[PATCH 0/3] gnu: librewolf: Update to 133.0.3-1.

Done

Details

3 participants

Ian Eure
Rodion Goritskov
Z572

Owner: unassigned

Submitted by: Ian Eure

Severity: normal

Ian Eure wrote on 11 Jan 18:27 +0100

Recipients:(address . guix-patches@gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250111172715.3642-1-ian@retrospec.tv

Fairly straightforwaard update. Paramaterized `make-librewolf-source' to

accept the l10n package.

Ian Eure (3):

gnu: firefox-l10n: Update to d219efa7c64850dfb5904893e17a5431c7058192.

gnu: librewolf: Update to 133.0.3-1.

gnu: make-librewolf-source: Take l10n package as an arg.

gnu/packages/librewolf.scm | 21 +++++++++++----------

1 file changed, 11 insertions(+), 10 deletions(-)

2.47.1

Ian Eure wrote on 11 Jan 18:29 +0100

[PATCH 2/3] gnu: librewolf: Update to 133.0.3-1.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250111172936.3737-2-ian@retrospec.tv

Upstream bugfix release. There were no 133.0.1 or .2 Firefox releases,

133.0.3 follows 133.0. This is straightforward update, other than switching

from gzip to pigz, which is a LibreWolf upstream change.

* gnu/packages/librewolf.scm (librewolf): Update to 133.0.3-1.

Change-Id: I40d305f16bd5a7b55f0d40a3e8885abd2cf2de0a

---

gnu/packages/librewolf.scm | 10 +++++-----

1 file changed, 5 insertions(+), 5 deletions(-)

Toggle diff (37 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 2011e261e4..1d58191e0c 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -154,7 +154,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
                       #+(canonical-package xz)
                       #+(canonical-package sed)
                       #+(canonical-package grep)
-                      #+(canonical-package gzip)
+                      #+(canonical-package pigz)
                       #+(canonical-package tar)))
                (set-path-environment-variable
                 "PYTHONPATH"
@@ -203,17 +203,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241130102406")
+(define %librewolf-build-id "20241215105141")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "133.0-1")
+    (version "133.0.3-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
-      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
+      #:firefox-hash "06ya18ma1gndci0aygz75hidn3kwa1kji78g8smh7fq0091aad7i"
+      #:librewolf-hash "05mlqqcvsa84h3nagm51hwsxkxsbcn2676fj4bih37ddlgkylf3b"))
     (build-system gnu-build-system)
     (arguments
      (list
-- 
2.47.1

Ian Eure wrote on 11 Jan 18:29 +0100

[PATCH 1/3] gnu: firefox-l10n: Update to d219efa7c64850dfb5904893e17a5431c7058192.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250111172936.3737-1-ian@retrospec.tv

* gnu/packages/librewolf.scm (firefox-l10n): Update to d219efa7c64850dfb5904893e17a5431c7058192.

Change-Id: Ia4303f13a0cbf7c4908410b735b509a4a5f505cd

---

gnu/packages/librewolf.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 42bae0fbc0..2011e261e4 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -117,14 +117,14 @@ (define (librewolf-source-origin version hash)
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
 (define firefox-l10n
-  (let ((commit "bdfd4e10606204450a3e88d219ecf2b252349c2b"))
+  (let ((commit "d219efa7c64850dfb5904893e17a5431c7058192"))
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/mozilla-l10n/firefox-l10n.git")
             (commit commit)))
       (file-name (git-file-name "firefox-l10n" commit))
-      (sha256 (base32 "0i31b1024jck6467j9phcqvac32psl4nkyb0nm4h9zzyj8zw31xp")))))
+      (sha256 (base32 "0g778fnxg5mkqm3rgryzl64f3n4pczngjdlby07vh2dycvmlyga8")))))
 
 (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
   (let* ((ff-src (firefox-source-origin
-- 
2.47.1

Ian Eure wrote on 11 Jan 18:29 +0100

[PATCH 3/3] gnu: make-librewolf-source: Take l10n package as an arg.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250111172936.3737-3-ian@retrospec.tv

* gnu/packages/librewolf.scm (make-librewolf-source): Take l10n package as an

arg.

