April 2016 - tor-commits - lists.torproject.org

[tor-browser/tor-browser-45.0.2esr-6.x-1] squash! Bug #13749.2: Regression tests for first-party isolation of cache
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit e6b06c64d7a2294a0f3def31d8e51acd751f40c9 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Apr 20 14:07:37 2016 -0700 squash! Bug #13749.2: Regression tests for first-party isolation of cache Test for network isolation as well --- netwerk/test/browser/browser_cacheFirstParty.js | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/netwerk/test/browser/browser_cacheFirstParty.js b/netwerk/test/browser/browser_cacheFirstParty.js index 970043d..08b3231 100644 --- a/netwerk/test/browser/browser_cacheFirstParty.js +++ b/netwerk/test/browser/browser_cacheFirstParty.js @@ -25,6 +25,8 @@ Cu.import("resource://gre/modules/Task.jsm"); let tempScope = {}; // Avoid 'leaked window property' error. Cu.import("resource://gre/modules/LoadContextInfo.jsm", tempScope); let LoadContextInfo = tempScope.LoadContextInfo; +let thirdPartyUtil = Cc["@mozilla.org/thirdpartyutil;1"] + .getService(Ci.mozIThirdPartyUtil); // __listen(target, eventType, timeoutMs, useCapture)__. // Calls addEventListener on target, with the given eventType. @@ -144,10 +146,43 @@ let checkCachePopulation = function* (pref, numberOfDomains) { } }; +// __observeChannels(onChannel)__. +// onChannel is called for every http channel request. Returns a zero-arg stop() function. +let observeChannels = function (onChannel) { + let channelObserver = { + observe: function(subject, topic, data) { + if (topic === "http-on-modify-request") { + onChannel(subject.QueryInterface(Components.interfaces.nsIHttpChannel)); + } + } + }; + Services.obs.addObserver(channelObserver, "http-on-modify-request", /* ownsWeak */ false); + return function () { Services.obs.removeObserver(channelObserver, "http-on-modify-request"); }; +}; + +// __channelFirstPartyHost(aChannel)__. +// Returns the first-party host for the given channel. +let channelFirstPartyHost = function (aChannel) { + let channel = aChannel.QueryInterface(Ci.nsIChannel), + firstPartyURI = thirdPartyUtil.getFirstPartyURIFromChannel(channel, true) + .QueryInterface(Ci.nsIURI); + return thirdPartyUtil.getFirstPartyHostForIsolation(firstPartyURI); +} + // The main testing function. // Launch a Task.jsm coroutine so we can open tabs and wait for each of them to open, // one by one. add_task(function* () { + // Here we check to see if each channel has the correct first party assigned. + // All "thirdPartyChild" resources are loaded from a third-party + // "example.net" host, but they should all report either an "example.com" + // or an "example.org" first-party domain. + let stopObservingChannels = observeChannels(function (channel) { + if (channel.originalURI.spec.contains("thirdPartyChild")) { + let firstPartyHost = channelFirstPartyHost(channel); + ok(firstPartyHost === "example.com" || firstPartyHost === "example.org", "first party is " + firstPartyHost); + } + }); // Keep original pref value for restoring after the tests. let originalPrefValue = Services.prefs.getIntPref(privacyPref); // Test the pref with both values: 2 (isolating by first party) or 0 (not isolating) @@ -169,6 +204,7 @@ add_task(function* () { // Clean up by removing tabs. tabs.forEach(tab => gBrowser.removeTab(tab)); } + stopObservingChannels(); // Restore the pref to its original value. Services.prefs.setIntPref(privacyPref, originalPrefValue); });

