From d47b2f5a7bc82fe52825ba4b5ff6cb9362a9fed4 Mon Sep 17 00:00:00 2001
From: John Kehayias <john.kehayias@protonmail.com>
Date: Sat, 19 Oct 2024 01:26:32 -0400
Subject: nongnu: firefox: Update to 131.0.3 [security fixes].

Fixes CVE-2024-9936 and, in previous versions since 130.0.1, CVE-2024-9680,
CVE-2024-9391, CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9395,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, and CVE-2024-9403.

Upstream removed firefox.desktop files which can be generated from their mach
tool.  However, this will try to download various dependencies.  So, for now
at least, use a patch which reverts that commit so we can use the included
desktop file.  In Arch, for example, they include a separate pre-generated
desktop file rather than doing this at build time.

* nongnu/packages/mozilla.scm (firefox): Update to 131.0.3.
* nongnu/packages/patches/firefox-CVE-2024-9680.patch: Delete patch.
* nongnu/packages/patches/firefox-restore-desktop-files.patch: Add patch.
---
 nongnu/packages/mozilla.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'nongnu/packages/mozilla.scm')

diff --git a/nongnu/packages/mozilla.scm b/nongnu/packages/mozilla.scm
index df7cb9c..4c2663b 100644
--- a/nongnu/packages/mozilla.scm
+++ b/nongnu/packages/mozilla.scm
@@ -524,13 +524,13 @@ MOZ_ENABLE_WAYLAND=1 exec ~a $@\n"
 
 ;; Update this id with every firefox update to its release date.
 ;; It's used for cache validation and therefore can lead to strange bugs.
-(define %firefox-build-id "20241010233931")
+(define %firefox-build-id "20241014032024")
 
 (define-public firefox
   (package
     (inherit firefox-esr)
     (name "firefox")
-    (version "130.0.1")
+    (version "131.0.3")
     (source
      (origin
        (method url-fetch)
@@ -540,9 +540,9 @@ MOZ_ENABLE_WAYLAND=1 exec ~a $@\n"
         (list (search-path
                (map (cut string-append <> "/nongnu/packages/patches")
                     %load-path)
-               "firefox-CVE-2024-9680.patch")))
+               "firefox-restore-desktop-files.patch")))
        (sha256
-        (base32 "0w4z3fq5zhm63a0wmhvmqrj263bvy962dir25q3z0x5hx6hjawh2"))))
+        (base32 "1l30y1pf2kkhnnnazj2x7j1hy3sxz6x9vjj3lbx3wi9pfzwz6zbs"))))
     (arguments
      (substitute-keyword-arguments (package-arguments firefox-esr)
        ((#:phases phases)
-- 
cgit v1.2.3