[PATCH] gnu: torbrowser: Update to 14.0.

  • Open
  • quality assurance status badge
Details
2 participants
  • André Batista
  • Zheng Junjie
Owner
unassigned
Submitted by
André Batista
Severity
normal
A
A
André Batista wrote on 24 Oct 23:25 +0200
(address . guix-patches@gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241024212533.1480-1-nandre@riseup.net
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
eded3303744e8f5ca85f0d14710f198cd77fd23f.
(%torbrowser-build-date): Update to 20241016164500.
(%torbrowser-version): Update to 14.0.
(%torbrowser-firefox-version): Update to 128.3.0esr-14.0-1-build6.
(torbrowser-translation-base): Update to
547400dd678f476ec38efde2cf703d57c1a3e8c7.
(torbrowser-translation-specific): Update to
38d5c3b11cfb96833ae2c7dc3122829b29583d6f.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.

Change-Id: Idc442a89d95198d0794b179a45f47d0546e720c4
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)

Toggle diff (152 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 89a795bfbd..e85b3602b1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2222,6 +2222,7 @@ dist_patch_DATA = \
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tofi-32bit-compat.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..55d4c1dca4 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "eded3303744e8f5ca85f0d14710f198cd77fd23f")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "1zvq6z79rv6cr6vwi04w6j47rn0hfjjzbgcbjhdaabgla88d5gz2"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241016164500")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.3.0esr-14.0-1-build6")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "547400dd678f476ec38efde2cf703d57c1a3e8c7")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "0g7s2365dl71yl0y29vx503jhiqji91vb8jc2dqn6yf7ip7wy75g"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "38d5c3b11cfb96833ae2c7dc3122829b29583d6f")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "0rlhaa4npzcy3lc5xs0m8p4mdcv13wah4c7df81j4g37r5xql81w"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "18jm7x2r4ayy0f1kyaxvnlvj17d7ma0bbvl8jh25sgy7ry7i7ns4"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "0i4bnd65xd865manks1xkapymylz2gb3sxlyai04fi8kx1m4wj87"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _

base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1
--
2.45.2
A
A
André Batista wrote on 29 Oct 23:45 +0100
[PATCH 0/2] Update torbrowser and mullvadbrowser
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241029224533.2612-1-nandre@riseup.net
This patch series updates both torbrowser and mullvadbrowser to their
latest stable releases (14.0.1 and 13.5.9 respectively). It is sent
together as changes to "make-torbrowser" required by torbrowser would
break mullvadbrowser as is.

This patch series presuposes icecat remains based on ESR 115 and may
need to be reworked if it goes to the next ESR 128 before it is
applied. See the changes to two build phases on torbrowser for more
info.

It also makes #73762 obsolete.

Cheers!

André Batista (2):
gnu: torbrowser: Update to 14.0.1 [security-fixes].
gnu: mullvadbrowser: Update to 13.5.9 [security fixes].

gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 ++++++++
gnu/packages/tor-browsers.scm | 59 ++++++++++++-------
3 files changed, 62 insertions(+), 22 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch


base-commit: 59b2a60d0041882d732e1766e28f0df5a1ef1ac1
--
2.46.0
A
A
André Batista wrote on 29 Oct 23:48 +0100
[PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes].
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241029224825.2660-1-nandre@riseup.net
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466 and 2024-10467.

* gnu/packages/tor-browsers.scm (firefox-locales): Update to
878fe6f256d52c7e5b0205b07b061829ccde4f17.
(%torbrowser-build-date): Update to 20241028090000.
(%torbrowser-version): Update to 14.0.1.
(%torbrowser-firefox-version): Update to 128.4.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(torbrowser-translation-specific): Update to
ba63bd165f3fd4bdd472815c9761413d4671cfb7.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)

Toggle diff (150 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 89a795bfbd..e85b3602b1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2222,6 +2222,7 @@ dist_patch_DATA = \
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tofi-32bit-compat.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..02e3c0583c 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "878fe6f256d52c7e5b0205b07b061829ccde4f17")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "1ypnzjf5klcj75hf9cp88rwvr6aav3h2939rw19wf9hnyanc4xf1"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241028090000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.1")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.4.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "ba63bd165f3fd4bdd472815c9761413d4671cfb7")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "0dmsqb57whpq0l05krfmwxv8d31by06a7mpgrmbxjnlv9y3b5nlf"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "13wx4i4mawm8spyg17lil09fsm37s5g409zs3i5764g0llqwl1hd"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "12bnqhn57xpyy2iax4iyfcfpsk25mmj4m2nllwrkkv4lqp3ifbkh"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0
A
A
André Batista wrote on 29 Oct 23:49 +0100
[PATCH 2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes].
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241029224922.2681-1-nandre@riseup.net
Fixes CVE 2024-9680, 2024-10458, 2024-10459 and 2024-10463. See the Mozilla
Foundation Security Advisories

