- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
by Richard Pospesel (＠richard) 07 Feb '23

07 Feb '23

Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 1ac8520e by hackademix at 2023-02-07T09:27:49+01:00 amend! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs - - - - - 1 changed file: - toolkit/torbutton/components/dragDropFilter.js Changes: ===================================== toolkit/torbutton/components/dragDropFilter.js ===================================== @@ -113,6 +113,25 @@ DragDropFilter.prototype = { for (let i = 0, count = aDataTransfer.mozItemCount; i < count; ++i) { this.logger.log(3, `Inspecting the data transfer: ${i}.`); const types = aDataTransfer.mozTypesAt(i); + const urlType = "text/x-moz-url"; + // Fallback url type, to be parsed by this browser but not externally + const INTERNAL_FALLBACK = "application/x-torbrowser-opaque"; + if (types.contains(urlType)) { + const links = aDataTransfer.mozGetDataAt(urlType, i); + // Skip DNS-safe URLs (no hostname, e.g. RFC 3966 tel:) + const mayLeakDNS = links.split("\n").some(link => { + try { + return new URL(link).hostname; + } catch (e) { + return false; + } + }); + if (!mayLeakDNS) { + continue; + } + const opaqueKey = OpaqueDrag.store(links, urlType); + aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i); + } for (const type of types) { this.logger.log(3, `Type is: ${type}.`); if (URLISH_TYPES.includes(type)) { @@ -120,14 +139,6 @@ DragDropFilter.prototype = { 3, `Removing transfer data ${aDataTransfer.mozGetDataAt(type, i)}` ); - const urlType = "text/x-moz-url"; - // Fallback url type, to be parsed by this browser but not externally - const INTERNAL_FALLBACK = "application/x-torbrowser-opaque"; - if (types.contains(urlType)) { - const link = aDataTransfer.mozGetDataAt(urlType, i); - const opaqueKey = OpaqueDrag.store(link, urlType); - aDataTransfer.mozSetDataAt(INTERNAL_FALLBACK, opaqueKey, i); - } for (const type of types) { if ( type !== INTERNAL_FALLBACK && View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1ac8520… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/fenix][tor-browser-102.2.1-12.0-2] Bug 40536: Wait until Tor is connected to process intents
by Richard Pospesel (＠richard) 02 Feb '23

02 Feb '23

Richard Pospesel pushed to branch tor-browser-102.2.1-12.0-2 at The Tor Project / Applications / fenix Commits: 25e5afc9 by Tommy Webb at 2023-02-02T23:24:52+00:00 Bug 40536: Wait until Tor is connected to process intents (cherry picked from commit 667092ef6caed0c7524e4cd717079bd159a556dd) - - - - - 2 changed files: - app/src/main/java/org/mozilla/fenix/HomeActivity.kt - app/src/main/java/org/mozilla/fenix/IntentReceiverActivity.kt Changes: ===================================== app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -129,6 +129,7 @@ import org.mozilla.fenix.tabstray.TabsTrayFragment import org.mozilla.fenix.tabstray.TabsTrayFragmentDirections import org.mozilla.fenix.theme.DefaultThemeManager import org.mozilla.fenix.theme.ThemeManager +import org.mozilla.fenix.tor.TorEvents import org.mozilla.fenix.trackingprotection.TrackingProtectionPanelDialogFragmentDirections import org.mozilla.fenix.utils.BrowsersCache import org.mozilla.fenix.utils.Settings @@ -533,6 +534,24 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { * Handles intents received when the activity is open. */ final override fun onNewIntent(intent: Intent?) { + if (intent?.action == ACTION_MAIN || components.torController.isConnected) { + onNewIntentInternal(intent) + } else { + // Wait until Tor is connected to handle intents from external apps for links, search, etc. + components.torController.registerTorListener(object : TorEvents { + override fun onTorConnected() { + components.torController.unregisterTorListener(this) + onNewIntentInternal(intent) + } + override fun onTorConnecting() { /* no-op */ } + override fun onTorStopped() { /* no-op */ } + override fun onTorStatusUpdate(entry: String?, status: String?) { /* no-op */ } + }) + return + } + } + + private fun onNewIntentInternal(intent: Intent?) { super.onNewIntent(intent) intent?.let { handleNewIntent(it) @@ -1092,13 +1111,16 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { /** * Indicates if the user should be redirected to the [BrowserFragment] or to the [HomeFragment], - * links from an external apps should always opened in the [BrowserFragment]. + * links from an external apps should always opened in the [BrowserFragment], + * unless Tor is not yet connected. */ fun shouldStartOnHome(intent: Intent? = this.intent): Boolean { return components.strictMode.resetAfter(StrictMode.allowThreadDiskReads()) { // We only want to open on home when users tap the app, - // we want to ignore other cases when the app gets open by users clicking on links. - getSettings().shouldStartOnHome() && intent?.action == ACTION_MAIN + // we want to ignore other cases when the app gets open by users clicking on links, + // unless Tor is not yet connected. + getSettings().shouldStartOnHome() && (intent?.action == ACTION_MAIN || + !components.torController.isConnected) } } ===================================== app/src/main/java/org/mozilla/fenix/IntentReceiverActivity.kt ===================================== @@ -6,6 +6,7 @@ package org.mozilla.fenix import android.app.Activity import android.content.Intent +import android.content.Intent.ACTION_MAIN import android.content.pm.PackageManager import android.os.Build import android.os.Bundle @@ -24,6 +25,7 @@ import org.mozilla.fenix.ext.settings import org.mozilla.fenix.perf.MarkersActivityLifecycleCallbacks import org.mozilla.fenix.perf.StartupTimeline import org.mozilla.fenix.shortcut.NewTabShortcutIntentProcessor +import org.mozilla.fenix.tor.TorEvents /** * Processes incoming intents and sends them to the corresponding activity. @@ -45,7 +47,23 @@ class IntentReceiverActivity : Activity() { // the HomeActivity. val intent = intent?.let { Intent(it) } ?: Intent() intent.sanitize().stripUnwantedFlags() - processIntent(intent) + if (intent.action == ACTION_MAIN || components.torController.isConnected) { + processIntent(intent) + } else { + // Wait until Tor is connected to handle intents from external apps for links, search, etc. + components.torController.registerTorListener(object : TorEvents { + override fun onTorConnected() { + components.torController.unregisterTorListener(this) + processIntent(intent) + } + override fun onTorConnecting() { /* no-op */ } + override fun onTorStopped() { /* no-op */ } + override fun onTorStatusUpdate(entry: String?, status: String?) { /* no-op */ } + }) + + // In the meantime, open the HomeActivity so the user can get connected. + processIntent(Intent()) + } components.core.engine.profiler?.addMarker( MarkersActivityLifecycleCallbacks.MARKER_NAME, startTimeProfiler, "IntentReceiverActivity.onCreate" View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/commit/25e5afc9e6e85… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/commit/25e5afc9e6e85… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/fenix][tor-browser-102.2.1-12.5-1] Bug 40536: Wait until Tor is connected to process intents
by Richard Pospesel (＠richard) 02 Feb '23

02 Feb '23

Richard Pospesel pushed to branch tor-browser-102.2.1-12.5-1 at The Tor Project / Applications / fenix Commits: 667092ef by Tommy Webb at 2023-02-02T23:23:07+00:00 Bug 40536: Wait until Tor is connected to process intents - - - - - 2 changed files: - app/src/main/java/org/mozilla/fenix/HomeActivity.kt - app/src/main/java/org/mozilla/fenix/IntentReceiverActivity.kt Changes: ===================================== app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -129,6 +129,7 @@ import org.mozilla.fenix.tabstray.TabsTrayFragment import org.mozilla.fenix.tabstray.TabsTrayFragmentDirections import org.mozilla.fenix.theme.DefaultThemeManager import org.mozilla.fenix.theme.ThemeManager +import org.mozilla.fenix.tor.TorEvents import org.mozilla.fenix.trackingprotection.TrackingProtectionPanelDialogFragmentDirections import org.mozilla.fenix.utils.BrowsersCache import org.mozilla.fenix.utils.Settings @@ -533,6 +534,24 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { * Handles intents received when the activity is open. */ final override fun onNewIntent(intent: Intent?) { + if (intent?.action == ACTION_MAIN || components.torController.isConnected) { + onNewIntentInternal(intent) + } else { + // Wait until Tor is connected to handle intents from external apps for links, search, etc. + components.torController.registerTorListener(object : TorEvents { + override fun onTorConnected() { + components.torController.unregisterTorListener(this) + onNewIntentInternal(intent) + } + override fun onTorConnecting() { /* no-op */ } + override fun onTorStopped() { /* no-op */ } + override fun onTorStatusUpdate(entry: String?, status: String?) { /* no-op */ } + }) + return + } + } + + private fun onNewIntentInternal(intent: Intent?) { super.onNewIntent(intent) intent?.let { handleNewIntent(it) @@ -1092,13 +1111,16 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { /** * Indicates if the user should be redirected to the [BrowserFragment] or to the [HomeFragment], - * links from an external apps should always opened in the [BrowserFragment]. + * links from an external apps should always opened in the [BrowserFragment], + * unless Tor is not yet connected. */ fun shouldStartOnHome(intent: Intent? = this.intent): Boolean { return components.strictMode.resetAfter(StrictMode.allowThreadDiskReads()) { // We only want to open on home when users tap the app, - // we want to ignore other cases when the app gets open by users clicking on links. - getSettings().shouldStartOnHome() && intent?.action == ACTION_MAIN + // we want to ignore other cases when the app gets open by users clicking on links, + // unless Tor is not yet connected. + getSettings().shouldStartOnHome() && (intent?.action == ACTION_MAIN || + !components.torController.isConnected) } } ===================================== app/src/main/java/org/mozilla/fenix/IntentReceiverActivity.kt ===================================== @@ -6,6 +6,7 @@ package org.mozilla.fenix import android.app.Activity import android.content.Intent +import android.content.Intent.ACTION_MAIN import android.content.pm.PackageManager import android.os.Build import android.os.Bundle @@ -24,6 +25,7 @@ import org.mozilla.fenix.ext.settings import org.mozilla.fenix.perf.MarkersActivityLifecycleCallbacks import org.mozilla.fenix.perf.StartupTimeline import org.mozilla.fenix.shortcut.NewTabShortcutIntentProcessor +import org.mozilla.fenix.tor.TorEvents /** * Processes incoming intents and sends them to the corresponding activity. @@ -45,7 +47,23 @@ class IntentReceiverActivity : Activity() { // the HomeActivity. val intent = intent?.let { Intent(it) } ?: Intent() intent.sanitize().stripUnwantedFlags() - processIntent(intent) + if (intent.action == ACTION_MAIN || components.torController.isConnected) { + processIntent(intent) + } else { + // Wait until Tor is connected to handle intents from external apps for links, search, etc. + components.torController.registerTorListener(object : TorEvents { + override fun onTorConnected() { + components.torController.unregisterTorListener(this) + processIntent(intent) + } + override fun onTorConnecting() { /* no-op */ } + override fun onTorStopped() { /* no-op */ } + override fun onTorStatusUpdate(entry: String?, status: String?) { /* no-op */ } + }) + + // In the meantime, open the HomeActivity so the user can get connected. + processIntent(Intent()) + } components.core.engine.profiler?.addMarker( MarkersActivityLifecycleCallbacks.MARKER_NAME, startTimeProfiler, "IntentReceiverActivity.onCreate" View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/commit/667092ef6caed… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/commit/667092ef6caed… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40764: Embed repo URL and git revision in Firefox
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7103ec20 by Pier Angelo Vendrame at 2023-02-02T15:31:44+01:00 Bug 40764: Embed repo URL and git revision in Firefox They will be visible and clickable in about:buildconfig. - - - - - 2 changed files: - projects/firefox/config - projects/firefox/mozconfig Changes: ===================================== projects/firefox/config ===================================== @@ -18,6 +18,8 @@ var: branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_osname: '[% c("var/osname") %]' + gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser + git_commit: '[% exec("git rev-parse HEAD") %]' deps: - build-essential - unzip @@ -74,6 +76,7 @@ targets: var: branding_directory_prefix: 'pb' browser_branch: '12.0-1' + gitlab_project: https://gitlab.torproject.org/tpo/applications/privacy-browser linux-x86_64: var: ===================================== projects/firefox/mozconfig ===================================== @@ -73,3 +73,6 @@ mk_add_options MOZ_PARALLEL_BUILD=[% c("num_procs") %] +export MOZ_INCLUDE_SOURCE_INFO=1 +export MOZ_SOURCE_REPO="[% c('var/gitlab_project') %]" +export MOZ_SOURCE_CHANGESET=[% c("var/git_commit") %] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] Bug 41603: Customize the creation of MOZ_SOURCE_URL
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 2b933eba by Pier Angelo Vendrame at 2023-02-02T15:30:24+01:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - 1 changed file: - build/variables.py Changes: ===================================== build/variables.py ===================================== @@ -97,7 +97,7 @@ def source_repo_header(output): output.write("#define MOZ_SOURCE_STAMP %s\n" % changeset) if repo and buildconfig.substs.get("MOZ_INCLUDE_SOURCE_INFO"): - source = "%s/rev/%s" % (repo, changeset) + source = "%s/-/commit/%s" % (repo, changeset) output.write("#define MOZ_SOURCE_REPO %s\n" % repo) output.write("#define MOZ_SOURCE_URL %s\n" % source) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b933eb… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b933eb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] Bug 41603: Customize the creation of MOZ_SOURCE_URL
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: bb63e34c by Pier Angelo Vendrame at 2023-02-02T15:28:37+01:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - 1 changed file: - build/variables.py Changes: ===================================== build/variables.py ===================================== @@ -97,7 +97,7 @@ def source_repo_header(output): output.write("#define MOZ_SOURCE_STAMP %s\n" % changeset) if repo and buildconfig.substs.get("MOZ_INCLUDE_SOURCE_INFO"): - source = "%s/rev/%s" % (repo, changeset) + source = "%s/-/commit/%s" % (repo, changeset) output.write("#define MOZ_SOURCE_REPO %s\n" % repo) output.write("#define MOZ_SOURCE_URL %s\n" % source) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bb63e34… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bb63e34… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40760: Add BSD packager contacts to release prep templates
by Richard Pospesel (＠richard) 02 Feb '23

