diff options
| author | Tomas Volf <~@wolfsden.cz> | 2025-04-29 22:15:55 +0200 |
|---|---|---|
| committer | Hilton Chain <hako@ultrarare.space> | 2025-05-04 21:08:53 +0800 |
| commit | b9d3169772b45a2457def49318173f8353bb34f9 (patch) | |
| tree | 3598c05c5c1a6433e4462b523992e7cef41bc0ff /nongnu/packages | |
| parent | 99c64f1ab82b216c52e32d242d64af6774b55490 (diff) | |
nongnu: firefox: Update to 138.0 [security fixes].
Fixes CVE-2025-2817, CVE-2025-4082, CVE-2025-4083, CVE-2025-4085,
CVE-2025-4086, CVE-2025-4087, CVE-2025-4088, CVE-2025-4089,
CVE-2025-4090, CVE-2025-4091, CVE-2025-4092.
* nongnu/packages/patches/firefox-ge-138-compare-paths.patch: New file.
* nongnu/packages/mozilla.scm (firefox): Update to 138.0.
[source]: Use the new patch.
[native-inputs]: Replace rust-cbindgen with rust-cbindgen-0.28.
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Diffstat (limited to 'nongnu/packages')
| -rw-r--r-- | nongnu/packages/mozilla.scm | 9 | ||||
| -rw-r--r-- | nongnu/packages/patches/firefox-ge-138-compare-paths.patch | 21 |
2 files changed, 26 insertions, 4 deletions
diff --git a/nongnu/packages/mozilla.scm b/nongnu/packages/mozilla.scm index 06a5561..1a4c249 100644 --- a/nongnu/packages/mozilla.scm +++ b/nongnu/packages/mozilla.scm @@ -524,13 +524,13 @@ Release (ESR) version.") ;; Update this id with every firefox update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. -(define %firefox-build-id "20250414143137") +(define %firefox-build-id "20250428114547") (define-public firefox (package (inherit firefox-esr) (name "firefox") - (version "137.0.2") + (version "138.0") (source (origin (method url-fetch) @@ -543,10 +543,10 @@ Release (ESR) version.") %load-path) patch)) '("firefox-restore-desktop-files.patch" - "firefox-esr-compare-paths.patch" + "firefox-ge-138-compare-paths.patch" "firefox-use-system-wide-dir.patch"))) (sha256 - (base32 "01yd5cq6qgww6w2kq1bchy9j81blim15kdz7bvx8n512m2x3mz06")))) + (base32 "08wvy530pqscldi6afw05klgw60bsk2am8fw51i4a6wcx1z3sqh4")))) (arguments (substitute-keyword-arguments (package-arguments firefox-esr) ((#:phases phases) @@ -571,6 +571,7 @@ Release (ESR) version.") (native-inputs (modify-inputs (package-native-inputs firefox-esr) (replace "rust" rust-firefox) + (replace "rust-cbindgen" rust-cbindgen-0.28) (replace "rust:cargo" `(,rust-firefox "cargo")))) (description "Full-featured browser client built from Firefox source tree, without diff --git a/nongnu/packages/patches/firefox-ge-138-compare-paths.patch b/nongnu/packages/patches/firefox-ge-138-compare-paths.patch new file mode 100644 index 0000000..b7d92d7 --- /dev/null +++ b/nongnu/packages/patches/firefox-ge-138-compare-paths.patch @@ -0,0 +1,21 @@ +diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +index 1b01851e2fff..7f3b8c200c2f 100644 +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3753,6 +3753,7 @@ export const XPIDatabaseReconcile = { + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) || + // update addon metadata if the addon in bundled into + // the omni jar and version or the resource URI pointing +@@ -3767,8 +3768,6 @@ export const XPIDatabaseReconcile = { + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, |