June 2017 - tor-commits - lists.torproject.org

[tor-browser/tor-browser-52.1.1esr-7.0-1] Bug 1329521 - GetLoadContextInfo() should not compare originAttributes and privateBrowsing boolean when docShell is chrome type, r=smaug
by gk＠torproject.org 02 Jun '17

02 Jun '17

commit a63362cbdd952afdeed64c36ba21b6b94aa5d01b Author: Andrea Marchesini <amarchesini(a)mozilla.com> Date: Fri Jan 13 15:41:28 2017 +0100 Bug 1329521 - GetLoadContextInfo() should not compare originAttributes and privateBrowsing boolean when docShell is chrome type, r=smaug Backported to ESR52: https://bugs.torproject.org/22462 --- netwerk/base/LoadContextInfo.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/netwerk/base/LoadContextInfo.cpp b/netwerk/base/LoadContextInfo.cpp index 61b9394..77eeb79 100644 --- a/netwerk/base/LoadContextInfo.cpp +++ b/netwerk/base/LoadContextInfo.cpp @@ -5,6 +5,7 @@ #include "LoadContextInfo.h" #include "mozilla/dom/ToJSValue.h" +#include "nsDocShell.h" #include "nsIChannel.h" #include "nsILoadContext.h" #include "nsIWebNavigation.h" @@ -141,14 +142,19 @@ GetLoadContextInfo(nsILoadContext *aLoadContext, bool aIsAnonymous) NeckoOriginAttributes(nsILoadContextInfo::NO_APP_ID, false)); } - DebugOnly<bool> pb = aLoadContext->UsePrivateBrowsing(); DocShellOriginAttributes doa; aLoadContext->GetOriginAttributes(doa); - MOZ_ASSERT(pb == (doa.mPrivateBrowsingId > 0)); NeckoOriginAttributes noa; noa.InheritFromDocShellToNecko(doa); +#ifdef DEBUG + nsCOMPtr<nsIDocShellTreeItem> docShell = do_QueryInterface(aLoadContext); + if (!docShell || docShell->ItemType() != nsIDocShellTreeItem::typeChrome) { + MOZ_ASSERT(aLoadContext->UsePrivateBrowsing() == (doa.mPrivateBrowsingId > 0)); + } +#endif + return new LoadContextInfo(aIsAnonymous, noa); }

1 0

[tor-browser-bundle/maint-7.0] Bug 22458: Fix broken `about:cache` page on higher security levels
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit 0cc98ba1bb0f3c15d00760a1ca05713489f5085a Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 31 09:13:33 2017 +0000 Bug 22458: Fix broken `about:cache` page on higher security levels We need to allow JavaScript on `about:cache` explicitly. Otherwise it is broken on higher security levels. --- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false);

1 0

[tor-browser-bundle/master] Bug 22458: Fix broken `about:cache` page on higher security levels
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit e385532fa600616740bf9a92cf8d3325c0507774 Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 31 09:13:33 2017 +0000 Bug 22458: Fix broken `about:cache` page on higher security levels We need to allow JavaScript on `about:cache` explicitly. Otherwise it is broken on higher security levels. --- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js index 1465e29..6ef2c45 100644 --- a/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); -pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed"); +pref("capability.policy.maonoscript.sites", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "about: about:tbupdate chrome: resource: blob: mediasource: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false);

1 0

[tor-browser-bundle/maint-7.0] Bug 22398: Upgrade go to 1.8.3.
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit 28c582f8aad09c2d2a8e166024841ac7014bb590 Author: David Fifield <david(a)bamsoftware.com> Date: Tue May 30 14:29:36 2017 -0700 Bug 22398: Upgrade go to 1.8.3. --- gitian/versions | 4 ++-- gitian/versions.alpha | 4 ++-- gitian/versions.beta | 4 ++-- gitian/versions.nightly | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gitian/versions b/gitian/versions index 12a47fc..95c4e26 100755 --- a/gitian/versions +++ b/gitian/versions @@ -60,7 +60,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 @@ -114,7 +114,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 7363009..379fc49 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -63,7 +63,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 @@ -117,7 +117,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad diff --git a/gitian/versions.beta b/gitian/versions.beta index 70ef2ee..7b759a8 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -49,7 +49,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -94,7 +94,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 NOTOJPFONT_HASH=3e8146c4ce0945f255cb9dbc12b392380af80bd117e0a60eae555c99c7e618da diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 32e7ac3..9820a92 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -63,7 +63,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 @@ -117,7 +117,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad

1 0

[tor-browser-bundle/master] Bug 22398: Upgrade go to 1.8.3.
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit fbe1263eb9601e5d435131aa3d96306b8bfdb465 Author: David Fifield <david(a)bamsoftware.com> Date: Tue May 30 14:29:36 2017 -0700 Bug 22398: Upgrade go to 1.8.3. --- gitian/versions | 4 ++-- gitian/versions.alpha | 4 ++-- gitian/versions.beta | 4 ++-- gitian/versions.nightly | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gitian/versions b/gitian/versions index 8cb2278..0c251ad 100755 --- a/gitian/versions +++ b/gitian/versions @@ -65,7 +65,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 @@ -119,7 +119,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 99bc2d7..0a3e9c6 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -69,7 +69,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 ELFUTILS_VER=0.166 @@ -125,7 +125,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad diff --git a/gitian/versions.beta b/gitian/versions.beta index 7d843c7..3abb22f 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -54,7 +54,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -99,7 +99,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 NOTOJPFONT_HASH=3e8146c4ce0945f255cb9dbc12b392380af80bd117e0a60eae555c99c7e618da diff --git a/gitian/versions.nightly b/gitian/versions.nightly index c3a6545..03c543c 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -72,7 +72,7 @@ SETUPTOOLS_VER=1.4 PARSLEY_VER=1.2 # We need a Go 1.4 to bootstrap later versions; see https://golang.org/doc/install/source#go14 GO14_VER=1.4.3 -GO_VER=1.8.1 +GO_VER=1.8.3 NSIS_VER=2.51 YASM_VER=1.2.0 ELFUTILS_VER=0.166 @@ -128,7 +128,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO14_HASH=9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 -GO_HASH=33daf4c03f86120fdfdc66bddf6bfff4661c7ca11c5da473e537f4d69b470e57 +GO_HASH=5f5dea2447e7dcfdc50fa6b94c512e58bfba5673c039259fd843f68829d99fa6 NSIS_HASH=43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 NSIS_DEBIAN_HASH=1dee6957b4a4b8dfe69bcf28bc7f301a13b96b3fa5a394e36c8926ae781e774a GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad

1 0

[torbutton/master] Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit 2e301c0a5bbc62fd5f8e66ac973c71f0bc10c81b Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Jun 1 10:48:56 2017 -0400 Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode Load our content policy module as a process script instead of as a component so that our nsIContentPolicy filter runs in content processes. Our http-on-examine-response code that blocks redirects to internal URLs must continue to run in the chrome process only. --- src/chrome.manifest | 4 ---- src/components/content-policy.js | 34 +++++++++++++++++++++++++++++----- src/components/startup-observer.js | 7 +++++++ 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/src/chrome.manifest b/src/chrome.manifest index ed3f5cf..75bef4e 100644 --- a/src/chrome.manifest +++ b/src/chrome.manifest @@ -166,10 +166,6 @@ contract @torproject.org/domain-isolator;1 {e33fd6d4-270f-475f-a96f-ff3140279f68 category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1 -component {4c03be7d-492f-990e-f0da-f3689e564898} components/content-policy.js -contract @torproject.org/content-policy;1 {4c03be7d-492f-990e-f0da-f3689e564898} -category content-policy ContentPolicy @torproject.org/content-policy;1 - category profile-after-change StartupObserver @torproject.org/startup-observer;1 category profile-after-change DomainIsolator @torproject.org/domain-isolator;1 category profile-after-change ExtAppBlockerService @torproject.org/torbutton-extAppBlockerService;1 diff --git a/src/components/content-policy.js b/src/components/content-policy.js index 096827b..365a5e5 100644 --- a/src/components/content-policy.js +++ b/src/components/content-policy.js @@ -22,13 +22,22 @@ function ContentPolicy() { function (enabled) { that.uriFingerprinting = enabled; }); + + // Register as an nsIContentPolicy filter. + let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar); + registrar.registerFactory(this.classID, this.classDescription, + this.contractID, this); + + let catMan = Cc["@mozilla.org/categorymanager;1"] + .getService(Ci.nsICategoryManager); + catMan.addCategoryEntry("content-policy", this.contractID, this.contractID, + false, true); } ContentPolicy.prototype = { classDescription: "ContentPolicy", classID: Components.ID("{4c03be7d-492f-990e-f0da-f3689e564898}"), contractID: "@torproject.org/content-policy;1", - QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]), uriWhitelist: { // Video playback. @@ -51,6 +60,19 @@ ContentPolicy.prototype = { "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, }, + // nsISupports + QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory, + Ci.nsISupportsWeakReference]), + + // nsIFactory + createInstance: function(outer, iid) + { + if (outer) + throw Cr.NS_ERROR_NO_AGGREGATION; + return this.QueryInterface(iid); + }, + + // nsIContentPolicy shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) { // Accept if the user does not care, no content URI is available or scheme @@ -121,8 +143,10 @@ var requestObserver = { }, }; -// Firefox >= 4.0 (Old versions are extremely irrelevant). -var NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentPolicy]); +// Create a content policy object; initialization is done in the contructor. +var cp = new ContentPolicy(); -// Register the request observer to handle redirects. -requestObserver.start(); +// In the chrome process, register the request observer to handle redirects. +if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_DEFAULT) { + requestObserver.start(); +} diff --git a/src/components/startup-observer.js b/src/components/startup-observer.js index 6698b0b..65ca659 100644 --- a/src/components/startup-observer.js +++ b/src/components/startup-observer.js @@ -60,6 +60,13 @@ function StartupObserver() { } catch(e) { this.logger.log(4, "Early proxy change failed. Will try again at profile load. Error: "+e); } + + // Arrange for our nsIContentPolicy filter to be loaded in the + // default (chrome) process as well as in each content process. + let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"] + .getService(Ci.nsIProcessScriptLoader); + ppmm.loadProcessScript("resource://torbutton/components/content-policy.js", + true); } StartupObserver.prototype = {

