Commit 80b90665 authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/feature/9031-tor-browser-4.5' into devel

Fix-committed: #9031, #8696, #8092, #7647

Conflicts:
	config/chroot_local-hooks/10-tbb
parents e88f3b27 f61a5eaa
......@@ -42,7 +42,7 @@ download_and_verify_files() {
}
install_tor_browser() {
local bundle destination tmp prep torbutton_xpi_path torlauncher_xpi_path torlauncher_version
local bundle destination tmp prep torlauncher_xpi_path torlauncher_version
bundle="${1}"
destination="${2}"
......@@ -92,18 +92,6 @@ EOF
chmod -R a+rX '/usr/share/tor-launcher-standalone'
rm "${torlauncher_xpi_path}"
# Remove TBB's torbutton since the "Tor test" will fail and about:tor
# will report an error. We'll install our own Torbutton later, which
# has the extensions.torbutton.test_enabled boolean pref as a workaround.
torbutton_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi"
TORBUTTON_BUNDLED_VERSION="$(7z e -so ${torbutton_xpi_path} install.rdf | \
sed -n 's,^ <em:version>\([0-9\.]\+\)</em:version>,\1,p')"
if [ -z "${TORBUTTON_BUNDLED_VERSION}" ]; then
echo "Couldn't extract Torbutton's bundled version" >&2
exit 1
fi
rm "${torbutton_xpi_path}"
# The Tor Browser will fail, complaining about an incomplete profile,
# unless there's a readable TorBrowser/Data/Browser/Caches
# in the directory where the firefox executable is located.
......@@ -176,8 +164,6 @@ install_debian_extensions() {
apt-get install --yes "${@}"
ln -s /usr/share/xul-ext/adblock-plus/ \
"${destination}"/'{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'
ln -s /usr/share/xul-ext/torbutton/ \
"${destination}"/torbutton@torproject.org
}
create_default_profile() {
......@@ -204,13 +190,12 @@ TBB_TARBALLS="$(grep "\<tor-browser-linux32-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
VERSION="$(echo "${MAIN_TARBALL}" | sed 's/tor-browser-linux32-\(.*\)_en-US.tar.xz/\1/')"
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")/${VERSION}"
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
# The Debian Iceweasel extensions we want to install and make
# available in the Tor Browser.
DEBIAN_EXT_PKGS="xul-ext-adblock-plus xul-ext-torbutton"
DEBIAN_EXT_PKGS="xul-ext-adblock-plus"
TMP="$(mktemp -d)"
download_and_verify_files "${TBB_TARBALLS_BASE_URL}" "${TBB_TARBALLS}" "${TMP}"
......@@ -234,15 +219,6 @@ FAKE_ICEWEASEL_VERSION=${FIREFOX_VERSION}+fake1
install_fake_iceweasel_pkg "${FAKE_ICEWEASEL_VERSION}"
install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
# Make sure that we have installed a Torbutton based on the same
# version as the one bundled with the Tor Browser
TORBUTTON_VERSION="$(dpkg -s xul-ext-torbutton | \
sed -n 's/^Version: \(.*\)-[0-9]\+$/\1/p')"
if [ "${TORBUTTON_VERSION}" != "${TORBUTTON_BUNDLED_VERSION}" ]; then
echo "We have installed a Torbutton based on version '${TORBUTTON_VERSION}' but the version bundled with the Tor Browser is version '${TORBUTTON_BUNDLED_VERSION}'" >&2
exit 1
fi
mkdir -p "${TBB_PROFILE}"
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
......
