* [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
@ 2024-09-22 20:51 Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
` (3 more replies)
0 siblings, 4 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-22 20:51 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
Updates both packages to the current versions. Also, removes some unneeded code, fixes hardware video acceleration, and lightly refactors how source tarballs are built. Please see the individual patches for more info.
Ian Eure (3):
gnu: nss-rapid: Update to 3.104.
gnu: librewolf: Update to 130.0.1-1. [security fixes]
gnu: librewolf-source: Turn into a procedure.
gnu/packages/librewolf.scm | 62 +++++++++++++++++++++-----------------
gnu/packages/nss.scm | 4 +--
2 files changed, 36 insertions(+), 30 deletions(-)
--
2.46.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104.
2024-09-22 20:51 [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
@ 2024-09-22 20:53 ` Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
` (2 subsequent siblings)
3 siblings, 2 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-22 20:53 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
* gnu/packages/nss.scm (nss-rapid): Update to 3.104.
Change-Id: I97545e2d106bc7e9694ee11bd76371fa170cc42e
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 6c60e9fbae..b058df0175 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -333,7 +333,7 @@ (define-public nss-rapid
(package
(inherit nss)
(name "nss-rapid")
- (version "3.103")
+ (version "3.104")
(source (origin
(inherit (package-source nss))
(uri (let ((version-with-underscores
@@ -344,7 +344,7 @@ (define-public nss-rapid
"nss-" version ".tar.gz")))
(sha256
(base32
- "0qp9rs226rr6gh51b42cdbydr4mj80cli3bfqhh7bp3jyxbvcjkv"))))
+ "13mca2y92sm05kxb40qvlkq8l93ghmrhh0s3iawpc7idc8ik4xp2"))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes]
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
@ 2024-09-22 20:53 ` Ian Eure
2024-09-24 8:17 ` Andrew Tropin via Guix-patches via
2024-09-22 20:53 ` [bug#73429] [PATCH 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
1 sibling, 1 reply; 14+ messages in thread
From: Ian Eure @ 2024-09-22 20:53 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
This patch:
- Updates LibreWolf to the latest version
- Removes the code which disabled encoding_rs.patch from upstream. It’s no
longer in the repo, so the code did nothing, and the underlying issue (Guix
being stuck with an old Rust version) has been fixed.
- Integrates changes from #72265 with some slight tweaks. This should allow
LibreWolf to use accelerated video decoding on supported hardware.
- Neuters the GenAI chat feature, which direcly integrates with non-free
services, by excluding it from the build and locking the preferences which
would enable it.
Fixes:
CVE-2024-8385: WASM type confusion involving ArrayTypes
CVE-2024-8381: Type confusion when looking up a property name in a "with" block
CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts
CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
CVE-2024-8383: Firefox did not ask before openings news: links in an external application
CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-8389: Memory safety bugs fixed in Firefox 130
* gnu/packages/librewolf.scm (librewolf): Update to 130.0.1-1.
Change-Id: I764e6e66c5bfdc14a87b7ea59c29780a1f16769a
---
gnu/packages/librewolf.scm | 55 ++++++++++++++++++++------------------
1 file changed, 29 insertions(+), 26 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 21f73f799d..bade479656 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -117,9 +117,11 @@ (define (librewolf-source-origin version hash)
(define computed-origin-method (@@ (guix packages) computed-origin-method))
(define librewolf-source
- (let* ((ff-src (firefox-source-origin "129.0.1" "0wy0fn0pavlhlkdybr59hhbn5ng0zn56mxa7gsknf8f2whiyipwx"))
- (version "129.0.1-1")
- (lw-src (librewolf-source-origin version "0pvv3v23q31hdjvqi1f3cqfyjrb8dbrrbfwxj2wacak1g0mzbxf4")))
+ (let* ((ff-src (firefox-source-origin "130.0"
+ "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))
+ (lw-src (librewolf-source-origin
+ "130.0.1-1"
+ "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))
(origin
(method computed-origin-method)
@@ -164,11 +166,6 @@ (define librewolf-source
(("^ff_source_tarball:=.*")
(string-append "ff_source_tarball:=" #+ff-src)))
- ;; Remove encoding_rs patch, it doesn't build with Rust 1.75.
- (substitute* '("assets/patches.txt")
- (("patches/encoding_rs.patch\\\n$")
- ""))
-
;; Stage locales.
