* [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0. @ 2024-10-24 21:25 André Batista 2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista 0 siblings, 1 reply; 8+ messages in thread From: André Batista @ 2024-10-24 21:25 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw * gnu/packages/tor-browsers.scm (firefox-locales): Update to eded3303744e8f5ca85f0d14710f198cd77fd23f. (%torbrowser-build-date): Update to 20241016164500. (%torbrowser-version): Update to 14.0. (%torbrowser-firefox-version): Update to 128.3.0esr-14.0-1-build6. (torbrowser-translation-base): Update to 547400dd678f476ec38efde2cf703d57c1a3e8c7. (torbrowser-translation-specific): Update to 38d5c3b11cfb96833ae2c7dc3122829b29583d6f. (make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches change icecat-compare-paths.patch to torbrowser-compare-paths.patch as the patched file has changed its name between major versions. On 'remove-cargo-frozen-flag, update the regex to match this newer version string. * gnu/packages/patches: Add torbrowser-compare-paths.patch. * gnu/local.mk: Likewise. Change-Id: Idc442a89d95198d0794b179a45f47d0546e720c4 --- gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++ gnu/packages/tor-browsers.scm | 26 +++++++++---------- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/gnu/local.mk b/gnu/local.mk index 89a795bfbd..e85b3602b1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2222,6 +2222,7 @@ dist_patch_DATA = \ %D%/packages/patches/tla2tools-build-xml.patch \ %D%/packages/patches/tlf-support-hamlib-4.2+.patch \ %D%/packages/patches/tofi-32bit-compat.patch \ + %D%/packages/patches/torbrowser-compare-paths.patch \ %D%/packages/patches/tpetra-remove-duplicate-using.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-4.0.6-fix-build.patch \ diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch new file mode 100644 index 0000000000..7d4d5fdb78 --- /dev/null +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -0,0 +1,24 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3606,6 +3606,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) + ) { + newAddon = this.updateMetadata( +@@ -3614,8 +3615,6 @@ + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index e517f9b214..55d4c1dca4 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers) ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f") + (let ((commit "eded3303744e8f5ca85f0d14710f198cd77fd23f") (revision "0")) (package (name "firefox-locales") @@ -106,7 +106,7 @@ (define firefox-locales (file-name (git-file-name name version)) (sha256 (base32 - "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1")))) + "1zvq6z79rv6cr6vwi04w6j47rn0hfjjzbgcbjhdaabgla88d5gz2")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -116,16 +116,16 @@ (define firefox-locales ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20241008182800") +(define %torbrowser-build-date "20241016164500") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.5.7") +(define %torbrowser-version "14.0") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3") +(define %torbrowser-firefox-version "128.3.0esr-14.0-1-build6") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr" @@ -139,11 +139,11 @@ (define torbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "ceb66dd0937da14962cb535699242b2526e11f02"))) + (commit "547400dd678f476ec38efde2cf703d57c1a3e8c7"))) (file-name "translation-base-browser") (sha256 (base32 - "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4")))) + "0g7s2365dl71yl0y29vx503jhiqji91vb8jc2dqn6yf7ip7wy75g")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ (define torbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7"))) + (commit "38d5c3b11cfb96833ae2c7dc3122829b29583d6f"))) (file-name "translation-tor-browser") (sha256 (base32 - "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0")))) + "0rlhaa4npzcy3lc5xs0m8p4mdcv13wah4c7df81j4g37r5xql81w")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ (define torbrowser-assets version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3")))) + "18jm7x2r4ayy0f1kyaxvnlvj17d7ma0bbvl8jh25sgy7ry7i7ns4")))) (arguments (list #:install-plan @@ -213,7 +213,7 @@ (define* (make-torbrowser #:key ".tar.xz")) (sha256 (base32 - "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i")))) + "0i4bnd65xd865manks1xkapymylz2gb3sxlyai04fi8kx1m4wj87")))) (build-system mozilla-build-system) (inputs (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird @@ -383,7 +383,7 @@ (define* (make-torbrowser #:key (for-each (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) '(#$(local-file - (search-patch "icecat-compare-paths.patch")) + (search-patch "torbrowser-compare-paths.patch")) #$(local-file (search-patch "icecat-use-system-wide-dir.patch")))))) (add-after 'apply-guix-specific-patches 'remove-bundled-libraries @@ -497,7 +497,7 @@ (define (runpaths-of-input label) ;; complain that it's not able to change Cargo.lock. ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 (substitute* "build/RunCbindgen.py" - (("\"--frozen\",") "")))) + (("args.append\\(\"--frozen\"\\)") "pass")))) (delete 'bootstrap) (add-before 'configure 'setenv (lambda _ base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1 -- 2.45.