02 Feb '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: a9fb0000 by Richard Pospesel at 2023-02-02T13:07:18+00:00 Bug 40760: Add BSD packager contacts to release prep templates - - - - - 2 changed files: - .gitlab/issue_templates/Release Prep - Alpha.md - .gitlab/issue_templates/Release Prep - Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Alpha.md ===================================== @@ -200,6 +200,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] Tails dev mailing list: tails-dev(a)boum.org - [ ] Guardian Project: nathan(a)guardianproject.info - [ ] torbrowser-launcher: micah(a)micahflee.com + - [ ] FreeBSD port: freebsd(a)sysctl.cz  + - [ ] OpenBSD port: caspar(a)schutijser.com  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` - [ ] Note any changes which may affect packaging/downstream integration - [ ] Email upstream stakeholders: ===================================== .gitlab/issue_templates/Release Prep - Stable.md ===================================== @@ -198,6 +198,8 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] Tails dev mailing list: tails-dev(a)boum.org - [ ] Guardian Project: nathan(a)guardianproject.info - [ ] torbrowser-launcher: micah(a)micahflee.com + - [ ] FreeBSD port: freebsd(a)sysctl.cz  + - [ ] OpenBSD port: caspar(a)schutijser.com  - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` - [ ] Note any changes which may affect packaging/downstream integration - [ ] Email upstream stakeholders: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] fixup! Bug 18905: Hide unwanted items from help menu
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 5bece552 by Pier Angelo Vendrame at 2023-02-02T15:27:17+01:00 fixup! Bug 18905: Hide unwanted items from help menu - - - - - 1 changed file: - browser/base/content/browser-safebrowsing.js Changes: ===================================== browser/base/content/browser-safebrowsing.js ===================================== @@ -7,9 +7,12 @@ var gSafeBrowsing = { setReportPhishingMenu() { - // tor-browser#18905: disable these menu entries - /* eslint-disable no-unreachable */ - return; + // tor-browser#18905: hide these menu entries + if ( + !Services.prefs.getBoolPref("browser.safebrowsing.phishing.enabled", true) + ) { + return; + } // In order to detect whether or not we're at the phishing warning // page, we have to check the documentURI instead of the currentURI. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5bece55… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5bece55… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] Bug 18905: Hide unwanted items from help menu
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 83880497 by Arthur Edelstein at 2023-02-02T15:24:05+01:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - 3 changed files: - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-safebrowsing.js Changes: ===================================== browser/base/content/appmenu-viewcache.inc.xhtml ===================================== @@ -55,7 +55,8 @@ class="subviewbutton" data-l10n-id="appmenuitem-new-private-window" key="key_privatebrowsing" - command="Tools:PrivateBrowsing"/> + command="Tools:PrivateBrowsing" + hidden="true"/> <toolbarseparator/> <toolbarbutton id="appMenu-new-identity" class="subviewbutton" @@ -179,7 +180,8 @@ <toolbarbutton id="appMenu-restoreSession" data-l10n-id="appmenu-restore-session" class="subviewbutton" - command="Browser:RestoreLastSession"/> + command="Browser:RestoreLastSession" + hidden="true"/> <toolbarseparator/> <toolbarbutton id="appMenuClearRecentHistory" data-l10n-id="appmenu-clear-history" ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -458,6 +458,7 @@ have their strings defined by appmenu-data-l10n-id. --> <menuitem id="menu_openHelp" oncommand="openHelpLink('firefox-help')" + hidden="true" data-l10n-id="menu-get-help" appmenu-data-l10n-id="appmenu-get-help" #ifdef XP_MACOSX @@ -467,14 +468,17 @@ #endif <menuitem id="feedbackPage" oncommand="openFeedbackPage()" + hidden="true" data-l10n-id="menu-help-share-ideas" appmenu-data-l10n-id="appmenu-help-share-ideas"/> <menuitem id="helpSafeMode" oncommand="safeModeRestart();" + hidden="true" data-l10n-id="menu-help-enter-troubleshoot-mode2" appmenu-data-l10n-id="appmenu-help-enter-troubleshoot-mode2"/> <menuitem id="troubleShooting" oncommand="openTroubleshootingPage()" + hidden="true" data-l10n-id="menu-help-more-troubleshooting-info" appmenu-data-l10n-id="appmenu-help-more-troubleshooting-info"/> <menuitem id="help_reportSiteIssue" ===================================== browser/base/content/browser-safebrowsing.js ===================================== @@ -7,6 +7,10 @@ var gSafeBrowsing = { setReportPhishingMenu() { + // tor-browser#18905: disable these menu entries + /* eslint-disable no-unreachable */ + return; + // In order to detect whether or not we're at the phishing warning // page, we have to check the documentURI instead of the currentURI. // This is because when the DocShell loads an error page, the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8388049… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8388049… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] 5 commits: dropme! Bug 10760: Integrate TorButton to TorBrowser core
by Pier Angelo Vendrame (＠pierov) 02 Feb '23

02 Feb '23

Pier Angelo Vendrame pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 153c0294 by Pier Angelo Vendrame at 2023-02-02T10:18:40+01:00 dropme! Bug 10760: Integrate TorButton to TorBrowser core Remove implementation of 18905 from Torbutton - - - - - 816d9867 by Arthur Edelstein at 2023-02-02T10:27:54+01:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - 28ab7be0 by Pier Angelo Vendrame at 2023-02-02T10:28:18+01:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Bring back the new circuit entries. - - - - - aaa2f0dc by Pier Angelo Vendrame at 2023-02-02T10:28:19+01:00 fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser Move the manual menu entry to the manual commit - - - - - 39eb835a by Pier Angelo Vendrame at 2023-02-02T11:44:32+01:00 fixup! Bug 18905: Hide unwanted items from help menu - - - - - 2 changed files: - browser/base/content/browser-menubar.inc - browser/base/content/browser-safebrowsing.js Changes: ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -461,17 +461,11 @@ <menupopup id="menu_HelpPopup" onpopupshowing="buildHelpMenu();">  -  - <box id="feedbackPage"/> - <box id="helpSafeMode"/> - <box id="menu_HelpPopup_reportPhishingtoolmenu"/> - <box id="menu_HelpPopup_reportPhishingErrortoolmenu"/>  <menuitem id="torBrowserUserManual" oncommand="gBrowser.selectedTab = gBrowser.addTab('about:manual', {triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal()});" label="&aboutTor.torbrowser_user_manual.label;" accesskey="&aboutTor.torbrowser_user_manual.accesskey;"/> -  <menuitem id="menu_openHelp" oncommand="openHelpLink('firefox-help')" hidden="true" @@ -485,8 +479,8 @@ <menuitem id="feedbackPage" oncommand="openFeedbackPage()" hidden="true" - data-l10n-id="menu-help-feedback-page" - appmenu-data-l10n-id="appmenu-help-feedback-page"/> + data-l10n-id="menu-help-share-ideas" + appmenu-data-l10n-id="appmenu-help-share-ideas"/> <menuitem id="helpSafeMode" oncommand="safeModeRestart();" hidden="true" ===================================== browser/base/content/browser-safebrowsing.js ===================================== @@ -7,6 +7,13 @@ var gSafeBrowsing = { setReportPhishingMenu() { + // tor-browser#18905: hide these menu entries + if ( + !Services.prefs.getBoolPref("browser.safebrowsing.phishing.enabled", true) + ) { + return; + } + // In order to detect whether or not we're at the phishing warning // page, we have to check the documentURI instead of the currentURI. // This is because when the DocShell loads an error page, the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5ac078… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5ac078… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.0-1] fixup! Bug 10760: Integrate TorButton to TorBrowser core
by Richard Pospesel (＠richard) 01 Feb '23