(begin
(format #t "Staging locales...~%")
@@ -215,13 +212,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20240817075827")
+(define %librewolf-build-id "20240922110507")
(define-public librewolf
(package
(name "librewolf")
- (version "129.0.1-1")
- (source librewolf-source)
+ (version "130.0.1-1")
+ (source
+ (origin
+ (inherit librewolf-source)
+ (patches
+ (search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
(build-system gnu-build-system)
(arguments
(list
@@ -318,6 +319,22 @@ (define (write-setting key value)
(substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
(("libavcodec\\.so")
libavcodec)))))
+ (add-after 'unpack 'neuter-genai
+ (lambda* _
+ ;; Don't compile the code in.
+ (substitute* "browser/components/moz.build"
+ (("\"genai\",") ""))
+ ;; Lock the preferences so they can't be enabled.
+ (substitute* "lw/librewolf.cfg"
+ (("defaultPref\\(\"browser\\.ml\\.")
+ "lockPref(\"browser.ml."))
+ ;; Correct a preference typo
+ ;; see https://codeberg.org/librewolf/issues/issues/1919#issuecomment-2325954
+ ;; Remove this in the next update.
+ (substitute* "lw/librewolf.cfg"
+ (("browser\\.ml\\.enabled")
+ "browser.ml.enable"))
+ ))
(add-after 'patch-source-shebangs 'patch-cargo-checksums
(lambda _
(use-modules (guix build cargo-utils))
@@ -575,26 +592,12 @@ (define (runpaths-of-input label)
;; For U2F and WebAuthn
"eudev")))
- ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
- ;; and must be explicitly given access to files it needs.
- ;; Rather than adding the whole store (as Nix had
- ;; upstream do, see
- ;; <https://github.com/NixOS/nixpkgs/pull/165964> and
- ;; linked upstream patches), we can just follow the
- ;; runpaths of the needed libraries to add everything to
- ;; LD_LIBRARY_PATH. These will then be accessible in the
- ;; RDD sandbox.
- (rdd-whitelist (map (cut string-append <> "/")
- (delete-duplicates (append-map
- runpaths-of-input
- '("mesa"
- "ffmpeg")))))
(gtk-share (string-append (assoc-ref inputs
"gtk+")
"/share")))
(wrap-program (car (find-files lib "^librewolf$"))
`("LD_LIBRARY_PATH" prefix
- (,@libs ,@rdd-whitelist))
+ ,libs)
`("XDG_DATA_DIRS" prefix
(,gtk-share))
`("MOZ_LEGACY_PROFILES" =
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH 3/3] gnu: librewolf-source: Turn into a procedure.
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
@ 2024-09-22 20:53 ` Ian Eure
1 sibling, 0 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-22 20:53 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
This patch changes the `librewolf-source' variable into the
`make-librewolf-source' prodecure.
This procedure accepts a LibreWolf version, source hash, and Firefox source
hash. The Firefox source version is derived from the provided LibreWolf
version.
This eases package updates, since the hashes are inside the `librewolf'
package, rather than `librewolf-source'; and the version no longer needs to be
specified in three places.
It also removes a blank line between the file header and `define-module'.
* gnu/packages/librewolf.scm (librewolf-source): Turn into a procedure.
Change-Id: I96ab1304acde246c179e7aa5dad9ff621be3de82
---
gnu/packages/librewolf.scm | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index bade479656..dd741d22bc 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -40,7 +40,6 @@
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-
(define-module (gnu packages librewolf)
#:use-module ((srfi srfi-1) #:hide (zip))
#:use-module (guix build-system gnu)
@@ -116,12 +115,13 @@ (define (librewolf-source-origin version hash)
(define computed-origin-method (@@ (guix packages) computed-origin-method))
-(define librewolf-source
- (let* ((ff-src (firefox-source-origin "130.0"
- "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))
+(define* (make-librewolf-source #:version #:firefox-hash #:librewolf-hash)
+ (let* ((ff-src (firefox-source-origin
+ (car (string-split version #\-))
+ firefox-hash))
(lw-src (librewolf-source-origin
- "130.0.1-1"
- "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))
+ version
+ librewolf-hash)))
(origin
(method computed-origin-method)
@@ -220,7 +220,10 @@ (define-public librewolf
(version "130.0.1-1")
(source
(origin
- (inherit librewolf-source)
+ (inherit (make-librewolf-source
+ #:version version
+ #:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"
+ #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd"))
(patches
(search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
(build-system gnu-build-system)
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
2024-09-22 20:51 [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
@ 2024-09-23 14:47 ` Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
` (3 more replies)
2024-09-27 3:46 ` [bug#73429] closed (Re: [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]) John Kehayias via Guix-patches via
2024-09-27 15:52 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] not emma via Guix-patches via
3 siblings, 4 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-23 14:47 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
v2 corrects a bug with make-librewolf-source which I should have caught.
