- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 1a9bf95b by hackademix at 2023-12-04T12:13:55+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -157,12 +157,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -201,16 +206,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -233,18 +248,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -255,7 +280,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2130,7 +2168,6 @@ BrowserGlue.prototype = { } }, () => lazy.OnionAliasStore.uninit(), - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a9bf95… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a9bf95… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 410b9a4c by hackademix at 2023-12-04T11:02:42+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -159,12 +159,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -203,16 +208,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -235,18 +250,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -257,7 +282,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2118,7 +2156,6 @@ BrowserGlue.prototype = { } }, () => lazy.OnionAliasStore.uninit(), - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/410b9a4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/410b9a4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Revert "Bug 40933: Add symlinks to have incrementals between 12.5.x and 13.0"
by boklm (＠boklm) 01 Dec '23

01 Dec '23

boklm pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: e0f8b589 by Richard Pospesel at 2023-11-30T14:41:29+00:00 Revert "Bug 40933: Add symlinks to have incrementals between 12.5.x and 13.0" This reverts commit a21969281d18941b69a94b994b0797f8b88ad45f. Bug 40936: We are no longer building incrementals from the 12.5 series so its time for this patch to go - - - - - 3 changed files: - Makefile - projects/release/config - − projects/release/link_old_mar_filenames Changes: ===================================== Makefile ===================================== @@ -183,7 +183,6 @@ torbrowser-testbuild-src: submodule-update torbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target torbrowser @@ -196,7 +195,6 @@ torbrowser-incrementals-release-unsigned: submodule-update torbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target torbrowser @@ -223,14 +221,12 @@ torbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target torbrowser $(rbm) build release --step dmg2mar --target release --target signed --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target torbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha torbrowser-compare-windows-signed-unsigned-release: submodule-update @@ -527,7 +523,6 @@ mullvadbrowser-testbuild-src: submodule-update mullvadbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target mullvadbrowser @@ -540,7 +535,6 @@ mullvadbrowser-incrementals-release-unsigned: submodule-update mullvadbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target mullvadbrowser @@ -567,14 +561,12 @@ mullvadbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target release --target signed --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update ===================================== projects/release/config ===================================== @@ -243,11 +243,6 @@ steps: debug: 0 input_files: [] update_responses_config: '[% INCLUDE update_responses_config %]' - link_old_mar_filenames: - build_log: '-' - debug: 0 - input_files: [] - link_old_mar_filenames: '[% INCLUDE link_old_mar_filenames %]' create_update_responses_tar: build_log: '-' debug: 0 ===================================== projects/release/link_old_mar_filenames deleted ===================================== @@ -1,19 +0,0 @@ -#!/bin/bash -[% c("var/set_default_env") -%] -# This script is for #40933: -# Fix generating incrementals between 12.5.x and 13.0 -[% FOREACH version = c("var/torbrowser_incremental_from") %] - cd [% shell_quote(path(dest_dir)) %]/[% IF c("var/unsigned_releases_dir") %]un[% END %]signed/[% version %] - test -e [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar -[% END -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 41649: Create rebase and security backport gitlab issue templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: fac50006 by Pier Angelo Vendrame at 2023-11-30T14:13:06+00:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Adding issue and merge request templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: a084de1d by Pier Angelo Vendrame at 2023-11-30T14:03:08+00:00 fixup! Adding issue and merge request templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: ae9e3999 by Nicolas Vigier at 2023-11-30T13:58:17+00:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 226e45d9 by Nicolas Vigier at 2023-11-30T12:31:54+01:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -235,6 +235,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -569,6 +575,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 0f610931 by Nicolas Vigier at 2023-11-30T12:47:22+00:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 4dc9c81f by Nicolas Vigier at 2023-11-30T12:48:19+00:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -233,6 +233,12 @@ torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -565,6 +571,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 07898fd4 by Nicolas Vigier at 2023-11-30T11:59:45+01:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 93819f81 by Nicolas Vigier at 2023-11-30T11:59:49+01:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -229,6 +229,12 @@ torbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -557,6 +563,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] upload_sha256sums: '[% INCLUDE upload_sha256sums %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a601e164 by Pier Angelo Vendrame at 2023-11-30T12:29:05+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch base-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: c8b7532b by Pier Angelo Vendrame at 2023-11-30T12:27:17+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 9a352816 by Pier Angelo Vendrame at 2023-11-30T12:25:22+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 3db7a880 by Henry Wilkes at 2023-11-30T12:15:07+00:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42303: Remove unused "help" button logic from bridge dialogs. Follows bugzilla bug 1784882. - - - - - 6 changed files: - browser/components/torpreferences/content/builtinBridgeDialog.mjs - browser/components/torpreferences/content/builtinBridgeDialog.xhtml - browser/components/torpreferences/content/provideBridgeDialog.mjs - browser/components/torpreferences/content/provideBridgeDialog.xhtml - browser/components/torpreferences/content/requestBridgeDialog.mjs - browser/components/torpreferences/content/requestBridgeDialog.xhtml Changes: ===================================== browser/components/torpreferences/content/builtinBridgeDialog.mjs ===================================== @@ -86,12 +86,6 @@ export class BuiltinBridgeDialog { dialog.addEventListener("dialogaccept", () => { this.onSubmit(this._radioGroup.value, TorConnect.canBeginBootstrap); }); - dialog.addEventListener("dialoghelp", e => { - window.top.openTrustedLinkIn( - TorStrings.settings.learnMoreCircumventionURL, - "tab" - ); - }); this._acceptButton = dialog.getButton("accept"); ===================================== browser/components/torpreferences/content/builtinBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-builtinBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-builtinBridge-dialog" buttons="accept,cancel"> <description