unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#67512] [PATCH v7 0/3] Add LibreWolf
       [not found]   ` <87jzl27ml2.fsf@trop.in>
@ 2024-04-27 10:46     ` Clément Lassieur
  2024-04-27 17:19       ` bug#67512: " Ian Eure
  0 siblings, 1 reply; 4+ messages in thread
From: Clément Lassieur @ 2024-04-27 10:46 UTC (permalink / raw)
  To: 67512; +Cc: guix-devel, Mark H Weaver, ian, guix-security, andrew

On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:

> On 2024-04-06 08:04, Ian Eure wrote:
>
>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid rebuilding thousands of packages.
>>
>> Rebases.
>>
>> Ian Eure (3):
>>   gnu: Add nss-3.98.
>>   gnu: Add nss-certs-3.98.
>>   gnu: Add librewolf.
>>
>>  gnu/packages/certs.scm     |  16 +
>>  gnu/packages/librewolf.scm | 621 +++++++++++++++++++++++++++++++++++++
>>  gnu/packages/nss.scm       |  45 +++
>>  3 files changed, 682 insertions(+)
>>  create mode 100644 gnu/packages/librewolf.scm
>>
>>
>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>
> Hi Ian,
>
> tested those patches, didn't notice any issues.
>
> Added pipewire to LD_LIBRARY_PATH to make screensharing on wayland to
> work.
>
> Added librewolf.scm to gnu/local.mk.
>
> Pushed as
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>
> Thank you very much for you work!

Thank you Andrew for reviewing.

Now that this is pushed, is there anyone maintaining this "librewolf"
package?  This is serious work, with security updates quite often.

Right now the package is subject to

CVE-2024-3852 (high)
CVE-2024-3853 (high)
CVE-2024-3854 (high)
CVE-2024-3855 (high)
CVE-2024-3856 (high)
CVE-2024-3857 (high)
CVE-2024-3858 (high)
CVE-2024-3859 (moderate)
CVE-2024-3860 (moderate)
CVE-2024-3861 (moderate)
CVE-2024-3862 (moderate)
CVE-2024-3302 (low)
CVE-2024-3864 (high)
CVE-2024-3865 (high)

Thanks,
Clément




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: bug#67512: [PATCH v7 0/3] Add LibreWolf
  2024-04-27 10:46     ` [bug#67512] [PATCH v7 0/3] Add LibreWolf Clément Lassieur
@ 2024-04-27 17:19       ` Ian Eure
  2024-04-27 18:21         ` [bug#67512] " Ian Eure
  0 siblings, 1 reply; 4+ messages in thread
From: Ian Eure @ 2024-04-27 17:19 UTC (permalink / raw)
  To: Clément Lassieur
  Cc: 67512, andrew, guix-devel, Mark H Weaver, guix-security


Clément Lassieur <clement@lassieur.org> writes:

> On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:
>
>> On 2024-04-06 08:04, Ian Eure wrote:
>>
>>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid 
>>> rebuilding thousands of packages.
>>>
>>> Rebases.
>>>
>>> Ian Eure (3):
>>>   gnu: Add nss-3.98.
>>>   gnu: Add nss-certs-3.98.
>>>   gnu: Add librewolf.
>>>
>>>  gnu/packages/certs.scm     |  16 +
>>>  gnu/packages/librewolf.scm | 621 
>>>  +++++++++++++++++++++++++++++++++++++
>>>  gnu/packages/nss.scm       |  45 +++
>>>  3 files changed, 682 insertions(+)
>>>  create mode 100644 gnu/packages/librewolf.scm
>>>
>>>
>>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>>
>> Hi Ian,
>>
>> tested those patches, didn't notice any issues.
>>
>> Added pipewire to LD_LIBRARY_PATH to make screensharing on 
>> wayland to
>> work.
>>
>> Added librewolf.scm to gnu/local.mk.
>>
>> Pushed as
>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>>
>> Thank you very much for you work!
>
> Thank you Andrew for reviewing.
>
> Now that this is pushed, is there anyone maintaining this 
> "librewolf"
> package?  This is serious work, with security updates quite 
> often.
>

Hi Clement,

I’m planning to continue sending patches for updates and the like. 
Getting a working updater is close to the top of my list.


> Right now the package is subject to
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>

The version in Guix is the latest available.  I’ll send in a patch 
when the next release happens; I’m waiting on upstream for that.