01 Feb '23

Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 0bf68ade by Pier Angelo Vendrame at 2023-02-01T15:02:12+00:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Bug 41572: Check for userContextId also in the circuit display (cherry picked from commit e4496e7ab626686e07f7d93093b81247e7e26118) - - - - - 1 changed file: - toolkit/torbutton/chrome/content/tor-circuit-display.js Changes: ===================================== toolkit/torbutton/chrome/content/tor-circuit-display.js ===================================== @@ -306,21 +306,32 @@ let createTorCircuitDisplay = (function() { // Obtains the circuit used by the given browser. let currentCircuitData = function(browser) { if (browser) { - let firstPartyDomain = getDomainForBrowser(browser); - let domain = firstPartyDomain || "--unknown--"; - let domainMap = browserToCredentialsMap.get(browser); - let credentials = domainMap && domainMap.get(domain); + const firstPartyDomain = getDomainForBrowser(browser); + const userContextId = + browser.contentPrincipal.originAttributes.userContextId; + const key = firstPartyDomain + ? `${firstPartyDomain}:${userContextId}` + : "--unknown--"; + const credentialMap = browserToCredentialsMap.get(browser); + const credentials = credentialMap && credentialMap.get(key); if (credentials) { - let [SOCKS_username, SOCKS_password] = credentials; - let nodeData = credentialsToNodeDataMap.get( + const [SOCKS_username, SOCKS_password] = credentials; + const nodeData = credentialsToNodeDataMap.get( `${SOCKS_username}|${SOCKS_password}` ); - let domain = SOCKS_username; - if (browser.documentURI.host.endsWith(".tor.onion")) { - const service = Cc[ - "@torproject.org/onion-alias-service;1" - ].getService(Ci.IOnionAliasService); - domain = service.getOnionAlias(browser.documentURI.host); + let domain = firstPartyDomain; + try { + if (browser.documentURI.host.endsWith(".tor.onion")) { + const service = Cc[ + "@torproject.org/onion-alias-service;1" + ].getService(Ci.IOnionAliasService); + domain = service.getOnionAlias(browser.documentURI.host); + } + } catch (e) { + logger.eclog( + 3, + `[circuit display] Cannot verify if we are visiting an onion alias: ${e.message}\n${e.stack}` + ); } return { domain, nodeData }; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0bf68ad… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0bf68ad… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.0-1] fixup! Bug 10760: Integrate TorButton to TorBrowser core
by Richard Pospesel (＠richard) 01 Feb '23

01 Feb '23

Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 6ec1fbad by trinity-1686a at 2023-02-01T15:00:25+00:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Bug 41066: isolate tor connections based on userContextId (cherry picked from commit 4a257dd55db4184672220c25a4f07b8999b8dd83) - - - - - 1 changed file: - toolkit/torbutton/components/domain-isolator.js Changes: ===================================== toolkit/torbutton/components/domain-isolator.js ===================================== @@ -58,7 +58,11 @@ let tor = {}; // __tor.noncesForDomains__. // A mutable map that records what nonce we are using for each domain. -tor.noncesForDomains = {}; +tor.noncesForDomains = new Map(); + +// __tor.noncesForUserContextId__. +// A mutable map that records what nonce we are using for each tab container. +tor.noncesForUserContextId = new Map(); // __tor.isolationEabled__. // A bool that controls if we use SOCKS auth for isolation or not. @@ -68,23 +72,37 @@ tor.isolationEnabled = true; // Specifies when the current catch-all circuit was first used tor.unknownDirtySince = Date.now(); -// __tor.socksProxyCredentials(originalProxy, domain)__. -// Takes a proxyInfo object (originalProxy) and returns a new proxyInfo -// object with the same properties, except the username is set to the -// the domain, and the password is a nonce. -tor.socksProxyCredentials = function(originalProxy, domain) { +tor.passwordForDomainAndUserContextId = function(domain, userContextId) { // Check if we already have a nonce. If not, create - // one for this domain. - if (!tor.noncesForDomains.hasOwnProperty(domain)) { - tor.noncesForDomains[domain] = tor.nonce(); + // one for this domain and userContextId. + if (!tor.noncesForDomains.has(domain)) { + tor.noncesForDomains.set(domain, tor.nonce()); + } + if (!tor.noncesForUserContextId.has(userContextId)) { + tor.noncesForUserContextId.set(userContextId, tor.nonce()); } + return ( + tor.noncesForDomains.get(domain) + + tor.noncesForUserContextId.get(userContextId) + ); +}; + +// __tor.socksProxyCredentials(originalProxy, domain, userContextId)__. +// Takes a proxyInfo object (originalProxy) and returns a new proxyInfo +// object with the same properties, except the username is set to the +// the domain and userContextId, and the password is a nonce. +tor.socksProxyCredentials = function(originalProxy, domain, userContextId) { let proxy = originalProxy.QueryInterface(Ci.nsIProxyInfo); + let proxyPassword = tor.passwordForDomainAndUserContextId( + domain, + userContextId + ); return mozilla.protocolProxyService.newProxyInfoWithAuth( "socks", proxy.host, proxy.port, - domain, // username - tor.noncesForDomains[domain], // password + `${domain}:${userContextId}`, // username + proxyPassword, "", // aProxyAuthorizationHeader "", // aConnectionIsolationKey proxy.flags, @@ -116,10 +134,21 @@ tor.newCircuitForDomain = function(domain) { if (domain === "") { domain = "--unknown--"; } - tor.noncesForDomains[domain] = tor.nonce(); + tor.noncesForDomains.set(domain, tor.nonce()); + logger.eclog( + 3, + `New domain isolation for ${domain}: ${tor.noncesForDomains.get(domain)}` + ); +}; + +tor.newCircuitForUserContextId = function(userContextId) { + // Re-generate the nonce for the context. + tor.noncesForUserContextId.set(userContextId, tor.nonce()); logger.eclog( 3, - "New domain isolation for " + domain + ": " + tor.noncesForDomains[domain] + `New container isolation for ${userContextId}: ${tor.noncesForUserContextId.get( + userContextId + )}` ); }; @@ -127,8 +156,9 @@ tor.newCircuitForDomain = function(domain) { // Clear the isolation state cache, forcing new circuits to be used for all // subsequent requests. tor.clearIsolation = function() { - // Per-domain nonces are stored in a map, so simply re-initialize the map. - tor.noncesForDomains = {}; + // Per-domain and per contextId nonces are stored in maps, so simply clear them. + tor.noncesForDomains.clear(); + tor.noncesForUserContextId.clear(); // Force a rotation on the next catch-all circuit use by setting the creation // time to the epoch. @@ -137,9 +167,9 @@ tor.clearIsolation = function() { // __tor.isolateCircuitsByDomain()__. // For every HTTPChannel, replaces the default SOCKS proxy with one that authenticates -// to the SOCKS server (the tor client process) with a username (the first party domain) -// and a nonce password. Tor provides a separate circuit for each username+password -// combination. +// to the SOCKS server (the tor client process) with a username (the first party domain +// and userContextId) and a nonce password. Tor provides a separate circuit for each +// username+password combination. tor.isolateCircuitsByDomain = function() { mozilla.registerProxyChannelFilter(function(aChannel, aProxy) { if (!tor.isolationEnabled) { @@ -147,7 +177,8 @@ tor.isolateCircuitsByDomain = function() { } try { let channel = aChannel.QueryInterface(Ci.nsIChannel), - firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain; + firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain, + userContextId = channel.loadInfo.originAttributes.userContextId; if (firstPartyDomain === "") { firstPartyDomain = "--unknown--"; if (Date.now() - tor.unknownDirtySince > 1000 * 10 * 60) { @@ -161,7 +192,8 @@ tor.isolateCircuitsByDomain = function() { } let replacementProxy = tor.socksProxyCredentials( aProxy, - firstPartyDomain + firstPartyDomain, + userContextId ); logger.eclog( 3, @@ -206,6 +238,9 @@ DomainIsolator.prototype = { newCircuitForDomain(domain) { tor.newCircuitForDomain(domain); }, + newCircuitForUserContextId(userContextId) { + tor.newCircuitForUserContextId(userContextId); + }, enableIsolation() { tor.isolationEnabled = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6ec1fba… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6ec1fba… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.0-1] Bug 40283: Workaround for the file upload bug
by Richard Pospesel (＠richard) 01 Feb '23

01 Feb '23

Richard Pospesel pushed to branch base-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: f8403767 by p13dz at 2023-02-01T14:22:02+00:00 Bug 40283: Workaround for the file upload bug (cherry picked from commit c23f2f397327ee46a1a4de57acf206fd83e8e170) - - - - - 1 changed file: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -4726,12 +4726,19 @@ public class GeckoSession { return super.confirm(); } + private static String normalizePath(String input) { + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; + } + private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { if (uri == null) { return null; } if ("file".equals(uri.getScheme())) { - return uri.getPath(); + return normalizePath(uri.getPath()); } final ContentResolver cr = context.getContentResolver(); final Cursor cur = @@ -4753,7 +4760,7 @@ public class GeckoSession { try { final String path = cur.getString(idx); if (path != null && !path.isEmpty()) { - return path; + return normalizePath(path); } } catch (final Exception e) { } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f840376… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f840376… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.0-1] Bug 40283: Workaround for the file upload bug
by Richard Pospesel (＠richard) 01 Feb '23

01 Feb '23

Richard Pospesel pushed to branch tor-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 97cd9671 by p13dz at 2023-02-01T14:21:34+00:00 Bug 40283: Workaround for the file upload bug (cherry picked from commit c23f2f397327ee46a1a4de57acf206fd83e8e170) - - - - - 1 changed file: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -4726,12 +4726,19 @@ public class GeckoSession { return super.confirm(); } + private static String normalizePath(String input) { + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; + } + private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { if (uri == null) { return null; } if ("file".equals(uri.getScheme())) { - return uri.getPath(); + return normalizePath(uri.getPath()); } final ContentResolver cr = context.getContentResolver(); final Cursor cur = @@ -4753,7 +4760,7 @@ public class GeckoSession { try { final String path = cur.getString(idx); if (path != null && !path.isEmpty()) { - return path; + return normalizePath(path); } } catch (final Exception e) { } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/97cd967… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/97cd967… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-bundle-testsuite][main] Bug 40072: Fix torbrowser-incrementals-nightly-*
by boklm (＠boklm) 01 Feb '23