1 0

[torbutton/master] Bug 21627: Ignore HTTP 304 responses when checking redirects.
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit ad937183266423425e166b417659b1db14aaeced Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Jun 1 11:06:09 2017 -0400 Bug 21627: Ignore HTTP 304 responses when checking redirects. Avoid noise on the error console when a page is reloaded. Since 304 responses do not have Location headers, it is safe to ignore such responses inside our http-on-examine-response observer. --- src/components/content-policy.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/components/content-policy.js b/src/components/content-policy.js index 365a5e5..a63919c 100644 --- a/src/components/content-policy.js +++ b/src/components/content-policy.js @@ -128,9 +128,9 @@ var requestObserver = { // If this is a redirect... // - // Note: Technically `304 Not Modifed` isn't a redirect, but receiving that - // to the proscribed schemes is nonsensical. - if (aStatus >= 300 && aStatus < 400) { + // Note: `304 Not Modifed` isn't a redirect, so there is no Location header to check + // in that case. + if (aStatus >= 300 && aStatus < 400 && aStatus != 304) { let location = aChannel.getResponseHeader("Location"); let aUri = this.ioService.newURI(location, null, null);

1 0

[tor-launcher/master] Version bump
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit 529f2711c9a3cb5a652c2d52c549fd6d095f7949 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 1 14:38:20 2017 +0000 Version bump --- src/install.rdf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/install.rdf b/src/install.rdf index c0a6e20..14b29ce 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -7,7 +7,7 @@ <em:creator>The Tor Project, Inc.</em:creator> <em:contributor>Pearl Crescent, LLC</em:contributor> <em:id>tor-launcher(a)torproject.org</em:id> - <em:version>0.2.12.1</em:version> + <em:version>0.2.12.2</em:version> <em:multiprocessCompatible>true</em:multiprocessCompatible> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html</em:homepageURL> <em:updateURL>data:text/plain,</em:updateURL>