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241024160253.
(%mullvadbrowser-version): Update to 13.5.9.
(%mullvadbrowser-firefox-version): Update to 115.17.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.
(mullvadbrowser) [arguments] <#:phases>: Replace 'apply-guix-specific-patches
so as to keep using icecat-compare-paths.patch as it applies to ESR 115.
Replace 'remove-cargo-frozen-flag, keep the old regex which matches for this
older version.
---
gnu/packages/tor-browsers.scm | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)

Toggle diff (92 lines)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 02e3c0583c..e6747401a5 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241024160253")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "13.5.9")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "115.17.0esr-13.5-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+ (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
(file-name "translation-base-browser")
(sha256
(base32
- "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+ "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+ (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
(file-name "translation-mullvad-browser")
(sha256
(base32
- "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+ "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
(define mullvadbrowser-assets
;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+ "0q3c2wf5r6n06y36bcp5qxir41a01dwj4am9pqs5cz48ilimh8c7"))))
(arguments
(list
#:install-plan
@@ -910,11 +910,26 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+ "1xz005sa7isz561r9zlsipm6gpx30b83k7xbfy00zkc7qkl15xzs"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
#~(modify-phases #$phases
+ (replace 'apply-guix-specific-patches
+ (lambda _
+ (for-each
+ (lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
+ '(#$(local-file
+ (search-patch "icecat-compare-paths.patch"))
+ #$(local-file
+ (search-patch "icecat-use-system-wide-dir.patch"))))))
+ (replace 'remove-cargo-frozen-flag
+ (lambda _
+ ;; This is only needed while torbrowser and mullvadbrowser
+ ;; remain based on different firefox ESR versions. Delete
+ ;; once mullvad reaches the same upstream base.
+ (substitute* "build/RunCbindgen.py"
+ (("\"--frozen\",") ""))))
(add-after 'unpack 'ublock-private-allowed
(lambda _
(substitute* "toolkit/components/extensions/Extension.sys.mjs"
--
2.46.0
A
A
André Batista wrote on 1 Dec 17:05 +0100
[PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241201160554.1800-1-nandre@riseup.net
This time around both browsers are on the same upstream ESR version.
Sent together because updating one would break the other as is.

Cheers!

André Batista (2):
gnu: torbrowser: Update to 14.0.3 [security-fixes].
gnu: mullvadbrowser: Update to 14.0.3 [security fixes].

gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 ++++++++++
gnu/packages/tor-browsers.scm | 44 +++++++++----------
3 files changed, 47 insertions(+), 22 deletions(-)
create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch


base-commit: 294386674c417355a24586fab5528c643d495b86
--
2.46.0
A
A
André Batista wrote on 1 Dec 17:07 +0100
[PATCH v2 1/2] gnu: torbrowser: Update to 14.0.3 [security-fixes].
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241201160729.1830-1-nandre@riseup.net
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691,
2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697,
2024-11698 and 2024-11699. See
details.

* gnu/packages/tor-browsers.scm (firefox-locales): Update to
f75c1e6a305e68161037337767ece88e9de940b9.
(%torbrowser-build-date): Update to 20241125154204.
(%torbrowser-version): Update to 14.0.3.
(%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(torbrowser-translation-specific): Update to
4314d0a7ce780ffdf82b84e324bfbc437198f993.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.

Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)

Toggle diff (150 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index c89fd88282..6c35a72576 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2238,6 +2238,7 @@ dist_patch_DATA = \
%D%/packages/patches/torcs-glibc-default-source.patch \
%D%/packages/patches/torcs-isnan.patch \
%D%/packages/patches/torcs-nullptr.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..3a23f8ab65 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n")
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241125154204")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "caa431bbea1a76d7ad61eeda94086a1513762605")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0
A
A
André Batista wrote on 1 Dec 17:08 +0100
[PATCH v2 2/2] gnu: mullvadbrowser: Update to 14.0.3 [security fixes].
(address . 73998@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20241201160819.1852-1-nandre@riseup.net
Fixes CVE 2024-9680, 2024-10458, 2024-10459, 2024-10460, 2024-10461,
2024-10462, 2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467,
2024-11691, 2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696,
2024-11697, 2024-11698 and 2024-11699. See the Mozilla Foundation
Security Advisories
details.

