- tbb-commits - lists.torproject.org

[tor-browser-bundle/master] Set prefs for NoScript cascading permissions.
by mikeperry＠torproject.org 27 Jun '14

27 Jun '14

commit 1e64c52cbdf75863cc68f12431e6a3bb510ee695 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 26 18:27:48 2014 -0700 Set prefs for NoScript cascading permissions. Also auto-reloading the current tab seems like a good plan. --- .../Browser/profile.default/preferences/extension-overrides.js | 5 ++++- .../Browser/profile.default/preferences/extension-overrides.js | 5 ++++- .../Browser/profile.default/preferences/extension-overrides.js | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js index 8ba6211..3b8e31e 100644 --- a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js @@ -21,7 +21,6 @@ pref("capability.policy.maonoscript.sites", "about: chrome: resource:"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); -pref("noscript.autoReload", false); pref("noscript.confirmUnblock", false); pref("noscript.contentBlocker", true); pref("noscript.default", "about: chrome: resources:"); @@ -56,3 +55,7 @@ pref("noscript.showPermanent", false); pref("noscript.showTempAllowPage", true); pref("noscript.showRevokeTemp", true); pref("noscript.notify", false); +pref("noscript.autoReload", true); +pref("noscript.autoReload.allTabs", false); +pref("noscript.cascadePermissions", true); +pref("noscript.restrictSubdocScripting", true); diff --git a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js index 8ba6211..3b8e31e 100644 --- a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js @@ -21,7 +21,6 @@ pref("capability.policy.maonoscript.sites", "about: chrome: resource:"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); -pref("noscript.autoReload", false); pref("noscript.confirmUnblock", false); pref("noscript.contentBlocker", true); pref("noscript.default", "about: chrome: resources:"); @@ -56,3 +55,7 @@ pref("noscript.showPermanent", false); pref("noscript.showTempAllowPage", true); pref("noscript.showRevokeTemp", true); pref("noscript.notify", false); +pref("noscript.autoReload", true); +pref("noscript.autoReload.allTabs", false); +pref("noscript.cascadePermissions", true); +pref("noscript.restrictSubdocScripting", true); diff --git a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js index 4edb7de..02cee1b 100644 --- a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js @@ -21,7 +21,6 @@ pref("capability.policy.maonoscript.sites", "about: chrome: resource:"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); -pref("noscript.autoReload", false); pref("noscript.confirmUnblock", false); pref("noscript.contentBlocker", true); pref("noscript.default", "about: chrome: resource:"); @@ -56,3 +55,7 @@ pref("noscript.showPermanent", false); pref("noscript.showTempAllowPage", true); pref("noscript.showRevokeTemp", true); pref("noscript.notify", false); +pref("noscript.autoReload", true); +pref("noscript.autoReload.allTabs", false); +pref("noscript.cascadePermissions", true); +pref("noscript.restrictSubdocScripting", true);

1 0

[tor-browser-bundle/master] Update NoScript to use the cascading-permissions rc.
by mikeperry＠torproject.org 27 Jun '14

27 Jun '14

commit 9545316020b3fab65e5cdcebfcb7ab8abca59b55 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 26 18:20:25 2014 -0700 Update NoScript to use the cascading-permissions rc. --- gitian/versions.alpha | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 4674a5f..71c4e44 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -49,7 +49,7 @@ GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.28-fx+sm+fn.xpi +NOSCRIPT_PACKAGE=noscript-2.6.8.30rc4.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -77,7 +77,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=aea2ef3a262a70e871df0de937ac8f53cd2c5d1913066200d192bb6e30924275 +NOSCRIPT_HASH=303c9ed4d7b3d587307eebfdbc31d87958e3ea804efa568b58e1bff97b99f208 HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -99,7 +99,7 @@ TOOLCHAIN4_OLD_URL=https://people.torproject.org/~mikeperry/mirrors/sources… OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} -NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +NOSCRIPT_URL=https://secure.informaction.com/download/betas/${NOSCRIPT_PACKAGE} HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_…

1 0

[tor-browser-bundle/master] Bump versions for 4.0-alpha-1.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit 0deee127602fd1f8bf3f9cdfd2900d862cc130f0 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 26 08:53:04 2014 -0700 Bump versions for 4.0-alpha-1. --- gitian/versions.alpha | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 962a1bd..4674a5f 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -1,16 +1,16 @@ -TORBROWSER_VERSION=4.0-alpha1-pre +TORBROWSER_VERSION=4.0-alpha-1 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 -VERIFY_TAGS=0 +VERIFY_TAGS=1 FIREFOX_VERSION=24.6.0esr -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1 -TOR_TAG=tor-0.2.4.22 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 +TOR_TAG=tor-0.2.5.5-alpha TORLAUNCHER_TAG=0.2.6.0 -TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.4.5 # XXX: HTTPSE_VER is used instead, pending #11630 +TORBUTTON_TAG=1.6.10.1 +HTTPSE_TAG=3.5.1 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable @@ -27,7 +27,7 @@ MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 -OPENSSL_VER=1.0.1g +OPENSSL_VER=1.0.1h GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION BINUTILS_VER=2.24 @@ -37,7 +37,7 @@ PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 PYYAML_VER=3.11 ZOPEINTERFACE_VER=4.0.5 -TWISTED_VER=13.1.0 +TWISTED_VER=13.2.0 M2CRYPTO_VER=0.21.1 PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 @@ -49,7 +49,7 @@ GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.22-sm+fx+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.28-fx+sm+fn.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -72,19 +72,19 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs -OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 +OPENSSL_HASH=9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=5ec75d2f6fbf3ff7950a8eea2c7878d887ed3916aa89f99ec76b322b1e140c08 +NOSCRIPT_HASH=aea2ef3a262a70e871df0de937ac8f53cd2c5d1913066200d192bb6e30924275 HTTPSE_HASH=62ac6560bb224a8f5557722153a72fb245b30b345940c537423bfbb7d8144e29 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4 PYYAML_HASH=c36c938a872e5ff494938b33b14aaa156cb439ec67548fcab3535bb78b0846e8 ZOPEINTERFACE_HASH=1a7c84716bbd9981915b64a81d8a3f076a5934a8c8df4224655469b3564940cc -TWISTED_HASH=110e957dd8fc4c6eaba8abe4f0477e60b2873e3cf1c260325863fd2ef69341c6 +TWISTED_HASH=095175638c019ac7c0604f4c291724a16ff1acd062e181b01293bf4dcbc62cf3 M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39

1 0

[tor-browser-bundle/master] Revert "Log Tor Browser output to file and disown the process."
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit 27f1353baa0e3ce4dafcebe0eae6b48aa2f8704c Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 26 08:38:12 2014 -0700 Revert "Log Tor Browser output to file and disown the process." This reverts commit c2bd8a5f070e771623aebfb66e95e9e954e5522d. Reverted due to https://trac.torproject.org/projects/tor/ticket/12472 and https://trac.torproject.org/projects/tor/ticket/12468. We need to stop HTTPS-Everywhere from logging URLs before we do this. --- RelativeLink/RelativeLink.sh | 45 +++++++++++------------------------------- 1 file changed, 12 insertions(+), 33 deletions(-) diff --git a/RelativeLink/RelativeLink.sh b/RelativeLink/RelativeLink.sh index 86a40d9..4e6b7bb 100755 --- a/RelativeLink/RelativeLink.sh +++ b/RelativeLink/RelativeLink.sh @@ -284,41 +284,20 @@ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'} # XXX: Debug mode for Firefox?? +# not in debug mode, run proceed normally printf "Launching Tor Browser for Linux in ${HOME}...\n" cd "${HOME}" -logfile=${PWD}/tbb-debug.log -touch $logfile && printf "Logging Tor Browser output to file: %s\n" "${logfile}" - -# !!! We pass command-line arguments we got (except --debug) to Firefox. +# XXX Someday we should pass whatever command-line arguments we got +# (probably filenames or URLs) to Firefox. +# !!! Dash above comment! Now we pass command-line arguments we got (except --debug) to Firefox. # !!! Use at your own risk! # Adding --class for fixing bug 11102. -TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ - -profile TorBrowser/Data/Browser/profile.default "${@}" > $logfile 2>&1 </dev/null & - -pid="$!" - -for second in `seq 1 15` ; do - sleep 1 - # Doing `kill -0` doesn't send a signal to the process, but it'll yell - # "No such process" if that process doesn't exist (i.e. it already died): - if `kill -0 $pid 2>&1 >/dev/null` ; then - wait "$pid" - exitcode="$?" - complain "Tor Browser exited abnormally. Exit code: $exitcode " - exit "$exitcode" - else - continue - fi -done - -if test -z "${exitcode}" ; then - if test -z "$(kill -0 $pid 2>&1 >/dev/null)" ; then - printf "Running Tor Browser process (PID %s) in background...\n" "$pid" - disown "$pid" - exitcode="0" - else - exitcode="66" # Something odd happened - fi +TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ + -profile TorBrowser/Data/Browser/profile.default "${@}" +exitcode="$?" +if [ "$exitcode" -ne 0 ]; then + complain "Tor Browser exited abnormally. Exit code: $exitcode" + exit "$exitcode" +else + printf '\nTor Browser exited cleanly.\n' fi - -exit "$exitcode"

