nongnu: firefox-esr: Update to 128.0esr [security fixes].

Fixes CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
CVE-2024-6604.

* nongnu/packages/mozilla.scm (firefox-esr): Update to 128.0esr.
[arguments]<#:phases>: Update 'remove-cargo-frozen-flag.
[native-inputs]: Update rust-cbindgen-0.26.
(rust-firefox-esr): Use rust-1.77.
(firefox)[arguments]<#:phases>: Delete 'remove-cargo-frozen-flag.
[native-inputs]: Drop replace of rust-cbindgen.  Use clang-18, the default
one (13) fails to compile this version of firefox.

Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
This commit is contained in:
Tomas Volf 2024-07-09 16:56:24 +02:00 committed by Jonathan Brielmaier
parent d0aa4061ce
commit f2c953b06b
No known key found for this signature in database
GPG key ID: ECFC83988B4E4B9F

View file

@ -78,8 +78,8 @@
;;; but since in Guix only the latest packaged Rust is officially supported, ;;; but since in Guix only the latest packaged Rust is officially supported,
;;; it is a tradeoff worth making. ;;; it is a tradeoff worth making.
;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html ;;; 0: https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html
(define-public rust-firefox-esr rust)
;; The `rust' package is too old. ;; The `rust' package is too old.
(define-public rust-firefox-esr rust-1.77)
(define-public rust-firefox rust-1.77) (define-public rust-firefox rust-1.77)
(define icu4c-73 (define icu4c-73
@ -100,19 +100,19 @@
;; Update this id with every firefox update to its release date. ;; Update this id with every firefox update to its release date.
;; It's used for cache validation and therefore can lead to strange bugs. ;; It's used for cache validation and therefore can lead to strange bugs.
(define %firefox-esr-build-id "20240610131531") (define %firefox-esr-build-id "20240708134620")
(define-public firefox-esr (define-public firefox-esr
(package (package
(name "firefox-esr") (name "firefox-esr")
(version "115.12.0esr") (version "128.0esr")
(source (source
(origin (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://archive.mozilla.org/pub/firefox/releases/" (uri (string-append "https://archive.mozilla.org/pub/firefox/releases/"
version "/source/firefox-" version ".source.tar.xz")) version "/source/firefox-" version ".source.tar.xz"))
(sha256 (sha256
(base32 "1vx88wc10fjkvqdqf3ab65qk3km7z0mlyf9plxjhabxvl0jid7mm")))) (base32 "0z399hi9ziiafhfxjmc2w5cvd4lk0slyr4b8frkhcq7qpb7pvfn5"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
(list (list
@ -234,7 +234,7 @@
;; complain that it's not able to change Cargo.lock. ;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py" (substitute* "build/RunCbindgen.py"
(("\"--frozen\",") "")))) (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap) (delete 'bootstrap)
(add-before 'configure 'patch-SpeechDispatcherService.cpp (add-before 'configure 'patch-SpeechDispatcherService.cpp
(lambda _ (lambda _
@ -476,7 +476,7 @@
alsa-lib alsa-lib
autoconf-2.13 autoconf-2.13
`(,rust-firefox-esr "cargo") `(,rust-firefox-esr "cargo")
clang clang-18
llvm llvm
wasm32-wasi-clang-toolchain wasm32-wasi-clang-toolchain
m4 m4
@ -486,7 +486,7 @@
pkg-config pkg-config
python python
rust-firefox-esr rust-firefox-esr
rust-cbindgen-0.24 rust-cbindgen-0.26
which which
yasm)) yasm))
(home-page "https://mozilla.org/firefox/") (home-page "https://mozilla.org/firefox/")
@ -555,19 +555,11 @@ MOZ_ENABLE_WAYLAND=1 exec ~a $@\n"
#~(modify-phases #$phases #~(modify-phases #$phases
(replace 'set-build-id (replace 'set-build-id
(lambda _ (lambda _
(setenv "MOZ_BUILD_DATE" #$%firefox-build-id))) (setenv "MOZ_BUILD_DATE" #$%firefox-build-id)))))))
(replace 'remove-cargo-frozen-flag
(lambda _
;; Remove --frozen flag from cargo invokation, otherwise it'll
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
(("args.append\\(\"--frozen\"\\)") "pass"))))))))
(native-inputs (native-inputs
(modify-inputs (package-native-inputs firefox-esr) (modify-inputs (package-native-inputs firefox-esr)
(replace "rust" rust-firefox) (replace "rust" rust-firefox)
(replace "rust:cargo" `(,rust-firefox "cargo")) (replace "rust:cargo" `(,rust-firefox "cargo"))))
(replace "rust-cbindgen" rust-cbindgen-0.26)))
(description (description
"Full-featured browser client built from Firefox source tree, without "Full-featured browser client built from Firefox source tree, without
the official icon and the name \"firefox\"."))) the official icon and the name \"firefox\".")))