[tor-commits] [tor-browser-build/master] Release preparations for 11.0a10
commit 424fdd9fbf2e799453edca5020fc8695ca850e54
Author: Richard Pospesel
Date: Tue Nov 2 20:52:03 2021 +0100
Release preparations for 11.0a10
---
projects/firefox/config| 2 +-
.../tor-browser/Bundle-Data/Docs/ChangeLog.txt | 27 ++
projects/tor/config| 2 +-
rbm.conf | 6 ++---
4 files changed, 32 insertions(+), 5 deletions(-)
diff --git a/projects/firefox/config b/projects/firefox/config
index 6af62a7..d889fe3 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -8,7 +8,7 @@ git_submodule: 1
gpg_keyring: torbutton.gpg
var:
- firefox_platform_version: 91.2.0
+ firefox_platform_version: 91.3.0
firefox_version: '[% c("var/firefox_platform_version") %]esr'
torbrowser_branch: 11.0
branding_directory: 'browser/branding/alpha'
diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
index 45fec24..d868f20 100644
--- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
+++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
@@ -1,3 +1,30 @@
+Tor Browser 11.0a10 - November 8 2021
+ * Windows + OS X + Linux
+ * Update Firefox to 91.3.0esr
+ * Update Tor to 0.4.7.2-alpha
+ * Bug 32624: localStorage is not shared between tabs [tor-browser]
+ * Bug 33125: Remove xpinstall.whitelist.add* as they don't do anything
anymore [tor-browser]
+ * Bug 34188: Cleanup extensions.* prefs [tor-browser]
+ * Bug 40053: investigate fingerprinting potential of extended TextMetrics
interface [tor-browser]
+ * Bug 40083: Make sure Region.jsm fetching is disabled [tor-browser]
+ * Bug 40177: Clean up obsolete preferences in our 000-tor-browser.js
[tor-browser]
+ * Bug 40220: Make sure tracker cookie purging is disabled [tor-browser]
+ * Bug 40342: Set `gfx.bundled-fonts.activate = 1` to preserve current
bundled fonts behaviour [tor-browser]
+ * Bug 40463: Disable network.http.windows10-sso.enabled in FF 91
[tor-browser]
+ * Bug 40483: Deutsche Welle v2 redirect [tor-browser]
+ * Bug 40548: Set network.proxy.failover_direct to false in FF 91
[tor-browser]
+ * Bug 40630: New Identity and New Circuit icons [tor-browser]
+ * Bug 40641: Update Security Level selection in about:preferences to match
style as tracking protection option bubbles [tor-browser]
+ * Bug 40648: Replace onion pattern divs/css with tiling SVG [tor-browser]
+ * Bug 40653: Onion Available text not aligned correctly in toolbar in ESR91
[tor-browser]
+ * Bug 40655: esr91 is suggesting to make Tor Browser the default browse
[tor-browser]
+ * Bug 40657: esr91 is missing "New identity" in hamburger menu [tor-browser]
+ * Bug 40680: Prepare update to localized assets for YEC [tor-browser]
+ * Build System
+ * Windows + OS X + Linux
+ * Bug 40366: Use bullseye to build https-everywhere
+ * Bug 40368: Use system's python3 for https-everywhere
+
Tor Browser 11.0a9 -- October 15 2021
* Windows + OS X + Linux
* Update Firefox to 91.2.0esr
diff --git a/projects/tor/config b/projects/tor/config
index 4c626de..c25dd4d 100644
--- a/projects/tor/config
+++ b/projects/tor/config
@@ -1,6 +1,6 @@
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[%
c("var/build_id") %]'
-version: 0.4.7.1-alpha
+version: 0.4.7.2-alpha
git_hash: 'tor-[% c("version") %]'
git_url: https://git.torproject.org/tor.git
git_submodule: 1
diff --git a/rbm.conf b/rbm.conf
index 7295953..51ccfdf 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -57,10 +57,10 @@ buildconf:
git_signtag_opt: '-s'
var:
- torbrowser_version: '11.0a9'
- torbrowser_build: 'build2'
+ torbrowser_version: '11.0a10'
+ torbrowser_build: 'build1'
torbrowser_incremental_from:
-- 11.0a7
+- 11.0a9
project_name: tor-browser
multi_lingual: 0
build_mar: 1
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Bug 40380: Add dgoulet as a tor package signer
commit 812824fcce0552966f24a283b9bec7273b50df46 Author: Matthew Finkel Date: Wed Nov 3 01:16:12 2021 + Bug 40380: Add dgoulet as a tor package signer --- keyring/tor.gpg | Bin 9148 -> 19521 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/keyring/tor.gpg b/keyring/tor.gpg index 3bca5c5..3491f98 100644 Binary files a/keyring/tor.gpg and b/keyring/tor.gpg differ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [lego/master] Patch lego to solve build issues
commit 38d2ab26f41961fbdeab7f40dc2ed73c7ec8074c
Author: Silvia/Hiro
Date: Wed Nov 3 00:45:27 2021 +0100
Patch lego to solve build issues
---
packages/i18n/lektor_i18n.py | 4
1 file changed, 4 insertions(+)
diff --git a/packages/i18n/lektor_i18n.py b/packages/i18n/lektor_i18n.py
index 1129727..a0ac284 100644
--- a/packages/i18n/lektor_i18n.py
+++ b/packages/i18n/lektor_i18n.py
@@ -133,6 +133,8 @@ class Translations():
def merge_pot(self, from_filenames, to_filename):
msgcat=locate_executable('msgcat')
+if msgcat is None:
+msgcat="/usr/bin/msgcat"
cmdline=[msgcat, "--use-first"]
cmdline.extend(from_filenames)
cmdline.extend(("-o", to_filename))
@@ -141,6 +143,8 @@ class Translations():
def parse_templates(self, to_filename):
pybabel=locate_executable('pybabel')
+if pybabel is None:
+pybabel="/usr/bin/pybabel"
cmdline=[pybabel, 'extract', '-F', 'babel.cfg', "-o", to_filename,
"./"]
reporter.report_debug_info('pybabel cmd line', cmdline)
portable_popen(cmdline).wait()
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tpo/master] Fix #252
commit 8debf26cb61fb7cf269c8cac2e6a062f62643a74 Author: gus Date: Tue Nov 2 19:36:18 2021 -0300 Fix #252 --- content/about/jobs/brand-designer/contents.lr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/about/jobs/brand-designer/contents.lr b/content/about/jobs/brand-designer/contents.lr index e7f20e1b..f8862143 100644 --- a/content/about/jobs/brand-designer/contents.lr +++ b/content/about/jobs/brand-designer/contents.lr @@ -13,7 +13,7 @@ title: Brand Designer For User Experience (UX) Team color: primary --- summary: -Internet Freedom Nonprofit Seeks Brand Designed for User Experience Team +Internet Freedom Nonprofit Seeks Brand Designer for User Experience Team The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking a Brand Designer to be a part of the User Experience Team. @@ -21,7 +21,7 @@ As a Brand Designer, you will be responsible for the creative direction of T Though small, the UX Team at the Tor Project is a "full stack" design team â encompassing the disciplines of graphic design, interface design, experience design, and ethical user research. Our mission is to promote the principles of human-centered design across the organization and the wider Tor community, improving our users' experiences at each point along the way. -This is a full-time remote position. Salary T.B.D. +This is a full-time remote position. Salary for this position is $75,000 USD and there is voluntary opt-in salary transparency for employees and contractors. --- description: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 1728536 - Fix compilation error with `--disable-maintenance-service`. r?#application-update-reviewers
commit b87798e5fd84d93b197a1a1c8419e34b8e0bae17
Author: Nick Alexander
Date: Mon Sep 27 17:10:27 2021 +
Bug 1728536 - Fix compilation error with `--disable-maintenance-service`.
r?#application-update-reviewers
This was a regression from Bug 1658711.
Differential Revision: https://phabricator.services.mozilla.com/D126715
---
toolkit/mozapps/update/updater/updater.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/toolkit/mozapps/update/updater/updater.cpp
b/toolkit/mozapps/update/updater/updater.cpp
index ddbcdf5cc22a..68d7186bbc4b 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -3679,6 +3679,7 @@ int NS_main(int argc, NS_tchar** argv) {
# endif
}
+# ifdef MOZ_MAINTENANCE_SERVICE
// If we started the elevated updater, and it finished, check the secure
// update status file to make sure that it succeeded, and if it did we
// need to launch the PostUpdate process in the unelevated updater which
@@ -3696,6 +3697,7 @@ int NS_main(int argc, NS_tchar** argv) {
}
}
}
+# endif
CloseHandle(elevatedFileHandle);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
commit ae322f3e7a10be7445b5c5d592ae002ce7040267
Author: Matthew Finkel
Date: Mon Nov 1 20:29:48 2021 +
fixup! TB4: Tor Browser's Firefox preference overrides.
---
browser/app/profile/000-tor-browser.js | 25 -
1 file changed, 25 deletions(-)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index ed8c4c8c80dd..867bcf2b662f 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -48,7 +48,6 @@ pref("browser.disableResetPrompt", true);
// Disk activity: Disable Browsing History Storage
pref("browser.privatebrowsing.autostart", true);
pref("browser.cache.disk.enable", false);
-pref("browser.cache.offline.enable", false);
pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("security.nocertdb", true);
@@ -69,8 +68,6 @@ pref("browser.sessionstore.privacy_level", 2);
// Use the in-memory media cache and increase its maximum size (#29120)
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
pref("media.memory_cache_max_size", 16384);
-// Disable site-specific browsing to avoid sharing site icons with the OS.
-pref("browser.ssb.enabled", false);
// Misc privacy: Remote
pref("browser.send_pings", false);
@@ -164,7 +161,6 @@ pref("dom.serviceWorkers.enabled", false);
pref("dom.push.enabled", false);
// Fingerprinting
-pref("webgl.disable-extensions", true);
pref("webgl.disable-fail-if-major-performance-caveat", true);
pref("webgl.enable-webgl2", false);
pref("gfx.downloadable_fonts.fallback_delay", -1);
@@ -177,9 +173,7 @@ pref("privacy.resistFingerprinting", true);
pref("privacy.resistFingerprinting.block_mozAddonManager", true); // Bug 26114
pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API
pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
-pref("dom.w3c_pointer_events.enabled", false);
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
-// Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web
Authentication API for now
// Disable SAB, no matter if the sites are cross-origin isolated.
pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
@@ -241,8 +235,6 @@ pref("network.protocol-handler.warn-external.snews", true);
// Make sure we don't have any GIO supported protocols (defense in depth
// measure)
pref("network.gio.supported-protocols", "");
-pref("plugin.disable", true); // Disable to search plugins on first start
-pref("plugin.state.flash", 0); // Disable for defense-in-depth
pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
// Disables media devices but only if `media.peerconnection.enabled` is set to
// `false` as well. (see bug 16328 for this defense-in-depth measure)
@@ -278,9 +270,6 @@ pref("network.file.disable_unc_paths", true);
// Enhance our treatment of file:// to avoid proxy bypasses (see Mozilla's bug
// 1412081)
pref("network.file.path_blacklist", "/net");
-// Make sure no enterprise policy can interfere with our proxy settings, see
-// #29916.
-pref("browser.policies.testing.disallowEnterprise", true);
// Security slider
pref("svg.in-content.enabled", true);
@@ -308,24 +297,15 @@ pref("extensions.autoDisableScopes", 0);
pref("extensions.bootstrappedAddons", "{}");
pref("extensions.checkCompatibility.4.*", false);
pref("extensions.databaseSchema", 3);
-pref("extensions.enabledAddons",
"https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5");
-pref("extensions.enabledItems",
"langpack-en...@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8");
pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 |
AddonManager.SCOPE_APPLICATION=4
pref("extensions.pendingOperations", false);
-pref("xpinstall.whitelist.add", "");
-pref("xpinstall.whitelist.add.36", "");
// We don't know what extensions Mozilla is advertising to our users and we
// don't want to have some random Google Analytics script running either on the
// about:addons page, see bug 22073, 22900 and 31601.
pref("extensions.getAddons.showPane", false);
pref("extensions.htmlaboutaddons.recommendations.enabled", false);
-// Show our legacy extensions directly on about:addons and get rid of the
-// warning for the default theme.
-pref("extensions.legacy.exceptions",
"{972ce4c6-7e08-4474-a285-3208198ce6fd},torbut...@torproject.org");
// Bug 26114: Allow NoScript to access addons.mozilla.org etc.
pref("extensions.webextensions.restrictedDomains", "");
-// Bug 28896: Make sure our bundled WebExtensions are running in Private
Browsing Mode
-pref("extensions.allowPrivateBrowsingByDefault",
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] squash! TB4: Tor Browser's Firefox preference overrides.
commit 94bff64eab46f9aa85b246c576120f652467382b
Author: Matthew Finkel
Date: Mon Nov 1 16:28:22 2021 +
squash! TB4: Tor Browser's Firefox preference overrides.
Bug 40177: Update prefs for Fx91esr
---
browser/app/profile/000-tor-browser.js | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index 0952a3ad5cfc..ed8c4c8c80dd 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -53,6 +53,9 @@ pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("security.nocertdb", true);
+// Enabled LSNG
+pref("dom.storage.next_gen", true);
+
// Disk activity: TBB Directory Isolation
pref("browser.download.useDownloadDir", false);
pref("browser.shell.checkDefaultBrowser", false);
@@ -119,11 +122,12 @@ pref("privacy.annotate_channels.strict_list.enabled",
false);
// Disable the Pocket extension (Bug #18886 and #31602)
pref("extensions.pocket.enabled", false);
-pref("network.http.referer.hideOnionSource", true);
// Disable use of WiFi location information
pref("browser.region.network.scan", false);
pref("browser.region.network.url", "");
+// Bug 40083: Make sure Region.jsm fetching is disabled
+pref("browser.region.update.enabled", false);
// Don't load Mozilla domains in a separate tab process
pref("browser.tabs.remote.separatedMozillaDomains", "");
@@ -177,6 +181,8 @@ pref("dom.w3c_pointer_events.enabled", false);
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
// Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web
Authentication API for now
+// Disable SAB, no matter if the sites are cross-origin isolated.
+pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
// Disable intermediate preloading (Bug 30682)
pref("security.remote_settings.intermediates.enabled", false);
// Bug 2874: Block Components.interfaces from content
@@ -190,8 +196,17 @@ pref("privacy.resistFingerprinting.letterboxing", true);
pref("dom.netinfo.enabled", false);
pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer
behavior consistent regardless of private browing mode status
pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148:
disable until audited in #40147
+pref("network.http.referer.hideOnionSource", true);
+// Bug 40463: Disable Windows SSO
+pref("network.http.windows-sso.enabled", false);
// Bug 40383: Disable new PerformanceEventTiming
pref("dom.enable_event_timing", false);
+// Disable API for measuring text width and height.
+pref("dom.textMetrics.actualBoundingBox.enabled", false);
+pref("dom.textMetrics.baselines.enabled", false);
+pref("dom.textMetrics.emHeight.enabled", false);
+pref("dom.textMetrics.fontBoundingBox.enabled", false);
+pref("pdfjs.enableScripting", false);
// Third party stuff
pref("privacy.firstparty.isolate", true); // Always enforce first party
isolation
@@ -199,6 +214,8 @@ pref("privacy.partition.network_state", false); // Disable
for now until audit
pref("network.cookie.cookieBehavior", 1);
pref("network.http.spdy.allow-push", false); // Disabled for now. See
https://bugs.torproject.org/27127
pref("network.predictor.enabled", false); // Temporarily disabled. See
https://bugs.torproject.org/16633
+// Bug 40177: Make sure tracker cookie purging is disabled
+pref("privacy.purge_trackers.enabled", false);
// Proxy and proxy security
pref("network.proxy.socks", "127.0.0.1");
@@ -207,6 +224,8 @@ pref("network.proxy.socks_remote_dns", true);
pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local
service vulns (#10419)
pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for
localhost (#31065)
pref("network.proxy.type", 1);
+// Bug 40548: Disable proxy-bypass
+pref("network.proxy.failover_direct", false);
pref("network.security.ports.banned", "9050,9051,9150,9151");
pref("network.dns.disabled", true); // This should cover the #5741 patch for
DNS leaks
pref("network.dns.disablePrefetch", true);
@@ -307,6 +326,8 @@ pref("extensions.legacy.exceptions",
"{972ce4c6-7e08-4474-a285-3208198ce6fd},tor
pref("extensions.webextensions.restrictedDomains", "");
// Bug 28896: Make sure our bundled WebExtensions are running in Private
Browsing Mode
pref("extensions.allowPrivateBrowsingByDefault", true);
+// Don't give Mozilla-recommended third-party extensions special privileges.
+pref("extensions.postDownloadThirdPartyPrompt", false);
// Toolbar layout
pref("browser.uiCustomization.state",
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
commit 40a198125394de9e3ae5b6a4237c8987f4557adc
Author: Matthew Finkel
Date: Tue Nov 2 20:42:40 2021 +
fixup! TB4: Tor Browser's Firefox preference overrides.
---
browser/app/profile/000-tor-browser.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index 867bcf2b662f..0011f4d72c9d 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -201,6 +201,7 @@ pref("dom.textMetrics.baselines.enabled", false);
pref("dom.textMetrics.emHeight.enabled", false);
pref("dom.textMetrics.fontBoundingBox.enabled", false);
pref("pdfjs.enableScripting", false);
+pref("javascript.options.large_arraybuffers", false);
// Third party stuff
pref("privacy.firstparty.isolate", true); // Always enforce first party
isolation
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40483: Temporarily redirect DW's v2 address to their new v3 address
commit 7ab6b90cb0971d1d88eaa4d30496cd36c0f2ac92
Author: Matthew Finkel
Date: Mon Oct 4 22:45:56 2021 +
Bug 40483: Temporarily redirect DW's v2 address to their new v3 address
---
docshell/base/nsDocShell.cpp | 13 +
1 file changed, 13 insertions(+)
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index c86fed307be6..080754c938b8 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -5990,6 +5990,7 @@ already_AddRefed nsDocShell::AttemptURIFixup(
bool aNotifyKeywordSearchLoading, nsIInputStream** aNewPostData) {
if (aStatus != NS_ERROR_UNKNOWN_HOST && aStatus != NS_ERROR_NET_RESET &&
aStatus != NS_ERROR_CONNECTION_REFUSED &&
+ aStatus != NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS &&
aStatus !=
mozilla::psm::GetXPCOMFromNSSError(SSL_ERROR_BAD_CERT_DOMAIN)) {
return nullptr;
@@ -6137,6 +6138,18 @@ already_AddRefed nsDocShell::AttemptURIFixup(
}
}
}
+ } else if (aStatus == NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS) {
+// Bug 40483: Temporarily redirect DW's v2 address to their new v3 address
+constexpr auto kV2DW = "dwnewsvdyyiamwnp.onion"_ns;
+constexpr auto kV3DW =
"dwnewsgngmhlplxy6o2twtfgjnrnjxbegbwqx6wnotdhkzt562tszfid.onion"_ns;
+nsAutoCString host;
+newURI = nullptr;
+Unused << url->GetHost(host);
+if (StringEndsWith(host, kV2DW)) {
+ auto& subdomains = Substring(host, 0, host.Length() - kV2DW.Length());
+ Unused << NS_MutateURI(url).SetHost(subdomains + kV3DW).Finalize(
+getter_AddRefs(newURI));
+}
} else if (aStatus == NS_ERROR_CONNECTION_REFUSED &&
Preferences::GetBool("browser.fixup.fallback-to-https", false)) {
// Try HTTPS, since http didn't work
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40253: Explicitly allow NoScript in Private Browsing mode.
commit c79d5dda0c9531bc79fee05edd48c381789d39a6
Author: Matthew Finkel
Date: Fri Sep 3 14:58:28 2021 +
Bug 40253: Explicitly allow NoScript in Private Browsing mode.
---
toolkit/components/extensions/Extension.jsm | 9 +
1 file changed, 9 insertions(+)
diff --git a/toolkit/components/extensions/Extension.jsm
b/toolkit/components/extensions/Extension.jsm
index 69833684ca53..60b610768dfb 100644
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -2644,6 +2644,15 @@ class Extension extends ExtensionData {
this.permissions.add(PRIVATE_ALLOWED_PERMISSION);
}
+ // Bug 40253: Explicitly allow NoScript in Private Browsing mode.
+ if (this.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}") {
+ExtensionPermissions.add(this.id, {
+ permissions: [PRIVATE_ALLOWED_PERMISSION],
+ origins: [],
+});
+this.permissions.add(PRIVATE_ALLOWED_PERMISSION);
+ }
+
// We only want to update the SVG_CONTEXT_PROPERTIES_PERMISSION during
install and
// upgrade/downgrade startups.
if (INSTALL_AND_UPDATE_STARTUP_REASONS.has(this.startupReason)) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] fixup! Bug 27477: Implement about:torconnect captive portal within Tor Browser
commit e15b3cababedf807c2558404e6c13ed953611752
Author: Matthew Finkel
Date: Fri Sep 3 03:52:25 2021 +
fixup! Bug 27477: Implement about:torconnect captive portal within Tor
Browser
This reverts commit ff3b679987ee9d5515508d94d78ed28166706249.