1 0

[torbutton/master] remove obsolete files, re Bug 1506 P0
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit 80b06cdf422238f5eece38a1974d31e6e7be7a17 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jun 2 12:13:31 2014 -0700 remove obsolete files, re Bug 1506 P0 --- src/chrome.manifest | 12 --- src/components/tor-protocol.js | 103 ---------------------- src/components/torRefSpoofer.js | 125 --------------------------- src/components/tors-protocol.js | 103 ---------------------- src/components/window-mapper.js | 180 --------------------------------------- 5 files changed, 523 deletions(-) diff --git a/src/chrome.manifest b/src/chrome.manifest index 0318f79..af44862 100644 --- a/src/chrome.manifest +++ b/src/chrome.manifest @@ -155,18 +155,6 @@ contract @torproject.org/torbutton-torCheckService;1 {5d57312b-5d8c-4169-b4af-e8 component {f36d72c9-9718-4134-b550-e109638331d7} components/torbutton-logger.js contract @torproject.org/torbutton-logger;1 {f36d72c9-9718-4134-b550-e109638331d7} -# component {b985e49c-12cb-4f29-9d14-b62603332ec4} components/window-mapper.js -# contract @torproject.org/content-window-mapper;1 {b985e49c-12cb-4f29-9d14-b62603332ec4} - -# component {65be2be0-ceb4-44c2-91a5-9c75c53430bf} components/torRefSpoofer.js -# contract @torproject.org/torRefSpoofer;1 {65be2be0-ceb4-44c2-91a5-9c75c53430bf} - -# component {52183e20-4d4b-11de-8a39-0800200c9a66} components/tor-protocol.js -# contract @mozilla.org/network/protocol;1?name=tor {52183e20-4d4b-11de-8a39-0800200c9a66} - -# component {a5a4bc50-5e8d-11de-8a39-0800200c9a66} components/tors-protocol.js -# contract @mozilla.org/network/protocol;1?name=tors {a5a4bc50-5e8d-11de-8a39-0800200c9a66} - category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1 # category profile-after-change RefSpoofer @torproject.org/torRefSpoofer;1 category profile-after-change TBSessionBlocker @torproject.org/torbutton-ss-blocker;1 diff --git a/src/components/tor-protocol.js b/src/components/tor-protocol.js deleted file mode 100644 index 4ba5cf4..0000000 --- a/src/components/tor-protocol.js +++ /dev/null @@ -1,103 +0,0 @@ -// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it. - -// Test protocol related -const kSCHEME = "tor"; -const kPROTOCOL_NAME = "tor"; -const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME; -const kPROTOCOL_CID = Components.ID("52183e20-4d4b-11de-8a39-0800200c9a66"); - -// Mozilla defined -const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1"; -const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1"; -const nsISupports = Components.interfaces.nsISupports; -const nsIIOService = Components.interfaces.nsIIOService; -const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler; -const nsIURI = Components.interfaces.nsIURI; - -function Protocol() -{ -} - -Protocol.prototype = -{ - QueryInterface: function(iid) - { - if (!iid.equals(nsIProtocolHandler) && - !iid.equals(nsISupports)) - throw Components.results.NS_ERROR_NO_INTERFACE; - return this; - }, - - scheme: kSCHEME, - defaultPort: -1, - protocolFlags: nsIProtocolHandler.URI_NORELATIVE | - nsIProtocolHandler.URI_NOAUTH, - - allowPort: function(port, scheme) - { - return false; - }, - - newURI: function(spec, charset, baseURI) - { - const nsIStandardURL = Components.interfaces.nsIStandardURL; - var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL); - uri.init(nsIStandardURL.URLTYPE_STANDARD, 80, spec, charset, baseURI); - - return uri.QueryInterface(Components.interfaces.nsIURI); - - }, - - newChannel: function(aURI) - { - var prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); - if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) { - throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL; - } - - /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of http.*/ - var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService); - var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"] - .getService(Components.interfaces.nsIPromptService); - var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); - var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] - .getService(Components.interfaces.nsIWindowMediator); - var chrome = wm.getMostRecentWindow("navigator:browser"); - if (!ios.allowPort(aURI.port, aURI.scheme)) - throw Components.results.NS_ERROR_FAILURE; - - if (!tor_enabled) - { - var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?"); - if (!result) - throw Components.results.NS_ERROR_UNEXPECTED; - chrome.torbutton_enable_tor(true); - } - - //if tor is turned on then, else we should throw exception of some sort. - tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); - if (!tor_enabled) - throw Components.results.NS_ERROR_UNEXPECTED; - else - { - aURI.scheme = "http"; - return ios.newChannelFromURI(aURI); - } - }, - - // method of nsIClassInfo - classDescription: "Tor protocol handler", - classID: kPROTOCOL_CID, - contractID: kPROTOCOL_CONTRACTID, -} - -/** -* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4). -* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6). -*/ -Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); -if (XPCOMUtils.generateNSGetFactory) - var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]); -else - var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]); diff --git a/src/components/torRefSpoofer.js b/src/components/torRefSpoofer.js deleted file mode 100644 index 8b50075..0000000 --- a/src/components/torRefSpoofer.js +++ /dev/null @@ -1,125 +0,0 @@ -// Bug 1506 P0: I don't really believe referers matter in the grand scheme. -// Kill this code. - -const kMODULE_CID = Components.ID("65be2be0-ceb4-44c2-91a5-9c75c53430bf"); -const kMODULE_CONTRACTID = "@torproject.org/torRefSpoofer;1"; - -function RefSpoofer() { - this.logger = Components.classes["@torproject.org/torbutton-logger;1"].getService(Components.interfaces.nsISupports).wrappedJSObject; - this.logger.log(3, "RefSpoof component created"); - this.specials = /[-[\]{}()*+?.,\\^$|#\s]/g; -} - - -RefSpoofer.prototype = { - observe: function(subject, topic, data) - { - if (topic == "http-on-modify-request") { - var prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); - var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); - - if (!tor_enabled) - return; - - subject.QueryInterface(Components.interfaces.nsIHttpChannel); - this.onModifyRequest(subject); - return; - } - if (topic == "profile-after-change") { - this.logger.log(3, "RefSpoof got profile-after-change"); - var os = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService); - os.addObserver(this, "http-on-modify-request", false); - return; - } - }, - onModifyRequest: function(oHttpChannel) - { - var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch); - - var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof"); - - var ios = Components.classes["@mozilla.org/network/io-service;1"] - .getService(Components.interfaces.nsIIOService); - - if (spoofmode == 0) - try { - oHttpChannel.QueryInterface(Components.interfaces.nsIChannel); - var referer; - try{ - referer = oHttpChannel.getRequestHeader("Referer"); - referer = ios.newURI(referer,null,null);//make a nsIURI object for referer - }catch(referr) { - return;//no referer available or invalid uri - } - var requestURI = oHttpChannel.URI; //request nsIURI object - var destHost = referer.host; //referer host w/o scheme - var srcHost = oHttpChannel.URI.host;//request host without scheme - - // match is not what we want, unless we escape dots: - var destHostMatch = destHost.replace(this.specials, "\\$&"); - var srcHostMatch = srcHost.replace(this.specials, "\\$&"); - - // FIXME: This isn't exactly bulletproof security here, but it still - // may need to be more lenient not to break sites... - // - // If we suspect issues, we can try doing the following first: - // 1. Strip off all TLD suffixes, up to but not including '.' - // 2. If more than one domain part is till left, strip off prefix - - //if they're in the same domain(if we can tell) or have the same host, keep the referer - if (srcHost.split(".").length >= destHost.split(".").length - && srcHost.match(destHostMatch)) // dest is a substring of src - return; - else if (destHost.split(".").length >= srcHost.split(".").length - && destHost.match(srcHostMatch)) // src is a substring of dest - return; - //if they do not have the same host - this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host); - this.logger.safe_log(3, "Adjusting Referer, ", - "from " + destHost + " to " + requestURI.host); - } - catch (ex) { - this.logger.log(5, "RefSpoof onModifyRequest: " +ex); - } - else if (spoofmode == 2) - this.adjustRef(oHttpChannel, ""); - }, - adjustRef: function(oChannel, sRef) - { - try { - if (oChannel.referrer) - { - oChannel.referrer.spec = sRef; - oChannel.setRequestHeader("Referer", sRef, false); - } - return true; - } - catch (ex) { - this.logger.log(5, "RefSpoof adjustRef: " +ex); - } - return false; - }, - QueryInterface: function(iid) - { - if (!iid.equals(Components.interfaces.nsISupports) && - !iid.equals(Components.interfaces.nsIObserver) && - !iid.equals(Components.interfaces.nsISupportsWeakReference)) - throw Components.results.NS_ERROR_NO_INTERFACE; - return this; - }, - _xpcom_categories: [{category:"profile-after-change"}], - classID: kMODULE_CID, - contractID: kMODULE_CONTRACTID, - classDescription: "Tor Ref Spoofer" -}; - -/** -* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4). -* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6). -*/ -Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); -if (XPCOMUtils.generateNSGetFactory) - var NSGetFactory = XPCOMUtils.generateNSGetFactory([RefSpoofer]); -else - var NSGetModule = XPCOMUtils.generateNSGetModule([RefSpoofer]); diff --git a/src/components/tors-protocol.js b/src/components/tors-protocol.js deleted file mode 100644 index f075e43..0000000 --- a/src/components/tors-protocol.js +++ /dev/null @@ -1,103 +0,0 @@ -// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it. - -// Test protocol related -const kSCHEME = "tors"; -const kPROTOCOL_NAME = "tors"; -const kPROTOCOL_CONTRACTID = "@mozilla.org/network/protocol;1?name=" + kSCHEME; -const kPROTOCOL_CID = Components.ID("a5a4bc50-5e8d-11de-8a39-0800200c9a66"); - -// Mozilla defined -const kSIMPLEURI_CONTRACTID = "@mozilla.org/network/simple-uri;1"; -const kIOSERVICE_CONTRACTID = "@mozilla.org/network/io-service;1"; -const nsISupports = Components.interfaces.nsISupports; -const nsIIOService = Components.interfaces.nsIIOService; -const nsIProtocolHandler = Components.interfaces.nsIProtocolHandler; -const nsIURI = Components.interfaces.nsIURI; - -function Protocol() -{ -} - -Protocol.prototype = -{ - QueryInterface: function(iid) - { - if (!iid.equals(nsIProtocolHandler) && - !iid.equals(nsISupports)) - throw Components.results.NS_ERROR_NO_INTERFACE; - return this; - }, - - scheme: kSCHEME, - defaultPort: -1, - protocolFlags: nsIProtocolHandler.URI_NORELATIVE | - nsIProtocolHandler.URI_NOAUTH, - - allowPort: function(port, scheme) - { - return false; - }, - - newURI: function(spec, charset, baseURI) - { - const nsIStandardURL = Components.interfaces.nsIStandardURL; - var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(nsIStandardURL); - uri.init(nsIStandardURL.URLTYPE_STANDARD, 433, spec, charset, baseURI); - - return uri.QueryInterface(Components.interfaces.nsIURI); - - }, - - newChannel: function(aURI) - { - var prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); - if (!prefs.getBoolPref("extensions.torbutton.tor_urls")) { - throw Components.results.NS_ERROR_UNKNOWN_PROTOCOL; - } - - /*The protocol has been called, therefore we want to enable tor, wait for it to activate return the new channel with the scheme of https.*/ - var ios = Components.classes[kIOSERVICE_CONTRACTID].getService(nsIIOService); - var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"] - .getService(Components.interfaces.nsIPromptService); - var tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); - var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] - .getService(Components.interfaces.nsIWindowMediator); - var chrome = wm.getMostRecentWindow("navigator:browser"); - if (!ios.allowPort(aURI.port, aURI.scheme)) - throw Components.results.NS_ERROR_FAILURE; - - if (!tor_enabled) - { - var result = prompt.confirm(null, "Allow Tor toggle?", "Do you want to enable Tor and navigate to " + aURI.spec + "?"); - if (!result) - throw Components.results.NS_ERROR_UNEXPECTED; - chrome.torbutton_enable_tor(true); - } - - //if tor is turned on then, else we should throw exception of some sort. - tor_enabled = prefs.getBoolPref("extensions.torbutton.tor_enabled"); - if (!tor_enabled) - throw Components.results.NS_ERROR_UNEXPECTED; - else - { - aURI.scheme = "https"; - return ios.newChannelFromURI(aURI); - } - }, - - // method of nsIClassInfo - classDescription: "Tor protocol handler", - classID: kPROTOCOL_CID, - contractID: kPROTOCOL_CONTRACTID -} - -/** -* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4). -* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6). -*/ -Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); -if (XPCOMUtils.generateNSGetFactory) - var NSGetFactory = XPCOMUtils.generateNSGetFactory([Protocol]); -else - var NSGetModule = XPCOMUtils.generateNSGetModule([Protocol]); diff --git a/src/components/window-mapper.js b/src/components/window-mapper.js deleted file mode 100644 index a04f12b..0000000 --- a/src/components/window-mapper.js +++ /dev/null @@ -1,180 +0,0 @@ -// Bug 1506 P0: This code is toggle-mode code and is unused. Kill it. - -/************************************************************************* - * ContentWindowMapper (JavaScript XPCOM component) - * - * Allows you to find a tabbrowser tab for a top level content window. - * - *************************************************************************/ - -// Module specific constants -const kMODULE_NAME = "Content Window Mapper"; -const kMODULE_CONTRACTID = "@torproject.org/content-window-mapper;1"; -const kMODULE_CID = Components.ID("b985e49c-12cb-4f29-9d14-b62603332ec4"); - -const Cr = Components.results; -const Cc = Components.classes; -const Ci = Components.interfaces; -const EXPIRATION_TIME = 60000; // 60 seconds - -const nsISupports = Components.interfaces.nsISupports; -const nsIClassInfo = Components.interfaces.nsIClassInfo; -const nsIComponentRegistrar = Components.interfaces.nsIComponentRegistrar; -const nsIObserverService = Components.interfaces.nsIObserverService; - -function ContentWindowMapper() { - this.cache = {}; - - this.logger = Components.classes["@torproject.org/torbutton-logger;1"] - .getService(Components.interfaces.nsISupports).wrappedJSObject; - this.logger.log(3, "Component Load 2: Content window mapper online: "+kMODULE_CONTRACTID); - this.last_expired = Date.now(); - // This JSObject is exported directly to chrome - this.wrappedJSObject = this; -} - -ContentWindowMapper.prototype = -{ - QueryInterface: function(iid) - { - if (!iid.equals(nsIClassInfo) && - !iid.equals(nsISupports)) { - Components.returnCode = Cr.NS_ERROR_NO_INTERFACE; - return null; - } - return this; - }, - - wrappedJSObject: null, // Initialized by constructor - - // make this an nsIClassInfo object - flags: nsIClassInfo.DOM_OBJECT, - - // method of nsIClassInfo - classDescription: kMODULE_NAME, - classID: kMODULE_CID, - contractID: kMODULE_CONTRACTID, - - // method of nsIClassInfo - getInterfaces: function(count) { - var interfaceList = [nsIClassInfo]; - count.value = interfaceList.length; - return interfaceList; - }, - - // method of nsIClassInfo - getHelperForLanguage: function(count) { return null; }, - - checkCache: function(topContentWindow) { - if(typeof(topContentWindow.ghetto_guid) != "undefined" - && typeof(this.cache[topContentWindow.ghetto_guid]) != "undefined") { - return this.cache[topContentWindow.ghetto_guid].browser; - } - - return null; - }, - - addCache: function(topContentWindow, browser) { - var insertion = new Object(); - insertion.browser = browser; - insertion.time = Date.now(); - topContentWindow.ghetto_guid = Math.random().toString()+Math.random().toString(); - this.cache[topContentWindow.ghetto_guid] = insertion; - }, - - expireOldCache: function() { - var now = Date.now(); - - if((now - this.last_expired) < EXPIRATION_TIME) { - this.logger.log(3, "Early mapper check."); - return; - } - - var delkeys = []; - for(var elem in this.cache) { - if((now - this.cache[elem].time) > EXPIRATION_TIME) { - this.logger.log(2, "Deleting cached element: "+elem.location); - delkeys.push(elem); - } - } - - for(var k in delkeys) { - delete this.cache[k]; - } - - this.last_expired = now; - }, - - getBrowserForContentWindow: function(topContentWindow) { - if(topContentWindow instanceof Components.interfaces.nsIDOMChromeWindow) { - if(topContentWindow.browserDOMWindow) { - var browser = topContentWindow.getBrowser().selectedTab.linkedBrowser; - this.logger.log(3, "Chrome browser at " - +browser.contentWindow.location+" found for: " - +topContentWindow.location); - return browser; - } - // Allow strange chrome to go through.. - this.logger.log(3, "Odd chome window"+topContentWindow.location); - return topContentWindow; - } - - var cached = this.checkCache(topContentWindow); - if(cached != null) { - return cached; - } - - try { - this.logger.log(3, "Cache failed for: "+topContentWindow.location); - } catch(e) { - this.logger.log(3, "Cache failed for unknown location?"); - } - - var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] - .getService(Components.interfaces.nsIWindowMediator); - var enumerator = wm.getEnumerator("navigator:browser"); - while(enumerator.hasMoreElements()) { - var win = enumerator.getNext(); - var browser = win.getBrowser(); - for (var i = 0; i < browser.browsers.length; ++i) { - var b = browser.browsers[i]; - if (b && b.contentWindow == topContentWindow) { - this.addCache(topContentWindow, b); - return b; - } - } - } - - // SpeedDial, google notebook and other extensions can create their - // own "<browser>" tag elements. AFAICT, there is no way to enumerate - // these... Just punt and return the most recently used browser - try { - if(topContentWindow.name != "speedDialLoaderBrowser") { - if(topContentWindow && topContentWindow.location) - this.logger.safe_log(4, "No browser found: ", topContentWindow.location); - else - this.logger.safe_log(4, "No browser found: ", topContentWindow.name); - } else { - this.logger.log(3, "SpeedDial browser found: "+topContentWindow.name); - } - } catch(e) { - this.logger.log(4, "No browser found."); - } - - // Punt.. - var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]. - getService(Components.interfaces.nsIWindowMediator); - var recentWindow = wm.getMostRecentWindow("navigator:browser"); - return recentWindow ? recentWindow.getBrowser().selectedTab.linkedBrowser : null; - } -} - -/** -* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4). -* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6). -*/ -Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); -if (XPCOMUtils.generateNSGetFactory) - var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentWindowMapper]); -else - var NSGetModule = XPCOMUtils.generateNSGetModule([ContentWindowMapper]);