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241125154204.
(%mullvadbrowser-version): Update to 14.0.3.
(%mullvadbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(mullvadbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.

Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
---
gnu/packages/tor-browsers.scm | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)

Toggle diff (73 lines)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 3a23f8ab65..58a147f39b 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@ (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
;; We copy the official build id, which can be found there:
;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241125154204")
;; To find the last version, look at
;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "14.0.3")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "128.5.0esr-14.0-1-build2")
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@ (define mullvadbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+ (commit "caa431bbea1a76d7ad61eeda94086a1513762605")))
(file-name "translation-base-browser")
(sha256
(base32
- "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+ "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c"))))
;; See tor-browser-build/projects/translation/config.
(define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@ (define mullvadbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+ (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
(file-name "translation-mullvad-browser")
(sha256
(base32
- "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+ "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
(define mullvadbrowser-assets
;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@ (define mullvadbrowser-assets
version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+ "0jh35vsnyqjg6hhwdlw11pq7i1awr6fy8chgr2w0wnrzm91vvzia"))))
(arguments
(list
#:install-plan
@@ -910,7 +910,7 @@ (define-public mullvadbrowser
%mullvadbrowser-firefox-version ".tar.xz"))
(sha256
(base32
- "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+ "01mm8kxza5rfl4f78xb8n9x7y0p6mm205pxhqrvds0yyj3jvclsb"))))
(arguments
(substitute-keyword-arguments (package-arguments mullvadbrowser-base)
((#:phases phases)
--
2.46.0
Z
Z
Zheng Junjie wrote on 2 Dec 02:59 +0100
Re: [bug#73998] [PATCH v2 0/2] Update torbrowser and mullvadbrowser to 14.0.3
(name . André Batista)(address . nandre@riseup.net)
87a5deoneb.fsf@iscas.ac.cn
André Batista <nandre@riseup.net> writes:

Toggle quote (18 lines)
> This time around both browsers are on the same upstream ESR version.
> Sent together because updating one would break the other as is.
>
> Cheers!
>
> André Batista (2):
> gnu: torbrowser: Update to 14.0.3 [security-fixes].
> gnu: mullvadbrowser: Update to 14.0.3 [security fixes].
>
> gnu/local.mk | 1 +
> .../patches/torbrowser-compare-paths.patch | 24 ++++++++++
> gnu/packages/tor-browsers.scm | 44 +++++++++----------
> 3 files changed, 47 insertions(+), 22 deletions(-)
> create mode 100644 gnu/packages/patches/torbrowser-compare-paths.patch
>
>
> base-commit: 294386674c417355a24586fab5528c643d495b86

Are you interested in becoming a committer? This will make it easier to
update torbrowser and mullvadbrowser packages. I don't know about these
packages and can't review them.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmdNFIwACgkQO1qpk+Gi
3/AbnBAAjJmoJZnhdPcydBUmUsv3P4G0qn8am3oLWdm9mMuKuawZfaLjw397FmuV
Jl8YPWuqbYh/aTdtDlObQ5bXvTI8ZhgHjO/8+MkxB+on8gpYK/2WXhS8VFoeJ72Y
vvBIiRXywz54aoFFGym6CqUyCva741+tE5YlRlzvbDGfd89czLimvROKQHakhJ8f
MrS9z+BWuBEG3DE0Yhx+6IzJqS1pDaIPx/vv9xld26gM6ow2TR8mdj5AIBX0lwGn
RLi3yFm6EawbEL4PUpzTBBfONNnCvdIrGpyEGOkVk4BMAlRrXLncmGqcWKfcrTqE
IX1H/hKJyLkt8lnFff9GeBbn8it05IpeLMp8rJXvEVs8nz+x9wDj/7DUeBlIkwEM
mv7vCmMC/aQCYVQirDY5K772Qsi4TKzkP0lwsUmma7RxUf3jzGi3IM/qK1i4VVOe
9YCOjTOykfanRoXX2UZ1gvBAxOdKguH6wuURGhLZ/lNcxbRDaiDDMBA+viXdiyoz
qiZwtoHjSRBkzxU0y1jYZCtvXlw1nTFZc9MbelIWURmgjm1jmZrFxSHgd9pxeOeS
RrkMKaRLVmZ8m27Id7PoKhsBw3jTnlmEo7j+FydDCzK1fnylNoMpKVat4oSyiUsr
eV0vZr5p0jgmrCyqVWhQTi/pI0WKoRAUbpWk2yPoLfiFVSr8drs=
=ADfP
-----END PGP SIGNATURE-----

?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 73998@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 73998
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch