[bug#70618] [PATCH 0/3] Update LibreWolf to 125.0.2-1

[bug#70618] [PATCH 0/3] Update LibreWolf to 125.0.2-1

[Ian Eure]

New upstream release.  A few things to note:

- nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
- Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report.  Switching to clang/LLVM 18 resolved the issue.

LibreWolf 125.0.2-1 resolves:

CVE-2024-3852 (high)
CVE-2024-3853 (high)
CVE-2024-3854 (high)
CVE-2024-3855 (high)
CVE-2024-3856 (high)
CVE-2024-3857 (high)
CVE-2024-3858 (high)
CVE-2024-3859 (moderate)
CVE-2024-3860 (moderate)
CVE-2024-3861 (moderate)
CVE-2024-3862 (moderate)
CVE-2024-3302 (low)
CVE-2024-3864 (high)
CVE-2024-3865 (high)

Ian Eure (3):
  gnu: nss/fixed: Update to 3.99.
  gnu: nss-certs: Update to 3.99.
  gnu: librewolf: Update to 125.0.2-1.

 gnu/packages/certs.scm     |  6 +++---
 gnu/packages/librewolf.scm | 15 ++++++++-------
 gnu/packages/nss.scm       |  4 ++--
 3 files changed, 13 insertions(+), 12 deletions(-)


base-commit: 8d29f416a9378d30f63c2a95f1bd1a420d9ccab4
-- 
2.41.0

[bug#70621] [PATCH 1/3] gnu: nss/fixed: Update to 3.99.

[Ian Eure]

* gnu/packages/nss.scm (nss/fixed): Update to 3.99.

Change-Id: I5a2b461c0a13212a45c81304f0ea2c2f4bb777c1
---
 gnu/packages/nss.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 8f6ed06e63..162e748094 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -250,7 +250,7 @@ (define-public nss
     (license license:mpl2.0)))
 
 (define-public nss/fixed
-  (let ((actual-version "3.98"))
+  (let ((actual-version "3.99"))
     (hidden-package
      (package
        (inherit nss)
@@ -265,7 +265,7 @@ (define-public nss/fixed
                          "nss-" actual-version ".tar.gz")))
                  (sha256
                   (base32
-                   "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))
+                   "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))
        (arguments
         (substitute-keyword-arguments (package-arguments nss)
           ((#:phases phases)
-- 
2.41.0

[bug#70619] [PATCH 2/3] gnu: nss-certs: Update to 3.99.

[Ian Eure]

* gnu/packages/certs.scm (nss-certs): Update to 3.99.

Change-Id: I588bc385022df486e596cd6fc5a7363df919b80b
---
 gnu/packages/certs.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..00c6a93b92 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -188,10 +188,10 @@ (define-public nss-certs
     (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (license license:mpl2.0)))
 
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
   (package
     (inherit nss-certs)
-    (version "3.98")
+    (version "3.99")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -202,7 +202,7 @@ (define-public nss-certs-3.98
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+                "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))))))
 
 (define-public le-certs
   (package
-- 
2.41.0

[bug#70620] [PATCH 3/3] gnu: librewolf: Update to 125.0.2-1.

[Ian Eure]

* gnu/packages/librewolf.scm (librewolf): Update to 125.0.2-1.  Build with
LLVM/Clang 18; LLVM 13 (the default) segfaults on build.  Minor style tweaks.

Change-Id: Ib515f1596b3ce2dd192baebf1a877b3c2dc8d7e2
---
 gnu/packages/librewolf.scm | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 1717bad0b5..fa83857c96 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -93,17 +93,17 @@ (define-module (gnu packages librewolf)
 ;; upstream.  See the file taskcluster/ci/toolchain/rust.yml at
 ;; https://searchfox.org under the particular firefox release, like
 ;; mozilla-esr102.
-(define rust-librewolf rust) ; 1.60 is the default in Guix, 1.65 is the minimum.
+(define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
 
 ;; Update this id with every update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
 ;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20240326080003")
+(define %librewolf-build-id "20240427150329")
 
 (define-public librewolf
   (package
     (name "librewolf")
-    (version "124.0.1-1")
+    (version "125.0.2-1")
     (source
      (origin
        (method url-fetch)
@@ -115,7 +115,7 @@ (define-public librewolf
                            version
                            ".source.tar.gz"))
        (sha256
-        (base32 "1sks49nywzhvq5mik4ipm3vyyxv49s9hq6bfyk5d9r6f0nlydllf"))))
+        (base32 "09qzdaq9l01in9h4q14vyinjvvffycha2iyjqj5p4dd5jh6q5zma"))))
     (build-system gnu-build-system)
     (arguments
      (list
@@ -227,7 +227,8 @@ (define-public librewolf
                                                        "\""))))
                                    (find-files "." "Cargo\\.lock$"))
                          (for-each generate-all-checksums
-                                   '("build" "dom/media"
+                                   '("build"
+                                     "dom/media"
                                      "dom/webauthn"
                                      "gfx"
                                      "intl"
@@ -597,8 +598,8 @@ (define-public librewolf
     (native-inputs (list alsa-lib
                          autoconf-2.13
                          `(,rust-librewolf "cargo")
-                         clang
-                         llvm
+                         clang-18
+                         llvm-18
                          m4
                          nasm
                          node-lts
-- 
2.41.0

[bug#70620] Acknowledgement ([PATCH 3/3] gnu: librewolf: Update to 125.0.2-1.)

[Ian Eure]

close 70621
close 70620
close 70619
thanks

help-debbugs@gnu.org (GNU bug Tracking System) writes:

> Thank you for filing a new bug report with debbugs.gnu.org.
>
> This is an automatically generated reply to let you know your 
> message
> has been received.
>
> Your message is being forwarded to the package maintainers and 
> other
> interested parties for their attention; they will reply in due 
> course.
>
> Your message has been sent to the package maintainer(s):
>  guix-patches@gnu.org
>
> If you wish to submit further information on this problem, 
> please
> send it to 70620@debbugs.gnu.org.
>
> Please do not send mail to help-debbugs@gnu.org unless you wish
> to report a problem with the Bug-tracking system.
>

bug#70618: [PATCH 0/3] Update LibreWolf to 125.0.2-1

[Maxim Cournoyer]

Hi,

Ian Eure <ian@retrospec.tv> writes:

> New upstream release.  A few things to note:
>
> - nss / nss-certs needs a bump from 3.98->3.99, as this is what LibreWolf wants in order to build.
> - Clang 13.x (the Guix default) segfaulted when building LibreWolf and suggested that I file a bug report.  Switching to clang/LLVM 18 resolved the issue.
>
> LibreWolf 125.0.2-1 resolves:
>
> CVE-2024-3852 (high)
> CVE-2024-3853 (high)
> CVE-2024-3854 (high)
> CVE-2024-3855 (high)
> CVE-2024-3856 (high)
> CVE-2024-3857 (high)
> CVE-2024-3858 (high)
> CVE-2024-3859 (moderate)
> CVE-2024-3860 (moderate)
> CVE-2024-3861 (moderate)
> CVE-2024-3862 (moderate)
> CVE-2024-3302 (low)
> CVE-2024-3864 (high)
> CVE-2024-3865 (high)
>
> Ian Eure (3):
>   gnu: nss/fixed: Update to 3.99.
>   gnu: nss-certs: Update to 3.99.
>   gnu: librewolf: Update to 125.0.2-1.

Applied, thank you!

-- 
Thanks,
Maxim