guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 2c34e9ccb687f8f87b5411215c973f6c5354c965
Author: Ian Eure <[email protected]>
AuthorDate: Tue Jan 13 18:25:03 2026 -0800
gnu: librewolf: Update to 147.0.1-3 [security-fixes].
Contains fixes for:
CVE-2026-0877: Mitigation bypass in the DOM: Security component
CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in
the Graphics: CanvasWebGL component
CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in
the Graphics component
CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
component
CVE-2026-0881: Sandbox escape in the Messaging System component
CVE-2026-0882: Use-after-free in the IPC component
CVE-2026-0883: Information disclosure in the Networking component
CVE-2026-0884: Use-after-free in the JavaScript Engine component
CVE-2026-0885: Use-after-free in the JavaScript: GC component
CVE-2026-0886: Incorrect boundary conditions in the Graphics component
CVE-2026-0887: Clickjacking issue, information disclosure in the PDF
Viewer component
CVE-2026-0888: Information disclosure in the XML component
CVE-2026-0889: Denial-of-service in the DOM: Service Workers component
CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop
component
CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7,
Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
CVE-2026-0892: Memory safety bugs fixed in Firefox 147 and Thunderbird
147
* gnu/packages/librewolf.scm (librewolf-bsys6): New variable.
* gnu/packages/librewolf.scm (make-librewolf-source): Don’t attempt to GPG
sign the source tarball, the key isn’t available.
* gnu/packages/librewolf.scm (librewolf): Update to 147.0.1-3.
[native-inputs] Add librewolf-bsys6.
[phases 'patch-icu-lookup]: Delete.
[phases 'install-desktop-entry]: Use the .desktop file template from
librewolf-bsys6.
Change-Id: Ic7ff0197294cbb2485cb8db2f42f4fb499e39277
---
gnu/packages/librewolf.scm | 94 +++++++++++++++++++++++-----------------------
1 file changed, 47 insertions(+), 47 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 29f6c58e4b..d52e727bae 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -184,6 +184,10 @@
(("^ff_source_tarball:=.*")
(string-append "ff_source_tarball:=" #+ff-src)))
+ ;; Neuter GPG signing of the tarball.
+ (substitute* '("Makefile")
+ (("if [ -f pk.asc ].*") ""))
+
;; Stage locales.
(begin
(substitute* "scripts/librewolf-patches.py"
@@ -216,6 +220,16 @@
"media/libwebp"
"modules/zlib"))))))
+(define librewolf-bsys6
+ (let ((commit "e0397b2b95aa14e1a83be460681ffbeb0b41ca3f"))
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://codeberg.org/librewolf/bsys6.git";)
+ (commit commit)))
+ (file-name (git-file-name "librewolf-bsys6" commit))
+ (sha256 (base32
"16b2z1b89y0lm9b9xrvvfa5j0av4ibmcgkksnnqxmn2qrz04awzw")))))
+
;;; Define the versions of rust needed to build firefox, trying to match
;;; upstream. See table at [0], `Uses' column for the specific version.
;;; Using `rust' will likely lead to a newer version then listed in the table,
@@ -228,17 +242,17 @@
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
;; or: (format-time-string "%Y%m%d%H%M%S")
-(define %librewolf-build-id "20251219212454")
+(define %librewolf-build-id "20260118150544")
(define-public librewolf
(package
(name "librewolf")
- (version "146.0.1-1")
+ (version "147.0.1-3")
(source
(make-librewolf-source
#:version version
- #:firefox-hash "1swih4jljq162vgdl2m2d8xn4s4hj4vjqcfww59kk4kkhh78lrz9"
- #:librewolf-hash "13gxagaibv0bmn34rz3hfkfy7rgdksl635znmrq24l8v80y792ii"
+ #:firefox-hash "1jvx0q134nfa19jbdjr3cj2xi8fc6ggmr6glqj9d8bvpqd52gs09"
+ #:librewolf-hash "1290vvbbinlaff60n1gabdggam7ayslrr3rnlpkwprab77gq45yh"
#:l10n firefox-l10n))
(build-system gnu-build-system)
(arguments
@@ -421,18 +435,6 @@
(lambda _
(setenv "MOZ_BUILD_DATE"
#$%librewolf-build-id)))
- ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1927380
- (add-before 'configure 'patch-icu-lookup
- (lambda _
- (let* ((file "js/moz.configure")
- (old-content (call-with-input-file file get-string-all)))
- (substitute* file
- (("icu-i18n >= 76.1" all)
- (string-append all ", icu-uc >= 76.1")))
- (if (string=? old-content
- (pk (call-with-input-file file get-string-all)))
- (error
- "substitute did nothing, phase requires an update")))))
(replace 'configure
(lambda* (#:key inputs outputs configure-flags
#:allow-other-keys)
@@ -575,26 +577,21 @@
`("MOZ_ALLOW_DOWNGRADE" =
("1"))))))
(add-after 'wrap-program 'install-desktop-entry
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((desktop-file
- "toolkit/mozapps/installer/linux/rpm/mozilla.desktop")
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((desktop-file-name "librewolf.desktop")
+ (desktop-file-template
+ (search-input-file inputs
"assets/linux.librewolf.desktop.in"))
(applications (string-append #$output
"/share/applications")))
- (substitute* desktop-file
- (("^Exec=@MOZ_APP_NAME@")
- (string-append "Exec="
- #$output "/bin/librewolf %u"))
- (("@MOZ_APP_DISPLAYNAME@")
- "LibreWolf")
- (("@MOZ_APP_REMOTINGNAME@")
- "LibreWolf")
- (("^Icon=@MOZ_APP_NAME@")
+ (copy-file desktop-file-template desktop-file-name)
+ (substitute* desktop-file-name
+ (("MYDIR/librewolf")
+ (string-append #$output "/bin/librewolf"))
+ (("^Icon=librewolf")
(string-append "Icon="
#$output
"/share/icons/hicolor/128x128/apps/librewolf.png")))
-
- (copy-file desktop-file "librewolf.desktop")
- (install-file "librewolf.desktop" applications))))
+ (install-file desktop-file-name applications))))
(add-after 'install-desktop-entry 'install-icons
(lambda* (#:key outputs #:allow-other-keys)
(let ((icon-source-dir (string-append #$output
@@ -640,7 +637,7 @@
gtk+
gtk+-2
hunspell
- icu4c-76
+ icu4c-78
jemalloc
libcanberra
libevent
@@ -674,21 +671,24 @@
unzip
zip
zlib))
- (native-inputs (list alsa-lib
- autoconf-2.13
- `(,rust-librewolf "cargo")
- clang-18
- llvm-18
- m4
- nasm
- node-lts
- perl
- pkg-config
- python
- rust-librewolf
- rust-cbindgen-0.29
- which
- yasm))
+ (native-inputs
+ (list
+ alsa-lib
+ autoconf-2.13
+ `(,rust-librewolf "cargo")
+ clang-18
+ librewolf-bsys6
+ llvm-18
+ m4
+ nasm
+ node-lts
+ perl
+ pkg-config
+ python
+ rust-librewolf
+ rust-cbindgen-0.29
+ which
+ yasm))
(native-search-paths
(list (search-path-specification
(variable "ICECAT_SYSTEM_DIR")
