" - #:librewolf-hash "1qa3crgazfvmsqx8dm0k78yk9cb11w1lf74x6x8ixjq5ifsdh1ws" + #:firefox-hash "0q5r2q6q56kyzl5pknrir9bzlhmzbvv9hi5gi4852izgcali4zl2" + #:librewolf-hash "0fg4vji5xb17pgvq7jnfz4dq08gi0rl998xhj37hfm5zxs19y8jk" #:l10n firefox-l10n)) (build-system gnu-build-system) (arguments |