October 2024 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 41256: Re-generate update-responses in upload-update_responses-to-staticiforme
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 3f075f68 by Nicolas Vigier at 2024-10-03T18:09:53+00:00 Bug 41256: Re-generate update-responses in upload-update_responses-to-staticiforme The script was not re-generating update-responses if it had been generated before. In some case this can be a problem: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - - - - - 1 changed file: - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -8,15 +8,12 @@ check_torbrowser_version_var update_responses_tar_filename="update-responses-$tbb_version_type-$tbb_version.tar" update_responses_tar="$script_dir/../../$SIGNING_PROJECTNAME/$tbb_version_type/update-responses/$update_responses_tar_filename" -if test -f "$update_responses_tar" -then - echo "$update_responses_tar_filename already exists: not running 'make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type'" -else - echo "Running 'make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type'" - pushd "$script_dir/../.." > /dev/null - make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type - popd > /dev/null -fi +test -f "$update_responses_tar" && \ + echo "warning: $update_responses_tar_filename already exists. It will be re-generated." +echo "Running 'make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type'" +pushd "$script_dir/../.." > /dev/null +make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type +popd > /dev/null cd $update_responses_repository_dir git checkout main View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Base Browser's .mozconfigs.
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: b4eaca29 by Pier Angelo Vendrame at 2024-10-03T17:57:36+00:00 fixup! Base Browser's .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 2 changed files: - browser/config/mozconfigs/base-browser-android - mozconfig-android-all Changes: ===================================== browser/config/mozconfigs/base-browser-android ===================================== @@ -1,3 +1,6 @@ +# Changes on this file might need to be synchronized with mozconfig-android-all! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-optimize @@ -29,6 +32,9 @@ ac_add_options --disable-parental-controls ac_add_options --enable-proxy-bypass-protection ac_add_options --disable-system-policies +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + # Disable telemetry ac_add_options MOZ_TELEMETRY_REPORTING= ===================================== mozconfig-android-all ===================================== @@ -1,18 +1,41 @@ +# Changes on this file might need to be synchronized with +# browser/config/mozconfigs/base-browser-android! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-application=mobile/android + ac_add_options --disable-compile-environment +ac_add_options --with-java-bin-path=$JAVA_HOME/bin +ac_add_options --with-android-sdk=$ANDROID_HOME +ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle + +ac_add_options --disable-tests +ac_add_options --disable-debug + +ac_add_options --disable-updater +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls + +ac_add_options --enable-proxy-bypass-protection +ac_add_options --disable-system-policies + +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= + if test -n "$LOCAL_DEV_BUILD"; then # You must use the "default" bogus channel for dev builds ac_add_options --enable-update-channel=default - ac_add_options --without-wasm-sandboxed-libraries ac_add_options --with-base-browser-version=dev-build ac_add_options --disable-minify fi -ac_add_options --with-tor-browser-version=dev-build - -ac_add_options --with-java-bin-path=$JAVA_HOME/bin -ac_add_options --with-android-sdk=$ANDROID_HOME -ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle +if test -z "$WASI_SYSROOT"; then + ac_add_options --without-wasm-sandboxed-libraries +fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/b4e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/b4e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Base Browser's .mozconfigs.
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 0287abcb by Pier Angelo Vendrame at 2024-10-03T17:56:38+00:00 fixup! Base Browser's .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 2 changed files: - browser/config/mozconfigs/base-browser-android - mozconfig-android-all Changes: ===================================== browser/config/mozconfigs/base-browser-android ===================================== @@ -1,3 +1,6 @@ +# Changes on this file might need to be synchronized with mozconfig-android-all! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-optimize @@ -29,6 +32,9 @@ ac_add_options --disable-parental-controls ac_add_options --enable-proxy-bypass-protection ac_add_options --disable-system-policies +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + # Disable telemetry ac_add_options MOZ_TELEMETRY_REPORTING= ===================================== mozconfig-android-all ===================================== @@ -1,18 +1,41 @@ +# Changes on this file might need to be synchronized with +# browser/config/mozconfigs/base-browser-android! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-application=mobile/android + ac_add_options --disable-compile-environment +ac_add_options --with-java-bin-path=$JAVA_HOME/bin +ac_add_options --with-android-sdk=$ANDROID_HOME +ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle + +ac_add_options --disable-tests +ac_add_options --disable-debug + +ac_add_options --disable-updater +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls + +ac_add_options --enable-proxy-bypass-protection +ac_add_options --disable-system-policies + +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= + if test -n "$LOCAL_DEV_BUILD"; then # You must use the "default" bogus channel for dev builds ac_add_options --enable-update-channel=default - ac_add_options --without-wasm-sandboxed-libraries ac_add_options --with-base-browser-version=dev-build ac_add_options --disable-minify fi -ac_add_options --with-tor-browser-version=dev-build - -ac_add_options --with-java-bin-path=$JAVA_HOME/bin -ac_add_options --with-android-sdk=$ANDROID_HOME -ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle +if test -z "$WASI_SYSROOT"; then + ac_add_options --without-wasm-sandboxed-libraries +fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0287abc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0287abc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: fixup! TB3: Tor Browser's official .mozconfigs.
