From 972a8412d5de9f5ef9581a6f1aceaf6cf2016b3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Batista?= Date: Sun, 2 Nov 2025 10:22:40 -0300 Subject: [PATCH] gnu: torbrowser: Update to 15.0. User profile directory has changed to "~/.tor project" in this version as MOZ_APP_PROFILE flag cannot be set anymore. * gnu/packages/tor-browsers.scm (firefox-locales): Update to 64046fdc97. (%torbrowser-build-date): Update to 20251028094500. (%torbrowser-version): Update to 15.0. (%torbrowser-firefox-version): Update to 140.4.0esr-15.0-1-build4. (torbrowser-translation-base): Update to cdd3da6308. (torbrowser-translation-specific): Update to 3395fe5bdb. (lld-as-ld-wrapper-18): Replace with lld-as-ld-wrapper-19. (make-torbrowser) [inputs]: Use libpng-apng-next, icu4c-76 and nss-rapid, in place of the defaults for those libraries. [native-inputs]: Use rust-cbindgen-0.28, lld-as-ld-wrapper-19, llvm-19 and clang-19. [arguments] <#:configure-flags>: Remove '--enable-official-branding' which breaks browser branding as of this version. <#:phases> 'setenv: Do not set MOZ_APP_PROFILE, which is now implied and breaks configuration phase when set. * gnu/packages/patches/torbrowser-compare-paths.patch: ... * gnu/packages/patches/torbrowser-use-system-wide-dir.patch: ... * gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch: Refresh patches. Change Id: Id4134edd63328f479589e6ed61f46a869dbbda5d Signed-off-by: Andreas Enge --- .../patches/torbrowser-compare-paths.patch | 17 ++----- .../torbrowser-use-system-wide-dir.patch | 9 ++-- ...rbrowsers-add-store-to-rdd-allowlist.patch | 32 ++++++------ gnu/packages/tor-browsers.scm | 50 ++++++++----------- 4 files changed, 46 insertions(+), 62 deletions(-) diff --git a/gnu/packages/patches/torbrowser-compare-paths.patch b/gnu/packages/patches/torbrowser-compare-paths.patch index 7d4d5fdb788e0e2763d80ce7aa9946fa0281f55c..8e880bf39082ff001dd68e6e07210cf809ee736d 100644 --- a/gnu/packages/patches/torbrowser-compare-paths.patch +++ b/gnu/packages/patches/torbrowser-compare-paths.patch @@ -5,20 +5,11 @@ name. --- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs -@@ -3606,6 +3606,7 @@ +@@ -3753,6 +3753,7 @@ if ( newAddon || oldAddon.updateDate != xpiState.mtime || + oldAddon.path != xpiState.path || - (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) - ) { - newAddon = this.updateMetadata( -@@ -3614,8 +3615,6 @@ - xpiState, - newAddon - ); -- } else if (oldAddon.path != xpiState.path) { -- newAddon = this.updatePath(installLocation, oldAddon, xpiState); - } else if (aUpdateCompatibility || aSchemaChange) { - newAddon = this.updateCompatibility( - installLocation, + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) || + // update addon metadata if the addon in bundled into + // the omni jar and version or the resource URI pointing diff --git a/gnu/packages/patches/torbrowser-use-system-wide-dir.patch b/gnu/packages/patches/torbrowser-use-system-wide-dir.patch index 223467a9c10526d34f0433b2da4d0d6940d6ae10..3afe151164f14c37ed65f367c328afedefdff19b 100644 --- a/gnu/packages/patches/torbrowser-use-system-wide-dir.patch +++ b/gnu/packages/patches/torbrowser-use-system-wide-dir.patch @@ -3,7 +3,7 @@ native manifests) with "$ICECAT_SYSTEM_DIR". --- a/toolkit/xre/nsXREDirProvider.cpp +++ b/toolkit/xre/nsXREDirProvider.cpp -@@ -296,24 +296,12 @@ nsresult nsXREDirProvider::GetBackgroundTasksProfilesRootDir( +@@ -287,24 +287,11 @@ static nsresult GetSystemParentDirectory(nsIFile** aFile) { nsresult rv; nsCOMPtr localDir; @@ -23,14 +23,13 @@ native manifests) with "$ICECAT_SYSTEM_DIR". - "/usr/lib/mozilla"_ns -# endif - ; -- rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir)); +- rv = NS_NewNativeLocalFile(dirname, getter_AddRefs(localDir)); -# endif -+ + const char* systemParentDir = getenv("ICECAT_SYSTEM_DIR"); + if (!systemParentDir || !