1 0

[tor-browser/tor-browser-45.0.2esr-6.x-1] fixup! Bug #5742: API allows you to get the url bar URI for a channel or nsIDocument.
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit 1f16ce85bc145032a6954a2b8ae81875c6ec1dbf Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Apr 20 11:05:51 2016 -0700 fixup! Bug #5742: API allows you to get the url bar URI for a channel or nsIDocument. See also: Bug 18741: Ensure that favicons and similar "content images in chrome" get the correct first-party assigned. --- dom/base/ThirdPartyUtil.cpp | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/dom/base/ThirdPartyUtil.cpp b/dom/base/ThirdPartyUtil.cpp index 762e2cf..26c95f5 100644 --- a/dom/base/ThirdPartyUtil.cpp +++ b/dom/base/ThirdPartyUtil.cpp @@ -543,24 +543,26 @@ ThirdPartyUtil::GetFirstPartyURIInternal(nsIChannel *aChannel, // Favicons, or other items being loaded in chrome that belong // to a particular web site should be assigned that site's first party. - if (aNode && aNode->IsElement() && aNode->OwnerDoc() && - nsContentUtils::IsChromeDoc(aNode->OwnerDoc())) { - nsTArray<nsINode*> nodeAncestors; - nsContentUtils::GetAncestors(aNode, nodeAncestors); - for (nsINode* nodeAncestor : nodeAncestors) { - if (nodeAncestor->IsElement()) { - nsString firstparty; - nodeAncestor->AsElement()->GetAttribute(NS_LITERAL_STRING("firstparty"), firstparty); - if (!firstparty.IsEmpty()) { - nsCOMPtr<nsIURI> tempURI; - rv = NS_NewURI(getter_AddRefs(tempURI), firstparty); - if (rv != NS_OK) { - return rv; - } else { - NS_ADDREF(*aOutput = tempURI); - return NS_OK; - } - } + // If the originating node has a "firstparty" attribute + // containing a URI string, then it is returned. + nsCOMPtr<nsINode> node = aNode; + if (!node && aChannel) { + if (nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo()) { + node = loadInfo->LoadingNode(); + } + } + if (node && node->IsElement() && node->OwnerDoc() && + nsContentUtils::IsChromeDoc(node->OwnerDoc())) { + nsString firstparty; + node->AsElement()->GetAttribute(NS_LITERAL_STRING("firstparty"), firstparty); + if (!firstparty.IsEmpty()) { + nsCOMPtr<nsIURI> tempURI; + rv = NS_NewURI(getter_AddRefs(tempURI), firstparty); + if (rv != NS_OK) { + return rv; + } else { + NS_ADDREF(*aOutput = tempURI); + return NS_OK; } } }

1 0

[tor-browser-bundle/maint-5.5] Changelog update
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit 36f1a7455a79caa624eb4276cd0e4f168e95698e Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 22 18:12:57 2016 +0000 Changelog update --- Bundle-Data/Docs/ChangeLog.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index ef982de..cd424e5 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -5,6 +5,7 @@ Tor Browser 5.5.5 -- April 26 2016 * Bug 10534: Don't advertise the help desk directly anymore * Translation updates * Update HTTPS-Everywhere to 5.1.6 + * Update NoScript to 2.9.0.11 * Bug 18726: Add new default obfs4 bridge (GreenBelt) Tor Browser 5.5.4 -- March 16 2016

1 0

[translation/tor-launcher-network-settings_completed] Update translations for tor-launcher-network-settings_completed
by translation＠torproject.org 22 Apr '16