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 72a8c0c8 by Pier Angelo Vendrame at 2024-10-03T17:44:50+00:00 fixup! TB3: Tor Browser's official .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 58271a0c by Pier Angelo Vendrame at 2024-10-03T17:44:50+00:00 fixup! Base Browser's .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 2 changed files: - browser/config/mozconfigs/base-browser-android - mozconfig-android-all Changes: ===================================== browser/config/mozconfigs/base-browser-android ===================================== @@ -1,3 +1,6 @@ +# Changes on this file might need to be synchronized with mozconfig-android-all! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-optimize @@ -29,6 +32,9 @@ ac_add_options --disable-parental-controls ac_add_options --enable-proxy-bypass-protection ac_add_options --disable-system-policies +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + # Disable telemetry ac_add_options MOZ_TELEMETRY_REPORTING= ===================================== mozconfig-android-all ===================================== @@ -1,16 +1,41 @@ +# Changes on this file might need to be synchronized with +# browser/config/mozconfigs/base-browser-android! +# See also tor-browser#43151. + export MOZILLA_OFFICIAL=1 ac_add_options --enable-application=mobile/android + ac_add_options --disable-compile-environment +ac_add_options --with-java-bin-path=$JAVA_HOME/bin +ac_add_options --with-android-sdk=$ANDROID_HOME +ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle + +ac_add_options --disable-tests +ac_add_options --disable-debug + +ac_add_options --disable-updater +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls + +ac_add_options --enable-proxy-bypass-protection +ac_add_options --disable-system-policies + +# See tor-browser#41131 +ac_add_options --disable-backgroundtasks + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= + if test -n "$LOCAL_DEV_BUILD"; then # You must use the "default" bogus channel for dev builds ac_add_options --enable-update-channel=default - ac_add_options --without-wasm-sandboxed-libraries ac_add_options --with-base-browser-version=dev-build ac_add_options --disable-minify fi -ac_add_options --with-java-bin-path=$JAVA_HOME/bin -ac_add_options --with-android-sdk=$ANDROID_HOME -ac_add_options --with-gradle=$GRADLE_HOME/bin/gradle +if test -z "$WASI_SYSROOT"; then + ac_add_options --without-wasm-sandboxed-libraries +fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/816dae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/816dae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] alpha: new version, 13.5a11
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: da8075e4 by Morgan at 2024-10-03T17:00:16+00:00 alpha: new version, 13.5a11 - - - - - 30 changed files: - update_3/alpha/.htaccess - update_3/alpha/14.0a5-14.0a7-linux-x86_64-ALL.xml → update_3/alpha/13.5a10-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/13.5a10-14.0a7+13.5a11-linux-x86_64-ALL.xml - + update_3/alpha/13.5a10-14.0a7+13.5a11-macos-ALL.xml - + update_3/alpha/13.5a10-14.0a7+13.5a11-windows-i686-ALL.xml - update_3/alpha/14.0a7-windows-x86_64-ALL.xml → update_3/alpha/13.5a10-14.0a7+13.5a11-windows-x86_64-ALL.xml - + update_3/alpha/13.5a8-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/13.5a8-14.0a7+13.5a11-linux-x86_64-ALL.xml - + update_3/alpha/13.5a8-14.0a7+13.5a11-macos-ALL.xml - + update_3/alpha/13.5a8-14.0a7+13.5a11-windows-i686-ALL.xml - + update_3/alpha/13.5a8-14.0a7+13.5a11-windows-x86_64-ALL.xml - + update_3/alpha/13.5a9-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/13.5a9-14.0a7+13.5a11-linux-x86_64-ALL.xml - + update_3/alpha/13.5a9-14.0a7+13.5a11-macos-ALL.xml - + update_3/alpha/13.5a9-14.0a7+13.5a11-windows-i686-ALL.xml - + update_3/alpha/13.5a9-14.0a7+13.5a11-windows-x86_64-ALL.xml - update_3/alpha/14.0a4-14.0a7-linux-i686-ALL.xml → update_3/alpha/14.0a4-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/14.0a4-14.0a7+13.5a11-linux-x86_64-ALL.xml - update_3/alpha/14.0a6-14.0a7-macos-ALL.xml → update_3/alpha/14.0a4-14.0a7+13.5a11-macos-ALL.xml - + update_3/alpha/14.0a4-14.0a7+13.5a11-windows-i686-ALL.xml - + update_3/alpha/14.0a4-14.0a7+13.5a11-windows-x86_64-ALL.xml - update_3/alpha/14.0a4-14.0a7-linux-x86_64-ALL.xml → update_3/alpha/14.0a5-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/14.0a5-14.0a7+13.5a11-linux-x86_64-ALL.xml - update_3/alpha/14.0a5-14.0a7-macos-ALL.xml → update_3/alpha/14.0a5-14.0a7+13.5a11-macos-ALL.xml - update_3/alpha/14.0a5-14.0a7-windows-x86_64-ALL.xml → update_3/alpha/14.0a5-14.0a7+13.5a11-windows-i686-ALL.xml - + update_3/alpha/14.0a5-14.0a7+13.5a11-windows-x86_64-ALL.xml - update_3/alpha/14.0a5-14.0a7-linux-i686-ALL.xml → update_3/alpha/14.0a6-14.0a7+13.5a11-linux-i686-ALL.xml - + update_3/alpha/14.0a6-14.0a7+13.5a11-linux-x86_64-ALL.xml - update_3/alpha/14.0a4-14.0a7-macos-ALL.xml → update_3/alpha/14.0a6-14.0a7+13.5a11-macos-ALL.xml - update_3/alpha/14.0a4-14.0a7-windows-i686-ALL.xml → update_3/alpha/14.0a6-14.0a7+13.5a11-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 4 commits: Bug 41247: Simplify tools/update-responses/update_responses
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7b2ef30f by Nicolas Vigier at 2024-10-03T10:17:59+02:00 Bug 41247: Simplify tools/update-responses/update_responses Most commands implemented in update_responses expect the channel to be an optional argument, doing the operation on all channels if no channel is provided. However we don't really need that feature. In this commit we simplify the script by making the channel a required argument. At the same time we remove the get_channel_version command, which was not used anywhere. - - - - - 97935517 by Nicolas Vigier at 2024-10-03T10:18:01+02:00 Bug 41247: Add support for multiple versions in update_responses - - - - - 0a476854 by Nicolas Vigier at 2024-10-03T16:19:53+02:00 Bug 41247: Add torbrowser_legacy_version to update-responses - - - - - d64bc351 by Nicolas Vigier at 2024-10-03T16:19:55+02:00 Bug 41247: Drop sha512 hash from update_responses files (except for nightly) With tor-browser#42737, the sha512 hash included in the update_responses files is not checked anymore. Since we're doing a watershed update, support for older versions checking the hash is not needed. However since we don't do watershed updates in nightly, we'll keep the sha512 hash in nightly for a little more time. - - - - - 8 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - projects/release/create_update_responses_tar - projects/release/update_responses_config.yml - rbm.conf - tools/signing/nightly/config.yml - tools/signing/nightly/sign-nightly - − tools/update-responses/get_channel_version - tools/update-responses/update_responses Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -39,6 +39,8 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] `var/torbrowser_version` : update to next version - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. + - [ ] `var/torbrowser_legacy_version` : update to next version in the legacy-13.5 branch + - [ ] `var/torbrowser_legacy_platform_version` : update to firefox platform version in the legacy-13.5 branch - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail ===================================== projects/release/create_update_responses_tar ===================================== @@ -1,8 +1,8 @@ #!/bin/bash [% c("var/set_default_env") -%] -[% shell_quote(c("basedir")) %]/tools/update-responses/update_responses -mkdir -p [% shell_quote(path(dest_dir)) %]/update-responses [% SET channel = c('var/channel') -%] +[% shell_quote(c("basedir")) %]/tools/update-responses/update_responses [% channel %] +mkdir -p [% shell_quote(path(dest_dir)) %]/update-responses mv [% shell_quote(c("basedir")) %]/tools/update-responses/htdocs/[% channel %] [% channel %] chmod 775 [% channel %] chmod 664 [% channel %]/.htaccess [% channel %]/* ===================================== projects/release/update_responses_config.yml ===================================== @@ -27,7 +27,11 @@ build_targets: - Darwin_x86_64-gcc3 - Darwin_aarch64-gcc3 channels: - [% c('var/channel') %]: [% c("var/torbrowser_version") %] + [% c('var/channel') %]: + - [% c("var/torbrowser_version") %] +[% IF c("var/torbrowser_legacy_version") -%] + - [% c("var/torbrowser_legacy_version") %] +[% END -%] versions: [% c("var/torbrowser_version") %]: [% IF c("var/create_unsigned_incrementals") -%] @@ -68,6 +72,26 @@ versions: minSupportedInstructionSet: SSE2 linux-x86_64: minSupportedInstructionSet: SSE2 +[% IF c("var/torbrowser_legacy_version") -%] + [% c("var/torbrowser_legacy_version") %]: + mar_channel_id: [% c('var/mar_channel_id') %] + platformVersion: [% c('var/torbrowser_legacy_platform_version') %] + detailsURL: https://blog.torproject.org/new[% IF c("var/alpha") %]-alpha[% END %]-release-tor-browser-[% c("var/torbrowser_legacy_version") FILTER remove('\.') %] + incremental_from: [] + # minSupportedOsVersion on macOS corresponds to the Darwin version ( https://en.wikipedia.org/wiki/Darwin_(operating_system) ) + macos: + # macOS v10.12.0 + minSupportedOSVersion: 16.0.0 + # minSupportedOsVersion on Windows corresponds to the operating system version ( https://docs.microsoft.com/en-us/windows/win32/sysinfo/operating-system-ver… ) + windows-i686: + # Windows 7 + minSupportedOSVersion: 6.1 + minSupportedInstructionSet: SSE2 + windows-x86_64: + # Windows 7 + minSupportedOSVersion: 6.1 + minSupportedInstructionSet: SSE2 +[% END -%] mar_compression: xz [% IF c("var/tor-browser") -%] tag: 'tbb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' ===================================== rbm.conf ===================================== @@ -87,6 +87,9 @@ var: - 14.0a4 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' + torbrowser_legacy_version: 13.5a11 + torbrowser_legacy_platform_version: 115.16.0 + # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed # in the same order. In the cases where the installation order is ===================================== tools/signing/nightly/config.yml ===================================== @@ -1,4 +1,5 @@ --- +hashes_in_responses: 1 martools_version: 9.0.2 martools_url: https://archive.torproject.org/tor-package-archive/torbrowser/ martools_gpg_keyring: keyring/torbrowser.gpg ===================================== tools/signing/nightly/sign-nightly ===================================== @@ -256,7 +256,7 @@ sub update_responses { my $htdocsdir = "$topdir/tools/update-responses/htdocs/nightly"; path($htdocsdir)->remove_tree({ safe => 0 }); exit_error "Error running update_responses for $publish_dir" unless - system("$topdir/tools/update-responses/update_responses") == 0; + system("$topdir/tools/update-responses/update_responses", 'nightly') == 0; path("$topdir/nightly/updates/$publish_dir/nightly")->remove_tree({ safe => 0 }); make_path("$topdir/nightly/updates/$publish_dir"); dirmove($htdocsdir, "$topdir/nightly/updates/$publish_dir/nightly") ===================================== tools/update-responses/get_channel_version deleted ===================================== @@ -1 +0,0 @@ -update_responses \ No newline at end of file ===================================== tools/update-responses/update_responses ===================================== @@ -42,6 +42,10 @@ sub exit_error { exit (exists $_[1] ? $_[1] : 1); } +sub as_array { + ref $_[0] eq 'ARRAY' ? $_[0] : [ $_[0] ]; +} + sub get_tmpdir { my ($config) = @_; return File::Temp->newdir($config->{tmp_dir} ? @@ -72,13 +76,11 @@ sub write_htdocs { } sub clean_htdocs { - my (@channels) = @_; - foreach my $channel (@channels) { - opendir(my $d, "$htdocsdir/$channel"); - my @files = grep { ! $htdocsfiles{$channel}->{$_} } readdir $d; - closedir $d; - unlink map { "$htdocsdir/$channel/$_" } @files; - } + my ($channel) = @_; + opendir(my $d, "$htdocsdir/$channel"); + my @files = grep { ! $htdocsfiles{$channel}->{$_} } readdir $d; + closedir $d; + unlink map { "$htdocsdir/$channel/$_" } @files; } sub get_sha512_hex_of_file { @@ -105,8 +107,10 @@ sub get_version_files { type => 'complete', URL => "$download_url/$file", size => -s "$vdir/$file", - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file("$vdir/$file"), + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + ) : (), }; next; } @@ -116,9 +120,11 @@ sub get_version_files { type => 'partial', URL => "$download_url/$file", size => -s "$vdir/$file", - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file("$vdir/$file"), - } + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + ) : (), + }; } } closedir $d; @@ -239,8 +245,10 @@ sub create_incremental_mar { type => 'partial', URL => "$download_url/$mar_file", size => -s $mar_file_path, - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file($mar_file_path), + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file($mar_file_path), + ) : (), }; }; return if $pm->start($finished_file); @@ -307,16 +315,6 @@ sub version_dir { return get_config($config, $version, 'any', 'releases_dir') . "/$version"; } -sub channel_to_version { - my ($config, @channels) = @_; - return values %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - } - return map { $config->{channels}{$_} } @channels; -} - sub get_buildinfos { my ($config, $version) = @_; return if exists $config->{versions}{$version}{buildID}; @@ -347,49 +345,58 @@ sub get_buildinfos { } sub get_response { - my ($config, $version, $os, @patches) = @_; + my ($config, $versions, $os, $lang, $from_version) = @_; my $res; my $writer = XML::Writer->new(OUTPUT => \$res, ENCODING => 'UTF-8'); $writer->xmlDecl; $writer->startTag('updates'); - if (get_config($config, $version, $os, 'unsupported')) { + foreach my $version (@$versions) { + if (get_config($config, $version, $os, 'unsupported')) { + $writer->startTag('update', + unsupported => 'true', + detailsURL => get_config($config, $version, $os, 'detailsURL'), + ); + goto CLOSETAGS; + } + my $minversion = get_config($config, $version, $os, 'minSupportedOSVersion'); + my $mininstruc = get_config($config, $version, $os, 'minSupportedInstructionSet'); $writer->startTag('update', - unsupported => 'true', + type => 'minor', + displayVersion => $version, + appVersion => $version, + platformVersion => get_config($config, $version, $os, 'platformVersion'), + buildID => get_config($config, $version, $os, 'buildID'), detailsURL => get_config($config, $version, $os, 'detailsURL'), + actions => 'showURL', + openURL => get_config($config, $version, $os, 'detailsURL'), + defined $minversion ? ( minSupportedOSVersion => $minversion ) : (), + defined $mininstruc ? ( minSupportedInstructionSet => $mininstruc ) : (), ); - goto CLOSETAGS; - } - my $minversion = get_config($config, $version, $os, 'minSupportedOSVersion'); - my $mininstruc = get_config($config, $version, $os, 'minSupportedInstructionSet'); - $writer->startTag('update', - type => 'minor', - displayVersion => $version, - appVersion => $version, - platformVersion => get_config($config, $version, $os, 'platformVersion'), - buildID => get_config($config, $version, $os, 'buildID'), - detailsURL => get_config($config, $version, $os, 'detailsURL'), - actions => 'showURL', - openURL => get_config($config, $version, $os, 'detailsURL'), - defined $minversion ? ( minSupportedOSVersion => $minversion ) : (), - defined $mininstruc ? ( minSupportedInstructionSet => $mininstruc ) : (), - ); - foreach my $patch (@patches) { - my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; - $writer->startTag('patch', @sorted_patch); - $writer->endTag('patch'); + if (my $patch = $config->{versions}{$version}{files}{$os}{$lang}{complete}) { + my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; + $writer->startTag('patch', @sorted_patch); + $writer->endTag('patch'); + } + if ($from_version) { + if (my $patch = $config->{versions}{$version}{files}{$os}{$lang}{partial}{$from_version}) { + my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; + $writer->startTag('patch', @sorted_patch); + $writer->endTag('patch'); + } + } + CLOSETAGS: + $writer->endTag('update'); } - CLOSETAGS: - $writer->endTag('update'); $writer->endTag('updates'); $writer->end; return $res; } sub write_responses { - my ($config, @channels) = @_; - @channels = keys %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - my $version = $config->{channels}{$channel}; + my ($config, $channel) = @_; + my $versions = as_array($config->{channels}{$channel}); + my (%oses, %langs, %from_versions); + foreach my $version (@$versions) { get_version_files($config, $version); get_buildinfos($config, $version); my $files = $config->{versions}{$version}{files}; @@ -398,79 +405,96 @@ sub write_responses { my $new_os = $migrate_archs->{$old_os}; foreach my $lang (keys %{$files->{$new_os}}) { $files->{$old_os}{$lang}{complete} = - $files->{$new_os}{$lang}{complete}; + $files->{$new_os}{$lang}{complete}; } } foreach my $os (keys %$files) { + $oses{$os} = 1; foreach my $lang (keys %{$files->{$os}}) { - my $resp = get_response($config, $version, $os, - $files->{$os}{$lang}{complete}); - write_htdocs($channel, "$version-$os-$lang.xml", $resp); + $langs{$lang} = 1; foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { - $resp = get_response($config, $version, $os, - $files->{$os}{$lang}{complete}, - $files->{$os}{$lang}{partial}{$from_version}); - write_htdocs($channel, "$from_version-$version-$os-$lang.xml", $resp); + $from_versions{$from_version} = 1; } } } - write_htdocs($channel, 'no-update.xml', - '<?xml version="1.0" encoding="UTF-8"?>' - . "\n<updates></updates>\n"); } + my $versions_str = join('+', @$versions); + foreach my $os (keys %oses) { + foreach my $lang (keys %langs) { + my $resp = get_response($config, $versions, $os, $lang); + write_htdocs($channel, "$versions_str-$os-$lang.xml", $resp); + foreach my $from_version (keys %from_versions) { + $resp = get_response($config, $versions, $os, $lang, $from_version); + write_htdocs($channel, "$from_version-$versions_str-$os-$lang.xml", $resp); + } + } + } + write_htdocs($channel, 'no-update.xml', + '<?xml version="1.0" encoding="UTF-8"?>' + . "\n<updates></updates>\n"); } sub write_htaccess { - my ($config, @channels) = @_; - @channels = keys %{$config->{channels}} unless @channels; + my ($config, $channel) = @_; my $flags = "[last]"; - foreach my $channel (@channels) { - my $htaccess = "RewriteEngine On\n"; - $htaccess .= $config->{htaccess_rewrite_rules}{$channel} // ''; - my $version = $config->{channels}{$channel}; - my $migrate_langs = $config->{versions}{$version}{migrate_langs} // {}; + my $htaccess = "RewriteEngine On\n"; + $htaccess .= $config->{htaccess_rewrite_rules}{$channel} // ''; + my $versions = as_array($config->{channels}{$channel}); + my $versions_str = join('+', @$versions); + my (%oses, %langs, %from_versions); + my $migrate_langs; + foreach my $version (@$versions) { + $migrate_langs = $config->{versions}{$version}{migrate_langs} + if $config->{versions}{$version}{migrate_langs}; my $files = $config->{versions}{$version}{files}; - $htaccess .= "RewriteRule ^[^\/]+/$version/ no-update.xml $flags\n"; - foreach my $os (sort keys %$files) { - foreach my $bt (build_targets_by_os($os)) { - foreach my $lang (sort keys %{$files->{$os}}) { - foreach my $from_version (sort keys %{$files->{$os}{$lang}{partial}}) { - $htaccess .= "RewriteRule ^$bt/$from_version/$lang " - . "$from_version-$version-$os-$lang.xml $flags\n"; - } - $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " - . "$version-$os-$lang.xml $flags\n"; + foreach my $os (keys %$files) { + $oses{$os} = 1; + foreach my $lang (keys %{$files->{$os}}) { + $langs{$lang} = 1; + foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { + $from_versions{$from_version} = 1; } - foreach my $lang (sort keys %$migrate_langs) { - $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " - . "$version-$os-$migrate_langs->{$lang}.xml $flags\n"; + } + } + $htaccess .= "RewriteRule ^[^\/]+/$version/ no-update.xml $flags\n"; + } + foreach my $os (sort keys %oses) { + foreach my $bt (build_targets_by_os($os)) { + foreach my $lang (sort keys %langs) { + foreach my $from_version (sort keys %from_versions) { + $htaccess .= "RewriteRule ^$bt/$from_version/$lang " + . "$from_version-$versions_str-$os-$lang.xml $flags\n"; } - $htaccess .= "RewriteRule ^$bt/ $version-$os-ALL.xml $flags\n"; + $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " + . "$versions_str-$os-$lang.xml $flags\n"; + } + foreach my $lang (sort keys %$migrate_langs) { + $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " + . "$versions_str-$os-$migrate_langs->{$lang}.xml $flags\n"; } + $htaccess .