*systemParentDir) return NS_ERROR_FAILURE; + -+ rv = NS_NewNativeLocalFile(nsDependentCString(systemParentDir), false, ++ rv = NS_NewNativeLocalFile(nsDependentCString(systemParentDir), + getter_AddRefs(localDir)); - + if (NS_SUCCEEDED(rv)) { localDir.forget(aFile); diff --git a/gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch b/gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch index ad648cbac4a7a4be68a5c54878637a3cc050475e..e2b1572288777b3cfe35d79e889a409ffb1a802a 100644 --- a/gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch +++ b/gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch @@ -15,17 +15,19 @@ See: , and +diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +index 4eff5e6..42171eb 100644 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp -@@ -452,6 +452,7 @@ +@@ -476,6 +476,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { // Various places where fonts reside - policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts"); - policy->AddDir(rdonly, "/nix/store"); -+ policy->AddDir(rdonly, "/gnu/store"); + policy->AddTree(rdonly, "/usr/X11R6/lib/X11/fonts"); + policy->AddTree(rdonly, "/nix/store"); ++ policy->AddTree(rdonly, "/gnu/store"); // https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf - policy->AddDir(rdonly, "/run/host/fonts"); - policy->AddDir(rdonly, "/run/host/user-fonts"); -@@ -461,6 +462,7 @@ + policy->AddTree(rdonly, "/run/host/fonts"); + policy->AddTree(rdonly, "/run/host/user-fonts"); +@@ -485,6 +486,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { // Bug 1848615 policy->AddPath(rdonly, "/usr"); policy->AddPath(rdonly, "/nix"); @@ -33,19 +35,19 @@ See: , AddLdconfigPaths(policy); AddLdLibraryEnvPaths(policy); -@@ -920,6 +922,7 @@ - policy->AddDir(rdonly, "/usr/lib64"); - policy->AddDir(rdonly, "/run/opengl-driver/lib"); - policy->AddDir(rdonly, "/nix/store"); -+ policy->AddDir(rdonly, "/gnu/store"); +@@ -934,6 +936,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) { + policy->AddTree(rdonly, "/usr/lib64"); + policy->AddTree(rdonly, "/run/opengl-driver/lib"); + policy->AddTree(rdonly, "/nix/store"); ++ policy->AddTree(rdonly, "/gnu/store"); // Bug 1647957: memory reporting. AddMemoryReporting(policy.get(), aPid); -@@ -1043,6 +1046,7 @@ +@@ -1079,6 +1082,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) { // Required to make sure ffmpeg loads properly, this is already existing on // Content and RDD - policy->AddDir(rdonly, "/nix/store"); -+ policy->AddDir(rdonly, "/gnu/store"); + policy->AddTree(rdonly, "/nix/store"); ++ policy->AddTree(rdonly, "/gnu/store"); // glibc will try to stat64("/") while populating nsswitch database // https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396 diff --git a/gnu/packages/tor-browsers.scm b/gnu/packages/tor-browsers.scm index 2a5645272e11d53e85c318000de61ab1e2b23626..2df215bc701830ad98616d55a86b19d32032d7b1 100644 --- a/gnu/packages/tor-browsers.scm +++ b/gnu/packages/tor-browsers.scm @@ -91,8 +91,8 @@ ;; See browser/locales/l10n-changesets.json for the commit. (define firefox-locales - (let ((commit "fcd0300e8478d1ec4d1c097a073ddb8e1e0351e3") - (revision "0")) + (let ((commit "64046fdc97c1b1886a479dead61e6dc5428ae6e6") + (revision "1")) (package (name "firefox-locales") (version (git-version "0.0.0" revision commit)) @@ -105,7 +105,7 @@ (file-name (git-file-name name version)) (sha256 (base32 - "1pzw65852ix6a6qb3wwhg5vrkz8337cs6lznk2vj0md5cvf2rrc4")))) + "1rvk1m8bjnk9x61663s7bhgax6ig37v9m1d64g89fk1qwsk3djhh")))) (build-system copy-build-system) (home-page "https://github.com/mozilla-l10n/firefox-l10n") (synopsis "Firefox Locales") @@ -115,16 +115,16 @@ Firefox locales.") ;; We copy the official build id, which is defined at ;; tor-browser-build/rbm.conf (browser_release_date). -(define %torbrowser-build-date "20250915185538") +(define %torbrowser-build-date "20251028094500") ;; To find the last version, look at https://www.torproject.org/download/. -(define %torbrowser-version "14.5.7") +(define %torbrowser-version "15.0") ;; To find the last Firefox version, browse ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version> ;; There should be only one archive that starts with ;; "src-firefox-tor-browser-". -(define %torbrowser-firefox-version "128.14.0esr-14.5-1-build5") +(define %torbrowser-firefox-version "140.4.0esr-15.0-1-build4") ;; See tor-browser-build/rbm.conf for the list. (define %torbrowser-locales (list "ar" "be" "bg" "ca" "cs" "da" "de" "el" "es-ES" "fa" @@ -139,11 +139,11 @@ Firefox locales.") (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "0605fd89b582f841ff494213ace40558043593d7"))) + (commit "cdd3da6308bb3beb916744057af92331025053bb"))) (file-name "translation-base-browser") (sha256 (base32 - "1dv1qam0nwxi8by134d744qaq2nipbmb1sg4wjqdmlpnkl1vxhpv")))) + "1l3alzgj1bz2xsijd323swiq450dm9s1zyygdwnzsjvcpdbbnm7b")))) ;; See tor-browser-build/projects/translation/config. (define torbrowser-translation-specific @@ -151,11 +151,11 @@ Firefox locales.") (method git-fetch) (uri (git-reference (url "https://gitlab.torproject.org/tpo/translation.git") - (commit "0513af059216580b1e8159af3a808ab4a1b32f84"))) + (commit "3395fe5bdb7556490e31d3c6804e6240278bc708"))) (file-name "translation-tor-browser") (sha256 (base32 - "0xdcdb905bwgqd086a421g52xqpafyccr5qgqfd7za0bbn37wmlq")))) + "16jzbjak2r3f8gi13bl1h8lg4cmgifv97qbg2ypjvg77vf4z4dd1")))) (define torbrowser-assets ;; This is a prebuilt Torbrowser from which we take the assets we need. @@ -171,7 +171,7 @@ Firefox locales.") version "/tor-browser-linux-x86_64-" version ".tar.xz")) (sha256 (base32 - "0g1zf6k3iw4xasjy7qp46qjc9l58m9yamf3wbpbs20b7h2dzh2b5")))) + "187yr0y14mbsakxbglr7jxp4x7kkiyc3k6xa6mf1nzhd32i4srr3")))) (arguments (list #:install-plan @@ -186,8 +186,8 @@ Browser.") (license license:silofl1.1))) ;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld. -(define lld-as-ld-wrapper-18 - (make-lld-wrapper lld-18 #:lld-as-ld? #t)) +(define lld-as-ld-wrapper-19 + (make-lld-wrapper lld-19 #:lld-as-ld? #t)) (define* (make-torbrowser #:key moz-app-name @@ -212,7 +212,7 @@ Browser.") ".tar.xz")) (sha256 (base32 - "1l6nfawz3dcp5lmrzz7pbn3rvx8r15xi4nzsi572yj809ymvj9ix")))) + "18inq4yfs4c3p68qwgx0xf54mk8lzs5pm5m0m9d6q2ikng1lmll1")))) (build-system mozilla-build-system) (inputs (list lyrebird @@ -231,7 +231,7 @@ Browser.") libcanberra libgnome libjpeg-turbo - libpng-apng + libpng-apng-next libwebp libxft libevent @@ -243,7 +243,7 @@ Browser.") ;; See ffmpeg-6 libvpx - icu4c + icu4c-76 pixman pulseaudio mesa @@ -252,7 +252,7 @@ Browser.") hunspell libnotify nspr - nss + nss-rapid shared-mime-info eudev unzip @@ -263,10 +263,10 @@ Browser.") (list rust `(,rust "cargo") - rust-cbindgen-0.26 - lld-as-ld-wrapper-18 ; for cargo rustc - llvm-18 - clang-18 + rust-cbindgen-0.28 + lld-as-ld-wrapper-19 ; for cargo rustc + llvm-19 + clang-19 perl node-lts python-wrapper @@ -333,9 +333,6 @@ Browser.") (dirname (search-input-file %build-inputs "lib/libclang.so"))) - ;; Hack to work around missing "unofficial" branding in icecat. - "--enable-official-branding" - ;; TODO: Add support for wasm sandboxed libraries. "--without-wasm-sandboxed-libraries" @@ -464,11 +461,6 @@ Browser.") ;; $MOZ_APP_NAME is the executable name. Default is ;; "firefox". (setenv "MOZ_APP_NAME" #$moz-app-name) - ;; Profile location (relative to "~/."). Default is - ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is: - ;; ~/.tor project/firefox. - (setenv "MOZ_APP_PROFILE" #$(in-vicinity - moz-app-name "browser")) ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL"). (setenv "MOZ_APP_REMOTINGNAME" #$moz-app-remotingname) ;; Persistent state directory for the build system (default is