01 Feb '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-bundle-testsuite Commits: 695bb8ef by Nicolas Vigier at 2023-02-01T11:18:27+01:00 Bug 40072: Fix torbrowser-incrementals-nightly-* With tor-browser-build#40737 the nightly/ directory is now prefixed with the $projectname, and with tor-browser-build#40742 the makefile rule to generate the incrementals is now $projectname-incrementals-nightly. - - - - - 1 changed file: - TBBTestSuite/TestSuite/TorBrowserBuild.pm Changes: ===================================== TBBTestSuite/TestSuite/TorBrowserBuild.pm ===================================== @@ -46,6 +46,7 @@ sub set_tests { descr => 'create incrementals for tor-browser nightly linux-x86_64', type => 'make_incrementals', publish_dir => 'nightly-linux-x86_64', + projectname => 'torbrowser', }, { name => 'torbrowser-nightly-linux-i686', @@ -65,6 +66,7 @@ sub set_tests { descr => 'create incrementals for tor-browser nightly linux-i686', type => 'make_incrementals', publish_dir => 'nightly-linux-i686', + projectname => 'torbrowser', }, { name => 'torbrowser-nightly-windows-i686', @@ -84,6 +86,7 @@ sub set_tests { descr => 'create incrementals for tor-browser nightly windows-i686', type => 'make_incrementals', publish_dir => 'nightly-windows-i686', + projectname => 'torbrowser', }, { name => 'torbrowser-nightly-windows-x86_64', @@ -103,6 +106,7 @@ sub set_tests { descr => 'create incrementals for tor-browser nightly windows-x86_64', type => 'make_incrementals', publish_dir => 'nightly-windows-x86_64', + projectname => 'torbrowser', }, { name => 'torbrowser-nightly-macos', @@ -122,6 +126,7 @@ sub set_tests { descr => 'create incrementals for tor-browser nightly macos (universal)', type => 'make_incrementals', publish_dir => 'nightly-macos', + projectname => 'torbrowser', }, { name => 'torbrowser-nightly-android-armv7', @@ -247,17 +252,21 @@ sub set_tests { sub make_incrementals { my ($testsuite, $test) = @_; $test->{results}{success} = 0; - mkdir 'nightly' unless -d 'nightly'; + my $projectname = $test->{projectname}; + my $nightlydir = "$projectname/nightly"; + for my $dir ($projectname, $nightlydir) { + mkdir $dir unless -d $dir; + } # Clean the nightly directory - foreach my $subdir (path('nightly')->children) { + foreach my $subdir (path($nightlydir)->children) { unlink $subdir if -l $subdir; } foreach my $builddir (path($testsuite->{publish_dir} . '/..')->children) { if (-f "$builddir/$test->{publish_dir}/sha256sums-unsigned-build.txt") { - symlink("$builddir/$test->{publish_dir}", 'nightly/' . $builddir->basename); + symlink("$builddir/$test->{publish_dir}", "$nightlydir/$builddir->basename"); } } - my @cmd = ('make', 'incrementals-nightly'); + my @cmd = ('make', $test->{projectname} . '-incrementals-nightly'); run_to_file("$testsuite->{'results-dir'}/$test->{name}.build.txt", @cmd) or return; $test->{results}{success} = 1; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.0] 6 commits: Bug 28124: Switch to Mozilla's libdmg-hfsplus
by Pier Angelo Vendrame (＠pierov) 01 Feb '23

01 Feb '23

Pier Angelo Vendrame pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build Commits: 9b54da11 by Pier Angelo Vendrame at 2023-02-01T10:53:27+01:00 Bug 28124: Switch to Mozilla's libdmg-hfsplus To show the DMG icon it seems we need to create the DMG from a HFS filesystem, rather than an ISO one. So, to then do so, with this commit I am switching to Mozilla's fork of libdmg-hfsplus, I am updating its build script and using it to build also the hfsplus tool. Also, add the hfsplus project, which is needed to create the HFS filesystem in the first place. - - - - - 3eb81812 by Pier Angelo Vendrame at 2023-02-01T10:53:34+01:00 Bug 28124: Switch from ISO to HFS and show the disk icon Use the new tools from the previous commit to build the DMG from a HFS filesystem, and configure it to show the custom volume icon. - - - - - 6f5d0bed by Pier Angelo Vendrame at 2023-02-01T10:53:34+01:00 Bug 28124: Update the macOS volume icon - - - - - 70ffd274 by Pier Angelo Vendrame at 2023-02-01T10:53:47+01:00 Bug 40744: Ensure reproducibility with HFS DMG - - - - - 1dc2335c by Nicolas Vigier at 2023-02-01T10:55:27+01:00 Bug 40755: Use openssl-1.0.2 for building libdmg-hfsplus outside containers libdmg-hfsplus fails to build with openssl1.1: https://github.com/planetbeing/libdmg-hfsplus/issues/14 - - - - - 1ec878d6 by Nicolas Vigier at 2023-02-01T10:55:34+01:00 Bug 40755: Allow building hfsplus-tools without container If clang is insalled, building hfsplus-tools should work without container. - - - - - 14 changed files: - projects/browser/Bundle-Data/mac-applications.dmg/.VolumeIcon.icns - − projects/browser/Bundle-Data/mac-applications.dmg/Applications - projects/browser/build - projects/browser/config - projects/browser/ddmg.sh - + projects/hfsplus-tools/build - + projects/hfsplus-tools/config - + projects/hfsplus-tools/newfs_hfs.diff - projects/libdmg-hfsplus/build - projects/libdmg-hfsplus/config - + projects/openssl-1.0.2/build - + projects/openssl-1.0.2/config - tools/signing/ddmg.sh - tools/signing/gatekeeper-bundling.sh Changes: ===================================== projects/browser/Bundle-Data/mac-applications.dmg/.VolumeIcon.icns ===================================== Binary files a/projects/browser/Bundle-Data/mac-applications.dmg/.VolumeIcon.icns and b/projects/browser/Bundle-Data/mac-applications.dmg/.VolumeIcon.icns differ ===================================== projects/browser/Bundle-Data/mac-applications.dmg/Applications deleted ===================================== @@ -1 +0,0 @@ -/Applications \ No newline at end of file ===================================== projects/browser/build ===================================== @@ -33,8 +33,9 @@ touch "$GENERATEDPREFSPATH" TORBINPATH=Contents/MacOS/Tor TORCONFIGPATH=Contents/Resources/TorBrowser/Tor + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/hfsplus-tools') %] tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/libdmg') %] - export PATH=/var/tmp/dist/libdmg-hfsplus:$PATH + export PATH=/var/tmp/dist/hfsplus-tools:/var/tmp/dist/libdmg-hfsplus:$PATH [% ELSE %] TBDIR=$TB_STAGE_DIR/Browser TBDIRS=("$TBDIR") ===================================== projects/browser/config ===================================== @@ -33,7 +33,6 @@ targets: macos: var: arch_deps: - - genisoimage - faketime - python3-dev - python3-pip @@ -106,6 +105,9 @@ input_files: sha256sum: 14af6a3cbc269c045f2d950e1e4f7c29981b35a7abc61d2413f5bb8bd7311857 - filename: 'gtk3-settings.ini' enable: '[% c("var/linux") %]' + - project: hfsplus-tools + name: hfsplus-tools + enable: '[% c("var/macos") %]' - project: libdmg-hfsplus name: libdmg enable: '[% c("var/macos") %]' ===================================== projects/browser/ddmg.sh ===================================== @@ -1,3 +1,6 @@ +#!/bin/bash +set -e + [% SET src = c('dmg_src', { error_if_undef => 1 }) -%] find [% src %] -executable -exec chmod 0755 {} \; find [% src %] ! -executable -exec chmod 0644 {} \; @@ -5,17 +8,33 @@ find [% src %] ! -executable -exec chmod 0644 {} \; find [% src %] -exec [% c("touch") %] {} \; dmg_tmpdir=\$(mktemp -d) -[% SET filelist = '"\$dmg_tmpdir/filelist.txt"' %] -pushd [% src %] -find . -type f | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" > [% filelist %] -find . -type l | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" >> [% filelist %] +hfsfile="\$dmg_tmpdir/tbb-uncompressed.dmg" +# hfsplus sets all the times to time(NULL) export LD_PRELOAD=[% c("var/faketime_path") %] export FAKETIME="[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]" -genisoimage -D -V "Tor Browser" -no-pad -R -apple -o "\$dmg_tmpdir/tbb-uncompressed.dmg" -path-list [% filelist %] -graft-points -gid 20 -dir-mode 0755 -new-dir-mode 0755 +# Use a similar strategy to Mozilla (they have 1.02, we have 1.1) +size=\$(du -ms [% src %] | awk '{ print int( \$1 * 1.1 ) }') +dd if=/dev/zero of="\$hfsfile" bs=1M count=\$size +newfs_hfs -v "[% c("var/Project_Name") %]" "\$hfsfile" + +pushd [% src %] + +find -type d -mindepth 1 | sed -e 's/^\.\///' | sort | while read dirname; do + hfsplus "\$hfsfile" mkdir "/\$dirname" + hfsplus "\$hfsfile" chmod 0755 "/\$dirname" +done +find -type f | sed -e 's/^\.\///' | sort | while read filename; do + hfsplus "\$hfsfile" add "\$filename" "/\$filename" + hfsplus "\$hfsfile" chmod \$(stat --format '0%a' "\$filename") "/\$filename" +done +# hfsplus does not play well with dangling links +hfsplus "\$hfsfile" symlink /Applications /Applications +# Show the volume icon +hfsplus "\$hfsfile" attr / C -dmg dmg "\$dmg_tmpdir/tbb-uncompressed.dmg" [% c('dmg_out', { error_if_undef => 1 }) %] +dmg dmg "\$hfsfile" [% c('dmg_out', { error_if_undef => 1 }) %] popd rm -Rf "\$dmg_tmpdir" ===================================== projects/hfsplus-tools/build ===================================== @@ -0,0 +1,24 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +distdir=/var/tmp/dist/[% project %] +mkdir /var/tmp/dist +[% IF ! c("container/global_disable") -%] + tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/clang') %] + export PATH="/var/tmp/dist/clang/bin:$PATH" +[% END -%] + +tar -xf diskdev_cmds-[% c("version") %].tar.gz +cd diskdev_cmds-[% c("version") %] + +patch -p1 < $rootdir/newfs_hfs.diff + +make -j[% c("num_procs") %] + +mkdir -p "$distdir" +cp newfs_hfs.tproj/newfs_hfs "$distdir/" + +cd /var/tmp/dist +[% c('tar', { + tar_src => [ project ], + tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), + }) %] ===================================== projects/hfsplus-tools/config ===================================== @@ -0,0 +1,23 @@ +# vim: filetype=yaml sw=2 +version: 540.1.linux3 +filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 +var: + deps: + - build-essential + - libssl-dev + - uuid-dev +input_files: + # See hfsplus-tools in taskcluster/ci/fetch/toolchains.yml + - URL: https://src.fedoraproject.org/repo/pkgs/hfsplus-tools/diskdev_cmds-540.1.li… c("version") %].tar.gz + sha256: b01b203a97f9a3bf36a027c13ddfc59292730552e62722d690d33bd5c24f5497 + - project: container-image + # The project uses a flag that is not supported by GCC + - name: clang + project: clang + enable: '[% ! c("container/global_disable") %]' + # Build only newfs (we do not care of fsck), remove a header that does not + # exist on Linux (at that path) and is not required on Linux either, and make + # the UUID deterministic. + - filename: newfs_hfs.diff ===================================== projects/hfsplus-tools/newfs_hfs.diff ===================================== @@ -0,0 +1,38 @@ +diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/Makefile diskdev_cmds-540.1.linux3/Makefile +--- diskdev_cmds-540.1.linux3_orig/Makefile 2023-01-17 11:36:56.341279443 +0100 ++++ diskdev_cmds-540.1.linux3/Makefile 2023-01-17 11:44:12.496479981 +0100 +@@ -3,7 +3,7 @@ + CC := clang + CFLAGS := -g3 -Wall -fblocks -I$(PWD)/BlocksRunTime -I$(PWD)/include -DDEBUG_BUILD=0 -D_FILE_OFFSET_BITS=64 -D LINUX=1 -D BSD=1 -D VERSION=\"$(VERSION)\" + LDFLAGS := -Wl,--build-id -L$(PWD)/BlocksRunTime +-SUBDIRS := BlocksRunTime newfs_hfs.tproj fsck_hfs.tproj ++SUBDIRS := newfs_hfs.tproj + + all clean: + for d in $(SUBDIRS); do $(MAKE) -C $$d -f Makefile.lnx $@; done +diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c +--- diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c 2023-01-17 11:36:56.341279443 +0100 ++++ diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c 2023-01-17 11:58:15.972059719 +0100 +@@ -38,8 +38,8 @@ + #endif + #include <sys/errno.h> + #include <sys/stat.h> +-#include <sys/sysctl.h> + #if !LINUX ++#include <sys/sysctl.h> + #include <sys/vmmeter.h> + #endif + +@@ -571,8 +571,10 @@ + /* Adjust free blocks to reflect everything we have allocated. */ + hp->freeBlocks -= blocksUsed; + +- /* Generate and write UUID for the HFS+ disk */ +- GenerateVolumeUUID(&newVolumeUUID); ++ /* Use a deterministic UUID for reproducibility */ ++ memset(&newVolumeUUID, 0, sizeof(newVolumeUUID)); ++ strncpy(&newVolumeUUID, defaults->volumeName, sizeof(newVolumeUUID)); ++ + finderInfoUUIDPtr = (VolumeUUID *)(&hp->finderInfo[24]); + finderInfoUUIDPtr->v.high = OSSwapHostToBigInt32(newVolumeUUID.v.high); + finderInfoUUIDPtr->v.low = OSSwapHostToBigInt32(newVolumeUUID.v.low); ===================================== projects/libdmg-hfsplus/build ===================================== @@ -1,16 +1,26 @@ #!/bin/bash [% c("var/set_default_env") -%] -distdir=$(pwd)/dist -mkdir -p $distdir/[% project %] -tar xf [% project %]-[% c('version') %].tar.gz -cd [% project %]-[% c('version') %] -patch -p1 < ../libdmg.patch -cmake -DCMAKE_INSTALL_PREFIX:PATH=$distdir/[% project %] CMakeLists.txt -cd dmg -make -j[% c("num_procs") %] -make install -cd $distdir +distdir=/var/tmp/dist/[% project %] +mkdir -p /var/tmp/dist +tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %] +tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %] +[% IF c("container/global_disable") -%] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/openssl-1.0.2') %] +[% END -%] +export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH" + +mkdir /var/tmp/build +tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz +cd /var/tmp/build/[% project %]-[% c('version') %] +patch -p1 < "$rootdir/libdmg.patch" +cmake . -GNinja -DCMAKE_BUILD_TYPE=Release [% c("var/cmake_opts") %] +ninja -j[% c("num_procs") %] -v + +mkdir $distdir +# We take only dmg and hfsplus like Mozilla does +cp dmg/dmg hfs/hfsplus $distdir/ +cd /var/tmp/dist [% c('tar', { tar_src => [ project ], tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), - }) %] + }) %] ===================================== projects/libdmg-hfsplus/config ===================================== @@ -1,16 +1,28 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' -git_url: https://github.com/vasi/libdmg-hfsplus -git_hash: dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 +git_url: https://github.com/mozilla/libdmg-hfsplus +git_hash: 2ee327795680101d36f9700bd0fb618362237718 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' container: use_container: 1 var: deps: - build-essential - - cmake - zlib1g-dev - libbz2-dev +targets: + no_containers: + var: + cmake_opts: | + -DOPENSSL_USE_STATIC_LIBS=1 \ + -DOPENSSL_ROOT_DIR=/var/tmp/dist/openssl input_files: - project: container-image + - name: cmake + project: cmake + - name: ninja + project: ninja - filename: libdmg.patch + - name: openssl-1.0.2 + project: openssl-1.0.2 + enable: '[% c("container/global_disable") %]' ===================================== projects/openssl-1.0.2/build ===================================== @@ -0,0 +1,15 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +distdir=/var/tmp/dist/openssl +mkdir -p /var/tmp/build +tar -C /var/tmp/build -xf openssl-[% c('version') %].tar.gz +cd /var/tmp/build/openssl-[% c('version') %] +export SOURCE_DATE_EPOCH='[% c("timestamp") %]' +./Configure --prefix="$distdir" -shared enable-ec_nistp_64_gcc_128 linux-x86_64 +make -j[% c("num_procs") %] +make -j[% c("num_procs") %] install +cd /var/tmp/dist +[% c('tar', { + tar_src => [ 'openssl' ], + tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), + }) %] ===================================== projects/openssl-1.0.2/config ===================================== @@ -0,0 +1,11 @@ +# vim: filetype=yaml sw=2 +# +# We need openssl-1.0.2 for building libdmg-hfsplus: +# https://github.com/planetbeing/libdmg-hfsplus/issues/14 +# +version: 1.0.2u +filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' + +input_files: + - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' + sha256sum: ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16 ===================================== tools/signing/ddmg.sh ===================================== @@ -21,20 +21,40 @@ find $src_dir ! -executable -exec chmod 0644 {} \; 2> /dev/null find $src_dir -exec touch -m -t 200001010101 {} \; 2> /dev/null set -e +VOLUME_LABEL="${VOLUME_LABEL:-Tor Browser}" + dmg_tmpdir=$(mktemp -d) -filelist="$dmg_tmpdir/filelist.txt" -cd $src_dir -find . -type f | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" > $filelist -find . -type l | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" >> $filelist +hfsfile="$dmg_tmpdir/tbb-uncompressed.dmg" export LD_PRELOAD=$faketime_path export FAKETIME="2000-01-01 01:01:01" echo "Starting: " $(basename $dest_file) -genisoimage -D -V "Tor Browser" -no-pad -R -apple -o "$dmg_tmpdir/tbb-uncompressed.dmg" -path-list $filelist -graft-points -gid 20 -dir-mode 0755 -new-dir-mode 0755 +# Use a similar strategy to Mozilla (they have 1.02, we have 1.1) +size=$(du -ms "$src_dir" | awk '{ print int( $1 * 1.1 ) }') +dd if=/dev/zero of="$hfsfile" bs=1M count=$size +newfs_hfs -v "$VOLUME_LABEL" "$hfsfile" + +cd $src_dir -dmg dmg "$dmg_tmpdir/tbb-uncompressed.dmg" "$dest_file" +# hfsplus does not play well with dangling links, so remove /Applications, and +# add it back again with the special command to do so. +rm -f Applications + +find -type d -mindepth 1 | sed -e 's/^\.\///' | sort | while read dirname; do + hfsplus "$hfsfile" mkdir "/$dirname" + hfsplus "$hfsfile" chmod 0755 "/$dirname" +done +find -type f | sed -e 's/^\.\///' | sort | while read filename; do + hfsplus "$hfsfile" add "$filename" "/$filename" + hfsplus "$hfsfile" chmod $(stat --format '0%a' "$filename") "/$filename" +done +hfsplus "$hfsfile" symlink /Applications /Applications +# Show the volume icon +hfsplus "$hfsfile" attr / C + +dmg dmg "$hfsfile" "$dest_file" echo "Finished: " $(basename $dest_file) ===================================== tools/signing/gatekeeper-bundling.sh ===================================== @@ -35,18 +35,22 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "$script_dir/functions" -which genisoimage > /dev/null || \ - exit_error 'genisoimage is missing. You should install the genisoimage package.' test -f $faketime_path || \ exit_error "$faketime_path is missing" test -d $macos_stapled_dir || \ exit_error "The stapled macos zip files should be placed in directory $macos_stapled_dir" -libdmg_file="$script_dir/../../out/libdmg-hfsplus/libdmg-hfsplus-dfd5e5cc3dc1-c9296e.tar.gz" +libdmg_file="$script_dir/../../out/libdmg-hfsplus/libdmg-hfsplus-2ee327795680-555a7e.tar.gz" test -f "$libdmg_file" || \ exit_error "$libdmg_file is missing." \ "You can build it with:" \ " ./rbm/rbm build --target no_containers libdmg-hfsplus" \ "See var/deps in projects/libdmg-hfsplus/config for the list of build dependencies" +hfstools_file="$script_dir/../../out/hfsplus-tools/hfsplus-tools-540.1.linux3-66de66.tar.gz" +test -f "$hfstools_file" || \ + exit_error "$hfstools_file is missing." \ + "You can build it with:" \ + " ./rbm/rbm build --target no_containers hfsplus-tools" \ + "You will need the clang and uuid-dev packages installed" test -d "$macos_signed_dir" || mkdir "$macos_signed_dir" tmpdir="$macos_stapled_dir/tmp" @@ -55,7 +59,8 @@ mkdir "$tmpdir" cp -rT "$script_dir/../../projects/browser/Bundle-Data/mac-applications.dmg" "$tmpdir/dmg" tar -C "$tmpdir" -xf "$libdmg_file" -export PATH="$PATH:$tmpdir/libdmg-hfsplus" +tar -C "$tmpdir" -xf "$hfstools_file" +export PATH="$PATH:$tmpdir/libdmg-hfsplus:$tmpdir/hfsplus-tools" for lang in $bundle_locales do View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41361: Add support for conjure in android
by Richard Pospesel (＠richard) 31 Jan '23

