[bug#74628] [PATCH 0/2] gnu: librewolf: Update to 133.0-1 [security fixes].

[bug#74628] [PATCH 0/2] gnu: librewolf: Update to 133.0-1 [security fixes].

[Ian Eure]

Straightforward update, only requires an nss-rapid version bump.

Ian Eure (2):
  gnu: nss-rapid: Update to 3.107.
  gnu: librewolf: Update to 133.0-1 [security fixes].

 gnu/packages/librewolf.scm | 8 ++++----
 gnu/packages/nss.scm       | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

-- 
2.46.0

[bug#74628] [PATCH 1/2] gnu: nss-rapid: Update to 3.107.

[Ian Eure]

* gnu/packages/nss.scm (nss-rapid): Update to 3.107.

Change-Id: I05c6e9c6633ed222d26b76ae5def35179f31f317
---
 gnu/packages/nss.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 86b3743656..aaa9848501 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -333,7 +333,7 @@ (define-public nss-rapid
   (package
    (inherit nss)
    (name "nss-rapid")
-   (version "3.105")
+   (version "3.107")
    (source (origin
              (inherit (package-source nss))
              (uri (let ((version-with-underscores
@@ -344,7 +344,7 @@ (define-public nss-rapid
                      "nss-" version ".tar.gz")))
              (sha256
               (base32
-               "06an746lrnmp7mnr866cjxngkrw8c5ngdykw425q4p6ai264r3lf"))))
+               "0ab7kpyg54aha86aw0ak70ckmfj1ih7d9x8mlrqhf59q7r3rczkz"))))
    (arguments
     (substitute-keyword-arguments (package-arguments nss)
       ((#:phases phases)
@@ -376,7 +376,7 @@ (define-public nss-rapid
                      ;; leading to test failures:
                      ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
                      ;; work around that, set the time to roughly the release date.
-                     (invoke "faketime" "2024-09-2" "./nss/tests/all.sh"))
+                     (invoke "faketime" "2024-11-29" "./nss/tests/all.sh"))
                    (format #t "test suite not run~%"))))))))
    (synopsis "Network Security Services (Rapid Release)")
    (description
-- 
2.46.0

[bug#74628] [PATCH 2/2] gnu: librewolf: Update to 133.0-1 [security fixes].

[Ian Eure]

New upstream version.  Fixes CVEs:

CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation
                on Android
CVE-2024-11692: Select list elements could be shown over another site
CVE-2024-11701: Misleading Address Bar State During Navigation
                Interruption
CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing
                Mode on Android
CVE-2024-11693: Download Protections were bypassed by .library-ms
                files on Windows
CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility
                Shims
CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
                Whitespace Characters
CVE-2024-11703: Password access without authentication via PIN bypass
                on Android
CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
CVE-2024-11697: Improper Keypress Handling in Executable File
                Confirmation Dialog
CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7
                Decryption Handling
CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts
                Transition on macOS
CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
CVE-2024-11708: Data race with PlaybackParams
CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR
                128.5, and Thunderbird 128.5

* gnu/packages/librewolf.scm (librewolf): Update to 133.0-1.

Change-Id: I611505daf4d4f0940405190471f443d99102c2b9
---
 gnu/packages/librewolf.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index ad387b1cac..5d432cfad8 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -199,17 +199,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20241119164012")
+(define %librewolf-build-id "20241130102406")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "132.0.2-1")
+    (version "133.0-1")
     (source
      (make-librewolf-source
       #:version version
-      #:firefox-hash "1s8h4sf78i5ybzv5pvdpx09fb04gdly7pzgivh8kzqdlyij1g7ij"
-      #:librewolf-hash "0qyi0w92vj5yqljrkzcif2jiz3ispyglg4awywyiqd874i0p8c7c"))
+      #:firefox-hash "0q6cqfnwc2x09frdvsndmhck8ixrnbl281j9rqw5w8bd7fd2qas9"
+      #:librewolf-hash "1xf7gx3xm3c7dhch9gwpb0xp11lcyim1nrbm8sjljxdcs7iq9jy4"))
     (build-system gnu-build-system)
     (arguments
      (list
-- 
2.46.0

[bug#74628] [PATCH 0/2] gnu: librewolf: Update to 133.0-1 [security fixes].

[Rodion Goritskov]

Hi!

Patches apply successfully, both nss-rapid and librewolf build fine on
x86_64.

Librewolf starts and opens a couple of sites.

LGTM.