* [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0.
@ 2024-10-24 21:25 André Batista
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
0 siblings, 1 reply; 8+ messages in thread
From: André Batista @ 2024-10-24 21:25 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
eded3303744e8f5ca85f0d14710f198cd77fd23f.
(%torbrowser-build-date): Update to 20241016164500.
(%torbrowser-version): Update to 14.0.
(%torbrowser-firefox-version): Update to 128.3.0esr-14.0-1-build6.
(torbrowser-translation-base): Update to
547400dd678f476ec38efde2cf703d57c1a3e8c7.
(torbrowser-translation-specific): Update to
38d5c3b11cfb96833ae2c7dc3122829b29583d6f.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
Change-Id: Idc442a89d95198d0794b179a45f47d0546e720c4
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 89a795bfbd..e85b3602b1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2222,6 +2222,7 @@ dist_patch_DATA = \
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tofi-32bit-compat.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..55d4c1dca4 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "eded3303744e8f5ca85f0d14710f198cd77fd23f")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "1zvq6z79rv6cr6vwi04w6j47rn0hfjjzbgcbjhdaabgla88d5gz2"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241016164500")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.3.0esr-14.0-1-build6")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "547400dd678f476ec38efde2cf703d57c1a3e8c7")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "0g7s2365dl71yl0y29vx503jhiqji91vb8jc2dqn6yf7ip7wy75g"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "38d5c3b11cfb96833ae2c7dc3122829b29583d6f")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "0rlhaa4npzcy3lc5xs0m8p4mdcv13wah4c7df81j4g37r5xql81w"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "18jm7x2r4ayy0f1kyaxvnlvj17d7ma0bbvl8jh25sgy7ry7i7ns4"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "0i4bnd65xd865manks1xkapymylz2gb3sxlyai04fi8kx1m4wj87"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1
--
2.45.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser
2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista
@ 2024-10-29 22:45 ` André Batista
2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: André Batista @ 2024-10-29 22:45 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
This patch series updates both torbrowser and mullvadbrowser to their
latest stable releases (14.0.1 and 13.5.9 respectively). It is sent
together as changes to "make-torbrowser" required by torbrowser would
break mullvadbrowser as is.
This patch series presuposes icecat remains based on ESR 115 and may
need to be reworked if it goes to the next ESR 128 before it is
applied. See the changes to two build phases on torbrowser for more
info.
It also makes #73762 obsolete.
Cheers!
André Batista (2):
gnu: torbrowser: Update to 14.0.1 [security-fixes].
gnu: mullvadbrowser: Update to 13.5.9 [security fixes].
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 ++++++++
gnu/packages/tor-browsers.scm | 59 ++++++++++++-------
3 files changed, 62 insertions(+), 22 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch
base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1
--
2.46.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes].
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
@ 2024-10-29 22:48 ` André Batista
2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2 siblings, 0 replies; 8+ messages in thread
From: André Batista @ 2024-10-29 22:48 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466 and 2024-10467.
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/> for details.
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
878fe6f256d52c7e5b0205b07b061829ccde4f17.
(%torbrowser-build-date): Update to 20241028090000.
(%torbrowser-version): Update to 14.0.1.
(%torbrowser-firefox-version): Update to 128.4.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(torbrowser-translation-specific): Update to
ba63bd165f3fd4bdd472815c9761413d4671cfb7.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 89a795bfbd..e85b3602b1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2222,6 +2222,7 @@ dist_patch_DATA = \
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tofi-32bit-compat.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..02e3c0583c 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "878fe6f256d52c7e5b0205b07b061829ccde4f17")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "1ypnzjf5klcj75hf9cp88rwvr6aav3h2939rw19wf9hnyanc4xf1"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241028090000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.1")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.4.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "ba63bd165f3fd4bdd472815c9761413d4671cfb7")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "0dmsqb57whpq0l05krfmwxv8d31by06a7mpgrmbxjnlv9y3b5nlf"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "13wx4i4mawm8spyg17lil09fsm37s5g409zs3i5764g0llqwl1hd"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "12bnqhn57xpyy2iax4iyfcfpsk25mmj4m2nllwrkkv4lqp3ifbkh"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes].
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
@ 2024-10-29 22:49 ` André Batista
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2 siblings, 0 replies; 8+ messages in thread
From: André Batista @ 2024-10-29 22:49 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
Fixes CVE 2024-9680, 2024-10458, 2024-10459 and 2024-10463. See the Mozilla
Foundation Security Advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> for details.
* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241024160253.
(%mullvadbrowser-version): Update to 13.5.9.
(%mullvadbrowser-firefox-version): Update to 115.17.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.
(mullvadbrowser) [arguments] <#:phases>: Replace 'apply-guix-specific-patches
so as to keep using icecat-compare-paths.patch as it applies to ESR 115.
Replace 'remove-cargo-frozen-flag, keep the old regex which matches for this
older version.
---
gnu/packages/tor-browsers.scm | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 02e3c0583c..e6747401a5 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241024160253")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "13.5.9")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "115.17.0esr-13.5-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+ (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
(file-name "translation-base-browser")
(sha256
(base32
- "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+ "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+ (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
(file-name "translation-mullvad-browser")
(sha256
(base32
- "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+ "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
(define mullvadbrowser-assets
;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+ "0q3c2wf5r6n06y36bcp5qxir41a01dwj4am9pqs5cz48ilimh8c7"))))
(arguments
(list
#:install-plan
@@ -910,11 +910,26 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+ "1xz005sa7isz561r9zlsipm6gpx30b83k7xbfy00zkc7qkl15xzs"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
#~(modify-phases #$phases
+ (replace 'apply-guix-specific-patches
+ (lambda _
+ (for-each
+ (lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
+ '(#$(local-file
+ (search-patch "icecat-compare-paths.patch"))
+ #$(local-file
+ (search-patch "icecat-use-system-wide-dir.patch"))))))
+ (replace 'remove-cargo-frozen-flag
+ (lambda _
+ ;; This is only needed while torbrowser and mullvadbrowser
+ ;; remain based on different firefox ESR versions. Delete
+ ;; once mullvad reaches the same upstream base.
