April 2018 - tbb-commits - lists.torproject.org

[tor-browser/tor-browser-52.7.3esr-8.0-1] Bug 20283: Tor Browser should run without a `/proc` filesystem.
by gk＠torproject.org 16 Apr '18

16 Apr '18

commit 90e16dd25b6eb199c016fc8b5e9478a3454d36e1 Author: Richard Pospesel <richard(a)torproject.org> Date: Mon Apr 9 11:40:32 2018 -0700 Bug 20283: Tor Browser should run without a `/proc` filesystem. Firefox uses the current stack frame address and the stack size as a sort of heuristic for various things in the javascript engine. The js::GetNativeStackBaseImpl() function is used to get the base stack address (ie the address from which the stack grows, so this can be either the first or last memory address of the stack memory space depending on the CPU architecture). On Linux, this function is implemented using the pthreads APIs. For non-main threads, the queried thread info is stored in memory. The main thread does not have this information on hand, so it gets the stack memory range via the /proc/self/maps file ( see glibc's pthread_get_attr_np.c ). Fortunately (per discussions with the firefox devs in #jsapi) the base address only needs to be approximation. In reality, environment variables, args, and other things are stored in space between the end/beginning of the mapped stack memory and the 'top' of the stack space used by stack frames. We can get the top of this usable stack from __libc_stack_end, which is a void* set by glibc during program initialization. Non-main threads still get their stack-base through the usual pthreads APIs. This patch integrates the latest jsnativestack.cpp from mozilla- central, and creates a specific implementation of js::GetNativeStackBaseImpl() for non-android Linux using the described __libc_stack_end read. --- js/src/jsnativestack.cpp | 88 +++++++++++++++++++++++++++++------------------- 1 file changed, 54 insertions(+), 34 deletions(-) diff --git a/js/src/jsnativestack.cpp b/js/src/jsnativestack.cpp index 05928ea3dff3..0f4dae156c2b 100644 --- a/js/src/jsnativestack.cpp +++ b/js/src/jsnativestack.cpp @@ -8,22 +8,17 @@ #ifdef XP_WIN # include "jswin.h" - #elif defined(XP_DARWIN) || defined(DARWIN) || defined(XP_UNIX) # include <pthread.h> - # if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) # include <pthread_np.h> # endif - -# if defined(ANDROID) +# if defined(ANDROID) && !defined(__aarch64__) # include <sys/types.h> # include <unistd.h> # endif - #else # error "Unsupported platform" - #endif #if defined(XP_WIN) @@ -31,32 +26,8 @@ void* js::GetNativeStackBaseImpl() { -# if defined(_M_IX86) && defined(_MSC_VER) - /* - * offset 0x18 from the FS segment register gives a pointer to - * the thread information block for the current thread - */ - NT_TIB* pTib; - __asm { - MOV EAX, FS:[18h] - MOV pTib, EAX - } - return static_cast<void*>(pTib->StackBase); - -# elif defined(_M_X64) - PNT_TIB64 pTib = reinterpret_cast<PNT_TIB64>(NtCurrentTeb()); - return reinterpret_cast<void*>(pTib->StackBase); - -# elif defined(_M_ARM) PNT_TIB pTib = reinterpret_cast<PNT_TIB>(NtCurrentTeb()); return static_cast<void*>(pTib->StackBase); - -# elif defined(_WIN32) && defined(__GNUC__) - NT_TIB* pTib; - asm ("movl %%fs:0x18, %0\n" : "=r" (pTib)); - return static_cast<void*>(pTib->StackBase); - -# endif } #elif defined(SOLARIS) @@ -88,6 +59,55 @@ js::GetNativeStackBaseImpl() context.uc_stack.ss_size; } +#elif defined(XP_LINUX) && !defined(ANDROID) + +# include <dlfcn.h> +# include <sys/syscall.h> +static pid_t +gettid() +{ + return syscall(__NR_gettid); +} + +void* +js::GetNativeStackBaseImpl() +{ + // main thread, get stack base from __libc_stack_end rather than pthread APIs + // to avoid filesystem calls /proc/self/maps + if(gettid() == getpid()) { + void** pLibcStackEnd = (void**)dlsym(RTLD_DEFAULT, "__libc_stack_end"); + // if __libc_stack_end is not found, architecture specific frame pointer hopping will need + // to be implemented + MOZ_ASSERT(pLibcStackEnd); + void* stackBase = *pLibcStackEnd; + MOZ_ASSERT(stackBase); + // we don't need to fix stackBase, as it already roughly points to beginning of the stack + return stackBase; + } + // non-main threads have the required info stored in memory, no filesystem calls are made + else { + pthread_t thread = pthread_self(); + pthread_attr_t sattr; + pthread_attr_init(&sattr); + pthread_getattr_np(thread, &sattr); + // stackBase will be the lowest address on all architectures + void* stackBase = nullptr; + size_t stackSize = 0; + int rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize); + if(rc) { + MOZ_CRASH(); + } + MOZ_ASSERT(stackBase); + pthread_attr_destroy(&sattr); + +# if JS_STACK_GROWTH_DIRECTION > 0 + return stackBase; +# else + return static_cast<char*>(stackBase) + stackSize; +# endif + } +} + #else /* XP_UNIX */ void* @@ -120,11 +140,11 @@ js::GetNativeStackBaseImpl() rc = pthread_stackseg_np(pthread_self(), &ss); stackBase = (void*)((size_t) ss.ss_sp - ss.ss_size); stackSize = ss.ss_size; -# elif defined(ANDROID) +# elif defined(ANDROID) && !defined(__aarch64__) if (gettid() == getpid()) { - // bionic's pthread_attr_getstack doesn't tell the truth for the main - // thread (see bug 846670). So we scan /proc/self/maps to find the - // segment which contains the stack. + // bionic's pthread_attr_getstack prior to API 21 doesn't tell the truth + // for the main thread (see bug 846670). So we scan /proc/self/maps to + // find the segment which contains the stack. rc = -1; // Put the string on the stack, otherwise there is the danger that it

