- tor-commits - lists.torproject.org

[tor/master] Sort changelog more.
by nickm＠torproject.org 02 Feb '16

02 Feb '16

commit 15416596efba3653c0880c2d925ca2c314e10da7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Feb 2 12:46:57 2016 -0500 Sort changelog more. --- ChangeLog | 50 ++++++++++++++++++++------------------------------ 1 file changed, 20 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5010e87..d06f403 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,17 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? XXXX Blurb goes here XXXX + o Major key updates: + - Update the V3 identity key for dannenberg: it was changed on 18 + November 2015. Closes task 17906. Patch by "teor". + + o Removed features: + - Remove client-side support for connecting to Tor servers running + versions of Tor before 0.2.3.6-alpha. These servers didn't support + the v3 TLS handshake protocol, and are no longer allowed on the + Tor network. Implements the client side of ticket 11150. Based on + patches by Tom van der Woerdt. + o Major features (security, Linux): - When Tor is started as root on Linux and told to switch user ID, it can now retain the capabilitity to bind to low ports. By @@ -8,7 +19,7 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? some low ports have been configured. You can change this behavior with the new option KeepBindCapabilities. Closes ticket 8195. - o Major features (consensus downloads): + o Major features (directory system): - Schedule multiple in-progress consensus downloads during client bootstrap. Use the first one that starts downloading, close the rest. This reduces failures when authorities are slow or down. @@ -16,26 +27,18 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? to fallback churn. Implements ticket 4483 (reduce failures when authorities are down). Patch by "teor". Implements IPv4 portions of proposal 210 by "mikeperry" and "teor". - - o Major features (directory mirrors): - Include an opt-in trial list of default fallback directories in add_default_fallback_dir_servers(). Doing this should improve client reliability and initial bootstrap performance, and reduce load on the directory authorities. Closes ticket 15775. Patch by "teor". OnionOO script by "weasel", "teor", "gsathya", and "karsten". - - o Major features (directory system): - Previously only relays who explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, who do not disable the DirCache option accept and serve directory requests sent (tunnelled) through their ORPort. Closes ticket 12538. - o Major key updates: - - Update the V3 identity key for dannenberg: it was changed on 18 - November 2015. Closes task 17906. Patch by "teor". - o Minor features (security, clock): - Warn when the system clock is set back in time (when the state file was last written in the future). Tor doesn't know that @@ -104,6 +107,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? we actually need. Previously, we were allocating as much space as the state for the largest algorithm would need. This change saves up to 672 bytes per circuit. Closes ticket 17796. + - Improve performance when hashing non-multiple of 8 sized buffers, + based on Andrew Moon's Public Domain SipHash-2-4 implementation. + Fixes bug 17544; bugfix on 0.2.5.3-alpha. o Minor features (directory downloads): - Wait for busy authorities and fallbacks to become non-busy when @@ -162,11 +168,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - The replay cache now uses SHA256 instead of SHA1. Implements feature 8961. Patch by "teor", issue reported by "rransom". - o Minor features (SipHash-2-4 performance): - - Improve performance when hashing non-multiple of 8 sized buffers, - based on Andrew Moon's Public Domain SipHash-2-4 implementation. - Fixes bug 17544; bugfix on 0.2.5.3-alpha. - o Minor features (unix file permissions): - Defer creation of Unix sockets until after setuid. This avoids needing CAP_CHOWN and CAP_FOWNER when using systemd's @@ -187,11 +188,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch from "unixninja92". - o Minor bugfixes (build): - - Mark all object files that include micro-revision.i as depending - on it, so as to make our build more reliable with parallel builds. - Fixes bug 17826; bugfix on 0.2.5.1-alpha. - o Minor bugfixes (code correctness): - When closing an entry connection, generate a warning if we should have sent an end cell for it but we haven't. Fixes bug 17876; @@ -199,8 +195,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Assert that allocated memory held by the reputation code is freed according to its internal counters. Fixes bug 17753; bugfix on tor-0.1.1.1-alpha. + - Assert when the TLS contexts fail to initialize. Fixes bug 17683; + bugfix on 0.0.6. o Minor bugfixes (compilation): + - Mark all object files that include micro-revision.i as depending + on it, so as to make our build more reliable with parallel builds. + Fixes bug 17826; bugfix on 0.2.5.1-alpha. - Don't try to use the pthrad_condattr_setclock() function unless it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819; bugfix on 0.2.6.3-alpha. @@ -291,10 +292,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Check the full results of SHA256 and SHA512 digests in the unit tests. Bugfix on 0.2.2.4-alpha. Patch by "teor". - o Minor bugfixes (TLS context): - - Assert when the TLS contexts fail to initialize. Fixes bug 17683; - bugfix on 0.0.6. - o Code simplification and refactoring: - Move logging of redundant policy entries in policies_parse_exit_policy_internal into its own function. Closes @@ -330,13 +327,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? whenever we mention a document that belongs in torspce. Fixes issue 17392. - o Removed features: - - Remove client-side support for connecting to Tor servers running - versions of Tor before 0.2.3.6-alpha. These servers didn't support - the v3 TLS handshake protocol, and are no longer allowed on the - Tor network. Implements the client side of ticket 11150. Based on - patches by Tom van der Woerdt. - o Testing: - Add unit tests that check for common RNG failure modes, such as returning all zeroes, identical values, or incrementing values

1 0

[tor/master] Combine a bunch of items/sections in the 0.2.8.1-alpha changelog
by nickm＠torproject.org 02 Feb '16

