This is an automated email from the git hooks/post-receive script.
sysrqb pushed a change to branch maint-11.5a10 in repository builders/tor-browser-build.
from 61f83c0 update rmb.conf w/ build2 new 1ed4561 Remove smallerrichard builtin bridge new f596e2b Bug 40490: Add Pier as a valid signer new ee29394 Bug 40485: Resolve Android reproducibility issues new d556e83 fixup! Bug 40202: Sign Fenix QA apks with the latest version of apksign new 431f3c7 Prep 11.5a10-build3
The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
Summary of changes: keyring/torbutton.gpg | Bin 233555 -> 234748 bytes projects/application-services/bug40485.patch | 54 +++++++++++++++++++++ projects/application-services/build | 1 + projects/application-services/config | 2 + projects/common/bridges_list.obfs4.txt | 1 - projects/fenix/build | 3 ++ projects/geckoview/config | 2 +- projects/go/config | 8 ++- projects/openssl/config | 4 +- .../tor-browser/Bundle-Data/Docs/ChangeLog.txt | 4 +- projects/tor-browser/build.android | 5 +- projects/tor-browser/config | 1 - rbm.conf | 2 +- 13 files changed, 78 insertions(+), 9 deletions(-) create mode 100644 projects/application-services/bug40485.patch
This is an automated email from the git hooks/post-receive script.
sysrqb pushed a commit to branch maint-11.5a10 in repository builders/tor-browser-build.
commit 1ed4561ca595b4d45d9c50fdc76783dcd010b9ae Author: meskio meskio@torproject.org AuthorDate: Wed Apr 27 19:03:01 2022 +0200
Remove smallerrichard builtin bridge
The operator of this bridge is missing and the bridge is not reachable.
Related: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/44 --- projects/common/bridges_list.obfs4.txt | 1 - 1 file changed, 1 deletion(-)
diff --git a/projects/common/bridges_list.obfs4.txt b/projects/common/bridges_list.obfs4.txt index 7ddf3c1..123e99d 100644 --- a/projects/common/bridges_list.obfs4.txt +++ b/projects/common/bridges_list.obfs4.txt @@ -4,7 +4,6 @@ obfs4 38.229.33.83:80 0BAC39417268B96B9F514E7F63FA6FBA1A788955 cert=VwEFpk9F/UN9 obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0 obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0 obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0 -obfs4 144.217.20.138:80 FB70B257C162BF1038CA669D568D76F5B7F0BABB cert=vYIV5MgrghGQvZPIi1tJwnzorMgqgmlKaB77Y3Z9Q/v94wZBOAXkW+fdx4aSxLVnKO+xNw iat-mode=0 obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0 obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0 obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0
This is an automated email from the git hooks/post-receive script.
sysrqb pushed a commit to branch maint-11.5a10 in repository builders/tor-browser-build.
commit f596e2be64aed3a3f26b8532ceae9ad3b4ef2e0f Author: Matthew Finkel sysrqb@torproject.org AuthorDate: Fri May 6 17:12:40 2022 +0000
Bug 40490: Add Pier as a valid signer --- keyring/torbutton.gpg | Bin 233555 -> 234748 bytes 1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/keyring/torbutton.gpg b/keyring/torbutton.gpg index 939143b..9fed395 100644 Binary files a/keyring/torbutton.gpg and b/keyring/torbutton.gpg differ
This is an automated email from the git hooks/post-receive script.
sysrqb pushed a commit to branch maint-11.5a10 in repository builders/tor-browser-build.
commit ee29394062477446047e5f46288d706d2bcf0d8d Author: Matthew Finkel sysrqb@torproject.org AuthorDate: Fri May 6 16:35:08 2022 +0000
Bug 40485: Resolve Android reproducibility issues --- projects/application-services/bug40485.patch | 54 ++++++++++++++++++++++++++++ projects/application-services/build | 1 + projects/application-services/config | 2 ++ projects/fenix/build | 3 ++ 4 files changed, 60 insertions(+)
diff --git a/projects/application-services/bug40485.patch b/projects/application-services/bug40485.patch new file mode 100644 index 0000000..fb97a22 --- /dev/null +++ b/projects/application-services/bug40485.patch @@ -0,0 +1,54 @@ +diff --git a/components/support/nimbus-fml/src/parser.rs b/components/support/nimbus-fml/src/parser.rs +index 1de9a301..19d29373 100644 +--- a/components/support/nimbus-fml/src/parser.rs ++++ b/components/support/nimbus-fml/src/parser.rs +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-use std::{collections::HashMap, path::Path}; ++use std::{collections::BTreeMap, collections::HashMap, path::Path}; + + use serde::{Deserialize, Serialize}; + use serde_json::json; +@@ -22,7 +22,7 @@ pub(crate) struct EnumVariantBody { + #[derive(Debug, Deserialize, Serialize, Clone)] + pub(crate) struct EnumBody { + description: String, +- variants: HashMap<String, EnumVariantBody>, ++ variants: BTreeMap<String, EnumVariantBody>, + } + + #[derive(Debug, Deserialize, Serialize, Clone)] +@@ -39,26 +39,26 @@ pub(crate) struct FieldBody { + pub(crate) struct ObjectBody { + description: String, + failable: Option<bool>, +- fields: HashMap<String, FieldBody>, ++ fields: BTreeMap<String, FieldBody>, + } + + #[derive(Debug, Deserialize, Serialize, Clone, Default)] + pub(crate) struct Types { +- enums: HashMap<String, EnumBody>, +- objects: HashMap<String, ObjectBody>, ++ enums: BTreeMap<String, EnumBody>, ++ objects: BTreeMap<String, ObjectBody>, + } + + #[derive(Debug, Deserialize, Serialize, Clone)] + pub(crate) struct FeatureBody { + description: String, +- variables: HashMap<String, FieldBody>, ++ variables: BTreeMap<String, FieldBody>, + #[serde(alias = "defaults")] + default: Option<serde_json::Value>, + } + #[derive(Debug, Deserialize, Serialize, Clone, Default)] + pub(crate) struct ManifestFrontEnd { + types: Types, +- features: HashMap<String, FeatureBody>, ++ features: BTreeMap<String, FeatureBody>, + channels: Vec<String>, + } + diff --git a/projects/application-services/build b/projects/application-services/build index f526973..121dc12 100755 --- a/projects/application-services/build +++ b/projects/application-services/build @@ -76,6 +76,7 @@ do done
patch -p1 < $rootdir/no-git.patch +patch -p1 < $rootdir/bug40485.patch export RUST_ANDROID_GRADLE_PYTHON_COMMAND=python3 [% IF c('var/fetch_gradle_dependencies') %] # XXX: `assemble` is still not enough to see all fetched dependencies via diff --git a/projects/application-services/config b/projects/application-services/config index 29a6084..d65014f 100644 --- a/projects/application-services/config +++ b/projects/application-services/config @@ -97,6 +97,8 @@ input_files: enable: '[% !c("var/fetch_gradle_dependencies") %]' - filename: gen_gradle_deps_file.sh enable: '[% c("var/fetch_gradle_dependencies") %]' + # Delete when this patch is included upstream + - filename: bug40485.patch
steps: list_toolchain_updates: diff --git a/projects/fenix/build b/projects/fenix/build index 1c1890f..3306e3d 100755 --- a/projects/fenix/build +++ b/projects/fenix/build @@ -77,6 +77,9 @@ v=[% c("variant") %] exit 1 fi
+ # Bug 40485: Inject deterministic build date into Glean. + echo "ext.gleanBuildDate = "0"" >> app/build.gradle + # We put the tor-browser version last to avoid int-parsing errors when consumers of project.versionName # assume it starts with a major version number, as it does for all Mozilla version names. version_name='[% c("var/fenix_version") %]-[% c("variant") %] ([% c("var/torbrowser_version") %])'
This is an automated email from the git hooks/post-receive script.
sysrqb pushed a commit to branch maint-11.5a10 in repository builders/tor-browser-build.
commit d556e83d1189afe229057c0f310df9d59ec4b432 Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Fri Apr 29 12:10:34 2022 +0200
fixup! Bug 40202: Sign Fenix QA apks with the latest version of apksign --- projects/tor-browser/build.android | 5 ++++- projects/tor-browser/config | 1 - 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android index 3fcf8fd..2e1b11f 100644 --- a/projects/tor-browser/build.android +++ b/projects/tor-browser/build.android @@ -32,8 +32,11 @@ mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json zip_args => '$apk', }) %]
+aligned_apk=$(basename $apk .apk)_aligned.apk +zipalign -vp 4 $apk $aligned_apk + # Sign a QA build. This .apk is not a debug version and doesn't contain a debug # flag in the manifest. -apksigner sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android +apksigner sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $aligned_apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
apksigner sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $test_out_apk --in $test_in_apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android diff --git a/projects/tor-browser/config b/projects/tor-browser/config index b30d5e3..d1a889f 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -45,7 +45,6 @@ targets: android: build: '[% INCLUDE build.android %]' var: - android_toolchain_version: 31.0.0 verify_allowed_addons: 1
input_files:
This is an automated email from the git hooks/post-receive script.
