| Age | Commit message (Collapse) | Author |
|---|
|
Librewolf 139.0.4 contains fixes for:
CVE-2025-49709: Memory corruption in canvas surfaces
CVE-2025-49710: Integer overflow in OrderedHashTable
* gnu/packages/librewolf.scm (librewolf): Update to 139.0.4-1.
Change-Id: I622465bb1e0ba29dac6c3ede29a64f92f76946c1
|
|
* gnu/packages/librewolf.scm (firefox-l10n): Update to 0d3843540cfd7d38f8a60831fbfae996b6fe2efc.
Change-Id: I655b500492552ca98e4b622a092f093da5bc8c11
|
|
* gnu/packages/librewolf.scm (librewolf): Update to 139.0.1-1.
Change-Id: I01da1fbf26f8875bdc066114a37e9f92b9d10459
|
|
Contains fixes for:
CVE-2025-5263: Error handling for script execution was incorrectly
isolated from web content
CVE-2025-5264: Potential local code execution in “Copy as cURL”
command
CVE-2025-5265: Potential local code execution in “Copy as cURL”
command
CVE-2025-5266: Script element events leaked cross-origin resource
status
CVE-2025-5270: SNI was sometimes unencrypted
CVE-2025-5271: Devtools' preview ignored CSP headers
CVE-2025-5267: Clickjacking vulnerability could have led to leaking
saved payment card details
CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird
139, Firefox ESR 128.11, and Thunderbird 128.11
CVE-2025-5272: Memory safety bugs fixed in Firefox 139 and Thunderbird
139
* gnu/packages/librewolf.scm (librewolf): Update to 139.0-1.
Change-Id: I42b2e98f49a99f0b5259e02726e9f521a19932b8
|
|
* gnu/packages/librewolf.scm (firefox-l10n): Update to 0ae64b96c777ad164d85142acdcd0ceb3e14e8d1.
Change-Id: I84551fb5decc040966d8631407c260e72c1d3678
|
|
* gnu/packages/librewolf.scm (make-librewolf-source): Delete
testing/web-platform. This frees more than 800M of RAM during the
build. Removing it seems to be enough to allow build on some
machines.
Signed-off-by: Ian Eure <ian@retrospec.tv>
|
|
Fixes:
CVE-2025-4918: Out-of-bounds access when resolving Promise objects
CVE-2025-4919: Out-of-bounds access when optimizing linear sums
* gnu/packages/librewolf.scm (librewolf): Update to 138.0.4-1.
Change-Id: I2c2b7b5a043b37b60f0378f115f0f31fa3993618
|
|
Contains fixes for:
CVE-2025-2817: Privilege escalation in Firefox Updater
CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for
macOS
CVE-2025-4083: Process isolation bypass using "javascript:" URI links
in cross-origin frames
CVE-2025-4085: Potential information leakage and privilege escalation
in UITour actor
CVE-2025-4086: Specially crafted filename could be used to obscure
download type
CVE-2025-4087: Unsafe attribute access during XPath parsing
CVE-2025-4088: Cross-site request forgery via storage access API
redirects
CVE-2025-4089: Potential local code execution in "copy as cURL"
command
CVE-2025-4090: Leaked library paths in Firefox for Android
CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird
138, Firefox ESR 128.10, and Thunderbird 128.10
CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird
138
* gnu/packages/librewolf.scm (librewolf): Update to 138.0.3-1.
* gnu/packages/patches/librewolf-compare-paths.patch: New file.
Change-Id: I2cc11b758dbc77f7ec3451faa89918b08c890729
|
|
* gnu/packages/librewolf.scm (firefox-l10n): Update to 11220b79b5f69e3004bf51829ae432c2c617107e.
Change-Id: Ia031db20a3bfabfe1569e07566d7701a814e0f2d
|
|
* gnu/packages/librewolf.scm (librewolf): [#:configure-flags] Reorder.
Change-Id: I25fe8ccc63f67cd8cfe5b1f5980e9cf230d71b64
|
|
* gnu/packages/librewolf.scm (librewolf): Clean up parallel build code.
Change-Id: I98c7669c21c13890a2deb520cd44b74669664b4b
|
|
* gnu/packages/librewolf.scm (librewolf):
[patches]: Add librewolf-add-store-to-rdd-allowlist.patch.
