From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id CGLjNDSKTGdiFAAAqHPOHw:P1 (envelope-from ) for ; Sun, 01 Dec 2024 16:09:25 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id CGLjNDSKTGdiFAAAqHPOHw (envelope-from ) for ; Sun, 01 Dec 2024 17:09:24 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=NxcVQkC3; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=YuvInq3s; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=riseup.net (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1733069364; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=fk+FAnhNSrNBX3B8DfHlXm/kdwt4o5zNbdOFxS3wq4E=; b=eVuiv/607ITsIP2tmC2nnPKhmRoc0DM05RzgItRdioyUm4W5zufqlKFwuBH4r/+zqbFBUp khwQil3i0VWn11fND3aXrC17OmpfQA6zW07safTh1etLEGZkgfYBWKaUgG7ge9MW6rGjW6 rjkaHlPvQ2zzgtHJN0PUAFxjyGE8J6p6ddyf4oMf/MLSr7f34bdbFaoSUDsCdBxc8nUpXU ZrWG9i0n43tJn6JRLKdoFvP3DpPRPkBRgSiYtI+BAuTVBl1PQfpgAmpWgRAi06Atsi1/bo MSWEYf80nayi0zBLp75HBbQvHCrY2umEZ9iMgkRuUQK9mNpuw1bVd1TVwCWe2w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=NxcVQkC3; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=YuvInq3s; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=riseup.net (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1733069364; a=rsa-sha256; cv=none; b=XcsHnqqlu3qZPJx7jW6zGAETIuGLWdhYhpdVJ+AO288TwcBqJYoMhPgKczc0XA3aJquU1o 2M2nV01dfGxK5XSaZ4rUn4reQs1rtybpOrk9rpDe4rRW6RpSGwW+arTWFHFej7QcvPQfQw nmouCmWaDaPGOat+u00SQmKCAL2KNQ5gH3JeNCqEriJgbXEl3MyTyJC4r+Qp5L7p82xsvc RwLiXPubT3Uel7ORsejAab56ZYdY/Ezkw5UV8UZ+lcOx8kho1NgMuCmAM/T2rOfZneJ72S X84litWUN+xmqTs5gbSbDhmb7Z73E3R6s7WxNULmU9wigWI6kyLWWV3IN8CXVw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7D64F79B4E for ; Sun, 01 Dec 2024 17:09:24 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tHmVQ-0004Qo-GZ; Sun, 01 Dec 2024 11:09:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tHmVK-0004O3-Kn for guix-patches@gnu.org; Sun, 01 Dec 2024 11:09:02 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tHmVK-00009E-Bb for guix-patches@gnu.org; Sun, 01 Dec 2024 11:09:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=fk+FAnhNSrNBX3B8DfHlXm/kdwt4o5zNbdOFxS3wq4E=; b=NxcVQkC3vsz3d3ij8jmeXyaG750KpAi2uGy4b8zla+mDcmqdaBN5IE75Ci1DoUvkG21g4rm6YgC4ugmvJu8WovHxG1i+ZwVqZJ6+20UXUZZpusbQ6GVTW6zSgFOmxgCe8TpILS3FX/2O1Wi6vRe5Zok5m+FyWGjEAvqmb8rbHq7YW4YLXpF0oNYezZd/uOwt6tfIKLHBF5KaShCWIhcDEJcOBwg2nAQKwOW9qUuhiBAsMkwL+HPkG5ouc0FsZTUZaNr+qVSSTs1gFsNLyRZUfs86nw4EI4l8jJ3S0m/MtGCIW3NZNFczSIhthTZ4BK3vd4ikidKghhUVfN0x0fs8BQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tHmVJ-0001V1-Qh; Sun, 01 Dec 2024 11:09:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes]. Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista Original-Sender: "Debbugs-submit" Resent-CC: jonathan.brielmaier@web.de, mhw@netris.org, guix-patches@gnu.org Resent-Date: Sun, 01 Dec 2024 16:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73998 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73998@debbugs.gnu.org Cc: =?UTF-8?Q?Andr=C3=A9?= Batista , jonathan.brielmaier@web.de, mhw@netris.org X-Debbugs-Original-Xcc: jonathan.brielmaier@web.de, mhw@netris.org Received: via spool by 73998-submit@debbugs.gnu.org id=B73998.17330692995657 (code B ref 73998); Sun, 01 Dec 2024 16:09:01 +0000 Received: (at 73998) by debbugs.gnu.org; 1 Dec 2024 16:08:19 +0000 Received: from localhost ([127.0.0.1]:52758 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tHmUc-0001TA-9T for submit@debbugs.gnu.org; Sun, 01 Dec 2024 11:08:18 -0500 Received: from mx1.riseup.net ([198.252.153.129]:37352) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tHmUW-0001Se-PP for 73998@debbugs.gnu.org; Sun, 01 Dec 2024 11:08:16 -0500 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4Y1WzW2T4YzDqjN for <73998@debbugs.gnu.org>; Sun, 1 Dec 2024 16:08:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1733069287; bh=XphAEoAzd4j94Mk3RO3fElOIpj6rPdRz8tf8y82kMJA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YuvInq3s9YDKeqBBH6dibXl1v4Xfa5vwHB4+H8jWEq6n8gfIaHW32xrcbjm7+C8RE 2njKWVDr4y7Hv7qQc2WbtGRPXzjYz6M6fT9CZJ12UAiDHU6mrW3p/Vse3QrnHFl4gg 0ImmUuAIS9aEAvyFZW4mNm2vxkkdnDOwYfxzyrec= X-Riseup-User-ID: 5CDC065C3AAFB96B085F1190D64086C351FDBD8F7F8594AF5387094E3421E2DD Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4Y1WzH1T25zFq1R; Sun, 1 Dec 2024 16:07:54 +0000 (UTC) From: =?UTF-8?Q?Andr=C3=A9?= Batista Date: Sun, 1 Dec 2024 13:07:29 -0300 Message-ID: <20241201160729.1830-1-nandre@riseup.net> In-Reply-To: <20241201160554.1800-1-nandre@riseup.net> References: <20241201160554.1800-1-nandre@riseup.