Contains fixes for:
CVE-2025-2817: Privilege escalation in Firefox Updater
CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for
macOS
CVE-2025-4083: Process isolation bypass using "javascript:" URI links
in cross-origin frames
CVE-2025-4085: Potential information leakage and privilege escalation
in UITour actor
CVE-2025-4086: Specially crafted filename could be used to obscure
download type
CVE-2025-4087: Unsafe attribute access during XPath parsing
CVE-2025-4088: Cross-site request forgery via storage access API
redirects
CVE-2025-4089: Potential local code execution in "copy as cURL"
command
CVE-2025-4090: Leaked library paths in Firefox for Android
CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird
138, Firefox ESR 128.10, and Thunderbird 128.10
CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird
138
* gnu/packages/librewolf.scm (librewolf): Update to 138.0.3-1.
* gnu/packages/patches/librewolf-compare-paths.patch: New file.
Change-Id: I2cc11b758dbc77f7ec3451faa89918b08c890729
* gnu/packages/nss.scm (nss-rapid): Update to 3.110.
[phase 'check]: Use datefudge on 32-bit systems.
Change-Id: Ibdae3c70066a70cdde560c5d8f9bac797cd2cd99
* gnu/packages/guile.scm (guile-3.0)[arguments]: When building for MinGW,
relax gcc-14's strictness.
Change-Id: Ia94511273ab618d493bab428dbf3f6098276f289
* gnu/packages/crypto.scm (libxcrypt):[arguments]: When building for MinGW,
add CFLAGS to #:configure-flags to relax gcc's strictness and add a cache
value to #:configure-flags to help libtool build the shared library.
Change-Id: I60b67f8f1c77c949bcc902c4b388bc278585c81e
The import-gnu-release could crash with a "Wrong type (expecting pair): ()"
error, as seen when attempting to recursively refresh a package, e.g.:
$ guix refresh -r xdg-desktop-portal-gnome
It would crash on attempting to refresh 'bash-static'.
* guix/gnu-maintenance.scm (import-gnu-release): Guard against a potentially
empty VERSIONS list.
Change-Id: Ib4edb4b721e6053b09ef144a1b16fe23b35649b0
* gnu/packages/python-xyz.scm (python-slixmpp): Move from here ...
* gnu/packages/python-web.scm: ... to here.
Change-Id: I43511d6ebc6762ea84ae56966d62a0a10468e8b3
* gnu/packages/messaging.scm (poezio) [source]: Project has moved to
CodeBerg, adjust the source URL as seen on home page.
Change-Id: I77ae05237139c4beed11be206859fee5ca87b69e
* gnu/packages/python-xyz.scm (python-slixmpp) [source]: Project has
moved to CodeBerg, adjust the source URL as seen on home page.
Change-Id: I170cb8c2d42ef0cc97205e5e84851f261167a0f7
The service unnecessarily populates /etc/qemu with a symlink, so it's not
possible to write files like /etc/qemu/bridge.conf or /etc/qemu/host.conf
anymore. Since etc-service-type uses file-union, it's possible to put files in
subdirectories. This restores the behavior suggested by manual where user can
extend etc-service-type with qemu/host.conf etc.
* gnu/services/virtualization.scm (/etc/qemu/firmware): Extend with
qemu/firmware instead of qemu
Change-Id: I7c1ea790e5abf7ad05dce56b7901ac6eb90208fd
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (dnsmasq-service-reload-action): New function.
Implements SIGHUP handling for reloading configurations.
(dnsmasq-service-stats-action): New function. Implements SIGUSR1
handling for dumping statistics.
(dnsmasq-shepherd-service): Use new actions.
* doc/guix.texi: Document new actions with examples.
* gnu/tests/networking.scm (%test-dnsmasq): Add tests to verify the
functionality of new actions.
Change-Id: I31f0eb4b26a582e95f7bfdb240110c139f0e16cc
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
