richard pushed to branch mullvad-browser-115.9.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
0cc8a01a by Richard Pospesel at 2024-04-10T18:09:38+00:00
fixup! Adding issue and merge request templates
add an issue template to guide emergency bug fixes
- - - - -
1 changed file:
- + .gitlab/issue_templates/Emergency Security Issue.md
Changes:
=====================================
.gitlab/issue_templates/Emergency Security Issue.md
=====================================
@@ -0,0 +1,90 @@
+**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
+
+## Information
+
+### Related Issue
+- tor-browser#AAAAA
+- mullvad-browser#BBBBB
+- tor-browser-build#CCCCC
+
+#### Affected Platforms
+
+- [ ] Android
+- [ ] Desktop
+ - [ ] Windows
+ - [ ] macOS
+ - [ ] Linux
+
+### Type of Issue: What are we dealing with?
+
+- [ ] Security (sandbox escape, remote code execution, etc)
+- [ ] Proxy Bypass (traffic contents becoming MITM'able)
+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
+- [ ] Disk Leak (persisting session information to disk)
+- [ ] Other (please explain)
+
+### Involvement: Who needs to be consulted and or involved to fix this?
+
+- [ ] Applications Developers
+ - [ ] **boklm** : build, packaging, signing, release
+ - [ ] **clairehurst** : Android, macOS
+ - [ ] **dan** : Android, macOS
+ - [ ] **henry** : accessibility, frontend, localisation
+ - [ ] **ma1** : firefox internals
+ - [ ] **pierov** : updater, fonts, localisation, general
+ - [ ] **richard** : signing, release
+ - [ ] **thorin** : fingerprinting
+- [ ] Other Engineering Teams
+ - [ ] Networking (**ahf**, **dgoulet**)
+ - [ ] Anti-Censorship (**meskio**, **cohosh**)
+ - [ ] UX (**donuts**)
+ - [ ] TPA (**anarcat**, **lavamind**)
+- [ ] External Tor Partners
+ - [ ] Mozilla
+ - [ ] Mullvad
+ - [ ] Brave
+ - [ ] Guardian Project (Orbot, Onion Browser)
+ - [ ] Tails
+ - [ ] Other (please list)
+
+### Urgency: When do we need to act?
+
+- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
+- [ ] Next scheduled stable
+- [ ] Next scheduled alpha, then backport to stable
+- [ ] Next major release
+- [ ] Other (please explain)
+
+#### Justification
+
+<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
+
+### Side-Effects: Who will be affected by a fix for this?
+Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
+- [ ] End-Users (please list)
+- [ ] Internal Partners (please list)
+- [ ] External Partners (please list)
+
+## Todo:
+
+### Communications
+
+- [ ] Start an initial email thread with the following people:
+ - [ ] **bella**
+ - [ ] Relevant Applications Developers
+ - [ ] **(Optional)** **micah**
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** Other Team Leads
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** **gazebook**
+ - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
+
+/cc @bella
+/cc @ma1
+/cc @micah
+/cc @richard
+
+/confidential
+
+Godspeed! :pray:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0cc…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0cc…
You're receiving this email because of your account on gitlab.torproject.org.
boklm pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
263c4936 by Nicolas Vigier at 2024-04-10T19:29:10+02:00
Bug 41124: Fix copying .DS_Store in gatekeeper-bundling.sh
Fixing some issue introduced in 4e2b66e977873c46b3678c93ae9173f53503f81a.
- - - - -
1 changed file:
- tools/signing/gatekeeper-bundling.sh
Changes:
=====================================
tools/signing/gatekeeper-bundling.sh
=====================================
@@ -69,6 +69,9 @@ export PATH="$PATH:$tmpdir/libdmg-hfsplus:$tmpdir/hfsplus-tools"
cd $tmpdir/dmg
+cp ${tbb_version_type}.DS_Store .DS_Store
+rm *.DS_Store
+
tar -xf $macos_stapled_dir/"${proj_name}-${tbb_version}-notarized+stapled.tar.zst"
cd ..
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch base-browser-115.9.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
adc4563c by Richard Pospesel at 2024-04-09T21:06:19+00:00
fixup! Adding issue and merge request templates
add an issue template to guide emergency bug fixes
- - - - -
1 changed file:
- + .gitlab/issue_templates/Emergency Security Issue.md
Changes:
=====================================
.gitlab/issue_templates/Emergency Security Issue.md
=====================================
@@ -0,0 +1,90 @@
+**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
+
+## Information
+
+### Related Issue
+- tor-browser#AAAAA
+- mullvad-browser#BBBBB
+- tor-browser-build#CCCCC
+
+#### Affected Platforms
+
+- [ ] Android
+- [ ] Desktop
+ - [ ] Windows
+ - [ ] macOS
+ - [ ] Linux
+
+### Type of Issue: What are we dealing with?
+
+- [ ] Security (sandbox escape, remote code execution, etc)
+- [ ] Proxy Bypass (traffic contents becoming MITM'able)
+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
+- [ ] Disk Leak (persisting session information to disk)
+- [ ] Other (please explain)
+
+### Involvement: Who needs to be consulted and or involved to fix this?
