- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-115.11.0esr-13.5-1] 3 commits: Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch tor-browser-115.11.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 62619558 by Nuohan Li at 2024-05-09T13:37:32+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 4846c1da by Jonathan Kew at 2024-05-09T13:37:33+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - 66e2e3ef by Jonathan Kew at 2024-05-09T13:37:34+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 5 changed files: - dom/manifest/Manifest.sys.mjs - dom/manifest/test/browser_Manifest_install.js - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.cpp - gfx/thebes/gfxFontEntry.h Changes: ===================================== dom/manifest/Manifest.sys.mjs ===================================== @@ -29,11 +29,11 @@ ChromeUtils.defineESModuleGetters(lazy, { * @note The generated hash is returned in base64 form. Mind the fact base64 * is case-sensitive if you are going to reuse this code. */ -function generateHash(aString) { +function generateHash(aString, hashAlg) { const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( Ci.nsICryptoHash ); - cryptoHash.init(Ci.nsICryptoHash.MD5); + cryptoHash.init(hashAlg); const stringStream = Cc[ "@mozilla.org/io/string-input-stream;1" ].createInstance(Ci.nsIStringInputStream); @@ -66,11 +66,39 @@ class Manifest { this._manifestUrl = manifestUrl; // The key for this is the manifests URL that is required to be unique. // However arbitrary urls are not safe file paths so lets hash it. - const fileName = generateHash(manifestUrl) + ".json"; - this._path = PathUtils.join(MANIFESTS_DIR, fileName); + const filename = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + this._path = PathUtils.join(MANIFESTS_DIR, filename); this.browser = browser; } + /** + * See Bug 1871109 + * This function is called at the beginning of initialize() to check if a given + * manifest has MD5 based filename, if so we remove it and migrate the content to + * a new file with SHA256 based name. + * This is done due to security concern, as MD5 is an outdated hashing algorithm and + * shouldn't be used anymore + */ + async removeMD5BasedFilename() { + const filenameMD5 = + generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + try { + await IOUtils.copy(MD5Path, this._path, { noOverwrite: true }); + } catch (error) { + // we are ignoring the failures returned from copy as it should not stop us from + // installing a new manifest + } + + // Remove the old MD5 based file unconditionally to ensure it's no longer used + try { + await IOUtils.remove(MD5Path); + } catch { + // ignore the error in case MD5 based file does not exist + } + } + get browser() { return this._browser; } @@ -80,6 +108,7 @@ class Manifest { } async initialize() { + await this.removeMD5BasedFilename(); this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 }); await this._store.load(); } ===================================== dom/manifest/test/browser_Manifest_install.js ===================================== @@ -23,18 +23,59 @@ function makeTestURL() { return url.href; } +function generateHash(aString, hashAlg) { + const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + cryptoHash.init(hashAlg); + const stringStream = Cc[ + "@mozilla.org/io/string-input-stream;1" + ].createInstance(Ci.nsIStringInputStream); + stringStream.data = aString; + cryptoHash.updateFromStream(stringStream, -1); + // base64 allows the '/' char, but we can't use it for filenames. + return cryptoHash.finish(true).replace(/\//g, "-"); +} + +const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests"); + add_task(async function () { const tabOptions = { gBrowser, url: makeTestURL() }; + const filenameMD5 = generateHash(manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const filenameSHA = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + const manifestMD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + const manifestSHAPath = PathUtils.join(MANIFESTS_DIR, filenameSHA); + await BrowserTestUtils.withNewTab(tabOptions, async function (browser) { - let manifest = await Manifests.getManifest(browser, manifestUrl); - is(manifest.installed, false, "We haven't installed this manifest yet"); + let tmpManifest = await Manifests.getManifest(browser, manifestUrl); + is(tmpManifest.installed, false, "We haven't installed this manifest yet"); + + await tmpManifest.install(); + // making sure the manifest is actually installed before proceeding + await tmpManifest._store._save(); + await IOUtils.move(tmpManifest.path, manifestMD5Path); + + let exists = await IOUtils.exists(tmpManifest.path); + is( + exists, + false, + "Manually moved manifest from SHA256 based path to MD5 based path" + ); + Manifests.manifestObjs.delete(manifestUrl); + + let manifest = await Manifests.getManifest(browser, manifestUrl); await manifest.install(browser); is(manifest.name, "hello World", "Manifest has correct name"); is(manifest.installed, true, "Manifest is installed"); is(manifest.url, manifestUrl, "has correct url"); is(manifest.browser, browser, "has correct browser"); + is(manifest.path, manifestSHAPath, "has correct path"); + + exists = await IOUtils.exists(manifestMD5Path); + is(exists, false, "MD5 based manifest removed"); manifest = await Manifests.getManifest(browser, manifestUrl); is(manifest.installed, true, "New instances are installed"); ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -952,6 +952,10 @@ gfxFont::gfxFont(const RefPtr<UnscaledFont>& aUnscaledFont, } mKerningSet = HasFeatureSet(HB_TAG('k', 'e', 'r', 'n'), mKerningEnabled); + + // Ensure the gfxFontEntry's unitsPerEm and extents fields are initialized, + // so that GetFontExtents can use them without risk of races. + Unused << mFontEntry->UnitsPerEm(); } gfxFont::~gfxFont() { ===================================== gfx/thebes/gfxFontEntry.cpp ===================================== @@ -262,14 +262,22 @@ already_AddRefed<gfxFont> gfxFontEntry::FindOrMakeFont( } uint16_t gfxFontEntry::UnitsPerEm() { + { + AutoReadLock lock(mLock); + if (mUnitsPerEm) { + return mUnitsPerEm; + } + } + + AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); + AutoWriteLock lock(mLock); + if (!mUnitsPerEm) { - AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); if (headTable) { uint32_t len; const HeadTable* head = reinterpret_cast<const HeadTable*>(hb_blob_get_data(headTable, &len)); if (len >= sizeof(HeadTable)) { - mUnitsPerEm = head->unitsPerEm; if (int16_t(head->xMax) > int16_t(head->xMin) && int16_t(head->yMax) > int16_t(head->yMin)) { mXMin = head->xMin; @@ -277,6 +285,7 @@ uint16_t gfxFontEntry::UnitsPerEm() { mXMax = head->xMax; mYMax = head->yMax; } + mUnitsPerEm = head->unitsPerEm; } } @@ -286,12 +295,13 @@ uint16_t gfxFontEntry::UnitsPerEm() { mUnitsPerEm = kInvalidUPEM; } } + return mUnitsPerEm; } bool gfxFontEntry::HasSVGGlyph(uint32_t aGlyphId) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); return GetSVGGlyphs()->HasSVGGlyph(aGlyphId); } @@ -309,8 +319,8 @@ bool gfxFontEntry::GetSVGGlyphExtents(DrawTarget* aDrawTarget, void gfxFontEntry::RenderSVGGlyph(gfxContext* aContext, uint32_t aGlyphId, SVGContextPaint* aContextPaint) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); GetSVGGlyphs()->RenderGlyph(aContext, aGlyphId, aContextPaint); } @@ -467,8 +477,9 @@ hb_blob_t* gfxFontEntry::FontTableHashEntry::ShareTableAndGetBlob( HB_MEMORY_MODE_READONLY, mSharedBlobData, DeleteFontTableBlobData); if (mBlob == hb_blob_get_empty()) { // The FontTableBlobData was destroyed during hb_blob_create(). - // The (empty) blob is still be held in the hashtable with a strong + // The (empty) blob will still be held in the hashtable with a strong // reference. + mSharedBlobData = nullptr; return hb_blob_reference(mBlob); } ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -538,6 +538,9 @@ class gfxFontEntry { mozilla::gfx::Rect GetFontExtents(float aFUnitScaleFactor) const { // Flip the y-axis here to match the orientation of Gecko's coordinates. + // We don't need to take a lock here because the min/max fields are inert + // after initialization, and we make sure to initialize them at gfxFont- + // creation time. return mozilla::gfx::Rect(float(mXMin) * aFUnitScaleFactor, float(-mYMax) * aFUnitScaleFactor, float(mXMax - mXMin) * aFUnitScaleFactor, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/410bb2… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/410bb2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.11.0esr-13.5-1] 3 commits: Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch mullvad-browser-115.11.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: ac1e73ce by Nuohan Li at 2024-05-09T13:36:35+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - f0b17745 by Jonathan Kew at 2024-05-09T13:36:36+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - 29322606 by Jonathan Kew at 2024-05-09T13:36:37+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 5 changed files: - dom/manifest/Manifest.sys.mjs - dom/manifest/test/browser_Manifest_install.js - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.cpp - gfx/thebes/gfxFontEntry.h Changes: ===================================== dom/manifest/Manifest.sys.mjs ===================================== @@ -29,11 +29,11 @@ ChromeUtils.defineESModuleGetters(lazy, { * @note The generated hash is returned in base64 form. Mind the fact base64 * is case-sensitive if you are going to reuse this code. */ -function generateHash(aString) { +function generateHash(aString, hashAlg) { const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( Ci.nsICryptoHash ); - cryptoHash.init(Ci.nsICryptoHash.MD5); + cryptoHash.init(hashAlg); const stringStream = Cc[ "@mozilla.org/io/string-input-stream;1" ].createInstance(Ci.nsIStringInputStream); @@ -66,11 +66,39 @@ class Manifest { this._manifestUrl = manifestUrl; // The key for this is the manifests URL that is required to be unique. // However arbitrary urls are not safe file paths so lets hash it. - const fileName = generateHash(manifestUrl) + ".json"; - this._path = PathUtils.join(MANIFESTS_DIR, fileName); + const filename = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + this._path = PathUtils.join(MANIFESTS_DIR, filename); this.browser = browser; } + /** + * See Bug 1871109 + * This function is called at the beginning of initialize() to check if a given + * manifest has MD5 based filename, if so we remove it and migrate the content to + * a new file with SHA256 based name. + * This is done due to security concern, as MD5 is an outdated hashing algorithm and + * shouldn't be used anymore + */ + async removeMD5BasedFilename() { + const filenameMD5 = + generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + try { + await