1 0

[tor-browser/tor-browser-52.7.3esr-8.0-1] Bug 21537: Mark .onion cookies as secure
by gk＠torproject.org 13 Apr '18

13 Apr '18

commit c70454fd10efeb9f4cabc69f94a9a7a633c10174 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 13 16:59:24 2018 +0000 Bug 21537: Mark .onion cookies as secure --- netwerk/cookie/nsCookieService.cpp | 60 ++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp index cf1d91e2df36..f9390d7ef093 100644 --- a/netwerk/cookie/nsCookieService.cpp +++ b/netwerk/cookie/nsCookieService.cpp @@ -3112,6 +3112,26 @@ PathMatches(nsCookie* aCookie, const nsACString& aPath) { return true; } +static bool +IsSecureHost(nsIURI *aHostURI) { + bool isSecure = true; + // If SchemeIs fails, assume an insecure connection, to be on the safe side. + if (aHostURI && NS_FAILED(aHostURI->SchemeIs("https", &isSecure))) { + isSecure = false; + } + // In case HTTPS is not used check whether we have a .onion host in which + // case the cookie is secure, too. + if (aHostURI && !isSecure) { + nsresult rv; + nsAutoCString hostFromURI; + rv = aHostURI->GetAsciiHost(hostFromURI); + if (NS_SUCCEEDED(rv)) { + isSecure = StringEndsWith(hostFromURI, NS_LITERAL_CSTRING(".onion")); + } + } + return isSecure; +} + void nsCookieService::GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, @@ -3164,13 +3184,10 @@ nsCookieService::GetCookieStringInternal(nsIURI *aHostURI, // If it changes, please update that function, or file a bug for someone // else to do so. - // check if aHostURI is using an https secure protocol. - // if it isn't, then we can't send a secure cookie over the connection. - // if SchemeIs fails, assume an insecure connection, to be on the safe side - bool isSecure; - if (NS_FAILED(aHostURI->SchemeIs("https", &isSecure))) { - isSecure = false; - } + // Check if aHostURI is using the HTTPS protocol or if the domain is a + // .onion. If it isn't, then we can't send a secure cookie over the + // connection. + bool isSecure = IsSecureHost(aHostURI); nsCookie *cookie; AutoTArray<nsCookie*, 8> foundCookieList; @@ -3316,20 +3333,10 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI, // so we can handle them separately. bool newCookie = ParseAttributes(aCookieHeader, cookieAttributes); - // Collect telemetry on how often secure cookies are set from non-secure - // origins, and vice-versa. - // - // 0 = nonsecure and "http:" - // 1 = nonsecure and "https:" - // 2 = secure and "http:" - // 3 = secure and "https:" - bool isHTTPS; - nsresult rv = aHostURI->SchemeIs("https", &isHTTPS); - if (NS_SUCCEEDED(rv)) { - Telemetry::Accumulate(Telemetry::COOKIE_SCHEME_SECURITY, - ((cookieAttributes.isSecure)? 0x02 : 0x00) | - ((isHTTPS)? 0x01 : 0x00)); - } + // Check if aHostURI is using the HTTPS protocol or if the domain is a + // .onion. If it isn't, then we can't send a secure cookie over the + // connection. + bool isSecure = IsSecureHost(aHostURI); int64_t currentTimeInUsec = PR_Now(); @@ -3369,7 +3376,7 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI, return newCookie; } // magic prefix checks. MUST be run after CheckDomain() and CheckPath() - if (!CheckPrefixes(cookieAttributes, isHTTPS)) { + if (!CheckPrefixes(cookieAttributes, isSecure)) { COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the prefix tests"); return newCookie; } @@ -3457,13 +3464,10 @@ nsCookieService::AddInternal(const nsCookieKey &aKey, return; } - bool isSecure = true; - if (aHostURI && NS_FAILED(aHostURI->SchemeIs("https", &isSecure))) { - isSecure = false; - } + bool isSecure = IsSecureHost(aHostURI); - // If the new cookie is non-https and wants to set secure flag, - // browser have to ignore this new cookie. + // If the new cookie is non-https or not set by a .onion domain, and wants to + // set secure flag, browser have to ignore this new cookie. // (draft-ietf-httpbis-cookie-alone section 3.1) if (mLeaveSecureAlone && aCookie->IsSecure() && !isSecure) { COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader,

