- tbb-commits - lists.torproject.org

[tor-browser-build/master] Bug 31844: Fix unquoted paths in OpenSSL Windows build
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit 7bab743e199ea3d3ba8ca3f5ba5289609035f37c Author: Nicolas Vigier <boklm(a)torproject.org> Date: Wed Sep 25 14:10:12 2019 +0200 Bug 31844: Fix unquoted paths in OpenSSL Windows build The default OPENSSLDIR on Windows builds contain spaces and parenthesis, which break the build as the unquoted path is used in several places. We fix this by escaping the spaces and parenthesis. This is fixing part of the issues mentioned in: https://github.com/openssl/openssl/issues/9520 --- projects/openssl/build | 3 +++ projects/openssl/config | 2 ++ projects/openssl/escape-openssldir.patch | 28 ++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/projects/openssl/build b/projects/openssl/build index d53185e..3ee3571 100644 --- a/projects/openssl/build +++ b/projects/openssl/build @@ -13,6 +13,9 @@ export CC='gcc -m32' ln -s $clangdir/bin/clang $clangdir/bin/x86_64-apple-darwin11-cc export CC="cc [% c("var/FLAGS") %]" [% END -%] +[% IF c("var/windows") -%] + patch -p1 < $rootdir/escape-openssldir.patch +[% END -%] export SOURCE_DATE_EPOCH='[% c("timestamp") %]' ./Configure [% c('var/configure_opts') %] make diff --git a/projects/openssl/config b/projects/openssl/config index f648598..2fc46ea 100644 --- a/projects/openssl/config +++ b/projects/openssl/config @@ -29,3 +29,5 @@ input_files: project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' sha256sum: 1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 + - filename: escape-openssldir.patch + enable: '[% c("var/windows") %]' diff --git a/projects/openssl/escape-openssldir.patch b/projects/openssl/escape-openssldir.patch new file mode 100644 index 0000000..684a179 --- /dev/null +++ b/projects/openssl/escape-openssldir.patch @@ -0,0 +1,28 @@ +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 7db7578a4b..e5ba20b589 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -215,6 +215,7 @@ INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + $prefix_dev -} + INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir); + $x =~ s|\\|/|g; ++ $x =~ s/([ ])/\\$1/g; + $x -} + OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, +@@ -239,6 +240,7 @@ OPENSSLDIR_dev={- # + $openssldir_dev -} + OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir); + $x =~ s|\\|/|g; ++ $x =~ s/([ ])/\\$1/g; + $x -} + LIBDIR={- our $libdir = $config{libdir} || "lib"; + File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -} +@@ -253,6 +255,7 @@ ENGINESDIR_dev={- use File::Spec::Win32; + $enginesdir_dev -} + ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir); + $x =~ s|\\|/|g; ++ $x =~ s/([ ])/\\$1/g; + $x -} + # In a Windows environment, $(DESTDIR) is harder to contatenate with other + # directory variables, because both may contain devices. What we do here is

1 0

[tor-browser-build/master] Bug 31192 - Follow Mozilla for Android SDK config
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit cb97c6e9fd52e4a3871c8a1c2f77a00911f7d0ac Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Thu Sep 26 17:07:06 2019 +0000 Bug 31192 - Follow Mozilla for Android SDK config --- projects/firefox/mozconfig-android-aarch64 | 3 ++- projects/firefox/mozconfig-android-armv7 | 3 ++- projects/firefox/mozconfig-android-x86 | 3 ++- projects/firefox/mozconfig-android-x86_64 | 1 - 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/projects/firefox/mozconfig-android-aarch64 b/projects/firefox/mozconfig-android-aarch64 index f5c1474..3d997bc 100644 --- a/projects/firefox/mozconfig-android-aarch64 +++ b/projects/firefox/mozconfig-android-aarch64 @@ -4,6 +4,8 @@ export MOZILLA_OFFICIAL=1 CC="clang" CXX="clang++" +ac_add_options --with-android-min-sdk=21 + ac_add_options --enable-optimize ac_add_options --enable-official-branding @@ -12,7 +14,6 @@ ac_add_options --target=aarch64-linux-android ac_add_options --with-android-ndk=/var/tmp/dist/android-toolchain/android-ndk ac_add_options --with-android-sdk=/var/tmp/dist/android-toolchain/android-sdk-linux ac_add_options --with-gradle=/var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/bin/gradle -ac_add_options --with-android-version=21 ac_add_options --with-android-distribution-directory=@TOPSRCDIR@/mobile/android/torbrowser ac_add_options --with-l10n-base=/var/tmp/dist/locales diff --git a/projects/firefox/mozconfig-android-armv7 b/projects/firefox/mozconfig-android-armv7 index 75e1d78..2ef6138 100644 --- a/projects/firefox/mozconfig-android-armv7 +++ b/projects/firefox/mozconfig-android-armv7 @@ -4,6 +4,8 @@ export MOZILLA_OFFICIAL=1 CC="clang" CXX="clang++" +ac_add_options --with-android-min-sdk=16 + ac_add_options --enable-optimize ac_add_options --enable-official-branding @@ -12,7 +14,6 @@ ac_add_options --target=arm-linux-androideabi ac_add_options --with-android-ndk=/var/tmp/dist/android-toolchain/android-ndk ac_add_options --with-android-sdk=/var/tmp/dist/android-toolchain/android-sdk-linux ac_add_options --with-gradle=/var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/bin/gradle -ac_add_options --with-android-version=16 ac_add_options --with-android-distribution-directory=@TOPSRCDIR@/mobile/android/torbrowser ac_add_options --with-l10n-base=/var/tmp/dist/locales diff --git a/projects/firefox/mozconfig-android-x86 b/projects/firefox/mozconfig-android-x86 index be1efd6..966ef3f 100644 --- a/projects/firefox/mozconfig-android-x86 +++ b/projects/firefox/mozconfig-android-x86 @@ -4,6 +4,8 @@ export MOZILLA_OFFICIAL=1 CC="clang" CXX="clang++" +ac_add_options --with-android-min-sdk=16 + ac_add_options --enable-optimize ac_add_options --enable-official-branding @@ -12,7 +14,6 @@ ac_add_options --target=i686-linux-android ac_add_options --with-android-ndk=/var/tmp/dist/android-toolchain/android-ndk ac_add_options --with-android-sdk=/var/tmp/dist/android-toolchain/android-sdk-linux ac_add_options --with-gradle=/var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/bin/gradle -ac_add_options --with-android-version=16 ac_add_options --with-android-distribution-directory=@TOPSRCDIR@/mobile/android/torbrowser ac_add_options --with-l10n-base=/var/tmp/dist/locales diff --git a/projects/firefox/mozconfig-android-x86_64 b/projects/firefox/mozconfig-android-x86_64 index 55bc883..17c3906 100644 --- a/projects/firefox/mozconfig-android-x86_64 +++ b/projects/firefox/mozconfig-android-x86_64 @@ -14,7 +14,6 @@ ac_add_options --target=x86_64-linux-android ac_add_options --with-android-ndk=/var/tmp/dist/android-toolchain/android-ndk ac_add_options --with-android-sdk=/var/tmp/dist/android-toolchain/android-sdk-linux ac_add_options --with-gradle=/var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/bin/gradle -ac_add_options --with-android-version=21 ac_add_options --with-android-distribution-directory=@TOPSRCDIR@/mobile/android/torbrowser ac_add_options --with-l10n-base=/var/tmp/dist/locales