sysrqb pushed a commit to branch maint-11.5a10 in repository builders/tor-browser-build.
commit 431f3c75ce1117087f7804e1df79b90117dca915 Author: Matthew Finkel sysrqb@torproject.org AuthorDate: Thu May 12 16:46:55 2022 +0000
Prep 11.5a10-build3 --- projects/geckoview/config | 2 +- projects/go/config | 8 +++++++- projects/openssl/config | 4 ++-- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 4 +++- rbm.conf | 2 +- 5 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/projects/geckoview/config b/projects/geckoview/config index 78de552..99b7c88 100644 --- a/projects/geckoview/config +++ b/projects/geckoview/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' filename: 'geckoview-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -git_hash: 'geckoview-[% c("var/geckoview_version") %]-[% c("var/torbrowser_branch") %]-2-build2' +git_hash: 'geckoview-[% c("var/geckoview_version") %]-[% c("var/torbrowser_branch") %]-2-build3' tag_gpg_id: 1 git_url: https://git.torproject.org/tor-browser.git git_submodule: 1 diff --git a/projects/go/config b/projects/go/config index 2e2e8e2..54f41ab 100644 --- a/projects/go/config +++ b/projects/go/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.18.1 +version: 1.17.9 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
var: @@ -96,6 +96,7 @@ targets: var: GOARCH: 386 android: + version: 1.18.1 var: GOOS: android android-x86: @@ -117,6 +118,11 @@ input_files: project: '[% c("var/compiler") %]' enable: '[% ! c("var/linux") %]' - URL: 'https://golang.org/dl/go%5B% c("version") %].src.tar.gz' + enable: '[% ! c("var/android") %]' + name: go + sha256sum: 763ad4bafb80a9204458c5fa2b8e7327fa971aee454252c0e362c11236156813 + - URL: 'https://golang.org/dl/go%5B% c("version") %].src.tar.gz' + enable: '[% c("var/android") %]' name: go sha256sum: efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088 - URL: 'https://golang.org/dl/go%5B% c("var/go14_version") %].src.tar.gz' diff --git a/projects/openssl/config b/projects/openssl/config index 57f67ef..920415f 100644 --- a/projects/openssl/config +++ b/projects/openssl/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.1.1n +version: 1.1.1o filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
var: @@ -31,4 +31,4 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-%5B% c("version") %].tar.gz' - sha256sum: 40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a + sha256sum: 9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 475d2e8..43eebbd 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -3,15 +3,17 @@ Tor Browser 11.5a10 - April 26 2022 * Update Fenix to 99.03b * Update NoScript to 11.4.5 * Update Tor to 0.4.7.7 - * Update OpenSSL to 1.1.1n + * Update OpenSSL to 1.1.1o * Bug 40212: Tor Browser crashing on launch [fenix] * Bug 40433: Bump LLVM to 13.0.1 for android builds [tor-browser-build] * Bug 40469: Update zlib to 1.2.12 (CVE-2018-25032) [tor-browser-build] * Bug 40470: Fix zlib build issue for android [tor-browser-build] + * Bug 40682: Set network.proxy.allow_bypass to false [tor-browser] * Bug 40830: cherry-picked Bugzilla 1760674 on GV 99 TBA 11.5 [tor-browser] * Build System * Android * Update Go to 1.18.1 + * Bug 40485: Resolve Android reproducibility issues [tor-browser-build]
Tor Browser 11.5a9 - April 12 2022 * Windows + OS X + Linux diff --git a/rbm.conf b/rbm.conf index cdb8283..78f64ae 100644 --- a/rbm.conf +++ b/rbm.conf @@ -67,7 +67,7 @@ buildconf:
var: torbrowser_version: '11.5a10' - torbrowser_build: 'build2' + torbrowser_build: 'build3' torbrowser_incremental_from: - 11.5a8 project_name: tor-browser
tor-commits@lists.torproject.org
-
gitolite role