gnu: torbrowser: Update to 15.0.

User profile directory has changed to "~/.tor project" in this version as
MOZ_APP_PROFILE flag cannot be set anymore.

* gnu/packages/tor-browsers.scm (firefox-locales): Update to 64046fdc97.
(%torbrowser-build-date): Update to 20251028094500.
(%torbrowser-version): Update to 15.0.
(%torbrowser-firefox-version): Update to 140.4.0esr-15.0-1-build4.
(torbrowser-translation-base): Update to cdd3da6308.
(torbrowser-translation-specific): Update to 3395fe5bdb.
(lld-as-ld-wrapper-18): Replace with lld-as-ld-wrapper-19.
(make-torbrowser) [inputs]: Use libpng-apng-next, icu4c-76 and nss-rapid,
in place of the defaults for those libraries.
[native-inputs]: Use rust-cbindgen-0.28, lld-as-ld-wrapper-19, llvm-19 and
clang-19.
[arguments] <#:configure-flags>: Remove '--enable-official-branding' which
breaks browser branding as of this version.
<#:phases> 'setenv: Do not set MOZ_APP_PROFILE, which is now implied and
breaks configuration phase when set.
* gnu/packages/patches/torbrowser-compare-paths.patch: ...
* gnu/packages/patches/torbrowser-use-system-wide-dir.patch: ...
* gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch: Refresh
patches.

Change Id: Id4134edd63328f479589e6ed61f46a869dbbda5d

Signed-off-by: Andreas Enge <andreas@enge.fr>

gnu/packages/patches/torbrowser-compare-paths.patch

@@ -5,20 +5,11 @@ name.
 
 --- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
 +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
-@@ -3606,6 +3606,7 @@
+@@ -3753,6 +3753,7 @@
      if (
        newAddon ||
        oldAddon.updateDate != xpiState.mtime ||
 +      oldAddon.path != xpiState.path ||
-       (aUpdateCompatibility && this.isAppBundledLocation(installLocation))
-     ) {
-       newAddon = this.updateMetadata(
-@@ -3614,8 +3615,6 @@
-         xpiState,
-         newAddon
-       );
--    } else if (oldAddon.path != xpiState.path) {
--      newAddon = this.updatePath(installLocation, oldAddon, xpiState);
-     } else if (aUpdateCompatibility || aSchemaChange) {
-       newAddon = this.updateCompatibility(
-         installLocation,
+       (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) ||
+       // update addon metadata if the addon in bundled into
+       // the omni jar and version or the resource URI pointing

gnu/packages/patches/torbrowser-use-system-wide-dir.patch

@@ -3,7 +3,7 @@ native manifests) with "$ICECAT_SYSTEM_DIR".
 
 --- a/toolkit/xre/nsXREDirProvider.cpp
 +++ b/toolkit/xre/nsXREDirProvider.cpp
-@@ -296,24 +296,12 @@ nsresult nsXREDirProvider::GetBackgroundTasksProfilesRootDir(
+@@ -287,24 +287,11 @@
  static nsresult GetSystemParentDirectory(nsIFile** aFile) {
    nsresult rv;
    nsCOMPtr<nsIFile> localDir;
@@ -23,14 +23,13 @@ native manifests) with "$ICECAT_SYSTEM_DIR".
 -      "/usr/lib/mozilla"_ns
 -#    endif
 -      ;
--  rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir));
+-  rv = NS_NewNativeLocalFile(dirname, getter_AddRefs(localDir));
 -#  endif
-+
 +  const char* systemParentDir = getenv("ICECAT_SYSTEM_DIR");
 +  if (!systemParentDir || !*systemParentDir) return NS_ERROR_FAILURE;
 +
-+  rv = NS_NewNativeLocalFile(nsDependentCString(systemParentDir), false,
++  rv = NS_NewNativeLocalFile(nsDependentCString(systemParentDir),
 +                             getter_AddRefs(localDir));
- 
+
    if (NS_SUCCEEDED(rv)) {
      localDir.forget(aFile);

gnu/packages/patches/torbrowsers-add-store-to-rdd-allowlist.patch

@@ -15,17 +15,19 @@ See: <https://bugzilla.mozilla.org/show_bug.cgi?id=1848615#c8>,
 <https://issues.guix.gnu.org/38045> and
 <https://issues.guix.gnu.org/77559>
 
+diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+index 4eff5e6..42171eb 100644
 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
-@@ -452,6 +452,7 @@
+@@ -476,6 +476,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
    // Various places where fonts reside
-   policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
-   policy->AddDir(rdonly, "/nix/store");
-+  policy->AddDir(rdonly, "/gnu/store");
+   policy->AddTree(rdonly, "/usr/X11R6/lib/X11/fonts");
+   policy->AddTree(rdonly, "/nix/store");
++  policy->AddTree(rdonly, "/gnu/store");
    // https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/e434e680d22260f277f4a30ec4660ed32b591d16/files/fontconfig-flatpak.conf
-   policy->AddDir(rdonly, "/run/host/fonts");
-   policy->AddDir(rdonly, "/run/host/user-fonts");
-@@ -461,6 +462,7 @@
+   policy->AddTree(rdonly, "/run/host/fonts");
+   policy->AddTree(rdonly, "/run/host/user-fonts");
+@@ -485,6 +486,7 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
    // Bug 1848615
    policy->AddPath(rdonly, "/usr");
    policy->AddPath(rdonly, "/nix");
@@ -33,19 +35,19 @@ See: <https://bugzilla.mozilla.org/show_bug.cgi?id=1848615#c8>,
  
    AddLdconfigPaths(policy);
    AddLdLibraryEnvPaths(policy);
-@@ -920,6 +922,7 @@
-   policy->AddDir(rdonly, "/usr/lib64");
-   policy->AddDir(rdonly, "/run/opengl-driver/lib");
-   policy->AddDir(rdonly, "/nix/store");
-+  policy->AddDir(rdonly, "/gnu/store");
+@@ -934,6 +936,7 @@ SandboxBrokerPolicyFactory::GetRDDPolicy(int aPid) {
+   policy->AddTree(rdonly, "/usr/lib64");
+   policy->AddTree(rdonly, "/run/opengl-driver/lib");
+   policy->AddTree(rdonly, "/nix/store");
++  policy->AddTree(rdonly, "/gnu/store");
  
    // Bug 1647957: memory reporting.
    AddMemoryReporting(policy.get(), aPid);
-@@ -1043,6 +1046,7 @@
+@@ -1079,6 +1082,7 @@ SandboxBrokerPolicyFactory::GetUtilityProcessPolicy(int aPid) {
    // Required to make sure ffmpeg loads properly, this is already existing on
    // Content and RDD
-   policy->AddDir(rdonly, "/nix/store");
-+  policy->AddDir(rdonly, "/gnu/store");
+   policy->AddTree(rdonly, "/nix/store");
++  policy->AddTree(rdonly, "/gnu/store");
  
    // glibc will try to stat64("/") while populating nsswitch database
    // https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nss_database.c;h=cf0306adc47f12d9bc761ab1b013629f4482b7e6;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l396

gnu/packages/tor-browsers.scm

@@ -91,8 +91,8 @@
 
 ;; See browser/locales/l10n-changesets.json for the commit.
 (define firefox-locales
-  (let ((commit "fcd0300e8478d1ec4d1c097a073ddb8e1e0351e3")
-        (revision "0"))
+  (let ((commit "64046fdc97c1b1886a479dead61e6dc5428ae6e6")
+        (revision "1"))
     (package
       (name "firefox-locales")
       (version (git-version "0.0.0" revision commit))
@@ -105,7 +105,7 @@
           (file-name (git-file-name name version))
           (sha256
            (base32
-            "1pzw65852ix6a6qb3wwhg5vrkz8337cs6lznk2vj0md5cvf2rrc4"))))
+            "1rvk1m8bjnk9x61663s7bhgax6ig37v9m1d64g89fk1qwsk3djhh"))))
       (build-system copy-build-system)
       (home-page "https://github.com/mozilla-l10n/firefox-l10n")
       (synopsis "Firefox Locales")
@@ -115,16 +115,16 @@ Firefox locales.")
 
 ;; We copy the official build id, which is defined at
 ;; tor-browser-build/rbm.conf (browser_release_date).
-(define %torbrowser-build-date "20250915185538")
+(define %torbrowser-build-date "20251028094500")
 
 ;; To find the last version, look at https://www.torproject.org/download/.
-(define %torbrowser-version "14.5.7")
+(define %torbrowser-version "15.0")
 
 ;; To find the last Firefox version, browse
 ;; https://archive.torproject.org/tor-package-archive/torbrowser/<%torbrowser-version>
 ;; There should be only one archive that starts with
 ;; "src-firefox-tor-browser-".
-(define %torbrowser-firefox-version "128.14.0esr-14.5-1-build5")
+(define %torbrowser-firefox-version "140.4.0esr-15.0-1-build4")
 
 ;; See tor-browser-build/rbm.conf for the list.
 (define %torbrowser-locales (list "ar" "be" "bg" "ca" "cs" "da" "de" "el" "es-ES" "fa"
@@ -139,11 +139,11 @@ Firefox locales.")
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "0605fd89b582f841ff494213ace40558043593d7")))
+          (commit "cdd3da6308bb3beb916744057af92331025053bb")))
     (file-name "translation-base-browser")
     (sha256
      (base32
-      "1dv1qam0nwxi8by134d744qaq2nipbmb1sg4wjqdmlpnkl1vxhpv"))))
+      "1l3alzgj1bz2xsijd323swiq450dm9s1zyygdwnzsjvcpdbbnm7b"))))
 
