January 2017 - tbb-commits - lists.torproject.org

[tor-browser-build/master] Update tor version
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit 2de1a92d2dea07c11ccbfabb031629906053668d Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 11:07:20 2017 +0100 Update tor version --- projects/tor/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/tor/config b/projects/tor/config index e2e556f..b73a447 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -version: 0.2.9.6-rc +version: 0.3.0.2-alpha git_hash: 'tor-[% c("version") %]' git_url: https://git.torproject.org/tor.git gpg_keyring: tor.gpg

1 0

[tor-browser-build/master] Update https-everywhere version
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit ed40d8b4441762e2a875b1ef4bc90c919ee6dddc Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 11:13:40 2017 +0100 Update https-everywhere version --- projects/https-everywhere/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config index 8611b80..557473d 100644 --- a/projects/https-everywhere/config +++ b/projects/https-everywhere/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 5.2.8 +version: 5.2.9 git_url: https://git.torproject.org/https-everywhere.git git_hash: '[% c("version") %]' git_submodule: 1

1 0

[tor-browser-build/master] Update torbutton version
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit d8f79f68877eefc91c3b4afff2d46a8e2e4dad25 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 11:07:41 2017 +0100 Update torbutton version --- projects/torbutton/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/torbutton/config b/projects/torbutton/config index 71d10d8..5ff51f8 100644 --- a/projects/torbutton/config +++ b/projects/torbutton/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.9.6.8 +version: 1.9.7 git_url: https://git.torproject.org/torbutton.git git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg

1 0

[tor-browser-build/master] Update firefox version
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit d241887e93f6aa4498b7867d632b68be96ad0969 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 11:17:41 2017 +0100 Update firefox version --- projects/firefox/config | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/projects/firefox/config b/projects/firefox/config index 0d1a4ac..52fc7c5 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -1,14 +1,15 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' filename: 'firefox-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -git_hash: 'tor-browser-[% c("var/firefox_version") %]-6.5-1-build1' +git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branch") %]-1-build1' git_url: https://git.torproject.org/tor-browser.git tag_gpg_id: 1 gpg_keyring: torbutton.gpg remote_docker: 1 var: - firefox_version: 45.6.0esr + firefox_version: 45.7.0esr + torbrowser_branch: 7.0 torbrowser_update_channel: alpha copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' deps:

1 0

[tor-browser-build/master] Add Bill's new key
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit b37d4c632f91c92118aee21f301ba6262e29d5f1 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jan 19 11:50:43 2017 +0000 Add Bill's new key --- keyring/https-everywhere.gpg | Bin 194393 -> 203297 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/keyring/https-everywhere.gpg b/keyring/https-everywhere.gpg index fdd8d4f..f6a9dfc 100644 Binary files a/keyring/https-everywhere.gpg and b/keyring/https-everywhere.gpg differ

1 0

[tor-browser-build/master] Fix typo and copyright date python helper
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit fce8c7dfd80c07744d8308d70c23e25caee07374 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Jan 27 11:43:19 2017 +0000 Fix typo and copyright date python helper --- projects/tor-browser/pe_checksum_fix.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/pe_checksum_fix.py b/projects/tor-browser/pe_checksum_fix.py index 101e77f..85d8fef 100755 --- a/projects/tor-browser/pe_checksum_fix.py +++ b/projects/tor-browser/pe_checksum_fix.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2015, The Tor Project, Inc. +# Copyright (c) 2015-2017, The Tor Project, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -37,7 +37,7 @@ SHA256 mismatch if one tries to check that the binary we offer is actually the the one we got from our reproducible builds. This small Python snippet does both things: It pads the .exe if necessary and it -recalculates the PE-file checksum. Details of the discussion can be foun in bug +recalculates the PE-file checksum. Details of the discussion can be found in bug 15339: https://bugs.torproject.org/15539. Thanks to a cypherpunk for this workaround idea.

1 0

[tor-browser-build/master] Bump NoScript version to 2.9.5.3
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit bb035e0a65cf13f9bb6b4048f1086c8effcfd8eb Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 10:52:11 2017 +0100 Bump NoScript version to 2.9.5.3 --- projects/tor-browser/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/config b/projects/tor-browser/config index d220913..9ec262b 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -43,9 +43,9 @@ input_files: - project: fonts name: fonts - filename: Bundle-Data - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… name: noscript - sha256sum: ed71ca922790e81bc5e8c6a87bb81f394a38676ac37d1fba518a6a428d128dd5 + sha256sum: ce9779a3a5a2574b958f8e4d079a99d43a8f84193bef52c587c704ed81c2fbbd - filename: RelativeLink enable: '[% c("var/linux") %]' - project: libdmg-hfsplus