1 0

[torbutton/master] Write changelog and bump version for 1.6.10.1.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit 7d3a231de1584b8143ab050652bc178c93ce794e Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Jun 26 08:29:48 2014 -0700 Write changelog and bump version for 1.6.10.1. --- src/CHANGELOG | 4 ++++ src/install.rdf | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index dbcf7b3..9d4336b 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,7 @@ +1.6.10.1 + 5 Jun 2014 + * Bug #12221: Remove obsolete Javascript components from the toggle era + 1.6.10.0 5 Jun 2014 * Bug 11510: about:tor should not report success if tor proxy is unreachable diff --git a/src/install.rdf b/src/install.rdf index d4483a3..9da99e3 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.10.0</em:version> + <em:version>1.6.10.1</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[tor-browser-bundle/master] Log Tor Browser output to file and disown the process.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit c2bd8a5f070e771623aebfb66e95e9e954e5522d Author: Isis Lovecruft <isis(a)torproject.org> Date: Tue May 27 19:47:02 2014 +0000 Log Tor Browser output to file and disown the process. This will log all Tor Browser's output to ``tbb-debug.log`` in the Tor Browser $HOME directory. After starting the Firefox process, we grab Firefox's PID and do a dance where we wait up to 15 seconds to see if Firefox died (which still is considered to have happened even if the popup window that another Tor Browser is running has not been exited out of). If Firefox isn't dead, we disown the process from the shell and report that exit code. If Firefox did die somewhere, we do: wait "$pid" exitcode="$?" in order to get the exitcode from the backgrounded Firefox process. The call to ``wait`` here doesn't actually wait, because it's only called if the call to ``kill -0 "$pid"`` exited with non-0 status (meaning that the process has died). As a last case fallback, in case something really weird happened, for example if Firefox didn't die within those 15 seconds that we were waiting, and then it somehow died all-of-a-sudden right before the if test -z "${exitcode}" [...] line, then we exit with a code 66. * CHANGES RelativeLink/RelativeLink.sh to log to tbb-debug.log file, and then disown the Firefox process, so that we're not leaving a shell open forever (or leaving the shell to decide where the output is going to end up). --- RelativeLink/RelativeLink.sh | 45 +++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/RelativeLink/RelativeLink.sh b/RelativeLink/RelativeLink.sh index 4e6b7bb..86a40d9 100755 --- a/RelativeLink/RelativeLink.sh +++ b/RelativeLink/RelativeLink.sh @@ -284,20 +284,41 @@ setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'} # XXX: Debug mode for Firefox?? -# not in debug mode, run proceed normally printf "Launching Tor Browser for Linux in ${HOME}...\n" cd "${HOME}" -# XXX Someday we should pass whatever command-line arguments we got -# (probably filenames or URLs) to Firefox. -# !!! Dash above comment! Now we pass command-line arguments we got (except --debug) to Firefox. +logfile=${PWD}/tbb-debug.log +touch $logfile && printf "Logging Tor Browser output to file: %s\n" "${logfile}" + +# !!! We pass command-line arguments we got (except --debug) to Firefox. # !!! Use at your own risk! # Adding --class for fixing bug 11102. -TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ - -profile TorBrowser/Data/Browser/profile.default "${@}" -exitcode="$?" -if [ "$exitcode" -ne 0 ]; then - complain "Tor Browser exited abnormally. Exit code: $exitcode" - exit "$exitcode" -else - printf '\nTor Browser exited cleanly.\n' +TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ + -profile TorBrowser/Data/Browser/profile.default "${@}" > $logfile 2>&1 </dev/null & + +pid="$!" + +for second in `seq 1 15` ; do + sleep 1 + # Doing `kill -0` doesn't send a signal to the process, but it'll yell + # "No such process" if that process doesn't exist (i.e. it already died): + if `kill -0 $pid 2>&1 >/dev/null` ; then + wait "$pid" + exitcode="$?" + complain "Tor Browser exited abnormally. Exit code: $exitcode " + exit "$exitcode" + else + continue + fi +done + +if test -z "${exitcode}" ; then + if test -z "$(kill -0 $pid 2>&1 >/dev/null)" ; then + printf "Running Tor Browser process (PID %s) in background...\n" "$pid" + disown "$pid" + exitcode="0" + else + exitcode="66" # Something odd happened + fi fi + +exit "$exitcode"

1 0

[tor-browser-bundle/master] Add setControlPortPasswd() to RelativeLink/RelativeLink.sh.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit a566e85f785c12157283920a179cdc64fdd28b32 Author: Isis Lovecruft <isis(a)torproject.org> Date: Tue May 27 19:13:56 2014 +0000 Add setControlPortPasswd() to RelativeLink/RelativeLink.sh. This adds documentation on how to set the ``TOR_CONTROL_PASSWD`` environment variable, as well as a bash function, ``setControlPortPasswd()``, which easily sets it. Using a bash function is necessary in order to safely set TOR_CONTROL_PASSWD within the function, such that it isn't accidentally ``export``ed into the shell which called the script (where other programs would be able to steal it). Inside the function, is checked to see if the odd quoting syntax was done properly, and, if not, complains and tells the user how to properly set the ``TOR_CONTROL_PASSWD``. Otherwise, the correctly set password is given before the command to start Firefox, i.e.: TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox [...] * ADDS a new bash function ``setControlPortPasswd()`` to RelativeLink.sh. * FIXES #10178 by making it really hard for people to continue DoingItWrong™. * FIXES #11751 by adding an easy way to set the TOR_CONTROL_PASSWD, as well as documentation. --- RelativeLink/RelativeLink.sh | 71 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 68 insertions(+), 3 deletions(-) diff --git a/RelativeLink/RelativeLink.sh b/RelativeLink/RelativeLink.sh index f656665..4e6b7bb 100755 --- a/RelativeLink/RelativeLink.sh +++ b/RelativeLink/RelativeLink.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # GNU/Linux does not really require something like RelativeLink.c # However, we do want to have the same look and feel with similar features. @@ -218,17 +218,82 @@ fi LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/" export LD_LIBRARY_PATH +function setControlPortPasswd() { + local ctrlPasswd=$1 + test -z "$ctrlPasswd" -o "$ctrlPasswd" = $'\"secret\"' && return + if test "${ctrlPasswd:0:1}" = $'\"'; then # First 2 chars were '" + printf "Using system Tor process.\n" + export TOR_CONTROL_PASSWD + else + complain "There seems to have been a quoting problem with your \ +TOR_CONTROL_PASSWD environment variable." + cat <<EOF + +The Tor ControlPort password should be given inside double quotes, inside single +quotes, i.e. if the ControlPort password is “secret” (without curly quotes) then +we must start this script after setting the environment variable exactly like +this: + + \$ TOR_CONTROL_PASSWD='"secret"' $myname + +EOF + fi +} + +# Using a system-installed Tor process with Tor Browser: +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The Tor ControlPort password should be given inside double quotes, inside +# single quotes, i.e. if the ControlPort password is “secret” (without +# curly quotes) then we must set the environment variable *exactly* like +# this: +# +# TOR_CONTROL_PASSWD='"secret"' +# +# Yes, the variable MUST be double-quoted, then single-quoted, exactly as +# shown. This is used by TorButtom to authenticate to Tor's ControlPort, and +# is necessary for using TBB with a with a system-installed Tor. +# +# Additionally, if using a system-installed Tor, the following about:config +# options should be set (values in <> mean they are the value taken from your +# torrc): +# +# SETTING NAME VALUE +# extensions.torbutton.banned_ports [...],<SocksPort>,<ControlPort> +# extensions.torbutton.block_disk false +# extensions.torbutton.custom.socks_host 127.0.0.1 +# extensions.torbutton.custom.socks_port <SocksPort> +# extensions.torbutton.inserted_button true +# extensions.torbutton.launch_warning false +# extensions.torbutton.loglevel 2 +# extensions.torbutton.logmethod 0 +# extensions.torbutton.settings_method custom +# extensions.torbutton.socks_port <SocksPort> +# extensions.torbutton.use_privoxy false +# extensions.torlauncher.control_port <ControlPort> +# extensions.torlauncher.loglevel 2 +# extensions.torlauncher.logmethod 0 +# extensions.torlauncher.prompt_at_startup false +# extensions.torlauncher.start_tor false +# +# where the '[...]' in the banned_ports option means "leave anything that was +# already in the preference alone, just append the things specified after it". + +# Either set `TOR_CONTROL_PASSWD` before running ./start-tor-browser, or put +# your password in the following line where the word “secret” is: +setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'} + # XXX: Debug mode for Firefox?? # not in debug mode, run proceed normally -printf "\nLaunching Tor Browser Bundle for Linux in ${HOME}\n" +printf "Launching Tor Browser for Linux in ${HOME}...\n" cd "${HOME}" # XXX Someday we should pass whatever command-line arguments we got # (probably filenames or URLs) to Firefox. # !!! Dash above comment! Now we pass command-line arguments we got (except --debug) to Firefox. # !!! Use at your own risk! # Adding --class for fixing bug 11102. -./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" +TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ + -profile TorBrowser/Data/Browser/profile.default "${@}" exitcode="$?" if [ "$exitcode" -ne 0 ]; then complain "Tor Browser exited abnormally. Exit code: $exitcode"

1 0

[tor-browser/tor-browser-24.6.0esr-4.x-1] Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
by mikeperry＠torproject.org 26 Jun '14

26 Jun '14

commit d0062623b1cb82844bd83af308515d86ccc610a3 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Apr 17 16:39:37 2014 -0700 Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI. --- browser/app/profile/firefox.js | 8 ++ content/base/src/ThirdPartyUtil.cpp | 34 ++++++++ content/base/src/ThirdPartyUtil.h | 1 + content/base/src/nsContentUtils.cpp | 28 +++---- docshell/base/nsDocShell.cpp | 10 +-- dom/base/nsGlobalWindow.cpp | 28 +++---- dom/base/nsGlobalWindow.h | 2 +- dom/interfaces/storage/nsIDOMStorageManager.idl | 14 ++-- dom/src/storage/DOMStorageCache.cpp | 4 +- dom/src/storage/DOMStorageCache.h | 6 +- dom/src/storage/DOMStorageManager.cpp | 44 +++++----- dom/src/storage/DOMStorageManager.h | 4 +- embedding/browser/webBrowser/nsContextMenuInfo.cpp | 8 +- image/public/imgILoader.idl | 4 +- image/src/imgLoader.cpp | 84 ++++++++------------ image/src/imgLoader.h | 6 +- image/src/imgRequest.cpp | 8 +- image/src/imgRequest.h | 4 +- layout/generic/nsImageFrame.cpp | 22 ++--- netwerk/base/public/mozIThirdPartyUtil.idl | 23 ++++++ widget/cocoa/nsMenuItemIconX.mm | 8 +- 21 files changed, 200 insertions(+), 150 deletions(-) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 56ae000..ae78798 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -517,6 +517,14 @@ pref("privacy.sanitize.migrateFx3Prefs", false); pref("network.proxy.share_proxy_settings", false); // use the same proxy settings for all protocols +// The privacy.thirdparty.isolate pref determines whether +// an isolated DOM Storage map and image cache are +// maintained for each URL bar domain. +// 0 - No isolation +// 1 - Enable isolation in private windows +// 2 - Enable isolation everywhere +pref("privacy.thirdparty.isolate", 1); + // simple gestures support pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate"); pref("browser.gesture.swipe.right", "Browser:ForwardOrForwardDuplicate"); diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp index 55eb316..06b2a14 100644 --- a/content/base/src/ThirdPartyUtil.cpp +++ b/content/base/src/ThirdPartyUtil.cpp @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "ThirdPartyUtil.h" +#include "mozilla/Preferences.h" #include "nsNetUtil.h" #include "nsIServiceManager.h" #include "nsIHttpChannelInternal.h" @@ -411,6 +412,39 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI, return NS_OK; } +// Returns true if First Party Isolation is currently active for the given nsIChannel. +// Depends on Preference setting and possibly the state of Private Browsing mode. +bool ThirdPartyUtil::IsFirstPartyIsolationActive(nsIChannel *aChannel, nsIDocument *aDoc) +{ + int32_t isolationState = mozilla::Preferences::GetInt("privacy.thirdparty.isolate"); + if (isolationState == 1) { + if (!aChannel && aDoc) { + // No channel passed directly. Can we get a channel from aDoc? + aChannel = aDoc->GetChannel(); + } + return aChannel && NS_UsePrivateBrowsing(aChannel); + } else { // (isolationState == 0) || (isolationState == 2) + return (isolationState == 2); + } +} + +// Produces a URI that uniquely identifies the first party to which +// image cache and dom storage objects should be isolated. If isolation +// is deactivated, then aOutput will return null. +// Not scriptable due to the use of an nsIDocument parameter. +NS_IMETHODIMP +ThirdPartyUtil::GetFirstPartyIsolationURI(nsIChannel *aChannel, nsIDocument *aDoc, nsIURI **aOutput) +{ + bool isolationActive = IsFirstPartyIsolationActive(aChannel, aDoc); + if (isolationActive) { + return GetFirstPartyURI(aChannel, aDoc, aOutput); + } else { + // We return a null pointer when isolation is off. + *aOutput = nullptr; + return NS_OK; + } +} + // Not scriptable due to the use of an nsIDocument parameter. NS_IMETHODIMP ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel, diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h index 8777f44..c90dbad 100644 --- a/content/base/src/ThirdPartyUtil.h +++ b/content/base/src/ThirdPartyUtil.h @@ -27,6 +27,7 @@ public: private: nsresult IsThirdPartyInternal(const nsCString& aFirstDomain, nsIURI* aSecondURI, bool* aResult); + bool IsFirstPartyIsolationActive(nsIChannel* aChannel, nsIDocument* aDoc); bool SchemeIsWhiteListed(nsIURI *aURI); static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin); static nsresult GetOriginatingURI(nsIChannel *aChannel, nsIURI **aURI); diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index db038bf..308cea8 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -2693,22 +2693,22 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument, // Make the URI immutable so people won't change it under us NS_TryToSetImmutable(aURI); - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument, - getter_AddRefs(firstPartyURI)); - - return imgLoader->LoadImage(aURI, /* uri to load */ - firstPartyURI, /* firstPartyURI */ - aReferrer, /* referrer */ - aLoadingPrincipal, /* loading principal */ - loadGroup, /* loadgroup */ - aObserver, /* imgINotificationObserver */ - aLoadingDocument, /* uniquification key */ - aLoadFlags, /* load flags */ - nullptr, /* cache key */ - channelPolicy, /* CSP info */ + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aLoadingDocument, + getter_AddRefs(firstPartyIsolationURI)); + + return imgLoader->LoadImage(aURI, /* uri to load */ + firstPartyIsolationURI, /* firstPartyIsolationURI, NULL if isolation is not active */ + aReferrer, /* referrer */ + aLoadingPrincipal, /* loading principal */ + loadGroup, /* loadgroup */ + aObserver, /* imgINotificationObserver */ + aLoadingDocument, /* uniquification key */ + aLoadFlags, /* load flags */ + nullptr, /* cache key */ + channelPolicy, /* CSP info */ aRequest); } diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 8963ea0..205b197 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -2698,18 +2698,18 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal, return NS_ERROR_FAILURE; nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this))); - nsCOMPtr<nsIURI> firstPartyURI; - nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc, - getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + nsresult rv = thirdPartyUtil->GetFirstPartyIsolationURI(nullptr, doc, + getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); if (aCreate) { - return manager->CreateStorageForFirstParty(firstPartyURI, + return manager->CreateStorageForFirstParty(firstPartyIsolationURI, aPrincipal, aDocumentURI, mInPrivateBrowsing, aStorage); } - return manager->GetStorageForFirstParty(firstPartyURI, aPrincipal, + return manager->GetStorageForFirstParty(firstPartyIsolationURI, aPrincipal, mInPrivateBrowsing, aStorage); } diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index 5a0998a..7c742b0 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -2604,8 +2604,8 @@ nsGlobalWindow::PreloadLocalStorage() } nsresult rv; - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); if (NS_FAILED(rv)) { return; } @@ -2616,7 +2616,7 @@ nsGlobalWindow::PreloadLocalStorage() return; } - storageManager->PrecacheStorageForFirstParty(firstPartyURI, principal); + storageManager->PrecacheStorageForFirstParty(firstPartyIsolationURI, principal); } void @@ -6665,7 +6665,7 @@ nsGlobalWindow::CallerInnerWindow() } nsresult -nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI) +nsGlobalWindow::GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI) { nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID); @@ -6673,7 +6673,7 @@ nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI) return NS_ERROR_FAILURE; nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDoc); - return thirdPartyUtil->GetFirstPartyURI(NULL, doc, aFirstPartyURI); + return thirdPartyUtil->GetFirstPartyIsolationURI(NULL, doc, aFirstPartyIsolationURI); } @@ -8984,11 +8984,11 @@ nsGlobalWindow::GetSessionStorage(nsIDOMStorage ** aSessionStorage) nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell); - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); - rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal, + rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal, documentURI, loadContext && loadContext->UsePrivateBrowsing(), getter_AddRefs(mSessionStorage)); @@ -9056,14 +9056,14 @@ nsGlobalWindow::GetLocalStorage(nsIDOMStorage ** aLocalStorage) mDoc->GetDocumentURI(documentURI); } - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); nsIDocShell* docShell = GetDocShell(); nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell); - rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal, + rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal, documentURI, loadContext && loadContext->UsePrivateBrowsing(), getter_AddRefs(mLocalStorage)); @@ -9681,11 +9681,11 @@ nsGlobalWindow::Observe(nsISupports* aSubject, const char* aTopic, nsCOMPtr<nsIDOMStorageManager> storageManager = do_QueryInterface(GetDocShell()); if (storageManager) { nsresult rv; - nsCOMPtr<nsIURI> firstPartyURI; - rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI)); NS_ENSURE_SUCCESS(rv, rv); - rv = storageManager->CheckStorageForFirstParty(firstPartyURI, + rv = storageManager->CheckStorageForFirstParty(firstPartyIsolationURI, principal, changingStorage, &check); NS_ENSURE_SUCCESS(rv, rv); } diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h index af012bc..da6b54d 100644 --- a/dom/base/nsGlobalWindow.h +++ b/dom/base/nsGlobalWindow.h @@ -1092,7 +1092,7 @@ protected: nsresult RequestAnimationFrame(const nsIDocument::FrameRequestCallbackHolder& aCallback, int32_t* aHandle); - nsresult GetFirstPartyURI(nsIURI** aFirstPartyURI); + nsresult GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI); // When adding new member variables, be careful not to create cycles // through JavaScript. If there is any chance that a member variable diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl index 6d1c5fc..ea7246e 100644 --- a/dom/interfaces/storage/nsIDOMStorageManager.idl +++ b/dom/interfaces/storage/nsIDOMStorageManager.idl @@ -21,13 +21,13 @@ interface nsIDOMStorageManager : nsISupports * This starts async preloading of a storage cache for scope * defined by the principal. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to bound storage to. * @param aPrincipal * Principal to bound storage to. */ void precacheStorage(in nsIPrincipal aPrincipal); - void precacheStorageForFirstParty(in nsIURI aFirstPartyURI, + void precacheStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal); /** @@ -35,7 +35,7 @@ interface nsIDOMStorageManager : nsISupports * A new object is always returned and it is ensured there is * a storage for the scope created. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to bound storage to. * @param aPrincipal * Principal to bound storage to. @@ -47,7 +47,7 @@ interface nsIDOMStorageManager : nsISupports nsIDOMStorage createStorage(in nsIPrincipal aPrincipal, in DOMString aDocumentURI, [optional] in bool aPrivate); - nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyURI, + nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, in DOMString aDocumentURI, [optional] in bool aPrivate); @@ -64,7 +64,7 @@ interface nsIDOMStorageManager : nsISupports */ nsIDOMStorage getStorage(in nsIPrincipal aPrincipal, [optional] in bool aPrivate); - nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyURI, + nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, [optional] in bool aPrivate); @@ -83,7 +83,7 @@ interface nsIDOMStorageManager : nsISupports * Returns true if the storage belongs to the given principal and is managed * (i.e. has been created and is cached) by this storage manager. * - * @param aFirstPartyURI + * @param aFirstPartyIsolationURI * First party URI to check the storage against. * @param aPrincipal * Principal to check the storage against. @@ -97,7 +97,7 @@ interface nsIDOMStorageManager : nsISupports */ bool checkStorage(in nsIPrincipal aPrincipal, in nsIDOMStorage aStorage); - bool checkStorageForFirstParty(in nsIURI aFirstPartyURI, + bool checkStorageForFirstParty(in nsIURI aFirstPartyIsolationURI, in nsIPrincipal aPrincipal, in nsIDOMStorage aStorage); diff --git a/dom/src/storage/DOMStorageCache.cpp b/dom/src/storage/DOMStorageCache.cpp index 84ef729..b67a559 100644 --- a/dom/src/storage/DOMStorageCache.cpp +++ b/dom/src/storage/DOMStorageCache.cpp @@ -120,7 +120,7 @@ DOMStorageCache::Release(void) void DOMStorageCache::Init(DOMStorageManager* aManager, bool aPersistent, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsACString& aQuotaScope) { @@ -130,7 +130,7 @@ DOMStorageCache::Init(DOMStorageManager* aManager, mManager = aManager; mInitialized = true; - mFirstPartyURI = aFirstPartyURI; + mFirstPartyIsolationURI = aFirstPartyIsolationURI; mPrincipal = aPrincipal; mPersistent = aPersistent; mQuotaScope = aQuotaScope.IsEmpty() ? mScope : aQuotaScope; diff --git a/dom/src/storage/DOMStorageCache.h b/dom/src/storage/DOMStorageCache.h index 42836ac..2b892fc 100644 --- a/dom/src/storage/DOMStorageCache.h +++ b/dom/src/storage/DOMStorageCache.h @@ -72,7 +72,7 @@ public: virtual ~DOMStorageCache(); void Init(DOMStorageManager* aManager, bool aPersistent, - nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsACString& aQuotaScope); // Copies all data from the other storage. @@ -97,7 +97,7 @@ public: nsTArray<nsString>* GetKeys(const DOMStorage* aStorage); - nsIURI* FirstPartyURI() const { return mFirstPartyURI; } + nsIURI* FirstPartyIsolationURI() const { return mFirstPartyIsolationURI; } // Whether the principal equals principal the cache was created for bool CheckPrincipal(nsIPrincipal* aPrincipal) const; @@ -177,7 +177,7 @@ private: nsCOMPtr<nsITimer> mKeepAliveTimer; // The first party URI associated with this cache. - nsCOMPtr<nsIURI> mFirstPartyURI; + nsCOMPtr<nsIURI> mFirstPartyIsolationURI; // Principal the cache has been initially created for, this is used only // for sessionStorage access checks since sessionStorage objects are strictly diff --git a/dom/src/storage/DOMStorageManager.cpp b/dom/src/storage/DOMStorageManager.cpp index 9cc5042..4dbe66c 100644 --- a/dom/src/storage/DOMStorageManager.cpp +++ b/dom/src/storage/DOMStorageManager.cpp @@ -132,16 +132,16 @@ DOMStorageManager::~DOMStorageManager() namespace { // anon nsresult -AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey) +AppendFirstPartyToKey(nsIURI* aFirstPartyIsolationURI, nsACString& aKey) { - if (aFirstPartyURI) { + if (aFirstPartyIsolationURI) { nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID); if (!thirdPartyUtil) return NS_ERROR_FAILURE; nsAutoCString firstPartyHost; - nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyURI, + nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyIsolationURI, firstPartyHost); NS_ENSURE_SUCCESS(rv, rv); @@ -153,7 +153,7 @@ AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey) } nsresult -CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, +CreateScopeKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsACString& aKey) { nsCOMPtr<nsIURI> uri; @@ -231,11 +231,11 @@ CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, // Isolate scope keys to the URL bar domain by appending &firstPartyHost // if available. - return AppendFirstPartyToKey(aFirstPartyURI, aKey); + return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey); } nsresult -CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, +CreateQuotaDBKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsACString& aKey) { nsresult rv; @@ -286,7 +286,7 @@ CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal, // Isolate scope keys to the URL bar domain by appending &firstPartyHost // if available. - return AppendFirstPartyToKey(aFirstPartyURI, aKey); + return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey); } } // anon @@ -304,14 +304,14 @@ DOMStorageManager::GetCache(const nsACString& aScope) const already_AddRefed<DOMStorageCache> DOMStorageManager::PutCache(const nsACString& aScope, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal) { DOMStorageCacheHashKey* entry = mCaches.PutEntry(aScope); nsRefPtr<DOMStorageCache> cache = entry->cache(); nsAutoCString quotaScope; - CreateQuotaDBKey(aFirstPartyURI, aPrincipal, quotaScope); + CreateQuotaDBKey(aFirstPartyIsolationURI, aPrincipal, quotaScope); // To avoid ever persisting session storage to disk, initialize LocalStorage // like SessionStorage. @@ -320,7 +320,7 @@ DOMStorageManager::PutCache(const nsACString& aScope, case LocalStorage: // Lifetime handled by the manager, don't persist entry->HardRef(); - cache->Init(nullptr, false, aFirstPartyURI, aPrincipal, quotaScope); + cache->Init(nullptr, false, aFirstPartyIsolationURI, aPrincipal, quotaScope); break; default: @@ -342,7 +342,7 @@ DOMStorageManager::DropCache(DOMStorageCache* aCache) nsresult DOMStorageManager::GetStorageInternal(bool aCreate, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, @@ -351,7 +351,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate, nsresult rv; nsAutoCString scope; - rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope); + rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope); if (NS_FAILED(rv)) { return NS_ERROR_NOT_AVAILABLE; } @@ -382,7 +382,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate, // There is always a single instance of a cache per scope // in a single instance of a DOM storage manager. - cache = PutCache(scope, aFirstPartyURI, aPrincipal); + cache = PutCache(scope, aFirstPartyIsolationURI, aPrincipal); } else if (mType == SessionStorage) { if (!cache->CheckPrincipal(aPrincipal)) { return NS_ERROR_DOM_SECURITY_ERR; @@ -405,10 +405,10 @@ DOMStorageManager::PrecacheStorage(nsIPrincipal* aPrincipal) } NS_IMETHODIMP -DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal) { - return GetStorageInternal(true, aFirstPartyURI, aPrincipal, EmptyString(), + return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, EmptyString(), false, nullptr); } @@ -423,13 +423,13 @@ DOMStorageManager::CreateStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, nsIDOMStorage** aRetval) { - return GetStorageInternal(true, aFirstPartyURI, aPrincipal, aDocumentURI, + return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, aDocumentURI, aPrivate, aRetval); } @@ -443,12 +443,12 @@ DOMStorageManager::GetStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, bool aPrivate, nsIDOMStorage** aRetval) { - return GetStorageInternal(false, aFirstPartyURI, aPrincipal, + return GetStorageInternal(false, aFirstPartyIsolationURI, aPrincipal, EmptyString(), aPrivate, aRetval); } @@ -476,7 +476,7 @@ DOMStorageManager::CloneStorage(nsIDOMStorage* aStorage) // Since this manager is sessionStorage manager, PutCache hard references // the cache in our hashtable. nsRefPtr<DOMStorageCache> newCache = PutCache(origCache->Scope(), - origCache->FirstPartyURI(), + origCache->FirstPartyIsolationURI(), origCache->Principal()); newCache->CloneFrom(origCache); @@ -492,7 +492,7 @@ DOMStorageManager::CheckStorage(nsIPrincipal* aPrincipal, } NS_IMETHODIMP -DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI, +DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, nsIDOMStorage* aStorage, bool* aRetval) @@ -509,7 +509,7 @@ DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI, } nsAutoCString scope; - nsresult rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope); + nsresult rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope); NS_ENSURE_SUCCESS(rv, rv); DOMStorageCache* cache = GetCache(scope); diff --git a/dom/src/storage/DOMStorageManager.h b/dom/src/storage/DOMStorageManager.h index 5e044b5..6ed9a70 100644 --- a/dom/src/storage/DOMStorageManager.h +++ b/dom/src/storage/DOMStorageManager.h @@ -74,12 +74,12 @@ private: // Ensures cache for a scope, when it doesn't exist it is created and initalized, // this also starts preload of persistent data. already_AddRefed<DOMStorageCache> PutCache(const nsACString& aScope, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal); // Helper for creation of DOM storage objects nsresult GetStorageInternal(bool aCreate, - nsIURI* aFirstPartyURI, + nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal, const nsAString& aDocumentURI, bool aPrivate, diff --git a/embedding/browser/webBrowser/nsContextMenuInfo.cpp b/embedding/browser/webBrowser/nsContextMenuInfo.cpp index 8cca3e3..092e619 100644 --- a/embedding/browser/webBrowser/nsContextMenuInfo.cpp +++ b/embedding/browser/webBrowser/nsContextMenuInfo.cpp @@ -306,13 +306,13 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe nsRefPtr<imgLoader> il = imgLoader::GetInstance(); NS_ENSURE_TRUE(il, NS_ERROR_FAILURE); - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, doc, - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, doc, + getter_AddRefs(firstPartyIsolationURI)); - return il->LoadImage(bgUri, firstPartyURI, nullptr, principal, nullptr, + return il->LoadImage(bgUri, firstPartyIsolationURI, nullptr, principal, nullptr, nullptr, nullptr, nsIRequest::LOAD_NORMAL, nullptr, channelPolicy, aRequest); } diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl index c16a30a..e6e7727 100644 --- a/image/public/imgILoader.idl +++ b/image/public/imgILoader.idl @@ -38,7 +38,7 @@ interface imgILoader : nsISupports /** * Start the load and decode of an image. * @param aURI the URI to load - * @param aFirstPartyURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking + * @param aFirstPartyIsolationURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking * @param aReferrerURI the 'referring' URI * @param aLoadingPrincipal the principal of the loading document * @param aLoadGroup Loadgroup to put the image load into @@ -55,7 +55,7 @@ interface imgILoader : nsISupports * goes away. */ imgIRequest loadImageXPCOM(in nsIURI aURI, - in nsIURI aFirstPartyURI, + in nsIURI aFirstPartyIsolationURI, in nsIURI aReferrerURI, in nsIPrincipal aLoadingPrincipal, in nsILoadGroup aLoadGroup, diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp index 7e20aba..60a6b6d 100644 --- a/image/src/imgLoader.cpp +++ b/image/src/imgLoader.cpp @@ -427,7 +427,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, // aLoadingPrincipal and false otherwise. bool *aForcePrincipalCheckForCacheEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferringURI, nsILoadGroup *aLoadGroup, const nsCString& aAcceptHeader, @@ -479,7 +479,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = do_QueryInterface(newHttpChannel); NS_ENSURE_TRUE(httpChannelInternal, NS_ERROR_UNEXPECTED); - httpChannelInternal->SetDocumentURI(aFirstPartyURI); + httpChannelInternal->SetDocumentURI(aFirstPartyIsolationURI); newHttpChannel->SetReferrer(aReferringURI); } @@ -1107,7 +1107,7 @@ bool imgLoader::SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry) return true; } -bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI) +bool imgLoader::SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI) { VerifyCacheSizes(); @@ -1118,7 +1118,7 @@ bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI) LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::SetHasProxies", "uri", spec.get()); - nsAutoCString key = GetCacheKey(firstPartyURI, imgURI, nullptr); + nsAutoCString key = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr); nsRefPtr<imgCacheEntry> entry; if (cache.Get(key, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) { imgCacheQueue &queue = GetCacheQueue(imgURI); @@ -1173,7 +1173,7 @@ void imgLoader::CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue) bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, @@ -1223,7 +1223,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, rv = NewImageChannel(getter_AddRefs(newChannel), &forcePrincipalCheck, aURI, - aFirstPartyURI, + aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, mAcceptHeader, @@ -1293,7 +1293,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, @@ -1404,7 +1404,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, if (validateRequest && aCanMakeNewChannel) { LOG_SCOPE(GetImgLog(), "imgLoader::ValidateRequest |cache hit| must validate"); - return ValidateRequestWithNewChannel(request, aURI, aFirstPartyURI, + return ValidateRequestWithNewChannel(request, aURI, aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, aObserver, aCX, aLoadFlags, aProxyRequest, aPolicy, aLoadingPrincipal, aCORSMode); @@ -1475,12 +1475,12 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry) nsRefPtr<imgRequest> request(getter_AddRefs(entry->GetRequest())); if (request) { nsCOMPtr<nsIURI> imgURI = request->mURI; - nsCOMPtr<nsIURI> firstPartyURI = request->mFirstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI = request->mFirstPartyIsolationURI; if (imgURI) { imgCacheTable &cache = GetCache(imgURI); imgCacheQueue &queue = GetCacheQueue(imgURI); - nsAutoCString spec = GetCacheKey(firstPartyURI, imgURI, nullptr); + nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr); LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::RemoveFromCache", "entry's uri", spec.get()); @@ -1576,7 +1576,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI, /* imgIRequest loadImage (in nsIURI aURI, in nsIURI aUrlBarURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */ nsresult imgLoader::LoadImage(nsIURI *aURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsIPrincipal* aLoadingPrincipal, nsILoadGroup *aLoadGroup, @@ -1595,7 +1595,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, return NS_ERROR_NULL_POINTER; bool isIsolated = false; - nsAutoCString spec = GetCacheKey(aFirstPartyURI, aURI, &isIsolated); + nsAutoCString spec = GetCacheKey(aFirstPartyIsolationURI, aURI, &isIsolated); LOG_SCOPE_WITH_PARAM(GetImgLog(), "imgLoader::LoadImage", "aURI", spec.get()); @@ -1662,7 +1662,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, imgCacheTable &cache = GetCache(aURI); if (cache.Get(spec, getter_AddRefs(entry)) && entry) { - if (ValidateEntry(entry, aURI, aFirstPartyURI, aReferrerURI, + if (ValidateEntry(entry, aURI, aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, aObserver, aCX, requestFlags, true, _retval, aPolicy, aLoadingPrincipal, corsmode)) { request = getter_AddRefs(entry->GetRequest()); @@ -1701,7 +1701,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, rv = NewImageChannel(getter_AddRefs(newChannel), &forcePrincipalCheck, aURI, - aFirstPartyURI, + aFirstPartyIsolationURI, aReferrerURI, aLoadGroup, mAcceptHeader, @@ -1729,7 +1729,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, childLoadGroup->SetParentLoadGroup(aLoadGroup); newChannel->SetLoadGroup(loadGroup); - request->Init(aURI, aURI, aFirstPartyURI, loadGroup, newChannel, entry, + request->Init(aURI, aURI, aFirstPartyIsolationURI, loadGroup, newChannel, entry, aCX, aLoadingPrincipal, corsmode); // Pass the inner window ID of the loading document, if possible. @@ -1838,7 +1838,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, return NS_OK; } -nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI, +nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI, bool *isIsolated) { NS_ASSERTION(imgURI, "imgLoader::GetCacheKey -- NULL imgURI"); @@ -1850,37 +1850,21 @@ nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI, imgURI->GetSpec(spec); nsAutoCString hostKey; - if (firstPartyURI && sThirdPartyUtilSvc) - sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyURI, hostKey); + if (firstPartyIsolationURI && sThirdPartyUtilSvc) + sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyIsolationURI, hostKey); if (hostKey.Length() > 0) { if (isIsolated) *isIsolated = true; + // Make a new key using host + // FIXME: This might involve a couple more copies than necessary.. + // But man, 18 string types? Who knows which one I need to use to do + // this cheaply.. + return hostKey + nsAutoCString("&") + spec; } else { - hostKey = "--NoFirstParty--"; - nsCOMPtr<nsIConsoleService> consoleSvc = - do_GetService(NS_CONSOLESERVICE_CONTRACTID); - if (consoleSvc) { - nsAutoString msg(NS_LITERAL_STRING( - "imgLoader::GetCacheKey: NULL firstPartyURI for ") - .get()); - if (!spec.IsEmpty()) - msg.AppendASCII(spec.get()); - else - msg.Append(NS_LITERAL_STRING("Unknown URI!").get()); - consoleSvc->LogStringMessage(msg.get()); - } - -#ifdef DEBUG - printf("imgLoader::GetCacheKey: NULL firstPartyURI for %s\n", spec.get()); -#endif + // No hostKey found, so don't isolate image to a first party. + return spec; } - - // Make a new key using host - // FIXME: This might involve a couple more copies than necessary.. - // But man, 18 string types? Who knows which one I need to use to do - // this cheaply.. - return hostKey + nsAutoCString("&") + spec; } /* imgIRequest loadImageWithChannelXPCOM(in nsIChannel channel, in imgINotificationObserver aObserver, in nsISupports cx, out nsIStreamListener); */ @@ -1911,16 +1895,16 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb nsCOMPtr<nsIURI> uri; channel->GetURI(getter_AddRefs(uri)); - nsCOMPtr<nsIURI> firstPartyURI; - sThirdPartyUtilSvc->GetFirstPartyURI(channel, nullptr, - getter_AddRefs(firstPartyURI)); + nsCOMPtr<nsIURI> firstPartyIsolationURI; + sThirdPartyUtilSvc->GetFirstPartyIsolationURI(channel, nullptr, + getter_AddRefs(firstPartyIsolationURI)); nsLoadFlags requestFlags = nsIRequest::LOAD_NORMAL; channel->GetLoadFlags(&requestFlags); nsRefPtr<imgCacheEntry> entry; imgCacheTable &cache = GetCache(uri); - nsAutoCString spec = GetCacheKey(firstPartyURI, uri, nullptr); + nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, uri, nullptr); if (requestFlags & nsIRequest::LOAD_BYPASS_CACHE) { imgCacheQueue &queue = GetCacheQueue(uri); @@ -2001,7 +1985,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb channel->GetOriginalURI(getter_AddRefs(originalURI)); // No principal specified here, because we're not passed one. - request->Init(originalURI, uri, firstPartyURI, channel, channel, entry, + request->Init(originalURI, uri, firstPartyIsolationURI, channel, channel, entry, aCX, nullptr, imgIRequest::CORS_NONE); ProxyListener *pl = new ProxyListener(static_cast<nsIStreamListener *>(request.get())); @@ -2013,7 +1997,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb NS_RELEASE(pl); bool isIsolated = false; - nsAutoCString key = GetCacheKey(firstPartyURI, originalURI, &isIsolated); + nsAutoCString key = GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated); if (isIsolated) // Try to add the new request into the cache. PutIntoCache(key, entry); @@ -2301,7 +2285,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport int32_t corsmode = mRequest->GetCORSMode(); nsCOMPtr<nsIPrincipal> loadingPrincipal = mRequest->GetLoadingPrincipal(); - nsCOMPtr<nsIURI> firstPartyURI = mRequest->mFirstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI = mRequest->mFirstPartyIsolationURI; // Doom the old request's cache entry mRequest->RemoveFromCache(); @@ -2312,7 +2296,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport // We use originalURI here to fulfil the imgIRequest contract on GetURI. nsCOMPtr<nsIURI> originalURI; channel->GetOriginalURI(getter_AddRefs(originalURI)); - mNewRequest->Init(originalURI, uri, firstPartyURI, aRequest, channel, + mNewRequest->Init(originalURI, uri, firstPartyIsolationURI, aRequest, channel, mNewEntry, mContext, loadingPrincipal, corsmode); mDestListener = new ProxyListener(mNewRequest); @@ -2321,7 +2305,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport // the cache before the proxies' ownership changes, because adding a proxy // changes the caching behaviour for imgRequests. bool isIsolated = false; - nsAutoCString key = mImgLoader->GetCacheKey(firstPartyURI, originalURI, + nsAutoCString key = mImgLoader->GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated); if (isIsolated) mImgLoader->PutIntoCache(key, mNewEntry); diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h index 0ab4a5e..3a31ecd 100644 --- a/image/src/imgLoader.h +++ b/image/src/imgLoader.h @@ -267,7 +267,7 @@ public: nsresult InitCache(); - nsAutoCString GetCacheKey(nsIURI *firstPartyURI, + nsAutoCString GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI, bool *isIsolated); bool RemoveFromCache(imgCacheEntry *entry); @@ -312,12 +312,12 @@ public: // happens, by calling imgRequest::SetCacheEntry() when an entry with no // observers is re-requested. bool SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry); - bool SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI); + bool SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI); private: // methods bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI, - nsIURI *aFirstPartyURI, nsIURI *aReferrerURI, + nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI, nsILoadGroup *aLoadGroup, imgINotificationObserver *aObserver, nsISupports *aCX, nsLoadFlags aLoadFlags, bool aCanMakeNewChannel, diff --git a/image/src/imgRequest.cpp b/image/src/imgRequest.cpp index 9040679..5758d62 100644 --- a/image/src/imgRequest.cpp +++ b/image/src/imgRequest.cpp @@ -89,7 +89,7 @@ imgRequest::~imgRequest() nsresult imgRequest::Init(nsIURI *aURI, nsIURI *aCurrentURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIRequest *aRequest, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, @@ -109,7 +109,7 @@ nsresult imgRequest::Init(nsIURI *aURI, mURI = aURI; mCurrentURI = aCurrentURI; - mFirstPartyURI = aFirstPartyURI; + mFirstPartyIsolationURI = aFirstPartyIsolationURI; mRequest = aRequest; mChannel = aChannel; mTimedChannel = do_QueryInterface(mChannel); @@ -171,7 +171,7 @@ void imgRequest::AddProxy(imgRequestProxy *proxy) // proxies. if (GetStatusTracker().ConsumerCount() == 0) { NS_ABORT_IF_FALSE(mURI, "Trying to SetHasProxies without key uri."); - mLoader->SetHasProxies(mFirstPartyURI, mURI); + mLoader->SetHasProxies(mFirstPartyIsolationURI, mURI); } GetStatusTracker().AddConsumer(proxy); @@ -301,7 +301,7 @@ void imgRequest::RemoveFromCache() else { mLoader->RemoveKeyFromCache(mLoader->GetCache(mURI), mLoader->GetCacheQueue(mURI), - mLoader->GetCacheKey(mFirstPartyURI, mURI, nullptr)); + mLoader->GetCacheKey(mFirstPartyIsolationURI, mURI, nullptr)); } } diff --git a/image/src/imgRequest.h b/image/src/imgRequest.h index 240a33b..f80af17 100644 --- a/image/src/imgRequest.h +++ b/image/src/imgRequest.h @@ -51,7 +51,7 @@ public: nsresult Init(nsIURI *aURI, nsIURI *aCurrentURI, - nsIURI *aFirstPartyURI, + nsIURI *aFirstPartyIsolationURI, nsIRequest *aRequest, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, @@ -195,7 +195,7 @@ private: // The URI of the resource we ended up loading after all redirects, etc. nsCOMPtr<nsIURI> mCurrentURI; // The first party that triggered the load -- for cookie + cache isolation - nsCOMPtr<nsIURI> mFirstPartyURI; + nsCOMPtr<nsIURI> mFirstPartyIsolationURI; // The principal of the document which loaded this image. Used when validating for CORS. nsCOMPtr<nsIPrincipal> mLoadingPrincipal; // The principal of this image. diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp index 8f4bf25..6daa959 100644 --- a/layout/generic/nsImageFrame.cpp +++ b/layout/generic/nsImageFrame.cpp @@ -1810,26 +1810,26 @@ nsImageFrame::LoadIcon(const nsAString& aSpec, // For icon loads, we don't need to merge with the loadgroup flags nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL; - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); // XXX: Should we pass the loadgroup, too? Is document ever likely // to be unset? - thirdPartySvc->GetFirstPartyURI(nullptr, aPresContext->Document(), - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aPresContext->Document(), + getter_AddRefs(firstPartyIsolationURI)); - return il->LoadImage(realURI, /* icon URI */ - firstPartyURI, /* initial document URI; this is only - relevant for cookies, so does not - apply to icons. */ - nullptr, /* referrer (not relevant for icons) */ - nullptr, /* principal (not relevant for icons) */ + return il->LoadImage(realURI, /* icon URI */ + firstPartyIsolationURI, /* initial document URI; this is only + relevant for cookies, so does not + apply to icons. */ + nullptr, /* referrer (not relevant for icons) */ + nullptr, /* principal (not relevant for icons) */ loadGroup, gIconLoad, - nullptr, /* Not associated with any particular document */ + nullptr, /* Not associated with any particular document */ loadFlags, nullptr, - nullptr, /* channel policy not needed */ + nullptr, /* channel policy not needed */ aRequest); } diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl index 6137274..87fb630 100644 --- a/netwerk/base/public/mozIThirdPartyUtil.idl +++ b/netwerk/base/public/mozIThirdPartyUtil.idl @@ -165,6 +165,29 @@ interface mozIThirdPartyUtil : nsISupports in nsIDocument aDoc); /** + * getFirstPartyIsolationURI + * + * If first-party isolation is active, then + * obtains the top-level url bar URI for either a channel or a document. + * Otherwise returns null. + * Either parameter may be null (but not both). + * + * @param aChannel + * An arbitrary channel for some content element of a first party + * load. Can be null. + * + * @param aDoc + * An arbitrary third party document. Can be null. + * + * @return the first party url bar URI for the load. + * + * @throws if the URI cannot be obtained or the URI lacks a hostname and the + * URI's scheme is not white listed. + */ + [noscript] nsIURI getFirstPartyIsolationURI(in nsIChannel aChannel, + in nsIDocument aDoc); + + /** * getFirstPartyURIFromChannel * * Obtain the top-level url bar URI for a channel. diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm index bd1f2f3..397239e 100644 --- a/widget/cocoa/nsMenuItemIconX.mm +++ b/widget/cocoa/nsMenuItemIconX.mm @@ -314,15 +314,15 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI) [mNativeMenuItem setImage:sPlaceholderIconImage]; } - nsCOMPtr<nsIURI> firstPartyURI; + nsCOMPtr<nsIURI> firstPartyIsolationURI; nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc = do_GetService(THIRDPARTYUTIL_CONTRACTID); - thirdPartySvc->GetFirstPartyURI(nullptr, document, - getter_AddRefs(firstPartyURI)); + thirdPartySvc->GetFirstPartyIsolationURI(nullptr, document, + getter_AddRefs(firstPartyIsolationURI)); // Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is // not exposed to web content - nsresult rv = loader->LoadImage(aIconURI, firstPartyURI, nullptr, nullptr, loadGroup, this, + nsresult rv = loader->LoadImage(aIconURI, firstPartyIsolationURI, nullptr, nullptr, loadGroup, this, nullptr, nsIRequest::LOAD_NORMAL, nullptr, nullptr, getter_AddRefs(mIconRequest)); if (NS_FAILED(rv)) return rv;