1 0

[tor-browser-build/master] Bug 31192 - Add Android x86_64 build support
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit f89da2a9b03b70e1ec2e99248b86a96f989d3bed Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Wed Sep 18 20:19:32 2019 +0000 Bug 31192 - Add Android x86_64 build support --- Makefile | 15 ++++++++++ README | 2 ++ README.HACKING | 18 ++++++++---- README.MAKEFILE | 8 +++--- projects/android-toolchain/build | 3 +- projects/firefox/mozconfig-android-x86_64 | 48 +++++++++++++++++++++++++++++++ projects/release/build | 3 ++ projects/release/config | 12 ++++++++ projects/rust/config | 4 +++ projects/tor-browser/build.android | 5 ++++ rbm.conf | 9 ++++++ 11 files changed, 116 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 94a26f6..9f61bfb 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,9 @@ release-android-armv7: submodule-update release-android-x86: submodule-update $(rbm) build release --target release --target torbrowser-android-x86 +release-android-x86_64: submodule-update + $(rbm) build release --target release --target torbrowser-android-x86_64 + release-android-aarch64: submodule-update $(rbm) build release --target release --target torbrowser-android-aarch64 @@ -44,6 +47,9 @@ alpha-android-armv7: submodule-update alpha-android-x86: submodule-update $(rbm) build release --target alpha --target torbrowser-android-x86 +alpha-android-x86_64: submodule-update + $(rbm) build release --target alpha --target torbrowser-android-x86_64 + alpha-android-aarch64: submodule-update $(rbm) build release --target alpha --target torbrowser-android-aarch64 @@ -77,6 +83,9 @@ nightly-android-armv7: submodule-update nightly-android-x86: submodule-update $(rbm) build release --target nightly --target torbrowser-android-x86 +nightly-android-x86_64: submodule-update + $(rbm) build release --target nightly --target torbrowser-android-x86_64 + nightly-android-aarch64: submodule-update $(rbm) build release --target nightly --target torbrowser-android-aarch64 @@ -110,6 +119,9 @@ alpha_nightly-android-armv7: submodule-update alpha_nightly-android-x86: submodule-update $(rbm) build release --target alpha_nightly --target torbrowser-android-x86 +alpha_nightly-android-x86_64: submodule-update + $(rbm) build release --target alpha_nightly --target torbrowser-android-x86_64 + alpha_nightly-android-aarch64: submodule-update $(rbm) build release --target alpha_nightly --target torbrowser-android-aarch64 @@ -140,6 +152,9 @@ testbuild-android-armv7: submodule-update testbuild-android-x86: submodule-update $(rbm) build release --target testbuild --target torbrowser-android-x86 +testbuild-android-x86_64: submodule-update + $(rbm) build release --target testbuild --target torbrowser-android-x86_64 + testbuild-android-aarch64: submodule-update $(rbm) build release --target testbuild --target torbrowser-android-aarch64 diff --git a/README b/README index 2ea5630..481db2e 100644 --- a/README +++ b/README @@ -79,7 +79,9 @@ name to the makefile target: $ make nightly-windows-i686 $ make nightly-osx-x86_64 $ make nightly-android-armv7 + $ make nightly-android-aarch64 $ make nightly-android-x86 + $ make nightly-android-x86_64 When you want to quickly do a build to test a change, you can use the testbuild makefile target, and find the build in the testbuild directory. diff --git a/README.HACKING b/README.HACKING index 081a3d5..0d3eeb8 100644 --- a/README.HACKING +++ b/README.HACKING @@ -45,16 +45,18 @@ The targets are usually used to select: - the platform: torbrowser-linux-x86_64, torbrowser-linux-i686, torbrowser-windows-i686, torbrowser-windows-x86_64, torbrowser-osx-x86_64, - torbrowser-android-armv7, torbrowser-android-x86 + torbrowser-android-armv7, torbrowser-android-aarch64, torbrowser-android-x86, + torbrowser-android-x86_64 - the channel: release, nightly, alpha The targets torbrowser-linux-x86_64, torbrowser-linux-i686, torbrowser-windows-i686, torbrowser-windows-x86_64, torbrowser-osx-x86_64, -torbrowser-android-armv7, and torbrowser-android-x86 are special cases. They do -not contain options directly, instead they contain a list of other targets. For -instance, the torbrowser-linux-x86_64 target is pointing to the linux-x86_64 and -linux targets. You should define an option under the linux target if it applies -to Linux on both architectures, or under the linux-x86_64 