id="torPreferences-builtinBridge-description"> </description> <radiogroup id="torPreferences-builtinBridge-typeSelection"> <vbox class="builtin-bridges-option"> ===================================== browser/components/torpreferences/content/provideBridgeDialog.mjs ===================================== @@ -61,7 +61,6 @@ export class ProvideBridgeDialog { this._dialog.addEventListener("dialogaccept", e => { this.onSubmit(this._textarea.value, TorConnect.canBeginBootstrap); }); - this._dialog.addEventListener("dialoghelp", openHelp); this._acceptButton = this._dialog.getButton("accept"); ===================================== browser/components/torpreferences/content/provideBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-provideBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-provideBridge-dialog" buttons="accept,cancel"> <description> <html:div id="torPreferences-provideBridge-description" ><br /></html:div ===================================== browser/components/torpreferences/content/requestBridgeDialog.mjs ===================================== @@ -62,12 +62,6 @@ export class RequestBridgeDialog { e.preventDefault(); this.onSubmitCaptcha(); }); - this._dialog.addEventListener("dialoghelp", e => { - window.top.openTrustedLinkIn( - TorStrings.settings.learnMoreBridgesURL, - "tab" - ); - }); this._dialogHeader = this._dialog.querySelector(selectors.dialogHeader); this._dialogHeader.textContent = TorStrings.settings.contactingBridgeDB; ===================================== browser/components/torpreferences/content/requestBridgeDialog.xhtml ===================================== @@ -8,7 +8,7 @@ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" > - <dialog id="torPreferences-requestBridge-dialog" buttons="help,accept,cancel"> + <dialog id="torPreferences-requestBridge-dialog" buttons="accept,cancel">  View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3db7a88… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3db7a88… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 27e45bc9 by Pier Angelo Vendrame at 2023-11-30T12:14:32+00:00 fixup! Bug 40597: Implement TorSettings module Bug 40856: Add defaults to preference getters During testing sometimes we might delete some preferences related to TorSettings. Since this module did not have defaults to handle these cases, sometimes we risked of ending in broken situations. - - - - - 1 changed file: - toolkit/modules/TorSettings.sys.mjs Changes: ===================================== toolkit/modules/TorSettings.sys.mjs ===================================== @@ -327,11 +327,13 @@ export const TorSettings = (() => { /* Quickstart */ settings.quickstart.enabled = Services.prefs.getBoolPref( - TorSettingsPrefs.quickstart.enabled + TorSettingsPrefs.quickstart.enabled, + false ); /* Bridges */ settings.bridges.enabled = Services.prefs.getBoolPref( - TorSettingsPrefs.bridges.enabled + TorSettingsPrefs.bridges.enabled, + false ); settings.bridges.source = Services.prefs.getIntPref( TorSettingsPrefs.bridges.source, @@ -339,13 +341,17 @@ export const TorSettings = (() => { ); if (settings.bridges.source == TorBridgeSource.BuiltIn) { const builtinType = Services.prefs.getStringPref( - TorSettingsPrefs.bridges.builtin_type + TorSettingsPrefs.bridges.builtin_type, + "" ); settings.bridges.builtin_type = builtinType; settings.bridges.bridge_strings = getBuiltinBridgeStrings(builtinType); if (!settings.bridges.bridge_strings.length) { // in this case the user is using a builtin bridge that is no longer supported, // reset to settings to default values + console.warn( + `[TorSettings] Cannot find any bridge line for the configured bridge type ${builtinType}` + ); settings.bridges.source = TorBridgeSource.Invalid; settings.bridges.builtin_type = null; } @@ -363,23 +369,29 @@ export const TorSettings = (() => { } /* Proxy */ settings.proxy.enabled = Services.prefs.getBoolPref( - TorSettingsPrefs.proxy.enabled + TorSettingsPrefs.proxy.enabled, + false ); if (settings.proxy.enabled) { settings.proxy.type = Services.prefs.getIntPref( - TorSettingsPrefs.proxy.type + TorSettingsPrefs.proxy.type, + TorProxyType.Invalid ); settings.proxy.address = Services.prefs.getStringPref( - TorSettingsPrefs.proxy.address + TorSettingsPrefs.proxy.address, + "" ); settings.proxy.port = Services.prefs.getIntPref( - TorSettingsPrefs.proxy.port + TorSettingsPrefs.proxy.port, + 0 ); settings.proxy.username = Services.prefs.getStringPref( - TorSettingsPrefs.proxy.username + TorSettingsPrefs.proxy.username, + "" ); settings.proxy.password = Services.prefs.getStringPref( - TorSettingsPrefs.proxy.password + TorSettingsPrefs.proxy.password, + "" ); } else { settings.proxy.type = TorProxyType.Invalid; @@ -391,11 +403,13 @@ export const TorSettings = (() => { /* Firewall */ settings.firewall.enabled = Services.prefs.getBoolPref( - TorSettingsPrefs.firewall.enabled + TorSettingsPrefs.firewall.enabled, + false ); if (settings.firewall.enabled) { const portList = Services.prefs.getStringPref( - TorSettingsPrefs.firewall.allowed_ports + TorSettingsPrefs.firewall.allowed_ports, + "" ); settings.firewall.allowed_ports = parsePortList(portList); } else { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/27e45bc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/27e45bc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] Bug 42308: Create README for tor-browser.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: a47e5505 by Henry Wilkes at 2023-11-30T11:05:52+00:00 Bug 42308: Create README for tor-browser. We drop the README.txt that comes from Mozilla Firefox and add README.md for tor-browser. - - - - - 2 changed files: - + README.md - − README.txt Changes: ===================================== README.md ===================================== @@ -0,0 +1,6 @@ +The tor-browser repository is based on Mozilla Firefox. + +See the following wiki links for more information: + ++ [Repository Overview](https://gitlab.torproject.org/tpo/applications/team/-/wikis/Devel… ++ [Contributing](https://gitlab.torproject.org/tpo/applications/team/-/wikis/D… ===================================== README.txt deleted ===================================== @@ -1,21 +0,0 @@ -An explanation of the Firefox Source Code Directory Structure and links to -project pages with documentation can be found at: - - https://firefox-source-docs.mozilla.org/contributing/directory_structure.ht… - -For information on how to build Firefox from the source code and create the patch see: - - https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.… - -If you have a question about developing Firefox, and can't find the solution -on https://firefox-source-docs.mozilla.org/, you can try asking your question on Matrix at chat.mozilla.org in `Introduction` (https://chat.mozilla.org/#/room/#introduction:mozilla.org) channel. - - -Nightly development builds can be downloaded from: - - https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/ - - or - - https://www.mozilla.org/firefox/channel/desktop/#nightly - -Keep in mind that nightly builds, which are used by Firefox developers for -testing, may be buggy. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a47e550… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a47e550… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by Pier Angelo Vendrame (＠pierov) 30 Nov '23