= "RewriteRule ^$bt/ $versions_str-$os-ALL.xml $flags\n"; } - write_htdocs($channel, '.htaccess', $htaccess); } + write_htdocs($channel, '.htaccess', $htaccess); } sub write_downloads_json { - my ($config, @channels) = @_; + my ($config, $channel) = @_; return unless $config->{create_downloads_json}; - @channels = keys %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - my $version = $config->{channels}{$channel}; - my $tag = get_config($config, $version, 'any', 'tag'); - my $data = { - version => "$version", - tag => "$tag", - downloads => get_version_downloads($config, $version), - }; - write_htdocs($channel, 'downloads.json', - JSON->new->utf8->canonical->encode($data)); - my $pp_downloads = get_perplatform_downloads($config, $version, $tag); - foreach my $os (keys %{$pp_downloads}) { - write_htdocs($channel, "download-$os.json", + my $versions = as_array($config->{channels}{$channel}); + my ($version) = @$versions; + my $tag = get_config($config, $version, 'any', 'tag'); + my $data = { + version => "$version", + tag => "$tag", + downloads => get_version_downloads($config, $version), + }; + write_htdocs($channel, 'downloads.json', + JSON->new->utf8->canonical->encode($data)); + my $pp_downloads = get_perplatform_downloads($config, $version, $tag); + foreach my $os (keys %{$pp_downloads}) { + write_htdocs($channel, "download-$os.json", JSON->new->utf8->canonical->encode($pp_downloads->{$os})); - } } } @@ -486,8 +510,10 @@ sub marzip_path { } my $martools_tmpdir; +my $extracted_martools; sub extract_martools { my ($config, $version) = @_; + return if $extracted_martools; my $marzip = marzip_path($config, $version); $martools_tmpdir = get_tmpdir($config); my $old_cwd = getcwd; @@ -503,6 +529,7 @@ sub extract_martools { } else { $ENV{LD_LIBRARY_PATH} = "$martools_tmpdir/mar-tools"; } + $extracted_martools = 1; } sub log_step { @@ -559,7 +586,8 @@ sub build_targets_list { sub check_update_responses_channel { my ($config, $base_url, $channel) = @_; - my $channel_version = $config->{channels}{$channel}; + my $channel_versions = as_array($config->{channels}{$channel}); + my ($channel_version) = @$channel_versions; foreach my $build_target (build_targets_list()) { foreach my $lang (qw(en-US de)) { my $url = "$base_url/$channel/$build_target/1.0/$lang"; @@ -621,11 +649,11 @@ sub download_version { } sub download_missing_versions { - my ($config, @channels) = @_; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - my $cversion = $config->{channels}{$channel}; + my ($config, $channel) = @_; + exit_error "Unknown channel $channel" + unless $config->{channels}{$channel}; + my $cversions = as_array($config->{channels}{$channel}); + foreach my $cversion (@$cversions) { next unless $config->{versions}{$cversion}{incremental_from}; foreach my $version (@{$config->{versions}{$cversion}{incremental_from}}) { next if -d version_dir($config, $version); @@ -636,11 +664,9 @@ sub download_missing_versions { sub check_update_responses { my ($config) = @_; - exit_error "usage: $PROGRAM_NAME <base_url> [channels...]" unless @ARGV; - my ($base_url, @channels) = @ARGV; - foreach my $channel (@channels ? @channels : keys %{$config->{channels}}) { - check_update_responses_channel($config, $base_url, $channel); - } + exit_error "usage: $PROGRAM_NAME <base_url> <channel>" unless @ARGV; + my ($base_url, $channel) = @ARGV; + check_update_responses_channel($config, $base_url, $channel); if (!@check_errors) { print "\n\nNo errors\n"; return; @@ -660,38 +686,34 @@ sub check_update_responses { my %actions = ( update_responses => sub { my ($config) = @_; - my @channels = @ARGV ? @ARGV : keys %{$config->{channels}}; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - $htdocsfiles{$channel} = { '.' => 1, '..' => 1 }; - } - write_responses($config, @channels); - write_htaccess($config, @channels); - write_downloads_json($config, @channels); - clean_htdocs(@channels); + exit_error "Wrong arguments" unless @ARGV == 1; + my $channel = $ARGV[0]; + exit_error "Unknown channel $channel" unless $config->{channels}{$channel}; + $htdocsfiles{$channel} = { '.' => 1, '..' => 1 }; + write_responses($config, $channel); + write_htaccess($config, $channel); + write_downloads_json($config, $channel); + clean_htdocs($channel); }, gen_incrementals => sub { my ($config) = @_; - foreach