IOUtils.copy(MD5Path, this._path, { noOverwrite: true }); + } catch (error) { + // we are ignoring the failures returned from copy as it should not stop us from + // installing a new manifest + } + + // Remove the old MD5 based file unconditionally to ensure it's no longer used + try { + await IOUtils.remove(MD5Path); + } catch { + // ignore the error in case MD5 based file does not exist + } + } + get browser() { return this._browser; } @@ -80,6 +108,7 @@ class Manifest { } async initialize() { + await this.removeMD5BasedFilename(); this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 }); await this._store.load(); } ===================================== dom/manifest/test/browser_Manifest_install.js ===================================== @@ -23,18 +23,59 @@ function makeTestURL() { return url.href; } +function generateHash(aString, hashAlg) { + const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + cryptoHash.init(hashAlg); + const stringStream = Cc[ + "@mozilla.org/io/string-input-stream;1" + ].createInstance(Ci.nsIStringInputStream); + stringStream.data = aString; + cryptoHash.updateFromStream(stringStream, -1); + // base64 allows the '/' char, but we can't use it for filenames. + return cryptoHash.finish(true).replace(/\//g, "-"); +} + +const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests"); + add_task(async function () { const tabOptions = { gBrowser, url: makeTestURL() }; + const filenameMD5 = generateHash(manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const filenameSHA = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + const manifestMD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + const manifestSHAPath = PathUtils.join(MANIFESTS_DIR, filenameSHA); + await BrowserTestUtils.withNewTab(tabOptions, async function (browser) { - let manifest = await Manifests.getManifest(browser, manifestUrl); - is(manifest.installed, false, "We haven't installed this manifest yet"); + let tmpManifest = await Manifests.getManifest(browser, manifestUrl); + is(tmpManifest.installed, false, "We haven't installed this manifest yet"); + + await tmpManifest.install(); + // making sure the manifest is actually installed before proceeding + await tmpManifest._store._save(); + await IOUtils.move(tmpManifest.path, manifestMD5Path); + + let exists = await IOUtils.exists(tmpManifest.path); + is( + exists, + false, + "Manually moved manifest from SHA256 based path to MD5 based path" + ); + Manifests.manifestObjs.delete(manifestUrl); + + let manifest = await Manifests.getManifest(browser, manifestUrl); await manifest.install(browser); is(manifest.name, "hello World", "Manifest has correct name"); is(manifest.installed, true, "Manifest is installed"); is(manifest.url, manifestUrl, "has correct url"); is(manifest.browser, browser, "has correct browser"); + is(manifest.path, manifestSHAPath, "has correct path"); + + exists = await IOUtils.exists(manifestMD5Path); + is(exists, false, "MD5 based manifest removed"); manifest = await Manifests.getManifest(browser, manifestUrl); is(manifest.installed, true, "New instances are installed"); ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -952,6 +952,10 @@ gfxFont::gfxFont(const RefPtr<UnscaledFont>& aUnscaledFont, } mKerningSet = HasFeatureSet(HB_TAG('k', 'e', 'r', 'n'), mKerningEnabled); + + // Ensure the gfxFontEntry's unitsPerEm and extents fields are initialized, + // so that GetFontExtents can use them without risk of races. + Unused << mFontEntry->UnitsPerEm(); } gfxFont::~gfxFont() { ===================================== gfx/thebes/gfxFontEntry.cpp ===================================== @@ -262,14 +262,22 @@ already_AddRefed<gfxFont> gfxFontEntry::FindOrMakeFont( } uint16_t gfxFontEntry::UnitsPerEm() { + { + AutoReadLock lock(mLock); + if (mUnitsPerEm) { + return mUnitsPerEm; + } + } + + AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); + AutoWriteLock lock(mLock); + if (!mUnitsPerEm) { - AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); if (headTable) { uint32_t len; const HeadTable* head = reinterpret_cast<const HeadTable*>(hb_blob_get_data(headTable, &len)); if (len >= sizeof(HeadTable)) { - mUnitsPerEm = head->unitsPerEm; if (int16_t(head->xMax) > int16_t(head->xMin) && int16_t(head->yMax) > int16_t(head->yMin)) { mXMin = head->xMin; @@ -277,6 +285,7 @@ uint16_t gfxFontEntry::UnitsPerEm() { mXMax = head->xMax; mYMax = head->yMax; } + mUnitsPerEm = head->unitsPerEm; } } @@ -286,12 +295,13 @@ uint16_t gfxFontEntry::UnitsPerEm() { mUnitsPerEm = kInvalidUPEM; } } + return mUnitsPerEm; } bool gfxFontEntry::HasSVGGlyph(uint32_t aGlyphId) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); return GetSVGGlyphs()->HasSVGGlyph(aGlyphId); } @@ -309,8 +319,8 @@ bool gfxFontEntry::GetSVGGlyphExtents(DrawTarget* aDrawTarget, void gfxFontEntry::RenderSVGGlyph(gfxContext* aContext, uint32_t aGlyphId, SVGContextPaint* aContextPaint) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); GetSVGGlyphs()->RenderGlyph(aContext, aGlyphId, aContextPaint); } @@ -467,8 +477,9 @@ hb_blob_t* gfxFontEntry::FontTableHashEntry::ShareTableAndGetBlob( HB_MEMORY_MODE_READONLY, mSharedBlobData, DeleteFontTableBlobData); if (mBlob == hb_blob_get_empty()) { // The FontTableBlobData was destroyed during hb_blob_create(). - // The (empty) blob is still be held in the hashtable with a strong + // The (empty) blob will still be held in the hashtable with a strong // reference. + mSharedBlobData = nullptr; return hb_blob_reference(mBlob); } ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -538,6 +538,9 @@ class gfxFontEntry { mozilla::gfx::Rect GetFontExtents(float aFUnitScaleFactor) const { // Flip the y-axis here to match the orientation of Gecko's coordinates. + // We don't need to take a lock here because the min/max fields are inert + // after initialization, and we make sure to initialize them at gfxFont- + // creation time. return mozilla::gfx::Rect(float(mXMin) * aFUnitScaleFactor, float(-mYMax) * aFUnitScaleFactor, float(mXMax - mXMin) * aFUnitScaleFactor, View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d5… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.11.0esr-13.0-1] 3 commits: Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch mullvad-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 50b53983 by Nuohan Li at 2024-05-09T13:04:13+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 7269657b by Jonathan Kew at 2024-05-09T13:04:14+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - b4147595 by Jonathan Kew at 2024-05-09T13:04:15+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 5 changed files: - dom/manifest/Manifest.sys.mjs - dom/manifest/test/browser_Manifest_install.js - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.cpp - gfx/thebes/gfxFontEntry.h Changes: ===================================== dom/manifest/Manifest.sys.mjs ===================================== @@ -29,11 +29,11 @@ ChromeUtils.defineESModuleGetters(lazy, { * @note The generated hash is returned in base64 form. Mind the fact base64 * is case-sensitive if you are going to reuse this code. */ -function generateHash(aString) { +function generateHash(aString, hashAlg) { const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( Ci.nsICryptoHash ); - cryptoHash.init(Ci.nsICryptoHash.MD5); + cryptoHash.init(hashAlg); const stringStream = Cc[ "@mozilla.org/io/string-input-stream;1" ].createInstance(Ci.nsIStringInputStream); @@ -66,11 +66,39 @@ class Manifest { this._manifestUrl = manifestUrl; // The key for this is the manifests URL that is required to be unique. // However arbitrary urls are not safe file paths so lets hash it. - const fileName = generateHash(manifestUrl) + ".json"; - this._path = PathUtils.join(MANIFESTS_DIR, fileName); + const filename = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + this._path = PathUtils.join(MANIFESTS_DIR, filename); this.browser = browser; } + /** + * See Bug 1871109 + * This function is called at the beginning of initialize() to check if a given + * manifest has MD5 based filename, if so we remove it and migrate the content to + * a new file with SHA256 based name. + * This is done due to security concern, as MD5 is an outdated hashing algorithm and + * shouldn't be used anymore + */ + async removeMD5BasedFilename() { + const filenameMD5 = + generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + try { + await IOUtils.copy(MD5Path, this._path, { noOverwrite: true }); + } catch (error) { + // we are ignoring the failures returned from copy as it should not stop us from + // installing a new manifest + } + + // Remove the old MD5 based file unconditionally to ensure it's no longer used + try { + await IOUtils.remove(MD5Path); + } catch { + // ignore the error in case MD5 based file does not exist + } + } + get browser() { return this._browser; } @@ -80,6 +108,7 @@ class Manifest { } async initialize() { + await this.removeMD5BasedFilename(); this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 }); await this._store.load(); } ===================================== dom/manifest/test/browser_Manifest_install.js ===================================== @@ -23,18 +23,59 @@ function makeTestURL() { return url.href; } +function generateHash(aString, hashAlg) { + const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + cryptoHash.init(hashAlg); + const stringStream = Cc[ + "@mozilla.org/io/string-input-stream;1" + ].createInstance(Ci.nsIStringInputStream); + stringStream.data = aString; + cryptoHash.updateFromStream(stringStream, -1); + // base64 allows the '/' char, but we can't use it for filenames. + return cryptoHash.finish(true).replace(/\//g, "-"); +} + +const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests"); + add_task(async function () { const tabOptions = { gBrowser, url: makeTestURL() }; + const filenameMD5 = generateHash(manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const filenameSHA = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + const manifestMD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + const manifestSHAPath = PathUtils.join(MANIFESTS_DIR, filenameSHA); + await BrowserTestUtils.withNewTab(tabOptions, async function (browser) { - let manifest = await Manifests.getManifest(browser, manifestUrl); - is(manifest.installed, false, "We haven't installed this manifest yet"); + let tmpManifest = await Manifests.getManifest(browser, manifestUrl); + is(tmpManifest.installed, false, "We haven't installed this manifest yet"); + + await tmpManifest.install(); + // making sure the manifest is actually installed before proceeding + await tmpManifest._store._save(); + await IOUtils.move(tmpManifest.path, manifestMD5Path); + + let exists = await IOUtils.exists(tmpManifest.path); + is( + exists, + false, + "Manually moved manifest from SHA256 based