Ian Eure (3):
gnu: nss-rapid: Update to 3.104.
gnu: librewolf: Update to 130.0.1-1. [security fixes]
gnu: librewolf-source: Turn into a procedure.
gnu/packages/librewolf.scm | 62 +++++++++++++++++++++-----------------
gnu/packages/nss.scm | 4 +--
2 files changed, 36 insertions(+), 30 deletions(-)
--
2.46.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 1/3] gnu: nss-rapid: Update to 3.104.
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
@ 2024-09-23 14:47 ` Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
` (2 subsequent siblings)
3 siblings, 0 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-23 14:47 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
* gnu/packages/nss.scm (nss-rapid): Update to 3.104.
Change-Id: I97545e2d106bc7e9694ee11bd76371fa170cc42e
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 6c60e9fbae..b058df0175 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -333,7 +333,7 @@ (define-public nss-rapid
(package
(inherit nss)
(name "nss-rapid")
- (version "3.103")
+ (version "3.104")
(source (origin
(inherit (package-source nss))
(uri (let ((version-with-underscores
@@ -344,7 +344,7 @@ (define-public nss-rapid
"nss-" version ".tar.gz")))
(sha256
(base32
- "0qp9rs226rr6gh51b42cdbydr4mj80cli3bfqhh7bp3jyxbvcjkv"))))
+ "13mca2y92sm05kxb40qvlkq8l93ghmrhh0s3iawpc7idc8ik4xp2"))))
(arguments
(substitute-keyword-arguments (package-arguments nss)
((#:phases phases)
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes]
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
@ 2024-09-23 14:47 ` Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
2024-09-24 7:11 ` bug#73429: [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Andrew Tropin via Guix-patches via
3 siblings, 0 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-23 14:47 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
This patch:
- Updates LibreWolf to the latest version
- Removes the code which disabled encoding_rs.patch from upstream. It’s no
longer in the repo, so the code did nothing, and the underlying issue (Guix
being stuck with an old Rust version) has been fixed.
- Integrates changes from #72265 with some slight tweaks. This should allow
LibreWolf to use accelerated video decoding on supported hardware.
- Neuters the GenAI chat feature, which direcly integrates with non-free
services, by excluding it from the build and locking the preferences which
would enable it.
Fixes:
CVE-2024-8385: WASM type confusion involving ArrayTypes
CVE-2024-8381: Type confusion when looking up a property name in a "with" block
CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts
CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
CVE-2024-8383: Firefox did not ask before openings news: links in an external application
CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-8389: Memory safety bugs fixed in Firefox 130
* gnu/packages/librewolf.scm (librewolf): Update to 130.0.1-1.
Change-Id: I764e6e66c5bfdc14a87b7ea59c29780a1f16769a
---
gnu/packages/librewolf.scm | 55 ++++++++++++++++++++------------------
1 file changed, 29 insertions(+), 26 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index 21f73f799d..bade479656 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -117,9 +117,11 @@ (define (librewolf-source-origin version hash)
(define computed-origin-method (@@ (guix packages) computed-origin-method))
(define librewolf-source
- (let* ((ff-src (firefox-source-origin "129.0.1" "0wy0fn0pavlhlkdybr59hhbn5ng0zn56mxa7gsknf8f2whiyipwx"))
- (version "129.0.1-1")
- (lw-src (librewolf-source-origin version "0pvv3v23q31hdjvqi1f3cqfyjrb8dbrrbfwxj2wacak1g0mzbxf4")))
+ (let* ((ff-src (firefox-source-origin "130.0"
+ "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))
+ (lw-src (librewolf-source-origin
+ "130.0.1-1"
+ "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))
(origin
(method computed-origin-method)
@@ -164,11 +166,6 @@ (define librewolf-source
(("^ff_source_tarball:=.*")
(string-append "ff_source_tarball:=" #+ff-src)))
- ;; Remove encoding_rs patch, it doesn't build with Rust 1.75.
- (substitute* '("assets/patches.txt")
- (("patches/encoding_rs.patch\\\n$")
- ""))
-
;; Stage locales.
(begin
(format #t "Staging locales...~%")
@@ -215,13 +212,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
;; Update this id with every update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs.
