diff options
| author | Ian Eure <[email protected]> | 2024-11-06 06:26:00 -0800 |
|---|---|---|
| committer | Ludovic Courtès <[email protected]> | 2024-11-06 17:23:35 +0100 |
| commit | 280aa6b57d7b741a7d8b076e1afa3dff23569332 (patch) | |
| tree | 394db3dcebdbeaf522f59b0514fab41584bfdcdc /gnu/packages/patches/librewolf-neuter-locale-download.patch | |
| parent | 0ad0f8a1fa9c711f4df5908ebf800a9400f5bbc9 (diff) | |
gnu: librewolf: Update to 132.0-1 [security fixes].
New upstream version. The 132.0-2-1 release switches to the firefox-l10n
repository, necessitating rework of locale handling.
131.0.3-1 fixes CVEs:
CVE-2024-9936: Undefined behavior in selection node cache
132.0-1 fixes CVEs:
CVE-2024-10458: Permission leak via embed or object elements
CVE-2024-10459: Use-after-free in layout with accessibility
CVE-2024-10460: Confusing display of origin for external protocol
handler prompt
CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
CVE-2024-10462: Origin of permission prompt could be spoofed by long
URL
CVE-2024-10463: Cross origin video frame leak
CVE-2024-10468: Race conditions in IndexedDB
CVE-2024-10464: History interface could have been used to cause a
Denial of Service condition in the browser
CVE-2024-10465: Clipboard "paste" button persisted across tabs
CVE-2024-10466: DOM push subscription message could hang Firefox
CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird
132, Firefox ESR 128.4, and Thunderbird 128.4
* gnu/packages/librewolf.scm (librewolf): Update to 132.0-1.
Change-Id: I4afbcb496a8b0a329254762259cd1598d574761e
Signed-off-by: Ludovic Courtès <[email protected]>
Diffstat (limited to 'gnu/packages/patches/librewolf-neuter-locale-download.patch')
| -rw-r--r-- | gnu/packages/patches/librewolf-neuter-locale-download.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/patches/librewolf-neuter-locale-download.patch b/gnu/packages/patches/librewolf-neuter-locale-download.patch new file mode 100644 index 0000000000..da300542f5 --- /dev/null +++ b/gnu/packages/patches/librewolf-neuter-locale-download.patch @@ -0,0 +1,17 @@ +diff --git a/scripts/librewolf-patches.py b/scripts/librewolf-patches.py +index 48dc6bc..01a6c58 100755 +--- a/scripts/librewolf-patches.py ++++ b/scripts/librewolf-patches.py +@@ -147,12 +147,6 @@ def librewolf_patches(): + with open(file, "w") as f: + f.write("{}-{}".format(version,release)) + +- print("-> Downloading locales from https://github.com/mozilla-l10n/firefox-l10n") +- with TemporaryDirectory() as tmpdir: +- exec(f"wget -qO {tmpdir}/l10n.zip 'https://codeload.github.com/mozilla-l10n/firefox-l10n/zip/refs/heads/main'") +- exec(f"unzip -qo {tmpdir}/l10n.zip -d {tmpdir}/l10n") +- exec(f"mv {tmpdir}/l10n/firefox-l10n-main lw/l10n") +- + print("-> Patching appstrings.properties") + # Why is "Firefox" hardcoded there??? + exec("find . -path '*/appstrings.properties' -exec sed -i s/Firefox/LibreWolf/ {} \;") |