......@@ -10,7 +10,4 @@ echo "Removing unwanted browser search plugins"
. /usr/local/lib/tails-shell-library/tor-browser.sh
PLUGIN_DIR="${TBB_INSTALL}"/browser/searchplugins
rm "${PLUGIN_DIR}"/amazon*.xml
rm "${PLUGIN_DIR}"/bing*.xml
rm "${PLUGIN_DIR}"/eBay*.xml
rm "${PLUGIN_DIR}"/yahoo*.xml
......@@ -7,6 +7,10 @@ SOCKS5_SERVER=127.0.0.1:9050
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9052'
TOR_CONTROL_PASSWD='passwd'
# Hide Torbutton's "Tor Network Settings..." context menu entry since
# it doesn't work in Tails, and we deal with those configurations
# strictly through Tor Launcher.
TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
Defaults!/usr/bin/tor-launcher always_set_home,env_keep+="TOR_CONFIGURE_ONLY TOR_CONTROL_PORT TOR_CONTROL_COOKIE_AUTH_FILE TOR_FORCE_NET_CONFIG"
Defaults!/usr/bin/tor-launcher always_set_home,env_keep+="TOR_CONFIGURE_ONLY TOR_CONTROL_PORT TOR_CONTROL_COOKIE_AUTH_FILE TOR_FORCE_NET_CONFIG TOR_HIDE_BROWSER_LOGO"
......@@ -10,6 +10,18 @@ pref("extensions.torbutton.use_privoxy", false);
// Tails-specific configuration below
// Disable the Tor Browser's per-tab circuit view. It demands more
// from the Tor control port than our tor-controlport-filter currently
// handles (concurrent, asynchronous connections). Besides, not
// exposing the stream/circuit level info to the browser (or user
// running as the browser) is a nice hardening feature, and part of
// why we introduced the control port filter in the first place.
pref("extensions.torbutton.display_circuit", false);
// Since the slider notification will be shown everytime at each Tails
// boot, which is bad (nagging) UX, we disable it.
pref("extensions.torbutton.show_slider_notification", false);
// Disable the Tor Browser's automatic update checking
pref("app.update.enabled", false);
......
......@@ -7,9 +7,11 @@ unset TOR_FORCE_NET_CONFIG
TOR_CONFIGURE_ONLY=1
TOR_CONTROL_PORT=9051
TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
TOR_HIDE_BROWSER_LOGO=1
export TOR_CONFIGURE_ONLY
export TOR_CONTROL_PORT
export TOR_CONTROL_COOKIE_AUTH_FILE
export TOR_HIDE_BROWSER_LOGO
if echo "$@" | grep -qw -- --force-net-config; then
TOR_FORCE_NET_CONFIG=1
......
......@@ -17,6 +17,7 @@
import socket
import binascii
import re
# Limit the length of a line, to prevent DoS attacks trying to
# crash this filter proxy by sending infinitely long lines.
......@@ -90,18 +91,23 @@ def handle_connection(sock):
line = readh.readline(MAX_LINESIZE)
if not line: break
def line_matches_command(cmd):
# The control port language does not care about case
# for commands.
return re.match(r"^%s\b" % cmd, line, re.IGNORECASE)
# Check what it is
if line.startswith("AUTHENTICATE"):
if line_matches_command("AUTHENTICATE"):
# Don't check authentication, since only
# safe commands are allowed
writeh.write("250 OK\n")
elif line.startswith("SIGNAL NEWNYM"):
elif line_matches_command("SIGNAL NEWNYM"):
# Perform a real SIGNAL NEWNYM (new Tor circuit)
if do_newnym():
writeh.write("250 OK\n")
else:
writeh.write("510 Newnym signal failed\n")
elif line.startswith("QUIT"):
elif line_matches_command("QUIT"):
# Quit session
writeh.write("250 Closing connection\n")
break
......