[phase 'wrap-program]: Remove rdd allowlist manipulation.
* gnu/packages/patches/librewolf-add-store-to-rdd-allowlist.patch: Add.
|
|
* gnu/packages/librewolf.scm (librewolf):
[phase 'fix-preferences]: Remove.
Change-Id: I36708b416e60fff8f239d6ba8621cbba9a8c3c14
|
|
CVE-2025-3608: Race condition in nsHttpTransaction could lead to
memory corruption
* gnu/packages/librewolf.scm (librewolf): Update to 137.0.2-1.
Change-Id: I39023c324058bc369331eb165d34cf388029459f
|
|
This patch fixes the video playback issue with librewolf.
From ebe6707d964fca6f47cf778559f6890bf67665dd Mon Sep 17 00:00:00 2001
Message-ID: <ebe6707d964fca6f47cf778559f6890bf67665dd.1744735632.git.jakob.kirsch@web.de>
From: Jakob Kirsch <jakob.kirsch@web.de>
Date: Tue, 15 Apr 2025 18:44:58 +0200
Subject: [PATCH] gnu: librewolf: Fix video playback.
Firefox seems to enable VAAPI starting with version 137, which depends on libpciaccess.
Without it, video playback randomly stops and doesn't work until you restart the browser.
* gnu/packages/librewolf.scm (librewolf): [inputs]: Add libpciaccess.
Change-Id: I87332f53a41ef64639c9770c6dbfcac1eefe2e84
Signed-off-by: Ian Eure <ian@retrospec.tv>
|
|
This avoids issues with Native Messaging and non-guix add-ons:
<https://issues.guix.gnu.org/77415>.
* gnu/packages/librewolf.scm (librewolf)[arguments]: Add an
'mkdir-lib-icecat' phase.
Change-Id: I2e5dc8f599708c414c9266ee3453a6beac08ee66
Signed-off-by: Ian Eure <ian@retrospec.tv>
|
|
* gnu/packages/librewolf.scm (librewolf):
[#:configure-flags]: Dedent for readability.
Change-Id: I79e945ac6cf0b67fc5aae6d6f4669e6af47f30c2
|
|
When 'configure creates the mozconfig used to build the browser, it overwrites
upstream’s configuration, requiring that it repeat the options already set
upstream. It also handles the final two options incorrectly, due to missing
newlines -- the options are concatenated.
Instead of doing that all that, append the Guix-specific options to
upstream’s mozconfig.
* gnu/packages/librewolf.scm (librewolf): Fix mozconfig creation.
[#:configure-flags]: Remove flags already present in upstream mozconfig.
[#:configure-flags]: Disable toolchain bootstrapping.
[phase 'configure]: Remove flags already present in upstream mozconfig.
[phase 'configure]: Append to mozconfig instead of overwriting.
Change-Id: I67070ac1e84747ea4f88c527441ffcea4c2e02f5
|
|
With the Mozzarella changes moved to 'use-mozzarella, 'fix-config no longer
reflects what this phase is doing; rename it. Also, move it to run after
'unpack, and modify the file in the source tree, rather than after 'install,
modifying the file in the package output.
* gnu/packages/librewolf.scm (librewolf):
[phase 'patch-config]: Rename to 'expand-extension-scope. Run earlier, and
work on the source tree, not the package output.
Change-Id: If226a70daa780d652b2bb3028c888d029c765444
|
|
* gnu/packages/librewolf.scm (librewolf): Move all Mozzarella-related changes
into a new 'use-mozzarella phase, instead of splitting it into two others.
Change-Id: Iba264d26a944bd83ebb31c0a952a757b0ed4e847
|
|
* gnu/packages/librewolf.scm (librewolf): Run 'fix-ffmpeg-runtime-linker after
'unpack.
Change-Id: Iadeb21b6f5d6543b3973a873fb80a4b6b7dfb3ad
|
|
New upstream release. Contains fixes for:
CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
137
* gnu/packages/librewolf.scm (librewolf): Update to 137.0.1-1.