+
+- [ ] Applications Developers
+ - [ ] **boklm** : build, packaging, signing, release
+ - [ ] **clairehurst** : Android, macOS
+ - [ ] **dan** : Android, macOS
+ - [ ] **henry** : accessibility, frontend, localisation
+ - [ ] **ma1** : firefox internals
+ - [ ] **pierov** : updater, fonts, localisation, general
+ - [ ] **richard** : signing, release
+ - [ ] **thorin** : fingerprinting
+- [ ] Other Engineering Teams
+ - [ ] Networking (**ahf**, **dgoulet**)
+ - [ ] Anti-Censorship (**meskio**, **cohosh**)
+ - [ ] UX (**donuts**)
+ - [ ] TPA (**anarcat**, **lavamind**)
+- [ ] External Tor Partners
+ - [ ] Mozilla
+ - [ ] Mullvad
+ - [ ] Brave
+ - [ ] Guardian Project (Orbot, Onion Browser)
+ - [ ] Tails
+ - [ ] Other (please list)
+
+### Urgency: When do we need to act?
+
+- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
+- [ ] Next scheduled stable
+- [ ] Next scheduled alpha, then backport to stable
+- [ ] Next major release
+- [ ] Other (please explain)
+
+#### Justification
+
+<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
+
+### Side-Effects: Who will be affected by a fix for this?
+Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
+- [ ] End-Users (please list)
+- [ ] Internal Partners (please list)
+- [ ] External Partners (please list)
+
+## Todo:
+
+### Communications
+
+- [ ] Start an initial email thread with the following people:
+ - [ ] **bella**
+ - [ ] Relevant Applications Developers
+ - [ ] **(Optional)** **micah**
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** Other Team Leads
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** **gazebook**
+ - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
+
+/cc @bella
+/cc @ma1
+/cc @micah
+/cc @richard
+
+/confidential
+
+Godspeed! :pray:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563…
You're receiving this email because of your account on gitlab.torproject.org.
richard pushed to branch tor-browser-115.9.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
00c2adf5 by Richard Pospesel at 2024-04-09T20:50:01+00:00
fixup! Adding issue and merge request templates
add an issue template to guide emergency bug fixes
- - - - -
1 changed file:
- + .gitlab/issue_templates/Emergency Security Issue.md
Changes:
=====================================
.gitlab/issue_templates/Emergency Security Issue.md
=====================================
@@ -0,0 +1,90 @@
+**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
+
+## Information
+
+### Related Issue
+- tor-browser#AAAAA
+- mullvad-browser#BBBBB
+- tor-browser-build#CCCCC
+
+#### Affected Platforms
+
+- [ ] Android
+- [ ] Desktop
+ - [ ] Windows
+ - [ ] macOS
+ - [ ] Linux
+
+### Type of Issue: What are we dealing with?
+
+- [ ] Security (sandbox escape, remote code execution, etc)
+- [ ] Proxy Bypass (traffic contents becoming MITM'able)
+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
+- [ ] Disk Leak (persisting session information to disk)
+- [ ] Other (please explain)
+
+### Involvement: Who needs to be consulted and or involved to fix this?
+
+- [ ] Applications Developers
+ - [ ] **boklm** : build, packaging, signing, release
+ - [ ] **clairehurst** : Android, macOS
+ - [ ] **dan** : Android, macOS
+ - [ ] **henry** : accessibility, frontend, localisation
+ - [ ] **ma1** : firefox internals
+ - [ ] **pierov** : updater, fonts, localisation, general
+ - [ ] **richard** : signing, release
+ - [ ] **thorin** : fingerprinting
+- [ ] Other Engineering Teams
+ - [ ] Networking (**ahf**, **dgoulet**)
+ - [ ] Anti-Censorship (**meskio**, **cohosh**)
+ - [ ] UX (**donuts**)
+ - [ ] TPA (**anarcat**, **lavamind**)
+- [ ] External Tor Partners
+ - [ ] Mozilla
+ - [ ] Mullvad
+ - [ ] Brave
+ - [ ] Guardian Project (Orbot, Onion Browser)
+ - [ ] Tails
+ - [ ] Other (please list)
+
+### Urgency: When do we need to act?
+
+- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
+- [ ] Next scheduled stable
+- [ ] Next scheduled alpha, then backport to stable
+- [ ] Next major release
+- [ ] Other (please explain)
+
+#### Justification
+
+<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
+
+### Side-Effects: Who will be affected by a fix for this?
+Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
+- [ ] End-Users (please list)
+- [ ] Internal Partners (please list)
+- [ ] External Partners (please list)
+
+## Todo:
+
+### Communications
+
+- [ ] Start an initial email thread with the following people:
+ - [ ] **bella**
+ - [ ] Relevant Applications Developers
+ - [ ] **(Optional)** **micah**
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** Other Team Leads
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** **gazebook**
+ - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
+
+/cc @bella
+/cc @ma1
+/cc @micah
+/cc @richard
+
+/confidential
+
+Godspeed! :pray:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/00c2adf…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/00c2adf…
You're receiving this email because of your account on gitlab.torproject.org.
Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
872cff7c by Dan Ballard at 2024-04-09T11:41:30-07:00
geckoview tools in tor-browser moved into their own directory (fat-aar)
- - - - -
1 changed file:
- projects/geckoview/build
Changes:
=====================================
projects/geckoview/build
=====================================
@@ -89,8 +89,9 @@ export MOZ_SOURCE_CHANGESET=[% c("var/git_commit") %]
MOZCONFIG_EOF
echo "Starting the creation of the fake fat AAR $(date)"
- pushd tools/torbrowser
- make fat-aar ARCHS="[% c('arch') %]"
+ pushd tools/geckoview
+ touch android-env.sh
+ make fataar ARCHS="[% c('arch') %]"
popd
MOZCONFIG=mozconfig-android-all ./mach gradle \
geckoview:publishWithGeckoBinariesDebugPublicationToMavenLocal \
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8…
You're receiving this email because of your account on gitlab.torproject.org.