http://torbrowser-archive.tails.boum.org/
http://dist.torproject.org/torbrowser/4.5/
406424d7f1ad3855d289588302727af1b768f953866b64250ef6a6f5cb606cdf tor-browser-linux32-4.0.6_ar.tar.xz
f6e9cac6a7fe0dd8f07f3ae6db4825dd01f3c7107cf5cc76e3225941278465ea tor-browser-linux32-4.0.6_de.tar.xz
89ce71312f5d73fc2af637a93d7697587b2132fce0e9f6e815b25ddba66518d0 tor-browser-linux32-4.0.6_en-US.tar.xz
aaad62547d6e853ebd7c1b9caf015b7bface28b0361a8cd2237a74b2b0585828 tor-browser-linux32-4.0.6_es-ES.tar.xz
957d2bacb6ec31f5412e5116e638ea8400c87d605a073f821c28920b9ef22ab6 tor-browser-linux32-4.0.6_fa.tar.xz
50c5f81766919b69ee7821bdcd5afb0c8e5502acbadcc5cf8a7584c219aa7591 tor-browser-linux32-4.0.6_fr.tar.xz
58a5e97a20758d403b117739592447b9f9c18f76260014cb1608be7336ae2a0c tor-browser-linux32-4.0.6_it.tar.xz
70c474140954f0d8c987eeb6d1aa3af3635f6f42d44bc6b6bb27ed8b3849ba7f tor-browser-linux32-4.0.6_ko.tar.xz
1f1f62672c38a72ee3680ba957bf0e5a283cf53e50ea7c359838e74142d965c6 tor-browser-linux32-4.0.6_nl.tar.xz
1405aa494de347c2969a25b65b63fa298d2e75d5614463bc40d1e750797903cd tor-browser-linux32-4.0.6_pl.tar.xz
3fea4dd1b4a8454cdd0e1da04db96911ede00eb281c1e0310968ec456e1043ec tor-browser-linux32-4.0.6_pt-PT.tar.xz
62895f4e44c1697efd6fde5ca5980ba65b567cf715fe2aa0d808857806d32067 tor-browser-linux32-4.0.6_ru.tar.xz
4a317403d798a776845d7cc8a5256106782e688920190507e0de39fe36cc6684 tor-browser-linux32-4.0.6_tr.tar.xz
d199acd8fe1f30b89dbe7e922887c14e420352f35954bed8095bbed1d637c687 tor-browser-linux32-4.0.6_vi.tar.xz
dc36fb7f93eca06a640f645fe8ba78bea97da17163434b00de3471f816f6c98e tor-browser-linux32-4.0.6_zh-CN.tar.xz
548671fe31db1823cc28799a95e39919db4c7270df7beb3fa759034d3c9a1037 tor-browser-linux32-4.5_ar.tar.xz
be7ad8365f28c48af025d8ce2fd42bebb74e19ea99d1fd2045924c9722f60542 tor-browser-linux32-4.5_de.tar.xz
895c30e8ebb95c68923bd6dd7850e03ca68834d4dd6a7aad0670a53fd4843b53 tor-browser-linux32-4.5_en-US.tar.xz
6c8c14efd545c22206bbd24533fb6825fefd5e09eed69e28d748e6270d1ae0b8 tor-browser-linux32-4.5_es-ES.tar.xz
6e4734f94cb956f3fa568453bf91dd285f41540a59b58025e32cd0f2542e6f99 tor-browser-linux32-4.5_fa.tar.xz
6dac0ea9bc3bd508b5d33b54be431f7c39d401a91b9fac23c054bb7b37366af3 tor-browser-linux32-4.5_fr.tar.xz
b975b6ba3abe16b3db895818fa0e5f3f6d2832e74fff2be3475d4c2d20e4c06c tor-browser-linux32-4.5_it.tar.xz
598866fd69603e755414df7212507db113557d491710289fd5bfb1b1f7ab286d tor-browser-linux32-4.5_ko.tar.xz
64f331666658332c2b9071b57776bb438281844a889366f9ae714222804a71be tor-browser-linux32-4.5_nl.tar.xz
44072717e2c87375e66ed5d9d2d778768957300259b2aebd61b58dce86432d6a tor-browser-linux32-4.5_pl.tar.xz
0e838397d575638b94b64b8e0d3d1cebb5323c73af73ebd1e674a31bf64ac737 tor-browser-linux32-4.5_pt-PT.tar.xz
0cff5c3acb4255b4f8277300074f3d516a2fb2a50dd88e8fcab4574da4e44d54 tor-browser-linux32-4.5_ru.tar.xz
be2b87131d2baa26f215d3ac028f711378bf00a7183c597dac0b4579cab28c9c tor-browser-linux32-4.5_tr.tar.xz
944c89f2564c2893ca2cf13f6ed4d3ec15a8395583e196bd63297fea781b0433 tor-browser-linux32-4.5_vi.tar.xz
5060595c8e9a709dfc0f8e732458ff2441aa2f8cbdb5035db55a5d47b41eb5d6 tor-browser-linux32-4.5_zh-CN.tar.xz
......@@ -965,9 +965,6 @@ As for extensions we have the following differences:
extension to protect against many tracking possibilities by removing
most ads.