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser 2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista @ 2024-10-29 22:45 ` André Batista 2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista ` (2 more replies) 0 siblings, 3 replies; 8+ messages in thread From: André Batista @ 2024-10-29 22:45 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw This patch series updates both torbrowser and mullvadbrowser to their latest stable releases (14.0.1 and 13.5.9 respectively). It is sent together as changes to "make-torbrowser" required by torbrowser would break mullvadbrowser as is. This patch series presuposes icecat remains based on ESR 115 and may need to be reworked if it goes to the next ESR 128 before it is applied. See the changes to two build phases on torbrowser for more info. It also makes #73762 obsolete. Cheers! André Batista (2): gnu: torbrowser: Update to 14.0.1 [security-fixes]. gnu: mullvadbrowser: Update to 13.5.9 [security fixes]. gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 ++++++++ gnu/packages/tor-browsers.scm | 59 ++++++++++++------- 3 files changed, 62 insertions(+), 22 deletions(-) create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1 -- 2.46.0 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes]. 2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista @ 2024-10-29 22:48 ` André Batista 2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista 2 siblings, 0 replies; 8+ messages in thread From: André Batista @ 2024-10-29 22:48 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466 and 2024-10467. <https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/> for details. * gnu/packages/tor-browsers.scm (firefox-locales): Update to 878fe6f256d52c7e5b0205b07b061829ccde4f17. (%torbrowser-build-date): Update to 20241028090000. (%torbrowser-version): Update to 14.0.1. (%torbrowser-firefox-version): Update to 128.4.0esr-14.0-1-build2. (torbrowser-translation-base): Update to 3b1be2065b54939ed019d94174f137847bcf3c66. (torbrowser-translation-specific): Update to ba63bd165f3fd4bdd472815c9761413d4671cfb7. (make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches change icecat-compare-paths.patch to torbrowser-compare-paths.patch as the patched file has changed its name between major versions. On 'remove-cargo-frozen-flag, update the regex to match this newer version string. * gnu/packages/patches: Add torbrowser-compare-paths.patch. * gnu/local.mk: Likewise. --- gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++ gnu/packages/tor-browsers.scm | 26 +++++++++---------- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/gnu/local.mk b/gnu/local.mk index 89a795bfbd..e85b3602b1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2222,6 +2222,7 @@ dist_patch_DATA = \ %D%/packages/patches/tla2tools-build-xml.patch \ %D%/packages/patches/tlf-support-hamlib-4.2+.patch \ %D%/packages/patches/tofi-32bit-compat.patch \ + %D%/packages/patches/torbrowser-compare-paths.patch \ %D%/packages/patches/tpetra-remove-duplicate-using.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-4.0.6-fix-build.patch \ diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch new file mode 100644 index 0000000000..7d4d5fdb78 --- /dev/null +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -0,0 +1,24 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3606,6 +3606,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) + ) { + newAddon = this.updateMetadata( +@@ -3614,8 +3615,6 @@ + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index e517f9b214..02e3c0583c 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers) ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f") + (let ((commit "878fe6f256d52c7e5b0205b07b061829ccde4f17") (revision "0")) (package (name "firefox-locales") @@ -106,7 +106,7 @@ (define firefox-locales (file-name (git-file-name name version)) (sha256 (base32 - "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1")))) + "1ypnzjf5klcj75hf9cp88rwvr6aav3h2939rw19wf9hnyanc4xf1")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -116,16 +116,16 @@ (define firefox-locales ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20241008182800") +(define %torbrowser-build-date "20241028090000") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.5.7") +(define %torbrowser-version "14.0.1") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3") +(define %torbrowser-firefox-version "128.4.0esr-14.0-1-build2") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr" @@ -139,11 +139,11 @@ (define torbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "ceb66dd0937da14962cb535699242b2526e11f02"))) + (commit "3b1be2065b54939ed019d94174f137847bcf3c66"))) (file-name "translation-base-browser") (sha256 (base32 - "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4")))) + "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ (define torbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7"))) + (commit "ba63bd165f3fd4bdd472815c9761413d4671cfb7"))) (file-name "translation-tor-browser") (sha256 (base32 - "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0")))) + "0dmsqb57whpq0l05krfmwxv8d31by06a7mpgrmbxjnlv9y3b5nlf")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ (define torbrowser-assets version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3")))) + "13wx4i4mawm8spyg17lil09fsm37s5g409zs3i5764g0llqwl1hd")))) (arguments (list #:install-plan @@ -213,7 +213,7 @@ (define* (make-torbrowser #:key ".tar.xz")) (sha256 (base32 - "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i")))) + "12bnqhn57xpyy2iax4iyfcfpsk25mmj4m2nllwrkkv4lqp3ifbkh")))) (build-system mozilla-build-system) (inputs (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird @@ -383,7 +383,7 @@ (define* (make-torbrowser #:key (for-each (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) '(#$(local-file - (search-patch "icecat-compare-paths.patch")) + (search-patch "torbrowser-compare-paths.patch")) #$(local-file (search-patch "icecat-use-system-wide-dir.patch")))))) (add-after 'apply-guix-specific-patches 'remove-bundled-libraries @@ -497,7 +497,7 @@ (define (runpaths-of-input label) ;; complain that it's not able to change Cargo.lock. ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 (substitute* "build/RunCbindgen.py" - (("\"--frozen\",") "")))) + (("args.append\\(\"--frozen\"\\)") "pass")))) (delete 'bootstrap) (add-before 'configure 'setenv (lambda _ -- 2.46.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes]. 2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista 2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista @ 2024-10-29 22:49 ` André Batista 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista 2 siblings, 0 replies; 8+ messages in thread From: André Batista @ 2024-10-29 22:49 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw Fixes CVE 2024-9680, 2024-10458, 2024-10459 and 2024-10463. See the Mozilla Foundation Security Advisories <https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/> and <https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> for details. * gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to 20241024160253. (%mullvadbrowser-version): Update to 13.5.9. (%mullvadbrowser-firefox-version): Update to 115.17.0esr-13.5-1-build2. (mullvadbrowser-translation-base): Update to 3b1be2065b54939ed019d94174f137847bcf3c66. (mullvadbrowser-translation-specific): Update to 2f7d98b46ce480cdb4d7e9ddab912650c8673d6c. (mullvadbrowser) [arguments] <#:phases>: Replace 'apply-guix-specific-patches so as to keep using icecat-compare-paths.patch as it applies to ESR 115. Replace 'remove-cargo-frozen-flag, keep the old regex which matches for this older version. --- gnu/packages/tor-browsers.scm | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index 02e3c0583c..e6747401a5 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it" ;; We copy the official build id, which can be found there: ;; https://cdn.mullvad.net/browser/update_responses/update_1/release. -(define %mullvadbrowser-build-date "20240930230510") +(define %mullvadbrowser-build-date "20241024160253") ;; To find the last version, look at ;; https://mullvad.net/en/download/browser/linux. -(define %mullvadbrowser-version "13.5.6") +(define %mullvadbrowser-version "13.5.9") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-mullvad-browser-". -(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2") +(define %mullvadbrowser-firefox-version "115.17.0esr-13.5-1-build2") ;; See tor-browser-build/projects/translation/config. (define mullvadbrowser-translation-base @@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b"))) + (commit "3b1be2065b54939ed019d94174f137847bcf3c66"))) (file-name "translation-base-browser") (sha256 (base32 - "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs")))) + "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057")))) ;; See tor-browser-build/projects/translation/config. (define mullvadbrowser-translation-specific @@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece"))) + (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c"))) (file-name "translation-mullvad-browser") (sha256 (base32 - "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72")))) + "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd")))) (define mullvadbrowser-assets ;; This is a prebuilt Mullvad Browser from which we take the assets we need. @@ -867,7 +867,7 @@ (define mullvadbrowser-assets version "/mullvad-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01")))) + "0q3c2wf5r6n06y36bcp5qxir41a01dwj4am9pqs5cz48ilimh8c7")))) (arguments (list #:install-plan @@ -910,11 +910,26 @@ (define-public mullvadbrowser %mullvadbrowser-firefox-version ".tar.xz")) (sha256 (base32 - "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj")))) + "1xz005sa7isz561r9zlsipm6gpx30b83k7xbfy00zkc7qkl15xzs")))) (arguments (substitute-keyword-arguments (package-arguments mullvadbrowser-base) ((#:phases phases) #~(modify-phases #$phases + (replace 'apply-guix-specific-patches + (lambda _ + (for-each + (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) + '(#$(local-file + (search-patch "icecat-compare-paths.patch")) + #$(local-file + (search-patch "icecat-use-system-wide-dir.patch")))))) + (replace 'remove-cargo-frozen-flag + (lambda _ + ;; This is only needed while torbrowser and mullvadbrowser + ;; remain based on different firefox ESR versions. Delete + ;; once mullvad reaches the same upstream base. + (substitute* "build/RunCbindgen.py" + (("\"--frozen\",") "")))) (add-after 'unpack 'ublock-private-allowed (lambda _ (substitute* "toolkit/components/extensions/Extension.sys.mjs" -- 2.46.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista 2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista 2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista @ 2024-12-01 16:05 ` André Batista 2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista ` (2 more replies) 2 siblings, 3 replies; 8+ messages in thread From: André Batista @ 2024-12-01 16:05 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw This time around both browsers are on the same upstream ESR version. Sent together because updating one would break the other as is. Cheers! André Batista (2): gnu: torbrowser: Update to 14.0.3 [security-fixes]. gnu: mullvadbrowser: Update to 14.0.3 [security fixes]. gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 ++++++++++ gnu/packages/tor-browsers.scm | 44 +++++++++---------- 3 files changed, 47 insertions(+), 22 deletions(-) create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch base-commit: 294386674c417355a24586fab5528c643d495b86 -- 2.46.0 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes]. 