---
browser/modules/TorConnect.jsm | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/browser/modules/TorConnect.jsm b/browser/modules/TorConnect.jsm
index e7b8b364db86..ddc14148eb88 100644
--- a/browser/modules/TorConnect.jsm
+++ b/browser/modules/TorConnect.jsm
@@ -167,19 +167,19 @@ const TorConnect = (() => {
/* Initial is never transitioned to */
[TorConnectState.Initial, null],
/* Configuring */
-[TorConnectState.Configuring, (self, prevState) => {
+[TorConnectState.Configuring, async (self, prevState) => {
// TODO move this to the transition function
if (prevState === TorConnectState.Bootstrapping) {
-TorProtocolService.torStopBootstrap();
+await TorProtocolService.torStopBootstrap();
}
}],
/* AutoConfiguring */
-[TorConnectState.AutoConfiguring, (self, prevState) => {
+[TorConnectState.AutoConfiguring, async (self, prevState) => {
}],
/* Bootstrapping */
-[TorConnectState.Bootstrapping, (self, prevState) => {
-let error = TorProtocolService.connect();
+[TorConnectState.Bootstrapping, async (self, prevState) => {
+let error = await TorProtocolService.connect();
if (error) {
self.onError(error.message, error.details);
} else {
@@ -187,12 +187,12 @@ const TorConnect = (() => {
}
}],
/* Bootstrapped */
-[TorConnectState.Bootstrapped, (self,prevState) => {
+[TorConnectState.Bootstrapped, async (self,prevState) => {
// notify observers of bootstrap completion
Services.obs.notifyObservers(null,
TorConnectTopics.BootstrapComplete);
}],
/* Error */
-[TorConnectState.Error, (self, prevState, errorMessage,
errorDetails, fatal) => {
+[TorConnectState.Error, async (self, prevState, errorMessage,
errorDetails, fatal) => {
self._errorMessage = errorMessage;
self._errorDetails = errorDetails;
@@ -204,7 +204,7 @@ const TorConnect = (() => {
}
}],
/* FatalError */
-[TorConnectState.FatalError, (self, prevState) => {
+[TorConnectState.FatalError, async (self, prevState) => {
Services.obs.notifyObservers(null,
TorConnectTopics.FatalError);
}],
/* Disabled */
@@ -213,7 +213,7 @@ const TorConnect = (() => {
}],
])),
-_changeState: function(newState, ...args) {
+_changeState: async function(newState, ...args) {
const prevState = this._state;
// ensure this is a valid state transition
@@ -228,7 +228,7 @@ const TorConnect = (() => {
this._state = newState;
// call our transition function and forward any args
-this._transitionCallbacks.get(newState)(this, prevState, ...args);
+await this._transitionCallbacks.get(newState)(this, prevState,
...args);
Services.obs.notifyObservers({state: newState},
TorConnectTopics.StateChange);
},
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40597: Implement TorSettings module
commit 9cd74389a323b871e1d315d6ce95388d9a645213
Author: Richard Pospesel
Date: Fri Aug 6 16:39:03 2021 +0200
Bug 40597: Implement TorSettings module
- migrated in-page settings read/write implementation from
about:preferences#tor
to the TorSettings module
- TorSettings initially loads settings from the tor daemon, and saves them
to
firefox prefs
- TorSettings notifies observers when a setting has changed; currently only
QuickStart notification is implemented for parity with previous preference
notify logic in about:torconnect and about:preferences#tor
- about:preferences#tor, and about:torconnect now read and write settings
thorugh the TorSettings module
- all tor settings live in the torbrowser.settings.* preference branch
- removed unused pref modify permission for about:torconnect content page
from
AsyncPrefs.jsm
---
browser/components/torconnect/TorConnectParent.jsm | 25 +-
.../torpreferences/content/parseFunctions.jsm | 89 ---
.../torpreferences/content/torBridgeSettings.jsm | 325
.../torpreferences/content/torFirewallSettings.jsm | 72 --
.../components/torpreferences/content/torPane.js | 301
.../torpreferences/content/torProxySettings.jsm| 245 ---
browser/components/torpreferences/jar.mn | 12 +-
browser/modules/TorConnect.jsm | 47 +-
browser/modules/TorSettings.jsm| 814 +
browser/modules/moz.build | 1 +
.../processsingleton/MainProcessSingleton.jsm | 5 +
toolkit/modules/AsyncPrefs.jsm | 1 -
12 files changed, 989 insertions(+), 948 deletions(-)
diff --git a/browser/components/torconnect/TorConnectParent.jsm
b/browser/components/torconnect/TorConnectParent.jsm
index 526c588a423e..2fbc2a5c7c7c 100644
--- a/browser/components/torconnect/TorConnectParent.jsm
+++ b/browser/components/torconnect/TorConnectParent.jsm
@@ -7,10 +7,9 @@ const { TorStrings } =
ChromeUtils.import("resource:///modules/TorStrings.jsm");
const { TorConnect, TorConnectTopics, TorConnectState } = ChromeUtils.import(
"resource:///modules/TorConnect.jsm"
);
-
-const TorLauncherPrefs = Object.freeze({
- quickstart: "extensions.torlauncher.quickstart",
-});
+const { TorSettings, TorSettingsTopics, TorSettingsData } = ChromeUtils.import(
+ "resource:///modules/TorSettings.jsm"
+);
/*
This object is basically a marshalling interface between the TorConnect module
@@ -31,7 +30,7 @@ class TorConnectParent extends JSWindowActorParent {
BootstrapProgress: TorConnect.bootstrapProgress,
BootstrapStatus: TorConnect.bootstrapStatus,
ShowCopyLog: TorConnect.logHasWarningOrError,
- QuickStartEnabled:
Services.prefs.getBoolPref(TorLauncherPrefs.quickstart, false),
+ QuickStartEnabled: TorSettings.quickstart.enabled,
};
// JSWindowActiveParent derived objects cannot observe directly, so create
a member
@@ -78,9 +77,12 @@ class TorConnectParent extends JSWindowActorParent {
// TODO: handle
break;
}
- case "nsPref:changed": {
-if (aData === TorLauncherPrefs.quickstart) {
- self.state.QuickStartEnabled =
Services.prefs.getBoolPref(TorLauncherPrefs.quickstart);
+ case TorSettingsTopics.SettingChanged:{
+if (aData === TorSettingsData.QuickStartEnabled) {
+ self.state.QuickStartEnabled = obj.value;
+} else {
+ // this isn't a setting torconnect cares about
+ return;
}
break;
}
@@ -98,7 +100,7 @@ class TorConnectParent extends JSWindowActorParent {
const topic = TorConnectTopics[key];
Services.obs.addObserver(this.torConnectObserver, topic);
}
-Services.prefs.addObserver(TorLauncherPrefs.quickstart,
this.torConnectObserver);
+Services.obs.addObserver(this.torConnectObserver,
TorSettingsTopics.SettingChanged);
}
willDestroy() {
@@ -107,13 +109,14 @@ class TorConnectParent extends JSWindowActorParent {
const topic = TorConnectTopics[key];
Services.obs.removeObserver(this.torConnectObserver, topic);
}
-Services.prefs.removeObserver(TorLauncherPrefs.quickstart,
this.torConnectObserver);
+Services.obs.removeObserver(this.torConnectObserver,
TorSettingsTopics.SettingChanged);
}
receiveMessage(message) {
switch (message.name) {
case "torconnect:set-quickstart":
-Services.prefs.setBoolPref(TorLauncherPrefs.quickstart, message.data);
+TorSettings.quickstart.enabled = message.data;
+TorSettings.saveToPrefs().applySettings();
break;
case "torconnect:open-tor-preferences":
TorConnect.openTorPreferences();
diff --git a/browser/components/torpreferences/content/parseFunctions.jsm
b/browser/components/torpreferences/content/parseFunctions.jsm
deleted file
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Adding issue template for bugs.
commit 547a3d82b71e5c0a64058f2339a2acde3812d430 Author: Gaba Date: Mon Jun 28 11:44:16 2021 -0700 Adding issue template for bugs. --- .gitlab/issue_templates/UXBug.md | 29 + .gitlab/issue_templates/bug.md | 32 2 files changed, 61 insertions(+) diff --git a/.gitlab/issue_templates/UXBug.md b/.gitlab/issue_templates/UXBug.md new file mode 100644 index ..8e7cb2a5e163 --- /dev/null +++ b/.gitlab/issue_templates/UXBug.md @@ -0,0 +1,29 @@ + + +### Summary +**Summarize the bug encountered concisely.** + + +### Steps to reproduce: +**How one can reproduce the issue - this is very important.** + +1. Step 1 +2. Step 2 +3. ... + +### What is the current bug behavior? +**What actually happens.** + + +### What is the expected behavior? +**What you want to see instead** + + + +## Relevant logs and/or screenshots +**Do you have screenshots? Attach them to this ticket please.** + +/label ~tor-ux ~needs-investigation ~bug +/assign @nah diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md new file mode 100644 index ..6ce85a4864be --- /dev/null +++ b/.gitlab/issue_templates/bug.md @@ -0,0 +1,32 @@ + + +### Summary +**Summarize the bug encountered concisely.** + + +### Steps to reproduce: +**How one can reproduce the issue - this is very important.** + +1. Step 1 +2. Step 2 +3. ... + +### What is the current bug behavior? +**What actually happens.** + + +### What is the expected behavior? +**What you want to see instead** + + + +### Environment +**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.** +**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.** + +### Relevant logs and/or screenshots + + +/label ~bug ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] 40209: Implement Basic Crypto Safety
commit 0a34811ae1961a1456b8a58685aa1296d7b60949
Author: sanketh
Date: Mon Feb 8 20:12:44 2021 -0500
40209: Implement Basic Crypto Safety
Adds a CryptoSafety actor which detects when you've copied a crypto
address from a HTTP webpage and shows a warning.
Closes #40209.
Bug 40428: Fix string attribute names
---
browser/actors/CryptoSafetyChild.jsm | 87
browser/actors/CryptoSafetyParent.jsm| 142 +++
browser/actors/moz.build | 2 +
browser/base/content/popup-notifications.inc | 14 +++
browser/components/BrowserGlue.jsm | 18
browser/modules/TorStrings.jsm | 48 +
browser/themes/shared/browser.inc.css| 5 +
toolkit/content/license.html | 32 ++
toolkit/modules/Bech32Decode.jsm | 103 +++
toolkit/modules/moz.build| 1 +
10 files changed, 452 insertions(+)
diff --git a/browser/actors/CryptoSafetyChild.jsm
b/browser/actors/CryptoSafetyChild.jsm
new file mode 100644
index ..87ff261d4915
--- /dev/null
+++ b/browser/actors/CryptoSafetyChild.jsm
@@ -0,0 +1,87 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyChild"];
+
+const { Bech32Decode } = ChromeUtils.import(
+ "resource://gre/modules/Bech32Decode.jsm"
+);
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "isCryptoSafetyEnabled",
+ kPrefCryptoSafety,
+ true /* defaults to true */
+);
+
+function looksLikeCryptoAddress(s) {
+ // P2PKH and P2SH addresses
+ // https://stackoverflow.com/a/24205650
+ const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/;
+ if (bitcoinAddr.test(s)) {
+return true;
+ }
+
+ // Bech32 addresses
+ if (Bech32Decode(s) !== null) {
+return true;
+ }
+
+ // regular addresses
+ const etherAddr = /^0x[a-fA-F0-9]{40}$/;
+ if (etherAddr.test(s)) {
+return true;
+ }
+
+ // t-addresses
+ //
https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zcash_tz_address/dzr62p5/
+ const zcashAddr = /^t1[a-zA-Z0-9]{33}$/;
+ if (zcashAddr.test(s)) {
+return true;
+ }
+
+ // Standard, Integrated, and 256-bit Integrated addresses
+ // https://monero.stackexchange.com/a/10627
+ const moneroAddr =
/^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/;
+ if (moneroAddr.test(s)) {
+return true;
+ }
+
+ return false;
+}
+
+class CryptoSafetyChild extends JSWindowActorChild {
+ handleEvent(event) {
+if (isCryptoSafetyEnabled) {
+ // Ignore non-HTTP addresses
+ if (!this.document.documentURIObject.schemeIs("http")) {
+return;
+ }
+ // Ignore onion addresses
+ if (this.document.documentURIObject.host.endsWith(".onion")) {
+return;
+ }
+
+ if (event.type == "copy" || event.type == "cut") {
+this.contentWindow.navigator.clipboard.readText().then(clipText => {
+ const selection = clipText.trim();
+ if (looksLikeCryptoAddress(selection)) {
+this.sendAsyncMessage("CryptoSafety:CopiedText", {
+ selection,
+});
+ }
+});
+ }
+}
+ }
+}
diff --git a/browser/actors/CryptoSafetyParent.jsm
b/browser/actors/CryptoSafetyParent.jsm
new file mode 100644
index ..bac151df5511
--- /dev/null
+++ b/browser/actors/CryptoSafetyParent.jsm
@@ -0,0 +1,142 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyParent"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+ TorStrings: "resource:///modules/TorStrings.jsm",
+});
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "isCryptoSafetyEnabled",
+ kPrefCryptoSafety,
+ true /* defaults to true */
+);
+
+class CryptoSafetyParent extends JSWindowActorParent {
+ getBrowser() {
+return this.browsingContext.top.embedderElement;
+ }
+
+ receiveMessage(aMessage) {
+if (isCryptoSafetyEnabled) {
+ if (aMessage.name == "CryptoSafety:CopiedText") {
+showPopup(this.getBrowser(), aMessage.data.selection);
+ }
+}
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40309: Avoid using regional OS locales
commit 3c44482dab1d29fcbc091306d15bc66c60b48b7d
Author: Alex Catarineu
Date: Wed Jan 27 11:28:05 2021 +0100
Bug 40309: Avoid using regional OS locales
Only use regional OS locales if the pref
`intl.regional_prefs.use_os_locales` is set to true.
---
intl/locale/LocaleService.cpp | 25 -
1 file changed, 25 deletions(-)
diff --git a/intl/locale/LocaleService.cpp b/intl/locale/LocaleService.cpp
index 022d41cab2e2..ac001ee98991 100644
--- a/intl/locale/LocaleService.cpp
+++ b/intl/locale/LocaleService.cpp
@@ -452,31 +452,6 @@
LocaleService::GetRegionalPrefsLocales(nsTArray& aRetVal) {
OSPreferences::GetInstance()->GetRegionalPrefsLocales(aRetVal))) {
return NS_OK;
}
-
-// If we fail to retrieve them, return the app locales.
-GetAppLocalesAsBCP47(aRetVal);
-return NS_OK;
- }
-
- // Otherwise, fetch OS Regional Preferences locales and compare the first one
- // to the app locale. If the language subtag matches, we can safely use
- // the OS Regional Preferences locale.
- //
- // This facilitates scenarios such as Firefox in "en-US" and User sets
- // regional prefs to "en-GB".
- nsAutoCString appLocale;
- AutoTArray regionalPrefsLocales;
- LocaleService::GetInstance()->GetAppLocaleAsBCP47(appLocale);
-
- if (NS_FAILED(OSPreferences::GetInstance()->GetRegionalPrefsLocales(
- regionalPrefsLocales))) {
-GetAppLocalesAsBCP47(aRetVal);
-return NS_OK;
- }
-
- if (LocaleService::LanguagesMatch(appLocale, regionalPrefsLocales[0])) {
-aRetVal = regionalPrefsLocales.Clone();
-return NS_OK;
}
// Otherwise use the app locales.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40475: Include clearing CORS preflight cache
commit a7ccde79fb4838e92b88cfd83ef12a4b7cac1686
Author: Matthew Finkel
Date: Sun Jun 6 20:32:23 2021 +
Bug 40475: Include clearing CORS preflight cache
---
netwerk/protocol/http/nsCORSListenerProxy.cpp | 7 +++
netwerk/protocol/http/nsCORSListenerProxy.h | 1 +
netwerk/protocol/http/nsHttpHandler.cpp | 1 +
3 files changed, 9 insertions(+)
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp
b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index 1de4e2abed4a..9ece2020bc7d 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -358,6 +358,13 @@ void nsCORSListenerProxy::ClearCache() {
sPreflightCache->Clear();
}
+/* static */
+void nsCORSListenerProxy::Clear() {
+ if (sPreflightCache) {
+sPreflightCache->Clear();
+ }
+}
+
nsCORSListenerProxy::nsCORSListenerProxy(nsIStreamListener* aOuter,
nsIPrincipal* aRequestingPrincipal,
bool aWithCredentials)
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.h
b/netwerk/protocol/http/nsCORSListenerProxy.h
index e3f1ff27f1d1..5b858223028f 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.h
+++ b/netwerk/protocol/http/nsCORSListenerProxy.h
@@ -59,6 +59,7 @@ class nsCORSListenerProxy final : public nsIStreamListener,
static void Shutdown();
static void ClearCache();
+ static void Clear();
[[nodiscard]] nsresult Init(nsIChannel* aChannel,
DataURIHandling aAllowDataURI);
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp
b/netwerk/protocol/http/nsHttpHandler.cpp
index 0bb944164652..5925c4598bc1 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -2167,6 +2167,7 @@ nsHttpHandler::Observe(nsISupports* subject, const char*
topic,
if (mAltSvcCache) {
mAltSvcCache->ClearAltServiceMappings();
}
+nsCORSListenerProxy::Clear();
} else if (!strcmp(topic, NS_NETWORK_LINK_TOPIC)) {
nsAutoCString converted = NS_ConvertUTF16toUTF8(data);
if (!strcmp(converted.get(), NS_NETWORK_LINK_DATA_CHANGED)) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40432: Prevent probing installed applications
commit 545223feafff1f3e2db85dc977a8ec3a94b724b5
Author: Matthew Finkel
Date: Mon May 17 18:09:09 2021 +
Bug 40432: Prevent probing installed applications
---
.../exthandler/nsExternalHelperAppService.cpp | 30 ++
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp
b/uriloader/exthandler/nsExternalHelperAppService.cpp
index d7de04694c62..8f035949ed7e 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1068,8 +1068,33 @@ nsresult nsExternalHelperAppService::GetFileTokenForPath(
//
// begin external protocol service default implementation...
//
+
+static const char kExternalProtocolPrefPrefix[] =
+"network.protocol-handler.external.";
+static const char kExternalProtocolDefaultPref[] =
+"network.protocol-handler.external-default";
+
NS_IMETHODIMP nsExternalHelperAppService::ExternalProtocolHandlerExists(
const char* aProtocolScheme, bool* aHandlerExists) {
+
+ // Replicate the same check performed in LoadURI.
+ // Deny load if the prefs say to do so
+ nsAutoCString externalPref(kExternalProtocolPrefPrefix);
+ externalPref += aProtocolScheme;
+ bool allowLoad = false;
+ *aHandlerExists = false;
+ if (NS_FAILED(Preferences::GetBool(externalPref.get(), ))) {
+// no scheme-specific value, check the default
+if (NS_FAILED(
+Preferences::GetBool(kExternalProtocolDefaultPref, ))) {
+ return NS_OK; // missing default pref
+}
+ }
+
+ if (!allowLoad) {
+return NS_OK; // explicitly denied
+ }
+
nsCOMPtr handlerInfo;
nsresult rv = GetProtocolHandlerInfo(nsDependentCString(aProtocolScheme),
getter_AddRefs(handlerInfo));
@@ -1112,11 +1137,6 @@ NS_IMETHODIMP
nsExternalHelperAppService::IsExposedProtocol(
return NS_OK;
}
-static const char kExternalProtocolPrefPrefix[] =
-"network.protocol-handler.external.";
-static const char kExternalProtocolDefaultPref[] =
-"network.protocol-handler.external-default";
-
NS_IMETHODIMP
nsExternalHelperAppService::LoadURI(nsIURI* aURI,
nsIPrincipal* aTriggeringPrincipal,
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware
commit aa15deb879662ae05b779f52aba256ca3e55186e
Author: Alex Catarineu
Date: Wed Nov 4 15:58:22 2020 +0100
Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware
---
.../main/java/org/mozilla/geckoview/WebRequest.java| 18 ++
widget/android/WebExecutorSupport.cpp | 10 ++
2 files changed, 28 insertions(+)
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java
index d1d6e06b7396..4e17bc034edb 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java
@@ -51,6 +51,11 @@ public class WebRequest extends WebMessage {
*/
public final @Nullable String referrer;
+/**
+ * The value of the origin of this request.
