* [bug#71782] [PATCH 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
@ 2024-06-26 13:46 ` André Batista
2024-06-27 16:05 ` [bug#71782] [PATCHv2 " André Batista
2024-06-26 13:47 ` [bug#71782] [PATCH 2/3] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
` (6 subsequent siblings)
7 siblings, 1 reply; 24+ messages in thread
From: André Batista @ 2024-06-26 13:46 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm
(go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel):
New variable.
Change-Id: I0f0a78458467600ad70374f4224aa6ad1e371ad8
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 4e3fe5bd10..705b5d3b03 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2387,6 +2387,31 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.")
(license (list license:bsd-2 license:bsd-3))))
+(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
+ (let ((commit "3b6faa48163782c1e5420bcb4b068cd38c401ea7")
+ (revision "0"))
+ (package
+ (name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "08k108h1fh9mq0m5kr866s2n0lsif0dpbi8ffb62g5ghg7jaai89"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel"))
+ (home-page "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (synopsis "Go webtunnel library")
+ (description "WebTunnel is a library for XXXXXX Tor pluggable transports in
+Go.")
+ (license license:bsd-2))))
+
(define-public go-github-com-sevlyar-go-daemon
(package
(name "go-github-com-sevlyar-go-daemon")
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv2 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
2024-06-26 13:46 ` [bug#71782] [PATCH 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
@ 2024-06-27 16:05 ` André Batista
0 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-06-27 16:05 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm
(go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel):
New variable.
Change-Id: I0f0a78458467600ad70374f4224aa6ad1e371ad2
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 4e3fe5bd10..705b5d3b03 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2387,6 +2387,31 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.")
(license (list license:bsd-2 license:bsd-3))))
+(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
+ (let ((commit "3b6faa48163782c1e5420bcb4b068cd38c401ea7")
+ (revision "0"))
+ (package
+ (name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "08k108h1fh9mq0m5kr866s2n0lsif0dpbi8ffb62g5ghg7jaai89"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel"))
+ (home-page "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (synopsis "Go WebTunnel Pluggable Transport")
+ (description "WebTunnel is a Go Pluggable Transport that attempts to imitate
+web browsing activities based on HTTP Upgrade (HTTPT).")
+ (license license:expat))))
+
(define-public go-github-com-sevlyar-go-daemon
(package
(name "go-github-com-sevlyar-go-daemon")
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH 2/3] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
2024-06-26 13:46 ` [bug#71782] [PATCH 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
@ 2024-06-26 13:47 ` André Batista
2024-06-26 13:47 ` [bug#71782] [PATCH 3/3] gnu: torbrowser: Update to 13.5 André Batista
` (5 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-06-26 13:47 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm (go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird):
Update to 0.2.0.
[arguments] <#:go>: Use go-1.21.
[propagated-inputs]: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
Change-Id: I28bc797602f8d262f4281dcb76d7ca3833a5f434
---
gnu/packages/golang.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 705b5d3b03..1a68d35663 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -45,6 +45,7 @@
;;; Copyright © 2023 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2024 Troy Figiel <troy@troyfigiel.com>
;;; Copyright © 2024 Greg Hogan <code@greghogan.com>
+;;; Copyright © 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2342,7 +2343,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
(package
(name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird")
- (version "0.1.0")
+ (version "0.2.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2351,12 +2352,12 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(file-name (git-file-name name version))
(sha256
(base32
- "0rifg5kgqp4c3b44j48fjmx00m00ai7fa4gaqrgphiqs1fc5586s"))))
+ "0imdf11ldkmbkp74gl1bcbvzmrl7jmkcfhpn6377r99gkf0zk28j"))))
(build-system go-build-system)
(arguments
`(#:unpack-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird"
#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/cmd/lyrebird"
- #:go ,go-1.20
+ #:go ,go-1.21
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'substitutions
@@ -2378,6 +2379,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
go-github-com-refraction-networking-utls
go-gitlab-com-yawning-edwards25519-extra
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-goptlib
+ go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
go-golang-org-x-crypto
go-golang-org-x-net
go-golang-org-x-text))
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH 3/3] gnu: torbrowser: Update to 13.5.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
2024-06-26 13:46 ` [bug#71782] [PATCH 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-06-26 13:47 ` [bug#71782] [PATCH 2/3] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
@ 2024-06-26 13:47 ` André Batista
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
` (4 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-06-26 13:47 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240611120000.
(%torbrowser-version): Update to 13.5.
(%torbrowser-firefox-version): Update to 115.12.0esr-13.5-1-build3.
(torbrowser-translation-base): Update to
dc59db634f066298e903142227834da483ec197d.
(torbrowser-translation-specific): Update to
de4f91a5020d637ab5d66459718525a5f9207be2.
(lld-as-ld-wrapper-16): New variable.
(make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
llvm-16 and clang-16. [arguments] <#:phases>: Remove add-bridges.
Change-Id: Ic08578fa1b0f33a8f426c60ca65db3c9102ad554
---
gnu/packages/tor-browsers.scm | 35 ++++++++++++++++-------------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 3d01346c8c..0407cc39dc 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -151,16 +151,16 @@ (define %torbrowser-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240510190000")
+(define %torbrowser-build-date "20240611120000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.0.16")
+(define %torbrowser-version "13.5")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %torbrowser-firefox-version "115.12.0esr-13.5-1-build3")
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
@@ -168,11 +168,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "dc59db634f066298e903142227834da483ec197d")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "11lbw2lpsjm0r2lwmy8i2db40r5ypf8fhn4jh59l927g40ch6dxw"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -180,11 +180,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
+ (commit "de4f91a5020d637ab5d66459718525a5f9207be2")))
(file-name "translation-tor-browser")
(sha256
(base32
- "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
+ "0q8nnqf4zhqivv3rjlvcsbac5254ingw98qwrbnhz3m5gl78vpcf"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -200,7 +200,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
+ "0fqqzrwpqzadgi24qarpnj8aac5w57qlfb4vy2cwga5h40dsp6ly"))))
(arguments
(list
#:install-plan
@@ -215,6 +215,10 @@ (define torbrowser-assets
Browser.")
(license license:silofl1.1)))
+;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld.
+(define lld-as-ld-wrapper-16
+ (make-lld-wrapper lld-16 #:lld-as-ld? #t))
+
(define* (make-torbrowser #:key
moz-app-name
moz-app-remotingname
@@ -238,7 +242,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
+ "0i5fmippmzhd1nlhzk46rnhv2rgb2ari071m8yww7gk8lfnn5x5f"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -293,8 +297,9 @@ (define* (make-torbrowser #:key
rust
`(,rust "cargo")
rust-cbindgen
- llvm-15
- clang-15
+ lld-as-ld-wrapper-16 ; for cargo rustc
+ llvm-16
+ clang-16
perl
node-lts
python-wrapper
@@ -632,14 +637,6 @@ (define (runpaths-of-input label)
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))
- (add-before 'build 'add-bridges ;see deploy.sh
- (lambda _
- (let ((port (open-file
- "browser/app/profile/000-tor-browser.js" "a")))
- (display
- "#include ../../../tools/torbrowser/bridges.js" port)
- (newline port)
- (close port))))
(replace 'build
(lambda* (#:key (make-flags '()) (parallel-build? #t)
#:allow-other-keys)
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
` (2 preceding siblings ...)
2024-06-26 13:47 ` [bug#71782] [PATCH 3/3] gnu: torbrowser: Update to 13.5 André Batista
@ 2024-07-16 23:41 ` André Batista
2024-08-07 0:14 ` [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2 André Batista
` (4 more replies)
2024-07-16 23:42 ` [bug#71782] [PATCHv3 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
` (3 subsequent siblings)
7 siblings, 5 replies; 24+ messages in thread
From: André Batista @ 2024-07-16 23:41 UTC (permalink / raw)
To: 71782; +Cc: André Batista
This patch series updates both torbrowser and mullvadbrowser to version
13.5.1.
Besides what has been said in the previous cover regarding changes to the
bridge logic, ld, llvm and lyrebird, all of which are still applicable,
this patch series makes important changes to the locale variables and
phases of both browsers.
Upstream has changed its own upstream localization repository to github
(firefox-locales), which means mozilla-locales can be discarded and guix
package definition update routines have been simplified. Other than that,
torbrowser global localization directories have also changed.
Considering that those changes are incompatible with the previous build
logic and that these browser definitions are intertwined, upgrading one
browser would break the other or the gymnastics to preserve the remainder
would be useless since both need to follow the new procedure from now on.
Because of that, the following patches are meant to be applied together.
Finally, this patch series also incorporates #71181, which can be closed
once this is applied.
Cheers,
André Batista (4):
gnu: Add
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
gnu:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird:
Update to 0.2.0.
gnu: torbrowser: Update to 13.5.1 [security fixes].
gnu: mullvadbrowser: Update to 13.5.1 [security fixes].
gnu/packages/golang.scm | 33 +++++-
gnu/packages/tor-browsers.scm | 200 ++++++++++++----------------------
2 files changed, 100 insertions(+), 133 deletions(-)
base-commit: 2d6a3799fcda5c017f653c6e96b91964b07a7ee0
--
2.45.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2.
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
@ 2024-08-07 0:14 ` André Batista
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
` (3 subsequent siblings)
4 siblings, 1 reply; 24+ messages in thread
From: André Batista @ 2024-08-07 0:14 UTC (permalink / raw)
To: 71782; +Cc: André Batista
This patch series updates both torbrowser and mullvadbrowser to version
13.5.2.
See previous covers for the complete rationale. No further changes this
time around besides updating commits, versions and hashes.
A full upgrade depends on #72501 and #72502, which updates noscript and
ublock-origin extensions.
However, considering these extensions:
1. are useful and can be used on other browsers;
2. their update patches are more straightforward to review; and
3. commiting them would also benefit torbrowser and mullvadbrowser users
regardless of this current patch series state,
I've decided to send them separately.
Cheers,
André Batista (4):
gnu: Add
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
gnu:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird:
Update to 0.2.0.
gnu: torbrowser: Update to 13.5.2 [security fixes].
gnu: mullvadbrowser: Update to 13.5.2 [security fixes].
gnu/packages/golang.scm | 31 +++++-
gnu/packages/tor-browsers.scm | 199 ++++++++++++----------------------
2 files changed, 99 insertions(+), 131 deletions(-)
base-commit: 856492962773434281814e42209e97e153357e2c
--
2.45.2
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3.
2024-08-07 0:14 ` [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2 André Batista
@ 2024-09-05 23:08 ` André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
` (3 more replies)
0 siblings, 4 replies; 24+ messages in thread
From: André Batista @ 2024-09-05 23:08 UTC (permalink / raw)
To: 71782; +Cc: André Batista, mhw, jonathan.brielmaier, ian
This patch series updates both torbrowser and mullvadbrowser to version
13.5.3.
See previous covers for the complete rationale. No further changes this
time around besides updating commits, versions and hashes.
A full upgrade depends on #73012, which updates noscript extension.
André Batista (4):
gnu: Add
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
gnu:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird:
Update to 0.3.0.
gnu: torbrowser: Update to 13.5.3 [security fixes].
gnu: mullvadbrowser: Update to 13.5.3 [security fixes].
gnu/packages/golang.scm | 31 +++++-
gnu/packages/tor-browsers.scm | 199 ++++++++++++----------------------
2 files changed, 99 insertions(+), 131 deletions(-)
base-commit: 68d069ccaf1e7988058dc937d391a1262d927acc
--
2.45.2
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
@ 2024-09-05 23:17 ` André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.3.0 André Batista
` (2 subsequent siblings)
3 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-09-05 23:17 UTC (permalink / raw)
To: 71782
Cc: sharlatanus, jonathan.brielmaier, ian, André Batista, mhw,
cox.katherine.e+guix
* gnu/packages/golang.scm
(go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel):
New variable.
Change-Id: I84ef723ea03822bd5abf655914f44fb53fd865e2
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 9f04b8e423..af2acc909e 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2241,6 +2241,31 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.")