31 Jan '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 64e56829 by Cecylia Bocovich at 2023-01-31T21:00:25+00:00 Bug 41361: Add support for conjure in android - - - - - 9b208d20 by Cecylia Bocovich at 2023-01-31T21:00:25+00:00 Bug 41361: Use conjure-compatible version of tor-android-service - - - - - 4 changed files: - projects/tor-android-service/config - + projects/tor-onion-proxy-library/0001-Bug-41361-Add-conjure-support.patch - projects/tor-onion-proxy-library/build - projects/tor-onion-proxy-library/config Changes: ===================================== projects/tor-android-service/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %]' -git_hash: f324999c1773a8d8c83c50106a2cac30be93aabf +git_hash: 27924bc748044e987c188be854ff1471397cdb6a git_url: https://gitlab.torproject.org/tpo/applications/tor-android-service.git git_submodule: 1 container: ===================================== projects/tor-onion-proxy-library/0001-Bug-41361-Add-conjure-support.patch ===================================== @@ -0,0 +1,80 @@ +From edf4337158df11da3b6ef6d30050e2441cfeafeb Mon Sep 17 00:00:00 2001 +From: Cecylia Bocovich <cohosh(a)torproject.org> +Date: Thu, 13 Oct 2022 10:20:59 -0400 +Subject: [PATCH] Bug 41361: Add conjure support + +--- + android/build.gradle | 3 +++ + .../thali/toronionproxy/TorConfigBuilder.java | 18 ++++++++++++++---- + 2 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/android/build.gradle b/android/build.gradle +index 2392731..b1aca0a 100644 +--- a/android/build.gradle ++++ b/android/build.gradle +@@ -96,6 +96,9 @@ task copyPluggableTransports(type: Copy) { + rename { filename -> + filename.replace 'snowflake-client', 'libSnowflake.so' + } ++ rename { filename -> ++ filename.replace 'conjure-client', 'libConjure.so' ++ } + } + + gradle.projectsEvaluated { +diff --git a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java +index cc10783..c7e20c0 100644 +--- a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java ++++ b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java +@@ -109,8 +109,8 @@ public final class TorConfigBuilder { + return this; + } + +- public TorConfigBuilder configurePluggableTransportsFromSettings(File pluggableTransportObfs, File pluggableTransportSnow) throws IOException { +- if (pluggableTransportObfs == null || pluggableTransportSnow == null) { ++ public TorConfigBuilder configurePluggableTransportsFromSettings(File pluggableTransportObfs, File pluggableTransportSnow, File pluggableTransportConjure) throws IOException { ++ if (pluggableTransportObfs == null || pluggableTransportSnow == null || pluggableTransportConjure == null) { + return this; + } + +@@ -124,6 +124,11 @@ public final class TorConfigBuilder { + .getCanonicalPath()); + } + ++ if (!pluggableTransportConjure.exists()) { ++ throw new IOException("Conjure binary does not exist: " + pluggableTransportConjure ++ .getCanonicalPath()); ++ } ++ + if (!pluggableTransportObfs.canExecute()) { + throw new IOException("Obfs4proxy binary is not executable: " + pluggableTransportObfs + .getCanonicalPath()); +@@ -134,8 +139,12 @@ public final class TorConfigBuilder { + .getCanonicalPath()); + } + ++ if (!pluggableTransportConjure.canExecute()) { ++ throw new IOException("Conjure binary is not executable: " + pluggableTransportConjure ++ .getCanonicalPath()); ++ } + +- transportPlugin(pluggableTransportObfs.getCanonicalPath(), pluggableTransportSnow.getCanonicalPath()); ++ transportPlugin(pluggableTransportObfs.getCanonicalPath(), pluggableTransportSnow.getCanonicalPath(), pluggableTransportConjure.getCanonicalPath()); + return this; + } + +@@ -502,9 +511,10 @@ public final class TorConfigBuilder { + return transPort(settings.transPort()); + } + +- public TorConfigBuilder transportPlugin(String obfsPath, String snowPath) { ++ public TorConfigBuilder transportPlugin(String obfsPath, String snowPath, String conjurePath) { + buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(obfsPath).append('\n'); + buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478\n"); ++ buffer.append("ClientTransportPlugin conjure exec ").append(conjurePath).append(" -registerURL https://registration.refraction.network/api\n"); + return this; + } + +-- +2.37.2 + ===================================== projects/tor-onion-proxy-library/build ===================================== @@ -24,6 +24,7 @@ cd /var/tmp/build/[% project %]-[% c('version') %] patch -p1 < $rootdir/gradle.patch patch -p1 < $rootdir/0001-Bug-33931-Filter-bridges-in-stream-by-type.patch patch -p1 < $rootdir/0001-Bug-30318-Add-snowflake-support.patch +patch -p1 < $rootdir/0001-Bug-41361-Add-conjure-support.patch [% FOREACH arch = ['armv7', 'aarch64', 'x86', 'x86_64'] -%] # Extract tor-expert-bundle @@ -38,12 +39,16 @@ patch -p1 < $rootdir/0001-Bug-30318-Add-snowflake-support.patch cp $ptdir/obfs4proxy external/pluto/bin/armeabi/ cp $ptdir/snowflake-client external/pluto/bin/armeabi-v7a/ cp $ptdir/snowflake-client external/pluto/bin/armeabi/ + cp $ptdir/conjure-client external/pluto/bin/armeabi-v7a/ + cp $ptdir/conjure-client external/pluto/bin/armeabi/ [% ELSIF arch == "aarch64" -%] cp $ptdir/obfs4proxy external/pluto/bin/arm64-v8a/ cp $ptdir/snowflake-client external/pluto/bin/arm64-v8a/ + cp $ptdir/conjure-client external/pluto/bin/arm64-v8a/ [% ELSE -%] cp $ptdir/obfs4proxy external/pluto/bin/[% arch %]/ cp $ptdir/snowflake-client external/pluto/bin/[% arch %]/ + cp $ptdir/conjure-client external/pluto/bin/[% arch %]/ [% END -%] [% END -%] ===================================== projects/tor-onion-proxy-library/config ===================================== @@ -40,3 +40,4 @@ input_files: - filename: gradle.patch - filename: 0001-Bug-33931-Filter-bridges-in-stream-by-type.patch - filename: 0001-Bug-30318-Add-snowflake-support.patch + - filename: 0001-Bug-41361-Add-conjure-support.patch View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 4 commits: Bug 41361: Reproducible conjure builds
by Richard Pospesel (＠richard) 31 Jan '23

31 Jan '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 144d70db by Cecylia Bocovich at 2023-01-31T20:56:23+00:00 Bug 41361: Reproducible conjure builds Add a conjure project and go dependencies to reproducibly build the conjure client on all platforms. - - - - - 76c3558e by Cecylia Bocovich at 2023-01-31T20:56:23+00:00 Bug 41361: Add conjure line to torrc-defaults Add the ClientTransportPlugin line for conjure to the torrc-defaults for desktop all platforms. - - - - - c3c4bd9f by Cecylia Bocovich at 2023-01-31T20:56:23+00:00 Bug 41361: Add conjure to tor-expert-bundle - - - - - d5a12bf8 by Cecylia Bocovich at 2023-01-31T20:56:23+00:00 Bug 41361: Move conjure README to the docs dir - - - - - 18 changed files: - projects/browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix - projects/browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix - projects/browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix - projects/browser/build - + projects/bsbuffer/config - + projects/conjure/build - + projects/conjure/config - + projects/go-cmp/config - + projects/goprotobuf/config - + projects/gotapdance/config - + projects/logrus/config - + projects/obfs4-lib/config - + projects/protobuf/config - + projects/snowflake-lib/config - projects/tor-expert-bundle/build - projects/tor-expert-bundle/config - projects/tor-expert-bundle/pt_config.json - + projects/weightedrand/config Changes: ===================================== projects/browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix ===================================== @@ -6,3 +6,6 @@ ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowfl ## webtunnel configuration ClientTransportPlugin webtunnel exec ./TorBrowser/Tor/PluggableTransports/webtunnel-client + +## conjure configuration +ClientTransportPlugin conjure exec ./TorBrowser/Tor/PluggableTransports/conjure-client -registerURL https://registration.refraction.network/api ===================================== projects/browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix ===================================== @@ -6,3 +6,6 @@ ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client ## webtunnel configuration ClientTransportPlugin webtunnel exec PluggableTransports/webtunnel-client + +## conjure configuration +ClientTransportPlugin conjure exec PluggableTransports/conjure-client -registerURL https://registration.refraction.network/api ===================================== projects/browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix ===================================== @@ -6,3 +6,6 @@ ClientTransportPlugin snowflake exec TorBrowser\Tor\PluggableTransports\snowflak ## webtunnel configuration ClientTransportPlugin webtunnel exec TorBrowser\Tor\PluggableTransports\webtunnel-client.exe + +## conjure configuration +ClientTransportPlugin conjure exec TorBrowser\Tor\PluggableTransports\conjure-client.exe -registerURL https://registration.refraction.network/api ===================================== projects/browser/build ===================================== @@ -100,13 +100,14 @@ mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b rm -f aarch64/tor/pluggable_transports/bridges_list.*.txt aarch64/tor/pluggable_transports/pt_config.json [% END -%] - # Snowflake's README is a documentation shipped in tor-expert-bundle + # Move READMEs from tor-expert-bundle to the doc dir mkdir -p "$TBDIR/$DOCSPATH/snowflake" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/snowflake"[% END %] - mv_tbdir tor/pluggable_transports/README.SNOWFLAKE.md "$DOCSPATH/snowflake/README.md" - - # WebTunnel's README is a documentation shipped in tor-expert-bundle + mkdir -p "$TBDIR/$DOCSPATH/webtunnel" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/webtunnel"[% END %] + mkdir -p "$TBDIR/$DOCSPATH/conjure" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/conjure"[% END %] + mv_tbdir tor/pluggable_transports/README.SNOWFLAKE.md "$DOCSPATH/snowflake/README.md" mv_tbdir tor/pluggable_transports/README.WEBTUNNEL.md "$DOCSPATH/webtunnel/README.md" + mv_tbdir tor/pluggable_transports/README.CONJURE.md "$DOCSPATH/conjure/README.md" # Move the PTs to where TB expects them mkdir -p "$TBDIR/$TORBINPATH" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$TORBINPATH"[% END %] ===================================== projects/bsbuffer/config ===================================== @@ -0,0 +1,17 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/sergeyfrolov/bsbuffer +git_hash: 94e85abb850729a5f54f383e8175e62931d04748 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/sergeyfrolov/bsbuffer + +input_files: + - project: container-image + - name: go + project: go ===================================== projects/conjure/build ===================================== @@ -0,0 +1,38 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %] +distdir=/var/tmp/dist/[% project %] +mkdir -p $distdir + +[% IF c("var/android") -%] + [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] + # We need to explicitly set CGO_ENABLED with Go 1.13.x as the Android build + # breaks otherwise. + export CGO_ENABLED=1 +[% END -%] + +tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %] +tar -C /var/tmp/dist -xf [% c('input_files_by_name/snowflake-lib') %] +tar -C /var/tmp/dist -xf [% c('input_files_by_name/gotapdance') %] + +mkdir -p /var/tmp/build +tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz +cd /var/tmp/build/[% project %]-[% c('version') %] + +mkdir -p "$GOPATH/src/gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure.git" + +# Fix gopath location of versioned dependencies +ln -sf "$GOPATH/src/git.torproject.org/pluggable-transports/snowflake.git" "$GOPATH/src/git.torproject.org/pluggable-transports/snowflake.git/v2" + +cd client +go build -ldflags '-s' +cp -a client[% IF c("var/windows") %].exe[% END %] $distdir/conjure-client[% IF c("var/windows") %].exe[% END %] + +cd .. +cp -a README.md $distdir/README.CONJURE.md + +cd $distdir +[% c('tar', { + tar_src => [ '.' ], + tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), + }) %] ===================================== projects/conjure/config ===================================== @@ -0,0 +1,21 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… +git_hash: b7d485734c3ab09ef3da818abb4b39ec27ef3a73 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +input_files: + - project: container-image + - name: go + project: go + - name: goptlib + project: goptlib + - name: gotapdance + project: gotapdance + - name: snowflake-lib + project: snowflake-lib + - name: '[% c("var/compiler") %]' + project: '[% c("var/compiler") %]' + enable: '[% c("var/android") %]' ===================================== projects/go-cmp/config ===================================== @@ -0,0 +1,23 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/google/go-cmp +git_hash: 8fa37b4dd109f12e42b131e485268768f18bcbf8 #v0.5.5 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/google/go-cmp + go_lib_deps: + - goxxerrors + build_go_lib_pre: | + cd "cmp" + +input_files: + - project: container-image + - name: go + project: go + - name: goxxerrors + project: goxxerrors ===================================== projects/goprotobuf/config ===================================== @@ -0,0 +1,23 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/golang/protobuf +git_hash: ae97035608a719c7a1c1c41bed0ae0744bdb0c6f #v1.5.2 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/golang/protobuf + go_lib_install: + - github.com/golang/protobuf/proto + go_lib_deps: + - protobuf + +input_files: + - project: container-image + - name: go + project: go + - name: protobuf + project: protobuf ===================================== projects/gotapdance/config ===================================== @@ -0,0 +1,47 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/refraction-networking/gotapdance +git_hash: 14162bd2967839d5d873645881f4a4761fb7bb48 #v1.3.0 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/refraction-networking/gotapdance + go_lib_deps: + - bsbuffer + - goprotobuf + - goptlib + - goxcrypto + - goxnet + - logrus + - obfs4-lib + - refraction-utls + - weightedrand + go_lib_install: + - github.com/refraction-networking/gotapdance/tapdance + +input_files: + - project: container-image + - name: go + project: go + - name: bsbuffer + project: bsbuffer + - name: goprotobuf + project: goprotobuf + - name: goptlib + project: goptlib + - name: goxcrypto + project: goxcrypto + - name: goxnet + project: goxnet + - name: logrus + project: logrus + - name: obfs4-lib + project: obfs4-lib + - name: refraction-utls + project: refraction-utls + - name: weightedrand + project: weightedrand ===================================== projects/logrus/config ===================================== @@ -0,0 +1,24 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/sirupsen/logrus +git_hash: bdc0db8ead3853c56b7cd1ac2ba4e11b47d7da6b #v1.8.1 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/sirupsen/logrus + go_lib_deps: + - goxcrypto + - goxsys + +input_files: + - project: container-image + - name: go + project: go + - name: goxcrypto + project: goxcrypto + - name: goxsys + project: goxsys ===================================== projects/obfs4-lib/config ===================================== @@ -0,0 +1,39 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://gitlab.com/yawning/obfs4.git +git_hash: 77af0cba934d73c4baeb709560bcfc9a9fbc661c +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: gitlab.com/yawning/obfs4.git + go_lib_deps: + - edwards25519 + - edwards25519-extra + - goptlib + - goxcrypto + - goxnet + - siphash + go_lib_install: + - gitlab.com/yawning/obfs4.git/common/ntor + - gitlab.com/yawning/obfs4.git/transports/obfs4 + +input_files: + - project: container-image + - name: go + project: go + - name: edwards25519 + project: edwards25519 + - name: edwards25519-extra + project: edwards25519-extra + - name: goptlib + project: goptlib + - name: goxcrypto + project: goxcrypto + - name: goxnet + project: goxnet + - name: siphash + project: siphash ===================================== projects/protobuf/config ===================================== @@ -0,0 +1,23 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/protocolbuffers/protobuf-go +git_hash: f2d1f6cbe10b90d22296ea09a7217081c2798009 #v1.26.0 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: google.golang.org/protobuf + go_lib_install: + - google.golang.org/protobuf/cmd/protoc-gen-go/internal_gengo + - google.golang.org/protobuf/compiler/protogen + - google.golang.org/protobuf/reflect/protodesc + - google.golang.org/protobuf/proto + - google.golang.org/protobuf/encoding/protojson + +input_files: + - project: container-image + - name: go + project: go ===================================== projects/snowflake-lib/config ===================================== @@ -0,0 +1,19 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://git.torproject.org/pluggable-transports/snowflake.git +git_hash: 01ae5b56e8399d29aa18605dc9add913d84dc553 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: git.torproject.org/pluggable-transports/snowflake.git + go_lib_install: + - git.torproject.org/pluggable-transports/snowflake.git/common/safelog + +input_files: + - project: container-image + - name: go + project: go ===================================== projects/tor-expert-bundle/build ===================================== @@ -12,6 +12,7 @@ mkdir pluggable_transports && cd pluggable_transports tar -xkf $rootdir/[% c('input_files_by_name/obfs4') %] tar -xkf $rootdir/[% c('input_files_by_name/snowflake') %] tar -xkf $rootdir/[% c('input_files_by_name/webtunnel') %] +tar -xkf $rootdir/[% c('input_files_by_name/conjure') %] # copy in bridge lines for each pluggable transport mv $rootdir/bridges_list.obfs4.txt . ===================================== projects/tor-expert-bundle/config ===================================== @@ -20,6 +20,8 @@ input_files: project: snowflake - project: webtunnel name: webtunnel + - name: conjure + project: conjure - filename: pt_config.json - filename: bridges_list.obfs4.txt - filename: bridges_list.meek-azure.txt ===================================== projects/tor-expert-bundle/pt_config.json ===================================== @@ -3,7 +3,8 @@ "pluggableTransports" : { "obfs4proxy" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}obfs4proxy${pt_extension}", "snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client${pt_extension}", - "webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client${pt_extension}" + "webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client${pt_extension}", + "conjure" : "ClientTransportPlugin conjure exec ${pt_path}conjure-client${pt_extension} -registerURL https://registration.refraction.network/api" }, "bridges" : { "meek-azure" : [ ===================================== projects/weightedrand/config ===================================== @@ -0,0 +1,17 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/mroth/weightedrand +git_hash: 0d642756f17d052e03f6ca68ee9264022f7d26af #v0.4.1 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +container: + use_container: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/mroth/weightedrand + +input_files: + - project: container-image + - name: go + project: go View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Updated release prep gitlab templates
by Richard Pospesel (＠richard) 31 Jan '23

