gnu: librewolf: Update to 138.0.3-1 [security fixes].

Contains fixes for: CVE-2025-2817: Privilege escalation in Firefox Updater CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS CVE-2025-4083: Process isolation bypass using "javascript:" URI links in cross-origin frames CVE-2025-4085: Potential information leakage and privilege escalation in UITour actor CVE-2025-4086: Specially crafted filename could be used to obscure download type CVE-2025-4087: Unsafe attribute access during XPath parsing CVE-2025-4088: Cross-site request forgery via storage access API redirects CVE-2025-4089: Potential local code execution in "copy as cURL" command CVE-2025-4090: Leaked library paths in Firefox for Android CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird 138 * gnu/packages/librewolf.scm (librewolf): Update to 138.0.3-1. * gnu/packages/patches/librewolf-compare-paths.patch: New file. Change-Id: I2cc11b758dbc77f7ec3451faa89918b08c890729
author: Ian Eure <ian@retrospec.tv> 2025-05-15 07:16:00 -0700
committer: Ian Eure <ian@retrospec.tv> 2025-05-17 19:47:57 -0700
commit: f718e0e5e0c137ca5441de13ea56866d045c983e (patch)
tree: 5b84314e13031051b31dc1814f0c2530f49ec6e1 /gnu/packages/librewolf.scm
parent: 71da0b37ab97c1b6bd6bf8fde9b155b6ee024c1c (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index bcacbf8dd15..063a89420fe 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -191,7 +191,7 @@
                           #$output)))))
       (patches
        (search-patches
-        "torbrowser-compare-paths.patch"
+        "librewolf-compare-paths.patch"
         "librewolf-use-system-wide-dir.patch"
         "librewolf-add-store-to-rdd-allowlist.patch")))))
 
@@ -207,17 +207,17 @@
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20250416062358")
+(define %librewolf-build-id "20250502155055")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "137.0.2-1")
+    (version "138.0.3-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "01yd5cq6qgww6w2kq1bchy9j81blim15kdz7bvx8n512m2x3mz06"
-      #:librewolf-hash "0vy1xvjwgc4vd9q3laakx6lrsy4ghpdr98vm9lmx86amg9gak5ix"
+      #:firefox-hash "1r0kam26cz5rz39n6zcc2hrbav6dxlfrsa0qhhfjlnv33ns3lzx2"
+      #:librewolf-hash "1bf9sa5radjr7g6ng7kqy2ss13c0q6vkq9dfzj5y998ifxw19s4c"
       #:l10n firefox-l10n))
     (build-system gnu-build-system)
     (arguments
@@ -639,7 +639,7 @@
                   libxt
                   mesa
                   mit-krb5
-                  nspr
+                  nspr-4.36
                   nss-rapid
                   pango
                   pciutils
@@ -665,7 +665,7 @@
                          pkg-config
                          python
                          rust-librewolf
-                         rust-cbindgen-0.26
+                         rust-cbindgen-0.28
                          which
                          yasm))
     (native-search-paths
author	Ian Eure <ian@retrospec.tv>	2025-05-15 07:16:00 -0700
committer	Ian Eure <ian@retrospec.tv>	2025-05-17 19:47:57 -0700
commit	f718e0e5e0c137ca5441de13ea56866d045c983e (patch)
tree	5b84314e13031051b31dc1814f0c2530f49ec6e1 /gnu/packages/librewolf.scm
parent	71da0b37ab97c1b6bd6bf8fde9b155b6ee024c1c (diff)