1 0

[tor-browser/tor-browser-52.7.3esr-8.0-1] Bug 21537: Tests for secure .onion cookies
by gk＠torproject.org 13 Apr '18

13 Apr '18

commit 82cd8ae9a5de7c9f9fde591c29b0ccfa8b59d42f Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 13 17:00:11 2018 +0000 Bug 21537: Tests for secure .onion cookies --- netwerk/test/TestCookie.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/netwerk/test/TestCookie.cpp b/netwerk/test/TestCookie.cpp index 68c7ff1b3ef1..c382c33c7e3c 100644 --- a/netwerk/test/TestCookie.cpp +++ b/netwerk/test/TestCookie.cpp @@ -729,8 +729,18 @@ main(int32_t argc, char *argv[]) SetACookie(cookieService, "http://www.security.test/", nullptr, "test=non-security2; domain=security.test", nullptr); GetACookieNoHttp(cookieService, "http://www.security.test/", getter_Copies(cookie)); rv[8] = CheckResult(cookie.get(), MUST_CONTAIN, "test=non-security2"); - - allTestsPassed = PrintResult(rv, 9) && allTestsPassed; + // .onion secure cookie tests + SetACookie(cookieService, "http://123456789abcdef.onion/", nullptr, "test=onion-security; secure", nullptr); + GetACookieNoHttp(cookieService, "https://123456789abcdef.onion/", getter_Copies(cookie)); + rv[9] = CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security"); + SetACookie(cookieService, "http://123456789abcdef.onion/", nullptr, "test=onion-security2; secure", nullptr); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", getter_Copies(cookie)); + rv[10] = CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security2"); + SetACookie(cookieService, "https://123456789abcdef.onion/", nullptr, "test=onion-security3; secure", nullptr); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", getter_Copies(cookie)); + rv[11] = CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security3"); + + allTestsPassed = PrintResult(rv, 12) && allTestsPassed; // *** nsICookieManager{2} interface tests sBuffer = PR_sprintf_append(sBuffer, "*** Beginning nsICookieManager{2} interface tests...\n");

1 0

[tor-browser-build/master] Bug 25481: Enable rust support in Linux nightlies
by boklm＠torproject.org 13 Apr '18