Change-Id: I3c405edc07edb54e27afee16325c93a83d37ad79

---

gnu/packages/librewolf.scm | 9 +++++----

1 file changed, 5 insertions(+), 4 deletions(-)

Toggle diff (43 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1d58191e0c..a4eb45f03e 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -21,7 +21,7 @@
 ;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
 ;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
-;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;; Copyright © 2023, 2024, 2025 Ian Eure <ian@retrospec.tv>
 ;;; Copyright © 2024 Remco van 't Veer <remco@remworks.net>
 ;;; Copyright © 2024 Ashvith Shetty <ashvithshetty10@gmail.com>
 ;;;
@@ -126,7 +126,7 @@ (define firefox-l10n
       (file-name (git-file-name "firefox-l10n" commit))
       (sha256 (base32 "0g778fnxg5mkqm3rgryzl64f3n4pczngjdlby07vh2dycvmlyga8")))))
 
-(define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
+(define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
   (let* ((ff-src (firefox-source-origin
                   (car (string-split version #\-))
                   firefox-hash))
@@ -182,7 +182,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
                  (substitute* "scripts/librewolf-patches.py"
                    (("l10n_dir = Path(\"..\", \"l10n\")")
                     (string-append
-                     "l10n_dir = \"" #+firefox-l10n "\""))))
+                     "l10n_dir = \"" #+l10n "\""))))
 
                ;; Run the build script
                (invoke "make" "all")
@@ -213,7 +213,8 @@ (define-public librewolf
      (make-librewolf-source
       #:version version
       #:firefox-hash "06ya18ma1gndci0aygz75hidn3kwa1kji78g8smh7fq0091aad7i"
-      #:librewolf-hash "05mlqqcvsa84h3nagm51hwsxkxsbcn2676fj4bih37ddlgkylf3b"))
+      #:librewolf-hash "05mlqqcvsa84h3nagm51hwsxkxsbcn2676fj4bih37ddlgkylf3b"
+      #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
      (list
-- 
2.47.1

Rodion Goritskov wrote on 12 Jan 23:00 +0100

QA review for 75499

Recipients:

Message-ID:86a5bvofow.fsf@bumblebee-serious.mail-host-address-is-not-set

user guix

usertag 75499 + reviewed-looks-good

thanks

Guix QA review form submission:

Builds, starts, works fine

Items marked as checked: Lint warnings, Package builds, Commit messages

Ian Eure wrote on 22 Jan 04:45 +0100

[PATCH v2 1/4] gnu: firefox-l10n: Update to d219efa7c64850dfb5904893e17a5431c7058192.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250122034553.19027-1-ian@retrospec.tv

* gnu/packages/librewolf.scm (firefox-l10n): Update to d219efa7c64850dfb5904893e17a5431c7058192.

Change-Id: Ia4303f13a0cbf7c4908410b735b509a4a5f505cd

---

gnu/packages/librewolf.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 42bae0fbc0..2011e261e4 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -117,14 +117,14 @@ (define (librewolf-source-origin version hash)
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
 (define firefox-l10n
-  (let ((commit "bdfd4e10606204450a3e88d219ecf2b252349c2b"))
+  (let ((commit "d219efa7c64850dfb5904893e17a5431c7058192"))
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/mozilla-l10n/firefox-l10n.git")
             (commit commit)))
       (file-name (git-file-name "firefox-l10n" commit))
-      (sha256 (base32 "0i31b1024jck6467j9phcqvac32psl4nkyb0nm4h9zzyj8zw31xp")))))
+      (sha256 (base32 "0g778fnxg5mkqm3rgryzl64f3n4pczngjdlby07vh2dycvmlyga8")))))
 
 (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
   (let* ((ff-src (firefox-source-origin
-- 
2.47.1

Ian Eure wrote on 22 Jan 04:45 +0100

[PATCH v2 3/4] gnu: librewolf: Tidy code formatting.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250122034553.19027-3-ian@retrospec.tv

* gnu/packages/librewolf.scm (librewolf): Tidy code formatting.

Change-Id: I0341da820f170c26888800ea433e539f2a6a2520

---

gnu/packages/librewolf.scm | 22 +++++++++++++---------

1 file changed, 13 insertions(+), 9 deletions(-)

Toggle diff (42 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 98bd6913b5..5bdf7a0f81 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -570,10 +570,13 @@ (define (runpaths-of-input label)
                                        (string-append (assoc-ref inputs
                                                                  lib-name)
                                                       "/lib"))
-                                     '("mesa" "libpng-apng" "libnotify" "libva"
-                                       "pulseaudio" "gtk+" "pipewire"
-                                       ;; For U2F and WebAuthn
-                                       "eudev")))
+                                     '("eudev" ; For U2F and WebAuthn
+                                       "libnotify"
+                                       "libpng-apng"
+                                       "libva"
+                                       "mesa"
+                                       "pipewire" ; For sharing on Wayland
+                                       "pulseaudio")))
 
                               ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
                               ;; and must be explicitly given access to files it needs.
@@ -584,11 +587,12 @@ (define (runpaths-of-input label)
                               ;; runpaths of the needed libraries to add everything to
                               ;; LD_LIBRARY_PATH.  These will then be accessible in the
                               ;; RDD sandbox.
-                              (rdd-whitelist (map (cut string-append <> "/")
-                                                  (delete-duplicates (append-map
-                                                                      runpaths-of-input
-                                                                      '("mesa"
-                                                                        "ffmpeg")))))
+                              (rdd-whitelist
+                               (map (cut string-append <> "/")
+                                    (delete-duplicates
+                                     (append-map runpaths-of-input
+                                                 '("mesa"
+                                                   "ffmpeg")))))
                               (gtk-share (string-append (assoc-ref inputs
                                                                    "gtk+")
                                                         "/share")))
-- 
2.47.1

Ian Eure wrote on 22 Jan 04:45 +0100

[PATCH v2 4/4] gnu: librewolf: Update to 134.0.1-1 [security fixes].

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250122034553.19027-4-ian@retrospec.tv

New upstream release.  Some minor tweaks needed, like switching from gzip to
pigz, updating icu4c, and ensuring it builds with the correct Rust version.

CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
CVE-2025-0238: Use-after-free when breaking lines in text
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON
               module
CVE-2025-0241: Memory corruption when using JavaScript Text
               Segmentation
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird
               115.19, and Thunderbird 128.6
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird
               134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-0244: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme
               on Firefox for Android
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird
               134

* gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1.

Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23
---
 gnu/packages/librewolf.scm | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

Toggle diff (62 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 5bdf7a0f81..28abaefe53 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -154,7 +154,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
                       #+(canonical-package xz)
                       #+(canonical-package sed)
                       #+(canonical-package grep)
-                      #+(canonical-package gzip)
+                      #+(canonical-package pigz)
                       #+(canonical-package tar)))
                (set-path-environment-variable
                 "PYTHONPATH"
@@ -194,26 +194,28 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
         "torbrowser-compare-paths.patch"
         "librewolf-use-system-wide-dir.patch")))))
 
-;; Define the versions of rust needed to build librewolf, trying to match
-;; upstream.  See the file taskcluster/ci/toolchain/rust.yml at
-;; https://searchfox.org under the particular firefox release, like
-;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
+;;; Define the versions of rust needed to build firefox, trying to match
+;;; upstream.  See table at [0], `Uses' column for the specific version.
+;;; Using `rust' will likely lead to a newer version then listed in the table,
+;;; but since in Guix only the latest packaged Rust is officially supported,
+;;; it is a tradeoff worth making.
+;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
+(define rust-librewolf rust-1.81)
 
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241130102406")
+(define %librewolf-build-id "20250121184331")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "133.0-1")
+    (version "134.0.1-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
-      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
+      #:firefox-hash "1rb54b62zcmhabmx3rsd5badv9wwih6h19a0g80c03qgwwy8b8g3"
+      #:librewolf-hash "0bcjk3pkyq2w39n022kcpl8nqd8ng9653jc8gklfrfw9avwmpmk2"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
@@ -666,7 +668,7 @@ (define (runpaths-of-input label)
                   gtk+
                   gtk+-2
                   hunspell
-                  icu4c-73
+                  icu4c-75
                   jemalloc
                   libcanberra
                   libevent
-- 
2.47.1

Ian Eure wrote on 22 Jan 04:45 +0100

[PATCH v2 2/4] gnu: make-librewolf-source: Take l10n package as an arg.

