GNU bug report logs -
#73633
[PATCH] gnu: torbrowser: Update to 13.5.6 [security fixes].
Previous Next
Reported by: André Batista <nandre <at> riseup.net>
Date: Sat, 5 Oct 2024 03:09:03 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73633 in the body.
You can then email your comments to 73633 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
ian <at> retrospec.tv, jonathan.brielmaier <at> web.de, mhw <at> netris.org, guix-patches <at> gnu.org:
bug#73633; Package
guix-patches.
(Sat, 05 Oct 2024 03:09:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
André Batista <nandre <at> riseup.net>:
New bug report received and forwarded. Copy sent to
ian <at> retrospec.tv, jonathan.brielmaier <at> web.de, mhw <at> netris.org, guix-patches <at> gnu.org.
(Sat, 05 Oct 2024 03:09:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVEs 2024-9392, 2024-9393, 2024-9394 and 2024-9401. See the Mozilla
Foundation Security Advisory
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> for details.
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20240930230510.
(%torbrowser-version): Update to 13.5.6.
(%torbrowser-firefox-version): Update to 115.16.0esr-13.5-1-build2.
(torbrowser-translation-base): Update to
a142f78af87f994913faa15fb4b0f34f0ce1a22b.
(torbrowser-translation-specific): Update to
04f824bce1b6fb4b989bb9303949af17eab11406.
Change-Id: I2405c6bb61698af1e4ecd7957ae98a2fc1dc8e20
---
gnu/packages/tor-browsers.scm | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 7f601737b1..d234757e56 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240903073000")
+(define %torbrowser-build-date "20240930230510")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.3")
+(define %torbrowser-version "13.5.6")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.15.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build2")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
+ (commit "a142f78af87f994913faa15fb4b0f34f0ce1a22b")))
(file-name "translation-base-browser")
(sha256
(base32
- "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
+ "15ahsyji6fk236sb28vqpi7ai70r3qblfypmc7r781zq7nw8f9bs"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "6374e3b09c0894b8452fa1ba0b99c807722fc805")))
+ (commit "04f824bce1b6fb4b989bb9303949af17eab11406")))
(file-name "translation-tor-browser")
(sha256
(base32
- "1wd9iwcj2h70bp017pcdhgfiw2bs8zi68kljmpnk69pssd6cn8l3"))))
+ "0fgszphz5mfybs3sz853agjf14qgcc5fw50d6i17fhzh33hmvkiz"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0laz6yrm310iidddnas2w1s5wad183n9axjkgrf5cm5paj615343"))))
+ "18xqarsj4aw5q9y02mxxjlz3rh1ansk9wrqbwb2wach1dana4ikl"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "13b9ni6anv279drhbb5m95nnmgslrp6frsm0y4028nfqiprs7vj5"))))
+ "1734v53739ndsi3wyqvb7l6p54npbg4jcfmzl9v3j4gv7bmfkvag"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
base-commit: 73ec844389e91cb0f5a2647070516fc8d19d8730
--
2.45.2
Information forwarded
to
ian <at> retrospec.tv, jonathan.brielmaier <at> web.de, mhw <at> netris.org, guix-patches <at> gnu.org:
bug#73633; Package
guix-patches.
(Sat, 12 Oct 2024 04:13:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 73633 <at> debbugs.gnu.org (full text, mbox):
Fixes CVEs 2024-9392, 2024-9393, 2024-9394, 2024-9401 and 2024-9680.
See the Mozilla Foundation Security Advisories
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and
<https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>
for details.
* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20241008182800.
(%torbrowser-version): Update to 13.5.7.
(%torbrowser-firefox-version): Update to 115.16.0esr-13.5-1-build3.
(torbrowser-translation-base): Update to
ceb66dd0937da14962cb535699242b2526e11f02.
(torbrowser-translation-specific): Update to
dbf1454fdbd3256d65985cc1c46391ce0ec159e7.
(make-torbrowser) [arguments] <#:phases>: On 'copy-basebrowser-locales
stop copying 'cryptoSafetyPrompt.properties'. See
<https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/cf68476c67f6c5159dab3d7c241392c597fd3988>.
Change-Id: Ic17a669c1311d92da347e11ea08acc7a218bc728
---
gnu/packages/tor-browsers.scm | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm
index 6bc1ef5328..e517f9b214 100644
--- a/gnu/packages/tor-browsers.scm
+++ b/gnu/packages/tor-browsers.scm
@@ -116,16 +116,16 @@ (define firefox-locales
;; We copy the official build id, which is defined at
;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20240903073000")
+(define %torbrowser-build-date "20241008182800")
;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "13.5.3")
+(define %torbrowser-version "13.5.7")
;; To find the last Firefox version, browse
;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
;; There should be only one archive that starts with
;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "115.15.0esr-13.5-1-build3")
+(define %torbrowser-firefox-version "115.16.0esr-13.5-1-build3")
;; See tor-browser-build/rbm.conf for the list.