22 Apr '16

commit d5f56352dedb116a81c47810ad09a86f02bdcaab Author: Translation commit bot <translation(a)torproject.org> Date: Fri Apr 22 15:45:48 2016 +0000 Update translations for tor-launcher-network-settings_completed --- es/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/es/network-settings.dtd b/es/network-settings.dtd index 13b8c28..ac15664 100644 --- a/es/network-settings.dtd +++ b/es/network-settings.dtd @@ -65,7 +65,7 @@ <!ENTITY torsettings.copyLog "Copiar el registro de mensajes(log) de Tor al portapapeles"> <!ENTITY torsettings.bridgeHelpTitle "Ayuda de repetidores puente ('bridge relays')"> <!ENTITY torsettings.bridgeHelp1 "Si no puede conectarse a la red Tor, podría ser que su proveedor de servicios de Internet (ISP) u otra agencia, esté bloqueando Tor.  A menudo, puede evitar este problema usando puentes ('bridges') de Tor, que son repetidores ('relays') de salida de la red Tor que no son públicos, y es más difícil que sean bloqueados."> -<!ENTITY torsettings.bridgeHelp1B "Puede usar el conjunto de direcciones de repetidores puente ('bridge') preconfigurado proporcionado, o puede obtener un conjunto de direcciones personalizado usando uno de estos tres métodos:"> +<!ENTITY torsettings.bridgeHelp1B "Puede usar el juego preconfigurado de direcciones de puentes proporcionado, o puede obtener un juego personalizado de direcciones usando uno de estos métodos:"> <!ENTITY torsettings.bridgeHelp2Heading "Mediante la web"> <!ENTITY torsettings.bridgeHelp2 "Use un navegador web para visitar https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Mediante el correo electrónico automático">

1 0

[translation/tor-launcher-network-settings] Update translations for tor-launcher-network-settings
by translation＠torproject.org 22 Apr '16

22 Apr '16

commit cac26cd6c2327540c883663dd93e4958009c4e8c Author: Translation commit bot <translation(a)torproject.org> Date: Fri Apr 22 15:45:44 2016 +0000 Update translations for tor-launcher-network-settings --- es/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/es/network-settings.dtd b/es/network-settings.dtd index a6db1ee..ac15664 100644 --- a/es/network-settings.dtd +++ b/es/network-settings.dtd @@ -65,7 +65,7 @@ <!ENTITY torsettings.copyLog "Copiar el registro de mensajes(log) de Tor al portapapeles"> <!ENTITY torsettings.bridgeHelpTitle "Ayuda de repetidores puente ('bridge relays')"> <!ENTITY torsettings.bridgeHelp1 "Si no puede conectarse a la red Tor, podría ser que su proveedor de servicios de Internet (ISP) u otra agencia, esté bloqueando Tor.  A menudo, puede evitar este problema usando puentes ('bridges') de Tor, que son repetidores ('relays') de salida de la red Tor que no son públicos, y es más difícil que sean bloqueados."> -<!ENTITY torsettings.bridgeHelp1B "You may use the preconfigured, provided set of bridge addresses or you may obtain a custom set of addresses by using one of these methods:"> +<!ENTITY torsettings.bridgeHelp1B "Puede usar el juego preconfigurado de direcciones de puentes proporcionado, o puede obtener un juego personalizado de direcciones usando uno de estos métodos:"> <!ENTITY torsettings.bridgeHelp2Heading "Mediante la web"> <!ENTITY torsettings.bridgeHelp2 "Use un navegador web para visitar https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Mediante el correo electrónico automático">

1 0

[translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed
by translation＠torproject.org 22 Apr '16

22 Apr '16

commit 0222697a13f58c084b6390d19274ab1577ef2665 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Apr 22 15:45:39 2016 +0000 Update translations for tor-launcher-properties_completed --- es/torlauncher.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/es/torlauncher.properties b/es/torlauncher.properties index 5283bd1..7cb7788 100644 --- a/es/torlauncher.properties +++ b/es/torlauncher.properties @@ -36,6 +36,7 @@ torlauncher.quit_win=Salir torlauncher.done=Listo torlauncher.forAssistance=Para obtener ayuda, contacte con %S +torlauncher.forAssistance2=Para asistencia, visite %S torlauncher.copiedNLogMessages=Copia completada. %S mensajes de registro ('log') de Tor están listos para ser pegados en un editor de texto o en un mensaje de correo electrónico.