path to MD5 based path" + ); + Manifests.manifestObjs.delete(manifestUrl); + + let manifest = await Manifests.getManifest(browser, manifestUrl); await manifest.install(browser); is(manifest.name, "hello World", "Manifest has correct name"); is(manifest.installed, true, "Manifest is installed"); is(manifest.url, manifestUrl, "has correct url"); is(manifest.browser, browser, "has correct browser"); + is(manifest.path, manifestSHAPath, "has correct path"); + + exists = await IOUtils.exists(manifestMD5Path); + is(exists, false, "MD5 based manifest removed"); manifest = await Manifests.getManifest(browser, manifestUrl); is(manifest.installed, true, "New instances are installed"); ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -952,6 +952,10 @@ gfxFont::gfxFont(const RefPtr<UnscaledFont>& aUnscaledFont, } mKerningSet = HasFeatureSet(HB_TAG('k', 'e', 'r', 'n'), mKerningEnabled); + + // Ensure the gfxFontEntry's unitsPerEm and extents fields are initialized, + // so that GetFontExtents can use them without risk of races. + Unused << mFontEntry->UnitsPerEm(); } gfxFont::~gfxFont() { ===================================== gfx/thebes/gfxFontEntry.cpp ===================================== @@ -262,14 +262,22 @@ already_AddRefed<gfxFont> gfxFontEntry::FindOrMakeFont( } uint16_t gfxFontEntry::UnitsPerEm() { + { + AutoReadLock lock(mLock); + if (mUnitsPerEm) { + return mUnitsPerEm; + } + } + + AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); + AutoWriteLock lock(mLock); + if (!mUnitsPerEm) { - AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); if (headTable) { uint32_t len; const HeadTable* head = reinterpret_cast<const HeadTable*>(hb_blob_get_data(headTable, &len)); if (len >= sizeof(HeadTable)) { - mUnitsPerEm = head->unitsPerEm; if (int16_t(head->xMax) > int16_t(head->xMin) && int16_t(head->yMax) > int16_t(head->yMin)) { mXMin = head->xMin; @@ -277,6 +285,7 @@ uint16_t gfxFontEntry::UnitsPerEm() { mXMax = head->xMax; mYMax = head->yMax; } + mUnitsPerEm = head->unitsPerEm; } } @@ -286,12 +295,13 @@ uint16_t gfxFontEntry::UnitsPerEm() { mUnitsPerEm = kInvalidUPEM; } } + return mUnitsPerEm; } bool gfxFontEntry::HasSVGGlyph(uint32_t aGlyphId) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); return GetSVGGlyphs()->HasSVGGlyph(aGlyphId); } @@ -309,8 +319,8 @@ bool gfxFontEntry::GetSVGGlyphExtents(DrawTarget* aDrawTarget, void gfxFontEntry::RenderSVGGlyph(gfxContext* aContext, uint32_t aGlyphId, SVGContextPaint* aContextPaint) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); GetSVGGlyphs()->RenderGlyph(aContext, aGlyphId, aContextPaint); } @@ -467,8 +477,9 @@ hb_blob_t* gfxFontEntry::FontTableHashEntry::ShareTableAndGetBlob( HB_MEMORY_MODE_READONLY, mSharedBlobData, DeleteFontTableBlobData); if (mBlob == hb_blob_get_empty()) { // The FontTableBlobData was destroyed during hb_blob_create(). - // The (empty) blob is still be held in the hashtable with a strong + // The (empty) blob will still be held in the hashtable with a strong // reference. + mSharedBlobData = nullptr; return hb_blob_reference(mBlob); } ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -538,6 +538,9 @@ class gfxFontEntry { mozilla::gfx::Rect GetFontExtents(float aFUnitScaleFactor) const { // Flip the y-axis here to match the orientation of Gecko's coordinates. + // We don't need to take a lock here because the min/max fields are inert + // after initialization, and we make sure to initialize them at gfxFont- + // creation time. return mozilla::gfx::Rect(float(mXMin) * aFUnitScaleFactor, float(-mYMax) * aFUnitScaleFactor, float(mXMax - mXMin) * aFUnitScaleFactor, View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d3… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.11.0esr-13.0-1] 3 commits: Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch base-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: ac2c9355 by Nuohan Li at 2024-05-09T13:01:34+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 9d85032c by Jonathan Kew at 2024-05-09T13:01:39+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - 8a728aa8 by Jonathan Kew at 2024-05-09T13:01:40+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 5 changed files: - dom/manifest/Manifest.sys.mjs - dom/manifest/test/browser_Manifest_install.js - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.cpp - gfx/thebes/gfxFontEntry.h Changes: ===================================== dom/manifest/Manifest.sys.mjs ===================================== @@ -29,11 +29,11 @@ ChromeUtils.defineESModuleGetters(lazy, { * @note The generated hash is returned in base64 form. Mind the fact base64 * is case-sensitive if you are going to reuse this code. */ -function generateHash(aString) { +function generateHash(aString, hashAlg) { const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( Ci.nsICryptoHash ); - cryptoHash.init(Ci.nsICryptoHash.MD5); + cryptoHash.init(hashAlg); const stringStream = Cc[ "@mozilla.org/io/string-input-stream;1" ].createInstance(Ci.nsIStringInputStream); @@ -66,11 +66,39 @@ class Manifest { this._manifestUrl = manifestUrl; // The key for this is the manifests URL that is required to be unique. // However arbitrary urls are not safe file paths so lets hash it. - const fileName = generateHash(manifestUrl) + ".json"; - this._path = PathUtils.join(MANIFESTS_DIR, fileName); + const filename = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + this._path = PathUtils.join(MANIFESTS_DIR, filename); this.browser = browser; } + /** + * See Bug 1871109 + * This function is called at the beginning of initialize() to check if a given + * manifest has MD5 based filename, if so we remove it and migrate the content to + * a new file with SHA256 based name. + * This is done due to security concern, as MD5 is an outdated hashing algorithm and + * shouldn't be used anymore + */ + async removeMD5BasedFilename() { + const filenameMD5 = + generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + try { + await IOUtils.copy(MD5Path, this._path, { noOverwrite: true }); + } catch (error) { + // we are ignoring the failures returned from copy as it should not stop us from + // installing a new manifest + } + + // Remove the old MD5 based file unconditionally to ensure it's no longer used + try { + await IOUtils.remove(MD5Path); + } catch { + // ignore the error in case MD5 based file does not exist + } + } + get browser() { return this._browser; } @@ -80,6 +108,7 @@ class Manifest { } async initialize() { + await this.removeMD5BasedFilename(); this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 }); await this._store.load(); } ===================================== dom/manifest/test/browser_Manifest_install.js ===================================== @@ -23,18 +23,59 @@ function makeTestURL() { return url.href; } +function generateHash(aString, hashAlg) { + const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + cryptoHash.init(hashAlg); + const stringStream = Cc[ + "@mozilla.org/io/string-input-stream;1" + ].createInstance(Ci.nsIStringInputStream); + stringStream.data = aString; + cryptoHash.updateFromStream(stringStream, -1); + // base64 allows the '/' char, but we can't use it for filenames. + return cryptoHash.finish(true).replace(/\//g, "-"); +} + +const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests"); + add_task(async function () { const tabOptions = { gBrowser, url: makeTestURL() }; + const filenameMD5 = generateHash(manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const filenameSHA = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + const manifestMD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + const manifestSHAPath = PathUtils.join(MANIFESTS_DIR, filenameSHA); + await BrowserTestUtils.withNewTab(tabOptions, async function (browser) { - let manifest = await Manifests.getManifest(browser, manifestUrl); - is(manifest.installed, false, "We haven't installed this manifest yet"); + let tmpManifest = await Manifests.getManifest(browser, manifestUrl); + is(tmpManifest.installed, false, "We haven't installed this manifest yet"); + + await tmpManifest.install(); + // making sure the manifest is actually installed before proceeding + await tmpManifest._store._save(); + await IOUtils.move(tmpManifest.path, manifestMD5Path); + + let exists = await IOUtils.exists(tmpManifest.path); + is( + exists, + false, + "Manually moved manifest from SHA256 based path to MD5 based path" + ); + Manifests.manifestObjs.delete(manifestUrl); + + let manifest = await Manifests.getManifest(browser, manifestUrl); await manifest.install(browser); is(manifest.name, "hello World", "Manifest has correct name"); is(manifest.installed, true, "Manifest is installed"); is(manifest.url, manifestUrl, "has correct url"); is(manifest.browser, browser, "has correct browser"); + is(manifest.path, manifestSHAPath, "has correct path"); + + exists = await IOUtils.exists(manifestMD5Path); + is(exists, false, "MD5 based manifest removed"); manifest = await Manifests.getManifest(browser, manifestUrl); is(manifest.installed, true, "New instances are installed"); ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -952,6 +952,10 @@ gfxFont::gfxFont(const RefPtr<UnscaledFont>& aUnscaledFont, } mKerningSet = HasFeatureSet(HB_TAG('k', 'e', 'r', 'n'), mKerningEnabled); + + // Ensure the gfxFontEntry's unitsPerEm and extents fields are initialized, + // so that GetFontExtents can use them without risk of races. + Unused << mFontEntry->UnitsPerEm(); } gfxFont::~gfxFont() { ===================================== gfx/thebes/gfxFontEntry.cpp ===================================== @@ -262,14 +262,22 @@ already_AddRefed<gfxFont> gfxFontEntry::FindOrMakeFont( } uint16_t gfxFontEntry::UnitsPerEm() { + { + AutoReadLock lock(mLock); + if (mUnitsPerEm) { + return mUnitsPerEm; + } + } + + AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); + AutoWriteLock lock(mLock); + if (!mUnitsPerEm) { - AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); if (headTable) { uint32_t len; const HeadTable* head = reinterpret_cast<const HeadTable*>(hb_blob_get_data(headTable, &len)); if (len >= sizeof(HeadTable)) { - mUnitsPerEm = head->unitsPerEm; if (int16_t(head->xMax) > int16_t(head->xMin) && int16_t(head->yMax) > int16_t(head->yMin)) { mXMin = head->xMin; @@ -277,6 +285,7 @@ uint16_t gfxFontEntry::UnitsPerEm() { mXMax = head->xMax; mYMax = head->yMax; } + mUnitsPerEm = head->unitsPerEm; } } @@ -286,12 +295,13 @@ uint16_t gfxFontEntry::UnitsPerEm() { mUnitsPerEm = kInvalidUPEM; } } + return mUnitsPerEm; } bool gfxFontEntry::HasSVGGlyph(uint32_t aGlyphId) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); return GetSVGGlyphs()->HasSVGGlyph(aGlyphId); } @@ -309,8 +319,8 @@ bool gfxFontEntry::GetSVGGlyphExtents(DrawTarget* aDrawTarget, void