 ;; See tor-browser-build/projects/translation/config.
 (define torbrowser-translation-specific
@@ -151,11 +151,11 @@ Firefox locales.")
     (method git-fetch)
     (uri (git-reference
           (url "https://gitlab.torproject.org/tpo/translation.git")
-          (commit "0513af059216580b1e8159af3a808ab4a1b32f84")))
+          (commit "3395fe5bdb7556490e31d3c6804e6240278bc708")))
     (file-name "translation-tor-browser")
     (sha256
      (base32
-      "0xdcdb905bwgqd086a421g52xqpafyccr5qgqfd7za0bbn37wmlq"))))
+      "16jzbjak2r3f8gi13bl1h8lg4cmgifv97qbg2ypjvg77vf4z4dd1"))))
 
 (define torbrowser-assets
   ;; This is a prebuilt Torbrowser from which we take the assets we need.
@@ -171,7 +171,7 @@ Firefox locales.")
          version "/tor-browser-linux-x86_64-" version ".tar.xz"))
        (sha256
         (base32
-         "0g1zf6k3iw4xasjy7qp46qjc9l58m9yamf3wbpbs20b7h2dzh2b5"))))
+         "187yr0y14mbsakxbglr7jxp4x7kkiyc3k6xa6mf1nzhd32i4srr3"))))
     (arguments
      (list
       #:install-plan
@@ -186,8 +186,8 @@ Browser.")
     (license license:silofl1.1)))
 
 ;;; A LLD wrapper that can be used as a (near) drop-in replacement to GNU ld.
-(define lld-as-ld-wrapper-18
-  (make-lld-wrapper lld-18 #:lld-as-ld? #t))
+(define lld-as-ld-wrapper-19
+  (make-lld-wrapper lld-19 #:lld-as-ld? #t))
 
 (define* (make-torbrowser #:key
                           moz-app-name
@@ -212,7 +212,7 @@ Browser.")
          ".tar.xz"))
        (sha256
         (base32
-         "1l6nfawz3dcp5lmrzz7pbn3rvx8r15xi4nzsi572yj809ymvj9ix"))))
+         "18inq4yfs4c3p68qwgx0xf54mk8lzs5pm5m0m9d6q2ikng1lmll1"))))
     (build-system mozilla-build-system)
     (inputs
      (list lyrebird
@@ -231,7 +231,7 @@ Browser.")
            libcanberra
            libgnome
            libjpeg-turbo
-           libpng-apng
+           libpng-apng-next
            libwebp
            libxft
            libevent
@@ -243,7 +243,7 @@ Browser.")
            ;; See <https://bugzilla.mozilla.org/show_bug.cgi?id=1962139>
            ffmpeg-6
            libvpx
-           icu4c
+           icu4c-76
            pixman
            pulseaudio
            mesa
@@ -252,7 +252,7 @@ Browser.")
            hunspell
            libnotify
            nspr
-           nss
+           nss-rapid
            shared-mime-info
            eudev
            unzip
@@ -263,10 +263,10 @@ Browser.")
       (list
        rust
        `(,rust "cargo")
-       rust-cbindgen-0.26
-       lld-as-ld-wrapper-18  ; for cargo rustc
-       llvm-18
-       clang-18
+       rust-cbindgen-0.28
+       lld-as-ld-wrapper-19  ; for cargo rustc
+       llvm-19
+       clang-19
        perl
        node-lts
        python-wrapper
@@ -333,9 +333,6 @@ Browser.")
                         (dirname (search-input-file %build-inputs
                                                     "lib/libclang.so")))
 
-         ;; Hack to work around missing "unofficial" branding in icecat.
-         "--enable-official-branding"
-
          ;; TODO: Add support for wasm sandboxed libraries.
          "--without-wasm-sandboxed-libraries"
 
@@ -464,11 +461,6 @@ Browser.")
               ;; $MOZ_APP_NAME is the executable name.  Default is
               ;; "firefox".
               (setenv "MOZ_APP_NAME" #$moz-app-name)
-              ;; Profile location (relative to "~/.").  Default is
-              ;; lower($MOZ_APP_VENDOR/$MOZ_APP_BASENAME), which is:
-              ;; ~/.tor project/firefox.
-              (setenv "MOZ_APP_PROFILE" #$(in-vicinity
-                                           moz-app-name "browser"))
               ;; WM_CLASS (default is "$MOZ_APP_NAME-$MOZ_UPDATE_CHANNEL").
               (setenv "MOZ_APP_REMOTINGNAME" #$moz-app-remotingname)
               ;; Persistent state directory for the build system (default is