31 Jan '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 56ade2cf by Richard Pospesel at 2023-01-31T19:39:09+00:00 Updated release prep gitlab templates - - - - - 2 changed files: - .gitlab/issue_templates/Release Prep - Alpha.md - .gitlab/issue_templates/Release Prep - Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Alpha.md ===================================== @@ -76,15 +76,13 @@ - [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>` - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message) - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>` - - [ ] Sign/Tag commit : + - [ ] Sign/Tag `gecko-dev` commit : - Tag : `$(ESR_TAG)` - Message : `Hg tag $(ESR_TAG)` - - [ ] Create new branches with the discovered `gecko-dev` commit as `HEAD` named: - - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` + - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named: + - `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - [ ] Push new branches and esr tag to origin - - [ ] Rebase previous `base-browser` patches onto the `gecko-dev` commit - - [ ] Rebase previous `tor-browser` patches onto the new `base-browser` branch + - [ ] Rebase previous `tor-browser` patches onto the new `gecko-dev` branch - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase): - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)` - [ ] diff of diffs: @@ -93,14 +91,17 @@ - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff` - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff` - [ ] Open MR for the rebase -- [ ] Sign/Tag `base-browser` commit: - - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` - - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` - - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha` + - [ ] Merge - [ ] Sign/Tag `tor-browser` commit : - Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)` - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based alpha` -- [ ] Push rebased branches and tags to `origin` +- [ ] Create `base-browser` branch from rebased `tor-browser` branch named: + - `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` + - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` +- [ ] Sign/Tag `base-browser` commit : + - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` + - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha` +- [ ] Push tags to `origin` - [ ] Update Gitlab Default Branch to new Alpha branch: https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repos… </details> @@ -109,7 +110,7 @@ <summary>Build</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches +Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] Update `rbm.conf` - [ ] `var/torbrowser_version` : update to next version @@ -126,6 +127,10 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch +- [ ] ***(Optional)*** Update Android-specific build configs + - [ ] ***(Optional)*** Update `projects/geckoview/config` + - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag + - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased - [ ] ***(Optional)*** Update `projects/tor-android-service/config` - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch - [ ] ***(Optional)*** Update `projects/application-services/config`: @@ -158,10 +163,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] ***(Optional)*** Update `projects/go/config` - [ ] `version` : update go version - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] ***(Optional)*** Update the manual - - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/ - - [ ] Open the latest build stage - - [ ] Download the artifacts (they come in a .zip file). + - [ ] ***(Optional)*** Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ + - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right) - [ ] Rename it to `manual_$PIPELINEID.zip` - [ ] Upload it to people.tpo - [ ] Update `projects/manual/config` @@ -179,8 +182,9 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - If you used the issue number, you will need to write the Tor Browser version manually - [ ] Open MR with above changes - [ ] Begin build on `$(BUILD_SERVER)` (fix any issues which come up and update MR) +- [ ] Merge - [ ] Sign/Tag commit: `make signtag-alpha` -- [ ] Push tag to origin +- [ ] Push tag to `origin` </details> <details> ===================================== .gitlab/issue_templates/Release Prep - Stable.md ===================================== @@ -28,19 +28,6 @@ - `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing) </details> -<details> - <summary>Desktop</summary> - -### **torbutton** : https://gitlab.torproject.org/tpo/applications/torbutton.git -- [ ] Update translations : - - [ ] `./import-translations.sh` - - **NOTE** : if there are no new strings imported then we are done here - - [ ] Commit with message `Translation updates` - - **NOTE** : only add files which are already being tracked -- [ ] fixup! `tor-browser`'s `Bug 10760 : Integrate TorButton to TorBrowser core` issue to point to updated `torbutton` commit - -</details> - <details> <summary>Android</summary> @@ -88,15 +75,13 @@ - [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>` - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message) - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>` - - [ ] Sign/Tag commit : + - [ ] Sign/Tag `gecko-dev` commit : - Tag : `$(ESR_TAG)` - Message : `Hg tag $(ESR_TAG)` - - [ ] Create new branches with the discovered `gecko-dev` commit as `HEAD` named: - - [ ] `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - [ ] `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` + - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named: + - `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - [ ] Push new branches and esr tag to origin - - [ ] Rebase previous `base-browser` patches onto the `gecko-dev` commit - - [ ] Rebase previous `tor-browser` patches onto the new `base-browser` branch + - [ ] Rebase previous `tor-browser` patches onto the new `gecko-dev` branch - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase): - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)` - [ ] diff of diffs: @@ -105,14 +90,17 @@ - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff` - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff` - [ ] Open MR for the rebase -- [ ] Sign/Tag `base-browser` commit: - - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` - - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` - - Message: `Tagging build1 for $(ESR_VERSION)esr-based stable` + - [ ] Merge - [ ] Sign/Tag `tor-browser` commit : - Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)` - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based stable` -- [ ] Push rebased branches and tags to `origin` +- [ ] Create `base-browser` branch from rebased `tor-browser` branch named: + - `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` + - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` +- [ ] Sign/Tag `base-browser` commit: + - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` + - Message: `Tagging build1 for $(ESR_VERSION)esr-based stable` +- [ ] Push tags to `origin` </details> @@ -120,7 +108,7 @@ <summary>Build</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches +Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches - [ ] Update `rbm.conf` - [ ] `var/torbrowser_version` : update to next version @@ -141,8 +129,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] ***(Optional)*** Update `projects/geckoview/config` - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/tba-translations/config`: - - [ ] `git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch - [ ] ***(Optional)*** Update `projects/tor-android-service/config` - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch - [ ] ***(Optional)*** Update `projects/application-services/config`: @@ -175,10 +161,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] ***(Optional)*** Update `projects/go/config` - [ ] `version` : update go version - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] ***(Optional)*** Update the manual - - [ ] Go to https://gitlab.torproject.org/tpo/web/manual/-/jobs/ - - [ ] Open the latest build stage - - [ ] Download the artifacts (they come in a .zip file). + - [ ] ***(Optional)*** Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ + - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right) - [ ] Rename it to `manual_$PIPELINEID.zip` - [ ] Upload it to people.tpo - [ ] Update `projects/manual/config` @@ -187,10 +171,18 @@ Tor Browser Alpha (and Nightly) are on the `main` branch, while Stable lives in - [ ] Update the URL if you have uploaded to a different people.tpo home - [ ] Update `ChangeLog.txt` - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches + - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones + - [ ] Run `tools/fetch-changelogs.py $(TOR_BROWSER_VERSION)` or `tools/fetch-changelogs.py '#$(ISSUE_NUMBER)'` + - Make sure you have `requests` installed (e.g., `apt install python3-requests`) + - The first time you run this script you will need to generate an access token; the script will guide you + - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output + - At the moment, the script does not create a _Build System_ section + - If you used the issue number, you will need to write the Tor Browser version manually - [ ] Open MR with above changes - [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR) +- [ ] Merge - [ ] Sign/Tag commit: `make signtag-release` -- [ ] Push tag to origin +- [ ] Push tag to `origin` </details> <details> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Apply Snowflake Remove HelloVerify Countermeasure
by Richard Pospesel (＠richard) 31 Jan '23

31 Jan '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 4f631cd2 by Shelikhoo at 2023-01-31T18:38:20+00:00 Apply Snowflake Remove HelloVerify Countermeasure - - - - - 3 changed files: - projects/pion-dtls/config - projects/pion-webrtc/config - projects/snowflake/config Changes: ===================================== projects/pion-dtls/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' -git_url: https://github.com/pion/dtls -git_hash: d2f797183a9f044ce976e6df6f362662ca722412 #v2.1.5 +git_url: https://github.com/xiaokangwang/dtls +git_hash: 16e5cc8ce01c0262e4d945b7fe90eba4d7d58ce5 #v2.1.5+patch filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' container: use_container: 1 ===================================== projects/pion-webrtc/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' -git_url: https://github.com/pion/webrtc -git_hash: 7367daf2324b66290f0bdbaab1e51297de1f4989 #v3.1.41 +git_url: https://github.com/xiaokangwang/webrtc +git_hash: be9162e2b526205877a0069bdbf8c97655345403 #v3.1.41+patch filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' container: use_container: 1 ===================================== projects/snowflake/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… -git_hash: 9ce1de4eee4e23c918c7c5e96666ff5c6ddc654e +git_hash: 7b77001eaa90e09d41172a2b170dabd3f1922b4a filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' container: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 5 commits: Bug 40736: Update signing scripts to support other browser names
by Richard Pospesel (＠richard) 31 Jan '23

31 Jan '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 72ff4a22 by Nicolas Vigier at 2023-01-31T15:50:28+00:00 Bug 40736: Update signing scripts to support other browser names - - - - - 38b371a3 by Nicolas Vigier at 2023-01-31T15:50:28+00:00 Bug 40755: Use openssl-1.0.2 for building libdmg-hfsplus outside containers libdmg-hfsplus fails to build with openssl1.1: https://github.com/planetbeing/libdmg-hfsplus/issues/14 - - - - - 9c1b95ed by Nicolas Vigier at 2023-01-31T15:50:28+00:00 Bug 40755: Allow building hfsplus-tools without container If clang is insalled, building hfsplus-tools should work without container. - - - - - 799a65af by Nicolas Vigier at 2023-01-31T15:50:28+00:00 Bug 40756: Fix gatekeeper-bundling.sh after #40732 - - - - - acf060ec by Nicolas Vigier at 2023-01-31T15:50:28+00:00 Bug 40736: Add privacybrowser symlink to signing scripts - - - - - 30 changed files: - .gitlab/issue_templates/Release Prep - Alpha.md - projects/hfsplus-tools/build - projects/hfsplus-tools/config - projects/libdmg-hfsplus/build - projects/libdmg-hfsplus/config - + projects/openssl-1.0.2/build - + projects/openssl-1.0.2/config - + tools/signing/.gitignore - tools/signing/android-signing - + tools/signing/android-signing.privacybrowser - + tools/signing/android-signing.torbrowser - tools/signing/ddmg.sh - tools/signing/dmg2mar - tools/signing/do-all-signing - + tools/signing/do-all-signing.privacybrowser - + tools/signing/do-all-signing.torbrowser - tools/signing/finished-signing-clean-linux-signer - tools/signing/finished-signing-clean-macos-signer - tools/signing/functions - tools/signing/gatekeeper-bundling.sh - tools/signing/linux-signer-authenticode-signing - + tools/signing/linux-signer-authenticode-signing.privacybrowser - + tools/signing/linux-signer-authenticode-signing.torbrowser - tools/signing/linux-signer-gpg-sign - + tools/signing/linux-signer-gpg-sign.privacybrowser - + tools/signing/linux-signer-gpg-sign.torbrowser - tools/signing/linux-signer-signmars - + tools/signing/linux-signer-signmars.privacybrowser - + tools/signing/linux-signer-signmars.torbrowser - tools/signing/macos-signer-gatekeeper-signing The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.5-1] amend! Bug 40253: Explicitly allow NoScript in Private Browsing mode.
by Pier Angelo Vendrame (＠pierov) 31 Jan '23

31 Jan '23

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 4663df71 by hackademix at 2023-01-31T15:42:24+01:00 amend! Bug 40253: Explicitly allow NoScript in Private Browsing mode. Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 1 changed file: - toolkit/mozapps/extensions/internal/XPIDatabase.jsm Changes: ===================================== toolkit/mozapps/extensions/internal/XPIDatabase.jsm ===================================== @@ -854,6 +854,15 @@ class AddonInternal { } } + // Bug 41598: prevent NoScript from being uninstalled/disabled + if (this.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}") { + permissions &= ~( + AddonManager.PERM_CAN_UNINSTALL | + AddonManager.PERM_CAN_DISABLE | + AddonManager.PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS + ); + } + return permissions; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4663df7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4663df7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.5-1] amend! Bug 40253: Explicitly allow NoScript in Private Browsing mode.
by Pier Angelo Vendrame (＠pierov) 31 Jan '23

31 Jan '23

Pier Angelo Vendrame pushed to branch tor-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 5ac078b7 by hackademix at 2023-01-31T12:26:37+01:00 amend! Bug 40253: Explicitly allow NoScript in Private Browsing mode. Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 1 changed file: - toolkit/mozapps/extensions/internal/XPIDatabase.jsm Changes: ===================================== toolkit/mozapps/extensions/internal/XPIDatabase.jsm ===================================== @@ -854,6 +854,15 @@ class AddonInternal { } } + // Bug 41598: prevent NoScript from being uninstalled/disabled + if (this.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}") { + permissions &= ~( + AddonManager.PERM_CAN_UNINSTALL | + AddonManager.PERM_CAN_DISABLE | + AddonManager.PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS + ); + } + return permissions; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5ac078b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5ac078b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.7.0esr-12.0-1] Bug 1799982 - Remove uses of inline flags from XPIDL regexps. r=xpcom-reviewers, kmag a=RyanVM
by Pier Angelo Vendrame (＠pierov) 30 Jan '23

30 Jan '23

Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: ec608fde by Andrew McCreight at 2023-01-30T18:09:46+00:00 Bug 1799982 - Remove uses of inline flags from XPIDL regexps. r=xpcom-reviewers,kmag a=RyanVM Apparently the use of these is being turned into an error in Python 3.11. Fortunately, our uses appears to be rather trivial. For t_multilinecomment and t_LCDATA, I dropped the (?s) flag and just replaced the one use of . with (\n|.). (?s) means DOTALL, which means that dot includes any character, including a newline. Otherwise it means dot includes any character except a newline. I took the new t_singlelinecomment from IPDL's parser.py, so I assume it is reasonable enough. t_multilinecomment is also now the same as in IPDL. Differential Revision: https://phabricator.services.mozilla.com/D161738 (cherry picked from commit 9e5dcf54d1f2aea76cd23cccb2f1b39d76ab6e50) - - - - - 1 changed file: - xpcom/idl-parser/xpidl/xpidl.py Changes: ===================================== xpcom/idl-parser/xpidl/xpidl.py ===================================== @@ -1572,13 +1572,13 @@ class IDLParser(object): t_ignore = " \t" def t_multilinecomment(self, t): - r"/\*(?s).*?\*/" + r"/\*(\n|.)*?\*/" t.lexer.lineno += t.value.count("\n") if t.value.startswith("/**"): self._doccomments.append(t.value) def t_singlelinecomment(self, t): - r"(?m)//.*?$" + r"//[^\n]*" def t_IID(self, t): return t @@ -1591,7 +1591,7 @@ class IDLParser(object): return t def t_LCDATA(self, t): - r"(?s)%\{[ ]*C\+\+[ ]*\n(?P<cdata>.*?\n?)%\}[ ]*(C\+\+)?" + r"%\{[ ]*C\+\+[ ]*\n(?P<cdata>(\n|.)*?\n?)%\}[ ]*(C\+\+)?" t.type = "CDATA" t.value = t.lexer.lexmatch.group("cdata") t.lexer.lineno += t.value.count("\n") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ec608fd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ec608fd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.7.0esr-12.0-1] Bug 1799982 - Remove uses of inline flags from XPIDL regexps. r=xpcom-reviewers, kmag a=RyanVM
by Pier Angelo Vendrame (＠pierov) 30 Jan '23

30 Jan '23

Pier Angelo Vendrame pushed to branch tor-browser-102.7.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 7ec236d4 by Andrew McCreight at 2023-01-30T18:09:33+00:00 Bug 1799982 - Remove uses of inline flags from XPIDL regexps. r=xpcom-reviewers,kmag a=RyanVM Apparently the use of these is being turned into an error in Python 3.11. Fortunately, our uses appears to be rather trivial. For t_multilinecomment and t_LCDATA, I dropped the (?s) flag and just replaced the one use of . with (\n|.). (?s) means DOTALL, which means that dot includes any character, including a newline. Otherwise it means dot includes any character except a newline. I took the new t_singlelinecomment from IPDL's parser.py, so I assume it is reasonable enough. t_multilinecomment is also now the same as in IPDL. Differential Revision: https://phabricator.services.mozilla.com/D161738 (cherry picked from commit 9e5dcf54d1f2aea76cd23cccb2f1b39d76ab6e50) - - - - - 1 changed file: - xpcom/idl-parser/xpidl/xpidl.py Changes: ===================================== xpcom/idl-parser/xpidl/xpidl.py ===================================== @@ -1572,13 +1572,13 @@ class IDLParser(object): t_ignore = " \t" def t_multilinecomment(self, t): - r"/\*(?s).*?\*/" + r"/\*(\n|.)*?\*/" t.lexer.lineno += t.value.count("\n") if t.value.startswith("/**"): self._doccomments.append(t.value) def t_singlelinecomment(self, t): - r"(?m)//.*?$" + r"//[^\n]*" def t_IID(self, t): return t @@ -1591,7 +1591,7 @@ class IDLParser(object): return t def t_LCDATA(self, t): - r"(?s)%\{[ ]*C\+\+[ ]*\n(?P<cdata>.*?\n?)%\}[ ]*(C\+\+)?" + r"%\{[ ]*C\+\+[ ]*\n(?P<cdata>(\n|.)*?\n?)%\}[ ]*(C\+\+)?" t.type = "CDATA" t.value = t.lexer.lexmatch.group("cdata") t.lexer.lineno += t.value.count("\n") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec236d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec236d… You're receiving this email because of your account on gitlab.torproject.org.

1 0