gfxFontEntry::RenderSVGGlyph(gfxContext* aContext, uint32_t aGlyphId, SVGContextPaint* aContextPaint) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); GetSVGGlyphs()->RenderGlyph(aContext, aGlyphId, aContextPaint); } @@ -467,8 +477,9 @@ hb_blob_t* gfxFontEntry::FontTableHashEntry::ShareTableAndGetBlob( HB_MEMORY_MODE_READONLY, mSharedBlobData, DeleteFontTableBlobData); if (mBlob == hb_blob_get_empty()) { // The FontTableBlobData was destroyed during hb_blob_create(). - // The (empty) blob is still be held in the hashtable with a strong + // The (empty) blob will still be held in the hashtable with a strong // reference. + mSharedBlobData = nullptr; return hb_blob_reference(mBlob); } ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -538,6 +538,9 @@ class gfxFontEntry { mozilla::gfx::Rect GetFontExtents(float aFUnitScaleFactor) const { // Flip the y-axis here to match the orientation of Gecko's coordinates. + // We don't need to take a lock here because the min/max fields are inert + // after initialization, and we make sure to initialize them at gfxFont- + // creation time. return mozilla::gfx::Rect(float(mXMin) * aFUnitScaleFactor, float(-mYMax) * aFUnitScaleFactor, float(mXMax - mXMin) * aFUnitScaleFactor, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5cc512… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5cc512… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.11.0esr-13.0-1] 3 commits: Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch tor-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: a52dc31b by Nuohan Li at 2024-05-09T10:55:04+00:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 88affd4a by Jonathan Kew at 2024-05-09T10:55:04+00:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - fc0ee191 by Jonathan Kew at 2024-05-09T10:55:04+00:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 5 changed files: - dom/manifest/Manifest.sys.mjs - dom/manifest/test/browser_Manifest_install.js - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.cpp - gfx/thebes/gfxFontEntry.h Changes: ===================================== dom/manifest/Manifest.sys.mjs ===================================== @@ -29,11 +29,11 @@ ChromeUtils.defineESModuleGetters(lazy, { * @note The generated hash is returned in base64 form. Mind the fact base64 * is case-sensitive if you are going to reuse this code. */ -function generateHash(aString) { +function generateHash(aString, hashAlg) { const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( Ci.nsICryptoHash ); - cryptoHash.init(Ci.nsICryptoHash.MD5); + cryptoHash.init(hashAlg); const stringStream = Cc[ "@mozilla.org/io/string-input-stream;1" ].createInstance(Ci.nsIStringInputStream); @@ -66,11 +66,39 @@ class Manifest { this._manifestUrl = manifestUrl; // The key for this is the manifests URL that is required to be unique. // However arbitrary urls are not safe file paths so lets hash it. - const fileName = generateHash(manifestUrl) + ".json"; - this._path = PathUtils.join(MANIFESTS_DIR, fileName); + const filename = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + this._path = PathUtils.join(MANIFESTS_DIR, filename); this.browser = browser; } + /** + * See Bug 1871109 + * This function is called at the beginning of initialize() to check if a given + * manifest has MD5 based filename, if so we remove it and migrate the content to + * a new file with SHA256 based name. + * This is done due to security concern, as MD5 is an outdated hashing algorithm and + * shouldn't be used anymore + */ + async removeMD5BasedFilename() { + const filenameMD5 = + generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + try { + await IOUtils.copy(MD5Path, this._path, { noOverwrite: true }); + } catch (error) { + // we are ignoring the failures returned from copy as it should not stop us from + // installing a new manifest + } + + // Remove the old MD5 based file unconditionally to ensure it's no longer used + try { + await IOUtils.remove(MD5Path); + } catch { + // ignore the error in case MD5 based file does not exist + } + } + get browser() { return this._browser; } @@ -80,6 +108,7 @@ class Manifest { } async initialize() { + await this.removeMD5BasedFilename(); this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 }); await this._store.load(); } ===================================== dom/manifest/test/browser_Manifest_install.js ===================================== @@ -23,18 +23,59 @@ function makeTestURL() { return url.href; } +function generateHash(aString, hashAlg) { + const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + cryptoHash.init(hashAlg); + const stringStream = Cc[ + "@mozilla.org/io/string-input-stream;1" + ].createInstance(Ci.nsIStringInputStream); + stringStream.data = aString; + cryptoHash.updateFromStream(stringStream, -1); + // base64 allows the '/' char, but we can't use it for filenames. + return cryptoHash.finish(true).replace(/\//g, "-"); +} + +const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests"); + add_task(async function () { const tabOptions = { gBrowser, url: makeTestURL() }; + const filenameMD5 = generateHash(manifestUrl, Ci.nsICryptoHash.MD5) + ".json"; + const filenameSHA = + generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json"; + const manifestMD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5); + const manifestSHAPath = PathUtils.join(MANIFESTS_DIR, filenameSHA); + await BrowserTestUtils.withNewTab(tabOptions, async function (browser) { - let manifest = await Manifests.getManifest(browser, manifestUrl); - is(manifest.installed, false, "We haven't installed this manifest yet"); + let tmpManifest = await Manifests.getManifest(browser, manifestUrl); + is(tmpManifest.installed, false, "We haven't installed this manifest yet"); + + await tmpManifest.install(); + // making sure the manifest is actually installed before proceeding + await tmpManifest._store._save(); + await IOUtils.move(tmpManifest.path, manifestMD5Path); + + let exists = await IOUtils.exists(tmpManifest.path); + is( + exists, + false, + "Manually moved manifest from SHA256 based path to MD5 based path" + ); + Manifests.manifestObjs.delete(manifestUrl); + + let manifest = await Manifests.getManifest(browser, manifestUrl); await manifest.install(browser); is(manifest.name, "hello World", "Manifest has correct name"); is(manifest.installed, true, "Manifest is installed"); is(manifest.url, manifestUrl, "has correct url"); is(manifest.browser, browser, "has correct browser"); + is(manifest.path, manifestSHAPath, "has correct path"); + + exists = await IOUtils.exists(manifestMD5Path); + is(exists, false, "MD5 based manifest removed"); manifest = await Manifests.getManifest(browser, manifestUrl); is(manifest.installed, true, "New instances are installed"); ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -952,6 +952,10 @@ gfxFont::gfxFont(const RefPtr<UnscaledFont>& aUnscaledFont, } mKerningSet = HasFeatureSet(HB_TAG('k', 'e', 'r', 'n'), mKerningEnabled); + + // Ensure the gfxFontEntry's unitsPerEm and extents fields are initialized, + // so that GetFontExtents can use them without risk of races. + Unused << mFontEntry->UnitsPerEm(); } gfxFont::~gfxFont() { ===================================== gfx/thebes/gfxFontEntry.cpp ===================================== @@ -262,14 +262,22 @@ already_AddRefed<gfxFont> gfxFontEntry::FindOrMakeFont( } uint16_t gfxFontEntry::UnitsPerEm() { + { + AutoReadLock lock(mLock); + if (mUnitsPerEm) { + return mUnitsPerEm; + } + } + + AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); + AutoWriteLock lock(mLock); + if (!mUnitsPerEm) { - AutoTable headTable(this, TRUETYPE_TAG('h', 'e', 'a', 'd')); if (headTable) { uint32_t len; const HeadTable* head = reinterpret_cast<const HeadTable*>(hb_blob_get_data(headTable, &len)); if (len >= sizeof(HeadTable)) { - mUnitsPerEm = head->unitsPerEm; if (int16_t(head->xMax) > int16_t(head->xMin) && int16_t(head->yMax) > int16_t(head->yMin)) { mXMin = head->xMin; @@ -277,6 +285,7 @@ uint16_t gfxFontEntry::UnitsPerEm() { mXMax = head->xMax; mYMax = head->yMax; } + mUnitsPerEm = head->unitsPerEm; } } @@ -286,12 +295,13 @@ uint16_t gfxFontEntry::UnitsPerEm() { mUnitsPerEm = kInvalidUPEM; } } + return mUnitsPerEm; } bool gfxFontEntry::HasSVGGlyph(uint32_t aGlyphId) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); return GetSVGGlyphs()->HasSVGGlyph(aGlyphId); } @@ -309,8 +319,8 @@ bool gfxFontEntry::GetSVGGlyphExtents(DrawTarget* aDrawTarget, void gfxFontEntry::RenderSVGGlyph(gfxContext* aContext, uint32_t aGlyphId, SVGContextPaint* aContextPaint) { - NS_ASSERTION(mSVGInitialized, - "SVG data has not yet been loaded. TryGetSVGData() first."); + MOZ_ASSERT(mSVGInitialized, + "SVG data has not yet been loaded. TryGetSVGData() first."); GetSVGGlyphs()->RenderGlyph(aContext, aGlyphId, aContextPaint); } @@ -467,8 +477,9 @@ hb_blob_t* gfxFontEntry::FontTableHashEntry::ShareTableAndGetBlob( HB_MEMORY_MODE_READONLY, mSharedBlobData, DeleteFontTableBlobData); if (mBlob == hb_blob_get_empty()) { // The FontTableBlobData was destroyed during hb_blob_create(). - // The (empty) blob is still be held in the hashtable with a strong + // The (empty) blob will still be held in the hashtable with a strong // reference. + mSharedBlobData = nullptr; return hb_blob_reference(mBlob); } ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -538,6 +538,9 @@ class gfxFontEntry { mozilla::gfx::Rect GetFontExtents(float aFUnitScaleFactor) const { // Flip the y-axis here to match the orientation of Gecko's coordinates. + // We don't need to take a lock here because the min/max fields are inert + // after initialization, and we make sure to initialize them at gfxFont- + // creation time. return mozilla::gfx::Rect(float(mXMin) * aFUnitScaleFactor, float(-mYMax) * aFUnitScaleFactor, float(mXMax - mXMin) * aFUnitScaleFactor, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10474e… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10474e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] 4 commits: Bug 1871214 - improve share interaction with fullscreen - BP, tor-browser#42656
by ma1 (＠ma1) 09 May '24

09 May '24