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",") ""))))
(add-after 'unpack 'ublock-private-allowed
(lambda _
(substitute* "toolkit/components/extensions/Extension.sys.mjs"
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista
@ 2024-12-01 16:05 ` André Batista
2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista
` (2 more replies)
2 siblings, 3 replies; 8+ messages in thread
From: André Batista @ 2024-12-01 16:05 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
This time around both browsers are on the same upstream ESR version.
Sent together because updating one would break the other as is.
Cheers!
André Batista (2):
gnu: torbrowser: Update to 14.0.3 [security-fixes].
gnu: mullvadbrowser: Update to 14.0.3 [security fixes].
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 ++++++++++
gnu/packages/tor-browsers.scm | 44 +++++++++----------
3 files changed, 47 insertions(+), 22 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch
base-commit: 294386674c417355a24586fab5528c643d495b86
--
2.46.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes].
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
@ 2024-12-01 16:07 ` André Batista
2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista
2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie
2 siblings, 0 replies; 8+ messages in thread
From: André Batista @ 2024-12-01 16:07 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691,
2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697,
2024-11698 and 2024-11699. See
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for
details.
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
f75c1e6a305e68161037337767ece88e9de940b9.
(%torbrowser-build-date): Update to 20241125154204.
(%torbrowser-version): Update to 14.0.3.
(%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(torbrowser-translation-specific): Update to
4314d0a7ce780ffdf82b84e324bfbc437198f993.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index c89fd88282..6c35a72576 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2238,6 +2238,7 @@ dist_patch_DATA = \
%D%/packages/patches/torcs-glibc-default-source.patch \
%D%/packages/patches/torcs-isnan.patch \
%D%/packages/patches/torcs-nullptr.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..3a23f8ab65 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241125154204")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "caa431bbea1a76d7ad61eeda94086a1513762605")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes].
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista
@ 2024-12-01 16:08 ` André Batista
2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie
2 siblings, 0 replies; 8+ messages in thread
From: André Batista @ 2024-12-01 16:08 UTC (permalink / raw)
To: 73998; +Cc: André Batista, jonathan.brielmaier, mhw
Fixes CVE 2024-9680, 2024-10458, 2024-10459, 2024-10460, 2024-10461,
2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467,
2024-11691, 2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696,
2024-11697, 2024-11698 and 2024-11699. See the Mozilla Foundation
Security Advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>,
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for
details.
* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241125154204.
(%mullvadbrowser-version): Update to 14.0.3.
(%mullvadbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(mullvadbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.
Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
---
gnu/packages/tor-browsers.scm | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 3a23f8ab65..58a147f39b 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241125154204")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "14.0.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "128.5.0esr-14.0-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+ (commit "caa431bbea1a76d7ad61eeda94086a1513762605")))
(file-name "translation-base-browser")
(sha256
(base32
- "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+ "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+ (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
(file-name "translation-mullvad-browser")
(sha256
(base32
- "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+ "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
(define mullvadbrowser-assets
;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+ "0jh35vsnyqjg6hhwdlw11pq7i1awr6fy8chgr2w0wnrzm91vvzia"))))
(arguments
(list
#:install-plan
@@ -910,7 +910,7 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+ "01mm8kxza5rfl4f78xb8n9x7y0p6mm205pxhqrvds0yyj3jvclsb"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
--
2.46.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista
2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista
@ 2024-12-02 1:59 ` Zheng Junjie
2 siblings, 0 replies; 8+ messages in thread
From: Zheng Junjie @ 2024-12-02 1:59 UTC (permalink / raw)
To: André Batista; +Cc: mhw, jonathan.brielmaier, 73998
[-- Attachment #1: Type: text/plain, Size: 918 bytes --]
André Batista <nandre@riseup.net> writes:
> This time around both browsers are on the same upstream ESR version.
> Sent together because updating one would break the other as is.
>
> Cheers!
>
> André Batista (2):
> gnu: torbrowser: Update to 14.0.3 [security-fixes].
> gnu: mullvadbrowser: Update to 14.0.3 [security fixes].
>
> gnu/local.mk | 1 +
> .../patches/torbrowser-compare-paths.patch | 24 ++++++++++
> gnu/packages/tor-browsers.scm | 44 +++++++++----------
> 3 files changed, 47 insertions(+), 22 deletions(-)
> create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch
>
>
> base-commit: 294386674c417355a24586fab5528c643d495b86
Are you interested in becoming a committer? This will make it easier to
update torbrowser and mullvadbrowser packages. I don't know about these
packages and can't review them.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-12-02 2:01 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-24 21:25 [bug#73998] [PATCH] gnu: torbrowser: Update to 14.0 André Batista
2024-10-29 22:45 ` [bug#73998] [PATCH 0/2] Update torbrowser and mullvadbrowser André Batista
2024-10-29 22:48 ` [bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes] André Batista
2024-10-29 22:49 ` [bug#73998] [PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes] André Batista
2024-12-01 16:05 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 André Batista
2024-12-01 16:07 ` [bug#73998] [PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes] André Batista
2024-12-01 16:08 ` [bug#73998] [PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes] André Batista
2024-12-02 1:59 ` [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3 Zheng Junjie
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.