1 0

[translation/tor-launcher-properties] Update translations for tor-launcher-properties
by translation＠torproject.org 22 Apr '16

22 Apr '16

commit 26ba9d44e68dbf0f13c98606f17bc25e2a8c81f4 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Apr 22 15:45:35 2016 +0000 Update translations for tor-launcher-properties --- es/torlauncher.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/es/torlauncher.properties b/es/torlauncher.properties index 45381fb..7cb7788 100644 --- a/es/torlauncher.properties +++ b/es/torlauncher.properties @@ -36,7 +36,7 @@ torlauncher.quit_win=Salir torlauncher.done=Listo torlauncher.forAssistance=Para obtener ayuda, contacte con %S -torlauncher.forAssistance2=For assistance, visit %S +torlauncher.forAssistance2=Para asistencia, visite %S torlauncher.copiedNLogMessages=Copia completada. %S mensajes de registro ('log') de Tor están listos para ser pegados en un editor de texto o en un mensaje de correo electrónico.

1 0

[tor-browser/tor-browser-45.0.2esr-6.x-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit 659e0bdad18e5f4550cb7de8b4248354af5870c9 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 22 08:49:32 2016 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. We disable `media.navigator.enabled` as a defense-in-depth to avoid media devices getting exposed. (bug 16328) --- browser/app/profile/000-tor-browser.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index fbe6fb4..b2beff5 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -175,6 +175,9 @@ pref("plugin.state.flash", 1); pref("plugins.hide_infobar_for_missing_plugin", true); pref("plugins.hideMissingPluginsNotification", true); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces +// Disables media devices but only if `media.peerconnection.enabled` is set to +// `false` as well. (see bug 16328 for this defense-in-depth measure) +pref("media.navigator.enabled", false); // GMPs: We make sure they don't show up on the Add-on panel and confuse users. // And the external update/donwload server must not get pinged. We apply a // clever solution for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769716.

1 0

[tor-browser-bundle/master] Fold in older changelogs
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit 54958f512cfc610208f1fe851d3f766940dfb0ae Author: Georg Koppen <gk(a)torproject.org> Date: Fri Apr 22 14:17:32 2016 +0000 Fold in older changelogs --- Bundle-Data/Docs/ChangeLog.txt | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 3b3cfd8..8c5d733 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 6.0a4-hardened -- March 17 2016 + * All Platforms + * Update Firefox to 38.7.1esr + * Update Torbutton to 1.9.5.2 + * Bug 18557: Exempt Graphite from the Security Slider + * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443 + Tor Browser 6.0a4 -- March 17 2016 * All Platforms * Update Firefox to 38.7.1esr @@ -5,6 +12,13 @@ Tor Browser 6.0a4 -- March 17 2016 * Bug 18557: Exempt Graphite from the Security Slider * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443 +Tor Browser 5.5.4 -- March 16 2016 + * All Platforms + * Update Firefox to 38.7.1esr + * Update Torbutton to 1.9.4.5 + * Bug 18557: Exempt Graphite from the Security Slider + * Bug 18536: Make Mosaddegh and MaBishomarim available on port 80 and 443 + Tor Browser 6.0a3-hardened -- March 8 * All Platforms * Update Firefox to 38.7.0esr @@ -108,6 +122,28 @@ Tor Browser 5.5.1 -- February 4 2016 * Linux * Bug 18172: Add Emoji support +Tor Browser 6.0a1-hardened -- January 27 2016 + * All Platforms + * Update Firefox to 38.6.0esr + * Update NoScript to 2.9.0.2 + * Update Torbutton to 1.9.5 + * Bug 16990: Show circuit display for connections using multi-party channels + * Bug 18019: Avoid empty prompt shown after non-en-US update + * Bug 18004: Remove Tor fundraising donation banner + * Code cleanup + * Translation updates + * Update Tor Launcher to 0.2.8.3 + * Bug 18113: Randomly permutate available default bridges of chosen type + * Bug 11773: Setup wizard UI flow improvements + * Translation updates + * Bug 17428: Remove Flashproxy + * Bug 18115+18104+18071+18091: Update/add new obfs4 bridge + * Bug 18072: Change recommended pluggable transport type to obfs4 + * Bug 18008: Create a new MAR Signing key and bake it into Tor Browser + * Bug 16322: Use onion address for DuckDuckGo search engine + * Bug 17917: Changelog after update is empty if JS is disabled + * Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646) + Tor Browser 6.0a1 -- January 27 2016 * All Platforms * Update Firefox to 38.6.0esr

1 0

[tor-browser-bundle/master] Bug 17895: Build and use NSIS 2.51 with Debian patches
by gk＠torproject.org 22 Apr '16

22 Apr '16

commit 186c4e271355646eb4b9faadffaaa7fc0f986a3e Author: Nicolas Vigier <boklm(a)torproject.org> Date: Thu Apr 21 23:46:08 2016 +0200 Bug 17895: Build and use NSIS 2.51 with Debian patches --- gitian/descriptors/windows/gitian-bundle.yml | 5 ++++- gitian/descriptors/windows/gitian-utils.yml | 28 ++++++++++++++++++++++++ gitian/fetch-inputs.sh | 6 +++-- gitian/mkbundle-windows.sh | 5 ++++- gitian/patches/nsis-missing-unistd-include.patch | 11 ++++++++++ gitian/verify-tags.sh | 2 +- gitian/versions | 7 ++++++ gitian/versions.alpha | 7 ++++++ gitian/versions.nightly | 7 ++++++ 9 files changed, 73 insertions(+), 5 deletions(-) diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 5a165a7..4fe4bb6 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -7,7 +7,6 @@ architectures: packages: - "unzip" - "zip" -- "nsis" # Needed to compensate NSIS's failure of regenerating the PE-file checksum and # proper padding. - "python-pefile" @@ -50,6 +49,7 @@ files: - "mar-tools-win32.zip" - "tbb-docs.zip" - "pe_checksum_fix.py" +- "nsis-win32-utils.zip" script: | INSTDIR="$HOME/install" source versions @@ -71,6 +71,9 @@ script: | # Extract the MAR tools. unzip -d ~/build ~/build/mar-tools-win32.zip MARTOOLS=~/build/mar-tools + # Extract nsis + unzip -d $INSTDIR ~/build/nsis-win32-utils.zip + export PATH=$INSTDIR/nsis/bin:$PATH # mkdir -p $OUTDIR/ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff(a)eff.org diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index ae938af..2767bad 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -13,6 +13,9 @@ packages: - "g++-mingw-w64-i686" # Needed for compiling gcc. - "libmpc-dev" +# Needed for compiling nsis. +- "scons" +- "libcppunit-dev" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "http://git.code.sf.net/p/mingw-w64/mingw-w64" @@ -30,6 +33,9 @@ files: - "peXXigen.patch" - "versions" - "dzip.sh" +- "nsis.tar.bz2" +- "nsis-debian.tar.xz" +- "nsis-missing-unistd-include.patch" script: | INSTDIR="$HOME/install" source versions @@ -157,6 +163,27 @@ script: | make install cd .. + # Building nsis + tar xf nsis.tar.bz2 + cd nsis-${NSIS_VER}-src + tar xf ../nsis-debian.tar.xz + patch -p1 < ../nsis-missing-unistd-include.patch + # nsis_system_zlib.patch and parallel_build.patch cause build errors + # so we remove them + rm -f debian/patches/nsis_system_zlib.patch + rm -f debian/patches/parallel_build.patch + for patch in $(grep '\.patch$' debian/patches/series) + do + [ -f debian/patches/$patch ] && patch -p1 < debian/patches/$patch + done + # When the gcc-mingw-w64-i686 package is installed, files from + # /usr/i686-w64-mingw32/include are used, causing the build to fail. + # To prevent that we remove the gcc-mingw-w64-i686 package. + sudo -i apt-get remove -y gcc-mingw-w64-i686 + scons APPEND_CCFLAGS="-fgnu89-inline" VERSION=${NSIS_VER} SKIPUTILS='NSIS Menu' XGCC_W32_PREFIX=i686-w64-mingw32- PREFIX=$INSTDIR/nsis + scons APPEND_CCFLAGS="-fgnu89-inline" VERSION=${NSIS_VER} SKIPUTILS='NSIS Menu' XGCC_W32_PREFIX=i686-w64-mingw32- PREFIX=$INSTDIR/nsis install + cd .. + # Grabbing the remaining results cd $INSTDIR # We might want to bump binutils independent of bumping mingw-w64. @@ -168,4 +195,5 @@ script: | ~/build/dzip.sh openssl-$OPENSSL_VER-win32-utils.zip