if it only applies to +torbrowser-android-armv7, torbrowser-android-x86, torbrowser-android-aarch64, +torbrowser-android-x86_64 are special cases. They do not contain options +directly, instead they contain a list of other targets. For instance, the +torbrowser-linux-x86_64 target is pointing to the linux-x86_64 and linux +targets. You should define an option under the linux target if it applies to +Linux on both architectures, or under the linux-x86_64 if it only applies to the x86_64 architecture. An option that is defined at the root of rbm.conf can be overridden by @@ -156,8 +158,12 @@ $platform should be one of the following: - torbrowser-android-armv7 + - torbrowser-android-aarch64 + - torbrowser-android-x86 + - torbrowser-android-x86_64 + For example, to see tor's build script for linux x86_64 on the alpha channel, you can use: diff --git a/README.MAKEFILE b/README.MAKEFILE index addff64..e106ca4 100644 --- a/README.MAKEFILE +++ b/README.MAKEFILE @@ -8,7 +8,7 @@ Build Tor Browser for the release channel, for all supported platforms. The resulting build can be found in directory release/$version. release-{linux-x86_64,linux-i686,windows-i686,osx-x86_64,android-armv7, - android-x86} + android-x86,android-x86_64,android-aarch64} ----------------------------------------------------------------------- Same as release, for the selected platform only. @@ -18,7 +18,7 @@ Build Tor Browser for the alpha channel, for all supported platforms. The resulting build can be found in directory alpha/$version. alpha-{linux-x86_64,linux-i686,windows-i686,osx-x86_64,android-armv7, - android-x86} + android-x86,android-x86_64,android-aarch64} --------------------------------------------------------------------- Same as alpha, for the selected platform only. @@ -32,7 +32,7 @@ components. The resulting build can be found in directory nightly/$date nightly-{linux-x86_64,linux-i686,windows-i686,osx-x86_64,android-armv7, - android-x86} + android-x86,android-x86_64,android-aarch64} ----------------------------------------------------------------------- Same as nightly, for the selected platform only. @@ -43,7 +43,7 @@ This is the same as 'make alpha', but the output directory is different. The resulting build can be found in directory alpha_nightly/$date alpha_nightly-{linux-x86_64,linux-i686,windows-i686,osx-x86_64,android-armv7, - android-x86} + android-x86,android-x86_64,android-aarch64} ----------------------------------------------------------------------------- The same as alpha_nightly, for the selected platform only. diff --git a/projects/android-toolchain/build b/projects/android-toolchain/build index 42e961c..f4defc5 100644 --- a/projects/android-toolchain/build +++ b/projects/android-toolchain/build @@ -20,8 +20,9 @@ rm -fR android-ndk-r17b # The architectures we support ./build/tools/make_standalone_toolchain.py --api [% c("var/android_min_api_armv7") %] --arch arm --install-dir=./arm -./build/tools/make_standalone_toolchain.py --api [% c("var/android_min_api_x86") %] --arch x86 --install-dir=./x86 ./build/tools/make_standalone_toolchain.py --api [% c("var/android_min_api_aarch64") %] --arch arm64 --install-dir=./arm64 +./build/tools/make_standalone_toolchain.py --api [% c("var/android_min_api_x86") %] --arch x86 --install-dir=./x86 +./build/tools/make_standalone_toolchain.py --api [% c("var/android_min_api_x86_64") %] --arch x86_64 --install-dir=./x86_64 # Tool Archives cd $SDK_HOME diff --git a/projects/firefox/mozconfig-android-x86_64 b/projects/firefox/mozconfig-android-x86_64 new file mode 100644 index 0000000..55bc883 --- /dev/null +++ b/projects/firefox/mozconfig-android-x86_64 @@ -0,0 +1,48 @@ +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-x86_64-linux-android +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 +CC="clang" +CXX="clang++" + +ac_add_options --with-android-min-sdk=21 + +ac_add_options --enable-optimize +ac_add_options --enable-official-branding + +ac_add_options --enable-application=mobile/android +ac_add_options --target=x86_64-linux-android +ac_add_options --with-android-ndk=/var/tmp/dist/android-toolchain/android-ndk +ac_add_options --with-android-sdk=/var/tmp/dist/android-toolchain/android-sdk-linux +ac_add_options --with-gradle=/var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/bin/gradle +ac_add_options --with-android-version=21 + +ac_add_options --with-android-distribution-directory=@TOPSRCDIR@/mobile/android/torbrowser +ac_add_options --with-l10n-base=/var/tmp/dist/locales + +# We do not use Tor Launcher on Android: +ac_add_options --disable-tor-launcher + +if [ -z "${TB_BUILD_WITH_UPDATER}" ]; then +# Because Google Play will likely be the primary distribution medium, +# we disable updating and rely on Google Play by default. The +# Developer Policy explicitly prohibits in-app updating: +# An app distributed via Google Play may not modify, replace, or +# update itself using any method other than Google Plays update +# mechanism. +# https://play.google.com/about/privacy-security-deception/malicious-behavior/ + + ac_add_options --disable-tor-browser-update + ac_add_options --disable-signmar + ac_add_options --disable-verify-mar +fi + +ac_add_options --enable-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-rust-debug +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc + +ac_add_options --without-google-play-services + +ac_add_options --enable-proxy-bypass-protection diff --git a/projects/release/build b/projects/release/build index 347d9a8..c1badd6 100644 --- a/projects/release/build +++ b/projects/release/build @@ -10,6 +10,9 @@ mkdir -p "$destdir" [% IF c("var/torbrowser-android-x86") -%] mv [% c('input_files_by_name/android-x86') %]/* "$destdir"/ [% END -%] +[% IF c("var/torbrowser-android-x86_64") -%] + mv [% c('input_files_by_name/android-x86_64') %]/* "$destdir"/ +[% END -%] [% IF c("var/torbrowser-android-aarch64") -%] mv [% c('input_files_by_name/android-aarch64') %]/* "$destdir"/ [% END -%] diff --git a/projects/release/config b/projects/release/config index 524eadf..d1aee8c 100644 --- a/projects/release/config +++ b/projects/release/config @@ -17,6 +17,7 @@ targets: - torbrowser-osx-x86_64 - torbrowser-android-armv7 - torbrowser-android-x86 + - torbrowser-android-x86_64 - torbrowser-android-aarch64 - torbrowser-src torbrowser-android-armv7: @@ -25,6 +26,9 @@ targets: torbrowser-android-x86: var: torbrowser-android-x86: 1 + torbrowser-android-x86_64: + var: + torbrowser-android-x86_64: 1 torbrowser-android-aarch64: var: torbrowser-android-aarch64: 1 @@ -121,6 +125,14 @@ input_files: - '[% c("var/build_target") %]' - torbrowser-android-x86 + - name: android-x86_64 + project: tor-browser + enable: '[% c("var/torbrowser-android-x86_64") %]' + target: + - '[% c("var/containers_target") %]' + - '[% c("var/build_target") %]' + - torbrowser-android-x86_64 + - name: android-aarch64 project: tor-browser enable: '[% c("var/torbrowser-android-aarch64") %]' diff --git a/projects/rust/config b/projects/rust/config index dbde815..03d7be0 100644 --- a/projects/rust/config +++ b/projects/rust/config @@ -22,6 +22,10 @@ targets: var: configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --target=i686-linux-android --set=target.i686-linux-android.cc=$ANDROID_NDK_HOME/x86/bin/i686-linux-android-gcc + android-x86_64: + var: + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --target=x86_64-linux-android --set=target.x86_64-linux-android.cc=$ANDROID_NDK_HOME/x86_64/bin/x86_64-linux-android-gcc + android-aarch64: var: configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --target=aarch64-linux-android --set=target.aarch64-linux-android.cc=$ANDROID_NDK_HOME/arm64/bin/aarch64-linux-android-gcc diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android index b90c8b9..9f255da 100644 --- a/projects/tor-browser/build.android +++ b/projects/tor-browser/build.android @@ -24,6 +24,11 @@ zip -d $apk lib/\* zip_src => [ 'lib/x86/*' ], zip_args => '$apk', }) %] +[% ELSIF c("var/android-x86_64") %] + [% c('zip', { + zip_src => [ 'lib/x86_64/*' ], + zip_args => '$apk', + }) %] [% ELSIF c("var/android-armv7") %] [% c('zip', { zip_src => [ 'lib/armeabi-v7a/*' ], diff --git a/rbm.conf b/rbm.conf index e6379f8..008fab7 100644 --- a/rbm.conf +++ b/rbm.conf @@ -191,6 +191,14 @@ targets: var: android-x86: 1 osname: android-x86 + torbrowser-android-x86_64: + - android-x86_64 + - android + android-x86_64: + arch: x86_64 + var: + android-x86_64: 1 + osname: android-x86_64 torbrowser-android-aarch64: - android-aarch64 - android @@ -209,6 +217,7 @@ targets: android_min_api_aarch64: 21 android_min_api_armv7: 16 android_min_api_x86: 16 + android_min_api_x86_64: 21 snowflake: 0 container: suite: stretch