+ */
+public final @Nullable String origin;
+
@Retention(RetentionPolicy.SOURCE)
@IntDef({CACHE_MODE_DEFAULT, CACHE_MODE_NO_STORE,
CACHE_MODE_RELOAD, CACHE_MODE_NO_CACHE,
@@ -112,6 +117,7 @@ public class WebRequest extends WebMessage {
method = builder.mMethod;
cacheMode = builder.mCacheMode;
referrer = builder.mReferrer;
+origin = builder.mOrigin;
if (builder.mBody != null) {
body = builder.mBody.asReadOnlyBuffer();
@@ -128,6 +134,7 @@ public class WebRequest extends WebMessage {
/* package */ String mMethod = "GET";
/* package */ int mCacheMode = CACHE_MODE_DEFAULT;
/* package */ String mReferrer;
+/* package */ String mOrigin;
/**
* Construct a Builder instance with the specified URI.
@@ -226,6 +233,17 @@ public class WebRequest extends WebMessage {
return this;
}
+/**
+ * Set the origin URI.
+ *
+ * @param origin A URI String
+ * @return This Builder instance.
+ */
+public @NonNull Builder origin(final @Nullable String origin) {
+mOrigin = origin;
+return this;
+}
+
/**
* @return A {@link WebRequest} constructed with the values from this
Builder instance.
*/
diff --git a/widget/android/WebExecutorSupport.cpp
b/widget/android/WebExecutorSupport.cpp
index 99e7de95a0fb..bbdcc8f36bd6 100644
--- a/widget/android/WebExecutorSupport.cpp
+++ b/widget/android/WebExecutorSupport.cpp
@@ -393,6 +393,16 @@ nsresult WebExecutorSupport::CreateStreamLoader(
MOZ_ASSERT(cookieJarSettings);
nsCOMPtr loadInfo = channel->LoadInfo();
+
+ RefPtr originUri;
+ const auto origin = req->Origin();
+ if (origin) {
+rv = NS_NewURI(getter_AddRefs(originUri), origin->ToString());
+NS_ENSURE_SUCCESS(rv, NS_ERROR_MALFORMED_URI);
+OriginAttributes attrs = loadInfo->GetOriginAttributes();
+attrs.SetFirstPartyDomain(true, originUri);
+loadInfo->SetOriginAttributes(attrs);
+ }
loadInfo->SetCookieJarSettings(cookieJarSettings);
// setup http/https specific things
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40198: Expose privacy.spoof_english pref in GeckoView
commit 7fb0d462ded7b2b47488e0f31d8d1918d1eb0f80
Author: Alex Catarineu
Date: Sun Oct 18 17:06:04 2020 +0200
Bug 40198: Expose privacy.spoof_english pref in GeckoView
---
mobile/android/geckoview/api.txt | 3 ++
.../mozilla/geckoview/GeckoRuntimeSettings.java| 33 ++
2 files changed, 36 insertions(+)
diff --git a/mobile/android/geckoview/api.txt b/mobile/android/geckoview/api.txt
index f9f0c9d14a8a..3335aaffb1fb 100644
--- a/mobile/android/geckoview/api.txt
+++ b/mobile/android/geckoview/api.txt
@@ -737,6 +737,7 @@ package org.mozilla.geckoview {
method public boolean getRemoteDebuggingEnabled();
method @Nullable public GeckoRuntime getRuntime();
method @Nullable public Rect getScreenSizeOverride();
+method public boolean getSpoofEnglish();
method @Nullable public RuntimeTelemetry.Delegate getTelemetryDelegate();
method public int getTorSecurityLevel();
method public boolean getUseMaxScreenDepth();
@@ -759,6 +760,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings
setLoginAutofillEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setPreferredColorScheme(int);
method @NonNull public GeckoRuntimeSettings
setRemoteDebuggingEnabled(boolean);
+method @NonNull public GeckoRuntimeSettings setSpoofEnglish(boolean);
method @NonNull public GeckoRuntimeSettings setTorSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings setWebFontsEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setWebManifestEnabled(boolean);
@@ -799,6 +801,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings.Builder
preferredColorScheme(int);
method @NonNull public GeckoRuntimeSettings.Builder
remoteDebuggingEnabled(boolean);
method @NonNull public GeckoRuntimeSettings.Builder
screenSizeOverride(int, int);
+method @NonNull public GeckoRuntimeSettings.Builder spoofEnglish(boolean);
method @NonNull public GeckoRuntimeSettings.Builder
telemetryDelegate(@NonNull RuntimeTelemetry.Delegate);
method @NonNull public GeckoRuntimeSettings.Builder torSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings.Builder
useMaxScreenDepth(boolean);
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
index d88e296d554a..5b54447cb6e6 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
@@ -483,6 +483,17 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
getSettings().mTorSecurityLevel.set(level);
return this;
}
+
+/**
+ * Sets whether we should spoof locale to English for webpages.
+ *
+ * @param flag True if we should spoof locale to English for webpages,
false otherwise.
+ * @return This Builder instance.
+ */
+public @NonNull Builder spoofEnglish(final boolean flag) {
+getSettings().mSpoofEnglish.set(flag ? 2 : 1);
+return this;
+}
}
private GeckoRuntime mRuntime;
@@ -541,6 +552,8 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
"dom.ipc.processCount", 2);
/* package */ final Pref mTorSecurityLevel = new Pref<>(
"extensions.torbutton.security_slider", 4);
+/* package */ final Pref mSpoofEnglish = new Pref<>(
+"privacy.spoof_english", 0);
/* package */ int mPreferredColorScheme = COLOR_SCHEME_SYSTEM;
@@ -1319,6 +1332,26 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
return this;
}
+/**
+ * Get whether we should spoof locale to English for webpages.
+ *
+ * @return Whether we should spoof locale to English for webpages.
+ */
+public boolean getSpoofEnglish() {
+return mSpoofEnglish.get() == 2;
+}
+
+/**
+ * Set whether we should spoof locale to English for webpages.
+ *
+ * @param flag A flag determining whether we should locale to English for
webpages.
+ * @return This GeckoRuntimeSettings instance.
+ */
+public @NonNull GeckoRuntimeSettings setSpoofEnglish(final boolean flag) {
+mSpoofEnglish.commit(flag ? 2 : 1);
+return this;
+}
+
@Override // Parcelable
public void writeToParcel(final Parcel out, final int flags) {
super.writeToParcel(out, flags);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40125: Expose Security Level pref in GeckoView
commit bfccd1d675d8a89b3a29536319e0c255c162c381
Author: Matthew Finkel
Date: Mon Sep 14 02:52:28 2020 +
Bug 40125: Expose Security Level pref in GeckoView
---
mobile/android/geckoview/api.txt | 3 ++
.../mozilla/geckoview/GeckoRuntimeSettings.java| 33 ++
2 files changed, 36 insertions(+)
diff --git a/mobile/android/geckoview/api.txt b/mobile/android/geckoview/api.txt
index 5a04541ae57f..f9f0c9d14a8a 100644
--- a/mobile/android/geckoview/api.txt
+++ b/mobile/android/geckoview/api.txt
@@ -738,6 +738,7 @@ package org.mozilla.geckoview {
method @Nullable public GeckoRuntime getRuntime();
method @Nullable public Rect getScreenSizeOverride();
method @Nullable public RuntimeTelemetry.Delegate getTelemetryDelegate();
+method public int getTorSecurityLevel();
method public boolean getUseMaxScreenDepth();
method public boolean getWebFontsEnabled();
method public boolean getWebManifestEnabled();
@@ -758,6 +759,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings
setLoginAutofillEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setPreferredColorScheme(int);
method @NonNull public GeckoRuntimeSettings
setRemoteDebuggingEnabled(boolean);
+method @NonNull public GeckoRuntimeSettings setTorSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings setWebFontsEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setWebManifestEnabled(boolean);
field public static final int ALLOW_ALL = 0;
@@ -798,6 +800,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings.Builder
remoteDebuggingEnabled(boolean);
method @NonNull public GeckoRuntimeSettings.Builder
screenSizeOverride(int, int);
method @NonNull public GeckoRuntimeSettings.Builder
telemetryDelegate(@NonNull RuntimeTelemetry.Delegate);
+method @NonNull public GeckoRuntimeSettings.Builder torSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings.Builder
useMaxScreenDepth(boolean);
method @NonNull public GeckoRuntimeSettings.Builder
webFontsEnabled(boolean);
method @NonNull public GeckoRuntimeSettings.Builder webManifest(boolean);
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
index 5de0b00f7a0c..c573ee7688f3 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
@@ -472,6 +472,17 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
getSettings().setAllowInsecureConnections(level);
return this;
}
+
+/**
+ * Set security level.
+ *
+ * @param level A value determining the security level. Default is 0.
+ * @return This Builder instance.
+ */
+public @NonNull Builder torSecurityLevel(final int level) {
+getSettings().mTorSecurityLevel.set(level);
+return this;
+}
}
private GeckoRuntime mRuntime;
@@ -528,6 +539,8 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
"dom.security.https_only_mode_pbm", false);
/* package */ final Pref mProcessCount = new Pref<>(
"dom.ipc.processCount", 2);
+/* package */ final Pref mTorSecurityLevel = new Pref<>(
+"extensions.torbutton.security_slider", 4);
/* package */ int mPreferredColorScheme = COLOR_SCHEME_SYSTEM;
@@ -1280,6 +1293,26 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
return this;
}
+/**
+ * Gets the current security level.
+ *
+ * @return current security protection level
+ */
+public int getTorSecurityLevel() {
+return mTorSecurityLevel.get();
+}
+
+/**
+ * Sets the Tor Security Level.
+ *
+ * @param level security protection level
+ * @return This GeckoRuntimeSettings instance.
+ */
+public @NonNull GeckoRuntimeSettings setTorSecurityLevel(final int level) {
+mTorSecurityLevel.commit(level);
+return this;
+}
+
@Override // Parcelable
public void writeToParcel(final Parcel out, final int flags) {
super.writeToParcel(out, flags);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
commit 12b99899620b49a77c5c5fdd217fd8aada2a9689
Author: Alex Catarineu
Date: Fri Oct 9 12:55:35 2020 +0200
Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
browser/app/profile/000-tor-browser.js | 3 +++
browser/components/BrowserGlue.jsm | 14 ++
2 files changed, 17 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index 4cecf703dd8f..0952a3ad5cfc 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -323,6 +323,9 @@ pref("security.enterprise_roots.enabled", false);
// Don't ping Mozilla for MitM detection, see bug 32321
pref("security.certerrors.mitm.priming.enabled", false);
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
// Disable the language pack signing check for now on macOS, see #31942
#ifdef XP_MACOSX
pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm
b/browser/components/BrowserGlue.jsm
index d7acae6d8f9d..f486d234b695 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1365,6 +1365,20 @@ BrowserGlue.prototype = {
// handle any UI migration
this._migrateUI();
+// Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+if (
+ !Services.prefs.getBoolPref(
+"security.certerrors.mitm.auto_enable_enterprise_roots"
+ ) &&
+ Services.prefs.getBoolPref(
+"security.enterprise_roots.auto-enabled",
+false
+ )
+) {
+ Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+ Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+}
+
if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
PdfJs.checkIsDefault(this._isNewProfile);
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 30605: Honor privacy.spoof_english in Android
commit 7a058cbb26212faedc300b2ad2f9e439f6fed744
Author: Alex Catarineu
Date: Fri Oct 16 10:45:17 2020 +0200
Bug 30605: Honor privacy.spoof_english in Android
This checks `privacy.spoof_english` whenever `setLocales` is
called from Fenix side and sets `intl.accept_languages`
accordingly.
---
mobile/android/components/geckoview/GeckoViewStartup.jsm | 5 +
1 file changed, 5 insertions(+)
diff --git a/mobile/android/components/geckoview/GeckoViewStartup.jsm
b/mobile/android/components/geckoview/GeckoViewStartup.jsm
index 055c3da638e1..2bf394f2cb3b 100644
--- a/mobile/android/components/geckoview/GeckoViewStartup.jsm
+++ b/mobile/android/components/geckoview/GeckoViewStartup.jsm
@@ -17,6 +17,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
EventDispatcher: "resource://gre/modules/Messaging.jsm",
Preferences: "resource://gre/modules/Preferences.jsm",
Services: "resource://gre/modules/Services.jsm",
+ RFPHelper: "resource://gre/modules/RFPHelper.jsm",
});
const { debug, warn } = GeckoViewUtils.initLogging("Startup");
@@ -255,6 +256,10 @@ class GeckoViewStartup {
if (aData.requestedLocales) {
Services.locale.requestedLocales = aData.requestedLocales;
}
+RFPHelper._handleSpoofEnglishChanged();
+if (Services.prefs.getIntPref("privacy.spoof_english", 0) === 2) {
+ break;
+}
const pls = Cc["@mozilla.org/pref-localizedstring;1"].createInstance(
Ci.nsIPrefLocalizedString
);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40002: Remove about:ion
commit 49b91031ad20fff106486fd816d8a863ef385f28
Author: Kathy Brade
Date: Fri Aug 14 09:06:33 2020 -0400
Bug 40002: Remove about:ion
Firefox Ion (previously Firefox Pioneer) is an opt-in program in which
people
volunteer to participate in studies that collect detailed, sensitive data
about
how they use their browser.
---
browser/components/about/AboutRedirector.cpp | 2 --
browser/components/about/components.conf | 1 -
2 files changed, 3 deletions(-)
diff --git a/browser/components/about/AboutRedirector.cpp
b/browser/components/about/AboutRedirector.cpp
index e6cf3fe0ef9f..323c1b6fb653 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -122,8 +122,6 @@ static const RedirEntry kRedirMap[] = {
nsIAboutModule::HIDE_FROM_ABOUTABOUT},
{"restartrequired", "chrome://browser/content/aboutRestartRequired.xhtml",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
-{"ion", "chrome://browser/content/ion.html",
- nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
#ifdef TOR_BROWSER_UPDATE
{"tbupdate", "chrome://browser/content/abouttbupdate/aboutTBUpdate.xhtml",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
diff --git a/browser/components/about/components.conf
b/browser/components/about/components.conf
index faf6107d6fa6..67f178ee23ff 100644
--- a/browser/components/about/components.conf
+++ b/browser/components/about/components.conf
@@ -13,7 +13,6 @@ pages = [
'logins',
'loginsimportreport',
'newtab',
-'ion',
'pocket-home',
'pocket-saved',
'pocket-signup',
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop
commit a4213c8e5c5b7b6506dbbe1104ab5fc6b5ee5627
Author: Alex Catarineu
Date: Fri Sep 4 12:34:35 2020 +0200
Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop
This loads HTTPS Everywhere as a builtin addon from a hardcoded
resource:// URI in desktop. It also ensures that the non-builtin
HTTPS Everywhere addon is always uninstalled on browser startup.
The reason of making this desktop-only is that there are some issues
when installing a builtin extension from geckoview side, making
the extension not available on first startup. So, at least for
now we handle the Fenix case separately. See #40118 for a followup
for investigating these.
---
browser/components/BrowserGlue.jsm | 37 ++
toolkit/components/extensions/Extension.jsm| 10 --
.../mozapps/extensions/internal/XPIProvider.jsm| 13
3 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm
b/browser/components/BrowserGlue.jsm
index 04b51b1c2cc1..d7acae6d8f9d 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -45,6 +45,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
DownloadsViewableInternally:
"resource:///modules/DownloadsViewableInternally.jsm",
E10SUtils: "resource://gre/modules/E10SUtils.jsm",
+ ExtensionData: "resource://gre/modules/Extension.jsm",
ExtensionsUI: "resource:///modules/ExtensionsUI.jsm",
FeatureGate: "resource://featuregates/FeatureGate.jsm",
FxAccounts: "resource://gre/modules/FxAccounts.jsm",
@@ -120,6 +121,13 @@ XPCOMUtils.defineLazyServiceGetters(this, {
PushService: ["@mozilla.org/push/Service;1", "nsIPushService"],
});
+XPCOMUtils.defineLazyServiceGetters(this, {
+ resProto: [
+"@mozilla.org/network/protocol;1?name=resource",
+"nsISubstitutingProtocolHandler",
+ ],
+});
+
const PREF_PDFJS_ISDEFAULT_CACHE_STATE = "pdfjs.enabledCache.state";
/**
@@ -1382,6 +1390,35 @@ BrowserGlue.prototype = {
"resource://builtin-themes/alpenglow/"
);
+// Install https-everywhere builtin addon if needed.
+(async () => {
+ const HTTPS_EVERYWHERE_ID = "https-everywhere-...@eff.org";
+ const HTTPS_EVERYWHERE_BUILTIN_URL =
+"resource://torbutton/content/extensions/https-everywhere/";
+ // This does something similar as GeckoViewWebExtension.jsm: it tries
+ // to load the manifest to retrieve the version of the builtin and
+ // compares it to the currently installed one to see whether we need
+ // to install or not. Here we delegate that to
+ // AddonManager.maybeInstallBuiltinAddon.
+ try {
+const resolvedURI = Services.io.newURI(
+ resProto.resolveURI(Services.io.newURI(HTTPS_EVERYWHERE_BUILTIN_URL))
+);
+const extensionData = new ExtensionData(resolvedURI);
+const manifest = await extensionData.loadManifest();
+
+await AddonManager.maybeInstallBuiltinAddon(
+ HTTPS_EVERYWHERE_ID,
+ manifest.version,
+ HTTPS_EVERYWHERE_BUILTIN_URL
+);
+ } catch (e) {
+const log = Log.repository.getLogger("HttpsEverywhereBuiltinLoader");
+log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));
+log.error("Could not install https-everywhere extension", e);
+ }
+})();
+
if (AppConstants.MOZ_NORMANDY) {
Normandy.init();
}
diff --git a/toolkit/components/extensions/Extension.jsm
b/toolkit/components/extensions/Extension.jsm
index 618647af9150..69833684ca53 100644
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -267,6 +267,7 @@ const LOGGER_ID_BASE = "addons.webextension.";
const UUID_MAP_PREF = "extensions.webextensions.uuids";
const LEAVE_STORAGE_PREF = "extensions.webextensions.keepStorageOnUninstall";
const LEAVE_UUID_PREF = "extensions.webextensions.keepUuidOnUninstall";
+const PERSISTENT_EXTENSIONS = new Set(["https-everywhere-...@eff.org"]);
const COMMENT_REGEXP = new RegExp(
String.raw`
@@ -413,7 +414,8 @@ var ExtensionAddonObserver = {
);
}
-if (!Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false)) {
+if (!Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false) &&
+ !PERSISTENT_EXTENSIONS.has(addon.id)) {
// Clear browser.storage.local backends.
AsyncShutdown.profileChangeTeardown.addBlocker(
`Clear Extension Storage ${addon.id} (File Backend)`,
@@ -461,7 +463,8 @@ var ExtensionAddonObserver = {
ExtensionPermissions.removeAll(addon.id);
-if (!Services.prefs.getBoolPref(LEAVE_UUID_PREF, false)) {
+if (!Services.prefs.getBoolPref(LEAVE_UUID_PREF, false) &&
+ !PERSISTENT_EXTENSIONS.has(addon.id)) {
// Clear the entry in the UUID map
UUIDMap.remove(addon.id);
}
@@ -2696,7 +2699,8 @@ class Extension extends ExtensionData {
);
} else if (
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40199: Avoid using system locale for intl.accept_languages in GeckoView
commit 8e32673a023bc02d8d9f096f3e1acfec1e14fea5
Author: Alex Catarineu
Date: Tue Oct 20 17:44:36 2020 +0200
Bug 40199: Avoid using system locale for intl.accept_languages in GeckoView
---
.../mozilla/geckoview/GeckoRuntimeSettings.java| 28 +-
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
index c573ee7688f3..d88e296d554a 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
@@ -821,19 +821,25 @@ public final class GeckoRuntimeSettings extends
RuntimeSettings {
private String computeAcceptLanguages() {
final ArrayList locales = new ArrayList();
-// Explicitly-set app prefs come first:
-if (mRequestedLocales != null) {
-for (final String locale : mRequestedLocales) {
-locales.add(locale.toLowerCase(Locale.ROOT));
-}
-}
-// OS prefs come second:
-for (final String locale : getDefaultLocales()) {
-final String localeLowerCase = locale.toLowerCase(Locale.ROOT);
-if (!locales.contains(localeLowerCase)) {
-locales.add(localeLowerCase);
+// In Desktop, these are defined in the `intl.accept_languages`
localized property.
+// At some point we should probably use the same values here, but for
now we use a simple
+// strategy which will hopefully result in reasonable acceptLanguage
values.
+if (mRequestedLocales != null && mRequestedLocales.length > 0) {
+String locale = mRequestedLocales[0].toLowerCase(Locale.ROOT);
+// No need to include `en-us` twice.
+if (!locale.equals("en-us")) {
+locales.add(locale);
+if (locale.contains("-")) {
+String lang = locale.split("-")[0];
+// No need to include `en` twice.
