From 084d94289c6399174689f725853a54b2bce7a652 Mon Sep 17 00:00:00 2001
From: André Batista <nandre@riseup.net>
Date: Sat, 5 Oct 2024 00:08:56 -0300
Subject: gnu: mullvadbrowser: Update to 13.5.6 [security fixes].

Fixes CVEs 2024-9392, 2024-9393, 2024-9394 and 2024-9401. See the Mozilla
Foundation Security Advisory
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> for details.

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20240930230510.
(%mullvadbrowser-version): Update to 13.5.6.
(%mullvadbrowser-firefox-version): Update to 115.16.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
a142f78af87f994913faa15fb4b0f34f0ce1a22b.
(mullvadbrowser-translation-specific): Update to
78212a3da2439e436ac5f73d8e3eb908145c3ece.

Change-Id: Id65315c9aa829815e00dcfe74098680654592f20
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
---
 gnu/packages/tor-browsers.scm | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 7f601737b1..6bc1ef5328 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -824,17 +824,17 @@ attacks on the privacy of Tor users.")
 
 ;; We copy the official build id, which can be found there:
 ;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240903073000")
+(define %mullvadbrowser-build-date "20240930230510")
 
 ;; To find the last version, look at
 ;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.3")
+(define %mullvadbrowser-version "13.5.6")
 
 ;; To find the last Firefox version, browse
 ;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
 ;; There should be only one archive that starts with
 ;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.15.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-base
@@ -842,11 +842,11 @@ attacks on the privacy of Tor users.")
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
+          (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
     (file-name "translation-base-browser")
     (sha256
      (base32
-      "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
+      "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-specific
@@ -854,11 +854,11 @@ attacks on the privacy of Tor users.")
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "bff8092bbe5ae93b2c162ade300d739b2cd9e92d")))
+          (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
     (file-name "translation-mullvad-browser")
     (sha256
      (base32
-      "0742ylhz80445a28ssp2hpshy0dvr12h2c1mcv5pjdipzcwhgil8"))))
+      "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
 
 (define mullvadbrowser-assets
   ;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -874,7 +874,7 @@ attacks on the privacy of Tor users.")
          version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
        (sha256
         (base32
-         "17sqin4fnvq96plarv0iv8r801i19gh7v7szg2vrmcynay8qx4mc"))))
+         "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
     (arguments
      (list
       #:install-plan
@@ -917,7 +917,7 @@ Mullvad Browser.")
          %mullvadbrowser-firefox-version ".tar.xz"))
        (sha256
         (base32
-         "1c6jjw0x8bjz74q15a7vskrd0ji5ic19mzr9f2laivhznjy0r12c"))))
+         "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
     (arguments
      (substitute-keyword-arguments (package-arguments mullvadbrowser-base)
        ((#:phases phases)
-- 
cgit v1.2.3

f14eacc44370c'>etc: SELinux: Label guix-daemon executable in profile.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in: Add file rule for "guix-daemon" in current-guix
profile.
</span></span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2022-01-26 09:31:45 +0100'>2022-01-26</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=bbc2fb0d52128c85c92251ed36d8063b3dcf3c3a'>etc: Remove redundant SELinux permissions block.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Consolidate two blocks adding
sock_file permissions on guix_daemon_conf_t.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2022-01-24 11:28:14 +0100'>2022-01-24</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=98e74d520a30d1ed7d7b47d4f1d9afadefc699e3'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit write on guix_daemon_conf_t
sock_file, necessary for garbage collection.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2021-05-22 19:53:17 +0200'>2021-05-22</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=35bd94a49257bbadcb3ca25342e5c1ec33f438f0'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for
garbage collection.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-12-10 23:48:42 +0100'>2020-12-10</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d677f3d6231d352fdb65b70f67d85fb5744e912c'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-27 21:33:59 +0100'>2020-11-27</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=1807632393d0723f3085c457517965c32715717a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit more operations required for
various build jobs.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-26 00:31:47 +0100'>2020-11-26</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=402ebffe195890c9826cfa7519034dd12a48ae6a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr,
read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to
PostgreSQL.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-25 23:24:52 +0100'>2020-11-25</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d64e0261d0007413a795c4cf01f9d06b170da3f5'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is needed for some package test suites.

* etc/guix-daemon.cil.in (guix_daemon): Permit unix_dgram_socket operations.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-15 16:08:47 +0100'>2020-11-15</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=62343288ef6dc56027d268ef773ae699a4bbb76d'>etc: Updates for the guix-daemon SELinux policy.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for
guix-daemon to account for daemon updates and newer SELinux.

I can't promise that this is a complete list of everything that guix-daemon
needs, but it's probably most of them. It can search for, install, upgrade,
and remove packages, create virtual machines and containers, update itself,
and so on.

Signed-off-by: Marius Bakke &lt;marius@gnu.org&gt;
</span></span></td><td>Daniel Brooks</td></tr>
<tr><td><span title='2019-09-08 11:49:25 +0200'>2019-09-08</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=cc98b00857e29074de96a6ed60e325cdfffaea1a'>etc: Remove references to libexec/guix* from SELinux policy.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in: Remove references to libexec/guix*.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-02-07 15:41:23 +0100'>2018-02-07</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=b617a9fe239ea645c816d6afcb81d5476f760d84'>etc: Add SELinux policy for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in: New file.
* Makefile.am (dist_selinux_policy_DATA): Define it.
* configure.ac: Handle --with-selinux-policy-dir.
* doc/guix.texi (SELinux Support): New section.
</span></span></td><td>Ricardo Wurmus</td></tr>