1 0

[tor-browser-build/master] Bug 31192 - Pick up new tor-android-service commit
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit 2d3807e3a2b072f7d3d9bb24419e0b0e6688b26a Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Tue Sep 24 16:58:59 2019 +0000 Bug 31192 - Pick up new tor-android-service commit --- projects/tor-android-service/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/tor-android-service/config b/projects/tor-android-service/config index 762a813..db8f5ac 100644 --- a/projects/tor-android-service/config +++ b/projects/tor-android-service/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %]' -git_hash: 8d307a63a95a31d3578715ca407066062f9d7f5e +git_hash: 50d01b1fbc6e776d0b39f42f644137dd25a92c7a git_url: https://git.torproject.org/tor-android-service.git git_submodule: 1

1 0

[tor-browser-build/master] Bug 30380 - Add patch for canceling Dormant by startup
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit e30f06ac6c40a32354fe01a2613fb3c2a63e630c Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Thu Sep 26 00:52:18 2019 +0000 Bug 30380 - Add patch for canceling Dormant by startup --- projects/tor-onion-proxy-library/build | 1 + .../tor-onion-proxy-library/canceldormant.patch | 46 ++++++++++++++++++++++ projects/tor-onion-proxy-library/config | 1 + 3 files changed, 48 insertions(+) diff --git a/projects/tor-onion-proxy-library/build b/projects/tor-onion-proxy-library/build index 605f017..41cc815 100644 --- a/projects/tor-onion-proxy-library/build +++ b/projects/tor-onion-proxy-library/build @@ -18,6 +18,7 @@ tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz # Patch projects cd /var/tmp/build/[% project %]-[% c('version') %] patch -p1 < $rootdir/gradle.patch +patch -p1 < $rootdir/canceldormant.patch # Build Android Libraries and Apps $GRADLE_HOME/gradle-4.10.2/bin/gradle --offline --no-daemon -P androidplugin=3.1.0 -Dmaven.repo.local=$gradle_repo assembleRelease -x lint diff --git a/projects/tor-onion-proxy-library/canceldormant.patch b/projects/tor-onion-proxy-library/canceldormant.patch new file mode 100644 index 0000000..8d48af1 --- /dev/null +++ b/projects/tor-onion-proxy-library/canceldormant.patch @@ -0,0 +1,46 @@ +diff --git a/universal/src/main/java/com/msopentech/thali/toronionproxy/DefaultSettings.java b/universal/src/main/java/com/msopentech/thali/toronionproxy/DefaultSettings.java +index 5f5adac..da6747f 100644 +--- a/universal/src/main/java/com/msopentech/thali/toronionproxy/DefaultSettings.java ++++ b/universal/src/main/java/com/msopentech/thali/toronionproxy/DefaultSettings.java +@@ -187,4 +187,9 @@ public class DefaultSettings implements TorSettings { + public boolean useSocks5() { + return false; + } ++ ++ @Override ++ public boolean hasDormantCanceledByStartup() { ++ return false; ++ } + } +diff --git a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java +index e324d9f..99e5693 100644 +--- a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java ++++ b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorConfigBuilder.java +@@ -503,6 +503,16 @@ public final class TorConfigBuilder { + return virtualAddressNetwork(settings.getVirtualAddressNetwork()); + } + ++ public TorConfigBuilder dormantCanceledByStartup() { ++ buffer.append("DormantCanceledByStartup 1").append('\n'); ++ return this; ++ } ++ ++ @SettingsConfig ++ public TorConfigBuilder domantCanceledByStartupFromSettings() { ++ return settings.hasDormantCanceledByStartup() ? dormantCanceledByStartup() : this; ++ } ++ + /** + * Adds bridges from a resource stream. This relies on the TorInstaller to know how to obtain this stream. + * These entries may be type-specified like: +diff --git a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorSettings.java b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorSettings.java +index 2d515d1..43f01ef 100644 +--- a/universal/src/main/java/com/msopentech/thali/toronionproxy/TorSettings.java ++++ b/universal/src/main/java/com/msopentech/thali/toronionproxy/TorSettings.java +@@ -77,4 +77,6 @@ public interface TorSettings { + String transPort(); + + boolean useSocks5(); ++ ++ boolean hasDormantCanceledByStartup(); + } diff --git a/projects/tor-onion-proxy-library/config b/projects/tor-onion-proxy-library/config index 02b69ac..c2bd1a4 100644 --- a/projects/tor-onion-proxy-library/config +++ b/projects/tor-onion-proxy-library/config @@ -29,3 +29,4 @@ input_files: name: gradle-dependencies exec: '[% INCLUDE "fetch-gradle-dependencies" %]' - filename: gradle.patch + - filename: canceldormant.patch