+if (!lang.equals("en")) {
+locales.add(lang);
+}
+}
}
}
+locales.add("en-us");
+locales.add("en");
return TextUtils.join(",", locales);
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40025: Remove Mozilla add-on install permissions
commit b6a0dc9a91c350c7c811cf2ab82eb6d2f73ff9ec Author: Alex Catarineu Date: Mon Jul 27 18:12:55 2020 +0200 Bug 40025: Remove Mozilla add-on install permissions --- browser/app/permissions | 5 - 1 file changed, 5 deletions(-) diff --git a/browser/app/permissions b/browser/app/permissions index b75b839e366b..d8439d49346b 100644 --- a/browser/app/permissions +++ b/browser/app/permissions @@ -12,11 +12,6 @@ origin uitour 1 https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ origin uitour 1 about:tor -# XPInstall -origin install 1 https://addons.mozilla.org - # Remote troubleshooting origin remote-troubleshooting 1 https://support.mozilla.org -# addon install -origin install 1 https://fpn.firefox.com ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 32418: Allow updates to be disabled via an enterprise policy.
commit b32ecec21d0b34e18244088653081ed550797a71
Author: Kathy Brade
Date: Thu Apr 16 17:07:09 2020 -0400
Bug 32418: Allow updates to be disabled via an enterprise policy.
Restrict the Enterprise Policies mechanism to only consult a
policies.json file (avoiding the Windows Registry and macOS's
file system attributes).
Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.
Sample content for distribution/policies.json:
{
"policies": {
"DisableAppUpdate": true
}
}
On Linux, avoid reading policies from /etc/firefox/policies/policies.json
---
.../enterprisepolicies/EnterprisePoliciesParent.jsm| 14 --
toolkit/components/enterprisepolicies/moz.build| 3 +++
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
index f5de14798de1..9c702ea3fde8 100644
--- a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
+++ b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
@@ -4,6 +4,10 @@
var EXPORTED_SYMBOLS = ["EnterprisePoliciesManager"];
+// To ensure that policies intended for Firefox or another browser will not
+// be used, Tor Browser only looks for policies in ${InstallDir}/distribution
+#define AVOID_SYSTEM_POLICIES MOZ_PROXY_BYPASS_PROTECTION
+
const { XPCOMUtils } = ChromeUtils.import(
"resource://gre/modules/XPCOMUtils.jsm"
);
@@ -13,9 +17,11 @@ const { AppConstants } = ChromeUtils.import(
);
XPCOMUtils.defineLazyModuleGetters(this, {
+#ifndef AVOID_SYSTEM_POLICIES
WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",
macOSPoliciesParser:
"resource://gre/modules/policies/macOSPoliciesParser.jsm",
+#endif
Policies: "resource:///modules/policies/Policies.jsm",
JsonSchemaValidator:
"resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -140,11 +146,13 @@ EnterprisePoliciesManager.prototype = {
_chooseProvider() {
let platformProvider = null;
+#ifndef AVOID_SYSTEM_POLICIES
if (AppConstants.platform == "win") {
platformProvider = new WindowsGPOPoliciesProvider();
} else if (AppConstants.platform == "macosx") {
platformProvider = new macOSPoliciesProvider();
}
+#endif
let jsonProvider = new JSONPoliciesProvider();
if (platformProvider && platformProvider.hasPolicies) {
if (jsonProvider.hasPolicies) {
@@ -491,7 +499,7 @@ class JSONPoliciesProvider {
_getConfigurationFile() {
let configFile = null;
-
+#ifndef AVOID_SYSTEM_POLICIES
if (AppConstants.platform == "linux") {
let systemConfigFile = Cc["@mozilla.org/file/local;1"].createInstance(
Ci.nsIFile
@@ -504,7 +512,7 @@ class JSONPoliciesProvider {
return systemConfigFile;
}
}
-
+#endif
try {
let perUserPath = Services.prefs.getBoolPref(PREF_PER_USER_DIR, false);
if (perUserPath) {
@@ -585,6 +593,7 @@ class JSONPoliciesProvider {
}
}
+#ifndef AVOID_SYSTEM_POLICIES
class WindowsGPOPoliciesProvider {
constructor() {
this._policies = null;
@@ -686,3 +695,4 @@ class CombinedProvider {
return false;
}
}
+#endif
diff --git a/toolkit/components/enterprisepolicies/moz.build
b/toolkit/components/enterprisepolicies/moz.build
index 09d2046e1bd7..3f685d3fbbd6 100644
--- a/toolkit/components/enterprisepolicies/moz.build
+++ b/toolkit/components/enterprisepolicies/moz.build
@@ -19,6 +19,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android":
EXTRA_JS_MODULES += [
"EnterprisePolicies.jsm",
"EnterprisePoliciesContent.jsm",
+]
+
+EXTRA_PP_JS_MODULES += [
"EnterprisePoliciesParent.jsm",
]
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc.
commit b75517c9122633d83276eecfc452f30568f1e420
Author: Kathy Brade
Date: Tue Jul 14 11:15:07 2020 -0400
Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc.
Hide elements on about:logins that mention sync, "Firefox LockWise", and
Mozilla's LockWise mobile apps.
Disable the "Create New Login" button when security.nocertdb is true.
---
browser/components/aboutlogins/AboutLoginsParent.jsm | 2 ++
browser/components/aboutlogins/content/aboutLogins.css | 8 +++-
browser/components/aboutlogins/content/aboutLogins.js | 6 ++
.../aboutlogins/content/components/fxaccounts-button.css | 5 +
.../components/aboutlogins/content/components/menu-button.css | 10 ++
5 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/browser/components/aboutlogins/AboutLoginsParent.jsm
b/browser/components/aboutlogins/AboutLoginsParent.jsm
index db0b55d26abc..39fd2356ce99 100644
--- a/browser/components/aboutlogins/AboutLoginsParent.jsm
+++ b/browser/components/aboutlogins/AboutLoginsParent.jsm
@@ -61,6 +61,7 @@ XPCOMUtils.defineLazyGetter(this, "AboutLoginsL10n", () => {
const ABOUT_LOGINS_ORIGIN = "about:logins";
const MASTER_PASSWORD_NOTIFICATION_ID = "master-password-login-required";
+const NOCERTDB_PREF = "security.nocertdb";
// about:logins will always use the privileged content process,
// even if it is disabled for other consumers such as about:newtab.
@@ -273,6 +274,7 @@ class AboutLoginsParent extends JSWindowActorParent {
importVisible:
Services.policies.isAllowed("profileImport") &&
AppConstants.platform != "linux",
+canCreateLogins: !Services.prefs.getBoolPref(NOCERTDB_PREF, false),
});
await AboutLogins._sendAllLoginRelatedObjects(
diff --git a/browser/components/aboutlogins/content/aboutLogins.css
b/browser/components/aboutlogins/content/aboutLogins.css
index e3528ca49b84..eaa224178487 100644
--- a/browser/components/aboutlogins/content/aboutLogins.css
+++ b/browser/components/aboutlogins/content/aboutLogins.css
@@ -69,6 +69,11 @@ login-item {
grid-area: login;
}
+/* Do not promote Mozilla Sync in Tor Browser. */
+login-intro {
+ display: none !important;
+}
+
#branding-logo {
flex-basis: var(--sidebar-width);
flex-shrink: 0;
@@ -83,7 +88,8 @@ login-item {
}
}
-:root:not(.official-branding) #branding-logo {
+/* Hide "Firefox LockWise" branding in Tor Browser. */
+#branding-logo {
visibility: hidden;
}
diff --git a/browser/components/aboutlogins/content/aboutLogins.js
b/browser/components/aboutlogins/content/aboutLogins.js
index 494ef5c7a15b..27ff0295f2f6 100644
--- a/browser/components/aboutlogins/content/aboutLogins.js
+++ b/browser/components/aboutlogins/content/aboutLogins.js
@@ -22,6 +22,9 @@ const gElements = {
".menuitem-remove-all-logins"
);
},
+ get createNewLoginButton() {
+return this.loginList.shadowRoot.querySelector(".create-login-button");
+ },
};
let numberOfLogins = 0;
@@ -128,6 +131,9 @@ window.addEventListener("AboutLoginsChromeToContent", event
=> {
gElements.loginList.setSortDirection(event.detail.value.selectedSort);
document.documentElement.classList.add("initialized");
gElements.loginList.classList.add("initialized");
+ if (!event.detail.value.canCreateLogins) {
+gElements.createNewLoginButton.disabled = true;
+ }
break;
}
case "ShowLoginItemError": {
diff --git
a/browser/components/aboutlogins/content/components/fxaccounts-button.css
b/browser/components/aboutlogins/content/components/fxaccounts-button.css
index c8925f6fc75d..55c2a8810fa1 100644
--- a/browser/components/aboutlogins/content/components/fxaccounts-button.css
+++ b/browser/components/aboutlogins/content/components/fxaccounts-button.css
@@ -8,6 +8,11 @@
align-items: center;
}
+/* Do not promote Mozilla Sync in Tor Browser. */
+.logged-out-view {
+ display: none !important;
+}
+
.fxaccounts-extra-text {
/* Only show at most 3 lines of text to limit the
text from overflowing the header. */
diff --git a/browser/components/aboutlogins/content/components/menu-button.css
b/browser/components/aboutlogins/content/components/menu-button.css
index 99ca6a711093..24cdb48773f9 100644
--- a/browser/components/aboutlogins/content/components/menu-button.css
+++ b/browser/components/aboutlogins/content/components/menu-button.css
@@ -92,3 +92,13 @@
.menuitem-preferences {
background-image: url("chrome://global/skin/icons/settings.svg");
}
+
+/*
+ * Do not promote LockWise mobile apps in Tor Browser: hide the menu items
+ * and the separator line that precedes them.
+ */
+.menuitem-mobile-android,
+.menuitem-mobile-ios,
+button[data-event-name="AboutLoginsGetHelp"] + hr {
+ display: none !important;
+}
___
tor-commits mailing list
tor-commits@lists.torproject.org
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40073: Disable remote Public Suffix List fetching
commit dff21d7c4f8986d96f292c00de3a6af5af680b42
Author: Alex Catarineu
Date: Thu Aug 13 11:05:03 2020 +0200
Bug 40073: Disable remote Public Suffix List fetching
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
fetching the Public Suffix List via RemoteSettings and replacing the default
one at runtime, which we do not want.
---
browser/components/BrowserGlue.jsm | 5 -
1 file changed, 5 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm
b/browser/components/BrowserGlue.jsm
index 3fc7e912ff0c..04b51b1c2cc1 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -70,7 +70,6 @@ XPCOMUtils.defineLazyModuleGetters(this, {
PluralForm: "resource://gre/modules/PluralForm.jsm",
PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.jsm",
ProcessHangMonitor: "resource:///modules/ProcessHangMonitor.jsm",
- PublicSuffixList: "resource://gre/modules/netwerk-dns/PublicSuffixList.jsm",
RemoteSettings: "resource://services-settings/remote-settings.js",
RemoteSecuritySettings:
"resource://gre/modules/psm/RemoteSecuritySettings.jsm",
@@ -2665,10 +2664,6 @@ BrowserGlue.prototype = {
this._addBreachesSyncHandler();
},
- () => {
-PublicSuffixList.init();
- },
-
() => {
RemoteSecuritySettings.init();
},
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 28005: Implement .onion alias urlbar rewrites
commit 642fe73b373d449d72879f5d6b49a55dac9e2d51
Author: Alex Catarineu
Date: Thu Feb 13 13:24:33 2020 +0100
Bug 28005: Implement .onion alias urlbar rewrites
A custom HTTPS Everywhere update channel is installed,
which provides rules for locally redirecting some memorable
.tor.onion URLs to non-memorable .onion URLs.
When these redirects occur, we also rewrite the URL in the urlbar
to display the human-memorable hostname instead of the actual
.onion.
Bug 34196: Update site info URL with the onion name
Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel
Bug 40478: Onion alias url rewrite is broken
---
browser/actors/ClickHandlerChild.jsm | 20 ++
browser/actors/ClickHandlerParent.jsm | 1 +
browser/actors/ContextMenuChild.jsm| 4 +
browser/base/content/browser-places.js | 12 +-
browser/base/content/browser-siteIdentity.js | 12 +-
browser/base/content/browser.js| 43 -
browser/base/content/nsContextMenu.js | 18 ++
browser/base/content/pageinfo/pageInfo.js | 2 +-
browser/base/content/pageinfo/pageInfo.xhtml | 10 +
browser/base/content/pageinfo/security.js | 17 +-
browser/base/content/tabbrowser.js | 7 +
browser/base/content/utilityOverlay.js | 12 ++
browser/components/BrowserGlue.jsm | 8 +
.../onionservices/ExtensionMessaging.jsm | 77
.../onionservices/HttpsEverywhereControl.jsm | 147 +++
.../components/onionservices/OnionAliasStore.jsm | 201 +
browser/components/onionservices/moz.build | 6 +
browser/components/urlbar/UrlbarInput.jsm | 13 +-
docshell/base/nsDocShell.cpp | 52 ++
docshell/base/nsDocShell.h | 6 +
docshell/base/nsDocShellLoadState.cpp | 4 +
docshell/base/nsIDocShell.idl | 5 +
docshell/base/nsIWebNavigation.idl | 5 +
docshell/shistory/SessionHistoryEntry.cpp | 14 ++
docshell/shistory/SessionHistoryEntry.h| 1 +
docshell/shistory/nsISHEntry.idl | 5 +
docshell/shistory/nsSHEntry.cpp| 22 ++-
docshell/shistory/nsSHEntry.h | 1 +
dom/interfaces/base/nsIBrowser.idl | 3 +-
dom/ipc/BrowserChild.cpp | 2 +
dom/ipc/BrowserParent.cpp | 3 +-
dom/ipc/PBrowser.ipdl | 1 +
modules/libpref/init/StaticPrefList.yaml | 6 +
netwerk/dns/effective_tld_names.dat| 2 +
netwerk/ipc/DocumentLoadListener.cpp | 10 +
toolkit/content/widgets/browser-custom-element.js | 13 +-
toolkit/modules/sessionstore/SessionHistory.jsm| 5 +
xpcom/reflect/xptinfo/xptinfo.h| 3 +-
38 files changed, 750 insertions(+), 23 deletions(-)
diff --git a/browser/actors/ClickHandlerChild.jsm
b/browser/actors/ClickHandlerChild.jsm
index 4f5c2b0b7ea1..3ba2f11bf362 100644
--- a/browser/actors/ClickHandlerChild.jsm
+++ b/browser/actors/ClickHandlerChild.jsm
@@ -114,6 +114,26 @@ class ClickHandlerChild extends JSWindowActorChild {
json.originStoragePrincipal = ownerDoc.effectiveStoragePrincipal;
json.triggeringPrincipal = ownerDoc.nodePrincipal;
+ // Check if the link needs to be opened with .tor.onion urlbar rewrites
+ // allowed. Only when the owner doc has onionUrlbarRewritesAllowed = true
+ // and the same origin we should allow this.
+ json.onionUrlbarRewritesAllowed = false;
+ if (this.docShell.onionUrlbarRewritesAllowed) {
+const sm = Services.scriptSecurityManager;
+try {
+ let targetURI = Services.io.newURI(href);
+ let isPrivateWin =
+ownerDoc.nodePrincipal.originAttributes.privateBrowsingId > 0;
+ sm.checkSameOriginURI(
+docshell.currentDocumentChannel.URI,
+targetURI,
+false,
+isPrivateWin
+ );
+ json.onionUrlbarRewritesAllowed = true;
+} catch (e) {}
+ }
+
// If a link element is clicked with middle button, user wants to open
// the link somewhere rather than pasting clipboard content. Therefore,
// when it's clicked with middle button, we should prevent multiple
diff --git a/browser/actors/ClickHandlerParent.jsm
b/browser/actors/ClickHandlerParent.jsm
index 0f658fccf7b8..ad8f6c2a27e2 100644
--- a/browser/actors/ClickHandlerParent.jsm
+++ b/browser/actors/ClickHandlerParent.jsm
@@ -98,6 +98,7 @@ class ClickHandlerParent extends JSWindowActorParent {
let params = {
charset: browser.characterSet,
referrerInfo: E10SUtils.deserializeReferrerInfo(data.referrerInfo),
+ onionUrlbarRewritesAllowed:
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 21952: Implement Onion-Location
commit 33e14475fc9a7805c63e07bebd930e90606e36cd
Author: Alex Catarineu
Date: Thu Mar 5 22:16:39 2020 +0100
Bug 21952: Implement Onion-Location
Whenever a valid Onion-Location HTTP header (or corresponding HTML
http-equiv attribute) is found in a document load, we either
redirect to it (if the user opted-in via preference) or notify the
presence of an onionsite alternative with a badge in the urlbar.
---
browser/base/content/browser.js| 12 ++
browser/base/content/navigator-toolbox.inc.xhtml | 3 +
browser/components/BrowserGlue.jsm | 13 ++
.../onionservices/OnionLocationChild.jsm | 39 +
.../onionservices/OnionLocationParent.jsm | 168 +
.../content/onionlocation-notification-icons.css | 5 +
.../onionservices/content/onionlocation-urlbar.css | 60
.../content/onionlocation-urlbar.inc.xhtml | 10 ++
.../onionservices/content/onionlocation.svg| 3 +
.../content/onionlocationPreferences.inc.xhtml | 11 ++
.../content/onionlocationPreferences.js| 31
browser/components/onionservices/jar.mn| 2 +
browser/components/onionservices/moz.build | 2 +
browser/components/preferences/privacy.inc.xhtml | 2 +
browser/components/preferences/privacy.js | 17 +++
browser/themes/shared/notification-icons.inc.css | 2 +
browser/themes/shared/urlbar-searchbar.inc.css | 2 +
dom/base/Document.cpp | 34 -
dom/base/Document.h| 2 +
dom/webidl/Document.webidl | 8 +
modules/libpref/init/StaticPrefList.yaml | 5 +
xpcom/ds/StaticAtoms.py| 1 +
22 files changed, 431 insertions(+), 1 deletion(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index b934e112eb23..090de22cb294 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -49,6 +49,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
NetUtil: "resource://gre/modules/NetUtil.jsm",
NewTabUtils: "resource://gre/modules/NewTabUtils.jsm",
OpenInTabsUtils: "resource:///modules/OpenInTabsUtils.jsm",
+ OnionLocationParent: "resource:///modules/OnionLocationParent.jsm",
PageActions: "resource:///modules/PageActions.jsm",
PageThumbs: "resource://gre/modules/PageThumbs.jsm",
PanelMultiView: "resource:///modules/PanelMultiView.jsm",
@@ -5304,6 +5305,7 @@ var XULBrowserWindow = {
CFRPageActions.updatePageActions(gBrowser.selectedBrowser);
AboutReaderParent.updateReaderButton(gBrowser.selectedBrowser);
+OnionLocationParent.updateOnionLocationBadge(gBrowser.selectedBrowser);
if (!gMultiProcessBrowser) {
// Bug 1108553 - Cannot rotate images with e10s
@@ -5794,6 +5796,16 @@ var CombinedStopReload = {
var TabsProgressListener = {
onStateChange(aBrowser, aWebProgress, aRequest, aStateFlags, aStatus) {
+// Clear OnionLocation UI
+if (
+ aStateFlags & Ci.nsIWebProgressListener.STATE_START &&
+ aStateFlags & Ci.nsIWebProgressListener.STATE_IS_NETWORK &&
+ aRequest &&
+ aWebProgress.isTopLevel
+) {
+ OnionLocationParent.onStateChange(aBrowser);
+}
+
// Collect telemetry data about tab load times.
if (
aWebProgress.isTopLevel &&
diff --git a/browser/base/content/navigator-toolbox.inc.xhtml
b/browser/base/content/navigator-toolbox.inc.xhtml
index 7a2715e9e604..1aad36ab3bfc 100644
--- a/browser/base/content/navigator-toolbox.inc.xhtml
+++ b/browser/base/content/navigator-toolbox.inc.xhtml
@@ -358,6 +358,9 @@
onclick="FullZoom.reset(); FullZoom.resetScalingZoom();"
tooltip="dynamic-shortcut-tooltip"
hidden="true"/>
+
+#include ../../components/onionservices/content/onionlocation-urlbar.inc.xhtml
+
{},
+};
+
+const options = {
+ autofocus: true,
+ persistent: true,
+ removeOnDismissal: false,
+ eventCallback(aTopic) {
+if (aTopic === "removed") {
+ delete browser._onionLocationPrompt;
+ delete browser.onionpopupnotificationanchor;
+}
+ },
+ learnMoreURL: NOTIFICATION_LEARN_MORE_URL,
+ displayURI: {
+hostPort: NOTIFICATION_TITLE, // This is hacky, but allows us to have
a title without extra markup/css.