1 0

[tor-launcher/master] Translations update
by gk＠torproject.org 01 Jun '17

01 Jun '17

commit 16e8d4f1b7d43bdd3921c1cc44a40338ebc38c36 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jun 1 14:37:12 2017 +0000 Translations update --- src/chrome/locale/fa/network-settings.dtd | 2 +- src/chrome/locale/fa/progress.dtd | 2 +- src/chrome/locale/fa/torlauncher.properties | 6 +++--- src/chrome/locale/nb/torlauncher.properties | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/chrome/locale/fa/network-settings.dtd b/src/chrome/locale/fa/network-settings.dtd index 939cc7c..490a77b 100644 --- a/src/chrome/locale/fa/network-settings.dtd +++ b/src/chrome/locale/fa/network-settings.dtd @@ -25,7 +25,7 @@ <!ENTITY torSettings.proxyExplanation1 "در بیشتر موارد نیازی به پروکسی محلی نمی باشد. با این حال ممکن است برای اتصال از طریق شبکه شرکت، مدرسه، یا دانشگاه مورد نیاز باشد."> <!ENTITY torSettings.proxyExplanation2 "اگر مطمئن نیستید چگونه به این سوال پاسخ دهید، به تنظیمات اینترنت خود در مرورگر دیگری و یا تنظیمات شبکه کامپیوتر خود رجوع کنید تا ببینید آیا به پروکسی محلی نیاز دارید یا خیر."> <!ENTITY torSettings.enterProxy "تنظیمات پراکسی را وارد کنید."> -<!ENTITY torSettings.bridgePageTitle "پیکربندی پل تٌر"> +<!ENTITY torSettings.bridgePageTitle "پیکربندی پل تور"> <!ENTITY torSettings.bridgeQuestion "آیا شرکتی که از آن اینترنت گرفته اید (ISP)، دسترسی به شبکه تور را فیلتر، سانسور و یا مسدود می کند؟"> <!ENTITY torSettings.bridgeExplanation1 "اگر مطمئن نیستید چگونه به این سوال پاسخ دهید، گزینه 'نه' را انتخاب کنید (در صورتی که نتوانستید بدون استفاده از یک bridge به شبکه تٌر متصل شویدِ، می توانید در هر زمان یک bridge اضافه کنید)."> <!ENTITY torSettings.bridgeExplanation2 "در صورتی که 'بله' را انتخاب کنید، از شما درخواست خواهد شد که bridge های تٌر را تنظیم کنید. bridge ها رله هایی هستند که در هیچ کجا لیست نشده و به همین جهت مسدود کردن ارتباط با شبکه تٌر را سخت تر می کنند."> diff --git a/src/chrome/locale/fa/progress.dtd b/src/chrome/locale/fa/progress.dtd index f7d9e02..8646caa 100644 --- a/src/chrome/locale/fa/progress.dtd +++ b/src/chrome/locale/fa/progress.dtd @@ -1,4 +1,4 @@ -<!ENTITY torprogress.dialog.title "وضعیت تٌر"> +<!ENTITY torprogress.dialog.title "وضعیت تور"> <!ENTITY torprogress.openSettings "تنظیمات‌را باز کنید"> <!ENTITY torprogress.heading "درحال اتصال به شبکه تُر"> <!ENTITY torprogress.pleaseWait "لطفا صبر کنید. در حال برقراری ارتباط با شبکه تٌر.&160; این پروسه ممکن است چند دقیقه به طول بینجامد."> diff --git a/src/chrome/locale/fa/torlauncher.properties b/src/chrome/locale/fa/torlauncher.properties index ad5ef5e..8a827b5 100644 --- a/src/chrome/locale/fa/torlauncher.properties +++ b/src/chrome/locale/fa/torlauncher.properties @@ -31,7 +31,7 @@ torlauncher.error_bridge_bad_default_type=هیچ پلی از نوع %S موجو torlauncher.recommended_bridge=(توصیه شده) torlauncher.connect=اتصال -torlauncher.restart_tor=تور را دوباره شوروع کنید. +torlauncher.restart_tor=تور را ریستارت کنید. torlauncher.quit=خروج torlauncher.quit_win=خروج torlauncher.done=انجام شد @@ -50,10 +50,10 @@ torlauncher.bootstrapStatus.requesting_descriptors=درخواست اطلاعات torlauncher.bootstrapStatus.loading_descriptors=بارگذاری اطلاعات بازپخش torlauncher.bootstrapStatus.conn_or=درحال اتصال به شبکه تُر torlauncher.bootstrapStatus.handshake_or=برپایی یک جریان تُر -torlauncher.bootstrapStatus.done=متصل شده به شبکه تُر +torlauncher.bootstrapStatus.done=به شبکه تور متصل شد! torlauncher.bootstrapWarning.done=انجام شد -torlauncher.bootstrapWarning.connectrefused=اتصال ردشد +torlauncher.bootstrapWarning.connectrefused=اتصال رد شد torlauncher.bootstrapWarning.misc=گوناگون torlauncher.bootstrapWarning.resourcelimit=منابع ناکافی torlauncher.bootstrapWarning.identity=عدم تطبیق هویت diff --git a/src/chrome/locale/nb/torlauncher.properties b/src/chrome/locale/nb/torlauncher.properties index a7c890e..8e7a3f4 100644 --- a/src/chrome/locale/nb/torlauncher.properties +++ b/src/chrome/locale/nb/torlauncher.properties @@ -1,7 +1,7 @@ ### Copyright (c) 2016, The Tor Project, Inc. ### See LICENSE for licensing information. -torlauncher.error_title=Tor Launcher +torlauncher.error_title=Tor-oppstarteren torlauncher.tor_exited_during_startup=Tor ble avsluttet under oppstart. Dette kan ha sin årsak i en feil i din torrc-fil, en feil i Tor eller et annet program på din maskin, eller feilaktig maskinvare. Tor-nettleseren vil ikke starte før det bakenforliggende problemet er ordnet og du har startet det på ny. torlauncher.tor_exited=Tor avsluttet uventet. Dette kan være forårsaket av en feil i Tor, eller et annet program på ditt system, alternativt ødelagt maskinvare. Før omstart av Tor er gjennomført vil du ikke kunne nå noen nettsider. Hvis problemet vedvarer, send en kopi av din Tor-logg til brukerstøtte.