1 0

[tor-android-service/master] Update tor libraries to 0.4.1.5 (from tor-android: commit-95432556b84df208fd36175fda0c495ffc421ecf)
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit dc4ae061fab5d0f35e93b296a3f618baf6af8f36 Author: sisbell <shane.isbell(a)gmail.com> Date: Sun Sep 22 12:12:12 2019 -0700 Update tor libraries to 0.4.1.5 (from tor-android: commit-95432556b84df208fd36175fda0c495ffc421ecf) --- service/src/main/jniLibs/arm64-v8a/libTor.so | Bin 7774616 -> 8610184 bytes service/src/main/jniLibs/armeabi-v7a/libTor.so | Bin 7774616 -> 8129728 bytes service/src/main/jniLibs/armeabi/libTor.so | Bin 7774616 -> 0 bytes service/src/main/jniLibs/x86/libTor.so | Bin 7791604 -> 9020648 bytes service/src/main/jniLibs/x86_64/libTor.so | Bin 7791604 -> 8254824 bytes 5 files changed, 0 insertions(+), 0 deletions(-) diff --git a/service/src/main/jniLibs/arm64-v8a/libTor.so b/service/src/main/jniLibs/arm64-v8a/libTor.so index 9ff0e9d..5fc7361 100755 Binary files a/service/src/main/jniLibs/arm64-v8a/libTor.so and b/service/src/main/jniLibs/arm64-v8a/libTor.so differ diff --git a/service/src/main/jniLibs/armeabi-v7a/libTor.so b/service/src/main/jniLibs/armeabi-v7a/libTor.so index 9ff0e9d..b001906 100755 Binary files a/service/src/main/jniLibs/armeabi-v7a/libTor.so and b/service/src/main/jniLibs/armeabi-v7a/libTor.so differ diff --git a/service/src/main/jniLibs/armeabi/libTor.so b/service/src/main/jniLibs/armeabi/libTor.so deleted file mode 100755 index 9ff0e9d..0000000 Binary files a/service/src/main/jniLibs/armeabi/libTor.so and /dev/null differ diff --git a/service/src/main/jniLibs/x86/libTor.so b/service/src/main/jniLibs/x86/libTor.so index 6f93a98..dabda5c 100755 Binary files a/service/src/main/jniLibs/x86/libTor.so and b/service/src/main/jniLibs/x86/libTor.so differ diff --git a/service/src/main/jniLibs/x86_64/libTor.so b/service/src/main/jniLibs/x86_64/libTor.so index 6f93a98..55be241 100755 Binary files a/service/src/main/jniLibs/x86_64/libTor.so and b/service/src/main/jniLibs/x86_64/libTor.so differ

1 0

[tor-android-service/master] Merge remote-tracking branch 'sysrqb/bug31192_00'
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit 50d01b1fbc6e776d0b39f42f644137dd25a92c7a Merge: 8d307a6 ccaf68c Author: Georg Koppen <gk(a)torproject.org> Date: Thu Sep 26 14:58:05 2019 +0000 Merge remote-tracking branch 'sysrqb/bug31192_00' .../android/service/AndroidTorSettings.java | 5 +++++ .../org/torproject/android/service/TorService.java | 4 ++-- service/src/main/jniLibs/arm64-v8a/libTor.so | Bin 7774616 -> 8610184 bytes service/src/main/jniLibs/armeabi-v7a/libTor.so | Bin 7774616 -> 8129728 bytes service/src/main/jniLibs/armeabi/libTor.so | Bin 7774616 -> 0 bytes service/src/main/jniLibs/x86/libTor.so | Bin 7791604 -> 9020648 bytes service/src/main/jniLibs/x86_64/libTor.so | Bin 7791604 -> 8254824 bytes 7 files changed, 7 insertions(+), 2 deletions(-)

1 0

[tor-android-service/master] Bug 31192 - Bump Tor version number string
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit ccaf68ccb3ae3de23990f65d0504a2e19bf01897 Author: Matthew Finkel <Matthew.Finkel(a)gmail.com> Date: Thu Sep 26 14:41:35 2019 +0000 Bug 31192 - Bump Tor version number string --- service/src/main/java/org/torproject/android/service/TorService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/service/src/main/java/org/torproject/android/service/TorService.java b/service/src/main/java/org/torproject/android/service/TorService.java index dea4bd2..16d2537 100644 --- a/service/src/main/java/org/torproject/android/service/TorService.java +++ b/service/src/main/java/org/torproject/android/service/TorService.java @@ -31,7 +31,7 @@ import java.util.concurrent.Executors; public final class TorService extends Service implements TorServiceConstants, OrbotConstants { - public final static String TOR_VERSION = "0.3.5.8-rc-openssl1.0.2p"; + public final static String TOR_VERSION = "0.4.1.5-rc-openssl1.0.2p"; private static final int NOTIFY_ID = 1; private static final int ERROR_NOTIFY_ID = 3; private final static String NOTIFICATION_CHANNEL_ID = "orbot_channel_1"; @@ -454,4 +454,4 @@ public final class TorService extends Service implements TorServiceConstants, Or builder.torExecutable(exe); return builder.build(); } -} \ No newline at end of file +}

1 0

[tor-android-service/master] Bug 30380 - Support DormantCanceledByStartup
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit 5bc203890cd66a10110f94b3dcd921fc5a6c90b9 Author: Matthew Finkel <Matthew.Finkel(a)gmail.com> Date: Thu Sep 26 00:54:12 2019 +0000 Bug 30380 - Support DormantCanceledByStartup --- .../main/java/org/torproject/android/service/AndroidTorSettings.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/service/src/main/java/org/torproject/android/service/AndroidTorSettings.java b/service/src/main/java/org/torproject/android/service/AndroidTorSettings.java index a875857..4759376 100644 --- a/service/src/main/java/org/torproject/android/service/AndroidTorSettings.java +++ b/service/src/main/java/org/torproject/android/service/AndroidTorSettings.java @@ -218,4 +218,9 @@ public class AndroidTorSettings implements TorSettings { public boolean useSocks5() { return Prefs.useVpn() && Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP; } + + @Override + public boolean hasDormantCanceledByStartup() { + return true; + } }