02 Feb '16

commit b8171e9f85fdb3a37ae40c31c5ea3ff54c21264c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 1 23:54:38 2016 -0500 Combine a bunch of items/sections in the 0.2.8.1-alpha changelog --- ChangeLog | 206 ++++++++++++++++++++++++-------------------------------------- 1 file changed, 79 insertions(+), 127 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12012aa..d0e2908 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,17 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? XXXX Blurb goes here XXXX + o Removed features: + - Remove client-side support for connecting to Tor servers running + versions of Tor before 0.2.3.6-alpha. These servers didn't support + the v3 TLS handshake protocol, and are no longer allowed on the + Tor network. Implements the client side of ticket 11150. Based on + patches by Tom van der Woerdt. + + o Major key updates: + - Update the V3 identity key for dannenberg: it was changed on 18 + November 2015. Closes task 17906. Patch by "teor". + o Major features (consensus downloads): - Schedule multiple in-progress consensus downloads during client bootstrap. Use the first one that starts downloading, close the @@ -10,27 +21,22 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? authorities are down). Patch by "teor". Implements IPv4 portions of proposal 210 by "mikeperry" and "teor". - o Major features (controller): - - New "GETINFO hs/service/desc/id/" command to retrieve a hidden - service descriptor from a service's local hidden service - descriptor cache. Closes ticket 14846. - o Major features (directory mirrors): - - Include an opt-in trial list of Default Fallback Directories in + - Include an opt-in trial list of default fallback directories in add_default_fallback_dir_servers(). Doing this should improve client reliability and initial bootstrap performance, and reduce load on the directory authorities. Closes ticket 15775. Patch by "teor". OnionOO script by "weasel", "teor", "gsathya", and "karsten". - o Major features (relay): + o Major features (security, Linux): - When Tor is started as root on Linux and told to switch user ID, it can now retain the capabilitity to bind to low ports. By default, Tor will do this only when it's switching user ID and some low ports have been configured. You can change this behavior with the new option KeepBindCapabilities. Closes ticket 8195. - o Minor features (security): + o Minor features (security, RNG): - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, positively are not allowed to fail. Previously we depended on internals about OpenSSL behavior. Closes ticket 17686. @@ -39,6 +45,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? of using system entropy directly, hash it with the PRNG stream. This may help resist certain attacks based on broken OS entropy implementations. Closes part of ticket 17694. + - Use modern system calls to generate strong entropy on platforms + that provide them. Closes ticket 13696. + + o Minor features (security, memory erasure): - Set unused entires in a smartlist to NULL. This helped catch a (harmless) bug, and shouldn't affect performance too much. Implements ticket 17026. @@ -47,6 +57,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Use explicit_bzero or memset_s when present. Previously, we'd use OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches from <logan(a)hackers.mu> and <selven(a)hackers.mu>. + - Make memwipe() do nothing when passed a NULL pointer or zero size. + Check size argument to memwipe() for underflow. Fixes bug 18089; + bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch + by "teor". o Minor features (security, clock): - Warn when the system clock is set back in time (when the state @@ -54,26 +68,25 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? consensuses have expired if the clock is in the past. Patch by "teor". Implements ticket 17188. - o Minor features (security, cryptography): - - Use modern system calls to generate strong entropy on platforms - that provide them. Closes ticket 13696. - - o Minor feature (crypto): + o Minor features (crypto): - Add SHA512 support to crypto.c. Closes ticket 17663; patch from George Tankersley. + - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783. + - When allocating a digest state object, allocate no more space than + we actually need. Previously, we were allocating as much space as + the state for the largest algorithm would need. This change saves + up to 672 bytes per circuit. Closes ticket 17796. - o Minor feature (directory downloads): + o Minor features (directory downloads): - Wait for busy authorities and fallbacks to become non-busy when bootstrapping. (A similar change was made in 6c443e987d for directory servers chosen from the consensus.) Closes ticket 17864; patch by "teor". - - o Minor feature (fallback directories): - Add UseDefaultFallbackDirs, which enables any hard-coded fallback directory mirrors. Default is 1, set it to 0 to disable fallbacks. Implements ticket 17576. Patch by "teor". - o Minor feature (IPv6): + o Minor features (IPv6): - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc options. Add hard-coded ipv6 addresses for directory authorities with ipv6 lines in their descriptors. Closes ticket @@ -82,73 +95,53 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Limit IPv6 mask bits to 128. - Warn when comparing against an AF_UNSPEC address in a policy, it's almost always a bug. Closes ticket 17863; patch by "teor". + - Allow users to configure directory authorities and fallback + directory servers with IPv6 addresses and ORPorts. Resolves + ticket 6027. + - routerset_parse now accepts IPv6 literal addresses. Fixes bug + 17060; bugfix on 0.2.1.3-alpha. Patch by "teor". + - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug + 17638; bugfix on 0.0.2pre8. Patch by "teor". - o Minor feature (logging): + o Minor features (logging): - When logging to syslog, allow a tag to be added to the syslog - identity ("Tor"), i.e. the string prepended to every log message. - The tag can be configured by setting SyslogIdentityTag and + identity (the string prepended to every log message). + The tag can be configured with SyslogIdentityTag and defaults to none. Setting it to "foo" will cause logs to be tagged as "Tor-foo". Closes ticket 17194. - o Minor feature (refactoring): - - Move logging of redundant policy entries in - policies_parse_exit_policy_internal into its own function. Closes - ticket 17608; patch from "juce". - o Minor features (accounting): - Added two modes to AccountingRule in torrc for limiting just input or just output. Closes ticket 15989; patch from "unixninja92". - o Minor features (authorities): - - Update the V3 identity key for dannenberg: it was changed on 18 - November 2015. Closes task 17906. Patch by "teor". - o Minor features (build): - Since our build process now uses 'make distcheck', we no longer force "make dist" to depend on "make check". Closes ticket 17893; patch from "cypherpunks." - - o Minor features (compilation): - Repair some compilation issues with some recent (unreleased, alpha) vesions of OpenSSL 1.1. Closes ticket 17549. o Minor features (controller): - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes tickets 16774 and 17817. Patch by George Tankersley. + - New "GETINFO hs/service/desc/id/" command to retrieve a hidden + service descriptor from a service's local hidden service + descriptor cache. Closes ticket 14846. + - Add controller getinfo exit-policy/reject-private/[default,relay] + for the reject rules added by ExitPolicyRejectPrivate. This makes + it easier for stem to display exit policies. - o Minor features (crypto): - - When allocating a digest state object, allocate no more space than - we actually need. Previously, we were allocating as much space as - the state for the largest algorithm would need. This change saves - up to 672 bytes per circuit. Closes ticket 17796. - - o Minor features (directory system): + o Major features (directory system): - Previously only relays who explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, who do not disable the DirCache option accept and serve directory requests sent (tunnelled) through their ORPort. Closes ticket 12538. - o Minor features (exit policies, controllers): - - Add controller getinfo exit-policy/reject-private/[default,relay] - for the reject rules added by ExitPolicyRejectPrivate. This makes - it easier for stem to display exit policies. - - Add unit tests for getinfo exit-policy/*. Finishes implementation - for ticket 17183. Patch by "teor". - - o Minor features (fallback directories): - - Add a set of default fallback directories for the 0.2.8 alpha - releases. Closes ticket 17158. Patch by "teor". - o Minor features (geoip): - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 Country database. - o Minor features (IPv6 support): - - Allow users to configure directory authorities and fallback - directory servers with IPv6 addresses and ORPorts. Resolves - ticket 6027. - o Minor features (portability): - Use timingsafe_memcmp() where available. Closes ticket 17944; patch from <logan(a)hackers.mu>. @@ -165,20 +158,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? find out what