November 2023 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 41649: Create rebase and security backport gitlab issue templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: fac50006 by Pier Angelo Vendrame at 2023-11-30T14:13:06+00:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Adding issue and merge request templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: a084de1d by Pier Angelo Vendrame at 2023-11-30T14:03:08+00:00 fixup! Adding issue and merge request templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: ae9e3999 by Nicolas Vigier at 2023-11-30T13:58:17+00:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 226e45d9 by Nicolas Vigier at 2023-11-30T12:31:54+01:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -235,6 +235,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -569,6 +575,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 0f610931 by Nicolas Vigier at 2023-11-30T12:47:22+00:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 4dc9c81f by Nicolas Vigier at 2023-11-30T12:48:19+00:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -233,6 +233,12 @@ torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -565,6 +571,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 07898fd4 by Nicolas Vigier at 2023-11-30T11:59:45+01:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 93819f81 by Nicolas Vigier at 2023-11-30T11:59:49+01:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -229,6 +229,12 @@ torbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -557,6 +563,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] upload_sha256sums: '[% INCLUDE upload_sha256sums %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a601e164 by Pier Angelo Vendrame at 2023-11-30T12:29:05+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch base-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: c8b7532b by Pier Angelo Vendrame at 2023-11-30T12:27:17+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 9a352816 by Pier Angelo Vendrame at 2023-11-30T12:25:22+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 3db7a880 by Henry Wilkes at 2023-11-30T12:15:07+00:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42303: Remove unused "help" button logic from bridge dialogs. Follows bugzilla bug 1784882. - - - - - 6 changed files: - browser/components/torpreferences/content/builtinBridgeDialog.mjs - browser/components/torpreferences/content/builtinBridgeDialog.xhtml - browser/components/torpreferences/content/provideBridgeDialog.mjs - browser/components/torpreferences/content/provideBridgeDialog.xhtml - browser/components/torpreferences/content/requestBridgeDialog.mjs - browser/components/torpreferences/content/requestBridgeDialog.xhtml Changes: ===================================== browser/components/torpreferences/content/builtinBridgeDialog.mjs ===================================== @@ -86,12 +86,6 @@ export class BuiltinBridgeDialog { dialog.addEventListener("dialogaccept", () => { this.onSubmit(this._radioGroup.value, TorConnect.canBeginBootstrap); }); - dialog.addEventListener("dialoghelp", e => { - window.top.openTrustedLinkIn( - TorStrings.settings.learnMoreCircumventionURL, - "tab" - ); - }); this._acceptButton = dialog.getButton("accept"); ===================================== browser/components/torpreferences/content/builtinBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-builtinBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-builtinBridge-dialog" buttons="accept,cancel"> <description id="torPreferences-builtinBridge-description"> </description> <radiogroup id="torPreferences-builtinBridge-typeSelection"> <vbox class="builtin-bridges-option"> ===================================== browser/components/torpreferences/content/provideBridgeDialog.mjs ===================================== @@ -61,7 +61,6 @@ export class ProvideBridgeDialog { this._dialog.addEventListener("dialogaccept", e => { this.onSubmit(this._textarea.value, TorConnect.canBeginBootstrap); }); - this._dialog.addEventListener("dialoghelp", openHelp); this._acceptButton = this._dialog.getButton("accept"); ===================================== browser/components/torpreferences/content/provideBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-provideBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-provideBridge-dialog" buttons="accept,cancel"> <description> <html:div id="torPreferences-provideBridge-description" ><br /></html:div ===================================== browser/components/torpreferences/content/requestBridgeDialog.mjs ===================================== @@ -62,12 +62,6 @@ export class RequestBridgeDialog { e.preventDefault(); this.onSubmitCaptcha(); }); - this._dialog.addEventListener("dialoghelp", e => { - window.top.openTrustedLinkIn( - TorStrings.settings.learnMoreBridgesURL, - "tab" - ); - }); this._dialogHeader = this._dialog.querySelector(selectors.dialogHeader); this._dialogHeader.textContent = TorStrings.settings.contactingBridgeDB; ===================================== browser/components/torpreferences/content/requestBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-requestBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-requestBridge-dialog" buttons="accept,cancel">  View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3db7a88… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3db7a88… You're receiving this email because of your account on gitlab.torproject.org.

1 0