(define %torbrowser-locales (list "ar" "ca" "cs" "da" "de" "el" "es-ES" "fa" "fi" "fr"
@@ -139,11 +139,11 @@ (define torbrowser-translation-base
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "daed2afc487d1b20efc17feb153156524c6f714b")))
+ (commit "ceb66dd0937da14962cb535699242b2526e11f02")))
(file-name "translation-base-browser")
(sha256
(base32
- "0psmmgw9dnjwdhjbqkd69q5q7sdwyjcwagh93ffrjk0v7ybc79dq"))))
+ "04ciw4rnl0cj7vz4pqbs1aca8fhva346bp0vahfcxv3isn1nwyy4"))))
;; See tor-browser-build/projects/translation/config.
(define torbrowser-translation-specific
@@ -151,11 +151,11 @@ (define torbrowser-translation-specific
(method git-fetch)
(uri (git-reference
(url "https://gitlab.torproject.org/tpo/translation.git")
- (commit "6374e3b09c0894b8452fa1ba0b99c807722fc805")))
+ (commit "dbf1454fdbd3256d65985cc1c46391ce0ec159e7")))
(file-name "translation-tor-browser")
(sha256
(base32
- "1wd9iwcj2h70bp017pcdhgfiw2bs8zi68kljmpnk69pssd6cn8l3"))))
+ "09zhl6fk0z69qy82l050fm02h0dyb3f8j38fbazmkwnd8x3z6jv0"))))
(define torbrowser-assets
;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ (define torbrowser-assets
version "/tor-browser-linux-x86_64-" version ".tar.xz"))
(sha256
(base32
- "0laz6yrm310iidddnas2w1s5wad183n9axjkgrf5cm5paj615343"))))
+ "1mdi6x0dvdvlk957fws1pw55z9hwkd5x05rv8k2g1vzy9qkvgrf3"))))
(arguments
(list
#:install-plan
@@ -213,7 +213,7 @@ (define* (make-torbrowser #:key
".tar.xz"))
(sha256
(base32
- "13b9ni6anv279drhbb5m95nnmgslrp6frsm0y4028nfqiprs7vj5"))))
+ "0v4hkxcz7cahbhwwafmspcl67ih2rnkmamcvp06kyx64xvpad00i"))))
(build-system mozilla-build-system)
(inputs
(list go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
@@ -580,13 +580,6 @@ (define (runpaths-of-input label)
"translation-tor-browser/~a/tor-browser.ftl"
"~a/~a/toolkit/toolkit/global/"))
lang l10ncentral lang))
- (system
- (format
- #f (string-join
- '("mv"
- "translation-tor-browser/~a/cryptoSafetyPrompt.properties"
- "~a/~a/browser/chrome/browser/"))
- lang l10ncentral lang))
(system
(format
#f (string-join
base-commit: b8fd792ea267cb920da0651074a533d8abf00488
--
2.45.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#73633; Package
guix-patches.
(Sat, 12 Oct 2024 15:11:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 73633 <at> debbugs.gnu.org (full text, mbox):
user guix
usertag 73633 + reviewed-looks-good
thanks
Hi André, thanks for the patch. I've tried it,
it seems fine, Torbrowser builds and works as expected
on x86_64.
Regards,
Rutherther
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Sat, 12 Oct 2024 17:13:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
André Batista <nandre <at> riseup.net>:
bug acknowledged by developer.
(Sat, 12 Oct 2024 17:13:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 73633-done <at> debbugs.gnu.org (full text, mbox):
Hi,
André Batista <nandre <at> riseup.net> skribis:
> Fixes CVEs 2024-9392, 2024-9393, 2024-9394, 2024-9401 and 2024-9680.
> See the Mozilla Foundation Security Advisories
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/> and
> <https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/>
> for details.
>
> * gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
> 20241008182800.
> (%torbrowser-version): Update to 13.5.7.
> (%torbrowser-firefox-version): Update to 115.16.0esr-13.5-1-build3.
> (torbrowser-translation-base): Update to
> ceb66dd0937da14962cb535699242b2526e11f02.
> (torbrowser-translation-specific): Update to
> dbf1454fdbd3256d65985cc1c46391ce0ec159e7.
> (make-torbrowser) [arguments] <#:phases>: On 'copy-basebrowser-locales
> stop copying 'cryptoSafetyPrompt.properties'. See
> <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/cf68476c67f6c5159dab3d7c241392c597fd3988>.
>
> Change-Id: Ic17a669c1311d92da347e11ea08acc7a218bc728
Applied, thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 10 Nov 2024 12:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 223 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.