(license (list license:bsd-2 license:bsd-3))))
+(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
+ (let ((commit "e64b1b3562f3ab50d06141ecd513a21ec74fe8c6")
+ (revision "0"))
+ (package
+ (name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0nvd0qp1mdy7w32arnkhghxm5k2g6gy33cxlarxc6vdm4yh6v5nv"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel"))
+ (home-page "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (synopsis "Go WebTunnel Pluggable Transport")
+ (description "WebTunnel is a Go Pluggable Transport that attempts to imitate
+web browsing activities based on HTTP Upgrade (HTTPT).")
+ (license license:bsd-2))))
+
(define-public go-github-com-sevlyar-go-daemon
(package
(name "go-github-com-sevlyar-go-daemon")
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.3.0.
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
@ 2024-09-05 23:17 ` André Batista
2024-09-05 23:18 ` [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes] André Batista
2024-09-05 23:18 ` [bug#71782] [PATCH v5 4/4] gnu: mullvadbrowser: " André Batista
3 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-09-05 23:17 UTC (permalink / raw)
To: 71782
Cc: sharlatanus, jonathan.brielmaier, ian, André Batista, mhw,
cox.katherine.e+guix
* gnu/packages/golang.scm (go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird):
Update to 0.3.0.
[propagated-inputs]: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
Change-Id: Iac17163aab6e6010f9fa569fcaf51b217084a572
---
gnu/packages/golang.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index af2acc909e..ccb94aadf7 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -46,6 +46,7 @@
;;; Copyright © 2024 Troy Figiel <troy@troyfigiel.com>
;;; Copyright © 2024 Greg Hogan <code@greghogan.com>
;;; Copyright © 2024 Brennan Vincent <brennan@umanwizard.com>
+;;; Copyright © 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2197,7 +2198,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
(package
(name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird")
- (version "0.1.0")
+ (version "0.3.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2206,7 +2207,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(file-name (git-file-name name version))
(sha256
(base32
- "0rifg5kgqp4c3b44j48fjmx00m00ai7fa4gaqrgphiqs1fc5586s"))))
+ "1bmljd81vc8b4kzmpgmx1n1vvjn5y1s2w01hjxwplmnchv9dndkl"))))
(build-system go-build-system)
(arguments
`(#:unpack-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird"
@@ -2232,6 +2233,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
go-github-com-refraction-networking-utls
go-gitlab-com-yawning-edwards25519-extra
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-goptlib
+ go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
go-golang-org-x-crypto
go-golang-org-x-net
go-golang-org-x-text))
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.3.0 André Batista
@ 2024-09-05 23:18 ` André Batista
2024-09-06 15:05 ` Ian Eure
2024-09-05 23:18 ` [bug#71782] [PATCH v5 4/4] gnu: mullvadbrowser: " André Batista
3 siblings, 1 reply; 24+ messages in thread
From: André Batista @ 2024-09-05 23:18 UTC (permalink / raw)
To: 71782; +Cc: André Batista, mhw, jonathan.brielmaier, ian
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 2024-6604,
2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 2024-7526,
2024-7527, 2024-7529, 2024-7531, 2024-8381, 2024-8382, 2024-8383 and
2024-8384.
See the Mozilla Foundation Security advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>,
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/>
for details.
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240903073000.
(%torbrowser-version): Update to 13.5.3.
(%torbrowser-firefox-version): Update to 115.15.0esr-13.5-1-build3.
(%torbrowser-locales): Change it to be a plain list of supported locales.
(firefox-locales): New variable.
(torbrowser-translation-base): Update to
daed2afc487d1b20efc17feb153156524c6f714b.
(torbrowser-translation-specific): Update to
6374e3b09c0894b8452fa1ba0b99c807722fc805.
(lld-as-ld-wrapper-16): New variable.
(make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
llvm-16 and clang-16.
[inputs]: Add firefox-locales.
[arguments] <#:phases>: Remove add-bridges.
setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE to the
new %torbrowser-locales format.
copy-basebrowser-locales, copy-torbrowser-locales: Likewise and adjust
fluent file path.
deploy-fonts: Adjust regex expression.
autoconfig: Remove file-picker configuration workaround. See #71181.
Change-Id: Idf182607798d9111c30db63fe926b7f8cb3ce300
---
gnu/packages/tor-browsers.scm | 141 +++++++++++++++-------------------
1 file changed, 60 insertions(+), 81 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index ba6bbaa873..180dae6317 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -21,7 +21,7 @@
;;; Copyright © 2021 Baptiste Strazzul <bstrazzull@hotmail.fr>
;;; Copyright © 2022 SeerLite <seerlite@disroot.org>
;;; Copyright © 2024 Aleksandr Vityazev <avityazew@gmail.com>
-;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
+;;; Copyright © 2020, 2021, 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -104,63 +104,48 @@ (define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
#~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
...))
-;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %torbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("11c96jhfzd3h46qhblhvn2acsn895ykynarai8r5pf0655nfjs0j" "2de60e3d6d0c" "ca")
- ("0yhycgb3s3kydbzy6f2q7f7g2lp975spr092prf9xp8ha62ghby7" "609edd15f9a9" "cs")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("13ay27vdrqfv2ysyi7c2jmz50lps7rff9rmnws1z7jkj0a5chwrn" "20baf15379d8" "el")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("1dxcp26y8siap4k54zsw7mqa7k0l4f1505rdf4hnnxrzf9a643g5" "2fcccb5b19b3" "ga-IE")
- ("14v6xnlyj65hzaz2rmzxcl4skjgm48426jgr9mwkwiqis587lp4a" "c53cea027f8f" "he")
- ("04fdw2gzb64fb51bvs0bwsidzlvkdahmcy76vdg3gfcxslnlpi3y" "5a76dd3b5d5c" "hu")
- ("0bpyxpclfy74bcsjrs1ajh2am4zv6j6j9q4gc4vz8pgvzy9354zp" "6e6de17dcac4" "id")
- ("131ph8n235kr6nj1pszk0m00nh6kl360r4qvx4hjm8s22mw0k8qd" "536265635dfe" "is")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("1x3110v730ak522zfm8j3r3v1x5lq3ig82kcgyxkc49xywajy0ni" "d0819a64fc40" "ka")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("1gl85z550amhbaxp39zdj6yyvashj9xd4ampfhm9jdpbf6n5j2l8" "afcbc29a15e5" "lt")
- ("1hz5g3iprfkbd88ncppyksbhlws73lhs75nf62hangw8l73wdn69" "84f3d6c7e2da" "mk")
- ("14aq37ngnav5m2kcb4wavxwhp28ad4jzdkzc7i64h0qvvxq5n3hf" "c9ec27a5db3d" "ms")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("061a4z0lffgks3wlr6yh5z7x9arcn804mjwvffcmibs106vzamyq" "470b13b5805b" "ro")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1i119g6dnhzxmpaz5r2jr9yzm1v24v2q6m3z6bfz2yihj0w7m133" "f637484e72b6" "sq")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("1f2g7rnxpr2gjzngfsv19g11vk9zqpyrv01pz07mw2z3ffbkxf0j" "99d5ffa0b81e" "uk")
- ("1rizwsfgr7vxm31bin3i7bwhcqa67wcylak3xa387dvgf1y9057i" "5fd44724e22d" "vi")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
-
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240510190000")
+(define %torbrowser-build-date "20240903073000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.0.16")
+(define %torbrowser-version "13.5.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %torbrowser-firefox-version "115.15.0esr-13.5-1-build3")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
+;; See browser/locales/l10n-changesets.json for the commit.
+(define firefox-locales
+ (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (revision "0"))
+ (package
+ (name "firefox-locales")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/mozilla-l10n/firefox-l10n")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ (build-system copy-build-system)
+ (home-page "https://github.com/mozilla-l10n/firefox-l10n")
+ (synopsis "Firefox Locales")
+ (description "This package contains localized messages for all
+Firefox locales.")
+ (license license:mpl2.0))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
@@ -168,11 +153,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -180,11 +165,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
+ (commit "6374e3b09c0894b8452fa1ba0b99c807722fc805")))
(file-name "translation-tor-browser")
(sha256
(base32
- "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
+ "1wd9iwcj2h70bp017pcdhgfiw2bs8zi68kljmpnk69pssd6cn8l3"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -200,7 +185,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
+ "0laz6yrm310iidddnas2w1s5wad183n9axjkgrf5cm5paj615343"))))
(arguments
(list
#:install-plan
@@ -215,6 +200,10 @@ (define torbrowser-assets
Browser.")
(license license:silofl1.1)))
+;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld.
+(define lld-as-ld-wrapper-16
+ (make-lld-wrapper lld-16 #:lld-as-ld? #t))
+
(define* (make-torbrowser #:key
moz-app-name
moz-app-remotingname
@@ -238,10 +227,11 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
+ "13b9ni6anv279drhbb5m95nnmgslrp6frsm0y4028nfqiprs7vj5"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
+ firefox-locales
tor-client
alsa-lib
bash-minimal ;for wrap-program
@@ -293,8 +283,9 @@ (define* (make-torbrowser #:key
rust
`(,rust "cargo")
rust-cbindgen
- llvm-15
- clang-15
+ lld-as-ld-wrapper-16 ; for cargo rustc
+ llvm-16
+ clang-16
perl
node-lts
python-wrapper
@@ -541,7 +532,7 @@ (define (runpaths-of-input label)
(setenv "MOZBUILD_STATE_PATH"
(in-vicinity (getcwd) ".mozbuild"))
(setenv "MOZ_CHROME_MULTILOCALE"
- (string-join (map car #$locales)))
+ (string-join (list #$@locales)))
;; Make build reproducible.
(setenv "MOZ_BUILD_DATE" #$build-date)))
(add-before 'configure 'mozconfig
@@ -555,14 +546,14 @@ (define (runpaths-of-input label)
;; See tor-browser-build/projects/firefox/build.
(add-before 'configure 'copy-firefox-locales
(lambda _
- (let ((l10ncentral ".mozbuild/l10n-central"))
+ (let ((l10ncentral ".mozbuild/l10n-central")
+ (ff-locales #$(this-package-input "firefox-locales")))
(mkdir-p l10ncentral)
(for-each
(lambda (lang)
- (copy-recursively (cdr lang)
- (in-vicinity l10ncentral
- (car lang))))
- #$locales))))
+ (copy-recursively (string-append ff-locales "/" lang)
+ (in-vicinity l10ncentral lang)))
+ (list #$@locales)))))
(add-after 'copy-firefox-locales 'copy-basebrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -577,7 +568,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-base-browser/~a/base-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -586,7 +577,7 @@ (define (runpaths-of-input label)
"translation-base-browser/~a/*"
"~a/~a/browser/chrome/browser/"))
lang l10ncentral lang)))
- (map car #$locales)))))
+ (list #$@locales)))))
(add-after 'copy-basebrowser-locales 'copy-torbrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -601,7 +592,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-tor-browser/~a/tor-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -623,7 +614,7 @@ (define (runpaths-of-input label)
(format port " locale/~a/ (chrome/locale/~a/*)~%"
lang lang)
(close port)))
- (map car #$locales)))))
+ (list #$@locales)))))
(replace 'configure
(lambda _
(invoke "./mach" "configure")))
@@ -632,14 +623,6 @@ (define (runpaths-of-input label)
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))
- (add-before 'build 'add-bridges ;see deploy.sh
- (lambda _
- (let ((port (open-file
- "browser/app/profile/000-tor-browser.js" "a")))
- (display
- "#include ../../../tools/torbrowser/bridges.js" port)
- (newline port)
- (close port))))
(replace 'build
(lambda* (#:key (make-flags '()) (parallel-build? #t)
#:allow-other-keys)
@@ -739,7 +722,7 @@ (define (runpaths-of-input label)
(copy-recursively (in-vicinity #$assets "fontconfig")
(in-vicinity lib "fontconfig"))
(substitute* (in-vicinity lib "fontconfig/fonts.conf")
- (("<dir>fonts</dir>")
+ (("<dir prefix=\"cwd\">fonts</dir>")
(format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
(delete-file-recursively (in-vicinity lib "fonts"))
(copy-recursively (in-vicinity #$assets "fonts")
@@ -805,11 +788,7 @@ (define (runpaths-of-input label)
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"lightweightThemes.getMoreURL"
- "https://gnuzilla.gnu.org/mozzarella")
- ;; FIXME: https://github.com/NixOS/nixpkgs/issues/307095
- (format #t "pref(~s, ~a);~%"
- "widget.use-xdg-desktop-portal.file-picker"
- "1"))))))
+ "https://gnuzilla.gnu.org/mozzarella"))))))
(add-after 'autoconfig 'autoconfig-tor
(lambda* (#:key inputs #:allow-other-keys)
(let ((lib (in-vicinity #$output "lib/torbrowser"))
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
2024-09-05 23:18 ` [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes] André Batista
@ 2024-09-06 15:05 ` Ian Eure
2024-09-07 15:36 ` André Batista
2024-09-30 20:32 ` bug#71782: " Ludovic Courtès
0 siblings, 2 replies; 24+ messages in thread
From: Ian Eure @ 2024-09-06 15:05 UTC (permalink / raw)
To: André Batista; +Cc: mhw, jonathan.brielmaier, 71782
Hi André,
This all looks good to me. I built and ran both browsers and they
seem to be working how I’d expect.
My only question is around the locale handling -- (gnu packages
gnuzilla) has a setup for these which I was able to reuse for
LibreWolf. Is that possible for mullvad and torbrowser? It would
be nice to have a unified way of handling this, instead of each
browser implementing its own strategy.
That work can follow the merge of this patch series, but I think
it’s worth discussing.
Thanks,
— Ian
André Batista <nandre@riseup.net> writes:
> Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603,
> 2024-6604,
> 2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525,
> 2024-7526,
> 2024-7527, 2024-7529, 2024-7531, 2024-8381, 2024-8382, 2024-8383
> and
> 2024-8384.
>
> See the Mozilla Foundation Security advisories
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>,
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/>
> and
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/>
> for details.
>
> * gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update
> to
> 20240903073000.
> (%torbrowser-version): Update to 13.5.3.
> (%torbrowser-firefox-version): Update to
> 115.15.0esr-13.5-1-build3.
> (%torbrowser-locales): Change it to be a plain list of supported
> locales.
> (firefox-locales): New variable.
> (torbrowser-translation-base): Update to
> daed2afc487d1b20efc17feb153156524c6f714b.
> (torbrowser-translation-specific): Update to
> 6374e3b09c0894b8452fa1ba0b99c807722fc805.
> (lld-as-ld-wrapper-16): New variable.
> (make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
> llvm-16 and clang-16.
> [inputs]: Add firefox-locales.
> [arguments] <#:phases>: Remove add-bridges.
> setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE
> to the
> new %torbrowser-locales format.
> copy-basebrowser-locales, copy-torbrowser-locales: Likewise
> and adjust
> fluent file path.
> deploy-fonts: Adjust regex expression.
> autoconfig: Remove file-picker configuration workaround. See
> #71181.
>
> Change-Id: Idf182607798d9111c30db63fe926b7f8cb3ce300
> ---
> gnu/packages/tor-browsers.scm | 141
> +++++++++++++++-------------------
> 1 file changed, 60 insertions(+), 81 deletions(-)
>
> diff --git a/gnu/packages/tor-browsers.scm
> b/gnu/packages/tor-browsers.scm
> index ba6bbaa873..180dae6317 100644
> --- a/gnu/packages/tor-browsers.scm
> +++ b/gnu/packages/tor-browsers.scm
> @@ -21,7 +21,7 @@
> ;;; Copyright © 2021 Baptiste Strazzul <bstrazzull@hotmail.fr>
> ;;; Copyright © 2022 SeerLite <seerlite@disroot.org>
> ;;; Copyright © 2024 Aleksandr Vityazev <avityazew@gmail.com>
> -;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
> +;;; Copyright © 2020, 2021, 2024 André Batista
> <nandre@riseup.net>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -104,63 +104,48 @@ (define-syntax-rule (mozilla-locales
> (hash-string changeset locale) ...)
> #~(list (cons #$locale #$(mozilla-locale locale changeset
> hash-string))
> ...))
>
> -;; See tor-browser-build/rbm.conf for the list.
> -;; See browser/locales/l10n-changesets.json for the changeset.
> -;; See update-mozilla-locales in gnuzilla.scm to automate
> updating changeset.
> -(define %torbrowser-locales
> - (mozilla-locales
> - ;; sha256
> changeset locale
> -
> ;;---------------------------------------------------------------------------
> - ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5"
> "c25d00080479" "ar")
> - ("11c96jhfzd3h46qhblhvn2acsn895ykynarai8r5pf0655nfjs0j"
> "2de60e3d6d0c" "ca")
> - ("0yhycgb3s3kydbzy6f2q7f7g2lp975spr092prf9xp8ha62ghby7"
> "609edd15f9a9" "cs")
> - ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj"
> "2197a99c9a08" "da")
> - ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14"
> "b7a533e5edc9" "de")
> - ("13ay27vdrqfv2ysyi7c2jmz50lps7rff9rmnws1z7jkj0a5chwrn"
> "20baf15379d8" "el")
> - ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza"
> "beff1baac7c5" "es-ES")
> - ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx"
> "ebe0b60b0b36" "fa")
> - ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni"
> "d5ae6a933d71" "fi")
> - ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj"
> "496c2eb73b82" "fr")
> - ("1dxcp26y8siap4k54zsw7mqa7k0l4f1505rdf4hnnxrzf9a643g5"
> "2fcccb5b19b3" "ga-IE")
> - ("14v6xnlyj65hzaz2rmzxcl4skjgm48426jgr9mwkwiqis587lp4a"
> "c53cea027f8f" "he")
> - ("04fdw2gzb64fb51bvs0bwsidzlvkdahmcy76vdg3gfcxslnlpi3y"
> "5a76dd3b5d5c" "hu")
> - ("0bpyxpclfy74bcsjrs1ajh2am4zv6j6j9q4gc4vz8pgvzy9354zp"
> "6e6de17dcac4" "id")
> - ("131ph8n235kr6nj1pszk0m00nh6kl360r4qvx4hjm8s22mw0k8qd"
> "536265635dfe" "is")
> - ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k"
> "91951e37e2b8" "it")
> - ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb"
> "895dcf8bb524" "ja")
> - ("1x3110v730ak522zfm8j3r3v1x5lq3ig82kcgyxkc49xywajy0ni"
> "d0819a64fc40" "ka")
> - ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi"
> "6ef881aff44b" "ko")
> - ("1gl85z550amhbaxp39zdj6yyvashj9xd4ampfhm9jdpbf6n5j2l8"
> "afcbc29a15e5" "lt")
> - ("1hz5g3iprfkbd88ncppyksbhlws73lhs75nf62hangw8l73wdn69"
> "84f3d6c7e2da" "mk")
> - ("14aq37ngnav5m2kcb4wavxwhp28ad4jzdkzc7i64h0qvvxq5n3hf"
> "c9ec27a5db3d" "ms")
> - ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq"
> "5c1480ccc040" "my")
> - ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2"
> "fc1896a0a24d" "nb-NO")
> - ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc"
> "7e6da4f01bdb" "nl")
> - ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80"
> "e86a451a9cb5" "pl")
> - ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa"
> "94c3dbb67a5d" "pt-BR")
> - ("061a4z0lffgks3wlr6yh5z7x9arcn804mjwvffcmibs106vzamyq"
> "470b13b5805b" "ro")
> - ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28"
> "402b2ecbf04d" "ru")
> - ("1i119g6dnhzxmpaz5r2jr9yzm1v24v2q6m3z6bfz2yihj0w7m133"
> "f637484e72b6" "sq")
> - ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k"
> "bb2d5d96d69e" "sv-SE")
> - ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57"
> "0e6c56bf2ac9" "th")
> - ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb"
> "91e611ae3f19" "tr")
> - ("1f2g7rnxpr2gjzngfsv19g11vk9zqpyrv01pz07mw2z3ffbkxf0j"
> "99d5ffa0b81e" "uk")
> - ("1rizwsfgr7vxm31bin3i7bwhcqa67wcylak3xa387dvgf1y9057i"
> "5fd44724e22d" "vi")
> - ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h"
> "081aeb1aa308" "zh-CN")
> - ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr"
> "9015a180602e" "zh-TW")))
> -
> ;; We copy the official build id, which is defined at
> ;; tor-browser-build/rbm.conf (browser_release_date).
> -(define %torbrowser-build-date "20240510190000")
> +(define %torbrowser-build-date "20240903073000")
>
> ;; To find the last version, look at
> https://www.torproject.org/download/.
> -(define %torbrowser-version "13.0.16")
> +(define %torbrowser-version "13.5.3")
>
> ;; To find the last Firefox version, browse
> ;;
> https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
> ;; There should be only one archive that starts with
> ;; "src-firefox-tor-browser-".
> -(define %torbrowser-firefox-version
> "115.12.0esr-13.0-1-build1")
> +(define %torbrowser-firefox-version
> "115.15.0esr-13.5-1-build3")
> +
> +;; See tor-browser-build/rbm.conf for the list.
> +(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el"
> "es-ES" "fa" "fi" "fr"
> + "ga-IE" "he" "hu" "id" "is"
> "it" "ja" "ka" "ko" "lt"
> + "mk" "ms" "my" "nb-NO" "nl"
> "pl" "pt-BR" "ro" "ru"
> + "sq" "sv-SE" "th" "tr" "uk"
> "vi" "zh-CN" "zh-TW"))
> +
> +;; See browser/locales/l10n-changesets.json for the commit.
> +(define firefox-locales
> + (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
> + (revision "0"))
> + (package
> + (name "firefox-locales")
> + (version (git-version "0.0.0" revision commit))
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url
> "https://github.com/mozilla-l10n/firefox-l10n")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> +
> "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
> + (build-system copy-build-system)
> + (home-page
> "https://github.com/mozilla-l10n/firefox-l10n")
> + (synopsis "Firefox Locales")
> + (description "This package contains localized messages
> for all
> +Firefox locales.")
> + (license license:mpl2.0))))
>
> ;; See tor-browser-build/projects/translation/config.
> (define torbrowser-translation-base
> @@ -168,11 +153,11 @@ (define torbrowser-translation-base
> (method git-fetch)
> (uri (git-reference
> (url
> "https://gitlab.torproject.org/tpo/translation.git")
> - (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
> + (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
> (file-name "translation-base-browser")
> (sha256
> (base32
> -
> "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
> +
> "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
>
> ;; See tor-browser-build/projects/translation/config.
> (define torbrowser-translation-specific
> @@ -180,11 +165,11 @@ (define torbrowser-translation-specific
> (method git-fetch)
> (uri (git-reference
> (url
> "https://gitlab.torproject.org/tpo/translation.git")
> - (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
> + (commit "6374e3b09c0894b8452fa1ba0b99c807722fc805")))
> (file-name "translation-tor-browser")
> (sha256
> (base32
> -
> "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
> +
> "1wd9iwcj2h70bp017pcdhgfiw2bs8zi68kljmpnk69pssd6cn8l3"))))
>
> (define torbrowser-assets
> ;; This is a prebuilt Torbrowser from which we take the
> assets we need.
> @@ -200,7 +185,7 @@ (define torbrowser-assets
> version "/tor-browser-linux-x86_64-" version
> ".tar.xz"))
> (sha256
> (base32
> -
> "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
> +
> "0laz6yrm310iidddnas2w1s5wad183n9axjkgrf5cm5paj615343"))))
> (arguments
> (list
> #:install-plan
> @@ -215,6 +200,10 @@ (define torbrowser-assets
> Browser.")