30 Nov '23

Pier Angelo Vendrame pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 75ee8a08 by Pier Angelo Vendrame at 2023-11-28T17:06:52+01:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42299: Unbreak about:preferences#connection when invalid bridge lines are supplied We switched to a shared bridge line parser. It might throw if an invalid bridge line is passed, but we do not handle the exception in connectionPane.js. As a result, the page breaks. As a workaround, we can simply ignore the errors, but a better solution would warn the user about that. A bridge card rework is expected to happen in the 13.5 cycle, so I think we can defer a proper fix to that moment. (This should also be the UX of 11.5, 12.0 and 12.5). - - - - - 1 changed file: - browser/components/torpreferences/content/connectionPane.js Changes: ===================================== browser/components/torpreferences/content/connectionPane.js ===================================== @@ -398,7 +398,7 @@ const gConnectionPane = (function () { bridgeSwitch.addEventListener("toggle", () => { TorSettings.bridges.enabled = bridgeSwitch.pressed; TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -486,7 +486,12 @@ const gConnectionPane = (function () { }); const idString = TorStrings.settings.bridgeId; const id = card.querySelector(selectors.bridges.cardId); - const details = TorParsers.parseBridgeLine(bridgeString); + let details; + try { + details = TorParsers.parseBridgeLine(bridgeString); + } catch (e) { + console.error(`Detected invalid bridge line: ${bridgeString}`, e); + } if (details && details.id !== undefined) { card.setAttribute("data-bridge-id", details.id); } @@ -529,7 +534,7 @@ const gConnectionPane = (function () { bridgeSwitch.pressed && !!strings.length; TorSettings.bridges.bridge_strings = strings.join("\n"); TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -1021,7 +1026,7 @@ const gConnectionPane = (function () { TorSettings.bridges.builtin_type = ""; } TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }, @@ -1036,8 +1041,12 @@ const gConnectionPane = (function () { async saveBridgeSettings(connect) { TorSettings.saveToPrefs(); // FIXME: This can throw if the user adds a bridge manually with invalid - // content. Should be addressed by tor-browser#40552. - await TorSettings.applySettings(); + // content. Should be addressed by tor-browser#41913. + try { + await TorSettings.applySettings(); + } catch (e) { + console.error("Applying settings failed", e); + } this._populateBridgeCards(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/75ee8a0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/75ee8a0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 17560: prevent disk leaks in $HOME/.local/share.
by ma1 (＠ma1) 29 Nov '23

29 Nov '23

ma1 pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: eb925334 by hackademix at 2023-11-29T23:53:35+01:00 Bug 17560: prevent disk leaks in $HOME/.local/share. - - - - - 2 changed files: - projects/browser/RelativeLink/start-browser - projects/browser/gtk3-settings.ini Changes: ===================================== projects/browser/RelativeLink/start-browser ===================================== @@ -257,6 +257,20 @@ fi HOME="${PWD}" export HOME +# Prevent disk leaks in $HOME/.local/share (tor-browser#17560) +local_dir="$HOME/.local/" +share_dir="$local_dir/share" +if [ -d "$share_dir" ]; then + ( srm -r "$share_dir" || + wipe -r "$share_dir" || + find "$share_dir" -type f -exec shred -u {} \; ; + rm -rf "$share_dir" + ) > /dev/null 2>&1 +else + mkdir -p "$local_dir" +fi +ln -fs /dev/null "$share_dir" + [% IF c("var/tor-browser") -%] SYSARCHITECTURE=$(getconf LONG_BIT) TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF $[[:digit:]]*$') ===================================== projects/browser/gtk3-settings.ini ===================================== @@ -1,2 +1,4 @@ [Settings] gtk-primary-button-warps-slider = false +gtk-recent-files-max-age=0 +gtk-recent-files-limit=0 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.0-1] Bug 42288: Allow language spoofing in status messages.
by ma1 (＠ma1) 29 Nov '23

