[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixe
|
From: |
André Batista |
|
Subject: |
[bug#73998] [PATCH 1/2] gnu: torbrowser: Update to 14.0.1 [security-fixes]. |
|
Date: |
Tue, 29 Oct 2024 19:48:25 -0300 |
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466 and 2024-10467.
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/> for details.
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
878fe6f256d52c7e5b0205b07b061829ccde4f17.
(%torbrowser-build-date): Update to 20241028090000.
(%torbrowser-version): Update to 14.0.1.
(%torbrowser-firefox-version): Update to 128.4.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(torbrowser-translation-specific): Update to
ba63bd165f3fd4bdd472815c9761413d4671cfb7.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
* gnu/packages/patches: Add torbrowser-compare-paths.patch.
* gnu/local.mk: Likewise.
---
gnu/local.mk | 1 +
.../patches/torbrowser-compare-paths.patch | 24 +++++++++++++++++
gnu/packages/tor-browsers.scm | 26 +++++++++----------
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 89a795bfbd..e85b3602b1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2222,6 +2222,7 @@ dist_patch_DATA =
\
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tofi-32bit-compat.patch \
+ %D%/packages/patches/torbrowser-compare-paths.patch \
%D%/packages/patches/tpetra-remove-duplicate-using.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-4.0.6-fix-build.patch \
diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch
b/gnu/packages/patches/torbrowser-compare-paths.patch
new file mode 100644
index 0000000000..7d4d5fdb78
--- /dev/null
+++ b/gnu/packages/patches/torbrowser-compare-paths.patch
@@ -0,0 +1,24 @@
+See comment in gnu/build/icecat-extension.scm.
+This is only needed while icecat and torbrowser remain on
+different ESR versions as the patched file has changed its
+name.
+
+--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+@@ -3606,6 +3606,7 @@
+ if (
+ newAddon ||
+ oldAddon.updateDate != xpiState.mtime ||
++ oldAddon.path != xpiState.path ||
+ (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
+ ) {
+ newAddon = this.updateMetadata(
+@@ -3614,8 +3615,6 @@
+ xpiState,
+ newAddon
+ );
+- } else if (oldAddon.path != xpiState.path) {
+- newAddon = this.updatePath(installLocation, oldAddon, xpiState);
+ } else if (aUpdateCompatibility || aSchemaChange) {
+ newAddon = this.updateCompatibility(
+ installLocation,
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index e517f9b214..02e3c0583c 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -92,7 +92,7 @@ (define-module (gnu packages tor-browsers)
;; See browser/locales/l10n-changesets.json for the commit.
(define firefox-locales
- (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f")
+ (let ((commit "878fe6f256d52c7e5b0205b07b061829ccde4f17")
(revision "0"))
(package
(name "firefox-locales")
@@ -106,7 +106,7 @@ (define firefox-locales
(file-name (git-file-name name version))
(sha256
(base32
- "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1"))))
+ "1ypnzjf5klcj75hf9cp88rwvr6aav3h2939rw19wf9hnyanc4xf1"))))
(build-system copy-build-system)
(home-page "https://github.com/mozilla-l10n/firefox-l10n";)
(synopsis "Firefox Locales")
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20241008182800")
+(define %torbrowser-build-date "20241028090000")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.7")
+(define %torbrowser-version "14.0.1")
;; To find the last Firefox version, browse
;;
https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "128.4.0esr-14.0-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa"
"fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git";)
- (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
+ (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
(file-name "translation-base-browser")
(sha256
(base32
- "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
+ "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git";)
- (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
+ (commit "ba63bd165f3fd4bdd472815c9761413d4671cfb7")))
(file-name "translation-tor-browser")
(sha256
(base32
- "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
+ "0dmsqb57whpq0l05krfmwxv8d31by06a7mpgrmbxjnlv9y3b5nlf"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
+ "13wx4i4mawm8spyg17lil09fsm37s5g409zs3i5764g0llqwl1hd"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
+ "12bnqhn57xpyy2iax4iyfcfpsk25mmj4m2nllwrkkv4lqp3ifbkh"))))
(build-system mozilla-build-system)
(inputs
(list
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -383,7 +383,7 @@ (define* (make-torbrowser #:key
(for-each
(lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
'(#$(local-file
- (search-patch "icecat-compare-paths.patch"))
+ (search-patch "torbrowser-compare-paths.patch"))
#$(local-file
(search-patch "icecat-use-system-wide-dir.patch"))))))
(add-after 'apply-guix-specific-patches 'remove-bundled-libraries
@@ -497,7 +497,7 @@ (define (runpaths-of-input label)
;; complain that it's not able to change Cargo.lock.
;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373
(substitute* "build/RunCbindgen.py"
- (("\"--frozen\",") ""))))
+ (("args.append\\(\"--frozen\"\\)") "pass"))))
(delete 'bootstrap)
(add-before 'configure 'setenv
(lambda _
--
2.46.0