> (license license:silofl1.1)))
>
> +;;; A LLD wrapper that can be used as a (near) drop-in
> replacement to GNU ld.
> +(define lld-as-ld-wrapper-16
> + (make-lld-wrapper lld-16 #:lld-as-ld? #t))
> +
> (define* (make-torbrowser #:key
> moz-app-name
> moz-app-remotingname
> @@ -238,10 +227,11 @@ (define* (make-torbrowser #:key
> ".tar.xz"))
> (sha256
> (base32
> -
> "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
> +
> "13b9ni6anv279drhbb5m95nnmgslrp6frsm0y4028nfqiprs7vj5"))))
> (build-system mozilla-build-system)
> (inputs
> (list
> go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
> + firefox-locales
> tor-client
> alsa-lib
> bash-minimal ;for wrap-program
> @@ -293,8 +283,9 @@ (define* (make-torbrowser #:key
> rust
> `(,rust "cargo")
> rust-cbindgen
> - llvm-15
> - clang-15
> + lld-as-ld-wrapper-16 ; for cargo rustc
> + llvm-16
> + clang-16
> perl
> node-lts
> python-wrapper
> @@ -541,7 +532,7 @@ (define (runpaths-of-input label)
> (setenv "MOZBUILD_STATE_PATH"
> (in-vicinity (getcwd) ".mozbuild"))
> (setenv "MOZ_CHROME_MULTILOCALE"
> - (string-join (map car #$locales)))
> + (string-join (list #$@locales)))
> ;; Make build reproducible.
> (setenv "MOZ_BUILD_DATE" #$build-date)))
> (add-before 'configure 'mozconfig
> @@ -555,14 +546,14 @@ (define (runpaths-of-input label)
> ;; See tor-browser-build/projects/firefox/build.
> (add-before 'configure 'copy-firefox-locales
> (lambda _
> - (let ((l10ncentral ".mozbuild/l10n-central"))
> + (let ((l10ncentral ".mozbuild/l10n-central")
> + (ff-locales #$(this-package-input
> "firefox-locales")))
> (mkdir-p l10ncentral)
> (for-each
> (lambda (lang)
> - (copy-recursively (cdr lang)
> - (in-vicinity l10ncentral
> - (car lang))))
> - #$locales))))
> + (copy-recursively (string-append ff-locales
> "/" lang)
> + (in-vicinity l10ncentral
> lang)))
> + (list #$@locales)))))
> (add-after 'copy-firefox-locales
> 'copy-basebrowser-locales
> (lambda _
> (let ((l10ncentral ".mozbuild/l10n-central"))
> @@ -577,7 +568,7 @@ (define (runpaths-of-input label)
> #f (string-join
> '("mv"
> "translation-base-browser/~a/base-browser.ftl"
> - "~a/~a/browser/browser/"))
> + "~a/~a/toolkit/toolkit/global/"))
> lang l10ncentral lang))
> (system
> (format
> @@ -586,7 +577,7 @@ (define (runpaths-of-input label)
> "translation-base-browser/~a/*"
> "~a/~a/browser/chrome/browser/"))
> lang l10ncentral lang)))
> - (map car #$locales)))))
> + (list #$@locales)))))
> (add-after 'copy-basebrowser-locales
> 'copy-torbrowser-locales
> (lambda _
> (let ((l10ncentral ".mozbuild/l10n-central"))
> @@ -601,7 +592,7 @@ (define (runpaths-of-input label)
> #f (string-join
> '("mv"
> "translation-tor-browser/~a/tor-browser.ftl"
> - "~a/~a/browser/browser/"))
> + "~a/~a/toolkit/toolkit/global/"))
> lang l10ncentral lang))
> (system
> (format
> @@ -623,7 +614,7 @@ (define (runpaths-of-input label)
> (format port " locale/~a/
> (chrome/locale/~a/*)~%"
> lang lang)
> (close port)))
> - (map car #$locales)))))
> + (list #$@locales)))))
> (replace 'configure
> (lambda _
> (invoke "./mach" "configure")))
> @@ -632,14 +623,6 @@ (define (runpaths-of-input label)
> (substitute*
> "toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
> (("addons.mozilla.org") "gnuzilla.gnu.org"))))
> - (add-before 'build 'add-bridges ;see deploy.sh
> - (lambda _
> - (let ((port (open-file
> -
> "browser/app/profile/000-tor-browser.js" "a")))
> - (display
> - "#include
> ../../../tools/torbrowser/bridges.js" port)
> - (newline port)
> - (close port))))
> (replace 'build
> (lambda* (#:key (make-flags '()) (parallel-build?
> #t)
> #:allow-other-keys)
> @@ -739,7 +722,7 @@ (define (runpaths-of-input label)
> (copy-recursively (in-vicinity #$assets
> "fontconfig")
> (in-vicinity lib
> "fontconfig"))
> (substitute* (in-vicinity lib
> "fontconfig/fonts.conf")
> - (("<dir>fonts</dir>")
> + (("<dir prefix=\"cwd\">fonts</dir>")
> (format #f "<dir>~a</dir>" (in-vicinity lib
> "fonts"))))
> (delete-file-recursively (in-vicinity lib
> "fonts"))
> (copy-recursively (in-vicinity #$assets
> "fonts")
> @@ -805,11 +788,7 @@ (define (runpaths-of-input label)
> "https://gnuzilla.gnu.org/mozzarella")
> (format #t "pref(~s, ~s);~%"
> "lightweightThemes.getMoreURL"
> -
> "https://gnuzilla.gnu.org/mozzarella")
> - ;; FIXME:
> https://github.com/NixOS/nixpkgs/issues/307095
> - (format #t "pref(~s, ~a);~%"
> -
> "widget.use-xdg-desktop-portal.file-picker"
> - "1"))))))
> +
> "https://gnuzilla.gnu.org/mozzarella"))))))
> (add-after 'autoconfig 'autoconfig-tor
> (lambda* (#:key inputs #:allow-other-keys)
> (let ((lib (in-vicinity #$output
> "lib/torbrowser"))
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
2024-09-06 15:05 ` Ian Eure
@ 2024-09-07 15:36 ` André Batista
2024-09-08 3:54 ` Ian Eure
2024-09-30 20:32 ` bug#71782: " Ludovic Courtès
1 sibling, 1 reply; 24+ messages in thread
From: André Batista @ 2024-09-07 15:36 UTC (permalink / raw)
To: Ian Eure; +Cc: mhw, jonathan.brielmaier, 71782
Hi Ian,
sex 06 set 2024 às 08:05:28 (1725620728), ian@retrospec.tv enviou:
>
> This all looks good to me. I built and ran both browsers and they seem to
> be working how I’d expect.
Great, thanks!
> My only question is around the locale handling -- (gnu packages gnuzilla)
> has a setup for these which I was able to reuse for LibreWolf. Is that
> possible for mullvad and torbrowser? It would be nice to have a unified way
> of handling this, instead of each browser implementing its own strategy.
>
I'm not sure I understand why you think this to be desirable, could you
elaborate?
I'm also not sure if this is possible (without incuring in glitches) and
in my opinion this is not desirable for both torbrowser and mullvad
because:
I. Both these browsers have modified pristine firefox in a number of
non-trivial ways. Eg.: if you go to about:preferences you will see that
there are various user settings which are specific to this browsers or
even when you first launch torbrowser the connection settings page is
unknown to firefox. I believe that's the reason why these browsers do
not support 'all-mozilla-locales', but just a subset which has been
worked upon by the torproject.
II. In order to avoid guix users having a different fingerprint, we try
to be as close as possible to what upstream does. I'm not sure if locale
version could be somehow infered from the network, but I guess using the
same version is the safest bet;
III. Currently on guix master, these browsers are using code copied from
gnuzilla.scm, but with a subset of locales and different changesets
that are based on torproject settings. However, torproject has moved
from mercurial to the unified github firefox locales[1] which has
immensily simplified the work required to update the changesets (now
actually commits) and all locales supported on those browsers now have
only one commit, instead of various changesets on single locale repos;
IV. Moreover, I believe mozilla itself is on the way of deprecating
mercurial l10n-central in favor of firefox-locales git repo, since
this is where all work has been happening[2], while l10n-central has
stopped at 2024-07-10[2]. So probably in a not so distant future
gnuzilla will have to move on to that as well.
So I stand by the changes proposed on this patch series, at least as
things stand.
Thanks!
1. https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55ad6ca216c086fb297af456ed0606ab88c1acdc
2. https://github.com/mozilla-l10n/firefox-l10n
3. https://hg.mozilla.org/l10n-central/
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
2024-09-07 15:36 ` André Batista
@ 2024-09-08 3:54 ` Ian Eure
0 siblings, 0 replies; 24+ messages in thread
From: Ian Eure @ 2024-09-08 3:54 UTC (permalink / raw)
To: André Batista; +Cc: mhw, jonathan.brielmaier, 71782
Hi André,
André Batista <nandre@riseup.net> writes:
> Hi Ian,
>
> sex 06 set 2024 às 08:05:28 (1725620728), ian@retrospec.tv
> enviou:
>>
>> This all looks good to me. I built and ran both browsers and
>> they seem to
>> be working how I’d expect.
>
> Great, thanks!
>
>> My only question is around the locale handling -- (gnu packages
>> gnuzilla)
>> has a setup for these which I was able to reuse for LibreWolf.
>> Is that
>> possible for mullvad and torbrowser? It would be nice to have
>> a unified way
>> of handling this, instead of each browser implementing its own
>> strategy.
>>
>
> I'm not sure I understand why you think this to be desirable,
> could you
> elaborate?
>
There’s a lot of duplication between the Firefox-derived browsers
in Guix, and I think it would be good to reduce it where it makes
sense. Because the locales are a separate package used as an
input, this seems like a part of them which could be handled in a
uniform way, to the benefit of all (assuming they use the same
locale data).
> I'm also not sure if this is possible (without incuring in
> glitches) and
> in my opinion this is not desirable for both torbrowser and
> mullvad
> because:
>
> I. Both these browsers have modified pristine firefox in a
> number of
> non-trivial ways. Eg.: if you go to about:preferences you will
> see that
> there are various user settings which are specific to this
> browsers or
> even when you first launch torbrowser the connection settings
> page is
> unknown to firefox. I believe that's the reason why these
> browsers do
> not support 'all-mozilla-locales', but just a subset which has
> been
> worked upon by the torproject.
>
I see, now that I read the patch more closely, it looks like the
upstream locale data wasn’t being used, despite reusing the
`mozilla-locale' code from Gnuzilla.
> II. In order to avoid guix users having a different fingerprint,
> we try
> to be as close as possible to what upstream does. I'm not sure
> if locale
> version could be somehow infered from the network, but I guess
> using the
> same version is the safest bet;
>
> III. Currently on guix master, these browsers are using code
> copied from
> gnuzilla.scm, but with a subset of locales and different
> changesets
> that are based on torproject settings. However, torproject has
> moved
> from mercurial to the unified github firefox locales[1] which
> has
> immensily simplified the work required to update the changesets
> (now
> actually commits) and all locales supported on those browsers
> now have
> only one commit, instead of various changesets on single locale
> repos;
>
This makes sense to me with the additonal context.
> IV. Moreover, I believe mozilla itself is on the way of
> deprecating
> mercurial l10n-central in favor of firefox-locales git repo,
> since
> this is where all work has been happening[2], while l10n-central
> has
> stopped at 2024-07-10[2]. So probably in a not so distant future
> gnuzilla will have to move on to that as well.
>
I wasn’t aware of this, but that’s great news, as it’ll make
reproducible builds much easier. Thank you for letting me know.
> So I stand by the changes proposed on this patch series, at
> least as
> things stand.
>
Makes sense. I’m still in favor of merging them. Thank you for
taking the time to explain.
Thanks,
— Ian
^ permalink raw reply [flat|nested] 24+ messages in thread
* bug#71782: [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
2024-09-06 15:05 ` Ian Eure
2024-09-07 15:36 ` André Batista
@ 2024-09-30 20:32 ` Ludovic Courtès
1 sibling, 0 replies; 24+ messages in thread
From: Ludovic Courtès @ 2024-09-30 20:32 UTC (permalink / raw)
To: Ian Eure; +Cc: André Batista, mhw, 71782-done, jonathan.brielmaier
Hello,
Ian Eure <ian@retrospec.tv> skribis:
> This all looks good to me. I built and ran both browsers and they
> seem to be working how I’d expect.
Based on your feedback I applied v5 of this patch series. Thanks to the
two of you!
BTW, one of you might want to consider applying for commit rights to
speed up the process of applying patches in your scope. Mark H Weaver
does have commit rights but he tends to pay less attention to email.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v5 4/4] gnu: mullvadbrowser: Update to 13.5.3 [security fixes].
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
` (2 preceding siblings ...)
2024-09-05 23:18 ` [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes] André Batista
@ 2024-09-05 23:18 ` André Batista
3 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-09-05 23:18 UTC (permalink / raw)
To: 71782; +Cc: André Batista, mhw, jonathan.brielmaier, ian
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 2024-6604,
2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 2024-7526,
2024-7527, 2024-7529, 2024-7531, 2024-8381, 2024-8382, 2024-8383 and
2024-8384.
See the Mozilla Foundation Security advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>,
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/>
for details.
* gnu/packages/mullvad-browsers.scm (mozilla-locale): Remove it.
(mozilla-locales): Likewise.
(firefox-locales): Move to the top.
(%mullvadbrowser-locales): Change it to be a plain list of supported
locales.
(%mullvadbrowser-build-date): Update to 20240903073000.
(%mullvadbrowser-version): Update to 13.5.3.
(%mullvadbrowser-firefox-version): Update to 115.15.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
daed2afc487d1b20efc17feb153156524c6f714b.
(mullvadbrowser) [arguments] <#:phases>: Adjust copy-torbrowser-locales
replacement accordingly.
Change-Id: I5acf486d5f22da9145827b12b48c6c764daaa9bf
---
gnu/packages/tor-browsers.scm | 98 +++++++++++------------------------
1 file changed, 30 insertions(+), 68 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 180dae6317..7f601737b1 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -90,39 +90,6 @@ (define-module (gnu packages tor-browsers)
#:use-module (ice-9 regex)
#:use-module (guix utils))
-(define (mozilla-locale locale changeset hash-string)
- (origin
- (method hg-fetch)
- (uri (hg-reference
- (url (string-append "https://hg.mozilla.org/l10n-central/"
- locale))
- (changeset changeset)))
- (file-name (string-append "mozilla-locale-" locale))
- (sha256 (base32 hash-string))))
-
-(define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
- #~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
- ...))
-
-;; We copy the official build id, which is defined at
-;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240903073000")
-
-;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.3")
-
-;; To find the last Firefox version, browse
-;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
-;; There should be only one archive that starts with
-;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.15.0esr-13.5-1-build3")
-
-;; See tor-browser-build/rbm.conf for the list.
-(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
- "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
- "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
- "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
-
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
(let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
@@ -147,6 +114,25 @@ (define firefox-locales
Firefox locales.")
(license license:mpl2.0))))
+;; We copy the official build id, which is defined at
+;; tor-browser-build/rbm.conf (browser_release_date).
+(define %torbrowser-build-date "20240903073000")
+
+;; To find the last version, look at https://www.torproject.org/download/.
+(define %torbrowser-version "13.5.3")
+
+;; To find the last Firefox version, browse
+;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
+;; There should be only one archive that starts with
+;; "src-firefox-tor-browser-".
+(define %torbrowser-firefox-version "115.15.0esr-13.5-1-build3")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
(origin
@@ -832,47 +818,23 @@ (define-public torbrowser
\f
;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %mullvadbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
+(define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
+ "ja" "ko" "my" "nb-NO" "nl" "pl" "pt-BR"
+ "ru" "sv-SE" "th" "tr" "zh-CN" "zh-TW"))
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240510190000")
+(define %mullvadbrowser-build-date "20240903073000")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.0.16")
+(define %mullvadbrowser-version "13.5.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %mullvadbrowser-firefox-version "115.15.0esr-13.5-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -880,11 +842,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -912,7 +874,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1bpchiz12zjyrzpgyk71naf1jdf3msjcjwggb1mziyawc6pyxj7v"))))
+ "17sqin4fnvq96plarv0iv8r801i19gh7v7szg2vrmcynay8qx4mc"))))
(arguments
(list
#:install-plan
@@ -955,7 +917,7 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1xs4qwa3c6nfq6cj5q6asfrzki4brafg65g6hbn0fc9qqcmrhkv5"))))
+ "1c6jjw0x8bjz74q15a7vskrd0ji5ic19mzr9f2laivhznjy0r12c"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
@@ -977,7 +939,7 @@ (define-public mullvadbrowser
(system
(format #f "cp -Lr ~a/~a .mozbuild/l10n-central/"
#$mullvadbrowser-translation-specific lang)))
- (map car #$%mullvadbrowser-locales))))
+ (list #$@%mullvadbrowser-locales))))
(add-before 'build 'fix-profiles
;; Otherwise the profile would change every time the install
;; location changes, that is: at every package update. These
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v4 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
2024-08-07 0:14 ` [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2 André Batista
@ 2024-08-07 0:15 ` André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
` (2 subsequent siblings)
4 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-08-07 0:15 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm
(go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel):
New variable.
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 1298a8c58b..541aeb02c3 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2260,6 +2260,31 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.")
(license (list license:bsd-2 license:bsd-3))))
+(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
+ (let ((commit "3b6faa48163782c1e5420bcb4b068cd38c401ea7")
+ (revision "0"))
+ (package
+ (name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "08k108h1fh9mq0m5kr866s2n0lsif0dpbi8ffb62g5ghg7jaai89"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel"))
+ (home-page "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (synopsis "Go WebTunnel Pluggable Transport")
+ (description "WebTunnel is a Go Pluggable Transport that attempts to imitate
+web browsing activities based on HTTP Upgrade (HTTPT).")
+ (license license:bsd-2))))
+
(define-public go-github-com-sevlyar-go-daemon
(package
(name "go-github-com-sevlyar-go-daemon")
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v4 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0.
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
2024-08-07 0:14 ` [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2 André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
@ 2024-08-07 0:15 ` André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 3/4] gnu: torbrowser: Update to 13.5.2 [security fixes] André Batista
2024-08-07 0:16 ` [bug#71782] [PATCH v4 4/4] gnu: mullvadbrowser: " André Batista
4 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-08-07 0:15 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm (go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird):
Update to 0.2.0.
[propagated-inputs]: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
---
gnu/packages/golang.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 541aeb02c3..931c00bef2 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -46,6 +46,7 @@
;;; Copyright © 2024 Troy Figiel <troy@troyfigiel.com>
;;; Copyright © 2024 Greg Hogan <code@greghogan.com>
;;; Copyright © 2024 Brennan Vincent <brennan@umanwizard.com>
+;;; Copyright © 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2216,7 +2217,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
(package
(name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird")
- (version "0.1.0")
+ (version "0.2.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2225,7 +2226,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(file-name (git-file-name name version))
(sha256
(base32
- "0rifg5kgqp4c3b44j48fjmx00m00ai7fa4gaqrgphiqs1fc5586s"))))
+ "0imdf11ldkmbkp74gl1bcbvzmrl7jmkcfhpn6377r99gkf0zk28j"))))
(build-system go-build-system)
(arguments
`(#:unpack-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird"
@@ -2251,6 +2252,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
go-github-com-refraction-networking-utls
go-gitlab-com-yawning-edwards25519-extra
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-goptlib
+ go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
go-golang-org-x-crypto
go-golang-org-x-net
go-golang-org-x-text))
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v4 3/4] gnu: torbrowser: Update to 13.5.2 [security fixes].
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
` (2 preceding siblings ...)
2024-08-07 0:15 ` [bug#71782] [PATCH v4 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
@ 2024-08-07 0:15 ` André Batista
2024-08-07 0:16 ` [bug#71782] [PATCH v4 4/4] gnu: mullvadbrowser: " André Batista
4 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-08-07 0:15 UTC (permalink / raw)
To: 71782; +Cc: André Batista
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 2024-6604,
2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 2024-7526,
2024-7527, 2024-7529 and 2024-7531.
See the Mozilla Foundation Security advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/>
for details.
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240805090000.
(%torbrowser-version): Update to 13.5.2.
(%torbrowser-firefox-version): Update to 115.14.0esr-13.5-1-build2.
(%torbrowser-locales): Change it to be a plain list of supported locales.
(firefox-locales): New variable.
(torbrowser-translation-base): Update to
64b325861da514cd681533dcd368b351d2eb5f6c.
(torbrowser-translation-specific): Update to
36af545865b83e790019195095544d9eec133a49.
(lld-as-ld-wrapper-16): New variable.
(make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
llvm-16 and clang-16.
[inputs]: Add firefox-locales.
[arguments] <#:phases>: Remove add-bridges.
setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE to the
new %torbrowser-locales format.
copy-basebrowser-locales, copy-torbrowser-locales: Likewise and adjust
fluent file path.
deploy-fonts: Adjust regex expression.
autoconfig: Remove file-picker configuration workaround. See #71181.
---
gnu/packages/tor-browsers.scm | 141 +++++++++++++++-------------------
1 file changed, 60 insertions(+), 81 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 3d01346c8c..bde95a8428 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -21,7 +21,7 @@
;;; Copyright © 2021 Baptiste Strazzul <bstrazzull@hotmail.fr>
;;; Copyright © 2022 SeerLite <seerlite@disroot.org>
;;; Copyright © 2024 Aleksandr Vityazev <avityazew@gmail.com>
-;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
+;;; Copyright © 2020, 2021, 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -104,63 +104,48 @@ (define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
#~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
...))
-;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %torbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("11c96jhfzd3h46qhblhvn2acsn895ykynarai8r5pf0655nfjs0j" "2de60e3d6d0c" "ca")
- ("0yhycgb3s3kydbzy6f2q7f7g2lp975spr092prf9xp8ha62ghby7" "609edd15f9a9" "cs")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("13ay27vdrqfv2ysyi7c2jmz50lps7rff9rmnws1z7jkj0a5chwrn" "20baf15379d8" "el")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("1dxcp26y8siap4k54zsw7mqa7k0l4f1505rdf4hnnxrzf9a643g5" "2fcccb5b19b3" "ga-IE")
- ("14v6xnlyj65hzaz2rmzxcl4skjgm48426jgr9mwkwiqis587lp4a" "c53cea027f8f" "he")
- ("04fdw2gzb64fb51bvs0bwsidzlvkdahmcy76vdg3gfcxslnlpi3y" "5a76dd3b5d5c" "hu")
- ("0bpyxpclfy74bcsjrs1ajh2am4zv6j6j9q4gc4vz8pgvzy9354zp" "6e6de17dcac4" "id")
- ("131ph8n235kr6nj1pszk0m00nh6kl360r4qvx4hjm8s22mw0k8qd" "536265635dfe" "is")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("1x3110v730ak522zfm8j3r3v1x5lq3ig82kcgyxkc49xywajy0ni" "d0819a64fc40" "ka")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("1gl85z550amhbaxp39zdj6yyvashj9xd4ampfhm9jdpbf6n5j2l8" "afcbc29a15e5" "lt")
- ("1hz5g3iprfkbd88ncppyksbhlws73lhs75nf62hangw8l73wdn69" "84f3d6c7e2da" "mk")
- ("14aq37ngnav5m2kcb4wavxwhp28ad4jzdkzc7i64h0qvvxq5n3hf" "c9ec27a5db3d" "ms")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("061a4z0lffgks3wlr6yh5z7x9arcn804mjwvffcmibs106vzamyq" "470b13b5805b" "ro")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1i119g6dnhzxmpaz5r2jr9yzm1v24v2q6m3z6bfz2yihj0w7m133" "f637484e72b6" "sq")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("1f2g7rnxpr2gjzngfsv19g11vk9zqpyrv01pz07mw2z3ffbkxf0j" "99d5ffa0b81e" "uk")
- ("1rizwsfgr7vxm31bin3i7bwhcqa67wcylak3xa387dvgf1y9057i" "5fd44724e22d" "vi")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
-
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240510190000")
+(define %torbrowser-build-date "20240805090000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.0.16")
+(define %torbrowser-version "13.5.2")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %torbrowser-firefox-version "115.14.0esr-13.5-1-build2")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
+;; See browser/locales/l10n-changesets.json for the commit.
