Skip to content

Bug 40943: Update libdmg-hfs to drop our patch

Pier Angelo Vendrame requested to merge pierov/tor-browser-build:bug_40943 into main

Merge Info

Related Issues



  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain

Issue Tracking


Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • nightly builds : boklm
    • rebases/release-prep : dan_b, ma1, pierov, richard
    • security : ma1
    • signing : boklm, richard
    • updater : pierov
    • misc/other : pierov, richard

Change Description

The patch we used to have has been uplifted! So, we could include it in our project.

Since I was building the library outside the container to update the new hash, I also replace OpenSSL 1.0.2 with a patch to ignore it even when it is found.

Probably we could do better and ignore it if it isn't 1.0.x, but @richard also wrote a patch to update it to more recent versions of OpenSSL.

So, if they actually did it, we could uplift also that patch (but also mine to disable OpenSSL, I think it's the easiest option to use).

Merge request reports