Recipients:(address . 75499@debbugs.gnu.org)(name . Ian Eure)(address . ian@retrospec.tv)

Message-ID:20250122034553.19027-2-ian@retrospec.tv

* gnu/packages/librewolf.scm (make-librewolf-source): Take l10n package as an

arg.

Change-Id: I3c405edc07edb54e27afee16325c93a83d37ad79

---

gnu/packages/librewolf.scm | 7 ++++---

1 file changed, 4 insertions(+), 3 deletions(-)

Toggle diff (41 lines)diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 2011e261e4..98bd6913b5 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -21,7 +21,7 @@
 ;;; Copyright © 2021, 2022, 2023 John Kehayias <john.kehayias@protonmail.com>
 ;;; Copyright © 2022 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2023 Tomas Volf <wolf@wolfsden.cz>
-;;; Copyright © 2023 Ian Eure <ian@retrospec.tv>
+;;; Copyright © 2023, 2024, 2025 Ian Eure <ian@retrospec.tv>
 ;;; Copyright © 2024 Remco van 't Veer <remco@remworks.net>
 ;;; Copyright © 2024 Ashvith Shetty <ashvithshetty10@gmail.com>
 ;;;
@@ -126,7 +126,7 @@ (define firefox-l10n
       (file-name (git-file-name "firefox-l10n" commit))
       (sha256 (base32 "0g778fnxg5mkqm3rgryzl64f3n4pczngjdlby07vh2dycvmlyga8")))))
 
-(define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
+(define* (make-librewolf-source #:key version firefox-hash librewolf-hash l10n)
   (let* ((ff-src (firefox-source-origin
                   (car (string-split version #\-))
                   firefox-hash))
@@ -182,7 +182,7 @@ (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
                  (substitute* "scripts/librewolf-patches.py"
                    (("l10n_dir = Path(\"..\", \"l10n\")")
                     (string-append
-                     "l10n_dir = \"" #+firefox-l10n "\""))))
+                     "l10n_dir = \"" #+l10n "\""))))
 
                ;; Run the build script
                (invoke "make" "all")
@@ -214,6 +214,7 @@ (define-public librewolf
       #:version version
       #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
       #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
+      #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
      (list
-- 
2.47.1

Z572 wrote on 22 Jan 11:23 +0100

Re: [bug#75499] [PATCH v2 1/4] gnu: firefox-l10n: Update to d219efa7c64850dfb5904893e17a5431c7058192.

Recipients:(name . Ian Eure)(address . ian@retrospec.tv)(address . 75499-done@debbugs.gnu.org)

Message-ID:87r04v1718.fsf@iscas.ac.cn

Ian Eure <ian@retrospec.tv> writes:

Toggle quote (28 lines)> * gnu/packages/librewolf.scm (firefox-l10n): Update to d219efa7c64850dfb5904893e17a5431c7058192.
>
> Change-Id: Ia4303f13a0cbf7c4908410b735b509a4a5f505cd
> ---
>  gnu/packages/librewolf.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
> index 42bae0fbc0..2011e261e4 100644
> --- a/gnu/packages/librewolf.scm
> +++ b/gnu/packages/librewolf.scm
> @@ -117,14 +117,14 @@ (define (librewolf-source-origin version hash)
>  (define computed-origin-method (@@ (guix packages) computed-origin-method))
>  
>  (define firefox-l10n
> -  (let ((commit "bdfd4e10606204450a3e88d219ecf2b252349c2b"))
> +  (let ((commit "d219efa7c64850dfb5904893e17a5431c7058192"))
>      (origin
>        (method git-fetch)
>        (uri (git-reference
>              (url "https://github.com/mozilla-l10n/firefox-l10n.git")
>              (commit commit)))
>        (file-name (git-file-name "firefox-l10n" commit))
> -      (sha256 (base32 "0i31b1024jck6467j9phcqvac32psl4nkyb0nm4h9zzyj8zw31xp")))))
> +      (sha256 (base32 "0g778fnxg5mkqm3rgryzl64f3n4pczngjdlby07vh2dycvmlyga8")))))
>  
>  (define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
>    (let* ((ff-src (firefox-source-origin

pushed, closing.

Closed

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 75499@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 75499

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date