+(define firefox-locales
+ (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (revision "0"))
+ (package
+ (name "firefox-locales")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/mozilla-l10n/firefox-l10n")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ (build-system copy-build-system)
+ (home-page "https://github.com/mozilla-l10n/firefox-l10n")
+ (synopsis "Firefox Locales")
+ (description "This package contains localized messages for all
+Firefox locales.")
+ (license license:mpl2.0))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
@@ -168,11 +153,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "64b325861da514cd681533dcd368b351d2eb5f6c")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "0sz60q60839waq8af021635il0v0s4nah6c7krssx12720zxcl5f"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -180,11 +165,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
+ (commit "36af545865b83e790019195095544d9eec133a49")))
(file-name "translation-tor-browser")
(sha256
(base32
- "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
+ "02kc9b554p3ykm0vvybf2yr3fkmnm06czbdfbc5yapcfdrmwsly3"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -200,7 +185,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
+ "1m8rjjqm93ggqfra99xpxgqgjn4b37l63hhrv2gf67mbd12wm9kz"))))
(arguments
(list
#:install-plan
@@ -215,6 +200,10 @@ (define torbrowser-assets
Browser.")
(license license:silofl1.1)))
+;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld.
+(define lld-as-ld-wrapper-16
+ (make-lld-wrapper lld-16 #:lld-as-ld? #t))
+
(define* (make-torbrowser #:key
moz-app-name
moz-app-remotingname
@@ -238,10 +227,11 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
+ "1v81y5grhzk5gdzryyyvf97g7li9rasvjdj2nkridi18694qrykh"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
+ firefox-locales
tor-client
alsa-lib
bash-minimal ;for wrap-program
@@ -293,8 +283,9 @@ (define* (make-torbrowser #:key
rust
`(,rust "cargo")
rust-cbindgen
- llvm-15
- clang-15
+ lld-as-ld-wrapper-16 ; for cargo rustc
+ llvm-16
+ clang-16
perl
node-lts
python-wrapper
@@ -541,7 +532,7 @@ (define (runpaths-of-input label)
(setenv "MOZBUILD_STATE_PATH"
(in-vicinity (getcwd) ".mozbuild"))
(setenv "MOZ_CHROME_MULTILOCALE"
- (string-join (map car #$locales)))
+ (string-join (list #$@locales)))
;; Make build reproducible.
(setenv "MOZ_BUILD_DATE" #$build-date)))
(add-before 'configure 'mozconfig
@@ -555,14 +546,14 @@ (define (runpaths-of-input label)
;; See tor-browser-build/projects/firefox/build.
(add-before 'configure 'copy-firefox-locales
(lambda _
- (let ((l10ncentral ".mozbuild/l10n-central"))
+ (let ((l10ncentral ".mozbuild/l10n-central")
+ (ff-locales #$(this-package-input "firefox-locales")))
(mkdir-p l10ncentral)
(for-each
(lambda (lang)
- (copy-recursively (cdr lang)
- (in-vicinity l10ncentral
- (car lang))))
- #$locales))))
+ (copy-recursively (string-append ff-locales "/" lang)
+ (in-vicinity l10ncentral lang)))
+ (list #$@locales)))))
(add-after 'copy-firefox-locales 'copy-basebrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -577,7 +568,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-base-browser/~a/base-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -586,7 +577,7 @@ (define (runpaths-of-input label)
"translation-base-browser/~a/*"
"~a/~a/browser/chrome/browser/"))
lang l10ncentral lang)))
- (map car #$locales)))))
+ (list #$@locales)))))
(add-after 'copy-basebrowser-locales 'copy-torbrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -601,7 +592,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-tor-browser/~a/tor-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -623,7 +614,7 @@ (define (runpaths-of-input label)
(format port " locale/~a/ (chrome/locale/~a/*)~%"
lang lang)
(close port)))
- (map car #$locales)))))
+ (list #$@locales)))))
(replace 'configure
(lambda _
(invoke "./mach" "configure")))
@@ -632,14 +623,6 @@ (define (runpaths-of-input label)
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))
- (add-before 'build 'add-bridges ;see deploy.sh
- (lambda _
- (let ((port (open-file
- "browser/app/profile/000-tor-browser.js" "a")))
- (display
- "#include ../../../tools/torbrowser/bridges.js" port)
- (newline port)
- (close port))))
(replace 'build
(lambda* (#:key (make-flags '()) (parallel-build? #t)
#:allow-other-keys)
@@ -739,7 +722,7 @@ (define (runpaths-of-input label)
(copy-recursively (in-vicinity #$assets "fontconfig")
(in-vicinity lib "fontconfig"))
(substitute* (in-vicinity lib "fontconfig/fonts.conf")
- (("<dir>fonts</dir>")
+ (("<dir prefix=\"cwd\">fonts</dir>")
(format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
(delete-file-recursively (in-vicinity lib "fonts"))
(copy-recursively (in-vicinity #$assets "fonts")
@@ -805,11 +788,7 @@ (define (runpaths-of-input label)
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"lightweightThemes.getMoreURL"
- "https://gnuzilla.gnu.org/mozzarella")
- ;; FIXME: https://github.com/NixOS/nixpkgs/issues/307095
- (format #t "pref(~s, ~a);~%"
- "widget.use-xdg-desktop-portal.file-picker"
- "1"))))))
+ "https://gnuzilla.gnu.org/mozzarella"))))))
(add-after 'autoconfig 'autoconfig-tor
(lambda* (#:key inputs #:allow-other-keys)
(let ((lib (in-vicinity #$output "lib/torbrowser"))
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCH v4 4/4] gnu: mullvadbrowser: Update to 13.5.2 [security fixes].
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
` (3 preceding siblings ...)
2024-08-07 0:15 ` [bug#71782] [PATCH v4 3/4] gnu: torbrowser: Update to 13.5.2 [security fixes] André Batista
@ 2024-08-07 0:16 ` André Batista
4 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-08-07 0:16 UTC (permalink / raw)
To: 71782; +Cc: André Batista
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603, 2024-6604,
2024-7519, 2024-7521, 2024-7522, 2024-7524, 2024-7525, 2024-7526,
2024-7527, 2024-7529 and 2024-7531.
See the Mozilla Foundation Security advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/>
for details.
* gnu/packages/mullvad-browsers.scm (mozilla-locale): Remove it.
(mozilla-locales): Likewise.
(firefox-locales): Move to the top.
(%mullvadbrowser-locales): Change it to be a plain list of supported
locales.
(%mullvadbrowser-build-date): Update to 20240805090000.
(%mullvadbrowser-version): Update to 13.5.2.
(%mullvadbrowser-firefox-version): Update to 115.14.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
64b325861da514cd681533dcd368b351d2eb5f6c.
(mullvadbrowser) [arguments] <#:phases>: Adjust copy-torbrowser-locales
replacement accordingly.
---
gnu/packages/tor-browsers.scm | 98 +++++++++++------------------------
1 file changed, 30 insertions(+), 68 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index bde95a8428..1898f8b2c4 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -90,39 +90,6 @@ (define-module (gnu packages tor-browsers)
#:use-module (ice-9 regex)
#:use-module (guix utils))
-(define (mozilla-locale locale changeset hash-string)
- (origin
- (method hg-fetch)
- (uri (hg-reference
- (url (string-append "https://hg.mozilla.org/l10n-central/"
- locale))
- (changeset changeset)))
- (file-name (string-append "mozilla-locale-" locale))
- (sha256 (base32 hash-string))))
-
-(define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
- #~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
- ...))
-
-;; We copy the official build id, which is defined at
-;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240805090000")
-
-;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.2")
-
-;; To find the last Firefox version, browse
-;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
-;; There should be only one archive that starts with
-;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.14.0esr-13.5-1-build2")
-
-;; See tor-browser-build/rbm.conf for the list.
-(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
- "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
- "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
- "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
-
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
(let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
@@ -147,6 +114,25 @@ (define firefox-locales
Firefox locales.")
(license license:mpl2.0))))
+;; We copy the official build id, which is defined at
+;; tor-browser-build/rbm.conf (browser_release_date).
+(define %torbrowser-build-date "20240805090000")
+
+;; To find the last version, look at https://www.torproject.org/download/.
+(define %torbrowser-version "13.5.2")
+
+;; To find the last Firefox version, browse
+;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
+;; There should be only one archive that starts with
+;; "src-firefox-tor-browser-".
+(define %torbrowser-firefox-version "115.14.0esr-13.5-1-build2")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
(origin
@@ -832,47 +818,23 @@ (define-public torbrowser
\f
;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %mullvadbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
+(define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
+ "ja" "ko" "my" "nb-NO" "nl" "pl" "pt-BR"
+ "ru" "sv-SE" "th" "tr" "zh-CN" "zh-TW"))
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240510190000")
+(define %mullvadbrowser-build-date "20240805090000")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.0.16")
+(define %mullvadbrowser-version "13.5.2")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %mullvadbrowser-firefox-version "115.14.0esr-13.5-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -880,11 +842,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "64b325861da514cd681533dcd368b351d2eb5f6c")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "0sz60q60839waq8af021635il0v0s4nah6c7krssx12720zxcl5f"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -912,7 +874,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1bpchiz12zjyrzpgyk71naf1jdf3msjcjwggb1mziyawc6pyxj7v"))))
+ "1mvhasy70yhndibrb4m8cslkbz2gn08p6kirilnqzqq6p0j1lxq9"))))
(arguments
(list
#:install-plan
@@ -955,7 +917,7 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1xs4qwa3c6nfq6cj5q6asfrzki4brafg65g6hbn0fc9qqcmrhkv5"))))
+ "0w5xy4cxcnxn6vzp5jbzxcssy9r69pgby0gl04m33fh9fl26pkkq"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
@@ -977,7 +939,7 @@ (define-public mullvadbrowser
(system
(format #f "cp -Lr ~a/~a .mozbuild/l10n-central/"
#$mullvadbrowser-translation-specific lang)))
- (map car #$%mullvadbrowser-locales))))
+ (list #$@%mullvadbrowser-locales))))
(add-before 'build 'fix-profiles
;; Otherwise the profile would change every time the install
;; location changes, that is: at every package update. These
--
2.45.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv3 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
` (3 preceding siblings ...)
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
@ 2024-07-16 23:42 ` André Batista
2024-07-16 23:42 ` [bug#71782] [PATCHv3 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
` (2 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-07-16 23:42 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm
(go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel):
New variable.
Change-Id: Icee28357fd2b40744f5e4699a6aeaec4d2746759
---
gnu/packages/golang.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index eed7126873..d847c347a4 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2258,6 +2258,31 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.")
(license (list license:bsd-2 license:bsd-3))))
+(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
+ (let ((commit "3b6faa48163782c1e5420bcb4b068cd38c401ea7")
+ (revision "0"))
+ (package
+ (name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "08k108h1fh9mq0m5kr866s2n0lsif0dpbi8ffb62g5ghg7jaai89"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel"))
+ (home-page "https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel")
+ (synopsis "Go WebTunnel Pluggable Transport")
+ (description "WebTunnel is a Go Pluggable Transport that attempts to imitate
+web browsing activities based on HTTP Upgrade (HTTPT).")
+ (license license:bsd-2))))
+
(define-public go-github-com-sevlyar-go-daemon
(package
(name "go-github-com-sevlyar-go-daemon")
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv3 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0.
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
` (4 preceding siblings ...)
2024-07-16 23:42 ` [bug#71782] [PATCHv3 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
@ 2024-07-16 23:42 ` André Batista
2024-07-16 23:42 ` [bug#71782] [PATCHv3 3/4] gnu: torbrowser: Update to 13.5.1 [security fixes] André Batista
2024-07-16 23:43 ` [bug#71782] [PATCHv3 4/4] gnu: mullvadbrowser: " André Batista
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-07-16 23:42 UTC (permalink / raw)
To: 71782; +Cc: André Batista
* gnu/packages/golang.scm (go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird):
Update to 0.2.0.
[arguments] <#:go>: Use go-1.21.
[propagated-inputs]: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel.
Change-Id: I68a859e0980200b50aaa9d300ffaf1e1bce2a5bc
---
gnu/packages/golang.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index d847c347a4..1f7f17a580 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -46,6 +46,7 @@
;;; Copyright © 2024 Troy Figiel <troy@troyfigiel.com>
;;; Copyright © 2024 Greg Hogan <code@greghogan.com>
;;; Copyright © 2024 Brennan Vincent <brennan@umanwizard.com>
+;;; Copyright © 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2213,7 +2214,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
(package
(name "go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird")
- (version "0.1.0")
+ (version "0.2.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2222,12 +2223,12 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
(file-name (git-file-name name version))
(sha256
(base32
- "0rifg5kgqp4c3b44j48fjmx00m00ai7fa4gaqrgphiqs1fc5586s"))))
+ "0imdf11ldkmbkp74gl1bcbvzmrl7jmkcfhpn6377r99gkf0zk28j"))))
(build-system go-build-system)
(arguments
`(#:unpack-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird"
#:import-path "gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/cmd/lyrebird"
- #:go ,go-1.20
+ #:go ,go-1.21
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'substitutions
@@ -2249,6 +2250,7 @@ (define-public go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports
go-github-com-refraction-networking-utls
go-gitlab-com-yawning-edwards25519-extra
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-goptlib
+ go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel
go-golang-org-x-crypto
go-golang-org-x-net
go-golang-org-x-text))
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv3 3/4] gnu: torbrowser: Update to 13.5.1 [security fixes].
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
` (5 preceding siblings ...)
2024-07-16 23:42 ` [bug#71782] [PATCHv3 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
@ 2024-07-16 23:42 ` André Batista
2024-07-16 23:43 ` [bug#71782] [PATCHv3 4/4] gnu: mullvadbrowser: " André Batista
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-07-16 23:42 UTC (permalink / raw)
To: 71782; +Cc: André Batista
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603 and 2024-6604.
See the Mozilla Foundation Security advisory
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>
for details.
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240708120000.
(%torbrowser-version): Update to 13.5.1.
(%torbrowser-firefox-version): Update to 115.13.0esr-13.5-1-build2.
(%torbrowser-locales): Change it to be a plain list of supported locales.
(firefox-locales): New variable.
(torbrowser-translation-base): Update to
6ff73b6f7a6cec4849c2cd1e1ee1dc6fc8894169.
(torbrowser-translation-specific): Update to
427819f80eaca95645bf0c1876d6a728d6ce7093.
(lld-as-ld-wrapper-16): New variable.
(make-torbrowser)[native-inputs]: Add lld-as-ld-wrapper-16. Use
llvm-16 and clang-16.
[inputs]: Add firefox-locales.
[arguments] <#:phases>: Remove add-bridges.
setenv, copy-firefox-locales: Update MOZ_CHROME_MULTILOCALE to the
new %torbrowser-locales format.
copy-basebrowser-locales, copy-torbrowser-locales: Likewise and ajust
fluent file path.
deploy-fonts: Ajust regex expression.
autoconfig: Remove file-picker configuration workaround. See #71181.
Change-Id: Ia1f84bc55beed42580b1eaabcbb685b1cc2a7d51
---
gnu/packages/tor-browsers.scm | 142 ++++++++++++++--------------------
1 file changed, 60 insertions(+), 82 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 3d01346c8c..8172083957 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -21,7 +21,7 @@
;;; Copyright © 2021 Baptiste Strazzul <bstrazzull@hotmail.fr>
;;; Copyright © 2022 SeerLite <seerlite@disroot.org>
;;; Copyright © 2024 Aleksandr Vityazev <avityazew@gmail.com>
-;;; Copyright © 2020, 2021 André Batista <nandre@riseup.net>
+;;; Copyright © 2020, 2021, 2024 André Batista <nandre@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -104,63 +104,48 @@ (define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
#~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
...))
-;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %torbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("11c96jhfzd3h46qhblhvn2acsn895ykynarai8r5pf0655nfjs0j" "2de60e3d6d0c" "ca")
- ("0yhycgb3s3kydbzy6f2q7f7g2lp975spr092prf9xp8ha62ghby7" "609edd15f9a9" "cs")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("13ay27vdrqfv2ysyi7c2jmz50lps7rff9rmnws1z7jkj0a5chwrn" "20baf15379d8" "el")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("1dxcp26y8siap4k54zsw7mqa7k0l4f1505rdf4hnnxrzf9a643g5" "2fcccb5b19b3" "ga-IE")
- ("14v6xnlyj65hzaz2rmzxcl4skjgm48426jgr9mwkwiqis587lp4a" "c53cea027f8f" "he")
- ("04fdw2gzb64fb51bvs0bwsidzlvkdahmcy76vdg3gfcxslnlpi3y" "5a76dd3b5d5c" "hu")
- ("0bpyxpclfy74bcsjrs1ajh2am4zv6j6j9q4gc4vz8pgvzy9354zp" "6e6de17dcac4" "id")
- ("131ph8n235kr6nj1pszk0m00nh6kl360r4qvx4hjm8s22mw0k8qd" "536265635dfe" "is")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("1x3110v730ak522zfm8j3r3v1x5lq3ig82kcgyxkc49xywajy0ni" "d0819a64fc40" "ka")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("1gl85z550amhbaxp39zdj6yyvashj9xd4ampfhm9jdpbf6n5j2l8" "afcbc29a15e5" "lt")
- ("1hz5g3iprfkbd88ncppyksbhlws73lhs75nf62hangw8l73wdn69" "84f3d6c7e2da" "mk")
- ("14aq37ngnav5m2kcb4wavxwhp28ad4jzdkzc7i64h0qvvxq5n3hf" "c9ec27a5db3d" "ms")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("061a4z0lffgks3wlr6yh5z7x9arcn804mjwvffcmibs106vzamyq" "470b13b5805b" "ro")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1i119g6dnhzxmpaz5r2jr9yzm1v24v2q6m3z6bfz2yihj0w7m133" "f637484e72b6" "sq")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("1f2g7rnxpr2gjzngfsv19g11vk9zqpyrv01pz07mw2z3ffbkxf0j" "99d5ffa0b81e" "uk")
- ("1rizwsfgr7vxm31bin3i7bwhcqa67wcylak3xa387dvgf1y9057i" "5fd44724e22d" "vi")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
-
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240510190000")
+(define %torbrowser-build-date "20240708120000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.0.16")
+(define %torbrowser-version "13.5.1")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %torbrowser-firefox-version "115.13.0esr-13.5-1-build2")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
+;; See browser/locales/l10n-changesets.json for the commit.
+(define firefox-locales
+ (let ((commit "15d15edddfbd4611b4922fa1976e753c5be548ca")
+ (revision "0"))
+ (package
+ (name "firefox-locales")
+ (version (git-version "0.0.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/mozilla-l10n/firefox-l10n")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1rxck15vyhlwzjzn4l5zn7slbhjjj1ncm22b5mjhdb056sqhna17"))))
+ (build-system copy-build-system)
+ (home-page "https://github.com/mozilla-l10n/firefox-l10n")
+ (synopsis "Firefox Locales")
+ (description "This package contains localized messages for all
+Firefox locales.")
+ (license license:mpl2.0))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
@@ -168,11 +153,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "6ff73b6f7a6cec4849c2cd1e1ee1dc6fc8894169")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "11s4px6izzvja11qrr7g8whbmcn6yrvk2yc0k7jx628562hjwi3d"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -180,11 +165,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "b5d79336411e5a59c4861341ef9aa7353e0bcad9")))
+ (commit "427819f80eaca95645bf0c1876d6a728d6ce7093")))
(file-name "translation-tor-browser")
(sha256
(base32
- "0ahz69pxhgik7ynmdkbnx7v5l2v392i6dswjz057g4hwnd7d34fb"))))
+ "1yq1aqdzwyiqvj918i9q7x27i37rm7090bjnimh2ai8ss3xc8jpf"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -200,7 +185,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1kffam66bsaahzx212hw9lb03jwfr24hivzg067iyzilsldpc9c1"))))
+ "12na110krw60d067x1dbwfnsk6vbx9l4vai0qvaasxydd0np2g6m"))))
(arguments
(list
#:install-plan
@@ -215,6 +200,10 @@ (define torbrowser-assets
Browser.")
(license license:silofl1.1)))
+;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld.
+(define lld-as-ld-wrapper-16
+ (make-lld-wrapper lld-16 #:lld-as-ld? #t))
+
(define* (make-torbrowser #:key
moz-app-name
moz-app-remotingname
@@ -238,10 +227,11 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "1b70zyjyai6kk4y1kkl8jvrs56gg7z31kkad6bmdpd8jw4n71grx"))))
+ "1p83mmv5gq1nvpqs5w6151b7b8s3pbp9nn7jcrhbgwr7a9ffypi8"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
+ firefox-locales
tor-client
alsa-lib
bash-minimal ;for wrap-program
@@ -293,8 +283,9 @@ (define* (make-torbrowser #:key
rust
`(,rust "cargo")
rust-cbindgen
- llvm-15
- clang-15
+ lld-as-ld-wrapper-16 ; for cargo rustc
+ llvm-16
+ clang-16
perl
node-lts
python-wrapper
@@ -540,8 +531,7 @@ (define (runpaths-of-input label)
;; $HOME/.mozbuild).
(setenv "MOZBUILD_STATE_PATH"
(in-vicinity (getcwd) ".mozbuild"))
- (setenv "MOZ_CHROME_MULTILOCALE"
- (string-join (map car #$locales)))
+ (setenv "MOZ_CHROME_MULTILOCALE" (string-join (list #$@locales)))
;; Make build reproducible.
(setenv "MOZ_BUILD_DATE" #$build-date)))
(add-before 'configure 'mozconfig
@@ -555,14 +545,14 @@ (define (runpaths-of-input label)
;; See tor-browser-build/projects/firefox/build.
(add-before 'configure 'copy-firefox-locales
(lambda _
- (let ((l10ncentral ".mozbuild/l10n-central"))
+ (let ((l10ncentral ".mozbuild/l10n-central")
+ (ff-locales #$(this-package-input "firefox-locales")))
(mkdir-p l10ncentral)
(for-each
(lambda (lang)
- (copy-recursively (cdr lang)
- (in-vicinity l10ncentral
- (car lang))))
- #$locales))))
+ (copy-recursively (string-append ff-locales "/" lang)
+ (in-vicinity l10ncentral lang)))
+ (list #$@locales)))))
(add-after 'copy-firefox-locales 'copy-basebrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -577,7 +567,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-base-browser/~a/base-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -586,7 +576,7 @@ (define (runpaths-of-input label)
"translation-base-browser/~a/*"
"~a/~a/browser/chrome/browser/"))
lang l10ncentral lang)))
- (map car #$locales)))))
+ (list #$@locales)))))
(add-after 'copy-basebrowser-locales 'copy-torbrowser-locales
(lambda _
(let ((l10ncentral ".mozbuild/l10n-central"))
@@ -601,7 +591,7 @@ (define (runpaths-of-input label)
#f (string-join
'("mv"
"translation-tor-browser/~a/tor-browser.ftl"
- "~a/~a/browser/browser/"))
+ "~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
(system
(format
@@ -623,7 +613,7 @@ (define (runpaths-of-input label)
(format port " locale/~a/ (chrome/locale/~a/*)~%"
lang lang)
(close port)))
- (map car #$locales)))))
+ (list #$@locales)))))
(replace 'configure
(lambda _
(invoke "./mach" "configure")))
@@ -632,14 +622,6 @@ (define (runpaths-of-input label)
(substitute*
"toolkit/locales/en-US/toolkit/about/aboutAddons.ftl"
(("addons.mozilla.org") "gnuzilla.gnu.org"))))
- (add-before 'build 'add-bridges ;see deploy.sh
- (lambda _
- (let ((port (open-file
- "browser/app/profile/000-tor-browser.js" "a")))
- (display
- "#include ../../../tools/torbrowser/bridges.js" port)
- (newline port)
- (close port))))
(replace 'build
(lambda* (#:key (make-flags '()) (parallel-build? #t)
#:allow-other-keys)
@@ -739,7 +721,7 @@ (define (runpaths-of-input label)
(copy-recursively (in-vicinity #$assets "fontconfig")
(in-vicinity lib "fontconfig"))
(substitute* (in-vicinity lib "fontconfig/fonts.conf")
- (("<dir>fonts</dir>")
+ (("<dir prefix=\"cwd\">fonts</dir>")
(format #f "<dir>~a</dir>" (in-vicinity lib "fonts"))))
(delete-file-recursively (in-vicinity lib "fonts"))
(copy-recursively (in-vicinity #$assets "fonts")
@@ -805,11 +787,7 @@ (define (runpaths-of-input label)
"https://gnuzilla.gnu.org/mozzarella")
(format #t "pref(~s, ~s);~%"
"lightweightThemes.getMoreURL"
- "https://gnuzilla.gnu.org/mozzarella")
- ;; FIXME: https://github.com/NixOS/nixpkgs/issues/307095
- (format #t "pref(~s, ~a);~%"
- "widget.use-xdg-desktop-portal.file-picker"
- "1"))))))
+ "https://gnuzilla.gnu.org/mozzarella"))))))
(add-after 'autoconfig 'autoconfig-tor
(lambda* (#:key inputs #:allow-other-keys)
(let ((lib (in-vicinity #$output "lib/torbrowser"))
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [bug#71782] [PATCHv3 4/4] gnu: mullvadbrowser: Update to 13.5.1 [security fixes].
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
` (6 preceding siblings ...)
2024-07-16 23:42 ` [bug#71782] [PATCHv3 3/4] gnu: torbrowser: Update to 13.5.1 [security fixes] André Batista
@ 2024-07-16 23:43 ` André Batista
7 siblings, 0 replies; 24+ messages in thread
From: André Batista @ 2024-07-16 23:43 UTC (permalink / raw)
To: 71782; +Cc: André Batista
Fixes CVEs 2024-6600, 2024-6601, 2024-6602, 2024-6603 and 2024-6604.
See the Mozilla Foundation Security advisory
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/>
for details.
* gnu/packages/mullvad-browsers.scm (mozilla-locale): Remove it.
(mozilla-locales): Likewise.
(firefox-locales): Move to the top.
(%mullvadbrowser-locales): Change it to be a plain list of supported
locales.
(%mullvadbrowser-build-date): Update to 20240708190000.
(%mullvadbrowser-version): Update to 13.5.1.
(%mullvadbrowser-firefox-version): Update to 115.13.0esr-13.5-1-build3.
(mullvadbrowser-translation-base): Update to
6ff73b6f7a6cec4849c2cd1e1ee1dc6fc8894169.
(mullvadbrowser) [arguments] <#:phases>: Adjust copy-torbrowser-locales
replacement accordingly.
Change-Id: I221788e6028375ee40ad7fcfb1d52cb95fc67759
---
gnu/packages/tor-browsers.scm | 98 +++++++++++------------------------
1 file changed, 30 insertions(+), 68 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 8172083957..3d17f6d566 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -90,39 +90,6 @@ (define-module (gnu packages tor-browsers)
#:use-module (ice-9 regex)
#:use-module (guix utils))
-(define (mozilla-locale locale changeset hash-string)
- (origin
- (method hg-fetch)
- (uri (hg-reference
- (url (string-append "https://hg.mozilla.org/l10n-central/"
- locale))
- (changeset changeset)))
- (file-name (string-append "mozilla-locale-" locale))
- (sha256 (base32 hash-string))))
-
-(define-syntax-rule (mozilla-locales (hash-string changeset locale) ...)
- #~(list (cons #$locale #$(mozilla-locale locale changeset hash-string))
- ...))
-
-;; We copy the official build id, which is defined at
-;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240708120000")
-
-;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.1")
-
-;; To find the last Firefox version, browse
-;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
-;; There should be only one archive that starts with
-;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.13.0esr-13.5-1-build2")
-
-;; See tor-browser-build/rbm.conf for the list.
-(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
- "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
- "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
- "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
-
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
(let ((commit "15d15edddfbd4611b4922fa1976e753c5be548ca")
@@ -147,6 +114,25 @@ (define firefox-locales
Firefox locales.")
(license license:mpl2.0))))
+;; We copy the official build id, which is defined at
+;; tor-browser-build/rbm.conf (browser_release_date).
+(define %torbrowser-build-date "20240708120000")
+
+;; To find the last version, look at https://www.torproject.org/download/.
+(define %torbrowser-version "13.5.1")
+
+;; To find the last Firefox version, browse
+;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
+;; There should be only one archive that starts with
+;; "src-firefox-tor-browser-".
+(define %torbrowser-firefox-version "115.13.0esr-13.5-1-build2")
+
+;; See tor-browser-build/rbm.conf for the list.
+(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
+ "ga-IE" "he" "hu" "id" "is" "it" "ja" "ka" "ko" "lt"
+ "mk" "ms" "my" "nb-NO" "nl" "pl" "pt-BR" "ro" "ru"
+ "sq" "sv-SE" "th" "tr" "uk" "vi" "zh-CN" "zh-TW"))
+
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-base
(origin
@@ -831,47 +817,23 @@ (define-public torbrowser
\f
;; See tor-browser-build/rbm.conf for the list.
-;; See browser/locales/l10n-changesets.json for the changeset.
-;; See update-mozilla-locales in gnuzilla.scm to automate updating changeset.
-(define %mullvadbrowser-locales
- (mozilla-locales
- ;; sha256 changeset locale
- ;;---------------------------------------------------------------------------
- ("1218mldjxybhgzdi0myzkwjr2fgnysl71pl847kr7wyn1j8wk3a5" "c25d00080479" "ar")
- ("1kzx94n36c5vv954j7w65djvb37c178zazy25b35l71q2rvhmlhj" "2197a99c9a08" "da")
- ("13h7hk11bbd0yq8gqdv7ndbizkgwlm3ybz225l3x2b5cnyjxyg14" "b7a533e5edc9" "de")
- ("0mdr5b6pqxjmg9c8064x3hpf53h6w9j8ghl32655sx9jh4v3ykza" "beff1baac7c5" "es-ES")
- ("1pnyg09j6r15w8m62lwj89x6rz4br877z60p8s1hlrb9hj2s3vdx" "ebe0b60b0b36" "fa")
- ("067r505626cvlrsalnndf2ykz3nnkiy0b8yaxzf1rracpzmp0hni" "d5ae6a933d71" "fi")
- ("0026zzjv2bqc8sg06yvyd0mhny6mwwvhpvzjrhv2fi5v4wkxapdj" "496c2eb73b82" "fr")
- ("03fbp4vgkwyimfmbm4n8blx1m16yhms2wm8j4wlx2h3cpxp5r71k" "91951e37e2b8" "it")
- ("0ncm531d7ih7phcn9d83zwq0dfphvmzg3gmhqmrrkkbydi1g3pbb" "895dcf8bb524" "ja")
- ("14rc9mr4ngxdzwpjagzhz47jazgp1a6vwb0vbwj31yxv9iwkrgzi" "6ef881aff44b" "ko")
- ("0h7dlnawm5mbcx4qdlz5c7n4axz2dpa677v13ljdgm2b5w76msmq" "5c1480ccc040" "my")
- ("1b12azc1n8j1i2l20v66r74q79zqjvc5sf9pd8rmj3xd0fkxzdp2" "fc1896a0a24d" "nb-NO")
- ("1fh4dhlb6hynlpb2997gssv9v8zk5b7qrw0sclggczb5pcpjk6wc" "7e6da4f01bdb" "nl")
- ("1w8x3jjrd28f6g6ywwxldizpiipfkr63dzqd74kjpg24s2lqzp80" "e86a451a9cb5" "pl")
- ("1v3v4n82sn7a4h2d9n653fmgc31mikacf59lvdj6gbwvzpjb5yfa" "94c3dbb67a5d" "pt-BR")
- ("1fxgh7nfxpg2zknvfff8igq9q1vm5n4q033v7lm2c0xn3dbl8m28" "402b2ecbf04d" "ru")
- ("1nllh3ax323sxwhj7xvwvbfnh4179332pcmpfyybw1vaid3nr39k" "bb2d5d96d69e" "sv-SE")
- ("136m68fd0641k3qqmsw6zp016cvvd0sipsyv6rx2b9nli56agz57" "0e6c56bf2ac9" "th")
- ("0q8p8bwq8an65yfdwzm4dhl6km68r83bv5i17kay2gak8msxxhsb" "91e611ae3f19" "tr")
- ("02ifa94jfii5f166rwdvv8si3bazm4bcf4qhi59c8f1hxbavb52h" "081aeb1aa308" "zh-CN")
- ("0qx9sh56pqc2x5qrh386cp1fi1gidhcmxxpvqkg9nh2jbizahznr" "9015a180602e" "zh-TW")))
+(define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
+ "ja" "ko" "my" "nb-NO" "nl" "pl" "pt-BR"
+ "ru" "sv-SE" "th" "tr" "zh-CN" "zh-TW"))
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240510190000")
+(define %mullvadbrowser-build-date "20240708190000")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.0.16")
+(define %mullvadbrowser-version "13.5.1")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.12.0esr-13.0-1-build1")
+(define %mullvadbrowser-firefox-version "115.13.0esr-13.5-1-build3")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -879,11 +841,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "f28525699864f4e3d764c354130bd898ce5b20aa")))
+ (commit "6ff73b6f7a6cec4849c2cd1e1ee1dc6fc8894169")))
(file-name "translation-base-browser")
(sha256
(base32
- "1vf6nl7fdmlmg2gskf3w1xlsgcm0pxi54z2daz5nwr6q9gyi0lkf"))))
+ "11s4px6izzvja11qrr7g8whbmcn6yrvk2yc0k7jx628562hjwi3d"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -911,7 +873,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1bpchiz12zjyrzpgyk71naf1jdf3msjcjwggb1mziyawc6pyxj7v"))))
+ "1g0929852dicdrij5s8bpp97bci0clydg1q4s2sysarjnqki6hk1"))))
(arguments
(list
#:install-plan
@@ -954,7 +916,7 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1xs4qwa3c6nfq6cj5q6asfrzki4brafg65g6hbn0fc9qqcmrhkv5"))))
+ "19hidpywdiz15q4443jsphd8hbbcz6qajvyivja0vqhy1d6s0avd"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
@@ -976,7 +938,7 @@ (define-public mullvadbrowser
(system
(format #f "cp -Lr ~a/~a .mozbuild/l10n-central/"
#$mullvadbrowser-translation-specific lang)))
- (map car #$%mullvadbrowser-locales))))
+ (list #$@%mullvadbrowser-locales))))
(add-before 'build 'fix-profiles
;; Otherwise the profile would change every time the install
;; location changes, that is: at every package update. These
--
2.45.1
^ permalink raw reply related [flat|nested] 24+ messages in thread