1 0

[tor-browser/tor-browser-68.1.0esr-9.0-2] Bug 1573276 - Always allow localization in error pages r=johannh, peterv
by gk＠torproject.org 26 Sep '19

26 Sep '19

commit 9c1877056070c4de048b18e201fcb3dfcb1e1a02 Author: Alex Catarineu <acat(a)torproject.org> Date: Wed Sep 25 10:39:45 2019 +0000 Bug 1573276 - Always allow localization in error pages r=johannh,peterv Differential Revision: https://phabricator.services.mozilla.com/D43216 --HG-- extra : moz-landing-system : lando --- .../content/test/about/browser_aboutCertError.js | 23 ++++++++++++++++++++ browser/base/content/test/about/head.js | 13 ++++++----- dom/base/Document.cpp | 8 ++++--- dom/base/nsContentUtils.cpp | 25 +++++++++++++++++++++- dom/base/nsContentUtils.h | 9 ++++---- dom/security/nsContentSecurityManager.cpp | 6 +++++- parser/htmlparser/nsExpatDriver.cpp | 22 +++++++++++-------- 7 files changed, 83 insertions(+), 23 deletions(-) diff --git a/browser/base/content/test/about/browser_aboutCertError.js b/browser/base/content/test/about/browser_aboutCertError.js index 1544bab15f99..3e9a13dd99f3 100644 --- a/browser/base/content/test/about/browser_aboutCertError.js +++ b/browser/base/content/test/about/browser_aboutCertError.js @@ -459,3 +459,26 @@ add_task(async function checkBadStsCertHeadline() { BrowserTestUtils.removeTab(gBrowser.selectedTab); } }); + +add_task(async function checkSandboxedIframe() { + info( + "Loading a bad sts cert error in a sandboxed iframe and check that the correct headline is shown" + ); + let useFrame = true; + let sandboxed = true; + let tab = await openErrorPage(BAD_CERT, useFrame, sandboxed); + let browser = tab.linkedBrowser; + + let titleContent = await ContentTask.spawn(browser, {}, async function() { + // Cannot test for error in the Advanced section since it's currently not present + // in a sandboxed iframe. + let doc = content.document.querySelector("iframe").contentDocument; + let titleText = doc.querySelector(".title-text"); + return titleText.textContent; + }); + ok( + titleContent.endsWith("Security Issue"), + "Did Not Connect: Potential Security Issue" + ); + BrowserTestUtils.removeTab(gBrowser.selectedTab); +}); diff --git a/browser/base/content/test/about/head.js b/browser/base/content/test/about/head.js index 82fa5dcd540d..74f961dcefae 100644 --- a/browser/base/content/test/about/head.js +++ b/browser/base/content/test/about/head.js @@ -44,17 +44,20 @@ function getPEMString(cert) { ); } -function injectErrorPageFrame(tab, src) { +function injectErrorPageFrame(tab, src, sandboxed) { return ContentTask.spawn( tab.linkedBrowser, - { frameSrc: src }, - async function({ frameSrc }) { + { frameSrc: src, frameSandboxed: sandboxed }, + async function({ frameSrc, frameSandboxed }) { let loaded = ContentTaskUtils.waitForEvent( content.wrappedJSObject, "DOMFrameContentLoaded" ); let iframe = content.document.createElement("iframe"); iframe.src = frameSrc; + if (frameSandboxed) { + iframe.setAttribute("sandbox", "allow-scripts"); + } content.document.body.appendChild(iframe); await loaded; // We will have race conditions when accessing the frame content after setting a src, @@ -67,7 +70,7 @@ function injectErrorPageFrame(tab, src) { ); } -async function openErrorPage(src, useFrame) { +async function openErrorPage(src, useFrame, sandboxed) { let dummyPage = getRootDirectory(gTestPath).replace( "chrome://mochitests/content", @@ -78,7 +81,7 @@ async function openErrorPage(src, useFrame) { if (useFrame) { info("Loading cert error page in an iframe"); tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, dummyPage); - await injectErrorPageFrame(tab, src); + await injectErrorPageFrame(tab, src, sandboxed); } else { let certErrorLoaded; tab = await BrowserTestUtils.openNewForegroundTab( diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index eebeada1c63c..cdeabc4dc7b9 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -3225,11 +3225,13 @@ DocumentL10n* Document::GetL10n() { return mDocumentL10n; } bool Document::DocumentSupportsL10n(JSContext* aCx, JSObject* aObject) { nsCOMPtr<nsIPrincipal> callerPrincipal = nsContentUtils::SubjectPrincipal(aCx); - return nsContentUtils::PrincipalAllowsL10n(callerPrincipal); + nsGlobalWindowInner* win = xpc::WindowOrNull(aObject); + return nsContentUtils::PrincipalAllowsL10n( + callerPrincipal, win ? win->GetDocumentURI() : nullptr); } void Document::LocalizationLinkAdded(Element* aLinkElement) { - if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal())) { + if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal(), GetDocumentURI())) { return; } @@ -3260,7 +3262,7 @@ void Document::LocalizationLinkAdded(Element* aLinkElement) { } void Document::LocalizationLinkRemoved(Element* aLinkElement) { - if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal())) { + if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal(), GetDocumentURI())) { return; } diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 66134cdb691f..cfae3ef224b3 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -250,6 +250,7 @@ #include "nsThreadManager.h" #include "nsIBidiKeyboard.h" #include "ReferrerInfo.h" +#include "nsAboutProtocolUtils.h" #if defined(XP_WIN) // Undefine LoadImage to prevent naming conflict with Windows. @@ -1676,8 +1677,30 @@ bool nsContentUtils::OfflineAppAllowed(nsIPrincipal* aPrincipal) { return NS_SUCCEEDED(rv) && allowed; } +static bool IsErrorPage(nsIURI* aURI) { + if (!aURI) { + return false; + } + + if (!aURI->SchemeIs("about")) { + return false; + } + + nsAutoCString name; + nsresult rv = NS_GetAboutModuleName(aURI, name); + NS_ENSURE_SUCCESS(rv, false); + + return name.EqualsLiteral("certerror") || name.EqualsLiteral("neterror") || + name.EqualsLiteral("blocked"); +} + /* static */ -bool nsContentUtils::PrincipalAllowsL10n(nsIPrincipal* aPrincipal) { +bool nsContentUtils::PrincipalAllowsL10n(nsIPrincipal* aPrincipal, + nsIURI* aDocumentURI) { + if (IsErrorPage(aDocumentURI)) { + return true; + } + // The system principal is always allowed. if (IsSystemPrincipal(aPrincipal)) { return true; diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index 46818cc43a1b..2bf27250e68b 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -1984,11 +1984,12 @@ class nsContentUtils { static bool OfflineAppAllowed(nsIPrincipal* aPrincipal); /** - * Determine whether the principal is allowed access to the localization - * system. We don't want the web to ever see this but all our UI including in - * content pages should pass this test. + * Determine whether the principal or document is allowed access to the + * localization system. We don't want the web to ever see this but all our UI + * including in content pages should pass this test. */ - static bool PrincipalAllowsL10n(nsIPrincipal* aPrincipal); + static bool PrincipalAllowsL10n(nsIPrincipal* aPrincipal, + nsIURI* aDocumentURI); /** * If offline-apps.allow_by_default is true, we set offline-app permission diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index e7a0a9d1a72b..10ee46858654 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -333,7 +333,11 @@ static nsresult DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo) { // same principal check as Fluent. if (aLoadInfo->InternalContentPolicyType() == nsIContentPolicy::TYPE_INTERNAL_DTD) { - return nsContentUtils::PrincipalAllowsL10n(aLoadInfo->TriggeringPrincipal()) + RefPtr<Document> doc; + aLoadInfo->GetLoadingDocument(getter_AddRefs(doc)); + return nsContentUtils::PrincipalAllowsL10n( + aLoadInfo->TriggeringPrincipal(), + doc ? doc->GetDocumentURI() : nullptr) ? NS_OK : NS_ERROR_DOM_BAD_URI; } diff --git a/parser/htmlparser/nsExpatDriver.cpp b/parser/htmlparser/nsExpatDriver.cpp index 9f2321cd2831..73a0e65328f0 100644 --- a/parser/htmlparser/nsExpatDriver.cpp +++ b/parser/htmlparser/nsExpatDriver.cpp @@ -628,33 +628,37 @@ nsresult nsExpatDriver::OpenInputStreamFromExternalDTD(const char16_t* aFPIStr, nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_DTD); + NS_ENSURE_SUCCESS(rv, rv); } else { NS_ASSERTION( mSink == nsCOMPtr<nsIExpatSink>(do_QueryInterface(mOriginalSink)), "In nsExpatDriver::OpenInputStreamFromExternalDTD: " "mOriginalSink not the same object as mSink?"); nsContentPolicyType policyType = nsIContentPolicy::TYPE_INTERNAL_DTD; - nsCOMPtr<nsIPrincipal> loadingPrincipal; if (mOriginalSink) { nsCOMPtr<Document> doc; doc = do_QueryInterface(mOriginalSink->GetTarget()); if (doc) { - loadingPrincipal = doc->NodePrincipal(); if (doc->SkipDTDSecurityChecks()) { policyType = nsIContentPolicy::TYPE_INTERNAL_FORCE_ALLOWED_DTD; } + rv = NS_NewChannel(getter_AddRefs(channel), uri, doc, + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS | + nsILoadInfo::SEC_ALLOW_CHROME, + policyType); + NS_ENSURE_SUCCESS(rv, rv); } } - if (!loadingPrincipal) { - loadingPrincipal = + if (!channel) { + nsCOMPtr<nsIPrincipal> nullPrincipal = mozilla::NullPrincipal::CreateWithoutOriginAttributes(); + rv = NS_NewChannel(getter_AddRefs(channel), uri, nullPrincipal, + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS | + nsILoadInfo::SEC_ALLOW_CHROME, + policyType); + NS_ENSURE_SUCCESS(rv, rv); } - rv = NS_NewChannel(getter_AddRefs(channel), uri, loadingPrincipal, - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS | - nsILoadInfo::SEC_ALLOW_CHROME, - policyType); } - NS_ENSURE_SUCCESS(rv, rv); nsAutoCString absURL; rv = uri->GetSpec(absURL);

1 0