13 Apr '18

commit 5be41831b52795ee87c57cdbd18da68bf73fe1cc Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 13 14:29:20 2018 +0000 Bug 25481: Enable rust support in Linux nightlies We enable Rust support for tor in our Linux nightly builds as a first step to enabling it on all supported platforms. --- keyring/rust.gpg | Bin 0 -> 5311 bytes projects/cmake/config | 2 +- projects/rust/binaryen.patch | 22 +++++++++++++++ projects/rust/build | 38 ++++++++++++++++++++++++++ projects/rust/config | 62 +++++++++++++++++++++++++++++++++++++++++++ projects/tor/build | 8 ++++-- projects/tor/config | 4 +++ 7 files changed, 133 insertions(+), 3 deletions(-) diff --git a/keyring/rust.gpg b/keyring/rust.gpg new file mode 100644 index 0000000..e81f452 Binary files /dev/null and b/keyring/rust.gpg differ diff --git a/projects/cmake/config b/projects/cmake/config index 357370d..492b99c 100644 --- a/projects/cmake/config +++ b/projects/cmake/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 2.8.12.2 +version: 3.4.3 git_url: https://cmake.org/cmake.git git_hash: 'v[% c("version") %]' tag_gpg_id: 1 diff --git a/projects/rust/binaryen.patch b/projects/rust/binaryen.patch new file mode 100644 index 0000000..fee9b6a --- /dev/null +++ b/projects/rust/binaryen.patch @@ -0,0 +1,22 @@ +From 820f26810baf35c1961763f6b0013e4f7e7380da Mon Sep 17 00:00:00 2001 +From: Georg Koppen <gk(a)torproject.org> +Date: Thu, 12 Apr 2018 13:10:13 +0000 +Subject: [PATCH] Use our gcc/c++ + + +diff --git a/src/librustc_binaryen/build.rs b/src/librustc_binaryen/build.rs +index f23ff3cee5..2496dd1be9 100644 +--- a/src/librustc_binaryen/build.rs ++++ b/src/librustc_binaryen/build.rs +@@ -26,6 +26,8 @@ fn main() { + + Config::new("../binaryen") + .define("BUILD_STATIC_LIB", "ON") ++ .define("CMAKE_C_COMPILER", "gcc") ++ .define("CMAKE_CXX_COMPILER", "c++") + .build_target("binaryen") + .build(); + +-- +2.16.3 + diff --git a/projects/rust/build b/projects/rust/build new file mode 100644 index 0000000..e20df55 --- /dev/null +++ b/projects/rust/build @@ -0,0 +1,38 @@ +#!/bin/bash +[% c('var/setarch') %] +[% c("var/set_default_env") -%] +distdir=/var/tmp/dist/[% project %] +mkdir -p /var/tmp/dist +tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %] +export PATH="/var/tmp/dist/cmake/bin:$PATH" +tar -C /var/tmp/dist -xf [% c('input_files_by_name/prev_rust') %] +cd /var/tmp/dist/rust-[% c('var/prev_version') %]-[% c('arch') %]-unknown-linux-gnu +./install.sh --prefix=$distdir-rust-old +export PATH="$distdir-rust-old/bin:$PATH" + +[% IF c("var/linux") %] + [% pc('gcc', 'var/setup', { compiler_tarfile => c('input_files_by_name/gcc') }) %] +[% END -%] + +cd $rootdir +mkdir /var/tmp/build +tar -C /var/tmp/build -xf [% c('input_files_by_name/rust') %] +cd /var/tmp/build/rustc-[% c('version') %]-src + +[% IF c("var/linux") %] + # binaryen hardcodes /usr/bin/cc and /usr/bin/c++ as the C and C++ compiler. + # But that is too old on Debian Wheezy which is why we need to patch it, so + # we can use our own GCC instead. + patch -p1 < $rootdir/binaryen.patch +[% END %] + +mkdir build +cd build +../configure --prefix=$distdir [% c("var/configure_opt") %] +make -j[% c("buildconf/num_procs") %] +make install +cd /var/tmp/dist +[% c('tar', { + tar_src => [ project ], + tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), + }) %] diff --git a/projects/rust/config b/projects/rust/config new file mode 100644 index 0000000..49fc3ab --- /dev/null +++ b/projects/rust/config @@ -0,0 +1,62 @@ +# vim: filetype=yaml sw=2 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +version: 1.25.0 +var: + prev_version: 1.24.1 + container: + use_container: 1 + +targets: + linux: + var: + arch_deps: + - hardening-wrapper + - libssl-dev + - pkg-config + # We use + # `--enable-local-rust` to avoid downloading the required compiler during + # build time + # + # `--enable-vendor` to avoid downloading crates during build time and just + # use the ones which are shipped