Change-Id: I418fadabc2375fe85e6d71f0fba198ae5983159c
|
|
This reverts commit f664a9377deed2c9e644b53a0b497153c7e7a41f.
|
|
Contains fixes for:
CVE-2025-3028: Use-after-free triggered by XSLTProcessor
CVE-2025-3031: JIT optimization bug with different stack slot sizes
CVE-2025-3032: Leaking file descriptors from the fork server
CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters
CVE-2025-3035: Tab title disclosure across pages when using AI chatbot
CVE-2025-3033: Opening local .url files could lead to another file
being opened
CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird
137, Firefox ESR 128.9, and Thunderbird 128.9
CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird
137
* gnu/packages/librewolf.scm (librewolf): Update to 137.0-1.
Change-Id: I23d8cbefc242e57c19b4e98660fd22bd1dda8d6a
|
|
Contains a fix for:
CVE-2025-2857: Incorrect handle could lead to sandbox escapes
* gnu/packages/librewolf.scm (librewolf): Update to 136.0.4-1.
Change-Id: I9ff4b61c7dc26fe82b593b0a7eddfc2592b36542
|
|
* gnu/packages/librewolf.scm (librewolf): Update to 136.0.2-1.
Change-Id: Id836863f4e1a8d8005c3cfc214b9dd62d9797a8b
|
|
* gnu/packages/librewolf.scm (librewolf): Update to 136.0.1-1.
Change-Id: Iefe3511e0b6c3b5ab0c195c424917f56fff1aef6
|
|
* gnu/packages/librewolf.scm (librewolf): Shorten line length.
Change-Id: I27eea08401b16b56e29b61c5dc6f87f7517b87d4
|
|
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in
the Browser process
CVE-2025-1939: Tapjacking in Android Custom Tabs using transition
animations
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1940: Android Intent confirmation prompt tapjacking using
Select options
CVE-2024-9956: Passkey phishing within Bluetooth range
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1941: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase()
causes string to get longer
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed
the interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird
136, Firefox ESR 115.21, Firefox ESR 128.8, and
Thunderbird 128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird
136, Firefox ESR 128.8, and Thunderbird 128.8
CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird
136
* gnu/packages/librewolf.scm (librewolf): Update to 136.0-2.
Change-Id: Ia3b5777478fa8443471bd1e61898128cdeda4bcf
|
|
* gnu/packages/librewolf.scm (firefox-l10n): Update to 24e2602d2221646fbbe92e908bed0d605acd2e8a.
Change-Id: I32c4748b6d76c21cf1e4dadbb0859cb55fb9a2ef
|
|
Change-Id: I316652aff7418af4b8e83bea24638b1513f8aa97
|
|
* gnu/packages/librewolf.scm (librewolf)[arguments]<#:phases>:
Honor --cores build argument during the 'build phase.
Signed-off-by: Ian Eure <ian@retrospec.tv>
|
|
New upstream version. Contains fixes for:
CVE-2025-1009: Use-after-free in XSLT
CVE-2025-1010: Use-after-free in Custom Highlight
CVE-2025-1018: Fullscreen notification is not displayed when
fullscreen is re-requested
CVE-2025-1011: A bug in WebAssembly code generation could result in a
crash
CVE-2025-1012: Use-after-free during concurrent delazification
CVE-2025-1019: Fullscreen notification not properly displayed
CVE-2025-1013: Potential opening of private browsing tabs in normal
browsing windows
CVE-2025-1014: Certificate length was not properly checked
CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird
135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird
115.20, and Thunderbird 128.7
CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird
135, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird
135
* gnu/packages/librewolf.scm (librewolf): Update to 135.0-1.
Change-Id: I7054fc9df31d59bb0d42e02b1f359cf3e6c1a43d
|
|
Straightforward bugfix release.
* gnu/packages/librewolf.scm (librewolf): Update to 134.0.2-1.
Change-Id: I6a1f2df8c212dd4192489ca21585a1c031925c17
|
|
New upstream release. Some minor tweaks needed, like switching from gzip to
pigz, updating icu4c, and ensuring it builds with the correct Rust version.
CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
CVE-2025-0238: Use-after-free when breaking lines in text
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON
module
CVE-2025-0241: Memory corruption when using JavaScript Text
Segmentation
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird
134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird
115.19, and Thunderbird 128.6
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird
134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-0244: Address bar spoofing using an invalid protocol scheme
on Firefox for Android
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme
on Firefox for Android
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird
134
* gnu/packages/librewolf.scm (librewolf): Update to 134.0.1-1.
Change-Id: I027bf6f1541b0e7bec9116b2d6b39ab606813b23
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
* gnu/packages/librewolf.scm (librewolf): Tidy code formatting.
Change-Id: I0341da820f170c26888800ea433e539f2a6a2520
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
* gnu/packages/librewolf.scm (make-librewolf-source): Take l10n package as an
arg.
Change-Id: I3c405edc07edb54e27afee16325c93a83d37ad79
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
* gnu/packages/librewolf.scm (firefox-l10n): Update to d219efa7c64850dfb5904893e17a5431c7058192.
Change-Id: Ia4303f13a0cbf7c4908410b735b509a4a5f505cd
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
* gnu/packages/patches/librewolf-use-system-wide-dir.patch: New file.
* gnu/local.mk (dist_patch_DATA): Regisiter it.
* gnu/packages/librewolf.scm (make-librewolf-source)[patches]: Add it along with
torbrowser-compare-paths.patch.
(librewolf)[native-search-paths]: Add ICECAT_SYSTEM_DIR.
Change-Id: I8609d25a7e2725ad94ab257d720326639eb06778
|
|
The context behind this change is that Firefox used to ship a
taskcluster/docker/firefox-snap/firefox.desktop file which had an Exec
line like this:
Exec=@MOZ_APP_NAME@ %u
The Guix package would use that file, replacing the token with the path
to the binary. Reported in #74648.
* gnu/packages/librewolf.scm (librewolf): Add %u to Exec option to open
URLs.
Change-Id: I8cf5d3886eaf7805209cf12eae0cc875bef6d5dd
Reviewed-by: André Batista <nandre@riseup.net>
Reviewed-by: Ian Eure <ian@retrospec.tv>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
|
|
New upstream version. Fixes CVEs:
CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
on Android
CVE-2024-11692: Select list elements could be shown over another site
CVE-2024-11701: Misleading Address Bar State During Navigation
Interruption
CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
Mode on Android
CVE-2024-11693: Download Protections were bypassed by .library-ms
files on Windows
CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
Shims
CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
Whitespace Characters
CVE-2024-11703: Password access without authentication via PIN bypass
on Android
CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
CVE-2024-11697: Improper Keypress Handling in Executable File
Confirmation Dialog
CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
Decryption Handling
CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
Transition on macOS
CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
CVE-2024-11708: Data race with PlaybackParams
CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
128.5, and Thunderbird 128.5
* gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.
Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
Signed-off-by: Hilton Chain <hako@ultrarare.space>
|
|
* gnu/packages/librewolf.scm (librewolf): Update to 132.0.2-1.
Change-Id: Ica7e9c8c02085101060401d72b83fe25a19448d9
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
|
|
New upstream version. The 132.0-2-1 release switches to the firefox-l10n
repository, necessitating rework of locale handling.
131.0.3-1 fixes CVEs:
CVE-2024-9936: Undefined behavior in selection node cache
132.0-1 fixes CVEs:
CVE-2024-10458: Permission leak via embed or object elements
CVE-2024-10459: Use-after-free in layout with accessibility
CVE-2024-10460: Confusing display of origin for external protocol
handler prompt
CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
CVE-2024-10462: Origin of permission prompt could be spoofed by long
URL
CVE-2024-10463: Cross origin video frame leak
CVE-2024-10468: Race conditions in IndexedDB
CVE-2024-10464: History interface could have been used to cause a
Denial of Service condition in the browser
CVE-2024-10465: Clipboard "paste" button persisted across tabs
CVE-2024-10466: DOM push subscription message could hang Firefox
CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird
132, Firefox ESR 128.4, and Thunderbird 128.4
* gnu/packages/librewolf.scm (librewolf): Update to 132.0-1.
Change-Id: I4afbcb496a8b0a329254762259cd1598d574761e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Updates the package and changes how the .desktop file is generated. The
.desktop file the package had been using was removed upstream.
Fixes:
CVE-2024-9391: Prevent users from exiting full-screen mode in Firefox Focus
for Android
CVE-2024-9392: Compromised content process can bypass site isolation
CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
CVE-2024-9394: Cross-origin access to JSON contents through multipart
responses
CVE-2024-9395: Specially crafted filename could be used to obscure download
type
CVE-2024-9396: Potential memory corruption may occur when cloning certain
objects
CVE-2024-9397: Potential directory upload bypass via clickjacking
CVE-2024-9398: External protocol handlers could be enumerated via popups
CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of
service
CVE-2024-9400: Potential memory corruption during JIT compilation
CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
Thunderbird 131, and Thunderbird 128.3
CVE-2024-9403: Memory safety bugs fixed in Firefox 131 and Thunderbird 131
CVE-2024-9680: Use-after-free in Animation timeline
* gnu/packages/librewolf.scm (%librewolf-build-id): Update.