IP addresses (both IPv4 and IPv6) our machine has. Resolves ticket 17951. - o Minor features (replaycache): + o Minor features (replay cache): - The replay cache now uses SHA256 instead of SHA1. Implements feature 8961. Patch by "teor", issue reported by "rransom". - o Minor features (testing): - - Log more information when the backtrace tests fail. Closes ticket - 17892. Patch from "cypherpunks." - - o Minor features (unit tests, random number generation): - - Add unit tests that check for common RNG failure modes, such as - returning all zeroes, identical values, or incrementing values - (OpenSSL's rand_predictable feature). Patch by "teor". - - o Minor features (unix permissions): + o Minor features (unix file permissions): - Defer creation of Unix sockets until after setuid. This avoids needing CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or chown and fowner when using SELinux. @@ -193,57 +177,49 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? DataDirectory will be made readable by the default GID. Implements part of ticket 17562. Patch from Jamie Nguyen. - o Minor bugfixes (security): - - Make memwipe() do nothing when passed a NULL pointer or zero size. - Check size argument to memwipe() for underflow. Fixes bug 18089; - bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch - by "teor". - - o Minor bugfixes (security, exit policies): + o Minor features (security, exit policies): - ExitPolicyRejectPrivate rejects more private addresses by default. Specifically, it rejects the relay's outbound bind addresses (if configured), and the relay's configured port addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha. Patch by "teor". - o Minor bugfix (crypto): - - Check the return value of HMAC and assert on failure. Fixes bug + o Minor bugfixes (crypto): + - Check the return value of HMAC() and assert on failure. Fixes bug 17658; bugfix on 0.2.3.6-alpha. Patch by "teor". - o Minor bugfix (fallback directories): + o Minor bugfixes (fallback directories): - Mark fallbacks as "too busy" when they return a 503 response, rather than just marking authorities. Fixes bug 17572; bugfix on - 5c51b3f1f0d4 released in 0.2.4.7-alpha. Patch by "teor". - - o Minor bugfix (IPv6 compatibility, unit tests): - - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug - 17638; bugfix on 0.0.2pre8. Patch by "teor". + 0.2.4.7-alpha. Patch by "teor". - o Minor bugfix (relays, hidden services): + o Minor bugfixes (relays, hidden services): - Refuse connection requests to private OR addresses unless ExtendAllowPrivateAddresses is set. Previously, tor would connect, then refuse to send any cells to a private address. Fixes bugs 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor". - o Minor bugfix (SipHash-2-4 performance): + o Minor features (SipHash-2-4 performance): - Improve performance when hashing non-multiple of 8 sized buffers, based on Andrew Moon's Public Domain SipHash-2-4 implementation. Fixes bug 17544; bugfix on 0.2.5.3-alpha. - o Minor bugfix (testing): + o Minor bugfixes (testing): - The test for log_heartbeat was incorrectly failing in timezones with non-integer offsets. Instead of comparing the end of the time string against a constant, compare it to the output of format_local_iso_time when given the correct input. Fixes bug 18039; bugfix on 0.2.5.4-alpha. - - o Minor bugfix (unit tests): - Make unit tests pass on IPv6-only systems, and systems without localhost addresses (like some FreeBSD jails). Fixes bug 17632; bugfix on 0.2.7.3-rc. Patch by "teor". + - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix + on 0.2.4.8-alpha. + - Check the full results of SHA256 and SHA512 digests in the unit + tests. Bugfix on 0.2.2.4-alpha. Patch by "teor". o Minor bugfixes (accounting): - - The max bandwidth when using AccountRule sum is now correctly + - The max bandwidth when using 'AccountRule sum' is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch from "unixninja92". @@ -252,12 +228,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? on it, so as to make our build more reliable with parallel builds. Fixes bug 17826; bugfix on 0.2.5.1-alpha. - o Minor bugfixes (client, correctness): + o Minor bugfixes (code correctness): - When closing an entry connection, generate a warning if we should have sent an end cell for it but we haven't. Fixes bug 17876; bugfix on 0.2.3.2-alpha. - - o Minor bugfixes (code correctness): - Assert that allocated memory held by the reputation code is freed according to its internal counters. Fixes bug 17753; bugfix on tor-0.1.1.1-alpha. @@ -277,6 +251,8 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? build system. Fixes bug 17818; bugfix on tor-0.2.7.3-rc. - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix on tor-0.0.2pre8. + - Remove config.log only from make distclean, not from make clean. + Fixes bug 17924; bugfix on 0.2.4.1-alpha. o Minor bugfixes (IPv6): - Update the limits in max_dl_per_request for IPv6 address length. @@ -295,10 +271,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Remove needless quotes from a log message about unparseable addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha. - o Minor bugfixes (makefile): - - Remove config.log only from make distclean, not from make clean. - Fixes bug 17924; bugfix on 0.2.4.1-alpha. - o Minor bugfixes (portability): - Remove an #endif from configure.ac so that we correctly detect the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix @@ -311,10 +283,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? longer than the ORPort reachability test. Fixes bug 18050; bugfix on 0.1.0.1-rc. Reported by "starlight", patch by "teor". - o Minor bugfixes (routersets, IPv6): - - routerset_parse now accepts IPv6 literal addresses. Fixes bug - 17060; bugfix on 0.2.1.3-alpha. Patch by "teor". - o Minor bugfixes (safe logging): - When logging a malformed hostname received through socks4, scrub it if SafeLogging says we should. Fixes bug 17419; bugfix @@ -330,19 +298,14 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? cases with maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha. - o Minor bugfixes (tests): - - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix - on 0.2.4.8-alpha. - o Minor bugfixes (TLS context): - Assert when the TLS contexts fail to initialize. Fixes bug 17683; bugfix on 0.0.6. - o Minor bugfixes (unit tests): - - Check the full results of SHA256 and SHA512 digests in the unit - tests. Bugfix on 0.2.2.4-alpha. Patch by "teor". - o Code simplification and refactoring: + - Move logging of redundant policy entries in + policies_parse_exit_policy_internal into its own function. Closes + ticket 17608; patch from "juce". - Extract the more complicated parts of circuit_mark_for_close into a new function run periodically before connections are freed. This change removes more than half of the functions currently in the @@ -360,7 +323,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? launches it, instead mark the connection for teardown. This change simplifies Tor's callback and prevents the directory- request launching code from invoking itself recursively. Closes - ticket 17589. + ticket 17589 + - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them. + Closes ticket 17926. o Documentation: - Add a description of the correct use of the '--keygen' command- @@ -372,32 +337,19 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? whenever we mention a document that belongs in torspce. Fixes issue 17392. - o Removed features: - - Remove client-side support for connecting to Tor servers running - versions of Tor before 0.2.3.6-alpha. These servers didn't support - the v3 TLS handshake protocol, and are no longer allowed on the - Tor network. Implements the client side of ticket 11150. Based on - patches by Tom van der Woerdt. - - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them. - Closes ticket 17926. - o Testing: + - Add unit tests that check for common RNG failure modes, such as + returning all zeroes, identical values, or incrementing values + (OpenSSL's rand_predictable feature). Patch by "teor". + - Log more information when the backtrace tests fail. Closes ticket + 17892. Patch from "cypherpunks." - Always test both ed25519 backends, so that we can be sure that our batch-open replacement code works. Part of ticket 16794. - Cover dns_resolve_impl() in dns.c with unit tests. Implements a portion of ticket 16831. - - More unit tests for compat_libevent.c. Closes ticket 17075. Patch - from Ola Bini. - - More unit tests for procmon.c. Closes ticket 17078. Patch from - Ola Bini. - - More unit tests for tortls.c. Closes ticket 17082. Patch from - Ola Bini. - - More unit tests for util_format.c. Closes ticket 17084. Patch from - Ola Bini. - - New tests for directory.c functions. Closes ticket 17003. Patch - from Ola Bini. - - New tests for options_validate. Closes ticket 17076. Patch from - Ola Bini. + - More unit tests for compat_libevent.c, procmon.c, tortls.c, + util_format.c, directory.c, and options_validate.c. Closes tickets 17075, + 17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini. - Unit tests for directory_handle_command_get. Closes ticket 17004. Patch from Reinaldo de Souza Jr.

