[tor-commits] [tor-browser-bundle/master] Remove PDF.JS 0.8.1 from all TBBs.

mikeperry at torproject.org mikeperry at torproject.org
Thu Nov 14 23:04:28 UTC 2013 

commit 10dd07067e4eea90b8f58acce7b00f518ff10844
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Thu Nov 14 01:49:15 2013 -0800

    Remove PDF.JS 0.8.1 from all TBBs.
    
    It is probably vulnerable to
    https://www.mozilla.org/security/announce/2013/mfsa2013-99.html.
    
    Note that Firefox 24 includes a built-in version that will be getting security
    updates.
---
 gitian/descriptors/linux/gitian-bundle.yml   |    1 -
 gitian/descriptors/mac/gitian-bundle.yml     |    1 -
 gitian/descriptors/windows/gitian-bundle.yml |    1 -
 gitian/fetch-inputs.sh                       |    4 +---
 gitian/record-inputs.sh                      |    3 ---
 gitian/versions                              |    2 --
 gitian/versions.alpha                        |    2 --
 7 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index 68e01ec..7dc1104 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -31,7 +31,6 @@ files:
 - "linux-skeleton.zip"
 - "linux-langpacks.zip"
 - "noscript at noscript.net.xpi"
-- "uriloader at pdf.js.xpi"
 - "dzip.sh"
 - "dtar.sh"
 - "bare-version"
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index cdf387b..ade303b 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -27,7 +27,6 @@ files:
 - "mac-skeleton.zip"
 - "mac-langpacks.zip"
 - "noscript at noscript.net.xpi"
-- "uriloader at pdf.js.xpi"
 - "dzip.sh"
 - "bare-version"
 - "bundle.inputs"
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index bb28155..44e1662 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -29,7 +29,6 @@ files:
 - "windows-skeleton.zip"
 - "win32-langpacks.zip"
 - "noscript at noscript.net.xpi"
-- "uriloader at pdf.js.xpi"
 - "dzip.sh"
 - "bare-version"
 - "bundle.inputs"
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 535a797..19b3509 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -169,7 +169,6 @@ cd ..
 
 # NoScript and PDF.JS are magikal and special:
 wget -N ${NOSCRIPT_URL}
-wget -N https://addons.mozilla.org/firefox/downloads/file/201180/${PDFJS_PACKAGE}
 
 # So is mingw:
 if [ ! -f mingw-w64-svn-snapshot.zip ];
@@ -181,7 +180,7 @@ fi
 
 # Verify packages with weak or no signatures via direct sha256 check
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 NOSCRIPT PDFJS MINGW MSVCR100 # OPENSSL
+for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 # OPENSSL
 do
    PACKAGE="${i}_PACKAGE"
    HASH="${i}_HASH"
@@ -217,7 +216,6 @@ done
 cd ..
 
 ln -sf "$NOSCRIPT_PACKAGE" noscript at noscript.net.xpi
-ln -sf "$PDFJS_PACKAGE" uriloader at pdf.js.xpi
 ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2
 ln -sf "$GCC_PACKAGE" gcc.tar.bz2
 ln -sf "$PYTHON_PACKAGE" python.tar.bz2
diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh
index 95a8fcf..9bc1f7c 100755
--- a/gitian/record-inputs.sh
+++ b/gitian/record-inputs.sh
@@ -30,10 +30,7 @@ sha256sum $OSXSDK_PACKAGE >> bundle.inputs
 sha256sum $TOOLCHAIN4_PACKAGE >> bundle.inputs
 sha256sum mingw-w64-svn-snapshot.zip >> bundle.inputs
 echo >> bundle.inputs
-#sha256sum relativelink-src.zip >> bundle.inputs
-#sha256sum *-langpacks.zip >> bundle.inputs
 sha256sum noscript at noscript.net.xpi >> bundle.inputs
-sha256sum uriloader at pdf.js.xpi >> bundle.inputs
 echo >> bundle.inputs
 
 if [ "z$VERIFY_TAGS" = "z1" ];
diff --git a/gitian/versions b/gitian/versions
index 4128288..0fea02e 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -25,7 +25,6 @@ PYTHON_VER=2.7.5
 ## File names for the source packages
 # OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi
-PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi
 TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
 MINGW_PACKAGE=mingw-w64-svn-snapshot.zip
@@ -39,7 +38,6 @@ PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f
-PDFJS_HASH=2e3e6811f5294b24aafeba44e8206ddc81fb15e5934e5166a2c7df3a4405020b
 MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index d70d289..b605365 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -25,7 +25,6 @@ PYTHON_VER=2.7.5
 ## File names for the source packages
 # OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi
-PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi
 TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
 MINGW_PACKAGE=mingw-w64-svn-snapshot.zip
@@ -39,7 +38,6 @@ PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f
-PDFJS_HASH=2e3e6811f5294b24aafeba44e8206ddc81fb15e5934e5166a2c7df3a4405020b
 MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

More information about the tor-commits mailing list