Thanks,

  — Ian


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [bug#67512] [PATCH v7 0/3] Add LibreWolf
  2024-04-27 17:19       ` bug#67512: " Ian Eure
@ 2024-04-27 18:21         ` Ian Eure
  2024-04-28  8:59           ` Clément Lassieur
  0 siblings, 1 reply; 4+ messages in thread
From: Ian Eure @ 2024-04-27 18:21 UTC (permalink / raw)
  To: Clément Lassieur
  Cc: 67512, guix-devel, guix-security, Mark H Weaver, andrew

Ian Eure <ian@retrospec.tv> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Fri, Apr 12 2024, Andrew Tropin via Guix-patches via wrote:
>>
>>> On 2024-04-06 08:04, Ian Eure wrote:
>>>
>>>> Moves nss update to nss-3.98 / nss-certs-3.98 to avoid 
>>>> rebuilding
>>>> thousands of packages.
>>>>
>>>> Rebases.
>>>>
>>>> Ian Eure (3):
>>>>   gnu: Add nss-3.98.
>>>>   gnu: Add nss-certs-3.98.
>>>>   gnu: Add librewolf.
>>>>
>>>>  gnu/packages/certs.scm     |  16 +
>>>>  gnu/packages/librewolf.scm | 621
>>>> +++++++++++++++++++++++++++++++++++++
>>>>  gnu/packages/nss.scm       |  45 +++
>>>>  3 files changed, 682 insertions(+)
>>>>  create mode 100644 gnu/packages/librewolf.scm
>>>>
>>>>
>>>> base-commit: ade6845da6cec99f3bca46faac9b2bad6877817e
>>>
>>> Hi Ian,
>>>
>>> tested those patches, didn't notice any issues.
>>>
>>> Added pipewire to LD_LIBRARY_PATH to make screensharing on 
>>> wayland
>>> to
>>> work.
>>>
>>> Added librewolf.scm to gnu/local.mk.
>>>
>>> Pushed as
>>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3dc26b4eae
>>>
>>> Thank you very much for you work!
>>
>> Thank you Andrew for reviewing.
>>
>> Now that this is pushed, is there anyone maintaining this
>> "librewolf"
>> package?  This is serious work, with security updates quite 
>> often.
>>
>
> Hi Clement,
>
> I’m planning to continue sending patches for updates and the
> like. Getting a working updater is close to the top of my list.
>
>
>> Right now the package is subject to
>>
>> CVE-2024-3852 (high)
>> CVE-2024-3853 (high)
>> CVE-2024-3854 (high)
>> CVE-2024-3855 (high)
>> CVE-2024-3856 (high)
>> CVE-2024-3857 (high)
>> CVE-2024-3858 (high)
>> CVE-2024-3859 (moderate)
>> CVE-2024-3860 (moderate)
>> CVE-2024-3861 (moderate)
>> CVE-2024-3862 (moderate)
>> CVE-2024-3302 (low)
>> CVE-2024-3864 (high)
>> CVE-2024-3865 (high)
>>
>
> The version in Guix is the latest available.  I’ll send in a 
> patch
> when the next release happens; I’m waiting on upstream for that.
>

Okay, I see that I’m incorrect about this -- LibreWolf is moving 
onto Codeberg, but I was looking at their GitLab project, which 
doesn’t have the recent releases.  I’ll get this updated.

Thanks,

  — Ian




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [bug#67512] [PATCH v7 0/3] Add LibreWolf
  2024-04-27 18:21         ` [bug#67512] " Ian Eure
@ 2024-04-28  8:59           ` Clément Lassieur
  0 siblings, 0 replies; 4+ messages in thread
From: Clément Lassieur @ 2024-04-28  8:59 UTC (permalink / raw)
  To: Ian Eure; +Cc: 67512, guix-devel, guix-security, Mark H Weaver, andrew

On Sat, Apr 27 2024, Ian Eure wrote:

>> The version in Guix is the latest available.  I’ll send in a patch
>> when the next release happens; I’m waiting on upstream for that.
>>
>
> Okay, I see that I’m incorrect about this -- LibreWolf is moving onto
> Codeberg, but I was looking at their GitLab project, which doesn’t have the
> recent releases.  I’ll get this updated.

Great, thank you Ian!


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-04-28  9:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1701186634.git.ian@retrospec.tv>
     [not found] ` <cover.1712415593.git.ian@retrospec.tv>
     [not found]   ` <87jzl27ml2.fsf@trop.in>
2024-04-27 10:46     ` [bug#67512] [PATCH v7 0/3] Add LibreWolf Clément Lassieur
2024-04-27 17:19       ` bug#67512: " Ian Eure
2024-04-27 18:21         ` [bug#67512] " Ian Eure
2024-04-28  8:59           ` Clément Lassieur

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).