diff mbox series

[bug#73998,2/2] gnu: mullvadbrowser: Update to 13.5.9 [security fixes].

Message ID 20241029224922.2681-1-nandre@riseup.net
State New
Headers show
Series Update torbrowser and mullvadbrowser | expand

Commit Message

André Batista Oct. 29, 2024, 10:49 p.m. UTC
Fixes CVE 2024-9680, 2024-10458, 2024-10459 and 2024-10463. See the Mozilla
Foundation Security Advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/> for details.

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20241024160253.
(%mullvadbrowser-version): Update to 13.5.9.
(%mullvadbrowser-firefox-version): Update to 115.17.0esr-13.5-1-build2.
(mullvadbrowser-translation-base): Update to
3b1be2065b54939ed019d94174f137847bcf3c66.
(mullvadbrowser-translation-specific): Update to
2f7d98b46ce480cdb4d7e9ddab912650c8673d6c.
(mullvadbrowser) [arguments] <#:phases>: Replace 'apply-guix-specific-patches
so as to keep using icecat-compare-paths.patch as it applies to ESR 115.
Replace 'remove-cargo-frozen-flag, keep the old regex which matches for this
older version.
---
 gnu/packages/tor-browsers.scm | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 02e3c0583c..e6747401a5 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -817,17 +817,17 @@  (define %mullvadbrowser-locales (list "ar" "da" "de" "es-ES" "fa" "fi" "fr" "it"
 
 ;; We copy the official build id, which can be found there:
 ;; https://cdn.mullvad.net/browser/update_responses/update_1/release.
-(define %mullvadbrowser-build-date "20240930230510")
+(define %mullvadbrowser-build-date "20241024160253")
 
 ;; To find the last version, look at
 ;; https://mullvad.net/en/download/browser/linux.
-(define %mullvadbrowser-version "13.5.6")
+(define %mullvadbrowser-version "13.5.9")
 
 ;; To find the last Firefox version, browse
 ;; https://archive.torproject.org/tor-package-archive/mullvadbrowser/<%mullvadbrowser-version>
 ;; There should be only one archive that starts with
 ;; "src-firefox-mullvad-browser-".
-(define %mullvadbrowser-firefox-version "115.16.0esr-13.5-1-build2")
+(define %mullvadbrowser-firefox-version "115.17.0esr-13.5-1-build2")
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-base
@@ -835,11 +835,11 @@  (define mullvadbrowser-translation-base
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
+          (commit "3b1be2065b54939ed019d94174f137847bcf3c66")))
     (file-name "translation-base-browser")
     (sha256
      (base32
-      "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
+      "04ckn133w8q6b4rgihl23pzmnd3k6458jn9h4f58fnr18rfh6057"))))
 
 ;; See tor-browser-build/projects/translation/config.
 (define mullvadbrowser-translation-specific
@@ -847,11 +847,11 @@  (define mullvadbrowser-translation-specific
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "78212a3da2439e436ac5f73d8e3eb908145c3ece")))
+          (commit "2f7d98b46ce480cdb4d7e9ddab912650c8673d6c")))
     (file-name "translation-mullvad-browser")
     (sha256
      (base32
-      "00qmmfz7lz9fw7id7bj89byd4zd39nc4f2plf0v640yzl8fdwi72"))))
+      "08anwb45rxzsdcxwzjflqb1d0f78pi4fsgdvsdlc4fmp8kx10nsd"))))
 
 (define mullvadbrowser-assets
   ;; This is a prebuilt Mullvad Browser from which we take the assets we need.
@@ -867,7 +867,7 @@  (define mullvadbrowser-assets
          version "/mullvad-browser-linux-x86_64-" version ".tar.xz"))
        (sha256
         (base32
-         "0q55mk9zzzs7g2cng107gm16g74lx1qf42gf5ayh4x7caxc8db01"))))
+         "0q3c2wf5r6n06y36bcp5qxir41a01dwj4am9pqs5cz48ilimh8c7"))))
     (arguments
      (list
       #:install-plan
@@ -910,11 +910,26 @@  (define-public mullvadbrowser
          %mullvadbrowser-firefox-version ".tar.xz"))
        (sha256
         (base32
-         "1mkssnr7vx4la4r31dy6fbwvj1h9gxzywwxa6z4310nr17vr3sxj"))))
+         "1xz005sa7isz561r9zlsipm6gpx30b83k7xbfy00zkc7qkl15xzs"))))
     (arguments
      (substitute-keyword-arguments (package-arguments mullvadbrowser-base)
        ((#:phases phases)
         #~(modify-phases #$phases
+            (replace 'apply-guix-specific-patches
+              (lambda _
+                (for-each
+                 (lambda (file) (invoke "patch" "--force" "-p1" "-i" file))
+                 '(#$(local-file
+                      (search-patch "icecat-compare-paths.patch"))
+                   #$(local-file
+                      (search-patch "icecat-use-system-wide-dir.patch"))))))
+            (replace 'remove-cargo-frozen-flag
+              (lambda _
+                ;; This is only needed while torbrowser and mullvadbrowser
+                ;; remain based on different firefox ESR versions. Delete
+                ;; once mullvad reaches the same upstream base.
+                (substitute* "build/RunCbindgen.py"
+                  (("\"--frozen\",") ""))))
             (add-after 'unpack 'ublock-private-allowed
               (lambda _
                 (substitute* "toolkit/components/extensions/Extension.sys.mjs"