with the source + # + # `--enable-extended` to build not only rustc but cargo as well + # + # `--release-channel=stable` to just include stable features in the + # compiler + # + # `--sysconfdir=etc` to avoid install failures as |make install| wants to + # write to /etc otherwise + # + # the `target` triple to explicitly specify the architecture and platform + # for the compiler/std lib. Ideally, it should not be needed unless one is + # cross-compiling, but compiling `alloc_jemalloc` fails without that in a + # 32bit container. "--host=x86_64-unknown-linux-gnu" is used in its + # configure script in this case. + # `--set=` to explicitly specify the C compiler. We need to compile the + # bundled LLVM and it wants to use `cc`. However, we don't have that in + # our compiled GCC resulting in weird errors due to C and C++ compiler + # version mismatch. We avoid that with this configure option. We need to + # build our own GCC in the first place as 4.7.2 is too old to get all the + # Rust pieces compiled. + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --target=[% c("arch") %]-unknown-linux-gnu --set=target.[% c("arch") %]-unknown-linux-gnu.cc=gcc + +input_files: + - project: container-image + - project: cmake + name: cmake + - project: gcc + name: gcc + enable: '[% c("var/linux") %]' + - URL: 'https://static.rust-lang.org/dist/rustc-[% c("version") %]-src.tar.gz' + name: rust + sig_ext: asc + file_gpg_id: 1 + gpg_keyring: rust.gpg + - URL: 'https://static.rust-lang.org/dist/rust-[% c("var/prev_version") %]-[% c("arch") %]-unknown-linux-gnu.tar.xz' + name: prev_rust + sig_ext: asc + file_gpg_id: 1 + gpg_keyring: rust.gpg + - filename: binaryen.patch + enable: '[% c("var/linux") %]' diff --git a/projects/tor/build b/projects/tor/build index e52e43b..bf7db83 100644 --- a/projects/tor/build +++ b/projects/tor/build @@ -20,6 +20,10 @@ mkdir -p /var/tmp/build tar -C /var/tmp/dist -xf [% c('input_files_by_name/openssl') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/libevent') %] +[% IF c("var/linux") && c("var/nightly") %] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust') %] + export PATH=/var/tmp/dist/rust/bin:$PATH +[% END %] tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz libeventdir=/var/tmp/dist/libevent openssldir=/var/tmp/dist/openssl @@ -31,7 +35,6 @@ openssldir=/var/tmp/dist/openssl $gcclibs/*.dll $distdir/Tor/ [% END %] - [% IF c("var/linux") %] mkdir -p "$distdir/Debug/Tor" cp $openssldir/lib/libssl.so.1.0.0 "$distdir/Tor/" @@ -62,10 +65,11 @@ cd /var/tmp/build/[% project %]-[% c('version') %] echo '"[% c("abbrev", { abbrev_length => 16 }) %]"' > micro-revision.i ./autogen.sh find -type f -print0 | xargs -0 [% c("var/touch") %] -./configure --disable-asciidoc --with-libevent-dir="$libeventdir" --with-openssl-dir="$openssldir" \ +[% IF c("var/linux") && c("var/nightly") %]TOR_RUST_DEPENDENCIES=`pwd`/src/ext/rust/crates[% END %] ./configure --disable-asciidoc --with-libevent-dir="$libeventdir" --with-openssl-dir="$openssldir" \ [% IF c("var/asan") %]--enable-fragile-hardening[% END %] \ [% IF c("var/windows") %]--with-zlib-dir="$zlibdir"[% END %] \ [% IF c("var/osx") %]--enable-static-openssl[% END %] \ + [% IF c("var/linux") && c("var/nightly") %]--enable-rust[% END %] \ --prefix="$distdir" [% c("var/configure_opt") %] [% IF c("var/osx") || c("var/windows") -%] export LD_PRELOAD=[% c("var/faketime_path") %] diff --git a/projects/tor/config b/projects/tor/config index e650b6e..7029880 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -3,6 +3,7 @@ filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/buil version: 0.3.3.3-alpha git_hash: 'tor-[% c("version") %]' git_url: https://git.torproject.org/tor.git +git_submodule: 1 gpg_keyring: tor.gpg tag_gpg_id: 1 @@ -57,3 +58,6 @@ input_files: enable: '[% c("var/windows") %]' - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' + - name: rust + project: rust + enable: '[% c("var/linux") && c("var/nightly") %]'

