commit 10dd07067e4eea90b8f58acce7b00f518ff10844 Author: Mike Perry mikeperry-git@torproject.org Date: Thu Nov 14 01:49:15 2013 -0800
Remove PDF.JS 0.8.1 from all TBBs.
It is probably vulnerable to https://www.mozilla.org/security/announce/2013/mfsa2013-99.html.
Note that Firefox 24 includes a built-in version that will be getting security updates. --- gitian/descriptors/linux/gitian-bundle.yml | 1 - gitian/descriptors/mac/gitian-bundle.yml | 1 - gitian/descriptors/windows/gitian-bundle.yml | 1 - gitian/fetch-inputs.sh | 4 +--- gitian/record-inputs.sh | 3 --- gitian/versions | 2 -- gitian/versions.alpha | 2 -- 7 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 68e01ec..7dc1104 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -31,7 +31,6 @@ files: - "linux-skeleton.zip" - "linux-langpacks.zip" - "noscript@noscript.net.xpi" -- "uriloader@pdf.js.xpi" - "dzip.sh" - "dtar.sh" - "bare-version" diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index cdf387b..ade303b 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -27,7 +27,6 @@ files: - "mac-skeleton.zip" - "mac-langpacks.zip" - "noscript@noscript.net.xpi" -- "uriloader@pdf.js.xpi" - "dzip.sh" - "bare-version" - "bundle.inputs" diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index bb28155..44e1662 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -29,7 +29,6 @@ files: - "windows-skeleton.zip" - "win32-langpacks.zip" - "noscript@noscript.net.xpi" -- "uriloader@pdf.js.xpi" - "dzip.sh" - "bare-version" - "bundle.inputs" diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 535a797..19b3509 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -169,7 +169,6 @@ cd ..
# NoScript and PDF.JS are magikal and special: wget -N ${NOSCRIPT_URL} -wget -N https://addons.mozilla.org/firefox/downloads/file/201180/$%7BPDFJS_PACKAGE%7...
# So is mingw: if [ ! -f mingw-w64-svn-snapshot.zip ]; @@ -181,7 +180,7 @@ fi
# Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 NOSCRIPT PDFJS MINGW MSVCR100 # OPENSSL +for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 # OPENSSL do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -217,7 +216,6 @@ done cd ..
ln -sf "$NOSCRIPT_PACKAGE" noscript@noscript.net.xpi -ln -sf "$PDFJS_PACKAGE" uriloader@pdf.js.xpi ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2 ln -sf "$GCC_PACKAGE" gcc.tar.bz2 ln -sf "$PYTHON_PACKAGE" python.tar.bz2 diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index 95a8fcf..9bc1f7c 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -30,10 +30,7 @@ sha256sum $OSXSDK_PACKAGE >> bundle.inputs sha256sum $TOOLCHAIN4_PACKAGE >> bundle.inputs sha256sum mingw-w64-svn-snapshot.zip >> bundle.inputs echo >> bundle.inputs -#sha256sum relativelink-src.zip >> bundle.inputs -#sha256sum *-langpacks.zip >> bundle.inputs sha256sum noscript@noscript.net.xpi >> bundle.inputs -sha256sum uriloader@pdf.js.xpi >> bundle.inputs echo >> bundle.inputs
if [ "z$VERIFY_TAGS" = "z1" ]; diff --git a/gitian/versions b/gitian/versions index 4128288..0fea02e 100755 --- a/gitian/versions +++ b/gitian/versions @@ -25,7 +25,6 @@ PYTHON_VER=2.7.5 ## File names for the source packages # OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi -PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb MINGW_PACKAGE=mingw-w64-svn-snapshot.zip @@ -39,7 +38,6 @@ PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f -PDFJS_HASH=2e3e6811f5294b24aafeba44e8206ddc81fb15e5934e5166a2c7df3a4405020b MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
diff --git a/gitian/versions.alpha b/gitian/versions.alpha index d70d289..b605365 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -25,7 +25,6 @@ PYTHON_VER=2.7.5 ## File names for the source packages # OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi -PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb MINGW_PACKAGE=mingw-w64-svn-snapshot.zip @@ -39,7 +38,6 @@ PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f -PDFJS_HASH=2e3e6811f5294b24aafeba44e8206ddc81fb15e5934e5166a2c7df3a4405020b MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067