1 0

[tor-browser-build/master] Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit b53e849e92ca9defab6eede768ad85aad6e8e702 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Jan 17 10:27:25 2017 -0500 Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2 Allow full read access to all files under /usr/lib. Allow full read access to /Library/Preferences/com.apple.ViewBridge.plist. Allow writes to TorBrowser-Data/Browser/profiles.ini (otherwise, a new browser profile is created each time the browser is opened). --- projects/tor-browser/Bundle-Data/mac-sandbox/tb.sb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/projects/tor-browser/Bundle-Data/mac-sandbox/tb.sb b/projects/tor-browser/Bundle-Data/mac-sandbox/tb.sb index eda7a1f..385e914 100644 --- a/projects/tor-browser/Bundle-Data/mac-sandbox/tb.sb +++ b/projects/tor-browser/Bundle-Data/mac-sandbox/tb.sb @@ -28,6 +28,7 @@ (allow file-read* (path "/Library/Preferences/com.apple.HIToolbox.plist") + (path "/Library/Preferences/com.apple.ViewBridge.plist") (path "/Library/Preferences/.GlobalPreferences.plist") (path "/dev/random") (path "/dev/urandom") @@ -41,6 +42,7 @@ (subpath "/Library/Fonts") (subpath "/System") (subpath "/private/var/folders") + (subpath "/usr/lib") (subpath "/usr/share") (home-subpath "/Downloads") (home-subpath "/Library/Input Methods") @@ -66,7 +68,6 @@ (path "/private/var/db/.AppleSetupDone") (path "/tmp") (path "/var") - (subpath "/usr/lib") (torbrowser-data-dir-path "/Tor/control.socket") (torbrowser-data-dir-path "/Tor/socks.socket") (path-regex "/private/tmp/Tor[-0-9]*/control.socket") @@ -86,11 +87,6 @@ (path "/Library/Preferences/.GlobalPreferences.plist") ) -; Disallow writes to the profiles ini file. -(deny file-write* - (torbrowser-data-dir-subpath "/Browser/profiles.ini") -) - (allow iokit-open) (allow ipc-posix-shm

1 0

[tor-browser-build/master] binutils: build with hardening flags on Linux
by boklm＠torproject.org 30 Jan '17

30 Jan '17

commit 406904e68c064f29785d06f79d083170b85dee23 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 30 10:37:51 2017 +0100 binutils: build with hardening flags on Linux --- projects/binutils/build | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/projects/binutils/build b/projects/binutils/build index 11e25d6..3ff4bdb 100644 --- a/projects/binutils/build +++ b/projects/binutils/build @@ -1,6 +1,21 @@ #!/bin/sh set -e +rootdir=$(pwd) distdir=/var/tmp/dist/binutils +[% IF c("var/linux") %] + # Config options for hardening-wrapper + export DEB_BUILD_HARDENING=1 + export DEB_BUILD_HARDENING_STACKPROTECTOR=1 + export DEB_BUILD_HARDENING_FORTIFY=1 + export DEB_BUILD_HARDENING_FORMAT=1 + export DEB_BUILD_HARDENING_PIE=1 + + # The libstdc++ shipped by default is non-PIC which breaks the binutils build + # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND + # make sure it gets used before the non-PIC one would. + ln -s /usr/lib/gcc/x86_64-linux-gnu/4.7/libstdc++_pic.a libstdc++.a + export LDFLAGS="-L$rootdir -lstdc++" +[% END %] tar xf [% project %]-[% c("version") %].tar.bz2 cd [% project %]-[% c("version") %] [% IF c('var/windows') -%]

1 0

[tor-browser-bundle/master] Bug 21332: libcxx is not needed for snowflake support on Linux
by gk＠torproject.org 27 Jan '17

27 Jan '17

commit 6e78d453a906909c5051e33f23033f13186cad82 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Jan 27 09:59:50 2017 +0000 Bug 21332: libcxx is not needed for snowflake support on Linux --- gitian/fetch-inputs.sh | 1 - gitian/verify-tags.sh | 1 - gitian/versions | 1 - gitian/versions.alpha | 1 - gitian/versions.nightly | 1 - 5 files changed, 5 deletions(-) diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 8c543d8..0ae2df5 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -277,7 +277,6 @@ tor-browser https://git.torproject.org/tor-browser.git $TORBR cmake https://cmake.org/cmake.git $CMAKE_TAG llvm https://github.com/llvm-mirror/llvm $LLVM_TAG clang https://github.com/llvm-mirror/clang $CLANG_TAG -libcxx https://github.com/llvm-mirror/libcxx $LIBCXX_TAG mingw-w64-git http://git.code.sf.net/p/mingw-w64/mingw-w64 $MINGW_TAG pyptlib https://git.torproject.org/pluggable-transports/pyptlib.git $PYPTLIB_TAG obfsproxy https://git.torproject.org/pluggable-transports/obfsproxy.git $OBFSPROXY_TAG diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 368a990..e8dfe3f 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -111,7 +111,6 @@ while read dir commit; do done << EOF llvm $LLVM_TAG clang $CLANG_TAG -libcxx $LIBCXX_TAG mingw-w64-git $MINGW_TAG libdmg-hfsplus $LIBDMG_TAG libfte $LIBFTE_TAG diff --git a/gitian/versions b/gitian/versions index 598a945..91bea14 100755 --- a/gitian/versions +++ b/gitian/versions @@ -25,7 +25,6 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 -LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.12 diff --git a/gitian/versions.alpha b/gitian/versions.alpha index a6f1aac..0644778 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -25,7 +25,6 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 -LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.12 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index d181106..ac8cfd1 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -32,7 +32,6 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 -LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=master OBFSPROXY_TAG=master

1 0