ma1 pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: d3aa11b9 by hackademix at 2024-05-08T18:01:13+02:00 Bug 1871214 - improve share interaction with fullscreen - BP, tor-browser#42656 - - - - - 43756a25 by Arturo Mejia at 2024-05-08T19:23:07+02:00 Bug 1846306 - Do not throw IllegalStateException when unable to find a session for given prompt request in onContentPermissionRequested - - - - - 44c271d8 by hackademix at 2024-05-08T19:29:05+02:00 Bug 1871217: Improve permission handling in Fullscreen - BP, tor-browser#42656 - - - - - f72ebb33 by hackademix at 2024-05-08T20:40:25+02:00 Bug 1892296 - improve webauthn experience - BP, tor-browser#42656 - - - - - 6 changed files: - android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt - android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt - android-components/components/feature/webauthn/src/main/java/mozilla/components/feature/webauthn/WebAuthnFeature.kt - android-components/components/feature/webauthn/src/test/java/mozilla/components/feature/webauthn/WebAuthnFeatureTest.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/share/ShareFragment.kt Changes: ===================================== android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt ===================================== @@ -56,12 +56,14 @@ import mozilla.components.concept.engine.permission.SitePermissions import mozilla.components.concept.engine.permission.SitePermissions.Status.ALLOWED import mozilla.components.concept.engine.permission.SitePermissions.Status.BLOCKED import mozilla.components.concept.engine.permission.SitePermissionsStorage +import mozilla.components.feature.session.SessionUseCases import mozilla.components.feature.sitepermissions.SitePermissionsFeature.DialogConfig import mozilla.components.feature.tabs.TabsUseCases.SelectOrAddUseCase import mozilla.components.lib.state.ext.flowScoped import mozilla.components.support.base.feature.LifecycleAwareFeature import mozilla.components.support.base.feature.OnNeedToRequestPermissions import mozilla.components.support.base.feature.PermissionsFeature +import mozilla.components.support.base.log.logger.Logger import mozilla.components.support.ktx.android.content.isPermissionGranted import mozilla.components.support.ktx.kotlin.getOrigin import mozilla.components.support.ktx.kotlin.stripDefaultPort @@ -72,8 +74,6 @@ import mozilla.components.ui.icons.R as iconsR internal const val PROMPT_FRAGMENT_TAG = "mozac_feature_sitepermissions_prompt_dialog" -private const val FULL_SCREEN_NOTIFICATION_TAG = "mozac_feature_prompts_full_screen_notification_dialog" - @VisibleForTesting internal const val STORAGE_ACCESS_DOCUMENTATION_URL = "https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API" @@ -94,13 +94,15 @@ internal const val STORAGE_ACCESS_DOCUMENTATION_URL = * need to be requested. Once the request is completed, [onPermissionsResult] needs to be invoked. * @property onShouldShowRequestPermissionRationale a callback that allows the feature to query * the ActivityCompat.shouldShowRequestPermissionRationale or the Fragment.shouldShowRequestPermissionRationale values. + * @property exitFullscreenUseCase optional the use case in charge of exiting fullscreen * @property shouldShowDoNotAskAgainCheckBox optional Visibility for Do not ask again Checkbox **/ @Suppress("TooManyFunctions", "LargeClass", "LongParameterList") class SitePermissionsFeature( private val context: Context, - private var sessionId: String? = null, + @set:VisibleForTesting + internal var sessionId: String? = null, private val storage: SitePermissionsStorage = OnDiskSitePermissionsStorage(context), var sitePermissionsRules: SitePermissionsRules? = null, private val fragmentManager: FragmentManager, @@ -109,6 +111,7 @@ class SitePermissionsFeature( override val onNeedToRequestPermissions: OnNeedToRequestPermissions, val onShouldShowRequestPermissionRationale: (permission: String) -> Boolean, private val store: BrowserStore, + private val exitFullscreenUseCase: SessionUseCases.ExitFullScreenUseCase = SessionUseCases(store).exitFullscreen, private val shouldShowDoNotAskAgainCheckBox: Boolean = true, ) : LifecycleAwareFeature, PermissionsFeature { @VisibleForTesting @@ -116,6 +119,8 @@ class SitePermissionsFeature( SelectOrAddUseCase(store) } + private val logger = Logger("SitePermissionsFeature") + internal val ioCoroutineScope by lazy { coroutineScopeInitializer() } internal var coroutineScopeInitializer = { @@ -428,26 +433,29 @@ class SitePermissionsFeature( consumePermissionRequest(permissionRequest) return null } - - val private: Boolean = store.state.findTabOrCustomTabOrSelectedTab(sessionId)?.content?.private - ?: throw IllegalStateException("Unable to find session for $sessionId or selected session") + val tab = store.state.findTabOrCustomTabOrSelectedTab(sessionId) + if (tab == null) { + logger.error("Unable to find a tab for $sessionId rejecting the prompt request") + permissionRequest.reject() + consumePermissionRequest(permissionRequest) + return null + } val permissionFromStorage = withContext(coroutineScope.coroutineContext) { - storage.findSitePermissionsBy(origin, private = private) + storage.findSitePermissionsBy(origin, private = tab.content.private) } - val prompt = if (shouldApplyRules(permissionFromStorage)) { handleRuledFlow(permissionRequest, origin) } else { handleNoRuledFlow(permissionFromStorage, permissionRequest, origin) } - val fullScreenNotificationDisplayed = - fragmentManager.fragments.any { fragment -> fragment.tag == FULL_SCREEN_NOTIFICATION_TAG } - - return if (fullScreenNotificationDisplayed || prompt == null) { + return if (prompt == null) { null } else { + // If we are in fullscreen, then exit to show the permission prompt. + // This won't have any effect if we are not in fullscreen. + exitFullscreenUseCase.invoke(tab.id) prompt.show(fragmentManager, PROMPT_FRAGMENT_TAG) prompt } ===================================== android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt ===================================== @@ -600,6 +600,24 @@ class SitePermissionsFeatureTest { verify(sitePermissionFeature).consumePermissionRequest(mockPermissionRequest) } + @Test + fun `GIVEN sessionId which does not match a selected or custom tab WHEN onContentPermissionRequested() THEN reject, consumePermissionRequest are called `() { + val mockPermissionRequest: PermissionRequest = mock { + whenever(permissions).thenReturn(listOf(ContentVideoCamera(id = "permission"))) + } + + doNothing().`when`(mockPermissionRequest).reject() + + sitePermissionFeature.sessionId = null + + runTestOnMain { + sitePermissionFeature.onContentPermissionRequested(mockPermissionRequest, URL) + } + + verify(mockPermissionRequest).reject() + verify(sitePermissionFeature).consumePermissionRequest(mockPermissionRequest) + } + @Test fun `GIVEN location permissionRequest and shouldApplyRules is true WHEN onContentPermissionRequested() THEN handleRuledFlow is called`() = runTestOnMain { // given ===================================== android-components/components/feature/webauthn/src/main/java/mozilla/components/feature/webauthn/WebAuthnFeature.kt ===================================== @@ -20,6 +20,8 @@ import mozilla.components.support.base.log.logger.Logger class WebAuthnFeature( private val engine: Engine, private val activity: Activity, + private val exitFullScreen: (String?) -> Unit, + private val currentTab: () -> String?, ) : LifecycleAwareFeature, ActivityResultHandler, ActivityDelegate { private val logger = Logger("WebAuthnFeature") private var requestCodeCounter = ACTIVITY_REQUEST_CODE @@ -53,6 +55,7 @@ class WebAuthnFeature( override fun startIntentSenderForResult(intent: IntentSender, onResult: (Intent?) -> Unit) { logger.info("Received activity delegate request with code: $requestCodeCounter") + exitFullScreen(currentTab()) activity.startIntentSenderForResult(intent, requestCodeCounter, null, 0, 0, 0) callbackRef = onResult } ===================================== android-components/components/feature/webauthn/src/test/java/mozilla/components/feature/webauthn/WebAuthnFeatureTest.kt ===================================== @@ -22,6 +22,8 @@ import org.mockito.Mockito.verify class WebAuthnFeatureTest { private lateinit var engine: Engine private lateinit var activity: Activity + private val exitFullScreen: (String?) -> Unit = { _ -> exitFullScreenUseCaseCalled = true } + private var exitFullScreenUseCaseCalled = false @Before fun setup() { @@ -31,7 +33,7 @@ class WebAuthnFeatureTest { @Test fun `feature registers itself on start`() { - val feature = WebAuthnFeature(engine, activity) + val feature = webAuthnFeature() feature.start() @@ -40,7 +42,7 @@ class WebAuthnFeatureTest { @Test fun `feature unregisters itself on stop`() { - val feature = WebAuthnFeature(engine, activity) + val feature = webAuthnFeature() feature.stop() @@ -49,7 +51,7 @@ class WebAuthnFeatureTest { @Test fun `activity delegate starts intent sender`() { - val feature = WebAuthnFeature(engine, activity) + val feature = webAuthnFeature() val callback: ((Intent?) -> Unit) = { } val intentSender: IntentSender = mock() @@ -60,7 +62,7 @@ class WebAuthnFeatureTest { @Test fun `callback is invoked`() { - val feature = WebAuthnFeature(engine, activity) + val feature = webAuthnFeature() var callbackInvoked = false val callback: ((Intent?) -> Unit) = { callbackInvoked = true } val intentSender: IntentSender = mock() @@ -77,10 +79,14 @@ class WebAuthnFeatureTest { @Test fun `feature won't process results with the wrong request code`() { - val feature = WebAuthnFeature(engine, activity) + val feature = webAuthnFeature() val result = feature.onActivityResult(ACTIVITY_REQUEST_CODE - 5, Intent(), 0) assertFalse(result) } + + private fun webAuthnFeature(): WebAuthnFeature { + return WebAuthnFeature(engine, activity, { exitFullScreen("") }) { "" } + } } ===================================== fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt ===================================== @@ -830,6 +830,8 @@ abstract class BaseBrowserFragment : feature = WebAuthnFeature( engine = requireComponents.core.engine, activity = requireActivity(), + exitFullScreen = requireComponents.useCases.sessionUseCases.exitFullscreen::invoke, + currentTab = { store.state.selectedTabId }, ), owner = this, view = view, ===================================== fenix/app/src/main/java/org/mozilla/fenix/share/ShareFragment.kt ===================================== @@ -71,6 +71,7 @@ class ShareFragment : AppCompatDialogFragment() { container: ViewGroup?, savedInstanceState: Bundle?, ): View { + requireComponents.useCases.sessionUseCases.exitFullscreen.invoke() val binding = FragmentShareBinding.inflate( inflater, container, View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/f9… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/f9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.11.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by Pier Angelo Vendrame (＠pierov) 09 May '24

09 May '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: d383e377 by hackademix at 2024-05-09T12:22:08+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42532: Use the HomePage module for new identity checks. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -429,15 +429,12 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { return new Promise(resolve => { // Open a new window forcing the about:privatebrowsing page (tor-browser#41765) // unless user explicitly overrides this policy (tor-browser #42236) - const homePref = "browser.startup.homepage"; const trustedHomePref = "browser.startup.homepage.new_identity"; - const homeURL = Services.prefs.getStringPref(homePref, ""); - const defaultHomeURL = Services.prefs - .getDefaultBranch("") - .getStringPref(homePref, ""); + const homeURL = HomePage.get(); + const defaultHomeURL = HomePage.getDefault(); const isTrustedHome = homeURL === defaultHomeURL || - homeURL.startsWith("chrome://") || // about:blank and other built-ins + homeURL === "chrome://browser/content/blanktab.html" || // about:blank homeURL === Services.prefs.getStringPref(trustedHomePref, ""); const isCustomHome = Services.prefs.getIntPref("browser.startup.page") === 1; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d38… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/d38… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.11.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by Pier Angelo Vendrame (＠pierov) 09 May '24

09 May '24

Pier Angelo Vendrame pushed to branch tor-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 10474e51 by hackademix at 2024-05-09T12:21:45+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42532: Use the HomePage module for new identity checks. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -429,15 +429,12 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { return new Promise(resolve => { // Open a new window forcing the about:privatebrowsing page (tor-browser#41765) // unless user explicitly overrides this policy (tor-browser #42236) - const homePref = "browser.startup.homepage"; const trustedHomePref = "browser.startup.homepage.new_identity"; - const homeURL = Services.prefs.getStringPref(homePref, ""); - const defaultHomeURL = Services.prefs - .getDefaultBranch("") - .getStringPref(homePref, ""); + const homeURL = HomePage.get(); + const defaultHomeURL = HomePage.getDefault(); const isTrustedHome = homeURL === defaultHomeURL || - homeURL.startsWith("chrome://") || // about:blank and other built-ins + homeURL === "chrome://browser/content/blanktab.html" || // about:blank homeURL === Services.prefs.getStringPref(trustedHomePref, ""); const isCustomHome = Services.prefs.getIntPref("browser.startup.page") === 1; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/10474e5… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/10474e5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.11.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by Pier Angelo Vendrame (＠pierov) 09 May '24

09 May '24

Pier Angelo Vendrame pushed to branch base-browser-115.11.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 5cc51272 by hackademix at 2024-05-09T12:21:19+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42532: Use the HomePage module for new identity checks. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -429,15 +429,12 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { return new Promise(resolve => { // Open a new window forcing the about:privatebrowsing page (tor-browser#41765) // unless user explicitly overrides this policy (tor-browser #42236) - const homePref = "browser.startup.homepage"; const trustedHomePref = "browser.startup.homepage.new_identity"; - const homeURL = Services.prefs.getStringPref(homePref, ""); - const defaultHomeURL = Services.prefs - .getDefaultBranch("") - .getStringPref(homePref, ""); + const homeURL = HomePage.get(); + const defaultHomeURL = HomePage.getDefault(); const isTrustedHome = homeURL === defaultHomeURL || - homeURL.startsWith("chrome://") || // about:blank and other built-ins + homeURL === "chrome://browser/content/blanktab.html" || // about:blank homeURL === Services.prefs.getStringPref(trustedHomePref, ""); const isCustomHome = Services.prefs.getIntPref("browser.startup.page") === 1; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5cc5127… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5cc5127… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 7 commits: Bug 41137: add the linux-aarch64 targets and improve linux-cross
by Pier Angelo Vendrame (＠pierov) 09 May '24

09 May '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 08c95509 by NoisyCoil at 2024-05-08T15:40:26+02:00 Bug 41137: add the linux-aarch64 targets and improve linux-cross - - - - - 9c8ed4d1 by NoisyCoil at 2024-05-08T15:43:49+02:00 Bug 41137: '--add-architecture' in containers only when actually cross-compiling Mainly so that the container's id, which is also determined by 'pre', does not change if we call the project with 'linux-cross' but don't actually need to cross-compile. - - - - - e53ab0d3 by NoisyCoil at 2024-05-08T15:44:51+02:00 Bug 41137: Define distdir and filename for cross-binutils - - - - - af937966 by NoisyCoil at 2024-05-08T15:46:09+02:00 Bug 41137: Separate gcc and gcc-cross Use stretch's glibc and stretch-security's linux to maintain compatibility with Debian stretch, add linux-aarch64 glibc patches to avoid build failures - - - - - db06f569 by NoisyCoil at 2024-05-08T15:49:12+02:00 Bug 41137: Add the linux-aarch64 target to OpenSSL - - - - - da1663bd by NoisyCoil at 2024-05-09T11:17:19+02:00 Bug 41137: Add the linux-{aarch64,arm} targets to Tor - - - - - 06de89a5 by NoisyCoil at 2024-05-09T11:17:19+02:00 Bug 41137: Add the linux-{aarch64,arm} targets to Go - - - - - 16 changed files: - projects/binutils/build - projects/binutils/config - projects/container-image/config - + projects/gcc-cross/build - + projects/gcc-cross/config - + projects/gcc-cross/gcc-cross.patch - + projects/gcc-cross/glibc-cross-linux-aarch64-2.patch - + projects/gcc-cross/glibc-cross-linux-aarch64.patch - projects/gcc/build - projects/gcc/config - projects/go-bootstrap/config - projects/go/config - projects/openssl/config - projects/tor/build - projects/tor/config - rbm.conf Changes: ===================================== projects/binutils/build ===================================== @@ -1,7 +1,7 @@ #!/bin/bash [% c("var/set_default_env") -%] mkdir /var/tmp/dist -distdir=/var/tmp/dist/binutils +distdir=/var/tmp/dist/[% c("var/distdir") %] [% IF c("var/linux"); GET c("var/set_hardened_build_flags"); END %] tar xf [% project %]-[% c("version") %].tar.xz @@ -15,6 +15,6 @@ make install MAKEINFO=true cd /var/tmp/dist [% c('tar', { - tar_src => [ project ], + tar_src => [ c('var/distdir') ], tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'), }) %] ===================================== projects/binutils/config ===================================== @@ -1,9 +1,10 @@ # vim: filetype=yaml sw=2 version: 2.39 -filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' +filename: '[% project %]-[% c("version") %]-[% IF c("var/linux-cross") %]cross-[% c("arch") %]-[% END %][% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 var: + distdir: binutils configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins' targets: @@ -12,6 +13,7 @@ targets: configure_opt: '--target=[% c("arch") %]-w64-mingw32 --disable-multilib --enable-deterministic-archives' linux-cross: var: + distdir: 'binutils-cross-[% c("arch") %]' # gold is disabled on cross-compiles until we upgrade to glibc 2.26 and # binutils 2.28 configure_opt: '--target=[% c("var/crosstarget") %] --disable-multilib --enable-deterministic-archives --enable-plugins' ===================================== projects/container-image/config ===================================== @@ -34,7 +34,7 @@ pre: | apt-get update -y -q [% IF pc(c('origin_project'), 'var/pre_pkginst', { step => c('origin_step') }) -%] [% pc(c('origin_project'), 'var/pre_pkginst', { step => c('origin_step') }) %] - [% IF c("var/linux-cross") -%] + [% IF c("var/linux-cross") && ! pc(c('origin_project'), 'var/no_crosscompile', { step => c('origin_step') }) -%] dpkg --add-architecture [% c("var/arch_debian") %] [% END -%] # Update the package cache again because `pre_pkginst` may change the ===================================== projects/gcc-cross/build ===================================== @@ -0,0 +1,96 @@ +#!/bin/sh +[% c("var/set_default_env") -%] +mkdir -p /var/tmp/build +distdir=/var/tmp/dist/[% c("var/distdir") %] + +# Install native gcc +mkdir /var/tmp/dist +cd /var/tmp/dist +tar xf $rootdir/[% c('input_files_by_name/gcc-native') %] +export PATH="$distdir/bin:$PATH" + +# Install cross binutils (needed for cross-compiling) +cd /var/tmp/dist +tar xf $rootdir/[% c('input_files_by_name/binutils') %] +rsync -a binutils-cross-[% c("arch") %]/* $distdir +rm -rf binutils-cross-[% c("arch") %] + +# Install Linux headers, see Step 2 of +# https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ +# Doing this before gcc configure is intended to solve a limits.h issue +cd /var/tmp/build +mkdir linux +cd linux +tar -xJf $rootdir/linux-[% c("var/linux_version") %].tar.xz +cd linux-[% c("var/linux_version") %] +make ARCH=[% IF c("arch") == "aarch64" %]arm64[% ELSE %][% c("arch") %][% END %] INSTALL_HDR_PATH=$distdir/[% c("var/crosstarget") %] headers_install + +cd /var/tmp/build +mkdir gcc-cross +cd gcc-cross +tar -xJf $rootdir/[% c('input_files_by_name/gcc') %] +cd gcc-[% c("version") %] +patch -p1 <$rootdir/gcc-cross.patch + +cd /var/tmp/build/gcc-cross +gcc-[% c("version") %]/configure --prefix=$distdir --includedir=$distdir/[% c("var/crosstarget") %]/include [% c("var/configure_opt") %] + +# For cross-compiling to work, we need to partially build GCC, then build +# glibc, then come back to finish GCC. + +# Build only the components of GCC that don't need glibc, see Step 3 of +# https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ +cd /var/tmp/build/gcc-cross +make -j[% c("num_procs") %] all-gcc +make install-gcc + +# Build glibc headers and startup files, see Step 4 of +# https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ +cd /var/tmp/build +mkdir glibc +cd glibc +tar -xJf $rootdir/glibc-[% c("var/glibc_version") %].tar.xz +[% IF c("var/linux-aarch64") -%] + # Avoid linking issues by backporting glibc patches + cd glibc-[% c("var/glibc_version") %] + patch -p1 <$rootdir/glibc-cross-linux-aarch64.patch + patch -p1 <$rootdir/glibc-cross-linux-aarch64-2.patch + cd /var/tmp/build/glibc +[% END -%] + +# TODO: Remove --disable-werror once glibc is upgraded to a version that's +# designed to work with the GCC version we're using. +glibc-[% c("var/glibc_version") %]/configure --prefix=$distdir/[% c("var/crosstarget") %] --build=$MACHTYPE --host=[% c("var/crosstarget") %] --target=[% c("var/crosstarget") %] --with-headers=$distdir/[% c("var/crosstarget") %]/include --disable-multilib --disable-werror libc_cv_forced_unwind=yes +make install-bootstrap-headers=yes install-headers +make -j[% c("num_procs") %] csu/subdir_lib +install csu/crt1.o csu/crti.o csu/crtn.o $distdir/[% c("var/crosstarget") %]/lib +[% c("var/crosstarget") %]-gcc -nostdlib -nostartfiles -shared -x c /dev/null -o $distdir/[% c("var/crosstarget") %]/lib/libc.so +# stdio_lim.h is intended to solve a limits.h issue +touch $distdir/[% c("var/crosstarget") %]/include/gnu/stubs.h $distdir/[% c("var/crosstarget") %]/include/bits/stdio_lim.h + +# Build compiler support library, see Step 5 of +# https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ +cd /var/tmp/build/gcc-cross +make -j[% c("num_procs") %] all-target-libgcc +make install-target-libgcc + +# finish building glibc, see Step 6 of +# https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ +cd /var/tmp/build/glibc +make -j[% c("num_procs") %] +make install + +# We're done with glibc, we can now finish building gcc... +cd /var/tmp/build/gcc-cross +make -j[% c("num_procs") %] +make install + +# Include a working version of limits.h +cd gcc-[% c("version") %] +cat gcc/limitx.h gcc/glimits.h gcc/limity.h >$distdir/lib/gcc/[% c("var/crosstarget") %]/[% c("version") %]/include/limits.h + +cd /var/tmp/dist +[% c('tar', { + tar_src => [ c('var/distdir') ], + tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'), + }) %] ===================================== projects/gcc-cross/config ===================================== @@ -0,0 +1,53 @@ +# vim: filetype=yaml sw=2 +filename: '[% project %]-[% c("version") %]-[% c("arch") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' +# Note: When updating the gcc version, if this includes a libstdc++ +# ABI change we should also update projects/firefox/abicheck.cc to +# require the new version. +version: '[% pc("gcc-source", "version") %]' +container: + use_container: 1 +hardened_gcc: 1 +var: + distdir: gcc + deps: + - build-essential + - libmpc-dev + setup: | + mkdir -p /var/tmp/dist + tar -C /var/tmp/dist -xf $rootdir/[% c("compiler_tarfile") %] + export PATH="/var/tmp/dist/[% c("var/distdir") %]/bin:$PATH" + export LD_LIBRARY_PATH=/var/tmp/dist/[% c("var/distdir") %]/lib64:/var/tmp/dist/[% c("var/distdir") %]/lib32 + [% IF c("hardened_gcc"); GET c("var/set_hardened_build_flags"); END %] + configure_opt: '--target=[% c("var/crosstarget") %] --disable-multilib --enable-languages=c,c++ --with-glibc-version=[% c("var/glibc_version") %]' + # Use stretch's glibc and stretch-security's linux + glibc_version: 2.24 + linux_version: 4.19.232 + arch_deps: + - libc6-dev-i386 + - gawk + - rsync + +targets: + linux-arm: + var: + configure_opt: '--target=[% c("var/crosstarget") %] --disable-multilib --enable-languages=c,c++ --with-glibc-version=[% c("var/glibc_version") %] --with-arch=armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-mode=thumb' + +input_files: + - project: container-image + - project: gcc-source + name: gcc + - name: binutils + project: binutils + target_prepend: + - linux-cross + - name: gcc-native + project: gcc + - URL: 'https://ftp.gnu.org/gnu/glibc/glibc-[% c("var/glibc_version") %].tar.xz' + sha256sum: 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 + - URL: 'https://www.kernel.org/pub/linux/kernel/v4.x/linux-[% c("var/linux_version") %].tar.xz' + sha256sum: 4fcfe814780d63dc56e907bf41596ff162e9601978bdc1a60eab64cc3903a22c + - filename: 'gcc-cross.patch' + - filename: 'glibc-cross-linux-aarch64.patch' + enable: '[% c("var/linux-aarch64") -%]' + - filename: 'glibc-cross-linux-aarch64-2.patch' + enable: '[% c("var/linux-aarch64") -%]' ===================================== projects/gcc-cross/gcc-cross.patch ===================================== @@ -0,0 +1,18 @@ +Avoids "../../../gcc-10.3.0/libsanitizer/asan/asan_linux.cpp:217:21: error: +'PATH_MAX' was not declared in this scope". PATH_MAX is in /include/linux/limits.h, +which is usually included by /include/limits.h (indirectly, through posix headers, +etc.). For some reason, when cross-compiling, this inclusion chain is broken and +we must include <linux/limits.h> by hand. + +Index: gcc-10.3.0/libsanitizer/asan/asan_linux.cpp +=================================================================== +--- gcc-10.3.0.orig/libsanitizer/asan/asan_linux.cpp ++++ gcc-10.3.0/libsanitizer/asan/asan_linux.cpp +@@ -32,6 +32,7 @@ + #include <dlfcn.h> + #include <fcntl.h> + #include <limits.h> ++#include <linux/limits.h> + #include <pthread.h> + #include <stdio.h> + #include <unistd.h> ===================================== projects/gcc-cross/glibc-cross-linux-aarch64-2.patch ===================================== @@ -0,0 +1,30 @@ +From e9177fba13549a8e2a6232f46080e5c6d3e467b1 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy(a)arm.com> +Date: Wed, 21 Jun 2017 13:47:07 +0100 +Subject: [PATCH] [AArch64] Use hidden __GI__dl_argv in rtld startup code + +We rely on the symbol being locally defined so using extern symbol +is not correct and the linker may complain about the relocations. +--- + ChangeLog | 5 +++++ + sysdeps/aarch64/dl-machine.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: glibc/sysdeps/aarch64/dl-machine.h +=================================================================== +--- glibc.orig/sysdeps/aarch64/dl-machine.h ++++ glibc/sysdeps/aarch64/dl-machine.h +@@ -172,8 +172,8 @@ _dl_start_user: \n\ + cmp x0, #0 \n\ + bne 1b \n\ + // Update _dl_argv \n\ +- adrp x3, _dl_argv \n\ +- str x2, [x3, #:lo12:_dl_argv] \n\ ++ adrp x3, __GI__dl_argv \n\ ++ str x2, [x3, #:lo12:__GI__dl_argv] \n\ + .L_done_stack_adjust: \n\ + // compute envp \n\ + add x3, x2, x1, lsl #3 \n\ +-- +2.43.2 + ===================================== projects/gcc-cross/glibc-cross-linux-aarch64.patch ===================================== @@ -0,0 +1,63 @@ +From a68ba2f3cd3cbe32c1f31e13c20ed13487727b32 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy(a)arm.com> +Date: Wed, 18 Oct 2017 17:26:23 +0100 +Subject: [PATCH] [AARCH64] Rewrite elf_machine_load_address using _DYNAMIC + symbol + +This patch rewrites aarch64 elf_machine_load_address to use special _DYNAMIC +symbol instead of _dl_start. + +The static address of _DYNAMIC symbol is stored in the first GOT entry. +Here is the change which makes this solution work (part of binutils 2.24): +https://sourceware.org/ml/binutils/2013-06/msg00248.html + +i386, x86_64 targets use the same method to do this as well. + +The original implementation relies on a trick that R_AARCH64_ABS32 relocation +being resolved at link time and the static address fits in the 32bits. +However, in LP64, normally, the address is defined to be 64 bit. + +Here is the C version one which should be portable in all cases. + + * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use + _DYNAMIC symbol to calculate load address. +--- + ChangeLog | 5 +++++ + sysdeps/aarch64/dl-machine.h | 39 +++++------------------------------- + 2 files changed, 10 insertions(+), 34 deletions(-) + +Index: glibc-2.26/sysdeps/aarch64/dl-machine.h +=================================================================== +--- glibc-2.26.orig/sysdeps/aarch64/dl-machine.h ++++ glibc-2.26/sysdeps/aarch64/dl-machine.h +@@ -51,26 +51,11 @@ elf_machine_load_address (void) + /* To figure out the load address we use the definition that for any symbol: + dynamic_addr(symbol) = static_addr(symbol) + load_addr + +- The choice of symbol is arbitrary. The static address we obtain +- by constructing a non GOT reference to the symbol, the dynamic +- address of the symbol we compute using adrp/add to compute the +- symbol's address relative to the PC. +- This depends on 32bit relocations being resolved at link time +- and that the static address fits in the 32bits. */ ++ _DYNAMIC sysmbol is used here as its link-time address stored in ++ the special unrelocated first GOT entry. */ + +- ElfW(Addr) static_addr; +- ElfW(Addr) dynamic_addr; +- +- asm (" \n" +-" adrp %1, _dl_start; \n" +-" add %1, %1, #:lo12:_dl_start \n" +-" ldr %w0, 1f \n" +-" b 2f \n" +-"1: \n" +-" .word _dl_start \n" +-"2: \n" +- : "=r" (static_addr), "=r" (dynamic_addr)); +- return dynamic_addr - static_addr; ++ extern ElfW(Dyn) _DYNAMIC[] attribute_hidden; ++ return (ElfW(Addr)) &_DYNAMIC - elf_machine_dynamic (); + } + + /* Set up the loaded object described by L so its unrelocated PLT ===================================== projects/gcc/build ===================================== @@ -1,7 +1,8 @@ #!/bin/sh [% c("var/set_default_env") -%] mkdir -p /var/tmp/build -[% IF c("var/linux") && ! c("var/linux-cross") -%] + +[% IF c("var/linux") -%] # Config options for hardening export DEB_BUILD_HARDENING=1 # Since r223796 landed on GCC master enforcing PIE breaks GCC compilation. @@ -19,81 +20,9 @@ mkdir -p /var/tmp/build [% END -%] distdir=/var/tmp/dist/[% c("var/distdir") %] -[% IF c("var/linux-cross") -%] - - # Install binutils (needed for cross-compiling) - mkdir /var/tmp/dist - cd /var/tmp/dist - tar xf $rootdir/[% c('input_files_by_name/binutils') %] - mv binutils $distdir - export PATH="$distdir/bin:$PATH" - - # Install Linux headers, see Step 2 of - # https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ - # Doing this before gcc configure is intended to solve a limits.h issue - cd /var/tmp/build - mkdir linux - cd linux - tar -xJf $rootdir/linux-[% c("var/linux_version") %].tar.xz - cd linux-[% c("var/linux_version") %] - make ARCH=[% c("arch") %] INSTALL_HDR_PATH=$distdir/[% c("var/crosstarget") %] headers_install - - cd /var/tmp/build - mkdir gcc - cd gcc - tar -xJf $rootdir/[% c('input_files_by_name/gcc') %] - # --with-headers is intended to solve a limits.h issue - [% project %]-[% c("version") %]/configure --prefix=$distdir --with-headers=$distdir/[% c("var/crosstarget") %]/include/linux [% c("var/configure_opt") %] - - # For cross-compiling to work, we need to partially build GCC, then build - # glibc, then come back to finish GCC. - - # Build only the components of GCC that don't need glibc, see Step 3 of - # https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ - cd /var/tmp/build/gcc - make -j[% c("num_procs") %] all-gcc - make install-gcc - # Removing sys-include is intended to solve a limits.h issue - rm --recursive --force $distdir/[% c("var/crosstarget") %]/sys-include - - # Build glibc headers and startup files, see Step 4 of - # https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ - cd /var/tmp/build - mkdir glibc - cd glibc - tar -xJf $rootdir/glibc-[% c("var/glibc_version") %].tar.xz - # TODO: Remove --disable-werror once glibc is upgraded to a version that's - # designed to work with the GCC version we're using. - glibc-[% c("var/glibc_version") %]/configure --prefix=$distdir/[% c("var/crosstarget") %] --build=$MACHTYPE --host=[% c("var/crosstarget") %] --target=[% c("var/crosstarget") %] --with-headers=$distdir/[% c("var/crosstarget") %]/include --disable-multilib --disable-werror libc_cv_forced_unwind=yes - make install-bootstrap-headers=yes install-headers - make -j[% c("num_procs") %] csu/subdir_lib - install csu/crt1.o