+ },
+ hideClose: true,
+ popupIconClass: "onionlocation-notification-icon",
+};
+
+// A hacky way of setting the popup anchor outside the usual url bar icon
box
+// onionlocationpopupnotificationanchor comes from
`${ANCHOR_ID}popupnotificationanchor`
+// From
https://searchfox.org/mozilla-esr68/rev/080f9ed47742644d2ff84f7aa0b10aea5c44301a/browser/components/newtab/lib/CFRPageActions.jsm#488
+browser.onionlocationpopupnotificationanchor = win.document.getElementById(
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 33342: Avoid disconnect search addon error after removal.
commit 0f9028fcd40024bbfb9b45f703e77daf4fc37a8b
Author: Alex Catarineu
Date: Fri Mar 13 18:19:30 2020 +0100
Bug 33342: Avoid disconnect search addon error after removal.
We removed the addon in #32767, but it was still being loaded
from addonStartup.json.lz4 and throwing an error on startup
because its resource: location is not available anymore.
---
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 6 ++
1 file changed, 6 insertions(+)
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 04d57a42348e..ba562c92948d 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -959,6 +959,12 @@ var BuiltInLocation = new (class _BuiltInLocation extends
XPIStateLocation {
isLinkedAddon(/* aId */) {
return false;
}
+
+ restore(saved) {
+super.restore(saved);
+// Bug 33342: avoid restoring disconnect addon from addonStartup.json.lz4.
+this.removeAddon("disconn...@search.mozilla.org");
+ }
})();
/**
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 28125 - Prevent non-Necko network connections
commit 7c0197768e62fc33bda557715b3b5363c64d2707
Author: Matthew Finkel
Date: Thu Oct 25 19:17:09 2018 +
Bug 28125 - Prevent non-Necko network connections
---
.../gecko/media/GeckoMediaDrmBridgeV21.java| 49 +-
.../exoplayer2/upstream/DefaultHttpDataSource.java | 47 ++---
2 files changed, 4 insertions(+), 92 deletions(-)
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
index 6e75e6fb4dd5..7faa9bc2821d 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
@@ -490,54 +490,7 @@ public class GeckoMediaDrmBridgeV21 implements
GeckoMediaDrm {
@Override
protected Void doInBackground(final Void... params) {
-HttpURLConnection urlConnection = null;
-BufferedReader in = null;
-try {
-final URI finalURI = new URI(mURL + "=" +
URLEncoder.encode(new String(mDrmRequest), "UTF-8"));
-urlConnection = (HttpURLConnection)
ProxySelector.openConnectionWithProxy(finalURI);
-urlConnection.setRequestMethod("POST");
-if (DEBUG) Log.d(LOGTAG, "Provisioning, posting url =" +
finalURI.toString());
-
-// Add data
-urlConnection.setRequestProperty("Accept", "*/*");
-urlConnection.setRequestProperty("User-Agent",
getCDMUserAgent());
-urlConnection.setRequestProperty("Content-Type",
"application/json");
-
-// Execute HTTP Post Request
-urlConnection.connect();
-
-final int responseCode = urlConnection.getResponseCode();
-if (responseCode == HttpURLConnection.HTTP_OK) {
-in = new BufferedReader(new
InputStreamReader(urlConnection.getInputStream(), UTF_8));
-String inputLine;
-final StringBuffer response = new StringBuffer();
-
-while ((inputLine = in.readLine()) != null) {
-response.append(inputLine);
-}
-in.close();
-mResponseBody = String.valueOf(response).getBytes(UTF_8);
-if (DEBUG) Log.d(LOGTAG, "Provisioning, response
received.");
-if (mResponseBody != null) Log.d(LOGTAG, "response
length=" + mResponseBody.length);
-} else {
-Log.d(LOGTAG, "Provisioning, server returned HTTP error
code :" + responseCode);
-}
-} catch (final IOException e) {
-Log.e(LOGTAG, "Got exception during posting provisioning
request ...", e);
-} catch (final URISyntaxException e) {
-Log.e(LOGTAG, "Got exception during creating uri ...", e);
-} finally {
-if (urlConnection != null) {
-urlConnection.disconnect();
-}
-try {
-if (in != null) {
-in.close();
-}
-} catch (final IOException e) {
-Log.e(LOGTAG, "Exception during closing in ...", e);
-}
-}
+Log.i(LOGTAG, "This is Tor Browser. Skipping.");
return null;
}
diff --git
a/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
b/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
index 6e5095b0a4c9..a585e283ed4e 100644
---
a/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
+++
b/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
@@ -46,6 +46,7 @@ import java.util.regex.Pattern;
import java.util.zip.GZIPInputStream;
import org.mozilla.gecko.util.ProxySelector;
+
/**
* An {@link HttpDataSource} that uses Android's {@link HttpURLConnection}.
*
@@ -516,50 +517,8 @@ public class DefaultHttpDataSource extends BaseDataSource
implements HttpDataSou
boolean followRedirects,
Map requestParameters)
throws IOException, URISyntaxException {
-/**
- * Tor Project modified the way the connection object was created. For the
sake of
- * simplicity, instead of duplicating the whole file we changed the
connection object
- * to use the ProxySelector.
- */
-HttpURLConnection connection = (HttpURLConnection)
ProxySelector.openConnectionWithProxy(url.toURI());
-
-
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 25741 - TBA: Disable GeckoNetworkManager
commit bffe7042f46cced8835c851dc2bef0ba33d5cc16
Author: Matthew Finkel
Date: Thu Apr 26 22:22:51 2018 +
Bug 25741 - TBA: Disable GeckoNetworkManager
The browser should not need information related to the network
interface or network state, tor should take care of that.
---
.../src/main/java/org/mozilla/geckoview/GeckoRuntime.java | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
index f084b522ad53..b94d8e803b6b 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
@@ -122,7 +122,9 @@ public final class GeckoRuntime implements Parcelable {
mPaused = false;
// Monitor network status and send change notifications to Gecko
// while active.
-
GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+if (BuildConfig.TOR_BROWSER_VERSION == "") {
+
GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+}
}
@OnLifecycleEvent(Lifecycle.Event.ON_PAUSE)
@@ -130,7 +132,9 @@ public final class GeckoRuntime implements Parcelable {
Log.d(LOGTAG, "Lifecycle: onPause");
mPaused = true;
// Stop monitoring network status while inactive.
-GeckoNetworkManager.getInstance().stop();
+if (BuildConfig.TOR_BROWSER_VERSION == "") {
+GeckoNetworkManager.getInstance().stop();
+}
GeckoThread.onPause();
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 32658: Create a new MAR signing key
commit a16070d947df0036347bf3195932bb6430630258 Author: Georg Koppen Date: Fri Jan 17 12:54:31 2020 + Bug 32658: Create a new MAR signing key It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key --- .../update/updater/nightly_aurora_level3_primary.der | Bin 1225 -> 1245 bytes .../updater/nightly_aurora_level3_secondary.der | Bin 1225 -> 1245 bytes toolkit/mozapps/update/updater/release_primary.der| Bin 1225 -> 1229 bytes toolkit/mozapps/update/updater/release_secondary.der | Bin 1225 -> 1229 bytes 4 files changed, 0 insertions(+), 0 deletions(-) diff --git a/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der b/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der index 44fd95dcff89..d579cf801e1a 100644 Binary files a/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der and b/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der differ diff --git a/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der b/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der index 90f8e6e82c63..7cbfa77d06e7 100644 Binary files a/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der and b/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der differ diff --git a/toolkit/mozapps/update/updater/release_primary.der b/toolkit/mozapps/update/updater/release_primary.der index 1d94f88ad73b..0103a171de88 100644 Binary files a/toolkit/mozapps/update/updater/release_primary.der and b/toolkit/mozapps/update/updater/release_primary.der differ diff --git a/toolkit/mozapps/update/updater/release_secondary.der b/toolkit/mozapps/update/updater/release_secondary.der index 474706c4b73c..fcee3944e9b7 100644 Binary files a/toolkit/mozapps/update/updater/release_secondary.der and b/toolkit/mozapps/update/updater/release_secondary.der differ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 30237: Add v3 onion services client authentication prompt
commit 5367c81a994ef3e444d3789f90541436c252bf1d
Author: Kathy Brade
Date: Tue Nov 12 16:11:05 2019 -0500
Bug 30237: Add v3 onion services client authentication prompt
When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.
If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.
If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.
Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.
Add support for onion services strings to the TorStrings module.
Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.
Also fixes bug 19757:
Add a "Remember this key" checkbox to the client auth prompt.
Add an "Onion Services Authentication" section within the
about:preferences "Privacy & Security section" to allow
viewing and removal of v3 onion client auth keys that have
been stored on disk.
Also fixes bug 19251: use enhanced error pages for onion service errors.
---
browser/actors/NetErrorChild.jsm | 7 +
browser/base/content/browser.js| 10 +
browser/base/content/browser.xhtml | 1 +
browser/base/content/certerror/aboutNetError.js| 10 +-
browser/base/content/certerror/aboutNetError.xhtml | 1 +
browser/base/content/main-popupset.inc.xhtml | 1 +
browser/base/content/navigator-toolbox.inc.xhtml | 1 +
browser/base/content/tab-content.js| 6 +
browser/components/moz.build | 1 +
.../content/authNotificationIcon.inc.xhtml | 6 +
.../onionservices/content/authPopup.inc.xhtml | 16 ++
.../onionservices/content/authPreferences.css | 20 ++
.../content/authPreferences.inc.xhtml | 19 ++
.../onionservices/content/authPreferences.js | 66 +
.../components/onionservices/content/authPrompt.js | 316 +
.../components/onionservices/content/authUtil.jsm | 47 +++
.../onionservices/content/netError/browser.svg | 3 +
.../onionservices/content/netError/network.svg | 3 +
.../content/netError/onionNetError.css | 88 ++
.../content/netError/onionNetError.js | 243
.../onionservices/content/netError/onionsite.svg | 8 +
.../onionservices/content/onionservices.css| 69 +
.../onionservices/content/savedKeysDialog.js | 259 +
.../onionservices/content/savedKeysDialog.xhtml| 42 +++
browser/components/onionservices/jar.mn| 9 +
browser/components/onionservices/moz.build | 1 +
browser/components/preferences/preferences.xhtml | 1 +
browser/components/preferences/privacy.inc.xhtml | 2 +
browser/components/preferences/privacy.js | 7 +
browser/themes/shared/notification-icons.inc.css | 3 +
docshell/base/nsDocShell.cpp | 81 +-
dom/ipc/BrowserParent.cpp | 21 ++
dom/ipc/BrowserParent.h| 3 +
dom/ipc/PBrowser.ipdl | 9 +
js/xpconnect/src/xpc.msg | 10 +
netwerk/base/nsSocketTransport2.cpp| 6 +
netwerk/socket/nsSOCKSIOLayer.cpp | 49
toolkit/modules/PopupNotifications.jsm | 6 +
toolkit/modules/RemotePageAccessManager.jsm| 1 +
.../lib/environments/frame-script.js | 1 +
xpcom/base/ErrorList.py| 22 ++
41 files changed, 1473 insertions(+), 2 deletions(-)
diff --git a/browser/actors/NetErrorChild.jsm b/browser/actors/NetErrorChild.jsm
index 82978412fe24..164fb7c95cd1 100644
--- a/browser/actors/NetErrorChild.jsm
+++ b/browser/actors/NetErrorChild.jsm
@@ -13,6 +13,8 @@ const { RemotePageChild } = ChromeUtils.import(
"resource://gre/actors/RemotePageChild.jsm"
);
+const { TorStrings } =
ChromeUtils.import("resource:///modules/TorStrings.jsm");
+
XPCOMUtils.defineLazyServiceGetter(
this,
"gSerializationHelper",
@@ -33,6 +35,7 @@ class NetErrorChild extends RemotePageChild {
"RPMAddToHistogram",
"RPMRecordTelemetryEvent",
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#tor
commit 699778599a86cbb7b60059680c07340acd65c315
Author: Richard Pospesel
Date: Mon Sep 16 15:25:39 2019 -0700
Bug 31286: Implementation of bridge, proxy, and firewall settings in
about:preferences#tor
This patch adds a new about:preferences#tor page which allows modifying
bridge, proxy, and firewall settings from within Tor Browser. All of the
functionality present in tor-launcher's Network Configuration panel is
present:
- Setting built-in bridges
- Requesting bridges from BridgeDB via moat
- Using user-provided bridges
- Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies
- Setting firewall ports
- Viewing and Copying Tor's logs
- The Networking Settings in General preferences has been removed
---
browser/components/moz.build | 1 +
browser/components/preferences/main.inc.xhtml | 54 --
browser/components/preferences/main.js | 14 -
browser/components/preferences/preferences.js | 9 +
browser/components/preferences/preferences.xhtml | 5 +
browser/components/preferences/privacy.js | 1 +
.../torpreferences/content/parseFunctions.jsm | 89 +++
.../torpreferences/content/requestBridgeDialog.jsm | 204 +
.../content/requestBridgeDialog.xhtml | 35 +
.../torpreferences/content/torBridgeSettings.jsm | 325
.../torpreferences/content/torCategory.inc.xhtml | 9 +
.../torpreferences/content/torFirewallSettings.jsm | 72 ++
.../torpreferences/content/torLogDialog.jsm| 66 ++
.../torpreferences/content/torLogDialog.xhtml | 23 +
.../components/torpreferences/content/torPane.js | 857 +
.../torpreferences/content/torPane.xhtml | 123 +++
.../torpreferences/content/torPreferences.css | 77 ++
.../torpreferences/content/torPreferencesIcon.svg | 5 +
.../torpreferences/content/torProxySettings.jsm| 245 ++
browser/components/torpreferences/jar.mn | 14 +
browser/components/torpreferences/moz.build| 1 +
browser/modules/BridgeDB.jsm | 110 +++
browser/modules/TorProtocolService.jsm | 323
browser/modules/moz.build | 2 +
24 files changed, 2596 insertions(+), 68 deletions(-)
diff --git a/browser/components/moz.build b/browser/components/moz.build
index 57ec3c51c5e9..b409974a965c 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -54,6 +54,7 @@ DIRS += [
"syncedtabs",
"uitour",
"urlbar",
+"torpreferences",
"translation",
]
diff --git a/browser/components/preferences/main.inc.xhtml
b/browser/components/preferences/main.inc.xhtml
index a89b89f723a8..594711e61474 100644
--- a/browser/components/preferences/main.inc.xhtml
+++ b/browser/components/preferences/main.inc.xhtml
@@ -671,58 +671,4 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/browser/components/preferences/main.js
b/browser/components/preferences/main.js
index 2a6ba4a3d8e4..501ba9144a31 100644
--- a/browser/components/preferences/main.js
+++ b/browser/components/preferences/main.js
@@ -368,15 +368,6 @@ var gMainPane = {
});
this.updatePerformanceSettingsBox({ duringChangeEvent: false });
this.displayUseSystemLocale();
-let connectionSettingsLink = document.getElementById(
- "connectionSettingsLearnMore"
-);
-let connectionSettingsUrl =
- Services.urlFormatter.formatURLPref("app.support.baseURL") +
- "prefs-connection-settings";
-connectionSettingsLink.setAttribute("href", connectionSettingsUrl);
-this.updateProxySettingsUI();
-initializeProxyUI(gMainPane);
if (Services.prefs.getBoolPref("intl.multilingual.enabled")) {
gMainPane.initBrowserLocale();
@@ -510,11 +501,6 @@ var gMainPane = {
"change",
gMainPane.updateHardwareAcceleration.bind(gMainPane)
);
-setEventListener(
- "connectionSettings",
- "command",
- gMainPane.showConnections
-);
setEventListener(
"browserContainersCheckbox",
"command",
diff --git a/browser/components/preferences/preferences.js
b/browser/components/preferences/preferences.js
index 91e9e469cea2..a89fddd0306d 100644
--- a/browser/components/preferences/preferences.js
+++ b/browser/components/preferences/preferences.js
@@ -13,6 +13,7 @@
/* import-globals-from findInPage.js */
/* import-globals-from ../../base/content/utilityOverlay.js */
/* import-globals-from ../../../toolkit/content/preferencesBindings.js */
+/* import-globals-from ../torpreferences/content/torPane.js */
"use strict";
@@ -136,6 +137,14 @@ function init_all() {
register_module("paneSync", gSyncPane);
}
register_module("paneSearchResults", gSearchResultsPane);
+ if (gTorPane.enabled) {
+document.getElementById("category-tor").hidden = false;
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 32092: Fix Tor Browser Support link in preferences
commit 4d9c0a23c3572616a9ebdf5d015d868d0b63281b
Author: Alex Catarineu
Date: Tue Oct 15 22:54:10 2019 +0200
Bug 32092: Fix Tor Browser Support link in preferences
---
browser/components/preferences/preferences.js | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/browser/components/preferences/preferences.js
b/browser/components/preferences/preferences.js
index a89fddd0306d..ce338584142e 100644
--- a/browser/components/preferences/preferences.js
+++ b/browser/components/preferences/preferences.js
@@ -166,10 +166,7 @@ function init_all() {
gotoPref().then(() => {
let helpButton = document.getElementById("helpButton");
-let helpUrl =
- Services.urlFormatter.formatURLPref("app.support.baseURL") +
- "preferences";
-helpButton.setAttribute("href", helpUrl);
+helpButton.setAttribute("href", "https://support.torproject.org/tbb;);
document.getElementById("addonsButton").addEventListener("click", e => {
if (e.button >= 2) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 31607: App menu items stop working on macOS
commit f3a14f3930fbd43ee72923ae96b6ecad3f2ced5a
Author: Kathy Brade
Date: Thu Oct 3 10:53:43 2019 -0400
Bug 31607: App menu items stop working on macOS
Avoid re-creating the hidden window, since this causes the nsMenuBarX
object that is associated with the app menu to be freed (which in
turn causes all of the app menu items to stop working).
More detail: There should only be one hidden window.
XREMain::XRE_mainRun() contains an explicit call to create the
hidden window and that is the normal path by which it is created.
However, when Tor Launcher's wizard/progress window is opened during
startup, a hidden window is created earlier as a side effect of
calls to nsAppShellService::GetHiddenWindow(). Then, when
XREMain::XRE_mainRun() creates its hidden window, the original one
is freed which also causes the app menu's nsMenuBarX object which
is associated with that window to be destroyed. When that happens,
the menuGroupOwner property within each Cocoa menu items's MenuItemInfo
object is cleared. This breaks the link that is necessary for
NativeMenuItemTarget's menuItemHit method to dispatch a menu item
event.
---
xpfe/appshell/nsAppShellService.cpp | 4
1 file changed, 4 insertions(+)
diff --git a/xpfe/appshell/nsAppShellService.cpp
b/xpfe/appshell/nsAppShellService.cpp
index ed7c2227f4d4..e56cbfb77ca9 100644
--- a/xpfe/appshell/nsAppShellService.cpp
+++ b/xpfe/appshell/nsAppShellService.cpp
@@ -93,6 +93,10 @@ void nsAppShellService::EnsureHiddenWindow() {
NS_IMETHODIMP
nsAppShellService::CreateHiddenWindow() {
+ if (mHiddenWindow) {
+return NS_OK;
+ }
+
if (!XRE_IsParentProcess()) {
return NS_ERROR_NOT_IMPLEMENTED;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 24796 - Comment out excess permissions from GeckoView
commit 485610a75821797946aac5af766b6cf506268b2f Author: Matthew Finkel Date: Wed Apr 11 17:52:59 2018 + Bug 24796 - Comment out excess permissions from GeckoView The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's manifest, so we can't use the ifdef preprocessor guards around the permissions we do not want. Commenting the permissions is the next-best-thing. --- .../android/geckoview/src/main/AndroidManifest.xml | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/mobile/android/geckoview/src/main/AndroidManifest.xml b/mobile/android/geckoview/src/main/AndroidManifest.xml index a76b6a4754b6..7a2f30708fc3 100644 --- a/mobile/android/geckoview/src/main/AndroidManifest.xml +++ b/mobile/android/geckoview/src/main/AndroidManifest.xml @@ -6,20 +6,32 @@ http://schemas.android.com/apk/res/android; package="org.mozilla.geckoview"> + + + + + + + + + + https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 27604: Fix addon issues when moving TB directory
commit 17f78a434fa03745da2229889bc05d14807a8c71
Author: Alex Catarineu
Date: Wed Oct 30 10:44:48 2019 +0100
Bug 27604: Fix addon issues when moving TB directory
---
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 7b6c904aad3f..04d57a42348e 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -475,7 +475,7 @@ class XPIState {
// Builds prior to be 1512436 did not include the rootURI property.
// If we're updating from such a build, add that property now.
-if (!("rootURI" in this) && this.file) {
+if (this.file) {
this.rootURI = getURIForResourceInFile(this.file, "").spec;
}
@@ -488,7 +488,10 @@ class XPIState {
saved.currentModifiedTime != this.lastModifiedTime
) {
this.lastModifiedTime = saved.currentModifiedTime;
-} else if (saved.currentModifiedTime === null) {
+} else if (
+ saved.currentModifiedTime === null &&
+ (!this.file || !this.file.exists())
+) {
this.missing = true;
}
}
@@ -1449,6 +1452,7 @@ var XPIStates = {
if (shouldRestoreLocationData && oldState[loc.name]) {
loc.restore(oldState[loc.name]);
+changed = changed || loc.path != oldState[loc.name].path;
}
changed = changed || loc.changed;
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
commit e4a7158626cac2ab3713420988fccfb783fa940c
Author: Amogh Pradeep
Date: Fri Jun 12 02:07:45 2015 -0400
Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
See Bug 1357997 for partial uplift.
Also:
Bug 28051 - Use our Orbot for proxying our connections
Bug 31144 - ESR68 Network Code Review
---
.../java/org/mozilla/gecko/util/ProxySelector.java | 25 +-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
index dbd07a069de1..800c7cf96de8 100644
---
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
+++
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
@@ -29,6 +29,10 @@ import java.net.URLConnection;
import java.util.List;
public class ProxySelector {
+private static final String TOR_PROXY_ADDRESS = "127.0.0.1";
+private static final int TOR_SOCKS_PROXY_PORT = 9150;
+private static final int TOR_HTTP_PROXY_PORT = 8218;
+
public static URLConnection openConnectionWithProxy(final URI uri) throws
IOException {
final java.net.ProxySelector ps = java.net.ProxySelector.getDefault();
Proxy proxy = Proxy.NO_PROXY;
@@ -39,7 +43,26 @@ public class ProxySelector {
}
}
-return uri.toURL().openConnection(proxy);
+/* Ignore the proxy we found from the VM, only use Tor. We can probably
+ * safely use the logic in this class in the future. */
+return uri.toURL().openConnection(getProxy());
+}
+
+public static Proxy getProxy() {
+// TODO make configurable
+return new Proxy(Proxy.Type.SOCKS, new
InetSocketAddress(TOR_PROXY_ADDRESS, TOR_SOCKS_PROXY_PORT));
+}
+
+public static String getProxyHostAddress() {
+return TOR_PROXY_ADDRESS;
+}
+
+public static int getSocksProxyPort() {
+return TOR_SOCKS_PROXY_PORT;
+}
+
+public static int getHttpProxyPort() {
+return TOR_HTTP_PROXY_PORT;
}
public ProxySelector() {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 31740: Remove some unnecessary RemoteSettings instances
commit cfe26ed3a065703f61a1fbf738c438551b2f6483
Author: Alex Catarineu
Date: Wed Oct 16 23:01:12 2019 +0200
Bug 31740: Remove some unnecessary RemoteSettings instances
More concretely, SearchService.jsm 'hijack-blocklists' and
url-classifier-skip-urls.
Avoid creating instance for 'anti-tracking-url-decoration'.
If prefs are disabling their usage, avoid creating instances for
'cert-revocations' and 'intermediates'.
Do not ship JSON dumps for collections we do not expect to need. For
the ones in the 'main' bucket, this prevents them from being synced
unnecessarily (the code in remote-settings does so for collections
in the main bucket for which a dump or local data exists). For the
collections in the other buckets, we just save some size by not
shipping their dumps.
We also clear the collections database on the v2 -> v3 migration.
---
browser/app/profile/000-tor-browser.js | 3 +++
browser/components/search/SearchSERPTelemetry.jsm | 6 --
.../url-classifier/UrlClassifierFeatureBase.cpp| 2 +-
netwerk/url-classifier/components.conf | 6 --
security/manager/ssl/RemoteSecuritySettings.jsm| 23 ++
services/settings/IDBHelpers.jsm | 4
services/settings/dumps/blocklists/moz.build | 14 +
services/settings/dumps/main/moz.build | 7 ---
services/settings/dumps/security-state/moz.build | 1 -
.../components/antitracking/antitracking.manifest | 2 +-
toolkit/components/antitracking/components.conf| 7 ---
toolkit/components/search/SearchService.jsm| 2 --
12 files changed, 37 insertions(+), 40 deletions(-)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index fad6b19ba40b..4cecf703dd8f 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -152,6 +152,9 @@ pref("extensions.fxmonitor.enabled", false);
pref("signon.management.page.mobileAndroidURL", "");
pref("signon.management.page.mobileAppleURL", "");
+// Disable remote "password recipes"
+pref("signon.recipes.remoteRecipesEnabled", false);
+
// Disable ServiceWorkers and push notifications by default
pref("dom.serviceWorkers.enabled", false);
pref("dom.push.enabled", false);
diff --git a/browser/components/search/SearchSERPTelemetry.jsm
b/browser/components/search/SearchSERPTelemetry.jsm
index 3e9d92548213..5c499e91713a 100644
--- a/browser/components/search/SearchSERPTelemetry.jsm
+++ b/browser/components/search/SearchSERPTelemetry.jsm
@@ -96,13 +96,7 @@ class TelemetryHandler {
return;
}
-this._telemetrySettings = RemoteSettings(TELEMETRY_SETTINGS_KEY);
let rawProviderInfo = [];
-try {
- rawProviderInfo = await this._telemetrySettings.get();
-} catch (ex) {
- logConsole.error("Could not get settings:", ex);
-}
// Send the provider info to the child handler.
this._contentHandler.init(rawProviderInfo);
diff --git a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
index 1bbc7a652486..c3ab7c6cefc5 100644
--- a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
@@ -78,7 +78,7 @@ void UrlClassifierFeatureBase::InitializePreferences() {
nsCOMPtr exceptionListService =
do_GetService("@mozilla.org/url-classifier/exception-list-service;1");
- if (NS_WARN_IF(!exceptionListService)) {
+ if (!exceptionListService) {
return;
}
diff --git a/netwerk/url-classifier/components.conf
b/netwerk/url-classifier/components.conf
index 03a02f0ebeab..b2e667247317 100644
--- a/netwerk/url-classifier/components.conf
+++ b/netwerk/url-classifier/components.conf
@@ -13,10 +13,4 @@ Classes = [
'constructor': 'mozilla::net::ChannelClassifierService::GetSingleton',
'headers': ['mozilla/net/ChannelClassifierService.h'],
},
-{
-'cid': '{b9f4fd03-9d87-4bfd-9958-85a821750ddc}',
-'contract_ids':
['@mozilla.org/url-classifier/exception-list-service;1'],
-'jsm': 'resource://gre/modules/UrlClassifierExceptionListService.jsm',
-'constructor': 'UrlClassifierExceptionListService',
-},
]
diff --git a/security/manager/ssl/RemoteSecuritySettings.jsm
b/security/manager/ssl/RemoteSecuritySettings.jsm
index 630cfc18f498..d9a4f27a263f 100644
--- a/security/manager/ssl/RemoteSecuritySettings.jsm
+++ b/security/manager/ssl/RemoteSecuritySettings.jsm
@@ -274,6 +274,16 @@ var RemoteSecuritySettings = {
class IntermediatePreloads {
constructor() {
+this.maybeInit();
+ }
+
+ maybeInit() {
+if (
+ this.client ||
+ !Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)
+) {
+ return;
+}
this.client = RemoteSettings(
Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF),
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 31575: Replace Firefox Home (newtab) with about:tor
commit 154ddbd2c95938ea642b67e5521adcd3b5fcce47
Author: Alex Catarineu
Date: Mon Sep 9 13:04:34 2019 +0200
Bug 31575: Replace Firefox Home (newtab) with about:tor
Avoid loading AboutNewTab in BrowserGlue.jsm in order
to avoid several network requests that we do not need. Besides,
about:newtab will now point to about:blank or about:tor (depending
on browser.newtabpage.enabled) and about:home will point to
about:tor.
---
browser/components/BrowserGlue.jsm | 33 ++--
browser/components/newtab/AboutNewTabService.jsm | 15 +--
browser/components/preferences/home.inc.xhtml| 4 +--
browser/components/preferences/preferences.xhtml | 5 +++-
browser/modules/HomePage.jsm | 2 +-
5 files changed, 10 insertions(+), 49 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm
b/browser/components/BrowserGlue.jsm
index 7c3a7ace3ae9..6ef6b16eea1b 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -20,7 +20,6 @@ const { AppConstants } = ChromeUtils.import(
Cu.importGlobalProperties(["Glean"]);
XPCOMUtils.defineLazyModuleGetters(this, {
- AboutNewTab: "resource:///modules/AboutNewTab.jsm",
ActorManagerParent: "resource://gre/modules/ActorManagerParent.jsm",
AddonManager: "resource://gre/modules/AddonManager.jsm",
AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.jsm",
@@ -212,28 +211,6 @@ let JSWINDOWACTORS = {
matches: ["about:logins", "about:logins?*", "about:loginsimportreport"],
},
- AboutNewTab: {
-parent: {
- moduleURI: "resource:///actors/AboutNewTabParent.jsm",
-},
-child: {
- moduleURI: "resource:///actors/AboutNewTabChild.jsm",
- events: {
-DOMContentLoaded: {},
-pageshow: {},
-visibilitychange: {},
- },
-},
-// The wildcard on about:newtab is for the ?endpoint query parameter
-// that is used for snippets debugging. The wildcard for about:home
-// is similar, and also allows for falling back to loading the
-// about:home document dynamically if an attempt is made to load
-// about:home?jscache from the AboutHomeStartupCache as a top-level
-// load.
-matches: ["about:home*", "about:welcome", "about:newtab*"],
-remoteTypes: ["privilegedabout"],
- },
-
AboutPlugins: {
parent: {
moduleURI: "resource:///actors/AboutPluginsParent.jsm",
@@ -1619,8 +1596,6 @@ BrowserGlue.prototype = {
// the first browser window has finished initializing
_onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) {
-AboutNewTab.init();
-
TabCrashHandler.init();
ProcessHangMonitor.init();
@@ -5336,12 +5311,8 @@ var AboutHomeStartupCache = {
return { pageInputStream: null, scriptInputStream: null };
}
-let state = AboutNewTab.activityStream.store.getState();
-return new Promise(resolve => {
- this._cacheDeferred = resolve;
- this.log.trace("Parent is requesting cache streams.");
- this._procManager.sendAsyncMessage(this.CACHE_REQUEST_MESSAGE, { state
});
-});
+this.log.error("Activity Stream is disabled in Tor Browser.");
+return { pageInputStream: null, scriptInputStream: null };
},
/**
diff --git a/browser/components/newtab/AboutNewTabService.jsm
b/browser/components/newtab/AboutNewTabService.jsm
index 44308daa2b2d..d98c014e3f9e 100644
--- a/browser/components/newtab/AboutNewTabService.jsm
+++ b/browser/components/newtab/AboutNewTabService.jsm
@@ -420,20 +420,7 @@ class BaseAboutNewTabService {
* the newtab page has no effect on the result of this function.
*/
get defaultURL() {
-// Generate the desired activity stream resource depending on state, e.g.,
-// "resource://activity-stream/prerendered/activity-stream.html"
-// "resource://activity-stream/prerendered/activity-stream-debug.html"
-// "resource://activity-stream/prerendered/activity-stream-noscripts.html"
-return [
- "resource://activity-stream/prerendered/",
- "activity-stream",
- // Debug version loads dev scripts but noscripts separately loads scripts
- this.activityStreamDebug && !this.privilegedAboutProcessEnabled
-? "-debug"
-: "",
- this.privilegedAboutProcessEnabled ? "-noscripts" : "",
- ".html",
-].join("");
+return "about:tor";
}
get welcomeURL() {
diff --git a/browser/components/preferences/home.inc.xhtml
b/browser/components/preferences/home.inc.xhtml
index 5bb936782ed9..e812d969837e 100644
--- a/browser/components/preferences/home.inc.xhtml
+++ b/browser/components/preferences/home.inc.xhtml
@@ -33,7 +33,7 @@
class="check-home-page-controlled"
data-preference-related="browser.startup.homepage">
-
+
@@ -84,7 +84,7 @@
Preferences so we need to handle setting the pref manually.-->
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 32220: Improve the letterboxing experience
commit 63c09f8649deebc0f285067f1270fe88756fa19d
Author: Richard Pospesel
Date: Mon Oct 28 17:42:17 2019 -0700
Bug 32220: Improve the letterboxing experience
CSS and JS changes to alter the UX surrounding letterboxing. The
browser element containing page content is now anchored to the bottom
of the toolbar, and the remaining letterbox margin is the same color
as the firefox chrome. The letterbox margin and border are tied to
the currently selected theme.
Also adds a 'needsLetterbox' property to tabbrowser.xml to fix a race
condition present when using the 'isEmpty' property. Using 'isEmpty'
as a proxy for 'needsLetterbox' resulted in over-zealous/unnecessary
letterboxing of about:blank tabs.
---
browser/base/content/browser.css | 7 ++
browser/base/content/tabbrowser-tab.js | 9 +++
browser/themes/shared/tabs.inc.css | 6 ++
.../components/resistfingerprinting/RFPHelper.jsm | 94 +++---
4 files changed, 104 insertions(+), 12 deletions(-)
diff --git a/browser/base/content/browser.css b/browser/base/content/browser.css
index 2d74162b1543..0a766b976fc5 100644
--- a/browser/base/content/browser.css
+++ b/browser/base/content/browser.css
@@ -94,6 +94,13 @@ body {
}
}
+.browserStack > browser.letterboxing {
+ border-color: var(--chrome-content-separator-color);
+ border-style: solid;
+ border-width : 1px;
+ border-top: none;
+}
+
%ifdef MENUBAR_CAN_AUTOHIDE
#toolbar-menubar[autohide="true"] {
overflow: hidden;
diff --git a/browser/base/content/tabbrowser-tab.js
b/browser/base/content/tabbrowser-tab.js
index 320ca559d5fa..47edf39d9eba 100644
--- a/browser/base/content/tabbrowser-tab.js
+++ b/browser/base/content/tabbrowser-tab.js
@@ -229,6 +229,15 @@
return true;
}
+get needsLetterbox() {
+ let browser = this.linkedBrowser;
+ if (isBlankPageURL(browser.currentURI.spec)) {
+return false;
+ }
+
+ return true;
+}
+
get lastAccessed() {
return this._lastAccessed == Infinity ? Date.now() : this._lastAccessed;
}
diff --git a/browser/themes/shared/tabs.inc.css
b/browser/themes/shared/tabs.inc.css
index 63f5ef491a66..c5a411c20e58 100644
--- a/browser/themes/shared/tabs.inc.css
+++ b/browser/themes/shared/tabs.inc.css
@@ -50,6 +50,12 @@
background-color: var(--tabpanel-background-color);
}
+/* extend down the toolbar's colors when letterboxing is enabled*/
+#tabbrowser-tabpanels.letterboxing {
+ background-color: var(--toolbar-bgcolor);
+ background-image: var(--toolbar-bgimage);
+}
+
#tabbrowser-tabs,
#tabbrowser-arrowscrollbox,
#tabbrowser-tabs[positionpinnedtabs] > #tabbrowser-arrowscrollbox >
.tabbrowser-tab[pinned] {
diff --git a/toolkit/components/resistfingerprinting/RFPHelper.jsm
b/toolkit/components/resistfingerprinting/RFPHelper.jsm
index 166ad21e9013..9520d8720631 100644
--- a/toolkit/components/resistfingerprinting/RFPHelper.jsm
+++ b/toolkit/components/resistfingerprinting/RFPHelper.jsm
@@ -40,6 +40,7 @@ class _RFPHelper {
//
constructor() {
this._initialized = false;
+this._borderDimensions = null;
}
init() {
@@ -361,6 +362,24 @@ class _RFPHelper {
});
}
+ getBorderDimensions(aBrowser) {
+if (this._borderDimensions) {
+ return this._borderDimensions;
+}
+
+const win = aBrowser.ownerGlobal;
+const browserStyle = win.getComputedStyle(aBrowser);
+
+this._borderDimensions = {
+ top : parseInt(browserStyle.borderTopWidth),
+ right: parseInt(browserStyle.borderRightWidth),
+ bottom : parseInt(browserStyle.borderBottomWidth),
+ left : parseInt(browserStyle.borderLeftWidth),
+};
+
+return this._borderDimensions;
+ }
+
_addOrClearContentMargin(aBrowser) {
let tab = aBrowser.getTabBrowser().getTabForBrowser(aBrowser);
@@ -369,9 +388,13 @@ class _RFPHelper {
return;
}
+// we add the letterboxing class even if the content does not need
letterboxing
+// in which case margins are set such that the borders are hidden
+aBrowser.classList.add("letterboxing");
+
// We should apply no margin around an empty tab or a tab with system
// principal.
-if (tab.isEmpty || aBrowser.contentPrincipal.isSystemPrincipal) {
+if (!tab.needsLetterbox || aBrowser.contentPrincipal.isSystemPrincipal) {
this._clearContentViewMargin(aBrowser);
} else {
this._roundContentView(aBrowser);
@@ -539,10 +562,29 @@ class _RFPHelper {
// Calculating the margins around the browser element in order to round the
// content viewport. We will use a 200x100 stepping if the dimension set
// is not given.
-let margins = calcMargins(containerWidth, containerHeight);
+
+const borderDimensions = this.getBorderDimensions(aBrowser);
+const marginDims = calcMargins(containerWidth,
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 27511: Add new identity button to toolbar
commit 0c592b44ff91e95558d890eeedd93b258097d016
Author: Alex Catarineu
Date: Fri Oct 4 19:08:33 2019 +0200
Bug 27511: Add new identity button to toolbar
Also added 'New circuit for this site' button to CustomizableUI, but
not visible by default.
---
browser/base/content/navigator-toolbox.inc.xhtml| 10 ++
.../components/customizableui/CustomizableUI.jsm| 21 +
browser/themes/shared/icons/new_circuit.svg | 6 ++
browser/themes/shared/icons/new_identity.svg| 9 +
browser/themes/shared/jar.inc.mn| 3 +++
browser/themes/shared/menupanel.inc.css | 7 +++
browser/themes/shared/toolbarbutton-icons.inc.css | 8
7 files changed, 64 insertions(+)
diff --git a/browser/base/content/navigator-toolbox.inc.xhtml
b/browser/base/content/navigator-toolbox.inc.xhtml
index efe981a74826..7359cec49696 100644
--- a/browser/base/content/navigator-toolbox.inc.xhtml
+++ b/browser/base/content/navigator-toolbox.inc.xhtml
@@ -572,6 +572,16 @@
ondragenter="newWindowButtonObserver.onDragOver(event)"
ondragexit="newWindowButtonObserver.onDragExit(event)"/>
+
+
+
+
http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink;>
+
+
+
+
+
diff --git a/browser/themes/shared/icons/new_identity.svg
b/browser/themes/shared/icons/new_identity.svg
new file mode 100644
index ..096ff169c02f
--- /dev/null
+++ b/browser/themes/shared/icons/new_identity.svg
@@ -0,0 +1,9 @@
+
+http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink;>
+
+
+
+
+
+
+
diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn
index c1039e790245..3b11a9864cf8 100644
--- a/browser/themes/shared/jar.inc.mn
+++ b/browser/themes/shared/jar.inc.mn
@@ -234,3 +234,6 @@
skin/classic/browser/places/tree-icons.css
(../shared/places/tree-icons.css)
skin/classic/browser/privatebrowsing/aboutPrivateBrowsing.css
(../shared/privatebrowsing/aboutPrivateBrowsing.css)
skin/classic/browser/privatebrowsing/favicon.svg
(../shared/privatebrowsing/favicon.svg)
+
+ skin/classic/browser/new_circuit.svg
(../shared/icons/new_circuit.svg)
+ skin/classic/browser/new_identity.svg
(../shared/icons/new_identity.svg)
diff --git a/browser/themes/shared/menupanel.inc.css
b/browser/themes/shared/menupanel.inc.css
index 38626d208deb..65541b5e828b 100644
--- a/browser/themes/shared/menupanel.inc.css
+++ b/browser/themes/shared/menupanel.inc.css
@@ -29,4 +29,11 @@
toolbarbutton#appMenu-new-private-window-button2 {
display: none;
}
+
+#appMenuNewIdentity {
+ list-style-image: url("chrome://browser/skin/new_identity.svg");
+}
+
+#appMenuNewCircuit {
+ list-style-image: url("chrome://browser/skin/new_circuit.svg");
}
diff --git a/browser/themes/shared/toolbarbutton-icons.inc.css
b/browser/themes/shared/toolbarbutton-icons.inc.css
index 76d3f4212406..e3e6f6486999 100644
--- a/browser/themes/shared/toolbarbutton-icons.inc.css
+++ b/browser/themes/shared/toolbarbutton-icons.inc.css
@@ -253,6 +253,14 @@ toolbar[brighttext]:-moz-lwtheme {
list-style-image: url("chrome://browser/skin/new-tab.svg");
}
+#new-identity-button {
+ list-style-image: url("chrome://browser/skin/new_identity.svg");
+}
+
+#new-circuit-button {
+ list-style-image: url("chrome://browser/skin/new_circuit.svg");
+}
+
#privatebrowsing-button {
list-style-image: url("chrome://browser/skin/privateBrowsing.svg");
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 26345: Hide tracking protection UI
commit a0f49ed1775ddeb20ba6c009b0a737b5f33f3aef
Author: Alex Catarineu
Date: Tue Sep 10 16:29:31 2019 +0200
Bug 26345: Hide tracking protection UI
---
browser/base/content/appmenu-viewcache.inc.xhtml | 4 ++--
browser/base/content/browser-siteIdentity.js | 4 ++--
browser/components/about/AboutRedirector.cpp | 4
browser/components/about/components.conf | 1 -
browser/components/moz.build | 1 -
browser/themes/shared/preferences/privacy.css| 4
6 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/browser/base/content/appmenu-viewcache.inc.xhtml
b/browser/base/content/appmenu-viewcache.inc.xhtml
index 5eb8448065ae..0812e0e84f45 100644
--- a/browser/base/content/appmenu-viewcache.inc.xhtml
+++ b/browser/base/content/appmenu-viewcache.inc.xhtml
@@ -24,7 +24,7 @@
oncommand="gSync.toggleAccountPanel(this, event)"/>
-
+
@@ -35,7 +35,7 @@
-
+
description {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 28369: Stop shipping pingsender executable
commit 758affadb8752ebe1a187a044ad7523123d35242
Author: Alex Catarineu
Date: Wed Apr 10 17:52:51 2019 +0200
Bug 28369: Stop shipping pingsender executable
---
browser/app/macbuild/Contents/MacOS-files.in | 1 -
browser/installer/package-manifest.in | 4
browser/installer/windows/nsis/shared.nsh | 1 -
python/mozbuild/mozbuild/artifacts.py | 2 --
toolkit/components/telemetry/app/TelemetrySend.jsm | 19 +--
toolkit/components/telemetry/moz.build | 4
6 files changed, 1 insertion(+), 30 deletions(-)
diff --git a/browser/app/macbuild/Contents/MacOS-files.in
b/browser/app/macbuild/Contents/MacOS-files.in
index 6f0b4481473b..6e8a1689ea19 100644
--- a/browser/app/macbuild/Contents/MacOS-files.in
+++ b/browser/app/macbuild/Contents/MacOS-files.in
@@ -17,7 +17,6 @@
#if defined(MOZ_CRASHREPORTER)
/minidump-analyzer
#endif
-/pingsender
/pk12util
/ssltunnel
/xpcshell
diff --git a/browser/installer/package-manifest.in
b/browser/installer/package-manifest.in
index dd71fb6e196f..edfc2daf9d40 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -438,10 +438,6 @@ bin/libfreebl_64int_3.so
@BINPATH@/minidump-analyzer@BIN_SUFFIX@
#endif
-; [ Ping Sender ]
-;
-@BINPATH@/pingsender@BIN_SUFFIX@
-
; Shutdown Terminator
@RESPATH@/components/terminator.manifest
diff --git a/browser/installer/windows/nsis/shared.nsh
b/browser/installer/windows/nsis/shared.nsh
index beeb67211e47..7439ffd33e3e 100755
--- a/browser/installer/windows/nsis/shared.nsh
+++ b/browser/installer/windows/nsis/shared.nsh
@@ -1478,7 +1478,6 @@ ${RemoveDefaultBrowserAgentShortcut}
Push "crashreporter.exe"
Push "default-browser-agent.exe"
Push "minidump-analyzer.exe"
- Push "pingsender.exe"
Push "updater.exe"
Push "mozwer.dll"
Push "${FileMainEXE}"
diff --git a/python/mozbuild/mozbuild/artifacts.py
b/python/mozbuild/mozbuild/artifacts.py
index fb563cb8b882..d00b56e17892 100644
--- a/python/mozbuild/mozbuild/artifacts.py
+++ b/python/mozbuild/mozbuild/artifacts.py
@@ -495,7 +495,6 @@ class LinuxArtifactJob(ArtifactJob):
"{product}/{product}",
"{product}/{product}-bin",
"{product}/minidump-analyzer",
-"{product}/pingsender",
"{product}/plugin-container",
"{product}/updater",
"{product}/**/*.so",
@@ -550,7 +549,6 @@ class MacArtifactJob(ArtifactJob):
"{product}-bin",
"*.dylib",
"minidump-analyzer",
-"pingsender",
"plugin-container.app/Contents/MacOS/plugin-container",
"updater.app/Contents/MacOS/org.mozilla.updater",
# 'xpcshell',
diff --git a/toolkit/components/telemetry/app/TelemetrySend.jsm
b/toolkit/components/telemetry/app/TelemetrySend.jsm
index 0da39d85ad33..c87a281019e4 100644
--- a/toolkit/components/telemetry/app/TelemetrySend.jsm
+++ b/toolkit/components/telemetry/app/TelemetrySend.jsm
@@ -1595,23 +1595,6 @@ var TelemetrySendImpl = {
},
runPingSender(pings, observer) {
-if (AppConstants.platform === "android") {
- throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
-}
-
-const exeName =
- AppConstants.platform === "win" ? "pingsender.exe" : "pingsender";
-
-let exe = Services.dirsvc.get("GreBinD", Ci.nsIFile);
-exe.append(exeName);
-
-let params = pings.flatMap(ping => [ping.url, ping.path]);
-let process = Cc["@mozilla.org/process/util;1"].createInstance(
- Ci.nsIProcess
-);
-process.init(exe);
-process.startHidden = true;
-process.noShell = true;
-process.runAsync(params, params.length, observer);
+throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
},
};
diff --git a/toolkit/components/telemetry/moz.build
b/toolkit/components/telemetry/moz.build
index 3eee4e938c4e..cedf9b313d9c 100644
--- a/toolkit/components/telemetry/moz.build
+++ b/toolkit/components/telemetry/moz.build
@@ -8,10 +8,6 @@ include("/ipc/chromium/chromium-config.mozbuild")
FINAL_LIBRARY = "xul"
-DIRS = [
-"pingsender",
-]
-
DEFINES["MOZ_APP_VERSION"] = '"%s"' % CONFIG["MOZ_APP_VERSION"]
LOCAL_INCLUDES += [
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 25658: Replace security slider with security level UI
commit c5782ca107af15534f74ec77db43808d633b57fa
Author: Richard Pospesel
Date: Mon Mar 4 16:09:51 2019 -0800
Bug 25658: Replace security slider with security level UI
This patch adds a new 'securitylevel' component to Tor Browser intended
to replace the torbutton 'Security Slider'.
This component adds a new Security Level toolbar button which visually
indicates the current global security level via icon (as defined by the
extensions.torbutton.security_slider pref), a drop-down hanger with a
short description of the current security level, and a new section in
the about:preferences#privacy page where users can change their current
security level. In addition, the hanger and the preferences page will
show a visual warning when the user has modified prefs associated with
the security level and provide a one-click 'Restore Defaults' button to
get the user back on recommended settings.
Strings used by this patch are pulled from the torbutton extension, but
en-US defaults are provided if there is an error loading from the
extension. With this patch applied, the usual work-flow of "./mach build
&& ./mach run" work as expected, even if the torbutton extension is
disabled.
---
browser/base/content/browser.js| 10 +
browser/base/content/browser.xhtml | 2 +
browser/base/content/main-popupset.inc.xhtml | 1 +
browser/base/content/navigator-toolbox.inc.xhtml | 2 +
browser/components/moz.build | 1 +
browser/components/preferences/preferences.xhtml | 1 +
browser/components/preferences/privacy.inc.xhtml | 2 +
browser/components/preferences/privacy.js | 19 +
.../securitylevel/content/securityLevel.js | 527 +
.../securitylevel/content/securityLevelButton.css | 18 +
.../content/securityLevelButton.inc.xhtml | 7 +
.../securitylevel/content/securityLevelIcon.svg| 40 ++
.../securitylevel/content/securityLevelPanel.css | 74 +++
.../content/securityLevelPanel.inc.xhtml | 47 ++
.../content/securityLevelPreferences.css | 52 ++
.../content/securityLevelPreferences.inc.xhtml | 67 +++
browser/components/securitylevel/jar.mn| 6 +
browser/components/securitylevel/moz.build | 1 +
browser/modules/TorStrings.jsm | 4 +
.../themes/shared/customizableui/panelUI.inc.css | 3 +-
20 files changed, 883 insertions(+), 1 deletion(-)
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 7a41603d4d3f..b121ee301ee7 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -224,6 +224,11 @@ XPCOMUtils.defineLazyScriptGetter(
["DownloadsButton", "DownloadsIndicatorView"],
"chrome://browser/content/downloads/indicator.js"
);
+XPCOMUtils.defineLazyScriptGetter(
+ this,
+ ["SecurityLevelButton"],
+ "chrome://browser/content/securitylevel/securityLevel.js"
+);
XPCOMUtils.defineLazyScriptGetter(
this,
"gEditItemOverlay",
@@ -1769,6 +1774,9 @@ var gBrowserInit = {
// doesn't flicker as the window is being shown.
DownloadsButton.init();
+// Init the SecuritySettingsButton
+SecurityLevelButton.init();
+
// Certain kinds of automigration rely on this notification to complete
// their tasks BEFORE the browser window is shown. SessionStore uses it to
// restore tabs into windows AFTER important parts like
gMultiProcessBrowser
@@ -2484,6 +2492,8 @@ var gBrowserInit = {
DownloadsButton.uninit();
+SecurityLevelButton.uninit();
+
gAccessibilityServiceIndicator.uninit();
if (gToolbarKeyNavEnabled) {
diff --git a/browser/base/content/browser.xhtml
b/browser/base/content/browser.xhtml
index 8efb544918b8..8fbfa05196b0 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -20,6 +20,8 @@
+
+
diff --git a/browser/base/content/main-popupset.inc.xhtml
b/browser/base/content/main-popupset.inc.xhtml
index 835948482381..adf0a4f59e4b 100644
--- a/browser/base/content/main-popupset.inc.xhtml
+++ b/browser/base/content/main-popupset.inc.xhtml
@@ -519,6 +519,7 @@
#include ../../components/controlcenter/content/protectionsPanel.inc.xhtml
#include ../../components/downloads/content/downloadsPanel.inc.xhtml
#include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml
+#include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml
#include browser-allTabsMenu.inc.xhtml
+#include ../../components/securitylevel/content/securityLevelButton.inc.xhtml
+
+
diff --git a/browser/components/preferences/privacy.inc.xhtml
b/browser/components/preferences/privacy.inc.xhtml
index bb1c53db9757..3e0c0c8dc74c 100644
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@@ -919,6 +919,8
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 30541: Disable WebGL readPixel() for web content
commit 1ab7850c6f286df766e6d6c9fd8d157b4988fef4
Author: Georg Koppen
Date: Wed May 29 12:29:19 2019 +
Bug 30541: Disable WebGL readPixel() for web content
---
dom/canvas/ClientWebGLContext.cpp | 8
1 file changed, 8 insertions(+)
diff --git a/dom/canvas/ClientWebGLContext.cpp
b/dom/canvas/ClientWebGLContext.cpp
index 05dcb79a230e..c9875e62c8af 100644
--- a/dom/canvas/ClientWebGLContext.cpp
+++ b/dom/canvas/ClientWebGLContext.cpp
@@ -4636,6 +4636,14 @@ bool ClientWebGLContext::ReadPixels_SharedPrecheck(
return false;
}
+ // Security check passed, but don't let content readPixel calls through for
+ // now, if Resist Fingerprinting Mode is enabled.
+ if (nsContentUtils::ResistFingerprinting(aCallerType)) {
+JsWarning("readPixels: Not allowed in Resist Fingerprinting Mode");
+out_error.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+return false;
+ }
+
return true;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 23247: Communicating security expectations for .onion
commit d001fd2ea4d376fd8241138c460f9b39e155ff95
Author: Richard Pospesel
Date: Fri Jun 8 13:38:40 2018 -0700
Bug 23247: Communicating security expectations for .onion
Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted. Therefore, serving HTTP pages from an Onion
Service is more or less fine.
Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way. This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:
- HTTP Onion Service pages did not have any 'lock' icon indicating
the site was secure
- HTTP Onion Service pages would be marked as unencrypted in the Page
Info screen
- Mixed-mode content restrictions did not apply to HTTP Onion Service
pages embedding Non-Onion HTTP content
This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.
---
browser/base/content/browser-siteIdentity.js | 39 -
browser/base/content/pageinfo/security.js | 64 ++
.../shared/identity-block/identity-block.inc.css | 19 +++
.../themes/shared/identity-block/onion-slash.svg | 5 ++
.../themes/shared/identity-block/onion-warning.svg | 6 ++
browser/themes/shared/identity-block/onion.svg | 3 +
browser/themes/shared/jar.inc.mn | 3 +
dom/base/nsContentUtils.cpp| 19 +++
dom/base/nsContentUtils.h | 5 ++
dom/base/nsGlobalWindowOuter.cpp | 3 +-
dom/ipc/WindowGlobalActor.cpp | 4 +-
dom/ipc/WindowGlobalChild.cpp | 6 +-
dom/security/nsMixedContentBlocker.cpp | 16 +-
.../modules/geckoview/GeckoViewProgress.jsm| 4 ++
security/manager/ssl/nsSecureBrowserUI.cpp | 12
15 files changed, 177 insertions(+), 31 deletions(-)
diff --git a/browser/base/content/browser-siteIdentity.js
b/browser/base/content/browser-siteIdentity.js
index 91940db44ca4..b616e3d3a635 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -140,6 +140,10 @@ var gIdentityHandler = {
);
},
+ get _uriIsOnionHost() {
+return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion")
: false;
+ },
+
get _isAboutNetErrorPage() {
return (
gBrowser.selectedBrowser.documentURI &&
@@ -743,9 +747,9 @@ var gIdentityHandler = {
get pointerlockFsWarningClassName() {
// Note that the fullscreen warning does not handle _isSecureInternalUI.
if (this._uriHasHost && this._isSecureConnection) {
- return "verifiedDomain";
+ return this._uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain";
}
-return "unknownIdentity";
+return this._uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity";
},
/**
@@ -753,6 +757,10 @@ var gIdentityHandler = {
* built-in (returns false) or imported (returns true).
*/
_hasCustomRoot() {
+if (!this._secInfo) {
+ return false;
+}
+
let issuerCert = null;
issuerCert = this._secInfo.succeededCertChain[
this._secInfo.succeededCertChain.length - 1
@@ -795,11 +803,13 @@ var gIdentityHandler = {
"identity.extension.label",
[extensionName]
);
-} else if (this._uriHasHost && this._isSecureConnection) {
+} else if (this._uriHasHost && this._isSecureConnection && this._secInfo) {
// This is a secure connection.
- this._identityBox.className = "verifiedDomain";
+ // _isSecureConnection implicitly includes onion services, which may not
have an SSL certificate
+ const uriIsOnionHost = this._uriIsOnionHost;
+ this._identityBox.className = uriIsOnionHost ? "onionVerifiedDomain" :
"verifiedDomain";
if (this._isMixedActiveContentBlocked) {
-this._identityBox.classList.add("mixedActiveBlocked");
+this._identityBox.classList.add(uriIsOnionHost ?
"onionMixedActiveBlocked" : "mixedActiveBlocked");
}
if (!this._isCertUserOverridden) {
// It's a normal cert, verifier is the CA Org.
@@ -810,17 +820,17 @@ var gIdentityHandler = {
}
} else if (this._isBrokenConnection) {
// This is a secure connection, but something is wrong.
- this._identityBox.className = "unknownIdentity";
+ const uriIsOnionHost = this._uriIsOnionHost;
+ this._identityBox.className =
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 26353: Prevent speculative connect that violated FPI.
commit 037361693a88d648c987a748abda707ebd96fe9c
Author: Arthur Edelstein
Date: Sat Jul 14 08:50:55 2018 -0700
Bug 26353: Prevent speculative connect that violated FPI.
Connections were observed in the catch-all circuit when
the user entered an https or http URL in the URL bar, or
typed a search term.
---
toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4
1 file changed, 4 insertions(+)
diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
index 5d46b1dd8e3b..5a1f8075d1e7 100644
--- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
+++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
@@ -95,6 +95,9 @@ class RemoteWebNavigation {
}
uri = Services.uriFixup.getFixupURIInfo(aURI, fixupFlags).preferredURI;
+/***
+ TOR BROWSER: Disable the following speculative connect until
+ we can make it properly obey first-party isolation.
// We know the url is going to be loaded, let's start requesting network
// connection before the content process asks.
@@ -118,6 +121,7 @@ class RemoteWebNavigation {
}
Services.io.speculativeConnect(uri, principal, null);
}
+***/
} catch (ex) {
// Can't setup speculative connection for this uri string for some
// reason (such as failing to parse the URI), just ignore it.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 16285: Exclude ClearKey system for now
commit c47d9b8c77d7bae1bcc9d133f949c20fb5887253 Author: Georg Koppen Date: Mon May 22 12:44:40 2017 + Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. --- browser/installer/package-manifest.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 20383c143afe..fb4993acbe7f 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -459,8 +459,8 @@ bin/libfreebl_64int_3.so #endif ; media -@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@ -@RESPATH@/gmp-clearkey/0.1/manifest.json +;@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@ +;@RESPATH@/gmp-clearkey/0.1/manifest.json #ifdef MOZ_DMD ; DMD ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 23104: Add a default line height compensation
commit 9368f96fc4f24ca6f60bef04f90f5b0a46b56e95
Author: Igor Oliveira
Date: Sun Dec 10 18:16:59 2017 -0200
Bug 23104: Add a default line height compensation
Many fonts have issues with their vertical metrics. they
are used to influence the height of ascenders and depth
of descenders. Gecko uses it to calculate the line height
(font height + ascender + descender), however because of
that idiosyncratic behavior across multiple operating
systems, it can be used to identify the user's OS.
The solution proposed in the patch uses a default factor
to be multiplied with the font size, simulating the concept
of ascender and descender. This way all operating
systems will have the same line height only and only if the
frame is outside the chrome.
---
layout/generic/ReflowInput.cpp | 19 +---
layout/generic/test/mochitest.ini | 1 +
layout/generic/test/test_tor_bug23104.html | 50 ++
3 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/layout/generic/ReflowInput.cpp b/layout/generic/ReflowInput.cpp
index 2c56afd2e02a..4d30c7762c14 100644
--- a/layout/generic/ReflowInput.cpp
+++ b/layout/generic/ReflowInput.cpp
@@ -31,6 +31,7 @@
#include "mozilla/SVGUtils.h"
#include "mozilla/dom/HTMLInputElement.h"
#include "nsGridContainerFrame.h"
+#include "nsContentUtils.h"
using namespace mozilla;
using namespace mozilla::css;
@@ -2642,7 +2643,8 @@ void ReflowInput::CalculateBlockSideMargins() {
// For risk management, we use preference to control the behavior, and
// eNoExternalLeading is the old behavior.