1 0

[tor-browser-build/master] Bug 25572: Update NoScript to version 5.1.8.5
by gk＠torproject.org 12 Apr '18

12 Apr '18

commit 36cfa493d65da45022aad17c6d7b21ee0a9b2fae Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 11 11:59:12 2018 +0000 Bug 25572: Update NoScript to version 5.1.8.5 --- projects/tor-browser/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 661b8e2..dec5648 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -66,9 +66,9 @@ input_files: name: snowflake enable: '[% c("var/snowflake") %]' - filename: Bundle-Data - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://secure.informaction.com/download/releases/noscript-5.1.8.5.xpi name: noscript - sha256sum: 1c85a72cd0d7d210f8dd463f9700214703a5f28319c2b1679db00f861a5289f7 + sha256sum: 7180f8d24ca31989682dee229b95e3503699f2bb25cb593a6a1f2ce0a2253792 - filename: 'RelativeLink/start-tor-browser.desktop' enable: '[% c("var/linux") %]' - filename: 'RelativeLink/execdesktop'

1 0

[torbutton/master] Release preparations for 1.9.9.1
by gk＠torproject.org 11 Apr '18

11 Apr '18

commit 800fa9565409544e8ad134c803501f06ab902116 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 11 09:25:03 2018 +0000 Release preparations for 1.9.9.1 Version bump, Changelog update, and minVersion bump. We've forgotten the latter for a while now but this Torbutton requires at least a Firefox 52. --- src/CHANGELOG | 4 ++++ src/install.rdf | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index 1ad2400..0ea09ce 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,7 @@ +1.9.9.1 + * Bug 25126: Make about:tor layout responsive + * Translations update + 1.9.9 * Bug 24159: Version check does not deal with platform specific checks * Bug 25016: Remove 2017 donation banner diff --git a/src/install.rdf b/src/install.rdf index 5ecdb6d..98db46a 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.9.9</em:version> + <em:version>1.9.9.1</em:version> <em:multiprocessCompatible>true</em:multiprocessCompatible> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> @@ -17,7 +17,7 @@ <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> - <em:minVersion>45.0</em:minVersion> + <em:minVersion>52.0</em:minVersion> <em:maxVersion>10000.0</em:maxVersion> </Description> </em:targetApplication>

