diff options
| author | André Batista <nandre@riseup.net> | 2024-12-01 13:07:29 -0300 |
|---|---|---|
| committer | Hilton Chain <hako@ultrarare.space> | 2024-12-11 17:58:28 +0800 |
| commit | 11a5804e3ecb7cac8151d14f02ab2b2b3b750f8e (patch) | |
| tree | 9ec2150f194e74aa2feb011ecf589b64172a391b | |
| parent | 8d043d84084a2dd32a5c4fb0c685656517141c7a (diff) | |
| download | guix-11a5804e3ecb7cac8151d14f02ab2b2b3b750f8e.tar.gz guix-11a5804e3ecb7cac8151d14f02ab2b2b3b750f8e.zip | |
gnu: torbrowser: Update to 14.0.3 [security-fixes].
Fixes CVEs 2024-10458, 2024-10459, 2024-10460, 2024-10461, 2024-10462,
2024-10463, 2024-10464, 2024-10465, 2024-10466, 2024-10467, 2024-11691,
2024-11692, 2024-11693, 2024-11694, 2024-11695, 2024-11696, 2024-11697,
2024-11698 and 2024-11699. See
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/> for
details.
* gnu/packages/patches/torbrowser-compare-paths.patch: New file.
* gnu/local.mk (dist_patch_DATA): Regisiter it.
* gnu/packages/tor-browsers.scm (firefox-locales): Update to
f75c1e6a305e68161037337767ece88e9de940b9.
(%torbrowser-build-date): Update to 20241125154204.
(%torbrowser-version): Update to 14.0.3.
(%torbrowser-firefox-version): Update to 128.5.0esr-14.0-1-build2.
(torbrowser-translation-base): Update to
caa431bbea1a76d7ad61eeda94086a1513762605.
(torbrowser-translation-specific): Update to
4314d0a7ce780ffdf82b84e324bfbc437198f993.
(make-torbrowser) [arguments] <#:phases>: On 'apply-guix-specific-patches
change icecat-compare-paths.patch to torbrowser-compare-paths.patch as
the patched file has changed its name between major versions.
On 'remove-cargo-frozen-flag, update the regex to match this newer version
string.
Change-Id: Ia5d445e387351b3d5d08ecb14c2f31bf4cc81396
Signed-off-by: Hilton Chain <hako@ultrarare.space>
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/patches/torbrowser-compare-paths.patch | 24 | ||||
| -rw-r--r-- | gnu/packages/tor-browsers.scm | 26 |
3 files changed, 38 insertions, 13 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f1300a5ef5..e149b0e9c4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2260,6 +2260,7 @@ dist_patch_DATA = \ %D%/packages/patches/torcs-glibc-default-source.patch \ %D%/packages/patches/torcs-isnan.patch \ %D%/packages/patches/torcs-nullptr.patch \ + %D%/packages/patches/torbrowser-compare-paths.patch \ %D%/packages/patches/tpetra-remove-duplicate-using.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-4.0.6-fix-build.patch \ diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch new file mode 100644 index 0000000000..7d4d5fdb78 --- /dev/null +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -0,0 +1,24 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3606,6 +3606,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) + ) { + newAddon = this.updateMetadata( +@@ -3614,8 +3615,6 @@ + xpiState, + newAddon + ); +- } else if (oldAddon.path != xpiState.path) { +- newAddon = this.updatePath(installLocation, oldAddon, xpiState); + } else if (aUpdateCompatibility || aSchemaChange) { + newAddon = this.updateCompatibility( + installLocation, diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index 3d74a32e8f..c0f1972b30 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -92,7 +92,7 @@ ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "d8d587117c7b9dcc6a4fbc38407ed2c831bb008f") + (let ((commit "f75c1e6a305e68161037337767ece88e9de940b9") (revision "0")) (package (name "firefox-locales") @@ -106,7 +106,7 @@ (file-name (git-file-name name version)) (sha256 (base32 - "0a2ly29lli02jflqw78zjk7bp7h18fz935cc9csavi0cpdiixjv1")))) + "0ybi3n9mw9wnbi8dv01dllpvcdfwjmyn4q6njzhn8vg7jkmpha2s")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -116,16 +116,16 @@ Firefox locales.") ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20241008182800") +(define %torbrowser-build-date "20241125154204") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "13.5.7") +(define %torbrowser-version "14.0.3") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3") +(define %torbrowser-firefox-version "128.5.0esr-14.0-1-build2") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr" @@ -139,11 +139,11 @@ Firefox locales.") (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "ceb66dd0937da14962cb535699242b2526e11f02"))) + (commit "caa431bbea1a76d7ad61eeda94086a1513762605"))) (file-name "translation-base-browser") (sha256 (base32 - "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4")))) + "0zdkcykzh8m1rv6valx0mk6yvh2q4jrj2qxk0frh7nwxwc509b5c")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ Firefox locales.") (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7"))) + (commit "4314d0a7ce780ffdf82b84e324bfbc437198f993"))) (file-name "translation-tor-browser") (sha256 (base32 - "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0")))) + "04dx6mjcgfmarnaxxkmrlgwgxdr37frgz5j3wakp9wixys6p6cdv")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ Firefox locales.") version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3")))) + "01mzc1d3vad3i8mwqmk2s17ynfhr45sfxgqcy5g9f5ahk6rl7msr")))) (arguments (list #:install-plan @@ -213,7 +213,7 @@ Browser.") ".tar.xz")) (sha256 (base32 - "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i")))) + "1nnsmz6v8xnp67ih0jgail27c4cg6zfdax8qkd6hcn8i7pscgc72")))) (build-system mozilla-build-system) (inputs (list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird @@ -385,7 +385,7 @@ Browser.") (for-each (lambda (file) (invoke "patch" "--force" "-p1" "-i" file)) '(#$(local-file - (search-patch "icecat-compare-paths.patch")) + (search-patch "torbrowser-compare-paths.patch")) #$(local-file (search-patch "icecat-use-system-wide-dir.patch")))))) (add-after 'apply-guix-specific-patches 'remove-bundled-libraries @@ -499,7 +499,7 @@ Browser.") ;; complain that it's not able to change Cargo.lock. ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1726373 (substitute* "build/RunCbindgen.py" - (("\"--frozen\",") "")))) + (("args.append\\(\"--frozen\"\\)") "pass")))) (delete 'bootstrap) (add-before 'configure 'setenv (lambda _ |