1 0

[tor/master] Re-run formatChangelog.py
by nickm＠torproject.org 02 Feb '16

02 Feb '16

commit 937afe746f017c0b386e02fb139f4c47092cd1d0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 1 23:55:16 2016 -0500 Re-run formatChangelog.py --- ChangeLog | 223 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 112 insertions(+), 111 deletions(-) diff --git a/ChangeLog b/ChangeLog index d0e2908..5010e87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,16 +1,12 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? XXXX Blurb goes here XXXX - o Removed features: - - Remove client-side support for connecting to Tor servers running - versions of Tor before 0.2.3.6-alpha. These servers didn't support - the v3 TLS handshake protocol, and are no longer allowed on the - Tor network. Implements the client side of ticket 11150. Based on - patches by Tom van der Woerdt. - - o Major key updates: - - Update the V3 identity key for dannenberg: it was changed on 18 - November 2015. Closes task 17906. Patch by "teor". + o Major features (security, Linux): + - When Tor is started as root on Linux and told to switch user ID, + it can now retain the capabilitity to bind to low ports. By + default, Tor will do this only when it's switching user ID and + some low ports have been configured. You can change this behavior + with the new option KeepBindCapabilities. Closes ticket 8195. o Major features (consensus downloads): - Schedule multiple in-progress consensus downloads during client @@ -29,24 +25,29 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? "teor". OnionOO script by "weasel", "teor", "gsathya", and "karsten". - o Major features (security, Linux): - - When Tor is started as root on Linux and told to switch user ID, - it can now retain the capabilitity to bind to low ports. By - default, Tor will do this only when it's switching user ID and - some low ports have been configured. You can change this behavior - with the new option KeepBindCapabilities. Closes ticket 8195. + o Major features (directory system): + - Previously only relays who explicitly opened a directory port + (DirPort) accepted directory requests from clients. Now all + relays, with and without a DirPort, who do not disable the + DirCache option accept and serve directory requests sent + (tunnelled) through their ORPort. Closes ticket 12538. - o Minor features (security, RNG): - - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, - positively are not allowed to fail. Previously we depended on - internals about OpenSSL behavior. Closes ticket 17686. - - Never use the system entropy output directly for anything besides - seeding the PRNG. When we want to generate important keys, instead - of using system entropy directly, hash it with the PRNG stream. - This may help resist certain attacks based on broken OS entropy - implementations. Closes part of ticket 17694. - - Use modern system calls to generate strong entropy on platforms - that provide them. Closes ticket 13696. + o Major key updates: + - Update the V3 identity key for dannenberg: it was changed on 18 + November 2015. Closes task 17906. Patch by "teor". + + o Minor features (security, clock): + - Warn when the system clock is set back in time (when the state + file was last written in the future). Tor doesn't know that + consensuses have expired if the clock is in the past. Patch by + "teor". Implements ticket 17188. + + o Minor features (security, exit policies): + - ExitPolicyRejectPrivate rejects more private addresses by default. + Specifically, it rejects the relay's outbound bind addresses (if + configured), and the relay's configured port addresses (such as + ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha. + Patch by "teor". o Minor features (security, memory erasure): - Set unused entires in a smartlist to NULL. This helped catch @@ -62,11 +63,38 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch by "teor". - o Minor features (security, clock): - - Warn when the system clock is set back in time (when the state - file was last written in the future). Tor doesn't know that - consensuses have expired if the clock is in the past. Patch by - "teor". Implements ticket 17188. + o Minor features (security, RNG): + - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, + positively are not allowed to fail. Previously we depended on + internals about OpenSSL behavior. Closes ticket 17686. + - Never use the system entropy output directly for anything besides + seeding the PRNG. When we want to generate important keys, instead + of using system entropy directly, hash it with the PRNG stream. + This may help resist certain attacks based on broken OS entropy + implementations. Closes part of ticket 17694. + - Use modern system calls to generate strong entropy on platforms + that provide them. Closes ticket 13696. + + o Minor features (accounting): + - Added two modes to AccountingRule in torrc for limiting just input + or just output. Closes ticket 15989; patch from "unixninja92". + + o Minor features (build): + - Since our build process now uses 'make distcheck', we no longer + force "make dist" to depend on "make check". Closes ticket 17893; + patch from "cypherpunks." + - Repair some compilation issues with some recent (unreleased, + alpha) vesions of OpenSSL 1.1. Closes ticket 17549. + + o Minor features (controller): + - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes + tickets 16774 and 17817. Patch by George Tankersley. + - New "GETINFO hs/service/desc/id/" command to retrieve a hidden + service descriptor from a service's local hidden service + descriptor cache. Closes ticket 14846. + - Add controller getinfo exit-policy/reject-private/[default,relay] + for the reject rules added by ExitPolicyRejectPrivate. This makes + it easier for stem to display exit policies. o Minor features (crypto): - Add SHA512 support to crypto.c. Closes ticket 17663; patch from @@ -86,6 +114,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? directory mirrors. Default is 1, set it to 0 to disable fallbacks. Implements ticket 17576. Patch by "teor". + o Minor features (geoip): + - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 + Country database. + o Minor features (IPv6): - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc options. Add hard-coded ipv6 addresses for directory @@ -105,42 +137,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? o Minor features (logging): - When logging to syslog, allow a tag to be added to the syslog - identity (the string prepended to every log message). - The tag can be configured with SyslogIdentityTag and - defaults to none. Setting it to "foo" will cause logs to be tagged - as "Tor-foo". Closes ticket 17194. - - o Minor features (accounting): - - Added two modes to AccountingRule in torrc for limiting just input - or just output. Closes ticket 15989; patch from "unixninja92". - - o Minor features (build): - - Since our build process now uses 'make distcheck', we no longer - force "make dist" to depend on "make check". Closes ticket 17893; - patch from "cypherpunks." - - Repair some compilation issues with some recent (unreleased, - alpha) vesions of OpenSSL 1.1. Closes ticket 17549. - - o Minor features (controller): - - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes - tickets 16774 and 17817. Patch by George Tankersley. - - New "GETINFO hs/service/desc/id/" command to retrieve a hidden - service descriptor from a service's local hidden service - descriptor cache. Closes ticket 14846. - - Add controller getinfo exit-policy/reject-private/[default,relay] - for the reject rules added by ExitPolicyRejectPrivate. This makes - it easier for stem to display exit policies. - - o Major features (directory system): - - Previously only relays who explicitly opened a directory port - (DirPort) accepted directory requests from clients. Now all - relays, with and without a DirPort, who do not disable the - DirCache option accept and serve directory requests sent - (tunnelled) through their ORPort. Closes ticket 12538. - - o Minor features (geoip): - - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 - Country database. + identity (the string prepended to every log message). The tag can + be configured with SyslogIdentityTag and defaults to none. Setting + it to "foo" will cause logs to be tagged as "Tor-foo". Closes + ticket 17194. o Minor features (portability): - Use timingsafe_memcmp() where available. Closes ticket 17944; @@ -162,6 +162,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - The replay cache now uses SHA256 instead of SHA1. Implements feature 8961. Patch by "teor", issue reported by "rransom". + o Minor features (SipHash-2-4 performance): + - Improve performance when hashing non-multiple of 8 sized buffers, + based on Andrew Moon's Public Domain SipHash-2-4 implementation. + Fixes bug 17544; bugfix on 0.2.5.3-alpha. + o Minor features (unix file permissions): - Defer creation of Unix sockets until after setuid. This avoids needing CAP_CHOWN and CAP_FOWNER when using systemd's @@ -177,47 +182,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? DataDirectory will be made readable by the default GID. Implements part of ticket 17562. Patch from Jamie Nguyen. - o Minor features (security, exit policies): - - ExitPolicyRejectPrivate rejects more private addresses by default. - Specifically, it rejects the relay's outbound bind addresses (if - configured), and the relay's configured port addresses (such as - ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha. - Patch by "teor". - - o Minor bugfixes (crypto): - - Check the return value of HMAC() and assert on failure. Fixes bug - 17658; bugfix on 0.2.3.6-alpha. Patch by "teor". - - o Minor bugfixes (fallback directories): - - Mark fallbacks as "too busy" when they return a 503 response, - rather than just marking authorities. Fixes bug 17572; bugfix on - 0.2.4.7-alpha. Patch by "teor". - - o Minor bugfixes (relays, hidden services): - - Refuse connection requests to private OR addresses unless - ExtendAllowPrivateAddresses is set. Previously, tor would connect, - then refuse to send any cells to a private address. Fixes bugs - 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor". - - o Minor features (SipHash-2-4 performance): - - Improve performance when hashing non-multiple of 8 sized buffers, - based on Andrew Moon's Public Domain SipHash-2-4 implementation. - Fixes bug 17544; bugfix on 0.2.5.3-alpha. - - o Minor bugfixes (testing): - - The test for log_heartbeat was incorrectly failing in timezones - with non-integer offsets. Instead of comparing the end of the time - string against a constant, compare it to the output of - format_local_iso_time when given the correct input. Fixes bug - 18039; bugfix on 0.2.5.4-alpha. - - Make unit tests pass on IPv6-only systems, and systems without - localhost addresses (like some FreeBSD jails). Fixes bug 17632; - bugfix on 0.2.7.3-rc. Patch by "teor". - - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix - on 0.2.4.8-alpha. - - Check the full results of SHA256 and SHA512 digests in the unit - tests. Bugfix on 0.2.2.4-alpha. Patch by "teor". - o Minor bugfixes (accounting): - The max bandwidth when using 'AccountRule sum' is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch @@ -254,6 +218,15 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Remove config.log only from make distclean, not from make clean. Fixes bug 17924; bugfix on 0.2.4.1-alpha. + o Minor bugfixes (crypto): + - Check the return value of HMAC() and assert on failure. Fixes bug + 17658; bugfix on 0.2.3.6-alpha. Patch by "teor". + + o Minor bugfixes (fallback directories): + - Mark fallbacks as "too busy" when they return a 503 response, + rather than just marking authorities. Fixes bug 17572; bugfix on + 0.2.4.7-alpha. Patch by "teor". + o Minor bugfixes (IPv6): - Update the limits in max_dl_per_request for IPv6 address length. Fixes bug 17573; bugfix on 0.2.1.5-alpha. @@ -283,6 +256,12 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? longer than the ORPort reachability test. Fixes bug 18050; bugfix on 0.1.0.1-rc. Reported by "starlight", patch by "teor". + o Minor bugfixes (relays, hidden services): + - Refuse connection requests to private OR addresses unless + ExtendAllowPrivateAddresses is set. Previously, tor would connect, + then refuse to send any cells to a private address. Fixes bugs + 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor". + o Minor bugfixes (safe logging): - When logging a malformed hostname received through socks4, scrub it if SafeLogging says we should. Fixes bug 17419; bugfix @@ -298,6 +277,20 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? cases with maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha. + o Minor bugfixes (testing): + - The test for log_heartbeat was incorrectly failing in timezones + with non-integer offsets. Instead of comparing the end of the time + string against a constant, compare it to the output of + format_local_iso_time when given the correct input. Fixes bug + 18039; bugfix on 0.2.5.4-alpha. + - Make unit tests pass on IPv6-only systems, and systems without + localhost addresses (like some FreeBSD jails). Fixes bug 17632; + bugfix on 0.2.7.3-rc. Patch by "teor". + - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix + on 0.2.4.8-alpha. + - Check the full results of SHA256 and SHA512 digests in the unit + tests. Bugfix on 0.2.2.4-alpha. Patch by "teor". + o Minor bugfixes (TLS context): - Assert when the TLS contexts fail to initialize. Fixes bug 17683; bugfix on 0.0.6. @@ -337,6 +330,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? whenever we mention a document that belongs in torspce. Fixes issue 17392. + o Removed features: + - Remove client-side support for connecting to Tor servers running + versions of Tor before 0.2.3.6-alpha. These servers didn't support + the v3 TLS handshake protocol, and are no longer allowed on the + Tor network. Implements the client side of ticket 11150. Based on + patches by Tom van der Woerdt. + o Testing: - Add unit tests that check for common RNG failure modes, such as returning all zeroes, identical values, or incrementing values @@ -348,8 +348,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0? - Cover dns_resolve_impl() in dns.c with unit tests. Implements a portion of ticket 16831. - More unit tests for compat_libevent.c, procmon.c, tortls.c, - util_format.c, directory.c, and options_validate.c. Closes tickets 17075, - 17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini. + util_format.c, directory.c, and options_validate.c. Closes tickets + 17075, 17082, 17084, 17003, and 17076 respectively. Patches from + Ola Bini. - Unit tests for directory_handle_command_get. Closes ticket 17004. Patch from Reinaldo de Souza Jr.

1 0

[stem/master] Proc unit testing failure under python3
by atagar＠torproject.org 02 Feb '16

02 Feb '16

commit 9e0369d68547ec8f128a7472be0ddc8bbe0d3e93 Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Feb 2 07:59:52 2016 -0800 Proc unit testing failure under python3 Simple bytes/unicode error in our tests. This caused a couple proc tests to fail under python3... ====================================================================== ERROR: test_connections_ipv6 ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/atagar/Desktop/stem/stem/util/proc.py", line 370, in connections with open(proc_file_path, 'rb') as proc_file: File "/usr/local/lib/python3.2/dist-packages/mock/mock.py", line 1062, in __call__ return _mock_self._mock_call(*args, **kwargs) File "/usr/local/lib/python3.2/dist-packages/mock/mock.py", line 1128, in _mock_call ret_val = effect(*args, **kwargs) File "/home/atagar/Desktop/stem/test/unit/util/proc.py", line 262, in <lambda> '/proc/net/tcp': io.BytesIO(''), TypeError: 'str' does not support the buffer interface --- test/unit/util/proc.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/unit/util/proc.py b/test/unit/util/proc.py index a828981..e8858f1 100644 --- a/test/unit/util/proc.py +++ b/test/unit/util/proc.py @@ -259,9 +259,9 @@ class TestProc(unittest.TestCase): }[param] open_mock.side_effect = lambda param, mode: { - '/proc/net/tcp': io.BytesIO(''), + '/proc/net/tcp': io.BytesIO(b''), '/proc/net/tcp6': io.BytesIO(TCP6_CONTENT), - '/proc/net/udp': io.BytesIO(''), + '/proc/net/udp': io.BytesIO(b''), }[param] expected_results = [ @@ -287,9 +287,9 @@ class TestProc(unittest.TestCase): }[param] open_mock.side_effect = lambda param, mode: { - '/proc/net/tcp': io.BytesIO(''), + '/proc/net/tcp': io.BytesIO(b''), '/proc/net/tcp6': io.BytesIO(TCP6_CONTENT), - '/proc/net/udp': io.BytesIO(''), + '/proc/net/udp': io.BytesIO(b''), }[param] expected_results = [

1 0

[stem/master] Python3 regression in socket's recv_message()
by atagar＠torproject.org 02 Feb '16

02 Feb '16

commit 05bd17003bf86362b03cb487f4277f312b428fc2 Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Feb 2 07:52:20 2016 -0800 Python3 regression in socket's recv_message() Oops, shame on me for not testing with python3. Recent log truncation change introduced a regression... ====================================================================== ERROR: test_hs_desc_content_event ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/atagar/Desktop/stem/test/unit/response/events.py", line 877, in test_hs_desc_content_event event = _get_event(HS_DESC_CONTENT_EVENT) File "/home/atagar/Desktop/stem/test/unit/response/events.py", line 458, in _get_event controller_event = mocking.get_message(content) File "/home/atagar/Desktop/stem/test/mocking.py", line 259, in get_message return stem.response.ControlMessage.from_str(content) File "/home/atagar/Desktop/stem/stem/response/__init__.py", line 160, in from_str msg = stem.socket.recv_message(StringIO(content)) File "/home/atagar/Desktop/stem/stem/socket.py", line 601, in recv_message print([b'... %i more lines...' % (len(log_message_lines) - TRUNCATE_LOGS)]) TypeError: unsupported operand type(s) for %: 'bytes' and 'int' ---------------------------------------------------------------------- Thanks to toralf for pointing this out. Trouble is that under python3 bytes doesn't support % formatting at all... >>> b'hi %i' % 5 Traceback (most recent call last): File "<stdin>", line 1, in <module> TypeError: unsupported operand type(s) for %: 'bytes' and 'int' This is pretty pesky, and something they plan to change... http://legacy.python.org/dev/peps/pep-0461/ --- stem/socket.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/stem/socket.py b/stem/socket.py index de57c7d..4537ea6 100644 --- a/stem/socket.py +++ b/stem/socket.py @@ -592,15 +592,15 @@ def recv_message(control_file): parsed_content.append((status_code, divider, content)) raw_content_str = b''.join(raw_content) - log_message = raw_content_str.replace(b'\r\n', b'\n').rstrip() + log_message = stem.util.str_tools._to_unicode(raw_content_str.replace(b'\r\n', b'\n').rstrip()) if TRUNCATE_LOGS: - log_message_lines = log_message.split(b'\n') + log_message_lines = log_message.split('\n') if len(log_message_lines) > TRUNCATE_LOGS: - log_message = b'\n'.join(log_message_lines[:TRUNCATE_LOGS] + [b'... %i more lines...' % (len(log_message_lines) - TRUNCATE_LOGS)]) + log_message = '\n'.join(log_message_lines[:TRUNCATE_LOGS] + ['... %i more lines...' % (len(log_message_lines) - TRUNCATE_LOGS)]) - log.trace('Received from tor:\n' + stem.util.str_tools._to_unicode(log_message)) + log.trace('Received from tor:\n' + log_message) return stem.response.ControlMessage(parsed_content, raw_content_str) elif divider == '+':

1 0

[tor-browser-bundle/maint-5.5] Release preparations
by gk＠torproject.org 02 Feb '16

02 Feb '16

commit 71f272dcdb00007e9314cfef907ad092ad372b8d Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 2 12:47:29 2016 +0000 Release preparations --- Bundle-Data/Docs/ChangeLog.txt | 8 ++++++++ gitian/versions | 2 +- tools/update-responses/config.yml | 9 +++++---- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index dcd0398..286b370 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,11 @@ +Tor Browser 5.5.1 -- February 4 2016 + * All Platforms + * Bug 18168: Don't clear an iframe's window.name (fix of #16620) + * Bug 18172: Add Emoji support + * Bug 18137: Add two new obfs4 default bridges + * Windows + * Bug 18169: Whitelist zh-CN UI font + Tor Browser 5.5 -- January 26 2016 * All Platforms * Update Firefox to 38.6.0esr diff --git a/gitian/versions b/gitian/versions index 47b981b..a3e9f2f 100755 --- a/gitian/versions +++ b/gitian/versions @@ -11,7 +11,7 @@ FIREFOX_VERSION=38.6.0esr TORBROWSER_UPDATE_CHANNEL=release -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build1 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build2 TOR_TAG=tor-0.2.7.6 TORLAUNCHER_TAG=0.2.7.8 TORBUTTON_TAG=1.9.4.3 diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml index 362c146..470ee06 100644 --- a/tools/update-responses/config.yml +++ b/tools/update-responses/config.yml @@ -10,14 +10,15 @@ build_targets: osx64: Darwin_x86_64-gcc3 channels: alpha: 5.5a6 - release: 5.5 + release: 5.5.1 versions: - 5.5: + 5.5.1: platformVersion: 38.6.0 - detailsURL: https://blog.torproject.org/blog/tor-browser-55-released - download_url: https://www.torproject.org/dist/torbrowser/5.5 + detailsURL: https://blog.torproject.org/blog/tor-browser-551-released + download_url: https://www.torproject.org/dist/torbrowser/5.5.1 incremental_from: - 5.0.7 + - 5.5 migrate_archs: osx32: osx64 osx32:

1 0

[tor-browser/tor-browser-38.6.0esr-5.5-1] fixup! Bug 16620: Clear window.name when no referrer sent
by gk＠torproject.org 02 Feb '16

02 Feb '16

commit 89226c03e3aed9c1ff3c740e0dcdcb0ac7e8e5ff Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Jan 29 16:47:26 2016 -0500 fixup! Bug 16620: Clear window.name when no referrer sent Only clear window.name for the top document, not for frames. This fixes Bug 18168: iframe-based AJAX call opening in new tab and more closely matches the behavior of Torbutton's old JavaScript-based implementation. --- docshell/base/nsDocShell.cpp | 18 +++-- docshell/test/mochitest.ini | 1 + docshell/test/test_tor_bug16620.html | 131 ++++++++++++++++++++++++++++------- docshell/test/tor_bug16620_form.html | 51 ++++++++++++++ 4 files changed, 173 insertions(+), 28 deletions(-) diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 0c404fa..3f059673 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -8993,8 +8993,9 @@ nsDocShell::CreateContentViewer(const char* aContentType, } FirePageHideNotification(!mSavingOldViewer); - // Tor bug # 16620: Clear window.name if there is no referrer. We make an - // exception for new windows, e.g., window.open(url, "MyName"). + // Tor bug 16620: Clear window.name of top-level documents if + // there is no referrer. We make an exception for new windows, + // e.g., window.open(url, "MyName"). bool isNewWindowTarget = false; nsCOMPtr<nsIPropertyBag2> props(do_QueryInterface(aRequest, &rv)); if (props) { @@ -9008,6 +9009,13 @@ nsDocShell::CreateContentViewer(const char* aContentType, if (httpChannel) httpChannel->GetReferrer(getter_AddRefs(httpReferrer)); + bool isTopFrame = true; + nsCOMPtr<nsIDocShellTreeItem> targetParentTreeItem; + rv = GetSameTypeParent(getter_AddRefs(targetParentTreeItem)); + if (NS_SUCCEEDED(rv) && targetParentTreeItem) { + isTopFrame = false; + } + #ifdef DEBUG_WINDOW_NAME printf("DOCSHELL %p CreateContentViewer - possibly clearing window.name:\n", this); printf(" current window.name: \"%s\"\n", @@ -9020,6 +9028,7 @@ nsDocShell::CreateContentViewer(const char* aContentType, mLoadingURI->GetSpec(loadingSpec); printf(" current URI: %s\n", curSpec.get()); printf(" loading URI: %s\n", loadingSpec.get()); + printf(" is top document: %s\n", isTopFrame ? "Yes" : "No"); if (!httpReferrer) { printf(" referrer: None\n"); @@ -9030,12 +9039,13 @@ nsDocShell::CreateContentViewer(const char* aContentType, } #endif - if (!httpReferrer) + bool clearName = isTopFrame && !httpReferrer; + if (clearName) SetName(NS_LITERAL_STRING("")); #ifdef DEBUG_WINDOW_NAME printf(" action taken: %s window.name\n", - httpReferrer ? "Preserved" : "Cleared"); + clearName ? "Cleared" : "Preserved"); #endif } diff --git a/docshell/test/mochitest.ini b/docshell/test/mochitest.ini index a1325b9..274a77e 100644 --- a/docshell/test/mochitest.ini +++ b/docshell/test/mochitest.ini @@ -35,6 +35,7 @@ support-files = file_pushState_after_document_open.html historyframes.html tor_bug16620.html + tor_bug16620_form.html [test_anchor_scroll_after_document_open.html] [test_bfcache_plus_hash.html] diff --git a/docshell/test/test_tor_bug16620.html b/docshell/test/test_tor_bug16620.html index 0fe9603..d528e17 100644 --- a/docshell/test/test_tor_bug16620.html +++ b/docshell/test/test_tor_bug16620.html @@ -17,36 +17,80 @@ // ## Test constants const kTestPath = "/tests/docshell/test/"; -const kFile = "tor_bug16620.html"; +const kLinkFile = "tor_bug16620.html"; +const kFormFile = "tor_bug16620_form.html"; const kBaseURL1 = "http://example.com"; +const kBaseURL1_https = "https://example.com"; const kBaseURL2 = "http://example.net"; +const kSendReferrerPref = "network.http.sendRefererHeader"; +const kSendReferrerNever = 0; +const kSendReferrerForUserAction = 1; +const kSendReferrerAlways = 2; let gTests = [ - // Test #1: Same domain: + // Test #1: Same domain; never send referrer. { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerNever, + expectIsolation: true }, + + // Test #2: Same domain; send referrer upon user action. + { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerForUserAction, expectIsolation: false }, - // Test #2: Different top-level domains: + // Test #3: Same domain; always send referrer. + { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, + + // Test #4: Different top-level domains; never send referrer. + { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerNever, + expectIsolation: true }, + + // Test #5: Different top-level domains; send referrer upon user action. { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerForUserAction, expectIsolation: false }, - // Test #3: Same domain, rel="noreferrer" on link: + // Test #6: Different top-level domains; always send referrer. + { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, + + // Test #7: https -> http transition. + { startURL: kBaseURL1_https, destURL: kBaseURL1, + referrerPref: kSendReferrerForUserAction, + expectIsolation: true }, + + // Test #8: Same domain, rel="noreferrer" on link. { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerOnLink: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #4: Same domain, "no-referrer" meta tag in document: + // Test #9: Same domain, "no-referrer" meta tag in document. { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerInMetaTag: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #5: Like test 4, but reset window.name during unload: + // Test #10: Like test #9, but reset window.name during unload. // (similar to http://www.thomasfrank.se/sessvarsTestPage1.html) { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerInMetaTag: true, resetInUnload: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #6: Data URL as destination (no referrer): + // Test #11: Data URL as destination (no referrer). { startURL: kBaseURL1, + referrerPref: kSendReferrerAlways, expectIsolation: true }, + + // Test #12: Ensure that window.name is preserved when a dynamically loaded + // iframe is used to perform a form post (regression test for Tor bug 18168). + { startURL: kBaseURL1, + isFormTest: true, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, ]; let gCurTest = 0; @@ -65,9 +109,19 @@ function startNextTest() { SimpleTest.finish(); } else { let curTest = gTests[gCurTest - 1]; - let url = curTest.startURL + kTestPath + kFile + "?firstDocLoaded"; + if ("referrerPref" in curTest) + SpecialPowers.setIntPref(kSendReferrerPref, curTest.referrerPref); + else + SpecialPowers.setIntPref(kSendReferrerPref, kSendReferrerForUserAction); gCurWinName = generateRandomName(); - gChildWin = window.open(url, gCurWinName); + let url = curTest.startURL + kTestPath; + if (curTest.isFormTest === true) { + url += kFormFile + "?" + gCurWinName; + gChildWin = window.open(url, undefined); + } else { + url += kLinkFile + "?firstDocLoaded"; + gChildWin = window.open(url, gCurWinName); + } } } @@ -78,16 +132,22 @@ window.addEventListener("message", function(aEvent) { // console.log("parent received message:" + JSON.stringify(aEvent.data)); + let proceedToNextTest = false; let curTest = gTests[gCurTest - 1]; let state = aEvent.data.state; let winName = aEvent.data.winName; if ("firstDocLoaded" == state) { - ok(winName === gCurWinName, "Test #" + gCurTest + + // Process response from step one of the link-based tests. + let step1Passed = (winName === gCurWinName); + if (!step1Passed) { + ok(step1Passed, "Test #" + gCurTest + " - first document's name matches window.open parameter"); + proceedToNextTest = true; + } // Send an "openURL" message to the loaded document. let url2 = (curTest.destURL) - ? curTest.destURL + kTestPath + kFile + "?secondDocLoaded" + ? curTest.destURL + kTestPath + kLinkFile + "?secondDocLoaded" : gDataURL; let noReferrerOnLink = (curTest.noReferrerOnLink === true); let noReferrerInMetaTag = (curTest.noReferrerInMetaTag === true); @@ -98,6 +158,7 @@ window.addEventListener("message", function(aEvent) { resetInUnload: resetInUnload }, aEvent.origin); } else if ("secondDocLoaded" == state) { + // Process response from step two of the link-based tests. if (curTest.expectIsolation) { ok(winName === "", "Test #" + gCurTest + " - second document: name was cleared"); @@ -105,25 +166,47 @@ window.addEventListener("message", function(aEvent) { ok(winName === gCurWinName, "Test #" + gCurTest + " - second document: name was preserved"); } + proceedToNextTest = true; + } else if ("formPostDone" == state) { + // Process response from the form post tests. + if (curTest.expectIsolation) { + ok(winName === "", + "Test #" + gCurTest + " - iframe form post: name was cleared"); + } else { + ok(winName === gCurWinName, + "Test #" + gCurTest + " - iframe form post: name was preserved"); + } + proceedToNextTest = true; + + } + if (proceedToNextTest) { gChildWin.close(); startNextTest(); } }, false); -SimpleTest.waitForExplicitFinish(); - -// Read file contents, construct a data URL (used by some tests), and -// then start the first test. -let url = kTestPath + kFile; -let xhr = new XMLHttpRequest(); -xhr.open("GET", url); -xhr.onload = function() { - gDataURL = "data:text/html;charset=utf-8," - + encodeURIComponent(this.responseText); - startNextTest(); -} -xhr.send(); + SimpleTest.waitForExplicitFinish(); + + if (SpecialPowers.getBoolPref("security.nocertdb")) { + // Mochitests don't simulate https correctly with "security.nocertdb" + // enabled. See https://bugs.torproject.org/18087 + ok(false, "Please disable the pref `security.nocertdb` before running this test."); + SimpleTest.finish(); + } else { + + // Read file contents, construct a data URL (used by some tests), and + // then start the first test. + let url = kTestPath + kLinkFile; + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = function() { + gDataURL = "data:text/html;charset=utf-8," + + encodeURIComponent(this.responseText); + startNextTest(); + } + xhr.send(); + } </script> </body> </html> diff --git a/docshell/test/tor_bug16620_form.html b/docshell/test/tor_bug16620_form.html new file mode 100644 index 0000000..3b6e6c7 --- /dev/null +++ b/docshell/test/tor_bug16620_form.html @@ -0,0 +1,51 @@ +<!DOCTYPE HTML> +<html> + +<head> + <meta charset="UTF-8"> + <title>Supporting Form-based Doc for Tor Bug 16620 Tests</title> +</head> +<body> + +<script type="application/javascript;version=1.7"> +document.addEventListener("DOMContentLoaded", function () { + addPostTarget(); +}, false); + + +function addPostTarget() +{ + let frameName = location.search.substr(1); + let form = document.getElementById("postform"); + let iframe = document.createElement("iframe"); + iframe.style.border = "1px solid red"; + iframe.src = "about:blank"; + form.target = iframe.name = iframe.id = frameName; + document.body.appendChild(iframe); + + let didSubmit = false; + iframe.onload = function() { + if (!didSubmit) { + didSubmit = true; + let submitButton = document.getElementById("submitButton"); + submitButton.click(); + } else { + // Form submission complete. Report iframe's name to test driver. + opener.postMessage({ state: "formPostDone", winName: iframe.name }, "*"); + } + }; +} + +</script> +<form name="postform" id="postform" + action="data:text/plain;charset=utf-8,Hello%20world" + method="POST" enctype="multipart/form-data"> + <input type="hidden" name="field1" value="value1"><br> + <input id="submitButton" type="submit" value="Post It"> +</body> +</html>

1 0

[tor-browser/tor-browser-38.6.0esr-6.0-1] fixup! Bug 16620: Clear window.name when no referrer sent
by gk＠torproject.org 02 Feb '16

02 Feb '16

commit bc8af4dcdafd3de656bbff245eb70a0025829b90 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Jan 29 16:47:26 2016 -0500 fixup! Bug 16620: Clear window.name when no referrer sent Only clear window.name for the top document, not for frames. This fixes Bug 18168: iframe-based AJAX call opening in new tab and more closely matches the behavior of Torbutton's old JavaScript-based implementation. --- docshell/base/nsDocShell.cpp | 18 +++-- docshell/test/mochitest.ini | 1 + docshell/test/test_tor_bug16620.html | 131 ++++++++++++++++++++++++++++------- docshell/test/tor_bug16620_form.html | 51 ++++++++++++++ 4 files changed, 173 insertions(+), 28 deletions(-) diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 0c404fa..3f059673 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -8993,8 +8993,9 @@ nsDocShell::CreateContentViewer(const char* aContentType, } FirePageHideNotification(!mSavingOldViewer); - // Tor bug # 16620: Clear window.name if there is no referrer. We make an - // exception for new windows, e.g., window.open(url, "MyName"). + // Tor bug 16620: Clear window.name of top-level documents if + // there is no referrer. We make an exception for new windows, + // e.g., window.open(url, "MyName"). bool isNewWindowTarget = false; nsCOMPtr<nsIPropertyBag2> props(do_QueryInterface(aRequest, &rv)); if (props) { @@ -9008,6 +9009,13 @@ nsDocShell::CreateContentViewer(const char* aContentType, if (httpChannel) httpChannel->GetReferrer(getter_AddRefs(httpReferrer)); + bool isTopFrame = true; + nsCOMPtr<nsIDocShellTreeItem> targetParentTreeItem; + rv = GetSameTypeParent(getter_AddRefs(targetParentTreeItem)); + if (NS_SUCCEEDED(rv) && targetParentTreeItem) { + isTopFrame = false; + } + #ifdef DEBUG_WINDOW_NAME printf("DOCSHELL %p CreateContentViewer - possibly clearing window.name:\n", this); printf(" current window.name: \"%s\"\n", @@ -9020,6 +9028,7 @@ nsDocShell::CreateContentViewer(const char* aContentType, mLoadingURI->GetSpec(loadingSpec); printf(" current URI: %s\n", curSpec.get()); printf(" loading URI: %s\n", loadingSpec.get()); + printf(" is top document: %s\n", isTopFrame ? "Yes" : "No"); if (!httpReferrer) { printf(" referrer: None\n"); @@ -9030,12 +9039,13 @@ nsDocShell::CreateContentViewer(const char* aContentType, } #endif - if (!httpReferrer) + bool clearName = isTopFrame && !httpReferrer; + if (clearName) SetName(NS_LITERAL_STRING("")); #ifdef DEBUG_WINDOW_NAME printf(" action taken: %s window.name\n", - httpReferrer ? "Preserved" : "Cleared"); + clearName ? "Cleared" : "Preserved"); #endif } diff --git a/docshell/test/mochitest.ini b/docshell/test/mochitest.ini index a1325b9..274a77e 100644 --- a/docshell/test/mochitest.ini +++ b/docshell/test/mochitest.ini @@ -35,6 +35,7 @@ support-files = file_pushState_after_document_open.html historyframes.html tor_bug16620.html + tor_bug16620_form.html [test_anchor_scroll_after_document_open.html] [test_bfcache_plus_hash.html] diff --git a/docshell/test/test_tor_bug16620.html b/docshell/test/test_tor_bug16620.html index 0fe9603..d528e17 100644 --- a/docshell/test/test_tor_bug16620.html +++ b/docshell/test/test_tor_bug16620.html @@ -17,36 +17,80 @@ // ## Test constants const kTestPath = "/tests/docshell/test/"; -const kFile = "tor_bug16620.html"; +const kLinkFile = "tor_bug16620.html"; +const kFormFile = "tor_bug16620_form.html"; const kBaseURL1 = "http://example.com"; +const kBaseURL1_https = "https://example.com"; const kBaseURL2 = "http://example.net"; +const kSendReferrerPref = "network.http.sendRefererHeader"; +const kSendReferrerNever = 0; +const kSendReferrerForUserAction = 1; +const kSendReferrerAlways = 2; let gTests = [ - // Test #1: Same domain: + // Test #1: Same domain; never send referrer. { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerNever, + expectIsolation: true }, + + // Test #2: Same domain; send referrer upon user action. + { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerForUserAction, expectIsolation: false }, - // Test #2: Different top-level domains: + // Test #3: Same domain; always send referrer. + { startURL: kBaseURL1, destURL: kBaseURL1, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, + + // Test #4: Different top-level domains; never send referrer. + { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerNever, + expectIsolation: true }, + + // Test #5: Different top-level domains; send referrer upon user action. { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerForUserAction, expectIsolation: false }, - // Test #3: Same domain, rel="noreferrer" on link: + // Test #6: Different top-level domains; always send referrer. + { startURL: kBaseURL1, destURL: kBaseURL2, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, + + // Test #7: https -> http transition. + { startURL: kBaseURL1_https, destURL: kBaseURL1, + referrerPref: kSendReferrerForUserAction, + expectIsolation: true }, + + // Test #8: Same domain, rel="noreferrer" on link. { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerOnLink: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #4: Same domain, "no-referrer" meta tag in document: + // Test #9: Same domain, "no-referrer" meta tag in document. { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerInMetaTag: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #5: Like test 4, but reset window.name during unload: + // Test #10: Like test #9, but reset window.name during unload. // (similar to http://www.thomasfrank.se/sessvarsTestPage1.html) { startURL: kBaseURL1, destURL: kBaseURL1, noReferrerInMetaTag: true, resetInUnload: true, + referrerPref: kSendReferrerAlways, expectIsolation: true }, - // Test #6: Data URL as destination (no referrer): + // Test #11: Data URL as destination (no referrer). { startURL: kBaseURL1, + referrerPref: kSendReferrerAlways, expectIsolation: true }, + + // Test #12: Ensure that window.name is preserved when a dynamically loaded + // iframe is used to perform a form post (regression test for Tor bug 18168). + { startURL: kBaseURL1, + isFormTest: true, + referrerPref: kSendReferrerAlways, + expectIsolation: false }, ]; let gCurTest = 0; @@ -65,9 +109,19 @@ function startNextTest() { SimpleTest.finish(); } else { let curTest = gTests[gCurTest - 1]; - let url = curTest.startURL + kTestPath + kFile + "?firstDocLoaded"; + if ("referrerPref" in curTest) + SpecialPowers.setIntPref(kSendReferrerPref, curTest.referrerPref); + else + SpecialPowers.setIntPref(kSendReferrerPref, kSendReferrerForUserAction); gCurWinName = generateRandomName(); - gChildWin = window.open(url, gCurWinName); + let url = curTest.startURL + kTestPath; + if (curTest.isFormTest === true) { + url += kFormFile + "?" + gCurWinName; + gChildWin = window.open(url, undefined); + } else { + url += kLinkFile + "?firstDocLoaded"; + gChildWin = window.open(url, gCurWinName); + } } } @@ -78,16 +132,22 @@ window.addEventListener("message", function(aEvent) { // console.log("parent received message:" + JSON.stringify(aEvent.data)); + let proceedToNextTest = false; let curTest = gTests[gCurTest - 1]; let state = aEvent.data.state; let winName = aEvent.data.winName; if ("firstDocLoaded" == state) { - ok(winName === gCurWinName, "Test #" + gCurTest + + // Process response from step one of the link-based tests. + let step1Passed = (winName === gCurWinName); + if (!step1Passed) { + ok(step1Passed, "Test #" + gCurTest + " - first document's name matches window.open parameter"); + proceedToNextTest = true; + } // Send an "openURL" message to the loaded document. let url2 = (curTest.destURL) - ? curTest.destURL + kTestPath + kFile + "?secondDocLoaded" + ? curTest.destURL + kTestPath + kLinkFile + "?secondDocLoaded" : gDataURL; let noReferrerOnLink = (curTest.noReferrerOnLink === true); let noReferrerInMetaTag = (curTest.noReferrerInMetaTag === true); @@ -98,6 +158,7 @@ window.addEventListener("message", function(aEvent) { resetInUnload: resetInUnload }, aEvent.origin); } else if ("secondDocLoaded" == state) { + // Process response from step two of the link-based tests. if (curTest.expectIsolation) { ok(winName === "", "Test #" + gCurTest + " - second document: name was cleared"); @@ -105,25 +166,47 @@ window.addEventListener("message", function(aEvent) { ok(winName === gCurWinName, "Test #" + gCurTest + " - second document: name was preserved"); } + proceedToNextTest = true; + } else if ("formPostDone" == state) { + // Process response from the form post tests. + if (curTest.expectIsolation) { + ok(winName === "", + "Test #" + gCurTest + " - iframe form post: name was cleared"); + } else { + ok(winName === gCurWinName, + "Test #" + gCurTest + " - iframe form post: name was preserved"); + } + proceedToNextTest = true; + + } + if (proceedToNextTest) { gChildWin.close(); startNextTest(); } }, false); -SimpleTest.waitForExplicitFinish(); - -// Read file contents, construct a data URL (used by some tests), and -// then start the first test. -let url = kTestPath + kFile; -let xhr = new XMLHttpRequest(); -xhr.open("GET", url); -xhr.onload = function() { - gDataURL = "data:text/html;charset=utf-8," - + encodeURIComponent(this.responseText); - startNextTest(); -} -xhr.send(); + SimpleTest.waitForExplicitFinish(); + + if (SpecialPowers.getBoolPref("security.nocertdb")) { + // Mochitests don't simulate https correctly with "security.nocertdb" + // enabled. See https://bugs.torproject.org/18087 + ok(false, "Please disable the pref `security.nocertdb` before running this test."); + SimpleTest.finish(); + } else { + + // Read file contents, construct a data URL (used by some tests), and + // then start the first test. + let url = kTestPath + kLinkFile; + let xhr = new XMLHttpRequest(); + xhr.open("GET", url); + xhr.onload = function() { + gDataURL = "data:text/html;charset=utf-8," + + encodeURIComponent(this.responseText); + startNextTest(); + } + xhr.send(); + } </script> </body> </html> diff --git a/docshell/test/tor_bug16620_form.html b/docshell/test/tor_bug16620_form.html new file mode 100644 index 0000000..3b6e6c7 --- /dev/null +++ b/docshell/test/tor_bug16620_form.html @@ -0,0 +1,51 @@ +<!DOCTYPE HTML> +<html> + +<head> + <meta charset="UTF-8"> + <title>Supporting Form-based Doc for Tor Bug 16620 Tests</title> +</head> +<body> + +<script type="application/javascript;version=1.7"> +document.addEventListener("DOMContentLoaded", function () { + addPostTarget(); +}, false); + + +function addPostTarget() +{ + let frameName = location.search.substr(1); + let form = document.getElementById("postform"); + let iframe = document.createElement("iframe"); + iframe.style.border = "1px solid red"; + iframe.src = "about:blank"; + form.target = iframe.name = iframe.id = frameName; + document.body.appendChild(iframe); + + let didSubmit = false; + iframe.onload = function() { + if (!didSubmit) { + didSubmit = true; + let submitButton = document.getElementById("submitButton"); + submitButton.click(); + } else { + // Form submission complete. Report iframe's name to test driver. + opener.postMessage({ state: "formPostDone", winName: iframe.name }, "*"); + } + }; +} + +</script> +<form name="postform" id="postform" + action="data:text/plain;charset=utf-8,Hello%20world" + method="POST" enctype="multipart/form-data"> + <input type="hidden" name="field1" value="value1"><br> + <input id="submitButton" type="submit" value="Post It"> +</body> +</html>

1 0

[tor-browser-bundle/hardened-builds] Bug 18172: Bundle Noto Emoji Font in Linux TBB
by gk＠torproject.org 02 Feb '16

02 Feb '16

commit ee6fd02653fc0e396bee5daa034bd00be890ccb5 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Jan 28 15:16:21 2016 -0800 Bug 18172: Bundle Noto Emoji Font in Linux TBB (Also removing unneeded NOTOCJKFONT_VER statements.) --- gitian/descriptors/linux/gitian-bundle.yml | 2 ++ gitian/fetch-inputs.sh | 4 ++-- gitian/verify-tags.sh | 2 +- gitian/versions | 4 +++- gitian/versions.alpha | 4 +++- gitian/versions.beta | 4 +++- gitian/versions.nightly | 4 +++- 7 files changed, 17 insertions(+), 7 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 48c68eb..7629b4f 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -49,6 +49,7 @@ files: - "tbb-docs.zip" - "NotoSansCJKsc-Regular.otf" - "STIXv1.1.1-latex.zip" +- "NotoEmoji-Regular.ttf" script: | INSTDIR="$HOME/install" source versions @@ -146,6 +147,7 @@ script: | cp NotoSansCJKsc-Regular.otf ${TB_STAGE_DIR}/Browser/fonts/ unzip -o STIXv1.1.1-latex.zip -d STIX cp "STIX/Fonts/fonts/opentype/public/stix/STIXMath-Regular.otf" ${TB_STAGE_DIR}/Browser/fonts/ + cp NotoEmoji-Regular.ttf ${TB_STAGE_DIR}/Browser/fonts/ # unzip relativelink-src.zip cp RelativeLink/* ${TB_STAGE_DIR}/Browser/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 206023b..c6a401d 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -155,7 +155,7 @@ do get "${!PACKAGE}" "${MIRROR_URL_ASN}${!PACKAGE}" done -for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT STIXMATHFONT +for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do URL="${i}_URL" PACKAGE="${i}_PACKAGE" @@ -167,7 +167,7 @@ wget -U "" -N ${NOSCRIPT_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 82a810a..77d71b0 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -141,7 +141,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 8e35391..cbb9a41 100755 --- a/gitian/versions +++ b/gitian/versions @@ -58,7 +58,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -86,6 +85,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 @@ -109,6 +109,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -135,3 +136,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.alpha b/gitian/versions.alpha index f1ef483..3f2df43 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -59,7 +59,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -86,6 +85,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 @@ -108,6 +108,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=5f835b04b5f7dd4f4d2dc96190ec1621b8d89f2dc6f638f9f8bc1b1014ba8cad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -133,3 +134,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.beta b/gitian/versions.beta index 43c5fde..243eb40 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -51,7 +51,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -79,6 +78,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -101,6 +101,7 @@ PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -127,3 +128,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 44e4ddb..66ad9d1 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -62,7 +62,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -89,6 +88,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 @@ -111,6 +111,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=5f835b04b5f7dd4f4d2dc96190ec1621b8d89f2dc6f638f9f8bc1b1014ba8cad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -136,3 +137,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE}

1 0

[tor-browser-bundle/maint-5.5] Bug #18172: Bundle Noto Emoji Font in Linux TBB
by gk＠torproject.org 02 Feb '16

02 Feb '16

commit 7aa3abf90371fb82518edf5d54e862e91744c97b Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Jan 28 15:16:21 2016 -0800 Bug #18172: Bundle Noto Emoji Font in Linux TBB (Also removing unneeded NOTOCJKFONT_VER statements.) --- gitian/descriptors/linux/gitian-bundle.yml | 2 ++ gitian/fetch-inputs.sh | 4 ++-- gitian/verify-tags.sh | 2 +- gitian/versions | 4 +++- gitian/versions.alpha | 4 +++- gitian/versions.beta | 4 +++- gitian/versions.nightly | 4 +++- 7 files changed, 17 insertions(+), 7 deletions(-) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 15f6359..fd1ae91 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -56,6 +56,7 @@ files: - "tbb-docs.zip" - "NotoSansCJKsc-Regular.otf" - "STIXv1.1.1-latex.zip" +- "NotoEmoji-Regular.ttf" script: | INSTDIR="$HOME/install" source versions @@ -153,6 +154,7 @@ script: | cp NotoSansCJKsc-Regular.otf ${TB_STAGE_DIR}/Browser/fonts/ unzip -o STIXv1.1.1-latex.zip -d STIX cp "STIX/Fonts/fonts/opentype/public/stix/STIXMath-Regular.otf" ${TB_STAGE_DIR}/Browser/fonts/ + cp NotoEmoji-Regular.ttf ${TB_STAGE_DIR}/Browser/fonts/ # unzip relativelink-src.zip cp RelativeLink/* ${TB_STAGE_DIR}/Browser/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 206023b..c6a401d 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -155,7 +155,7 @@ do get "${!PACKAGE}" "${MIRROR_URL_ASN}${!PACKAGE}" done -for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT STIXMATHFONT +for i in ZOPEINTERFACE TWISTED PY2EXE SETUPTOOLS PARSLEY GO NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do URL="${i}_URL" PACKAGE="${i}_PACKAGE" @@ -167,7 +167,7 @@ wget -U "" -N ${NOSCRIPT_URL} # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 82a810a..77d71b0 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -141,7 +141,7 @@ done # Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK + OSXSDK_OLD are not signed at all) -for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT +for i in OSXSDK OSXSDK_OLD TOOLCHAIN4 TOOLCHAIN4_OLD NOSCRIPT MSVCR100 PYCRYPTO ARGPARSE PYYAML ZOPEINTERFACE TWISTED SETUPTOOLS OPENSSL GMP PARSLEY GO GCC NOTOCJKFONT STIXMATHFONT NOTOEMOJIFONT do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" diff --git a/gitian/versions b/gitian/versions index 7ff094e..47b981b 100755 --- a/gitian/versions +++ b/gitian/versions @@ -55,7 +55,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -82,6 +81,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 @@ -104,6 +104,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -129,3 +130,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 95ca078..e34097c 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -55,7 +55,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -82,6 +81,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 @@ -104,6 +104,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -129,3 +130,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.beta b/gitian/versions.beta index 43c5fde..243eb40 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -51,7 +51,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -79,6 +78,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 @@ -101,6 +101,7 @@ PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -127,3 +128,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index b1c7387..2876e36 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -62,7 +62,6 @@ SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 GO_VER=1.4.2 -NOTOCJKFONT_VER=1.004 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -89,6 +88,7 @@ PARSLEY_PACKAGE=Parsley-${PARSLEY_VER}.tar.gz GO_PACKAGE=go${GO_VER}.src.tar.gz NOTOCJKFONT_PACKAGE=NotoSansCJKsc-Regular.otf STIXMATHFONT_PACKAGE=STIXv1.1.1-latex.zip +NOTOEMOJIFONT_PACKAGE=NotoEmoji-Regular.ttf # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=b3658b84e9ea606a5ded3c972a5517cd785282e7ea86b20c78aa4b773a047fb7 @@ -111,6 +111,7 @@ GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad NOTOCJKFONT_HASH=1652500938055a232cfbfa321de6ebaadfc5635dd9f75e369bc991d14a6512dd STIXMATHFONT_HASH=e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 +NOTOEMOJIFONT_HASH=415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 ## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} @@ -136,3 +137,4 @@ PARSLEY_URL=https://pypi.python.org/packages/source/P/Parsley/${PARSLEY_PAC… GO_URL=https://golang.org/dl/${GO_PACKAGE} NOTOCJKFONT_URL=https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a… STIXMATHFONT_URL=http://iweb.dl.sourceforge.net/project/stixfonts/Current%2… +NOTOEMOJIFONT_URL=https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/${NOTOEMOJIFONT_PACKAGE}

1 0