1 0

[torspec/master] easy fixes on proposal 247
by arma＠torproject.org 01 Jun '17

01 Jun '17

commit 38c3450e056cfbfc48571df11436b4469f00c4e5 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Jun 1 09:37:30 2017 -0400 easy fixes on proposal 247 --- proposals/247-hs-guard-discovery.txt | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/proposals/247-hs-guard-discovery.txt b/proposals/247-hs-guard-discovery.txt index 0d9cd96..51e5248 100644 --- a/proposals/247-hs-guard-discovery.txt +++ b/proposals/247-hs-guard-discovery.txt @@ -18,7 +18,7 @@ Status: Draft 1. Overview This document tries to make the above guard discovery + compromise - attack harder to launch. It introduces an optional configuration + attack harder to launch. It introduces a configuration option which makes the hidden service also pin the second and third hops of its circuits for a longer duration. @@ -49,7 +49,7 @@ Status: Draft -> ... -> ... -> middle_n -> middle_n - this proposal pins the two middles nodes to a much more restricted + this proposal pins the two middle nodes to a much more restricted set, as follows: -> guard_3A_A @@ -153,7 +153,7 @@ Status: Draft 2. A Sybil attack against the second or first layer Guards will be more noisy than a Sybil attack against the third layer guard, since the second and first layer Sybil attack requires a timing side channel in - order to determine success, where as the Sybil success is almost + order to determine success, whereas the Sybil success is almost immediately obvious to third layer guard, since it will be instructed to connect to a cooperating malicious rend point by the adversary. @@ -438,7 +438,7 @@ Status: Draft service, because they will see a large number of circuits that tend to pick the same Guard and Exit. - The final nodes will be able to tell with a similar level certainty + The final nodes will be able to tell with a similar level of certainty that depends on their capacity and the service popularity, because they will see a lot of rend handshakes that all tend to have the same second hop. The final nodes can also actively confirm that they have been @@ -446,7 +446,7 @@ Status: Draft target hidden service, and seeing if they are chosen for the Rend point. The most serious of these is the Guard fingerprinting issue. When - proposal xxx-padding-negotiation is implemented, services that enable + proposal 254-padding-negotiation is implemented, services that enable this feature should use those padding primitives to create fake circuits to random middle nodes that are not their guards, in an attempt to look more like a client. @@ -469,7 +469,7 @@ Status: Draft 4.2. Hidden service linkability Multiple hidden services on the same Tor instance should use separate - second and third level guard sets, otherwise an adversary is trivially + second and third level guard sets; otherwise an adversary is trivially able to determine that the two hidden services are co-located by inspecting their current chosen rend point nodes. @@ -488,12 +488,11 @@ Status: Draft different hidden services together (for example, to support concurrent file transfer and chat for the same identity), this behavior should be configurable. A torrc option DisjointHSVanguards should be provided that - defaults to keeping the Vanguards separate for each hidden service should - be provided. + defaults to keeping the Vanguards separate for each hidden service. 4.3. Long term information leaks - Due to Tor's path selection constraints, the client will never chose + Due to Tor's path selection constraints, the client will never choose its primary guard node as later positions in the circuit. Over time, the absence of these nodes will give away information to the adversary. @@ -529,7 +528,7 @@ Status: Draft degrade either performance or user experience significantly, simply by taking out a fraction of them. The solution to this is to make use of the circuit build timeout code (Section 5.2) to have the hidden - service retry the rend connection multiple times. Unfortunately, it + service retry the rend connection multiple times. Unfortunately, it is unwise to simply replace unresponsive third-level guards that fail to complete circuits, as this will accelerate the Sybil attack. @@ -556,7 +555,7 @@ Status: Draft of transient overload at nodes selected by high-traffic hidden services. One option to reduce the impact of this transient overload is to - restrict the set of middle nodes that we chose from to some percentage + restrict the set of middle nodes that we choose from to some percentage of the fastest middle-capable relays in the network. This may have some impact on load balancing, but since the total volume of hidden service traffic is low, it may be unlikely to matter.

1 0