29 Nov '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 5f8f9984 by hackademix at 2023-11-29T23:43:01+01:00 Bug 42288: Allow language spoofing in status messages. - - - - - 8 changed files: - browser/installer/package-manifest.in - dom/locales/moz.build - dom/xslt/xslt/txMozillaXSLTProcessor.cpp - dom/xslt/xslt/txXSLTMsgsURL.h - intl/strres/nsIStringBundle.idl - intl/strres/nsStringBundle.cpp - mobile/android/installer/package-manifest.in - uriloader/base/nsDocLoader.cpp Changes: ===================================== browser/installer/package-manifest.in ===================================== @@ -319,6 +319,7 @@ @RESPATH@/res/locale/layout/HtmlForm.properties @RESPATH@/res/locale/layout/MediaDocument.properties @RESPATH@/res/locale/layout/xmlparser.properties +@RESPATH@/res/locale/xslt/xslt.properties @RESPATH@/res/locale/dom/dom.properties #ifdef XP_MACOSX @RESPATH@/res/MainMenu.nib/ ===================================== dom/locales/moz.build ===================================== @@ -57,6 +57,10 @@ RESOURCE_FILES.locale.layout += [ "en-US/chrome/layout/xmlparser.properties", ] +RESOURCE_FILES.locale.xslt += [ + "en-US/chrome/xslt/xslt.properties", +] + RESOURCE_FILES.locale.dom += [ "en-US/chrome/dom/dom.properties", ] ===================================== dom/xslt/xslt/txMozillaXSLTProcessor.cpp ===================================== @@ -942,11 +942,17 @@ void txMozillaXSLTProcessor::reportError(nsresult aResult, mozilla::components::StringBundle::Service(); if (sbs) { nsString errorText; - sbs->FormatStatusMessage(aResult, u"", errorText); + bool spoofLocale = nsContentUtils::SpoofLocaleEnglish(); + if (spoofLocale && mSource) { + Document* sourceDoc = mSource->OwnerDoc(); + spoofLocale = !(sourceDoc && sourceDoc->AllowsL10n()); + } + sbs->FormatStatusMessage(aResult, u"", spoofLocale, errorText); nsAutoString errorMessage; nsCOMPtr<nsIStringBundle> bundle; - sbs->CreateBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + sbs->CreateBundle(spoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); if (bundle) { AutoTArray<nsString, 1> error = {errorText}; ===================================== dom/xslt/xslt/txXSLTMsgsURL.h ===================================== @@ -7,5 +7,6 @@ #define DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ #define XSLT_MSGS_URL "chrome://global/locale/xslt/xslt.properties" +#define XSLT_MSGS_URL_en_US "resource://gre/res/locale/xslt/xslt.properties" #endif // DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ ===================================== intl/strres/nsIStringBundle.idl ===================================== @@ -86,9 +86,13 @@ interface nsIStringBundleService : nsISupports * used in the string lookup process. * @param aStatusArg - The status message argument(s). Multiple arguments * can be separated by newline ('\n') characters. + * @param aSpoofLocale - If true (default is false), forces the en-US + locale on content-accessible messages (XSLT errors so far). * @return the formatted message */ - AString formatStatusMessage(in nsresult aStatus, in wstring aStatusArg); + AString formatStatusMessage(in nsresult aStatus, + in wstring aStatusArg, + [optional] in boolean aSpoofLocale); /** * flushes the string bundle cache - useful when the locale changes or ===================================== intl/strres/nsStringBundle.cpp ===================================== @@ -977,6 +977,7 @@ nsresult nsStringBundleService::FormatWithBundle( NS_IMETHODIMP nsStringBundleService::FormatStatusMessage(nsresult aStatus, const char16_t* aStatusArg, + bool aSpoofLocale, nsAString& result) { uint32_t i, argCount = 0; nsCOMPtr<nsIStringBundle> bundle; @@ -1012,7 +1013,8 @@ nsStringBundleService::FormatStatusMessage(nsresult aStatus, switch (NS_ERROR_GET_MODULE(aStatus)) { case NS_ERROR_MODULE_XSLT: - getStringBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + getStringBundle(aSpoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); break; case NS_ERROR_MODULE_NETWORK: getStringBundle(NECKO_MSGS_URL, getter_AddRefs(bundle)); ===================================== mobile/android/installer/package-manifest.in ===================================== @@ -181,6 +181,7 @@ @BINPATH@/res/locale/layout/HtmlForm.properties @BINPATH@/res/locale/layout/MediaDocument.properties @BINPATH@/res/locale/layout/xmlparser.properties +@BINPATH@/res/locale/xslt/xslt.properties @BINPATH@/res/locale/dom/dom.properties #ifndef MOZ_ANDROID_EXCLUDE_FONTS ===================================== uriloader/base/nsDocLoader.cpp ===================================== @@ -1230,7 +1230,7 @@ NS_IMETHODIMP nsDocLoader::OnStatus(nsIRequest* aRequest, nsresult aStatus, mozilla::components::StringBundle::Service(); if (!sbs) return NS_ERROR_FAILURE; nsAutoString msg; - nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, msg); + nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, false, msg); if (NS_FAILED(rv)) return rv; // Keep around the message. In case a request finishes, we need to make sure View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5f8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5f8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.0-1] Bug 42288: Allow language spoofing in status messages.
by ma1 (＠ma1) 29 Nov '23