;; ex: date '+%Y%m%d%H%M%S'
-(define %librewolf-build-id "20240817075827")
+(define %librewolf-build-id "20240922110507")
(define-public librewolf
(package
(name "librewolf")
- (version "129.0.1-1")
- (source librewolf-source)
+ (version "130.0.1-1")
+ (source
+ (origin
+ (inherit librewolf-source)
+ (patches
+ (search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
(build-system gnu-build-system)
(arguments
(list
@@ -318,6 +319,22 @@ (define (write-setting key value)
(substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
(("libavcodec\\.so")
libavcodec)))))
+ (add-after 'unpack 'neuter-genai
+ (lambda* _
+ ;; Don't compile the code in.
+ (substitute* "browser/components/moz.build"
+ (("\"genai\",") ""))
+ ;; Lock the preferences so they can't be enabled.
+ (substitute* "lw/librewolf.cfg"
+ (("defaultPref\\(\"browser\\.ml\\.")
+ "lockPref(\"browser.ml."))
+ ;; Correct a preference typo
+ ;; see https://codeberg.org/librewolf/issues/issues/1919#issuecomment-2325954
+ ;; Remove this in the next update.
+ (substitute* "lw/librewolf.cfg"
+ (("browser\\.ml\\.enabled")
+ "browser.ml.enable"))
+ ))
(add-after 'patch-source-shebangs 'patch-cargo-checksums
(lambda _
(use-modules (guix build cargo-utils))
@@ -575,26 +592,12 @@ (define (runpaths-of-input label)
;; For U2F and WebAuthn
"eudev")))
- ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
- ;; and must be explicitly given access to files it needs.
- ;; Rather than adding the whole store (as Nix had
- ;; upstream do, see
- ;; <https://github.com/NixOS/nixpkgs/pull/165964> and
- ;; linked upstream patches), we can just follow the
- ;; runpaths of the needed libraries to add everything to
- ;; LD_LIBRARY_PATH. These will then be accessible in the
- ;; RDD sandbox.
- (rdd-whitelist (map (cut string-append <> "/")
- (delete-duplicates (append-map
- runpaths-of-input
- '("mesa"
- "ffmpeg")))))
(gtk-share (string-append (assoc-ref inputs
"gtk+")
"/share")))
(wrap-program (car (find-files lib "^librewolf$"))
`("LD_LIBRARY_PATH" prefix
- (,@libs ,@rdd-whitelist))
+ ,libs)
`("XDG_DATA_DIRS" prefix
(,gtk-share))
`("MOZ_LEGACY_PROFILES" =
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 3/3] gnu: librewolf-source: Turn into a procedure.
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
@ 2024-09-23 14:47 ` Ian Eure
2024-09-24 7:11 ` bug#73429: [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Andrew Tropin via Guix-patches via
3 siblings, 0 replies; 14+ messages in thread
From: Ian Eure @ 2024-09-23 14:47 UTC (permalink / raw)
To: 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
This patch changes the `librewolf-source' variable into the
`make-librewolf-source' prodecure.
This procedure accepts a LibreWolf version, source hash, and Firefox source
hash. The Firefox source version is derived from the provided LibreWolf
version.
This eases package updates, since the hashes are inside the `librewolf'
package, rather than `librewolf-source'; and the version no longer needs to be
specified in three places.
It also removes a blank line between the file header and `define-module'.
* gnu/packages/librewolf.scm (librewolf-source): Turn into a procedure.
Change-Id: I96ab1304acde246c179e7aa5dad9ff621be3de82
---
gnu/packages/librewolf.scm | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
index bade479656..6fd0aa51f1 100644
--- a/gnu/packages/librewolf.scm
+++ b/gnu/packages/librewolf.scm
@@ -40,7 +40,6 @@
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-
(define-module (gnu packages librewolf)
#:use-module ((srfi srfi-1) #:hide (zip))
#:use-module (guix build-system gnu)
@@ -116,12 +115,13 @@ (define (librewolf-source-origin version hash)
(define computed-origin-method (@@ (guix packages) computed-origin-method))
-(define librewolf-source
- (let* ((ff-src (firefox-source-origin "130.0"
- "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))
+(define* (make-librewolf-source #:key version firefox-hash librewolf-hash)
+ (let* ((ff-src (firefox-source-origin
+ (car (string-split version #\-))
+ firefox-hash))
(lw-src (librewolf-source-origin
- "130.0.1-1"
- "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))
+ version
+ librewolf-hash)))
(origin
(method computed-origin-method)
@@ -220,7 +220,10 @@ (define-public librewolf
(version "130.0.1-1")
(source
(origin
- (inherit librewolf-source)
+ (inherit (make-librewolf-source
+ #:version version
+ #:firefox-hash "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"
+ #:librewolf-hash "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd"))
(patches
(search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
(build-system gnu-build-system)
--
2.46.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* bug#73429: [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
` (2 preceding siblings ...)