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista @ 2024-12-01 16:07 ` André Batista 2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista 2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie 2 siblings, 0 replies; 8+ messages in thread From: André Batista @ 2024-12-01 16:07 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691, 2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697, 2024-11698 and 2024-11699. See <https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and <https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for details. * gnu/packages/tor-browsers.scm (firefox-locales): Update to f75c1e6a305e68161037337767ece88e9de940b9. (%torbrowser-build-date): Update to 20241125154204. (%torbrowser-version): Update to 14.0.3. (%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2. (torbrowser-translation-base): Update to caa431bbea1a76d7ad61eeda94086a1513762605. (torbrowser-translation-specific): Update to 4314d0a7ce780ffdf82b84e324bfbc437198f993. (make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches change icecat-compare-paths.patch to torbrowser-compare-paths.patch as the patched file has changed its name between major versions. On 'remove-cargo-frozen-flag, update the regex to match this newer version string. * gnu/packages/patches: Add torbrowser-compare-paths.patch. * gnu/local.mk: Likewise. Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396 --- gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++ gnu/packages/tor-browsers.scm | 26 +++++++++---------- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/gnu/local.mk b/gnu/local.mk index c89fd88282..6c35a72576 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2238,6 +2238,7 @@ dist_patch_DATA = \ %D%/packages/patches/torcs-glibc-default-source.patch \ %D%/packages/patches/torcs-isnan.patch \ %D%/packages/patches/torcs-nullptr.patch \ + %D%/packages/patches/torbrowser-compare-paths.patch \ %D%/packages/patches/tpetra-remove-duplicate-using.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-4.0.6-fix-build.patch \ diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch new file mode 100644 index 0000000000..7d4d5fdb78 --- /dev/null +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -0,0 +1,24 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3606,6 +3606,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) + ) { + newAddon = this.updateMetadata( +@@ -3614,8 +3615,6 @@ + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index e517f9b214..3a23f8ab65 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers) ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f") + (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9") (revision "0")) (package (name "firefox-locales") @@ -106,7 +106,7 @@ (define firefox-locales (file-name (git-file-name name version)) (sha256 (base32 - "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1")))) + "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -116,16 +116,16 @@ (define firefox-locales ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20241008182800") +(define %torbrowser-build-date "20241125154204") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.5.7") +(define %torbrowser-version "14.0.3") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3") +(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr" @@ -139,11 +139,11 @@ (define torbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "ceb66dd0937da14962cb535699242b2526e11f02"))) + (commit "caa431bbea1a76d7ad61eeda94086a1513762605"))) (file-name "translation-base-browser") (sha256 (base32 - "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4")))) + "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ (define torbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7"))) + (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993"))) (file-name "translation-tor-browser") (sha256 (base32 - "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0")))) + "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ (define torbrowser-assets version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3")))) + "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr")))) (arguments (list #:install-plan @@ -213,7 +213,7 @@ (define* (make-torbrowser #:key ".tar.xz")) (sha256 (base32 - "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i")))) + "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72")))) (build-system mozilla-build-system) (inputs (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird @@ -383,7 +383,7 @@ (define* (make-torbrowser #:key (for-each (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) '(#$(local-file - (search-patch "icecat-compare-paths.patch")) + (search-patch "torbrowser-compare-paths.patch")) #$(local-file (search-patch "icecat-use-system-wide-dir.patch")))))) (add-after 'apply-guix-specific-patches 'remove-bundled-libraries @@ -497,7 +497,7 @@ (define (runpaths-of-input label) ;; complain that it's not able to change Cargo.lock. ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 (substitute* "build/RunCbindgen.py" - (("\"--frozen\",") "")))) + (("args.append\\(\"--frozen\"\\)") "pass")))) (delete 'bootstrap) (add-before 'configure 'setenv (lambda _ -- 2.46.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes]. 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista 2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista @ 2024-12-01 16:08 ` André Batista 2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie 2 siblings, 0 replies; 8+ messages in thread From: André Batista @ 2024-12-01 16:08 UTC (permalink / raw) To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw Fixes CVE 2024-9680, 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691, 2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697, 2024-11698 and 2024-11699. See the Mozilla Foundation Security Advisories <https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>, <https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> and <https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for details. * gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to 20241125154204. (%mullvadbrowser-version): Update to 14.0.3. (%mullvadbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2. (mullvadbrowser-translation-base): Update to caa431bbea1a76d7ad61eeda94086a1513762605. (mullvadbrowser-translation-specific): Update to 2f7d98b46ce480cdb4d7e9ddab912650c8673d6c. Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396 --- gnu/packages/tor-browsers.scm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index 3a23f8ab65..58a147f39b 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it" ;; We copy the official build id, which can be found there: ;; https://cdn.mullvad.net/browser/update_responses/update_1/release. -(define %mullvadbrowser-build-date "20240930230510") +(define %mullvadbrowser-build-date "20241125154204") ;; To find the last version, look at ;; https://mullvad.net/en/download/browser/linux. -(define %mullvadbrowser-version "13.5.6") +(define %mullvadbrowser-version "14.0.3") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-mullvad-browser-". -(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2") +(define %mullvadbrowser-firefox-version "128.5.0esr-14.0-1-build2") ;; See tor-browser-build/projects/translation/config. (define mullvadbrowser-translation-base @@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b"))) + (commit "caa431bbea1a76d7ad61eeda94086a1513762605"))) (file-name "translation-base-browser") (sha256 (base32 - "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs")))) + "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c")))) ;; See tor-browser-build/projects/translation/config. (define mullvadbrowser-translation-specific @@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece"))) + (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c"))) (file-name "translation-mullvad-browser") (sha256 (base32 - "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72")))) + "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd")))) (define mullvadbrowser-assets ;; This is a prebuilt Mullvad Browser from which we take the assets we need. @@ -867,7 +867,7 @@ (define mullvadbrowser-assets version "/mullvad-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01")))) + "0jh35vsnyqjg6hhwdlw11pq7i1awr6fy8chgr2w0wnrzm91vvzia")))) (arguments (list #:install-plan @@ -910,7 +910,7 @@ (define-public mullvadbrowser %mullvadbrowser-firefox-version ".tar.xz")) (sha256 (base32 - "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj")))) + "01mm8kxza5rfl4f78xb8n9x7y0p6mm205pxhqrvds0yyj3jvclsb")))) (arguments (substitute-keyword-arguments (package-arguments mullvadbrowser-base) ((#:phases phases) -- 2.46.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista 2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista 2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista @ 2024-12-02 1:59 ` Zheng Junjie 2 siblings, 0 replies; 8+ messages in thread From: Zheng Junjie @ 2024-12-02 1:59 UTC (permalink / raw) To: André Batista; +Cc: mhw, jonathan.brielmaier, 73998 [-- Attachment #1: Type: text/plain, Size: 918 bytes --] André Batista <nandre@riseup.net> writes: > This time around both browsers are on the same upstream ESR version. > Sent together because updating one would break the other as is. > > Cheers! > > André Batista (2): > gnu: torbrowser: Update to 14.0.3 [security-fixes]. > gnu: mullvadbrowser: Update to 14.0.3 [security fixes]. > > gnu/local.mk | 1 + > .../patches/torbrowser-compare-paths.patch | 24 ++++++++++ > gnu/packages/tor-browsers.scm | 44 +++++++++---------- > 3 files changed, 47 insertions(+), 22 deletions(-) > create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch > > > base-commit: 294386674c417355a24586fab5528c643d495b86 Are you interested in becoming a committer? This will make it easier to update torbrowser and mullvadbrowser packages. I don't know about these packages and can't review them. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-12-02 2:01 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista 2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista 2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista 2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista 2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista 2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista 2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista 2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).