29 Nov '23

ma1 pushed to branch base-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 51a00b12 by hackademix at 2023-11-29T23:42:24+01:00 Bug 42288: Allow language spoofing in status messages. - - - - - 8 changed files: - browser/installer/package-manifest.in - dom/locales/moz.build - dom/xslt/xslt/txMozillaXSLTProcessor.cpp - dom/xslt/xslt/txXSLTMsgsURL.h - intl/strres/nsIStringBundle.idl - intl/strres/nsStringBundle.cpp - mobile/android/installer/package-manifest.in - uriloader/base/nsDocLoader.cpp Changes: ===================================== browser/installer/package-manifest.in ===================================== @@ -318,6 +318,7 @@ @RESPATH@/res/locale/layout/HtmlForm.properties @RESPATH@/res/locale/layout/MediaDocument.properties @RESPATH@/res/locale/layout/xmlparser.properties +@RESPATH@/res/locale/xslt/xslt.properties @RESPATH@/res/locale/dom/dom.properties #ifdef XP_MACOSX @RESPATH@/res/MainMenu.nib/ ===================================== dom/locales/moz.build ===================================== @@ -57,6 +57,10 @@ RESOURCE_FILES.locale.layout += [ "en-US/chrome/layout/xmlparser.properties", ] +RESOURCE_FILES.locale.xslt += [ + "en-US/chrome/xslt/xslt.properties", +] + RESOURCE_FILES.locale.dom += [ "en-US/chrome/dom/dom.properties", ] ===================================== dom/xslt/xslt/txMozillaXSLTProcessor.cpp ===================================== @@ -942,11 +942,17 @@ void txMozillaXSLTProcessor::reportError(nsresult aResult, mozilla::components::StringBundle::Service(); if (sbs) { nsString errorText; - sbs->FormatStatusMessage(aResult, u"", errorText); + bool spoofLocale = nsContentUtils::SpoofLocaleEnglish(); + if (spoofLocale && mSource) { + Document* sourceDoc = mSource->OwnerDoc(); + spoofLocale = !(sourceDoc && sourceDoc->AllowsL10n()); + } + sbs->FormatStatusMessage(aResult, u"", spoofLocale, errorText); nsAutoString errorMessage; nsCOMPtr<nsIStringBundle> bundle; - sbs->CreateBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + sbs->CreateBundle(spoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); if (bundle) { AutoTArray<nsString, 1> error = {errorText}; ===================================== dom/xslt/xslt/txXSLTMsgsURL.h ===================================== @@ -7,5 +7,6 @@ #define DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ #define XSLT_MSGS_URL "chrome://global/locale/xslt/xslt.properties" +#define XSLT_MSGS_URL_en_US "resource://gre/res/locale/xslt/xslt.properties" #endif // DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ ===================================== intl/strres/nsIStringBundle.idl ===================================== @@ -86,9 +86,13 @@ interface nsIStringBundleService : nsISupports * used in the string lookup process. * @param aStatusArg - The status message argument(s). Multiple arguments * can be separated by newline ('\n') characters. + * @param aSpoofLocale - If true (default is false), forces the en-US + locale on content-accessible messages (XSLT errors so far). * @return the formatted message */ - AString formatStatusMessage(in nsresult aStatus, in wstring aStatusArg); + AString formatStatusMessage(in nsresult aStatus, + in wstring aStatusArg, + [optional] in boolean aSpoofLocale); /** * flushes the string bundle cache - useful when the locale changes or ===================================== intl/strres/nsStringBundle.cpp ===================================== @@ -977,6 +977,7 @@ nsresult nsStringBundleService::FormatWithBundle( NS_IMETHODIMP nsStringBundleService::FormatStatusMessage(nsresult aStatus, const char16_t* aStatusArg, + bool aSpoofLocale, nsAString& result) { uint32_t i, argCount = 0; nsCOMPtr<nsIStringBundle> bundle; @@ -1012,7 +1013,8 @@ nsStringBundleService::FormatStatusMessage(nsresult aStatus, switch (NS_ERROR_GET_MODULE(aStatus)) { case NS_ERROR_MODULE_XSLT: - getStringBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + getStringBundle(aSpoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); break; case NS_ERROR_MODULE_NETWORK: getStringBundle(NECKO_MSGS_URL, getter_AddRefs(bundle)); ===================================== mobile/android/installer/package-manifest.in ===================================== @@ -181,6 +181,7 @@ @BINPATH@/res/locale/layout/HtmlForm.properties @BINPATH@/res/locale/layout/MediaDocument.properties @BINPATH@/res/locale/layout/xmlparser.properties +@BINPATH@/res/locale/xslt/xslt.properties @BINPATH@/res/locale/dom/dom.properties #ifndef MOZ_ANDROID_EXCLUDE_FONTS ===================================== uriloader/base/nsDocLoader.cpp ===================================== @@ -1230,7 +1230,7 @@ NS_IMETHODIMP nsDocLoader::OnStatus(nsIRequest* aRequest, nsresult aStatus, mozilla::components::StringBundle::Service(); if (!sbs) return NS_ERROR_FAILURE; nsAutoString msg; - nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, msg); + nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, false, msg); if (NS_FAILED(rv)) return rv; // Keep around the message. In case a request finishes, we need to make sure View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/51a00b1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/51a00b1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] Bug 42288: Allow language spoofing in status messages.
by ma1 (＠ma1) 29 Nov '23