2024-09-23 14:47 ` [bug#73429] [PATCH v2 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
@ 2024-09-24 7:11 ` Andrew Tropin via Guix-patches via
3 siblings, 0 replies; 14+ messages in thread
From: Andrew Tropin via Guix-patches via @ 2024-09-24 7:11 UTC (permalink / raw)
To: Ian Eure, 73429-done
Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
[-- Attachment #1: Type: text/plain, Size: 681 bytes --]
On 2024-09-23 07:47, Ian Eure wrote:
> v2 corrects a bug with make-librewolf-source which I should have caught.
>
> Ian Eure (3):
> gnu: nss-rapid: Update to 3.104.
> gnu: librewolf: Update to 130.0.1-1. [security fixes]
> gnu: librewolf-source: Turn into a procedure.
>
> gnu/packages/librewolf.scm | 62 +++++++++++++++++++++-----------------
> gnu/packages/nss.scm | 4 +--
> 2 files changed, 36 insertions(+), 30 deletions(-)
Hi Ian!
Thank you for the updates and improvements. It looks good to me, pushed as
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8888f930ad9b2494a23e88019284266a1b1b2bb0
--
Best regards,
Andrew Tropin
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes]
2024-09-22 20:53 ` [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
@ 2024-09-24 8:17 ` Andrew Tropin via Guix-patches via
0 siblings, 0 replies; 14+ messages in thread
From: Andrew Tropin via Guix-patches via @ 2024-09-24 8:17 UTC (permalink / raw)
To: Ian Eure, 73429; +Cc: André Batista, mhw, jonathan.brielmaier, Ian Eure
[-- Attachment #1: Type: text/plain, Size: 7603 bytes --]
On 2024-09-22 13:53, Ian Eure wrote:
> This patch:
>
> - Updates LibreWolf to the latest version
> - Removes the code which disabled encoding_rs.patch from upstream. It’s no
> longer in the repo, so the code did nothing, and the underlying issue (Guix
> being stuck with an old Rust version) has been fixed.
> - Integrates changes from #72265 with some slight tweaks. This should allow
> LibreWolf to use accelerated video decoding on supported hardware.
> - Neuters the GenAI chat feature, which direcly integrates with non-free
> services, by excluding it from the build and locking the preferences which
> would enable it.
>
> Fixes:
> CVE-2024-8385: WASM type confusion involving ArrayTypes
> CVE-2024-8381: Type confusion when looking up a property name in a "with" block
> CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts
> CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
> CVE-2024-8383: Firefox did not ask before openings news: links in an external application
> CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
> CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
> CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
> CVE-2024-8389: Memory safety bugs fixed in Firefox 130
>
> * gnu/packages/librewolf.scm (librewolf): Update to 130.0.1-1.
>
> Change-Id: I764e6e66c5bfdc14a87b7ea59c29780a1f16769a
> ---
> gnu/packages/librewolf.scm | 55 ++++++++++++++++++++------------------
> 1 file changed, 29 insertions(+), 26 deletions(-)
>
> diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm
> index 21f73f799d..bade479656 100644
> --- a/gnu/packages/librewolf.scm
> +++ b/gnu/packages/librewolf.scm
> @@ -117,9 +117,11 @@ (define (librewolf-source-origin version hash)
> (define computed-origin-method (@@ (guix packages) computed-origin-method))
>
> (define librewolf-source
> - (let* ((ff-src (firefox-source-origin "129.0.1" "0wy0fn0pavlhlkdybr59hhbn5ng0zn56mxa7gsknf8f2whiyipwx"))
> - (version "129.0.1-1")
> - (lw-src (librewolf-source-origin version "0pvv3v23q31hdjvqi1f3cqfyjrb8dbrrbfwxj2wacak1g0mzbxf4")))
> + (let* ((ff-src (firefox-source-origin "130.0"
> + "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))
> + (lw-src (librewolf-source-origin
> + "130.0.1-1"
> + "0f80pihn375bdjhjmmg2v1w96wpn76zb60ycy39wafwh1dnzybrd")))
>
> (origin
> (method computed-origin-method)
> @@ -164,11 +166,6 @@ (define librewolf-source
> (("^ff_source_tarball:=.*")
> (string-append "ff_source_tarball:=" #+ff-src)))
>
> - ;; Remove encoding_rs patch, it doesn't build with Rust 1.75.