my $channel (@ARGV) { - my ($version) = channel_to_version($config, $channel); + exit_error "Wrong arguments" unless @ARGV == 1; + my $channel = $ARGV[0]; + exit_error "Unknown channel" unless $config->{channels}{$channel}; + my $versions = as_array($config->{channels}{$channel}); + foreach my $version (@$versions) { extract_martools($config, $version); get_version_files($config, $version); create_incremental_mars_for_version($config, $version, $channel); } }, download_missing_versions => sub { - my ($config) = @_; - my @channels = @ARGV ? @ARGV : keys %{$config->{channels}}; - download_missing_versions($config, @channels); - }, - check_update_responses_deployement => \&check_update_responses, - get_channel_version => sub { my ($config) = @_; exit_error "Wrong arguments" unless @ARGV == 1; - exit_error "Unknown channel" unless $config->{channels}{$ARGV[0]}; - print $config->{channels}{$ARGV[0]}, "\n"; + my $channel = $ARGV[0]; + download_missing_versions($config, $channel); }, + check_update_responses_deployement => \&check_update_responses, ); my $action = fileparse($PROGRAM_NAME); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] Fix 13.5.6 update
by boklm (＠boklm) 03 Oct '24

03 Oct '24

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: e6568d28 by Nicolas Vigier at 2024-10-03T15:17:16+02:00 Fix 13.5.6 update https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - - - - - 8 changed files: - update_3/release/13.5.3-13.5.6-macos-ALL.xml - update_3/release/13.5.4-13.5.6-macos-ALL.xml - update_3/release/13.5.5-13.5.6-macos-ALL.xml - update_3/release/13.5.6-macos-ALL.xml - update_3/release/download-android-aarch64.json - update_3/release/download-android-armv7.json - update_3/release/download-android-x86.json - update_3/release/download-android-x86_64.json Changes: ===================================== update_3/release/13.5.3-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="0e1f434b7a7cb2b05299ca20c909242401e486b04816b22338820530069822e95f352ef4010b60c8663d5870064410dcb9878cacd9d82e50560776a245992a3a" size="9024392" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="10252334829fa21b7ec10154606cd1079482ef2cc65db6c41dd1ff293a06012b8321f53accb50876f9d53771f16ec666404088d8c42ee43b5ccbec14b76f99bb" size="9029180" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.4-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb89e1aacae8732d0e8a5f5e9ca78d089871edbad9dc7e6f73e1ba5dfdf2ee09e483833fcfa31c25ab38549b0753c95bd77c78180ba3b2a6de579943fa3e1638" size="8537264" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb7d500f431022b5ce5b1b7385ef3db44217681b992ba4fc790b9db0c52ee797c6f54a3d47cb43b8e5d8879330dcc6bbd5e10d6c522563717b74fd50fd55cdaf" size="8534004" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.5-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="e4b7087c41afe1fd942f0e439e2ce7b175d10c4dc6c027af81e90204edcf8811b19bda84ee2eed70a1fe09c117303c8ba0d196b263965c2d7c6af01e6852f919" size="8476716" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="d0848e8628a720a24c837dd2f53f93c9805083bd5aa1988bbb3d01cc8c52584bad06975b062e4ce14ab67dd7884a31c7453f4840243f750394733eaa2097662d" size="8478964" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch></update></updates> ===================================== update_3/release/download-android-aarch64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-armv7.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","version":"13.5.6"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 8523387b by Pier Angelo Vendrame at 2024-10-02T19:53:07+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); // Mullvad Browser enables WebRTC by default, meaning that there the following prefs // are first-line defense, rather than "in depth" (mullvad-browser#40) @@ -627,9 +638,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: b8610ea4 by Pier Angelo Vendrame at 2024-10-02T19:52:38+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 816dae39 by Pier Angelo Vendrame at 2024-10-02T19:32:59+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… You're receiving this email because of your account on gitlab.torproject.org.

1 0