openssl ~/build/dzip.sh gmp-$GMP_VER-win32-utils.zip gmp ~/build/dzip.sh gcclibs-$GCC_VER-win32-utils.zip gcclibs + ~/build/dzip.sh nsis-$NSIS_VER-win32-utils.zip nsis cp *-utils.zip $OUTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index da487f4..99b984b 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -162,7 +162,7 @@ do get "${!PACKAGE}" "${MIRROR_URL_ASN}${!PACKAGE}" done -for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT +for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT NSIS NSIS_DEBIAN do URL="${i}_URL" PACKAGE="${i}_PACKAGE" @@ -174,7 +174,7 @@ wget -U "" -N ${NOSCRIPT_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4_OLD CCTOOLS NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4_OLD CCTOOLS NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT NSIS NSIS_DEBIAN do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -244,6 +244,8 @@ ln -sf "$SETUPTOOLS_PACKAGE" setuptools.tar.gz ln -sf "$GMP_PACKAGE" gmp.tar.bz2 ln -sf "$PARSLEY_PACKAGE" parsley.tar.gz ln -sf "$GO_PACKAGE" go.tar.gz +ln -sf "$NSIS_PACKAGE" nsis.tar.bz2 +ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 2de0f1e..1afa840 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -106,7 +106,8 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-win32-utils.zip -o \ ! -f inputs/zlib-${ZLIB_TAG_ORIG#v}-win32-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-win32-utils.zip -o \ ! -f inputs/openssl-$OPENSSL_VER-win32-utils.zip -o \ - ! -f inputs/gmp-$GMP_VER-win32-utils.zip ]; + ! -f inputs/gmp-$GMP_VER-win32-utils.zip -o \ + ! -f inputs/nsis-$NSIS_VER-win32-utils.zip ]; then echo echo "****** Starting Utilities Component of Windows Bundle (1/5 for Windows) ******" @@ -128,6 +129,7 @@ then ln -sf gmp-$GMP_VER-win32-utils.zip gmp-win32-utils.zip ln -sf gcclibs-$GCC_VER-win32-utils.zip gcclibs-win32-utils.zip ln -sf gcc-$GCC_VER-linux32-precise-utils.zip gcc-linux32-precise-utils.zip + ln -sf nsis-$NSIS_VER-win32-utils.zip nsis-win32-utils.zip cd .. #cp -a result/utils-win-res.yml inputs/ else @@ -144,6 +146,7 @@ else ln -sf gmp-$GMP_VER-win32-utils.zip gmp-win32-utils.zip ln -sf gcclibs-$GCC_VER-win32-utils.zip gcclibs-win32-utils.zip ln -sf gcc-$GCC_VER-linux32-precise-utils.zip gcc-linux32-precise-utils.zip + ln -sf nsis-$NSIS_VER-win32-utils.zip nsis-win32-utils.zip cd .. fi diff --git a/gitian/patches/nsis-missing-unistd-include.patch b/gitian/patches/nsis-missing-unistd-include.patch new file mode 100644 index 0000000..4f4fdd2 --- /dev/null +++ b/gitian/patches/nsis-missing-unistd-include.patch @@ -0,0 +1,11 @@ +--- nsis-2.46-src.old/Source/util.h 2009-03-28 09:47:26.000000000 +0000 ++++ nsis-2.46-src/Source/util.h 2012-01-16 12:22:14.967416817 +0000 +@@ -17,6 +17,8 @@ + #ifndef _UTIL_H_ + #define _UTIL_H_ + ++#include <unistd.h> ++ + #include <string> // for std::string + + #include "boost/scoped_ptr.hpp" // for boost::scoped_ptr diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 95bdaf1..a966626 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -143,7 +143,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4_OLD CCTOOLS NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4_OLD CCTOOLS NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC STIXMATHFONT NOTOEMOJIFONT NOTOJPFONT NOTOKRFONT NOTOSCFONT NOTOTCFONT NSIS NSIS_DEBIAN do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 4dd8aa5..a18afab 