> - (substitute* '("assets/patches.txt")
> - (("patches/encoding_rs.patch\\\n$")
> - ""))
> -
> ;; Stage locales.
> (begin
> (format #t "Staging locales...~%")
> @@ -215,13 +212,17 @@ (define rust-librewolf rust) ; 1.75 is the default in Guix, 1.65 is the minimum.
> ;; Update this id with every update to its release date.
> ;; It's used for cache validation and therefore can lead to strange bugs.
> ;; ex: date '+%Y%m%d%H%M%S'
> -(define %librewolf-build-id "20240817075827")
> +(define %librewolf-build-id "20240922110507")
>
> (define-public librewolf
> (package
> (name "librewolf")
> - (version "129.0.1-1")
> - (source librewolf-source)
> + (version "130.0.1-1")
> + (source
> + (origin
> + (inherit librewolf-source)
> + (patches
> + (search-patches "librewolf-add-paths-to-rdd-allowlist.patch"))))
It seems I was too hasty, the patch adding /gnu/store and
/run/current-system/profile/lib to whitelist is not in the guix repo
yet.
Will add it in a few minutes.
> (build-system gnu-build-system)
> (arguments
> (list
> @@ -318,6 +319,22 @@ (define (write-setting key value)
> (substitute* "dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp"
> (("libavcodec\\.so")
> libavcodec)))))
> + (add-after 'unpack 'neuter-genai
> + (lambda* _
> + ;; Don't compile the code in.
> + (substitute* "browser/components/moz.build"
> + (("\"genai\",") ""))
> + ;; Lock the preferences so they can't be enabled.
> + (substitute* "lw/librewolf.cfg"
> + (("defaultPref\\(\"browser\\.ml\\.")
> + "lockPref(\"browser.ml."))
> + ;; Correct a preference typo
> + ;; see https://codeberg.org/librewolf/issues/issues/1919#issuecomment-2325954
> + ;; Remove this in the next update.
> + (substitute* "lw/librewolf.cfg"
> + (("browser\\.ml\\.enabled")
> + "browser.ml.enable"))
> + ))
> (add-after 'patch-source-shebangs 'patch-cargo-checksums
> (lambda _
> (use-modules (guix build cargo-utils))
> @@ -575,26 +592,12 @@ (define (runpaths-of-input label)
> ;; For U2F and WebAuthn
> "eudev")))
>
> - ;; VA-API is run in the RDD (Remote Data Decoder) sandbox
> - ;; and must be explicitly given access to files it needs.
> - ;; Rather than adding the whole store (as Nix had
> - ;; upstream do, see
> - ;; <https://github.com/NixOS/nixpkgs/pull/165964> and
> - ;; linked upstream patches), we can just follow the
> - ;; runpaths of the needed libraries to add everything to
> - ;; LD_LIBRARY_PATH. These will then be accessible in the
> - ;; RDD sandbox.
> - (rdd-whitelist (map (cut string-append <> "/")
> - (delete-duplicates (append-map
> - runpaths-of-input
> - '("mesa"
> - "ffmpeg")))))
> (gtk-share (string-append (assoc-ref inputs
> "gtk+")
> "/share")))
> (wrap-program (car (find-files lib "^librewolf$"))
> `("LD_LIBRARY_PATH" prefix
> - (,@libs ,@rdd-whitelist))
> + ,libs)
> `("XDG_DATA_DIRS" prefix
> (,gtk-share))
> `("MOZ_LEGACY_PROFILES" =
--
Best regards,
Andrew Tropin
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] closed (Re: [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes])
2024-09-22 20:51 [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
@ 2024-09-27 3:46 ` John Kehayias via Guix-patches via
2024-09-27 15:52 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] not emma via Guix-patches via
3 siblings, 0 replies; 14+ messages in thread
From: John Kehayias via Guix-patches via @ 2024-09-27 3:46 UTC (permalink / raw)
To: Ian Eure, Andrew Tropin; +Cc: 73429
Hi Ian and Andrew,
On Tue, Sep 24, 2024 at 07:13 AM, GNU bug Tracking System wrote:
> Your bug report
>
> #73429: [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
>
> which was filed against the guix-patches package, has been closed.