(librewolf): Update to 131.0.2-1.
[arguments]<#:phases>: Adjust 'install-desktop-entry for new .desktop file.
Change-Id: I03f8a405c454a5bc3c8a1fc9f94d0ec9b41e92ec
Modified-by: Hilton Chain <hako@ultrarare.space>
Signed-off-by: Hilton Chain <hako@ultrarare.space>
|
|
This patch partly reverts #73429, because that change makes livestreaming
video refuse to play.
* gnu/packages/librewolf.scm (librewolf) [source]: Remove
the librewolf-add-paths-to-rdd-allowlist patch.
[phases] <wrap-program>: Reinstate previous LD_LIBRARY_PATH wrapping.
* gnu/packages/patches/librewolf-add-paths-to-rdd-allowlist.patch: Delete
file.
* gnu/local.mk (dist_patch_DATA): De-register it.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Iaf36c64464cd078538fda677ea4fa7b13e7c110f
|
|
This patch fixes a reported bug where context (right-click) menus contain many
duplicate and incorrect entries.
* gnu/packages/librewolf.scm (librewolf)
[phases] <neuter-genai>: Reinstate the genai browser component.
Change-Id: I288545ce80b9a7e854edfc26a7ffe43433303458
|
|
This patch changes the `librewolf-source' variable into the
`make-librewolf-source' prodecure.
This procedure accepts a LibreWolf version, source hash, and Firefox source
hash. The Firefox source version is derived from the provided LibreWolf
version.
This eases package updates, since the hashes are inside the `librewolf'
package, rather than `librewolf-source'; and the version no longer needs to be
specified in three places.
It also removes a blank line between the file header and `define-module'.
* gnu/packages/librewolf.scm (librewolf-source): Turn into a procedure.
Change-Id: I96ab1304acde246c179e7aa5dad9ff621be3de82
Signed-off-by: Andrew Tropin <andrew@trop.in>
|
|
This patch:
- Updates LibreWolf to the latest version
- Removes the code which disabled encoding_rs.patch from upstream. It’s no
longer in the repo, so the code did nothing, and the underlying issue (Guix
being stuck with an old Rust version) has been fixed.
- Integrates changes from #72265 with some slight tweaks. This should allow
LibreWolf to use accelerated video decoding on supported hardware.
- Neuters the GenAI chat feature, which direcly integrates with non-free
services, by excluding it from the build and locking the preferences which
would enable it.
Fixes:
CVE-2024-8385: WASM type confusion involving ArrayTypes
CVE-2024-8381: Type confusion when looking up a property name in a "with" block
CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts
CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
CVE-2024-8383: Firefox did not ask before openings news: links in an external application
CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-8389: Memory safety bugs fixed in Firefox 130
* gnu/packages/librewolf.scm (librewolf): Update to 130.0.1-1.
Change-Id: I764e6e66c5bfdc14a87b7ea59c29780a1f16769a
Signed-off-by: Andrew Tropin <andrew@trop.in>
|
|
%default-gnu-modules.
Until now users would have to cargo cult or inspect the private
%default-modules variable of (guix build-systems gnu) to discover which
modules to include when extending the used modules via the #:modules argument.
The renaming was automated via the command:
$ git grep -l %gnu-build-system-modules
| xargs sed 's/%gnu-build-system-modules/%default-gnu-imported-modules/' -i
* guix/build-system/gnu.scm (%gnu-build-system-modules): Rename to...
(%default-gnu-imported-modules): ... this.
(%default-modules): Rename to...
(%default-gnu-modules): ... this. Export.
(dist-package, gnu-build, gnu-cross-build): Adjust accordingly.
Change-Id: Idef307fff13cb76f3182d782b26e1cd3a5c757ee
|
|
* gnu/packages/librewolf.scm (librewolf): Update to 129.0.1-1.
Change-Id: Iefeff2ea7016e8d55313b55dd97179f80bcead1b
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
|