100755 --- a/gitian/versions +++ b/gitian/versions @@ -54,6 +54,7 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 GO_VER=1.4.2 +NSIS_VER=2.51 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -75,6 +76,8 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz +NSIS_PACKAGE=nsis-${NSIS_VER}-src.tar.bz2 +NSIS_DEBIAN_PACKAGE=nsis_${NSIS_VER}-1.debian.tar.xz STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf NOTOJPFONT_PACKAGE=NotoSansJP-Regular.otf @@ -99,6 +102,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b +NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 +NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 @@ -126,6 +131,8 @@ PY2EXE_URL=http://liquidtelecom.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} +NSIS_URL=http://downloads.sourceforge.net/nsis/${NSIS_PACKAGE} +NSIS_DEBIAN_URL=http://http.debian.net/debian/pool/main/n/nsis/${NSIS_DEBIAN_PACKAGE} STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd… NOTOCJKBASE_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 7e1dd98..0ba31d2 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -61,6 +61,7 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 GO_VER=1.4.2 +NSIS_VER=2.51 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -83,6 +84,8 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz +NSIS_PACKAGE=nsis-${NSIS_VER}-src.tar.bz2 +NSIS_DEBIAN_PACKAGE=nsis_${NSIS_VER}-1.debian.tar.xz STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf NOTOJPFONT_PACKAGE=NotoSansJP-Regular.otf @@ -108,6 +111,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b +NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 +NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 @@ -136,6 +141,8 @@ PY2EXE_URL=http://liquidtelecom.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} +NSIS_URL=http://downloads.sourceforge.net/nsis/${NSIS_PACKAGE} +NSIS_DEBIAN_URL=http://http.debian.net/debian/pool/main/n/nsis/${NSIS_DEBIAN_PACKAGE} STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd… NOTOCJKBASE_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… diff --git a/gitian/versions.nightly b/gitian/versions.nightly index bf2e2a6..dab84ef 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -68,6 +68,7 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 GO_VER=1.4.2 +NSIS_VER=2.51 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -90,6 +91,8 @@ PY2EXE_PACKAGE=py2exe-${PY2EXE_VER}.win32-py2.7.exe SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz +NSIS_PACKAGE=nsis-${NSIS_VER}-src.tar.bz2 +NSIS_DEBIAN_PACKAGE=nsis_${NSIS_VER}-1.debian.tar.xz STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf NOTOJPFONT_PACKAGE=NotoSansJP-Regular.otf @@ -115,6 +118,8 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b +NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 +NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 @@ -143,6 +148,8 @@ PY2EXE_URL=http://liquidtelecom.dl.sourceforge.net/project/py2exe/py2exe/${… SETUPTOOLS_URL=https://pypi.python.org/packages/source/s/setuptools/${SETUP… PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} +NSIS_URL=http://downloads.sourceforge.net/nsis/${NSIS_PACKAGE} +NSIS_DEBIAN_URL=http://http.debian.net/debian/pool/main/n/nsis/${NSIS_DEBIAN_PACKAGE} STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd… NOTOCJKBASE_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a…

1 0