>
> The explanation is attached below, along with your original report.
> If you require more details, please reply to 73429@debbugs.gnu.org.
>
> --
> 73429: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=73429
> GNU Bug Tracking System
> Contact help-debbugs@gnu.org with problems
>
> From: Andrew Tropin <andrew@trop.in>
> Subject: Re: [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 &
> nss-rapid to 3.104 [security fixes]
> To: Ian Eure <ian@retrospec.tv>, 73429-done@debbugs.gnu.org
> Cc: André Batista <nandre@riseup.net>, mhw@netris.org,
> jonathan.brielmaier@web.de, Ian Eure <ian@retrospec.tv>
> Date: Tue, 24 Sep 2024 11:11:19 +0400 (2 days, 20 hours, 27 minutes ago)
>
> On 2024-09-23 07:47, Ian Eure wrote:
>
>> v2 corrects a bug with make-librewolf-source which I should have caught.
>>
>> Ian Eure (3):
>> gnu: nss-rapid: Update to 3.104.
>> gnu: librewolf: Update to 130.0.1-1. [security fixes]
>> gnu: librewolf-source: Turn into a procedure.
>>
>> gnu/packages/librewolf.scm | 62 +++++++++++++++++++++-----------------
>> gnu/packages/nss.scm | 4 +--
>> 2 files changed, 36 insertions(+), 30 deletions(-)
>
> Hi Ian!
>
> Thank you for the updates and improvements. It looks good to me, pushed as
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8888f930ad9b2494a23e88019284266a1b1b2bb0
>
> --
> Best regards,
> Andrew Tropin
>
Thank you both for your work here! However, two quick minor notes:
> ----------
>
> From: Ian Eure <ian@retrospec.tv>
> Subject: [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104
> [security fixes]
> To: guix-patches@gnu.org
> Cc: André Batista <nandre@riseup.net>, mhw@netris.org,
> jonathan.brielmaier@web.de, Ian Eure <ian@retrospec.tv>
> Date: Sun, 22 Sep 2024 13:51:40 -0700
> Date: Sun, 22 Sep 2024 13:51:40 -0700 (4 days, 6 hours, 47 minutes ago)
>
> Updates both packages to the current versions. Also, removes some unneeded code, fixes hardware video acceleration, and lightly refactors how source tarballs are built. Please see the individual patches for more info.
>
> Ian Eure (3):
> gnu: nss-rapid: Update to 3.104.
> gnu: librewolf: Update to 130.0.1-1. [security fixes]
Perhaps this (130.0.1-1 update) should have been a few different
commits, though I wasn't sure if some were tied to the version update as
well. Just a reminder to separate out individual changes, though of
course if they are needed as part of a single fix/update they would go
together. I only mention because there was reference to other submitted
patches for hardware acceleration.
Also, from the diff the 'neuter-genai had some dangling parens. I didn't
check if that was what made it in the commit, but if someone has a
chance for that minor cosmetic fix that would be great.
Thanks again! Looking forward to trying out librewolf finally.
John
> gnu: librewolf-source: Turn into a procedure.
>
> gnu/packages/librewolf.scm | 62 +++++++++++++++++++++-----------------
> gnu/packages/nss.scm | 4 +--
> 2 files changed, 36 insertions(+), 30 deletions(-)
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
2024-09-22 20:51 [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
` (2 preceding siblings ...)
2024-09-27 3:46 ` [bug#73429] closed (Re: [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]) John Kehayias via Guix-patches via
@ 2024-09-27 15:52 ` not emma via Guix-patches via
2024-09-27 16:14 ` Ian Eure
3 siblings, 1 reply; 14+ messages in thread
From: not emma via Guix-patches via @ 2024-09-27 15:52 UTC (permalink / raw)
To: 73429@debbugs.gnu.org, ian@retrospec.tv, andrew@trop.in,
john.kehayias@protonmail.com
[-- Attachment #1: Type: text/plain, Size: 581 bytes --]
hi,
This librewolf update has caused some codecs issues, specifically when attempting to play live videos, i receive the following:
```
[Child 5108, MediaDecoderStateMachine #1] WARNING: Decoder=7f0ea3b7b700 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - Error no decoder found for audio/mp4a-latm: file /tmp/guix-build-librewolf-130.0.1-1.drv-0/librewolf-130.0.1-1/dom/media/MediaDecoderStateMachineBase.cpp:167
```
i used guix time-machine to run version 129.0.1-1, and do not encounter this issue
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
[-- Attachment #2: Type: text/html, Size: 1569 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
2024-09-27 15:52 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] not emma via Guix-patches via
@ 2024-09-27 16:14 ` Ian Eure
2024-09-27 16:22 ` not emma via Guix-patches via
0 siblings, 1 reply; 14+ messages in thread
From: Ian Eure @ 2024-09-27 16:14 UTC (permalink / raw)
To: not emma, 73429@debbugs.gnu.org, andrew@trop.in,
john.kehayias@protonmail.com
[-- Attachment #1: Type: text/plain, Size: 816 bytes --]
I'm tied up until mid next week, but will take a look as soon as I can. Do you have a URL which I can use to reproduce the issue?
