Commit graph

1 commit

Author SHA1 Message Date
John Kehayias
d47b2f5a7b
nongnu: firefox: Update to 131.0.3 [security fixes].
Fixes CVE-2024-9936 and, in previous versions since 130.0.1, CVE-2024-9680,
CVE-2024-9391, CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9395,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, and CVE-2024-9403.

Upstream removed firefox.desktop files which can be generated from their mach
tool.  However, this will try to download various dependencies.  So, for now
at least, use a patch which reverts that commit so we can use the included
desktop file.  In Arch, for example, they include a separate pre-generated
desktop file rather than doing this at build time.

* nongnu/packages/mozilla.scm (firefox): Update to 131.0.3.
* nongnu/packages/patches/firefox-CVE-2024-9680.patch: Delete patch.
* nongnu/packages/patches/firefox-restore-desktop-files.patch: Add patch.
2024-10-19 01:26:32 -04:00