csu/crti.o csu/crtn.o $distdir/[% c("var/crosstarget") %]/lib - [% c("var/crosstarget") %]-gcc -nostdlib -nostartfiles -shared -x c /dev/null -o $distdir/[% c("var/crosstarget") %]/lib/libc.so - # stdio_lim.h is intended to solve a limits.h issue - touch $distdir/[% c("var/crosstarget") %]/include/gnu/stubs.h $distdir/[% c("var/crosstarget") %]/include/bits/stdio_lim.h - - # Build compiler support library, see Step 5 of - # https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ - cd /var/tmp/build/gcc - make -j[% c("num_procs") %] all-target-libgcc - make install-target-libgcc - - # finish building glibc, see Step 6 of - # https://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/ - cd /var/tmp/build/glibc - make -j[% c("num_procs") %] - make install - - # We're done with glibc, we can now finish building gcc... - cd /var/tmp/build/gcc - -[% ELSE -%] - - tar -C /var/tmp/build -xf $rootdir/[% c('input_files_by_name/gcc') %] - cd /var/tmp/build/[% project %]-[% c("version") %] - ./configure --prefix=$distdir [% c("var/configure_opt") %] - -[% END -%] +tar -C /var/tmp/build -xf $rootdir/[% c('input_files_by_name/gcc') %] +cd /var/tmp/build/[% project %]-[% c("version") %] +./configure --prefix=$distdir [% c("var/configure_opt") %] make -j[% c("num_procs") %] make install ===================================== projects/gcc/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -filename: '[% project %]-[% c("version") %]-[% IF c("var/linux-cross") %][% c("var/osname") %][% ELSE %]x86[% END %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' +filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' # Note: When updating the gcc version, if this includes a libstdc++ # ABI change we should also update projects/firefox/abicheck.cc to # require the new version. @@ -7,6 +7,7 @@ version: '[% pc("gcc-source", "version") %]' container: use_container: 1 var: + no_crosscompile: 1 distdir: gcc deps: - build-essential @@ -15,9 +16,7 @@ var: mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("compiler_tarfile") %] export PATH="/var/tmp/dist/[% c("var/distdir") %]/bin:$PATH" - [% IF ! c("var/linux-cross") -%] - export LD_LIBRARY_PATH=/var/tmp/dist/[% c("var/distdir") %]/lib64:/var/tmp/dist/[% c("var/distdir") %]/lib32 - [% END -%] + export LD_LIBRARY_PATH=/var/tmp/dist/[% c("var/distdir") %]/lib64:/var/tmp/dist/[% c("var/distdir") %]/lib32 [% IF c("hardened_gcc"); GET c("var/set_hardened_build_flags"); END %] targets: @@ -33,33 +32,8 @@ targets: configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 arch_deps: - libc6-dev-i386 - linux-cross: - var: - target_prefix: '[% c("var/crosstarget") %]-' - distdir: gcc-cross - # TODO: Consider upgrading to a glibc that works out of the box with the - # GCC version we use. However, removing our glibc version workarounds may - # not be desirable since we want to be able to easily bump the GCC - # version without worrying about linux-cross breakage. - glibc_version: 2.26 - linux_version: 4.10.1 - arch_deps: - - libc6-dev-i386 - - gawk - linux-arm: - var: - configure_opt: --disable-multilib --enable-languages=c,c++ --target=arm-linux-gnueabihf --with-arch=armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-mode=thumb input_files: - project: container-image - project: gcc-source name: gcc - - name: binutils - project: binutils - enable: '[% c("var/linux-cross") -%]' - - URL: 'https://ftp.gnu.org/gnu/glibc/glibc-[% c("var/glibc_version") %].tar.xz' - sha256sum: e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd - enable: '[% c("var/linux-cross") -%]' - - URL: 'https://www.kernel.org/pub/linux/kernel/v4.x/linux-[% c("var/linux_version") %].tar.xz' - sha256sum: 6ca06bb5faf5f83600d7388bb623dae41df2a257de85ad5d1792e03302bc3543 - enable: '[% c("var/linux-cross") -%]' ===================================== projects/go-bootstrap/config ===================================== @@ -4,6 +4,9 @@ filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("co container: use_container: 1 +var: + no_crosscompile: 1 + input_files: - project: container-image - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' ===================================== projects/go/config ===================================== @@ -9,6 +9,7 @@ var: use_go_1_20: 0 go_1_21: 1.21.9 go_1_20: 1.20.14 + no_crosscompile: 1 setup: | mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %] @@ -101,6 +102,12 @@ targets: linux-i686: var: GOARCH: 386 + linux-aarch64: + var: + GOARCH: arm64 + linux-arm: + var: + GOARCH: arm android: var: GOOS: android ===================================== projects/openssl/config ===================================== @@ -14,6 +14,9 @@ targets: linux-i686: var: configure_opts: -shared linux-x86 + linux-aarch64: + var: + configure_opts: -shared --cross-compile-prefix=[% c("var/crosstarget") %]- enable-ec_nistp_64_gcc_128 linux-aarch64 linux-arm: var: configure_opts: -shared --cross-compile-prefix=[% c("var/crosstarget") %]- linux-armv4 ===================================== projects/tor/build ===================================== @@ -21,6 +21,20 @@ mkdir $TORBINDIR [% IF c("var/windows") || c("var/android") %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/zlib') %] zlibdir=/var/tmp/dist/zlib +[% ELSIF c("var/linux-cross") %] + # Since 1. we are using Debian's zlib1g-dev:$arch_debian, 2. our + # cross-toolchain's default paths (i.e. -I and -L) are not the same + # as those of Debian's cross-toolchain, and 3. tor's configure does + # not support separate header and library directories for zlib, we + # need to make the headers and $arch_debian library available to + # configure manually. + # DO NOT use CPPFLAGS="-I/usr/include" to include the headers, the + # build will fail (probably because some of our cross-$arch_debian + # headers get masked by the native ones). + CROSS_INCLUDEDIR=/var/tmp/dist/gcc/[% c("var/crosstarget") %]/include + ln -s /usr/include/zconf.h $CROSS_INCLUDEDIR + ln -s /usr/include/zlib.h $CROSS_INCLUDEDIR + export LDFLAGS="-L/usr/lib/[% c("var/crosstarget") %] $LDFLAGS" [% END %] [% IF c("var/android") %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/zstd') %] @@ -44,10 +58,14 @@ openssldir=/var/tmp/dist/openssl # LD_LIBRARY_PATH value to the Tor Browser with the newer one. Thus, we copy # the libstdc++ into the directory with the libs tor depends on, too. See bug # 13359 for further details. - cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libstdc++.so.6 "$TORBINDIR" + libdir=[% c("var/libdir") %] + [% IF c("var/linux-cross") -%] + libdir="[% c("var/crosstarget") %]/$libdir" + [% END -%] + cp "/var/tmp/dist/gcc/$libdir/libstdc++.so.6" "$TORBINDIR" [% IF c("var/asan") -%] - cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libasan.so.6 "$TORBINDIR" - cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libubsan.so.1 "$TORBINDIR" + cp "/var/tmp/dist/gcc/$libdir/libasan.so.6" "$TORBINDIR" + cp "/var/tmp/dist/gcc/$libdir/libubsan.so.1" "$TORBINDIR" [% END -%] chmod 700 "$TORBINDIR"/*.so* # This is needed to make RPATH unavailable. See bug 9150. @@ -73,6 +91,7 @@ find -type f -print0 | xargs -0 [% c("touch") %] [% IF c("var/windows") || c("var/android") %]--with-zlib-dir="$zlibdir"[% END %] \ [% IF c("var/macos") %]--enable-static-openssl[% END %] \ [% IF c("var/windows") %]--enable-static-libevent --enable-static-openssl --enable-static-zlib[% END %] \ + [% IF c("var/linux-cross") %]--build=x86_64-linux-gnu[% END %] \ --enable-gpl --prefix="$distdir" [% c("var/configure_opt") %] [% IF c("var/macos") -%] export LD_PRELOAD=[% c("var/faketime_path") %] @@ -103,10 +122,17 @@ cd $distdir [% END %] [% IF c("var/linux") %] + [% IF c("var/linux-cross") -%] + CROSS_PREFIX=[% c("var/crosstarget") %]- + [% END -%] + + OBJCOPY="${CROSS_PREFIX}objcopy" + STRIP="${CROSS_PREFIX}strip" + # Strip and generate debuginfo for libs - objcopy --only-keep-debug $distdir/bin/tor "$TORDEBUGDIR/tor" - install -s $distdir/bin/tor "$TORBINDIR" - objcopy --add-gnu-debuglink="$TORDEBUGDIR/tor" "$TORBINDIR/tor" + "$OBJCOPY" --only-keep-debug $distdir/bin/tor "$TORDEBUGDIR/tor" + install -s --strip-program="$STRIP" $distdir/bin/tor "$TORBINDIR" + "$OBJCOPY" --add-gnu-debuglink="$TORDEBUGDIR/tor" "$TORBINDIR/tor" for i in "$TORBINDIR"/*so* do LIB=`basename $i` @@ -116,11 +142,11 @@ cd $distdir # treat this the same as the rest (though it seems libstdc++ doesn't come with # any useful debug symbols since we don't build it, so maybe we should figure # out how to package them - strip "$TORBINDIR/$LIB" + "$STRIP" "$TORBINDIR/$LIB" else - objcopy --only-keep-debug "$TORBINDIR/$LIB" "$TORDEBUGDIR/$LIB" - strip "$TORBINDIR/$LIB" - objcopy --add-gnu-debuglink="$TORDEBUGDIR/$LIB" "$TORBINDIR/$LIB" + "$OBJCOPY" --only-keep-debug "$TORBINDIR/$LIB" "$TORDEBUGDIR/$LIB" + "$STRIP" "$TORBINDIR/$LIB" + "$OBJCOPY" --add-gnu-debuglink="$TORDEBUGDIR/$LIB" "$TORBINDIR/$LIB" fi done [% END %] ===================================== projects/tor/config ===================================== @@ -30,6 +30,17 @@ targets: libdir: lib64 arch_deps: - zlib1g-dev + linux-aarch64: + var: + libdir: lib64 + arch_deps: + - zlib1g-dev:arm64 + linux-arm: + var: + libdir: lib + arch_deps: + - zlib1g-dev:armhf + android: var: configure_opt_project: '--enable-android --enable-static-openssl --enable-static-libevent --enable-zstd --disable-tool-name-check --disable-system-torrc' ===================================== rbm.conf ===================================== @@ -468,14 +468,29 @@ targets: - linux-i686 - linux - basebrowser + torbrowser-linux-aarch64: + - linux-cross + - linux-aarch64 + - linux + - torbrowser + basebrowser-linux-aarch64: + - linux-cross + - linux-aarch64 + - linux + - basebrowser + mullvadbrowser-linux-aarch64: + - linux-cross + - linux-aarch64 + - linux + - mullvadbrowser torbrowser-linux-arm: - - linux-arm - linux-cross + - linux-arm - linux - torbrowser basebrowser-linux-arm: - - linux-arm - linux-cross + - linux-arm - linux - basebrowser linux-x86_64: @@ -493,18 +508,26 @@ targets: linux-cross: 0 configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 [% c("var/configure_opt_project") %]' arch_debian: i386 + linux-aarch64: + arch: aarch64 + var: + linux-aarch64: 1 + osname: linux-aarch64 + linux-cross: 1 + arch_debian: arm64 + crosstarget: aarch64-linux-gnu linux-arm: arch: arm var: linux-arm: 1 osname: linux-arm - crosstarget: arm-linux-gnueabihf + linux-cross: 1 arch_debian: armhf + crosstarget: arm-linux-gnueabihf linux-cross: var: linux-cross: 1 - container: - arch: amd64 + compiler: 'gcc[% IF ! c("var/no_crosscompile") %]-cross[% END %]' configure_opt: '--host=[% c("var/crosstarget") %] [% c("var/configure_opt_project") %]' linux: # tar in strech does not know how to extract tar.zst files View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0