From f5338f63fce69622ce06f93fe02524967e1f30d4 Mon Sep 17 00:00:00 2001 From: Tomas Volf <~@wolfsden.cz> Date: Tue, 13 Jan 2026 21:25:17 +0100 Subject: nongnu: firefox: Update to 147.0 [security fixes]. Fixes CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0881, CVE-2026-0882, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886, CVE-2026-0887, CVE-2026-0888, CVE-2026-0889, CVE-2026-0890, CVE-2026-0891, CVE-2026-0892. * nongnu/packages/mozilla.scm (firefox): Update to 147.0. [inputs]: Use icu4c-78. Signed-off-by: John Kehayias Modified-by: John Kehayias --- nongnu/packages/mozilla.scm | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'nongnu/packages') diff --git a/nongnu/packages/mozilla.scm b/nongnu/packages/mozilla.scm index ca8e0bc..afa7549 100644 --- a/nongnu/packages/mozilla.scm +++ b/nongnu/packages/mozilla.scm @@ -529,20 +529,20 @@ Release (ESR) version.") ;; Update this id with every firefox update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. -(define %firefox-build-id "20251217214444") +(define %firefox-build-id "20260112140453") (define-public firefox (package (inherit firefox-esr) (name "firefox") - (version "146.0.1") + (version "147.0") (source (origin (method url-fetch) (uri (string-append "https://archive.mozilla.org/pub/firefox/releases/" version "/source/firefox-" version ".source.tar.xz")) (sha256 - (base32 "1swih4jljq162vgdl2m2d8xn4s4hj4vjqcfww59kk4kkhh78lrz9")) + (base32 "1znr9wp4f79b83mv0as9kj0nh09yjxzqv4nbi4bmn7jgfmiqwb92")) (patches (map (lambda (patch) (search-path @@ -564,6 +564,9 @@ Release (ESR) version.") (replace 'set-build-id (lambda _ (setenv "MOZ_BUILD_DATE" #$%firefox-build-id))))))) + (inputs + (modify-inputs (package-inputs firefox-esr) + (replace "icu4c" icu4c-78))) (native-inputs (modify-inputs (package-native-inputs firefox-esr) (replace "rust" rust-firefox) -- cgit v1.2.3