1 0

[torbutton/master] Translations update
by gk＠torproject.org 11 Apr '18

11 Apr '18

commit aad3b7bd2c6aaf6d684d624211e0a7cc506d9a69 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 11 09:21:46 2018 +0000 Translations update --- src/chrome/locale/ar/torbutton.dtd | 4 ++-- src/chrome/locale/es/aboutTor.dtd | 2 +- src/chrome/locale/es/torbutton.properties | 2 +- src/chrome/locale/nl/torbutton.dtd | 6 +++--- src/chrome/locale/nl/torbutton.properties | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/chrome/locale/ar/torbutton.dtd b/src/chrome/locale/ar/torbutton.dtd index 6e45989..1605070 100644 --- a/src/chrome/locale/ar/torbutton.dtd +++ b/src/chrome/locale/ar/torbutton.dtd @@ -35,10 +35,10 @@ <!ENTITY torbutton.prefs.sec_caption_tooltip "The Security Slider lets you disable certain browser features that may make your browser more vulnerable to hacking attempts."> <!ENTITY torbutton.prefs.sec_standard_label "عادي"> <!ENTITY torbutton.prefs.sec_standard_description "All Tor Browser and website features are enabled."> -<!ENTITY torbutton.prefs.sec_safer_label "Safer"> +<!ENTITY torbutton.prefs.sec_safer_label "آمِن جدا"> <!ENTITY torbutton.prefs.sec_safer_description "Disables website features that are often dangerous, causing some sites to lose functionality."> <!ENTITY torbutton.prefs.sec_safer_list_label "At the safer setting:"> -<!ENTITY torbutton.prefs.sec_safest_label "Safest"> +<!ENTITY torbutton.prefs.sec_safest_label "جِدّ آمِن"> <!ENTITY torbutton.prefs.sec_safest_description "Only allows website features required for static sites and basic services. These changes affect images, media, and scripts."> <!ENTITY torbutton.prefs.sec_safest_list_label "At the safest setting:"> <!ENTITY torbutton.prefs.sec_learn_more_label "تعرّف على المزيد"> diff --git a/src/chrome/locale/es/aboutTor.dtd b/src/chrome/locale/es/aboutTor.dtd index 35be7ee..6354df7 100644 --- a/src/chrome/locale/es/aboutTor.dtd +++ b/src/chrome/locale/es/aboutTor.dtd @@ -8,7 +8,7 @@ <!ENTITY aboutTor.outOfDateTorOn.label "ADVERTENCIA: Este navegador no está actualizado."> <!ENTITY aboutTor.outOfDateTorOff.label "ADEMÁS, este navegador tampoco está actualizado."> -<!ENTITY aboutTor.outOfDate2.label "Haga clic en la cebolla y luego seleccione Comprobar actualizaciones del Navegador Tor."> +<!ENTITY aboutTor.outOfDate2.label "Haz clic en la cebolla y luego selecciona Comprobar actualizaciones del Navegador Tor."> <!ENTITY aboutTor.check.label "Probar las preferencias de red Tor"> diff --git a/src/chrome/locale/es/torbutton.properties b/src/chrome/locale/es/torbutton.properties index b197bbf..35a796a 100644 --- a/src/chrome/locale/es/torbutton.properties +++ b/src/chrome/locale/es/torbutton.properties @@ -31,7 +31,7 @@ torbutton.popup.confirm_newnym = El Navegador Tor cerrará todas las ventanas y torbutton.slider_notification = El menú de la cebolla verde ahora tiene un control deslizante que le permite ajustar su nivel de seguridad. ¡Échele un vistazo! torbutton.slider_notification_button = Abrir ajustes de seguridad -torbutton.maximize_warning = Maximizar el navegador Tor puede permitir a los sitios web determinar el tamaño de su monitor, lo que se puede usar para rastrearle. Le recomendamos que deje las ventanas del navegador Tor a su tamaño predeterminado original. +torbutton.maximize_warning = Maximizar el navegador Tor puede permitir a los sitios web determinar el tamaño de tu monitor, lo que podría usarse para rastrearte. Te recomendamos que dejes las ventanas del navegador Tor en su tamaño predeterminado. # Canvas permission prompt. Strings are kept here for ease of translation. canvas.siteprompt=Este sitio web (%s) intentó extraer datos de imagen de un lienzo HTML5, que podrían usarse para identificar de forma única su computadora.\n\n¿Debe permitir el Navegador Tor a este sitio web extraer los datos de imagen de lienzos HTML5? diff --git a/src/chrome/locale/nl/torbutton.dtd b/src/chrome/locale/nl/torbutton.dtd index 7cba67c..ce0e13a 100644 --- a/src/chrome/locale/nl/torbutton.dtd +++ b/src/chrome/locale/nl/torbutton.dtd @@ -34,12 +34,12 @@ <!ENTITY torbutton.prefs.sec_caption "Beveiligingsniveau"> <!ENTITY torbutton.prefs.sec_caption_tooltip "De beveiligingsschuifbalk laat je toe sommige functies uit te schakelen die je browser mogelijk blootstellen aan beveiligingsrisico's."> <!ENTITY torbutton.prefs.sec_standard_label "Standaard"> -<!ENTITY torbutton.prefs.sec_standard_description "Alle Tor Browser- en website functies zijn ingeschakeld."> +<!ENTITY torbutton.prefs.sec_standard_description "Alle Tor Browser- en websitefuncties zijn ingeschakeld."> <!ENTITY torbutton.prefs.sec_safer_label "Veiliger"> -<!ENTITY torbutton.prefs.sec_safer_description "Uitgeschakelde website functies die zijn meestal gevaarlijk, waardoor sommige sites functionaliteit vaak verliezen."> +<!ENTITY torbutton.prefs.sec_safer_description "Uitgeschakelde websitefuncties die zijn meestal gevaarlijk, waardoor sommige sites functionaliteit vaak verliezen."> <!ENTITY torbutton.prefs.sec_safer_list_label "Op de veiliger instelling:"> <!ENTITY torbutton.prefs.sec_safest_label "Veiligste"> -<!ENTITY torbutton.prefs.sec_safest_description "Alleen website-functies toestaan die vereist zijn voor statische sites en basis diensten. Deze wijzigingen zijn van invloed op afbeeldingen, media en scripts."> +<!ENTITY torbutton.prefs.sec_safest_description "Alleen websitefuncties toestaan die vereist zijn voor statische sites en basis diensten. Deze wijzigingen zijn van invloed op afbeeldingen, media en scripts."> <!ENTITY torbutton.prefs.sec_safest_list_label "Op de veiligste instelling:"> <!ENTITY torbutton.prefs.sec_learn_more_label "Leer Meer"> <!ENTITY torbutton.prefs.sec_js_on_https_sites_only "JavaScript zijn uitgeschakeld op non-HTTP sites."> diff --git a/src/chrome/locale/nl/torbutton.properties b/src/chrome/locale/nl/torbutton.properties index 056e445..87595e2 100644 --- a/src/chrome/locale/nl/torbutton.properties +++ b/src/chrome/locale/nl/torbutton.properties @@ -28,7 +28,7 @@ torbutton.popup.confirm_plugins = plug-ins zoals flash kunnen u privacy en anoni torbutton.popup.never_ask_again = Vraag me dit nooit meer. torbutton.popup.confirm_newnym = De Tor Browser zal alle windows en tabs sluiten. Alle website sessies zullen verloren gaan.\n\nHerstart de Tor Browser om je identiteit te resetten?\n\n -torbutton.slider_notification = Het groene ui menu heeft nu een schuif regelaar waar u uw veiligheids level aan kunt passen. Bekijk het eens! +torbutton.slider_notification = Het groene ui menu heeft nu een schuifregelaar waar u uw beveiligingsniveau aan kunt passen. Bekijk het eens! torbutton.slider_notification_button = Open de beveiligingsvoorkeuren torbutton.maximize_warning = Het maximaliseren van Tor Browser stelt webpagina's in staat uw beeldschermgrootte vast te stellen; dit kan worden gebruikt om u te traceren. We raden aan dat u vensters van Tor Browser in hun oorspronkelijke grootte laat.