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 1.69 X-Spam-Score: 1.69 X-Migadu-Queue-Id: 7D64F79B4E X-TUID: pRvJoKw60q+S Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691, 2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697, 2024-11698 and 2024-11699. See and for details. * gnu/packages/tor-browsers.scm (firefox-locales): Update to f75c1e6a305e68161037337767ece88e9de940b9. (%torbrowser-build-date): Update to 20241125154204. (%torbrowser-version): Update to 14.0.3. (%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2. (torbrowser-translation-base): Update to caa431bbea1a76d7ad61eeda94086a1513762605. (torbrowser-translation-specific): Update to 4314d0a7ce780ffdf82b84e324bfbc437198f993. (make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches change icecat-compare-paths.patch to torbrowser-compare-paths.patch as the patched file has changed its name between major versions. On 'remove-cargo-frozen-flag, update the regex to match this newer version string. * gnu/packages/patches: Add torbrowser-compare-paths.patch. * gnu/local.mk: Likewise. Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396 --- gnu/local.mk | 1 + .../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++ gnu/packages/tor-browsers.scm | 26 +++++++++---------- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/gnu/local.mk b/gnu/local.mk index c89fd88282..6c35a72576 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2238,6 +2238,7 @@ dist_patch_DATA = \ %D%/packages/patches/torcs-glibc-default-source.patch \ %D%/packages/patches/torcs-isnan.patch \ %D%/packages/patches/torcs-nullptr.patch \ + %D%/packages/patches/torbrowser-compare-paths.patch \ %D%/packages/patches/tpetra-remove-duplicate-using.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-4.0.6-fix-build.patch \ diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch new file mode 100644 index 0000000000..7d4d5fdb78 --- /dev/null +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -0,0 +1,24 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3606,6 +3606,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) + ) { + newAddon = this.updateMetadata( +@@ -3614,8 +3615,6 @@ + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index e517f9b214..3a23f8ab65 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers) ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f") + (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9") (revision "0")) (package (name "firefox-locales") @@ -106,7 +106,7 @@ (define firefox-locales (file-name (git-file-name name version)) (sha256 (base32 - "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1")))) + "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -116,16 +116,16 @@ (define firefox-locales ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20241008182800") +(define %torbrowser-build-date "20241125154204") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.5.7") +(define %torbrowser-version "14.0.3") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3") +(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr" @@ -139,11 +139,11 @@ (define torbrowser-translation-base (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "ceb66dd0937da14962cb535699242b2526e11f02"))) + (commit "caa431bbea1a76d7ad61eeda94086a1513762605"))) (file-name "translation-base-browser") (sha256 (base32 - "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4")))) + "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ (define torbrowser-translation-specific (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7"))) + (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993"))) (file-name "translation-tor-browser") (sha256 (base32 - "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0")))) + "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ (define torbrowser-assets version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3")))) + "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr")))) (arguments (list #:install-plan @@ -213,7 +213,7 @@ (define* (make-torbrowser #:key ".tar.xz")) (sha256 (base32 - "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i")))) + "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72")))) (build-system mozilla-build-system) (inputs (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird @@ -383,7 +383,7 @@ (define* (make-torbrowser #:key (for-each (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) '(#$(local-file - (search-patch "icecat-compare-paths.patch")) + (search-patch "torbrowser-compare-paths.patch")) #$(local-file (search-patch "icecat-use-system-wide-dir.patch")))))) (add-after 'apply-guix-specific-patches 'remove-bundled-libraries @@ -497,7 +497,7 @@ (define (runpaths-of-input label) ;; complain that it's not able to change Cargo.lock. ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 (substitute* "build/RunCbindgen.py" - (("\"--frozen\",") "")))) + (("args.append\\(\"--frozen\"\\)") "pass")))) (delete 'bootstrap) (add-before 'configure 'setenv (lambda _ -- 2.46.0