[bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

From: "André Batista" <nandre@riseup.net>
To: 73998@debbugs.gnu.org
Cc: "André Batista" <nandre@riseup.net>,
	jonathan.brielmaier@web.de, mhw@netris.org
Subject: [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes].
Date: Tue, 29 Oct 2024 19:49:22 -0300	[thread overview]
Message-ID: <20241029224922.2681-1-nandre@riseup.net> (raw)
In-Reply-To: <20241029224533.2612-1-nandre@riseup.net>

Fixes CVE 2024-9680, 2024-10458, 2024-10459 and 2024-10463. See the Mozilla
Foundation Security Advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> for details.

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241024160253.
(%mullvadbrowser-version): Update to 13.5.9.
(%mullvadbrowser-firefox-version): Update to 115.17.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.
(mullvadbrowser) [arguments] <#:phases>: Replace 'apply-guix-specific-patches
so as to keep using icecat-compare-paths.patch as it applies to ESR 115.
Replace 'remove-cargo-frozen-flag, keep the old regex which matches for this
older version.
---
 gnu/packages/tor-browsers.scm | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 02e3c0583c..e6747401a5 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
 
 ;; We copy the official build id, which can be found there:
 ;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241024160253")
 
 ;; To find the last version, look at
 ;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "13.5.9")
 
 ;; To find the last Firefox version, browse
 ;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
 ;; There should be only one archive that starts with
 ;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "115.17.0esr-13.5-1-build2")
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+          (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
     (file-name "translation-base-browser")
     (sha256
      (base32
-      "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+      "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+          (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
     (file-name "translation-mullvad-browser")
     (sha256
      (base32
-      "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+      "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
 
 (define mullvadbrowser-assets
   ;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@ (define mullvadbrowser-assets
          version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
        (sha256
         (base32
-         "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+         "0q3c2wf5r6n06y36bcp5qxir41a01dwj4am9pqs5cz48ilimh8c7"))))
     (arguments
      (list
       #:install-plan
@@ -910,11 +910,26 @@ (define-public mullvadbrowser
          %mullvadbrowser-firefox-version ".tar.xz"))
        (sha256
         (base32
-         "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+         "1xz005sa7isz561r9zlsipm6gpx30b83k7xbfy00zkc7qkl15xzs"))))
     (arguments
      (substitute-keyword-arguments (package-arguments mullvadbrowser-base)
        ((#:phases phases)
         #~(modify-phases #$phases
+            (replace 'apply-guix-specific-patches
+              (lambda _
+                (for-each
+                 (lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
+                 '(#$(local-file
+                      (search-patch "icecat-compare-paths.patch"))
+                   #$(local-file
+                      (search-patch "icecat-use-system-wide-dir.patch"))))))
+            (replace 'remove-cargo-frozen-flag
+              (lambda _
+                ;; This is only needed while torbrowser and mullvadbrowser
+                ;; remain based on different firefox ESR versions. Delete
+                ;; once mullvad reaches the same upstream base.
+                (substitute* "build/RunCbindgen.py"
+                  (("\"--frozen\",") ""))))
             (add-after 'unpack 'ublock-private-allowed
               (lambda _
                 (substitute* "toolkit/components/extensions/Extension.sys.mjs"
-- 
2.46.0

     prev parent reply	other threads:[~2024-10-29 23:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
2024-10-29 22:48   ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
2024-10-29 22:49   ` André Batista [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:02e3c0583 dfblob:e6747401a )
 OR (
bs:"[bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes]." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241029224922.2681-1-nandre@riseup.net \
    --to=nandre@riseup.net \
    --cc=73998@debbugs.gnu.org \
    --cc=jonathan.brielmaier@web.de \
    --cc=mhw@netris.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).