1 0

[tor-browser-bundle/master] Bug 10935: Merge meek into master.
by gk＠torproject.org 23 Jun '14

23 Jun '14

commit d97e4bf2c0711bcd9683c1c0f89dd22ffa89b8ad Author: Georg Koppen <gk(a)torproject.org> Date: Mon Jun 23 10:52:46 2014 +0000 Bug 10935: Merge meek into master. This is the result of squashing and merging dcf/meek-rebase-4.0-alpha1-pre-take3. --- .../Docs/Licenses/PluggableTransports/LICENSE | 18 +++ .../Docs/Licenses/PluggableTransports/LICENSE.CC0 | 121 ++++++++++++++++++++ Bundle-Data/PTConfigs/bridge_prefs.js | 2 + .../PTConfigs/linux/torrc-defaults-appendix | 3 + .../mac/TorBrowser.app.meek-http-helper/README | 13 +++ Bundle-Data/PTConfigs/mac/torrc-defaults-appendix | 3 + Bundle-Data/PTConfigs/meek-http-helper-user.js | 24 ++++ .../PTConfigs/windows/torrc-defaults-appendix | 3 + gitian/build-helpers/background-plist.py | 31 +++++ gitian/descriptors/linux/gitian-bundle.yml | 9 ++ .../linux/gitian-pluggable-transports.yml | 37 ++++++ gitian/descriptors/mac/gitian-bundle.yml | 20 ++++ .../mac/gitian-pluggable-transports.yml | 46 ++++++++ gitian/descriptors/windows/gitian-bundle.yml | 10 ++ .../windows/gitian-pluggable-transports.yml | 46 ++++++++ gitian/fetch-inputs.sh | 11 +- gitian/gpg/goptlib.gpg | Bin 0 -> 5876 bytes gitian/gpg/meek.gpg | Bin 0 -> 5876 bytes gitian/mkbundle-linux.sh | 5 +- gitian/mkbundle-mac.sh | 7 +- gitian/mkbundle-windows.sh | 5 +- gitian/patches/cross-cgo.patch | 16 +++ gitian/verify-tags.sh | 4 +- gitian/versions | 6 + gitian/versions.alpha | 6 + gitian/versions.beta | 6 + gitian/versions.nightly | 6 + 27 files changed, 447 insertions(+), 11 deletions(-) diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE index 8b175c2..162589c 100644 --- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE @@ -420,3 +420,21 @@ was licensed under the Python license. Same license applies to all files in the argparse package project. For details about the Python License, please see LICENSE.PYTHON. + +=============================================================================== + +goptlib + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. + +=============================================================================== + +meek + +To the extent possible under law, the authors have dedicated all +copyright and related and neighboring rights to this software to the +public domain worldwide. This software is distributed without any +warranty. See LICENSE.CC0. diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.CC0 @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 8d2afed..5a1532e 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -25,3 +25,5 @@ pref("extensions.torlauncher.default_bridge.fte.5", "fte 79.125.3.12:8080 272465 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 188.40.121.112:39707 5DE8D363D8F150C99E1A2D7237368D614838132C password=L5POGQONBPS2HZUR6GXBIDS4CMIYYOTI"); pref("extensions.torlauncher.default_bridge.scramblesuit.2", "scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T"); pref("extensions.torlauncher.default_bridge.scramblesuit.3", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); + +pref("extensions.torlauncher.default_bridge.meek.1", "meek 0.0.2.0:1"); diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index ec45f9c..24f35ff 100644 --- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -9,3 +9,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTr # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec ./TorBrowser/Tor/PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README new file mode 100644 index 0000000..f158eec --- /dev/null +++ b/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README @@ -0,0 +1,13 @@ +This directory contains a special headless configuration of the Tor +Browser app, intended for use by meek-client-torbrowser and the +meek-http-helper extension. It should not be run directly. + +All files in the Contents directory, other than Info.plist, are simply +symlinked to their counterparts in ../../../../../Contents. Info.plist +contains an additional configuration directive that prevents the +headless browser from opening a useless second dock icon: + <key>LSBackgroundOnly</key><true/> + +For background on this matter, see the ticket: + meek-http-helper opens up a second dock icon + https://trac.torproject.org/projects/tor/ticket/11429 diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix index 19fc8e0..a4c3499 100644 --- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsprox # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec PluggableTransports/flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js new file mode 100644 index 0000000..a95a6ec --- /dev/null +++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js @@ -0,0 +1,24 @@ +// http://kb.mozillazine.org/User.js_file + +// The meek-http-helper extension uses dump to write its listening port number +// to stdout. +user_pref("browser.dom.window.dump.enabled", true); + +// 0 is "No proxy". +user_pref("network.proxy.type", 0); + +// Allow unproxied DNS. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:6 +user_pref("network.proxy.socks_remote_dns", false); + +// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise +// there is a missing TLS extension. +// https://trac.torproject.org/projects/tor/ticket/11183#comment:9 +user_pref("security.enable_tls_session_tickets", true); + +// Disable safe mode. In case of a crash, we don't want to prompt for a +// safe-mode browser that has extensions disabled and no proxy. +// https://support.mozilla.org/en-US/questions/951221#answer-410562 +user_pref("toolkit.startup.max_resumed_crashes", -1); + +user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0"); diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix index e97d3b7..5c35ebb 100644 --- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix @@ -10,3 +10,6 @@ ClientTransportPlugin obfs2,obfs3,scramblesuit exec TorBrowser\Tor\PluggableTran # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec TorBrowser\Tor\PluggableTransports\flashproxy-client --register :0 :9000 + +## meek configuration +ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser --exit-on-stdin-eof -- TorBrowser\Tor\PluggableTransports\meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com diff --git a/gitian/build-helpers/background-plist.py b/gitian/build-helpers/background-plist.py new file mode 100755 index 0000000..328b3e7 --- /dev/null +++ b/gitian/build-helpers/background-plist.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +# Changes an OS X bundle property list file (plist file) so that the bundle +# starts up without a dock icon. Specifically, this program unsets the key +# LSUIElement (if present), and sets LSBackgroundOnly=true. +# +# This program is meant to help create a headless copy of an existing bundle. It +# exists specifically to enable the meek-http-helper browser extension to run in +# the background without creating a second Tor Browser icon. +# https://trac.torproject.org/projects/tor/ticket/11429 + +import getopt +import plistlib +import sys + +_, args = getopt.gnu_getopt(sys.argv[1:], "") + +if len(args) != 1: + print >> sys.stderr, "Need a file name argument." + sys.exit(1) + +filename = args[0] +plist = plistlib.readPlist(filename) + +try: + del plist["LSUIElement"] +except KeyError: + pass +plist["LSBackgroundOnly"] = True + +plistlib.writePlist(plist, sys.stdout) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 8543a33..4b0696f 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -23,6 +23,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-linux32-gbuilt.zip" @@ -37,6 +39,7 @@ files: - "lxml-linux64-utils.zip" - "torrc-defaults-appendix-linux" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "relativelink-src.zip" - "linux-skeleton.zip" - "linux-langpacks.zip" @@ -62,6 +65,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/ # Preparing Python for HTTPS-Everywhere. @@ -103,6 +107,10 @@ script: | cd https-everywhere(a)eff.org/ unzip ../https-everywhere(a)eff.org.xpi rm ../https-everywhere(a)eff.org.xpi + cd ~/build + # + cd meek/firefox + ~/build/dzip.sh ../../tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . cd ~/build/ # unzip relativelink-src.zip @@ -119,6 +127,7 @@ script: | unzip ~/build/pluggable-transports-linux$GBUILD_BITS-gbuilt.zip cat ~/build/torrc-defaults-appendix-linux >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi chmod 700 Data/Browser chmod 700 Data/Tor diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index 826b3b7..aaaa0f8 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -29,6 +29,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -37,6 +41,7 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" - "dzip.sh" - "gmp-linux32-utils.zip" - "gmp-linux64-utils.zip" @@ -64,6 +69,15 @@ script: | unzip -d $INSTDIR openssl-linux$GBUILD_BITS-utils.zip cp $INSTDIR/gmp/lib/*.so* $INSTDIR/Tor + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + tar xvf go.tar.gz + cd go/src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -181,6 +195,29 @@ script: | cp -a {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1 $INSTDIR/Docs/meek + cd .. + # Grabbing the results cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index d959d82..8528106 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -28,6 +28,8 @@ remotes: "dir": "https-everywhere" - "url": "https://github.com/vasi/libdmg-hfsplus.git" "dir": "libdmg-hfsplus" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-mac32-gbuilt.zip" @@ -35,6 +37,8 @@ files: - "pluggable-transports-mac32-gbuilt.zip" - "torrc-defaults-appendix-mac" - "bridge_prefs.js" +- "meek-http-helper-user.js" +- "TorBrowser.app.meek-http-helper.zip" - "mac-skeleton.zip" - "dmg-applications.tar.xz" - "dmg-desktop.tar.xz" @@ -43,6 +47,7 @@ files: - "https-everywhere(a)eff.org.xpi" - "dzip.sh" - "ddmg.sh" +- "background-plist.py" - "libdmg.patch" - "bare-version" - "bundle.inputs" @@ -70,6 +75,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources mkdir -p $TORBROWSER_NAME.app/Contents/MacOS @@ -111,6 +117,10 @@ script: | rm ../https-everywhere(a)eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi . + cd ~/build/ + # unzip tor-mac$GBUILD_BITS-gbuilt.zip if [ $BUILD_PT_BUNDLES ]; then unzip pluggable-transports-mac$GBUILD_BITS-gbuilt.zip @@ -122,6 +132,7 @@ script: | if [ $BUILD_PT_BUNDLES ]; then cat ~/build/torrc-defaults-appendix-mac >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi # Install a "tor" shim that sets the working directory. See #10030. mv Tor/tor Tor/tor.real @@ -156,6 +167,15 @@ script: | echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js popd + # Install a headless copy of TorBrowser.app, with a modified Info.plist so + # that it runs without a dock icon. See #11429. + pushd $TORBROWSER_NAME.app/TorBrowser/Tor/PluggableTransports + mkdir -p TorBrowser.app.meek-http-helper/Contents + (cd TorBrowser.app.meek-http-helper/Contents && ln -s ../../../../../Contents/* .) + rm -f TorBrowser.app.meek-http-helper/Contents/Info.plist + ~/build/background-plist.py ../../../Contents/Info.plist > TorBrowser.app.meek-http-helper/Contents/Info.plist + unzip ~/build/TorBrowser.app.meek-http-helper.zip + popd # if [ ${TORBROWSER_VERSION::3} == "3.5" ]; then cp -a ~/build/$TORBROWSER_NAME.app ~/build/${TORBROWSER_NAME}_en-US.app diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index c206d06..420b94d 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -28,6 +28,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -36,6 +40,8 @@ files: - "twisted.tar.bz2" - "m2crypto.tar.gz" - "parsley.tar.gz" +- "go.tar.gz" +- "cross-cgo.patch" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -73,6 +79,21 @@ script: | export CXXFLAGS="-I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/i686-apple-darwin10/4.2.1 -I$INSTDIR/gmp/include -L$INSTDIR/gmp/lib" export LDFLAGS="-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -F/usr/lib/apple/SDKs/MacOSX10.6.sdk/System/Library/Frameworks -mmacosx-version-min=10.5" + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=darwin + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + # Disable CC et al. that are set up for cross builds. (The Go compiler is a + # cross-compiler, but it needs to run on *this* host.) + CC= CFLAGS= LDFLAGS= LDSHARED= ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building pyptlib cd pyptlib find -type f | xargs touch --date="$REFERENCE_DATETIME" @@ -201,6 +222,31 @@ script: | cp -a {COPYING,README.md} $TBDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + # https://code.google.com/p/go/issues/detail?id=4714#c7 + # We need cgo for crypto/x509 support on mac. + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="$CC $CFLAGS $LDFLAGS" go build + cp -a meek-client-torbrowser $PTDIR + cd .. + mkdir -p $TBDIR/Docs/meek + cp -a README doc/*.1 $TBDIR/Docs/meek + cd .. + # Grabbing the result cd $INSTDIR ~/build/dzip.sh pluggable-transports-mac$GBUILD_BITS-gbuilt.zip TorBrowserBundle.app diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index fc4fb35..bf7f531 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -24,6 +24,8 @@ remotes: "dir": "torbutton" - "url": "https://git.torproject.org/https-everywhere.git" "dir": "https-everywhere" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: # TODO: Can we use an env for this file+version?? - "tor-browser-win32-gbuilt.zip" @@ -31,6 +33,7 @@ files: - "pluggable-transports-win32-gbuilt.zip" - "torrc-defaults-appendix-windows" - "bridge_prefs.js" +- "meek-http-helper-user.js" - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript(a)noscript.net.xpi" @@ -54,6 +57,7 @@ script: | # mkdir -p $OUTDIR/ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere(a)eff.org + mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources # @@ -92,6 +96,11 @@ script: | rm ../https-everywhere(a)eff.org.xpi cd ~/build/ # + cd meek/firefox + ~/build/dzip.sh ../meek-http-helper(a)bamsoftware.com.xpi . + mv ../meek-http-helper(a)bamsoftware.com.xpi ../../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions/meek-http-helper(a)bamsoftware.com.xpi + cd ~/build/ + # cd tbb-windows-installer/"Tor Browser" unzip ~/build/tor-browser-win32-gbuilt.zip cd Browser/TorBrowser @@ -102,6 +111,7 @@ script: | unzip ~/build/pluggable-transports-win32-gbuilt.zip cat ~/build/torrc-defaults-appendix-windows >> Data/Tor/torrc-defaults cat ~/build/bridge_prefs.js >> Data/Browser/profile.default/preferences/extension-overrides.js + cat ~/build/meek-http-helper-user.js >> Data/Browser/profile.meek-http-helper/user.js fi cd ../../.. # diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml index 6af344c..d68ace4 100644 --- a/gitian/descriptors/windows/gitian-pluggable-transports.yml +++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml @@ -30,6 +30,10 @@ remotes: "dir": "fteproxy" - "url": "https://github.com/habnabit/txsocksx.git" "dir": "txsocksx" +- "url": "https://git.torproject.org/pluggable-transports/goptlib.git" + "dir": "goptlib" +- "url": "https://git.torproject.org/pluggable-transports/meek.git" + "dir": "meek" files: - "setuptools.tar.gz" - "pycrypto.tar.gz" @@ -43,6 +47,8 @@ files: - "wine-wrappers" - "python.msi" - "py2exe.exe" +- "go.tar.gz" +- "cross-cgo.patch" - "dzip.sh" - "pyc-timestamp.sh" - "openssl-win32-utils.zip" @@ -127,6 +133,19 @@ script: | cp -a dist/gcc.exe dist/g++.exe dist/dllwrap.exe dist/swig.exe $WINEROOT/windows/ cd .. + # Building go + # http://golang.org/doc/install/source#environment + export GOPATH="$HOME/go" + export GOOS=windows + export GOARCH=386 + tar xvf go.tar.gz + cd go + patch -p1 < ~/build/cross-cgo.patch + cd src + ./make.bash + cd ../.. + export PATH="$PATH:$PWD/go/bin" + # Building setuptools tar xzf setuptools.tar.gz cd setuptools-* @@ -271,6 +290,33 @@ script: | cp -an {COPYING,README.md} $INSTDIR/Docs/fteproxy cd .. + # Building goptlib + cd goptlib + find -type f | xargs touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/git.torproject.org/pluggable-transports" + ln -sf "$PWD" "$GOPATH/src/git.torproject.org/pluggable-transports/goptlib.git" + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go install git.torproject.org/pluggable-transports/goptlib.git + cd .. + + # Building meek + cd meek + find -type f | xargs touch --date="$REFERENCE_DATETIME" + cd meek-client + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client.exe $PTDIR + cd .. + cd meek-client-torbrowser + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a meek-client-torbrowser.exe $PTDIR + cd .. + cd terminateprocess-buffer + CGO_ENABLED=1 CC="i686-w64-mingw32-gcc" go build + cp -a terminateprocess-buffer.exe $PTDIR + cd .. + mkdir -p $INSTDIR/Docs/meek + cp -a README doc/*.1.txt $INSTDIR/Docs/meek + cd .. + # http://bugs.winehq.org/show_bug.cgi?id=3591 cp -a $INSTDIR/python/python27.dll $PTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 1b0b4c1..d318fa5 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -156,9 +156,9 @@ do get "${!PACKAGE}" "${MIRROR_URL}${!PACKAGE}" done -# XXX: Omit ARGPARSE because Google won't allow wget -N and because the -# download seems to 404 about 50% of the time. -for i in ARGPARSE +# XXX: Omit googlecode.com packages because Google won't allow wget -N +# and because the download seems to 404 about 50% of the time. +for i in ARGPARSE GO do PACKAGE="${i}_PACKAGE" URL="${MIRROR_URL_DCF}${!PACKAGE}" @@ -208,7 +208,7 @@ wget -U "" -N ${HTTPSE_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -261,6 +261,7 @@ ln -sf "$SETUPTOOLS_PACKAGE" setuptools.tar.gz ln -sf "$GMP_PACKAGE" gmp.tar.bz2 ln -sf "$LXML_PACKAGE" lxml.tar.gz ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz +ln -sf "$GO_PACKAGE" go.tar.gz # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -291,6 +292,8 @@ libfte https://github.com/kpdyer/libfte.git $LIBFTE_TAG fteproxy https://github.com/kpdyer/fteproxy.git $FTEPROXY_TAG libdmg-hfsplus https://github.com/vasi/libdmg-hfsplus.git $LIBDMG_TAG txsocksx https://github.com/habnabit/txsocksx.git $TXSOCKSX_TAG +goptlib https://git.torproject.org/pluggable-transports/goptlib.git $GOPTLIB_TAG +meek https://git.torproject.org/pluggable-transports/meek.git $MEEK_TAG EOF exit 0 diff --git a/gitian/gpg/goptlib.gpg b/gitian/gpg/goptlib.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/goptlib.gpg differ diff --git a/gitian/gpg/meek.gpg b/gitian/gpg/meek.gpg new file mode 100644 index 0000000..f3b543f Binary files /dev/null and b/gitian/gpg/meek.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 0d07364..e3e2af5 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -58,6 +58,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/linux/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-linux cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd linux rm -f $GITIAN_DIR/inputs/linux-skeleton.zip @@ -208,7 +209,7 @@ then echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -231,7 +232,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,tor-launcher=$TORLAUNCHER_TAG,torbutton=$TORBUTTON_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/linux/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 00073e9..995959a 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -52,8 +52,11 @@ cp $WRAPPER_DIR/patches/* $GITIAN_DIR/inputs/ cd $WRAPPER_DIR/../Bundle-Data/ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ +rm -f $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip +(cd PTConfigs/mac && $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/TorBrowser.app.meek-http-helper.zip TorBrowser.app.meek-http-helper) cp PTConfigs/mac/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-mac cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cp mac-tor.sh $GITIAN_DIR/inputs/ cd mac @@ -184,7 +187,7 @@ then echo "****** Starting Pluggable Transports Component of Mac Bundle (4/5 for Mac) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-mac.log.`date +%Y%m%d%H%M%S` @@ -208,7 +211,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libdmg-hfsplus=$LIBDMG_TAG,https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/mac/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-mac.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 281f4f8..0af015d 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -55,6 +55,7 @@ rm -f $GITIAN_DIR/inputs/tbb-docs.zip $WRAPPER_DIR/build-helpers/dzip.sh $GITIAN_DIR/inputs/tbb-docs.zip ./Docs/ cp PTConfigs/windows/torrc-defaults-appendix $GITIAN_DIR/inputs/torrc-defaults-appendix-windows cp PTConfigs/bridge_prefs.js $GITIAN_DIR/inputs/ +cp PTConfigs/meek-http-helper-user.js $GITIAN_DIR/inputs/ cd windows rm -f $GITIAN_DIR/inputs/windows-skeleton.zip @@ -188,7 +189,7 @@ then echo "****** Starting Pluggable Transports Component of Windows Bundle (4/5 for Windows) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,flashproxy=$FLASHPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-win32.log.`date +%Y%m%d%H%M%S` @@ -211,7 +212,7 @@ then cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit https-everywhere=$HTTPSE_TAG,torbutton=$TORBUTTON_TAG,tor-launcher=$TORLAUNCHER_TAG,tbb-windows-installer=$NSIS_TAG,meek=$MEEK_TAG $DESCRIPTOR_DIR/windows/gitian-bundle.yml if [ $? -ne 0 ]; then #mv var/build.log ./bundle-fail-win32.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/cross-cgo.patch b/gitian/patches/cross-cgo.patch new file mode 100644 index 0000000..eebe0d0 --- /dev/null +++ b/gitian/patches/cross-cgo.patch @@ -0,0 +1,16 @@ +--- a/src/cmd/go/build.go 2014-02-17 05:38:55.806060278 +0000 ++++ b/src/cmd/go/build.go 2014-02-17 05:39:40.414057143 +0000 +@@ -1928,9 +1928,10 @@ + ) + + func (b *builder) cgo(p *Package, cgoExe, obj string, gccfiles []string, gxxfiles []string) (outGo, outObj []string, err error) { +- if goos != toolGOOS { +- return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") +- } ++ // https://code.google.com/p/go/issues/detail?id=4714#c7 ++ // if goos != toolGOOS { ++ // return nil, nil, errors.New("cannot use cgo when compiling for a different operating system") ++ // } + + cgoCPPFLAGS := stringList(envList("CGO_CPPFLAGS"), p.CgoCPPFLAGS) + cgoCFLAGS := stringList(envList("CGO_CFLAGS"), p.CgoCFLAGS) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index c66a83b..a664b52 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -100,6 +100,8 @@ https-everywhere https-everywhere.gpg $HTTPSE_TAG pyptlib pyptlib.gpg $PYPTLIB_TAG obfsproxy obfsproxy.gpg $OBFSPROXY_TAG flashproxy flashproxy.gpg $FLASHPROXY_TAG +goptlib goptlib.gpg $GOPTLIB_TAG +meek meek.gpg $MEEK_TAG EOF while read dir commit; do @@ -133,7 +135,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY +for i in OSXSDK TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT HTTPSE MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED M2CRYPTO SETUPTOOLS OPENSSL GMP PARSLEY GO do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 2185194..98fc74d 100755 --- a/gitian/versions +++ b/gitian/versions @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.alpha b/gitian/versions.alpha index e0e1e60..962a1bd 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -22,6 +22,8 @@ LIBFTE_TAG=ee9e9ddf5c86e6940559a313d2bd22cc33b654c9 # tag 0.0.3 FTEPROXY_TAG=5e7a9fd498a948d17b0996275ef1b6f743251317 # tag 0.2.15 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.beta b/gitian/versions.beta index 817a880..c8a2957 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -22,6 +22,8 @@ LIBFTE_TAG=19f6b8ffafca2ec8fffbc418bc0f88518cea22ac # tag 0.0.2 FTEPROXY_TAG=b5d7fba5c505907693fd2b5321f2aa57d4390cfa # tag 0.2.14 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=0.2 +MEEK_TAG=0.9 GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -67,6 +70,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -87,6 +91,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -111,3 +116,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 1042e78..a429df7 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -22,6 +22,8 @@ LIBFTE_TAG=master FTEPROXY_TAG=master LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 +GOPTLIB_TAG=master +MEEK_TAG=master GITIAN_TAG=tor-browser-builder-3.x-5 @@ -42,6 +44,7 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 HTTPSE_VER=3.5.1 +GO_VER=1.2 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -66,6 +69,7 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz LXML_PACKAGE=lxml-${LXML_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz +GO_PACKAGE=go${GO_VER}.src.tar.gz # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 @@ -85,6 +89,7 @@ M2CRYPTO_HASH=25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 +GO_HASH=9ab83fb8eafe39f4204ef0f8e84e5ff7e8f1d533ddb05f51e6dc81503e8c0ae4 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -109,3 +114,4 @@ PY2EXE_URL=http://softlayer-dal.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… LXML_URL=https://pypi.python.org/packages/source/l/lxml/${LXML_PACKAGE} PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… +GO_URL=https://go.googlecode.com/files/${GO_PACKAGE}

1 0