* Tails does not install the same Torbutton as in the TBB. We
installed a patched version.
* Tails does not install the Tor Launcher extension as part of the
browser. A patched Tor Launcher is installed for use as a
stand-alone XUL application, though.
......
[[!meta title="Releasing Torbutton"]]
[[!toc levels=1]]
Update the Debian package
=========================
Add a remote with upstream repository if not already done:
$ git remote add upstream-remote https://git.torproject.org/torbutton.git
Verify the new upstream tag:
git tag -v <version>
Merge the new upstream tag:
git checkout upstream
git merge <version>
git tag upstream/<version>
Merge `upstream` branch to `master` branch:
git checkout master
git merge upstream/<version>
Update `debian/changelog`:
git-dch -N <version>-1
(Do not forget to set the appropriate release.)
Commit the changelog:
git commit debian/changelog -m "$(head -n 1 debian/changelog | sed -e 's,).*,),')"
Build a new Debian package:
git-buildpackage
If everything is fine, tag the release and push the changes:
git-buildpackage --git-tag-only --git-sign-tags
git push && git push --tags
Add the Debian package to Tails
===============================
Sign the package:
debsign $CHANGES_FILE
Upload:
dupload --to tails $CHANGES_FILE
......@@ -49,13 +49,13 @@ and see if the desired version is available. Set `DIST_URL` to the
chosen URL, and set `VERSION` to the desired Tor Browser version, for
example:
DIST_URL=https://people.torproject.org/~mikeperry/builds/
VERSION=4.0
DIST_URL=https://people.torproject.org/~mikeperry/builds/4.5-build5/
VERSION=4.5
Fetch the version's hash file and its detached signature, and verify
with GnuPG:
wget ${DIST_URL}/${VERSION}/sha256sums.txt{,.asc} && \
wget ${DIST_URL}/sha256sums.txt{,.asc} && \
gpg --verify sha256sums.txt.asc sha256sums.txt
Filter the tarballs we want and make them available at build time,
......@@ -141,7 +141,7 @@ Import a new set of Tor Browser tarballs
CHROOT_INCLUDES="${TAILS_GIT_REPO}/config/chroot_local-includes"
TBB_SHA256SUMS_FILE="${CHROOT_INCLUDES}/usr/share/tails/tbb-sha256sums.txt"
TBB_DIST_URL_FILE="${CHROOT_INCLUDES}/usr/share/tails/tbb-dist-url.txt"
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}" | sed "s,^http://,https://,")/${VERSION}"
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}" | sed "s,^http://,https://,")"
cat "$TBB_SHA256SUMS_FILE" | while read expected_sha256 tarball; do
(
cd "$TMPDIR"
......
......@@ -32,7 +32,7 @@
- Have a look at recent changes
in [Torbutton](https://gitweb.torproject.org/torbutton.git), and
do whatever is needed to get the fixes we need in the release.
make sure they are compatible with our configuration.
- Have Kill Your TV upgrade I2P if needed. See [[contribute/design/I2P]].
- If needed, update the list of Tor authorities in the test
suite configuration.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment