tor-browser-bundle-bin: 11.0.7 -> 11.0.9

[panicgh]

Description of changes

Package update. It seems it is primarily a bugfix release (Firefox is not updated), but it includes an openssl update to 1.1.1n, which has severity HIGH.

• TBB Announcement:

  This releases fixes bug tor-browser#40802 which caused some users to be unable to access client authorized onion services.

  We use the opportunity as well to update various other components of Tor Browser:

  • OpenSSL 1.1.1n

  We also switch to the latest Go version (1.17.8) for building our Go-related projects.

• OpenSSL Announcement:

  The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.2 and 1.1.1n.
  [...]
  These are security-fix releases. The highest severity issue fixed in these releases is HIGH:

Therefore:

• Please consider adding the security label
• Please backport to release-21.11 after merging

Thanks!

Things done

Building on i686Linux (still) fails due to a dependency (graphene-hardened-malloc), as written here.

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage

  1 package updated:
  tor-browser-bundle-bin (11.0.7 → 11.0.9)
  ...
  1 package built:
  tor-browser-bundle-bin
  

• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

Notify

@matejc (one of the maintainers), @lourkeur (reviewer during last updates)

[bbjubjub2494]

Result of nixpkgs-review pr 164962 run on x86_64-linux 1

1 package built:

• tor-browser-bundle-bin

[bbjubjub2494]

works on my machine

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-already-reviewed/2617/469

[github-actions]

Successfully created backport PR #165278 for release-21.11.

[github-actions]

Backport failed for release-21.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-21.11
git worktree add -d .worktree/backport-164962-to-release-21.11 origin/release-21.11
cd .worktree/backport-164962-to-release-21.11
git checkout -b backport-164962-to-release-21.11
ancref=$(git merge-base 73a4c4972bd757f5c1b1021de3471da6ed34d032 9bffd90af89201264cf02a6e2bf03692750725c3)
git cherry-pick -x $ancref..9bffd90af89201264cf02a6e2bf03692750725c3