From: "André Batista" <nandre@riseup.net>
To: 73998@debbugs.gnu.org
Cc: "André Batista" <nandre@riseup.net>,
jonathan.brielmaier@web.de, mhw@netris.org
Subject: [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes].
Date: Sun, 1 Dec 2024 13:07:29 -0300 [thread overview]
Message-ID: <20241201160729.1830-1-nandre@riseup.net> (raw)
In-Reply-To: <20241201160554.1800-1-nandre@riseup.net>
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691,
2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697,
2024-11698 and 2024-11699. See
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for
details.
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
f75c1e6a305e68161037337767ece88e9de940b9.
(%torbrowser-build-date): Update to 20241125154204.
(%torbrowser-version): Update to 14.0.3.
(%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(torbrowser-translation-specific): Update to
4314d0a7ce780ffdf82b84e324bfbc437198f993.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index c89fd88282..6c35a72576 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2238,6 +2238,7 @@ dist_patch_DATA = \
%D%/packages/patches/torcs-glibc-default-source.patch \
%D%/packages/patches/torcs-isnan.patch \
%D%/packages/patches/torcs-nullptr.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..3a23f8ab65 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241125154204")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "caa431bbea1a76d7ad61eeda94086a1513762605")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0
next prev parent reply other threads:[~2024-12-01 16:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2024-12-01 16:07 ` André Batista [this message]
2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista
2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241201160729.1830-1-nandre@riseup.net \
--to=nandre@riseup.net \
--cc=73998@debbugs.gnu.org \
--cc=jonathan.brielmaier@web.de \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).