1 0

[tor-browser-build/master] Bump rbm (picking up fix for #25746)
by gk＠torproject.org 11 Apr '18

11 Apr '18

commit 80a65a334622562272af637b18afbce3d71e03da Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 11 09:08:29 2018 +0000 Bump rbm (picking up fix for #25746) --- rbm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rbm b/rbm index db41d8e..8adbc46 160000 --- a/rbm +++ b/rbm @@ -1 +1 @@ -Subproject commit db41d8e754ed8cd6cee7bca18d76d59f8f7f369b +Subproject commit 8adbc46dc9e8358abad75ac81faf4646d8165b9e

1 0

[rbm/master] Bug 25746: fix git_submodule option with submodule in subdirectory
by gk＠torproject.org 11 Apr '18

11 Apr '18

commit 8adbc46dc9e8358abad75ac81faf4646d8165b9e Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Apr 9 18:54:04 2018 +0200 Bug 25746: fix git_submodule option with submodule in subdirectory To create an archive containing all submodules, we were creating a temporary archive of each submodule before appending them to the main archive. We were using the submodule path in the temporary archive filename, which was failing if the submodule is in a subdirectory. To avoid that, we are removing the path from the temporary archive's filename and directly appending it to the main archive. --- lib/RBM.pm | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/RBM.pm b/lib/RBM.pm index f987130..8875a7c 100644 --- a/lib/RBM.pm +++ b/lib/RBM.pm @@ -557,13 +557,9 @@ sub maketar { ($stdout, $stderr, $success, $exit_code) = capture_exec('git', 'submodule', 'foreach', "git archive --prefix=$project-$version/\$path/" - . " --output=$tmpdir/submodule-\$name.tar \$sha1"); + . " --output=$tmpdir/submodule.tar \$sha1;" + . "tar -Af \"$dest_dir/$tar_file\" $tmpdir/submodule.tar"); exit_error 'Error running git archive on submodules.' unless $success; - foreach my $file (sort glob "$tmpdir/*.tar") { - ($stdout, $stderr, $success, $exit_code) - = capture_exec('tar', '-Af', "$dest_dir/$tar_file", $file); - exit_error "Error appending submodule tar:\n$stderr" unless $success; - } } } else { system('hg', 'archive', '-r', $commit_hash, '-t', 'tar',

1 0

[tor-browser-build/master] Merge remote-tracking branch 'boklm/bug_25420_v4'
by gk＠torproject.org 11 Apr '18

11 Apr '18

commit dcce85b6d858d5438bdc68098e846c8ea73c5df6 Merge: 8e21b34 d3e2dd7 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Apr 11 08:28:31 2018 +0000 Merge remote-tracking branch 'boklm/bug_25420_v4' projects/mingw-w64/build | 2 +- projects/mingw-w64/config | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)

1 0