29 Nov '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: da97b52c by hackademix at 2023-11-29T23:41:14+01:00 Bug 42288: Allow language spoofing in status messages. - - - - - 8 changed files: - browser/installer/package-manifest.in - dom/locales/moz.build - dom/xslt/xslt/txMozillaXSLTProcessor.cpp - dom/xslt/xslt/txXSLTMsgsURL.h - intl/strres/nsIStringBundle.idl - intl/strres/nsStringBundle.cpp - mobile/android/installer/package-manifest.in - uriloader/base/nsDocLoader.cpp Changes: ===================================== browser/installer/package-manifest.in ===================================== @@ -321,6 +321,7 @@ @RESPATH@/res/locale/layout/HtmlForm.properties @RESPATH@/res/locale/layout/MediaDocument.properties @RESPATH@/res/locale/layout/xmlparser.properties +@RESPATH@/res/locale/xslt/xslt.properties @RESPATH@/res/locale/dom/dom.properties #ifdef XP_MACOSX @RESPATH@/res/MainMenu.nib/ ===================================== dom/locales/moz.build ===================================== @@ -57,6 +57,10 @@ RESOURCE_FILES.locale.layout += [ "en-US/chrome/layout/xmlparser.properties", ] +RESOURCE_FILES.locale.xslt += [ + "en-US/chrome/xslt/xslt.properties", +] + RESOURCE_FILES.locale.dom += [ "en-US/chrome/dom/dom.properties", ] ===================================== dom/xslt/xslt/txMozillaXSLTProcessor.cpp ===================================== @@ -942,11 +942,17 @@ void txMozillaXSLTProcessor::reportError(nsresult aResult, mozilla::components::StringBundle::Service(); if (sbs) { nsString errorText; - sbs->FormatStatusMessage(aResult, u"", errorText); + bool spoofLocale = nsContentUtils::SpoofLocaleEnglish(); + if (spoofLocale && mSource) { + Document* sourceDoc = mSource->OwnerDoc(); + spoofLocale = !(sourceDoc && sourceDoc->AllowsL10n()); + } + sbs->FormatStatusMessage(aResult, u"", spoofLocale, errorText); nsAutoString errorMessage; nsCOMPtr<nsIStringBundle> bundle; - sbs->CreateBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + sbs->CreateBundle(spoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); if (bundle) { AutoTArray<nsString, 1> error = {errorText}; ===================================== dom/xslt/xslt/txXSLTMsgsURL.h ===================================== @@ -7,5 +7,6 @@ #define DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ #define XSLT_MSGS_URL "chrome://global/locale/xslt/xslt.properties" +#define XSLT_MSGS_URL_en_US "resource://gre/res/locale/xslt/xslt.properties" #endif // DOM_XSLT_XSLT_TXXSLTMSGSURL_H_ ===================================== intl/strres/nsIStringBundle.idl ===================================== @@ -86,9 +86,13 @@ interface nsIStringBundleService : nsISupports * used in the string lookup process. * @param aStatusArg - The status message argument(s). Multiple arguments * can be separated by newline ('\n') characters. + * @param aSpoofLocale - If true (default is false), forces the en-US + locale on content-accessible messages (XSLT errors so far). * @return the formatted message */ - AString formatStatusMessage(in nsresult aStatus, in wstring aStatusArg); + AString formatStatusMessage(in nsresult aStatus, + in wstring aStatusArg, + [optional] in boolean aSpoofLocale); /** * flushes the string bundle cache - useful when the locale changes or ===================================== intl/strres/nsStringBundle.cpp ===================================== @@ -977,6 +977,7 @@ nsresult nsStringBundleService::FormatWithBundle( NS_IMETHODIMP nsStringBundleService::FormatStatusMessage(nsresult aStatus, const char16_t* aStatusArg, + bool aSpoofLocale, nsAString& result) { uint32_t i, argCount = 0; nsCOMPtr<nsIStringBundle> bundle; @@ -1012,7 +1013,8 @@ nsStringBundleService::FormatStatusMessage(nsresult aStatus, switch (NS_ERROR_GET_MODULE(aStatus)) { case NS_ERROR_MODULE_XSLT: - getStringBundle(XSLT_MSGS_URL, getter_AddRefs(bundle)); + getStringBundle(aSpoofLocale ? XSLT_MSGS_URL_en_US : XSLT_MSGS_URL, + getter_AddRefs(bundle)); break; case NS_ERROR_MODULE_NETWORK: getStringBundle(NECKO_MSGS_URL, getter_AddRefs(bundle)); ===================================== mobile/android/installer/package-manifest.in ===================================== @@ -185,6 +185,7 @@ @BINPATH@/res/locale/layout/HtmlForm.properties @BINPATH@/res/locale/layout/MediaDocument.properties @BINPATH@/res/locale/layout/xmlparser.properties +@BINPATH@/res/locale/xslt/xslt.properties @BINPATH@/res/locale/dom/dom.properties #ifndef MOZ_ANDROID_EXCLUDE_FONTS ===================================== uriloader/base/nsDocLoader.cpp ===================================== @@ -1230,7 +1230,7 @@ NS_IMETHODIMP nsDocLoader::OnStatus(nsIRequest* aRequest, nsresult aStatus, mozilla::components::StringBundle::Service(); if (!sbs) return NS_ERROR_FAILURE; nsAutoString msg; - nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, msg); + nsresult rv = sbs->FormatStatusMessage(aStatus, aStatusArg, false, msg); if (NS_FAILED(rv)) return rv; // Keep around the message. In case a request finishes, we need to make sure View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da97b52… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da97b52… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41026: Use a relative target_dir in upload_sha256sums
by Pier Angelo Vendrame (＠pierov) 29 Nov '23

29 Nov '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 95fcf138 by Pier Angelo Vendrame at 2023-11-29T17:35:44+01:00 Bug 41026: Use a relative target_dir in upload_sha256sums ~/ is expanded by the shell issuing the command, so it results in the local home directory, not the remote one. However, since we are using a path that is relative to the home, we can simply use a relative one. - - - - - 1 changed file: - projects/release/upload_sha256sums Changes: ===================================== projects/release/upload_sha256sums ===================================== @@ -8,7 +8,7 @@ browser=[% c("var/browser_type") %] src_dir=[% shell_quote(path(dest_dir)) %]/$signed/$version -target_dir=~/public_html/builds/$browser/$channel/$version/ +target_dir=public_html/builds/$browser/$channel/$version/ echo "browser:$browser channel:$channel signed:$signed version:$version" @@ -31,4 +31,4 @@ fi ssh [% c("var/tpo_user") %](a)people.torproject.org "mkdir -p $target_dir" rsync sha256sums*.* [% c("var/tpo_user") %]@people.torproject.org:$target_dir -echo "Synced sha256sums to https://people.torproject.org/~[% c("var/tpo_user") %]/builds/$browser/$channel/$version/" \ No newline at end of file +echo "Synced sha256sums to https://people.torproject.org/~[% c("var/tpo_user") %]/builds/$browser/$channel/$version/" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] alpha: new version, 13.5a2
by richard (＠richard) 28 Nov '23

28 Nov '23

richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 3e15b41f by Richard Pospesel at 2023-11-28T16:36:07+00:00 alpha: new version, 13.5a2 - - - - - 30 changed files: - update_3/alpha/.htaccess - − update_3/alpha/13.0a4-13.5a1-linux-i686-ALL.xml - − update_3/alpha/13.0a4-13.5a1-linux-x86_64-ALL.xml - − update_3/alpha/13.0a4-13.5a1-macos-ALL.xml - − update_3/alpha/13.0a4-13.5a1-windows-i686-ALL.xml - − update_3/alpha/13.0a4-13.5a1-windows-x86_64-ALL.xml - − update_3/alpha/13.0a5-13.5a1-linux-i686-ALL.xml - − update_3/alpha/13.0a5-13.5a1-linux-x86_64-ALL.xml - − update_3/alpha/13.0a5-13.5a1-macos-ALL.xml - − update_3/alpha/13.0a5-13.5a1-windows-i686-ALL.xml - − update_3/alpha/13.0a5-13.5a1-windows-x86_64-ALL.xml - + update_3/alpha/13.0a5-13.5a2-linux-i686-ALL.xml - + update_3/alpha/13.0a5-13.5a2-linux-x86_64-ALL.xml - + update_3/alpha/13.0a5-13.5a2-macos-ALL.xml - + update_3/alpha/13.0a5-13.5a2-windows-i686-ALL.xml - + update_3/alpha/13.0a5-13.5a2-windows-x86_64-ALL.xml - − update_3/alpha/13.0a6-13.5a1-linux-i686-ALL.xml - − update_3/alpha/13.0a6-13.5a1-linux-x86_64-ALL.xml - − update_3/alpha/13.0a6-13.5a1-macos-ALL.xml - − update_3/alpha/13.0a6-13.5a1-windows-i686-ALL.xml - − update_3/alpha/13.0a6-13.5a1-windows-x86_64-ALL.xml - + update_3/alpha/13.0a6-13.5a2-linux-i686-ALL.xml - + update_3/alpha/13.0a6-13.5a2-linux-x86_64-ALL.xml - + update_3/alpha/13.0a6-13.5a2-macos-ALL.xml - + update_3/alpha/13.0a6-13.5a2-windows-i686-ALL.xml - + update_3/alpha/13.0a6-13.5a2-windows-x86_64-ALL.xml - + update_3/alpha/13.5a1-13.5a2-linux-i686-ALL.xml - + update_3/alpha/13.5a1-13.5a2-linux-x86_64-ALL.xml - + update_3/alpha/13.5a1-13.5a2-macos-ALL.xml - + update_3/alpha/13.5a1-13.5a2-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41016: Switch from bullseye to bookworm on macOS+Windows.
by Pier Angelo Vendrame (＠pierov) 28 Nov '23

28 Nov '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f36acd4f by Pier Angelo Vendrame at 2023-11-28T12:08:57+01:00 Bug 41016: Switch from bullseye to bookworm on macOS+Windows. Debian bookworm became the new stable in June 2023, so we should update our containers to use it. On macOS the update did not cause any issue, and just updating the suite name worked. On Windows, it caused some problems where we used the strip provided by the OS (only for tor, it seems), because the new version of strip seems to update the timestamps by default. We are delaying the process for Android because there are still a couple of projects that require Java 11, which is not available on bookworm. - - - - - 6054fe9c by Pier Angelo Vendrame at 2023-11-28T12:08:59+01:00 Bug 41015: Enable std::filesystem on libc++ on Windows We need to do some path manipulation in some Firefox code that is run before initializing XPCOM. So, the alternatives are either Path* functions from shlwapi, or std::filesystem, which is disabled in Firefox 115. Mozilla enabled it starting from 116, but we have been told it is okay to enable it also in 115, so we do it with this patch. - - - - - 6 changed files: - projects/manual/config - projects/mingw-w64-clang/build - projects/mmdebstrap-image/config - projects/mmdebstrap/config - projects/tor/build - rbm.conf Changes: ===================================== projects/manual/config ===================================== @@ -13,7 +13,7 @@ compress_tar: 'gz' var: container: - suite: bullseye + suite: bookworm arch: amd64 deps: - python3 ===================================== projects/mingw-w64-clang/build ===================================== @@ -175,7 +175,7 @@ EOF -DLIBCXX_SUPPORTS_STD_EQ_CXX11_FLAG=TRUE \ -DLIBCXX_HAVE_CXX_ATOMICS_WITHOUT_LIB=TRUE \ -DLIBCXX_ENABLE_EXPERIMENTAL_LIBRARY=OFF \ - -DLIBCXX_ENABLE_FILESYSTEM=OFF \ + -DLIBCXX_ENABLE_FILESYSTEM=ON \ -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=TRUE \ -DLIBCXX_CXX_ABI=libcxxabi \ -DLIBCXX_CXX_ABI_INCLUDE_PATHS=$builddir/clang-source/libcxxabi/include \ ===================================== projects/mmdebstrap-image/config ===================================== @@ -7,7 +7,7 @@ container: use_container: 1 var: - ubuntu_version: 22.04.2 + ubuntu_version: 22.04.3 pre: | #!/bin/sh @@ -50,9 +50,16 @@ targets: suite: bullseye arch: amd64 + bookworm-amd64: + var: + minimal_apt_version: 2.6.1 + container: + suite: bookworm + arch: amd64 + input_files: - project: mmdebstrap name: mmdebstrap - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' - sha256sum: 373f064df30519adc3344a08d774f437caabd1479d846fa2ca6fed727ea7a53d + sha256sum: ad33b7ae47b75c92c2e2fe21fd4612e15357e67679d8751d6ce892a475be24fe ===================================== projects/mmdebstrap/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-src-[% c("version") %]-[% c("var/build_id") %].tar.gz' -version: 0.8.6 +version: 1.4.0 git_hash: '[% c("version") %]' git_url: https://gitlab.mister-muffin.de/josch/mmdebstrap.git gpg_keyring: mmdebstrap.gpg ===================================== projects/tor/build ===================================== @@ -97,8 +97,9 @@ cp $distdir/share/tor/geoip6 "$TORDATADIR" cd $distdir [% IF c("var/windows") %] - install -s $distdir/bin/tor.exe "$TORBINDIR" - install -s $distdir/bin/tor-gencert.exe "$TORBINDIR" + # With Debian bookworm strip changes the date time, llvm-strip doesn't do it. + install -s --strip-program=llvm-strip $distdir/bin/tor.exe "$TORBINDIR" + install -s --strip-program=llvm-strip $distdir/bin/tor-gencert.exe "$TORBINDIR" [% END %] [% IF c("var/linux") %] ===================================== rbm.conf ===================================== @@ -578,7 +578,7 @@ targets: windows: 1 platform: windows container: - suite: bullseye + suite: bookworm arch: amd64 configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]' CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]' @@ -661,7 +661,7 @@ targets: platform: macos osname: macos container: - suite: bullseye + suite: bookworm arch: amd64 compiler: 'macosx-toolchain' configure_opt: '--host=[% c("var/build_target") %] CC="[% c("var/build_target") %]-clang [% c("var/FLAGS") %]" CXX="[% c("var/build_target") %]-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in...
by boklm (＠boklm) 28 Nov '23

28 Nov '23

boklm pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 01186a55 by Nicolas Vigier at 2023-11-28T10:34:19+01:00 Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo - - - - - 9aa0d30b by Nicolas Vigier at 2023-11-28T10:34:29+01:00 Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo - - - - - 1 changed file: - tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo Changes: ===================================== tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo ===================================== @@ -11,15 +11,13 @@ do chmod 644 "$tmpfile" if test "$builder" = 'jb'; then file="$file.gpg" - urls=("https://cdn.devmole.eu/hashes//$SIGNING_PROJECTNAME/$tbb_version-build$tbb_…") + urls=("https://cdn.stagemole.eu/hashes/$SIGNING_PROJECTNAME/$tbb_version-build$tbb…") else file="$file.asc" urls=( \ "https://people.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$tbb_ve…" \ "https://tb-build-02.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ "https://tb-build-03.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ - "https://tb-build-04.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ - "https://tb-build-05.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ ) fi for url in "${urls[@]}" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in...
by boklm (＠boklm) 28 Nov '23

28 Nov '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 187add7c by Nicolas Vigier at 2023-11-28T10:24:07+01:00 Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo - - - - - 433eaf71 by Nicolas Vigier at 2023-11-28T10:25:00+01:00 Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo - - - - - 1 changed file: - tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo Changes: ===================================== tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo ===================================== @@ -11,15 +11,13 @@ do chmod 644 "$tmpfile" if test "$builder" = 'jb'; then file="$file.gpg" - urls=("https://cdn.devmole.eu/hashes//$SIGNING_PROJECTNAME/$tbb_version-build$tbb_…") + urls=("https://cdn.stagemole.eu/hashes/$SIGNING_PROJECTNAME/$tbb_version-build$tbb…") else file="$file.asc" urls=( \ "https://people.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$tbb_ve…" \ "https://tb-build-02.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ "https://tb-build-03.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ - "https://tb-build-04.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ - "https://tb-build-05.torproject.org/~$builder/builds/$SIGNING_PROJECTNAME/$t…" \ ) fi for url in "${urls[@]}" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0