On September 27, 2024 8:52:29 AM PDT, not emma <bigbookofbug@proton.me> wrote:
>hi,
>
>This librewolf update has caused some codecs issues, specifically when attempting to play live videos, i receive the following:
>```
>[Child 5108, MediaDecoderStateMachine #1] WARNING: Decoder=7f0ea3b7b700 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - Error no decoder found for audio/mp4a-latm: file /tmp/guix-build-librewolf-130.0.1-1.drv-0/librewolf-130.0.1-1/dom/media/MediaDecoderStateMachineBase.cpp:167
>
>```
>
>i used guix time-machine to run version 129.0.1-1, and do not encounter this issue
>
>Sent with [Proton Mail](https://proton.me/mail/home) secure email.
[-- Attachment #2: Type: text/html, Size: 2050 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]
2024-09-27 16:14 ` Ian Eure
@ 2024-09-27 16:22 ` not emma via Guix-patches via
0 siblings, 0 replies; 14+ messages in thread
From: not emma via Guix-patches via @ 2024-09-27 16:22 UTC (permalink / raw)
To: Ian Eure
Cc: john.kehayias@protonmail.com, 73429@debbugs.gnu.org,
andrew@trop.in
[-- Attachment #1: Type: text/plain, Size: 1158 bytes --]
any live videos, for example, the following (a livestream playlist of music) will note that the browser does not support this video type:
https://www.youtube.com/watch?v=BFiQVuDqvVU
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
On Friday, September 27th, 2024 at 4:14 PM, Ian Eure <ian@retrospec.tv> wrote:
> I'm tied up until mid next week, but will take a look as soon as I can. Do you have a URL which I can use to reproduce the issue?
>
> On September 27, 2024 8:52:29 AM PDT, not emma <bigbookofbug@proton.me> wrote:
>
>> hi,
>>
>> This librewolf update has caused some codecs issues, specifically when attempting to play live videos, i receive the following:
>> ```
>> [Child 5108, MediaDecoderStateMachine #1] WARNING: Decoder=7f0ea3b7b700 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - Error no decoder found for audio/mp4a-latm: file /tmp/guix-build-librewolf-130.0.1-1.drv-0/librewolf-130.0.1-1/dom/media/MediaDecoderStateMachineBase.cpp:167
>>
>> ```
>>
>> i used guix time-machine to run version 129.0.1-1, and do not encounter this issue
>>
>> Sent with [Proton Mail](https://proton.me/mail/home) secure email.
[-- Attachment #2: Type: text/html, Size: 3200 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-09-27 16:23 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-22 20:51 [bug#73429] [PATCH 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
2024-09-22 20:53 ` [bug#73429] [PATCH 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
2024-09-24 8:17 ` Andrew Tropin via Guix-patches via
2024-09-22 20:53 ` [bug#73429] [PATCH 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 1/3] gnu: nss-rapid: Update to 3.104 Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 2/3] gnu: librewolf: Update to 130.0.1-1. [security fixes] Ian Eure
2024-09-23 14:47 ` [bug#73429] [PATCH v2 3/3] gnu: librewolf-source: Turn into a procedure Ian Eure
2024-09-24 7:11 ` bug#73429: [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] Andrew Tropin via Guix-patches via
2024-09-27 3:46 ` [bug#73429] closed (Re: [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes]) John Kehayias via Guix-patches via
2024-09-27 15:52 ` [bug#73429] [PATCH v2 0/3] Update LibreWolf to 130.0.1-1 & nss-rapid to 3.104 [security fixes] not emma via Guix-patches via
2024-09-27 16:14 ` Ian Eure
2024-09-27 16:22 ` not emma via Guix-patches via
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.