-static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) {
+static nscoord GetNormalLineHeight(nsIContent* aContent,
+ nsFontMetrics* aFontMetrics) {
MOZ_ASSERT(nullptr != aFontMetrics, "no font metrics");
nscoord normalLineHeight;
@@ -2650,6 +2652,12 @@ static nscoord GetNormalLineHeight(nsFontMetrics*
aFontMetrics) {
nscoord externalLeading = aFontMetrics->ExternalLeading();
nscoord internalLeading = aFontMetrics->InternalLeading();
nscoord emHeight = aFontMetrics->EmHeight();
+
+ if (nsContentUtils::ShouldResistFingerprinting() &&
+ !aContent->IsInChromeDocument()) {
+return NSToCoordRound(emHeight * NORMAL_LINE_HEIGHT_FACTOR);
+ }
+
switch (GetNormalLineHeightCalcControl()) {
case eIncludeExternalLeading:
normalLineHeight = emHeight + internalLeading + externalLeading;
@@ -2667,7 +2675,8 @@ static nscoord GetNormalLineHeight(nsFontMetrics*
aFontMetrics) {
return normalLineHeight;
}
-static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle,
+static inline nscoord ComputeLineHeight(nsIContent* aContent,
+ComputedStyle* aComputedStyle,
nsPresContext* aPresContext,
nscoord aBlockBSize,
float aFontSizeInflation) {
@@ -2696,7 +2705,7 @@ static inline nscoord ComputeLineHeight(ComputedStyle*
aComputedStyle,
RefPtr fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
aComputedStyle, aPresContext, aFontSizeInflation);
- return GetNormalLineHeight(fm);
+ return GetNormalLineHeight(aContent, fm);
}
nscoord ReflowInput::CalcLineHeight() const {
@@ -2718,7 +2727,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
float aFontSizeInflation) {
MOZ_ASSERT(aComputedStyle, "Must have a ComputedStyle");
- nscoord lineHeight = ComputeLineHeight(aComputedStyle, aPresContext,
+ nscoord lineHeight = ComputeLineHeight(aContent, aComputedStyle,
aPresContext,
aBlockBSize, aFontSizeInflation);
NS_ASSERTION(lineHeight >= 0, "ComputeLineHeight screwed up");
@@ -2731,7 +2740,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
if (!lh.IsNormal()) {
RefPtr fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
aComputedStyle, aPresContext, aFontSizeInflation);
- nscoord normal = GetNormalLineHeight(fm);
+ nscoord normal = GetNormalLineHeight(aContent, fm);
if (lineHeight < normal) {
lineHeight = normal;
}
diff --git a/layout/generic/test/mochitest.ini
b/layout/generic/test/mochitest.ini
index bde689457ebc..af9dbe3c0444 100644
--- a/layout/generic/test/mochitest.ini
+++ b/layout/generic/test/mochitest.ini
@@ -145,3 +145,4 @@ skip-if = debug == true || tsan # the test is slow. tsan:
bug 1612707
support-files =
file_reframe_for_lazy_load_image.html
[test_bug1655135.html]
+[test_tor_bug23104.html]
diff --git a/layout/generic/test/test_tor_bug23104.html
b/layout/generic/test/test_tor_bug23104.html
new file mode 100644
index ..8ff1d2190c45
--- /dev/null
+++ b/layout/generic/test/test_tor_bug23104.html
@@ -0,0 +1,50 @@
+
+
+
+
+ Test for Tor Bug #23104:
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 19121: reinstate the update.xml hash check
commit 3fa2bd06115ac5324b8810bb679cc54d99394af6
Author: Kathy Brade
Date: Mon Apr 23 15:22:57 2018 -0400
Bug 19121: reinstate the update.xml hash check
Revert most changes from Mozilla Bug 1373267 "Remove hashFunction and
hashValue attributes from nsIUpdatePatch and code related to these
attributes." Changes to the tests were not reverted; the tests have
been changed significantly and we do not run automated updater tests
for Tor Browser at this time.
Also partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
Revert the nsUpdateService.js changes from Mozilla Bug 862173 "don't
verify mar file hash when using mar signing to verify the mar file
(lessens main thread I/O)."
Changes to the tests were not reverted; the tests have been changed
significantly and we do not run automated updater tests for
Tor Browser at this time.
We kept the addition to the AppConstants API in case other JS code
references it in the future.
---
toolkit/modules/AppConstants.jsm| 7
toolkit/mozapps/update/UpdateService.jsm| 63 -
toolkit/mozapps/update/UpdateTelemetry.jsm | 1 +
toolkit/mozapps/update/nsIUpdateService.idl | 11 +
4 files changed, 81 insertions(+), 1 deletion(-)
diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index ea10dc97535d..3cb1518f2ab3 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -212,6 +212,13 @@ this.AppConstants = Object.freeze({
false,
#endif
+ MOZ_VERIFY_MAR_SIGNATURE:
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+ true,
+#else
+ false,
+#endif
+
MOZ_MAINTENANCE_SERVICE:
#ifdef MOZ_MAINTENANCE_SERVICE
true,
diff --git a/toolkit/mozapps/update/UpdateService.jsm
b/toolkit/mozapps/update/UpdateService.jsm
index 4d1b1c59eff5..10581c785074 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -969,6 +969,20 @@ function LOG(string) {
}
}
+/**
+ * Convert a string containing binary values to hex.
+ */
+function binaryToHex(input) {
+ var result = "";
+ for (var i = 0; i < input.length; ++i) {
+var hex = input.charCodeAt(i).toString(16);
+if (hex.length == 1)
+ hex = "0" + hex;
+result += hex;
+ }
+ return result;
+}
+
/**
* Gets the specified directory at the specified hierarchy under the
* update root directory and creates it if it doesn't exist.
@@ -1988,6 +2002,8 @@ function UpdatePatch(patch) {
}
break;
case "finalURL":
+ case "hashFunction":
+ case "hashValue":
case "state":
case "type":
case "URL":
@@ -2007,6 +2023,8 @@ UpdatePatch.prototype = {
// over writing nsIUpdatePatch attributes.
_attrNames: [
"errorCode",
+"hashFunction",
+"hashValue",
"finalURL",
"selected",
"size",
@@ -2020,6 +2038,8 @@ UpdatePatch.prototype = {
*/
serialize: function UpdatePatch_serialize(updates) {
var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
+patch.setAttribute("hashFunction", this.hashFunction);
+patch.setAttribute("hashValue", this.hashValue);
patch.setAttribute("size", this.size);
patch.setAttribute("type", this.type);
patch.setAttribute("URL", this.URL);
@@ -5122,7 +5142,42 @@ Downloader.prototype = {
}
LOG("Downloader:_verifyDownload downloaded size == expected size.");
-return true;
+let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
+ createInstance(Ci.nsIFileInputStream);
+fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE,
0);
+
+let digest;
+try {
+ let hash = Cc["@mozilla.org/security/hash;1"].
+ createInstance(Ci.nsICryptoHash);
+ var hashFunction =
Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
+ if (hashFunction == undefined) {
+throw Cr.NS_ERROR_UNEXPECTED;
+ }
+ hash.init(hashFunction);
+ hash.updateFromStream(fileStream, -1);
+ // NOTE: For now, we assume that the format of _patch.hashValue is hex
+ // encoded binary (such as what is typically output by programs like
+ // sha1sum). In the future, this may change to base64 depending on how
+ // we choose to compute these hashes.
+ digest = binaryToHex(hash.finish(false));
+} catch (e) {
+ LOG("Downloader:_verifyDownload - failed to compute hash of the " +
+ "downloaded update archive");
+ digest = "";
+}
+
+fileStream.close();
+
+if (digest == this._patch.hashValue.toLowerCase()) {
+ LOG("Downloader:_verifyDownload hashes match.");
+ return true;
+}
+
+LOG("Downloader:_verifyDownload hashes do not match. ");
+AUSTLMY.pingDownloadCode(this.isCompleteUpdate,
+ AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH);
+return false;
},
/**
@@ -5719,6
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 16940: After update, load local change notes.
commit 3b3af3578931900ecdd3c15e824ab7b94957a4b6
Author: Kathy Brade
Date: Wed Nov 25 11:36:20 2015 -0500
Bug 16940: After update, load local change notes.
Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).
Always load about:tbupdate in a content process, but implement the
code that reads the file system (changelog) in the chrome process
for compatibility with future sandboxing efforts.
Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
changelog page that is designed to be displayed via a link that is on
about:tor.
---
browser/actors/AboutTBUpdateChild.jsm | 12 +++
browser/actors/AboutTBUpdateParent.jsm | 120 +
browser/actors/moz.build | 6 ++
.../base/content/abouttbupdate/aboutTBUpdate.css | 74 +
.../base/content/abouttbupdate/aboutTBUpdate.js| 27 +
.../base/content/abouttbupdate/aboutTBUpdate.xhtml | 39 +++
browser/base/content/browser-siteIdentity.js | 2 +-
browser/base/content/browser.js| 4 +
browser/base/jar.mn| 5 +
browser/components/BrowserContentHandler.jsm | 55 +++---
browser/components/BrowserGlue.jsm | 15 +++
browser/components/about/AboutRedirector.cpp | 6 ++
browser/components/about/components.conf | 3 +
browser/components/moz.build | 5 +-
.../locales/en-US/chrome/browser/aboutTBUpdate.dtd | 8 ++
browser/locales/jar.mn | 3 +
toolkit/modules/RemotePageAccessManager.jsm| 5 +
17 files changed, 373 insertions(+), 16 deletions(-)
diff --git a/browser/actors/AboutTBUpdateChild.jsm
b/browser/actors/AboutTBUpdateChild.jsm
new file mode 100644
index ..4670da19b3db
--- /dev/null
+++ b/browser/actors/AboutTBUpdateChild.jsm
@@ -0,0 +1,12 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"];
+
+const { RemotePageChild } = ChromeUtils.import(
+ "resource://gre/actors/RemotePageChild.jsm"
+);
+
+class AboutTBUpdateChild extends RemotePageChild {}
diff --git a/browser/actors/AboutTBUpdateParent.jsm
b/browser/actors/AboutTBUpdateParent.jsm
new file mode 100644
index ..56a10394565a
--- /dev/null
+++ b/browser/actors/AboutTBUpdateParent.jsm
@@ -0,0 +1,120 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+"use strict";
+
+this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"];
+
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+const { AppConstants } = ChromeUtils.import(
+ "resource://gre/modules/AppConstants.jsm"
+);
+
+const kRequestUpdateMessageName = "FetchUpdateData";
+
+/**
+ * This code provides services to the about:tbupdate page. Whenever
+ * about:tbupdate needs to do something chrome-privileged, it sends a
+ * message that's handled here. It is modeled after Mozilla's about:home
+ * implementation.
+ */
+class AboutTBUpdateParent extends JSWindowActorParent {
+ receiveMessage(aMessage) {
+if (aMessage.name == kRequestUpdateMessageName) {
+ return this.releaseNoteInfo;
+}
+return undefined;
+ }
+
+ get moreInfoURL() {
+try {
+ return Services.prefs.getCharPref("torbrowser.post_update.url");
+} catch (e) {}
+
+// Use the default URL as a fallback.
+return
Services.urlFormatter.formatURLPref("startup.homepage_override_url");
+ }
+
+ // Read the text from the beginning of the changelog file that is located
+ // at TorBrowser/Docs/ChangeLog.txt and return an object that contains
+ // the following properties:
+ // versione.g., Tor Browser 8.5
+ // releaseDatee.g., March 31 2019
+ // releaseNotes details of changes (lines 2 - end of ChangeLog.txt)
+ // We attempt to parse the first line of ChangeLog.txt to extract the
+ // version and releaseDate. If parsing fails, we return the entire first
+ // line in version and omit releaseDate.
+ //
+ // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir
+ // to support Gatekeeper signing, the ChangeLog.txt file is located in
+ // TorBrowser.app/Contents/Resources/TorBrowser/Docs/.
+ get releaseNoteInfo() {
+let info = { moreInfoURL: this.moreInfoURL };
+
+try {
+ let f;
+ if (AppConstants.TOR_BROWSER_DATA_OUTSIDE_APP_DIR) {
+// "XREExeF".parent is the directory that contains firefox, i.e.,
+// Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/.
+f =
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 11641: change TBB directory structure to be more like Firefox's
commit 8039733733b8af4f0567498f7b8199ba645ed4af
Author: Kathy Brade
Date: Tue Apr 29 13:08:24 2014 -0400
Bug 11641: change TBB directory structure to be more like Firefox's
Unless the -osint command line flag is used, the browser now defaults
to the equivalent of -no-remote. There is a new -allow-remote flag that
may be used to restore the original (Firefox-like) default behavior.
---
toolkit/xre/nsAppRunner.cpp | 21 -
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 351766bdbdcd..6d6238feda46 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1837,8 +1837,10 @@ static void DumpHelp() {
" --migrationStart with migration wizard.\n"
" --ProfileManager Start with ProfileManager.\n"
#ifdef MOZ_HAS_REMOTE
- " --no-remoteDo not accept or send remote commands; implies\n"
+ " --no-remote(default) Do not accept or send remote commands; "
+ "implies\n"
" --new-instance.\n"
+ " --allow-remote Accept and send remote commands.\n"
" --new-instance Open new instance, not a new window in running "
"instance.\n"
#endif
@@ -4100,16 +4102,25 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
gSafeMode);
#if defined(MOZ_HAS_REMOTE)
+ // In Tor Browser, remoting is disabled by default unless -osint is used.
+ bool allowRemote = (CheckArg("allow-remote") == ARG_FOUND);
+ bool isOsint = (CheckArg("osint", nullptr, CheckArgFlag::None) == ARG_FOUND);
+ if (!allowRemote && !isOsint) {
+SaveToEnv("MOZ_NO_REMOTE=1");
+ }
// Handle --no-remote and --new-instance command line arguments. Setup
// the environment to better accommodate other components and various
// restart scenarios.
ar = CheckArg("no-remote");
- if (ar == ARG_FOUND || EnvHasValue("MOZ_NO_REMOTE")) {
+ if ((ar == ARG_FOUND) && allowRemote) {
+PR_fprintf(PR_STDERR,
+ "Error: argument --no-remote is invalid when argument "
+ "--allow-remote is specified\n");
+return 1;
+ }
+ if (EnvHasValue("MOZ_NO_REMOTE")) {
mDisableRemoteClient = true;
mDisableRemoteServer = true;
-if (!EnvHasValue("MOZ_NO_REMOTE")) {
- SaveToEnv("MOZ_NO_REMOTE=1");
-}
}
ar = CheckArg("new-instance");
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 4234: Use the Firefox Update Process for Tor Browser.
commit 74162247c4c3622ef2d3e0ad1fa3048415b1bbd7 Author: Kathy Brade Date: Fri Jan 13 11:40:24 2017 -0500 Bug 4234: Use the Firefox Update Process for Tor Browser. The following files are never updated: TorBrowser/Data/Browser/profiles.ini TorBrowser/Data/Browser/profile.default/bookmarks.html TorBrowser/Data/Tor/torrc Mac OS: Store update metadata under TorBrowser/UpdateInfo. Removed the %OS_VERSION% component from the update URL (13047) and added support for minSupportedOSVersion, an attribute of the element that may be used to trigger Firefox's "unsupported platform" behavior. Hide the "What's new" links (set app.releaseNotesURL value to about:blank). Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, 16909, 24476, and 25909. Also fix Bug 26049: reduce the delay before the update prompt is displayed. Instead of Firefox's 2 days, we use 1 hour (after which time the update doorhanger will be displayed). Also fix bug 27221: purge the startup cache if the Tor Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Tor Browser update. Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality. Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. Bug 28885: notify users that update is downloading Add a "Downloading Tor Browser update" item which appears in the hamburger (app) menu while the update service is downloading a MAR file. Before this change, the browser did not indicate to the user that an update was in progress, which is especially confusing in Tor Browser because downloads often take some time. If the user clicks on the new menu item, the about dialog is opened to allow the user to see download progress. As part of this fix, the update service was changed to always show update-related messages in the hamburger menu, even if the update was started in the foreground via the about dialog or via the "Check for Tor Browser Update" toolbar menu item. This change is consistent with the Tor Browser goal of making sure users are informed about the update process. Removed #28885 parts of this patch which have been uplifted to Firefox. --- browser/app/Makefile.in| 2 + browser/app/profile/000-tor-browser.js | 16 +- browser/app/profile/firefox.js | 10 +- browser/base/content/aboutDialog-appUpdater.js | 2 +- browser/base/content/aboutDialog.js| 12 +- browser/components/BrowserContentHandler.jsm | 39 ++- .../customizableui/content/panelUI.inc.xhtml | 2 +- browser/confvars.sh| 35 +-- browser/installer/package-manifest.in | 2 + build/application.ini.in | 2 +- build/moz.configure/init.configure | 3 +- config/createprecomplete.py| 18 +- .../client/aboutdebugging/src/actions/runtimes.js | 5 + toolkit/modules/UpdateUtils.jsm| 22 +- toolkit/mozapps/extensions/AddonManager.jsm| 24 ++ toolkit/mozapps/extensions/test/browser/head.js| 1 + .../extensions/test/xpcshell/head_addons.js| 1 + toolkit/mozapps/update/UpdateService.jsm | 125 +++- toolkit/mozapps/update/UpdateServiceStub.jsm | 4 + toolkit/mozapps/update/common/updatehelper.cpp | 8 + toolkit/mozapps/update/moz.build | 5 +- toolkit/mozapps/update/updater/launchchild_osx.mm | 2 + toolkit/mozapps/update/updater/moz.build | 2 +- toolkit/mozapps/update/updater/updater.cpp | 339 ++--- toolkit/xre/MacLaunchHelper.h | 2 + toolkit/xre/MacLaunchHelper.mm | 2 + toolkit/xre/nsAppRunner.cpp| 22 +- toolkit/xre/nsUpdateDriver.cpp | 109 ++- toolkit/xre/nsXREDirProvider.cpp | 42 ++- tools/update-packaging/common.sh | 64 ++-- tools/update-packaging/make_full_update.sh | 25 ++ tools/update-packaging/make_incremental_update.sh | 71 - 32 files changed, 874 insertions(+), 144 deletions(-) diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in index 8dd3a9a65661..3a5550c96c15 100644 --- a/browser/app/Makefile.in +++ b/browser/app/Makefile.in @@ -97,10 +97,12 @@ tools repackage::
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 13379: Sign our MAR files.
commit ceb3c6215f33a066700ce7070e25b0fa1e23d0d6
Author: Kathy Brade
Date: Wed Dec 17 16:37:11 2014 -0500
Bug 13379: Sign our MAR files.
Configure with --enable-verify-mar (when updating, require a valid
signature on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (instead of using
OS-native APIs, which Mozilla does on Mac OS and Windows). So that the
NSS and NSPR libraries the updater depends on can be found at runtime,
we add the firefox directory to the shared library search path on macOS.
On Linux, rpath is used by Mozilla to solve that problem, but that
approach won't work on macOS because the updater executable is copied
during the update process to a location that is under TorBrowser-Data,
and the location of TorBrowser-Data varies.
Also includes the fix for bug 18900.
---
.mozconfig | 1 +
.mozconfig-asan| 1 +
.mozconfig-mac | 1 +
.mozconfig-mingw | 1 +
modules/libmar/tool/mar.c | 6 +--
modules/libmar/tool/moz.build | 12 --
modules/libmar/verify/moz.build| 14 +++---
.../mozapps/update/updater/updater-common.build| 24 +--
toolkit/mozapps/update/updater/updater.cpp | 25 +++
toolkit/xre/moz.build | 3 ++
toolkit/xre/nsUpdateDriver.cpp | 50 ++
11 files changed, 113 insertions(+), 25 deletions(-)
diff --git a/.mozconfig b/.mozconfig
index 18cd1f9b6487..c50c57d410de 100755
--- a/.mozconfig
+++ b/.mozconfig
@@ -37,3 +37,4 @@ ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-tor-launcher
ac_add_options --with-tor-browser-version=dev-build
ac_add_options --disable-tor-browser-update
+ac_add_options --enable-verify-mar
diff --git a/.mozconfig-asan b/.mozconfig-asan
index 98ea6ac6f3fe..8bee813bfee8 100644
--- a/.mozconfig-asan
+++ b/.mozconfig-asan
@@ -30,6 +30,7 @@ ac_add_options --enable-official-branding
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-strip
ac_add_options --disable-install-strip
diff --git a/.mozconfig-mac b/.mozconfig-mac
index 26e2b6b92fdb..5b4624ef1f67 100644
--- a/.mozconfig-mac
+++ b/.mozconfig-mac
@@ -43,6 +43,7 @@ ac_add_options --disable-debug
ac_add_options --enable-tor-browser-data-outside-app-dir
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
diff --git a/.mozconfig-mingw b/.mozconfig-mingw
index 3ec6ff18a3e9..ce6ace1dad67 100644
--- a/.mozconfig-mingw
+++ b/.mozconfig-mingw
@@ -15,6 +15,7 @@ ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-bits-download
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
diff --git a/modules/libmar/tool/mar.c b/modules/libmar/tool/mar.c
index 0bf2cb4bd1d4..ea2b79924914 100644
--- a/modules/libmar/tool/mar.c
+++ b/modules/libmar/tool/mar.c
@@ -65,7 +65,7 @@ static void print_usage() {
"signed_input_archive.mar base_64_encoded_signature_file "
"changed_signed_output.mar\n");
printf("(i) is the index of the certificate to extract\n");
-# if defined(XP_MACOSX) || (defined(XP_WIN) && !defined(MAR_NSS))
+# if (defined(XP_MACOSX) || defined(XP_WIN)) && !defined(MAR_NSS)
printf("Verify a MAR file:\n");
printf(" mar [-C workingDir] -D DERFilePath -v signed_archive.mar\n");
printf(
@@ -149,7 +149,7 @@ int main(int argc, char** argv) {
memset((void*)certBuffers, 0, sizeof(certBuffers));
#endif
#if !defined(NO_SIGN_VERIFY) && \
-((!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX))
+(!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
memset(DERFilePaths, 0, sizeof(DERFilePaths));
memset(fileSizes, 0, sizeof(fileSizes));
#endif
@@ -181,7 +181,7 @@ int main(int argc, char** argv) {
argc -= 2;
}
#if !defined(NO_SIGN_VERIFY)
-# if (!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX)
+# if (!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
/* -D DERFilePath, also matches -D[index] DERFilePath
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
diff --git a/modules/libmar/tool/moz.build b/modules/libmar/tool/moz.build
index a6d26c66a668..d6fa1677ddf1 100644
--- a/modules/libmar/tool/moz.build
+++
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 19273: Avoid JavaScript patching of the external app helper dialog.
commit 44cf55238e52e8effc23ec78341caa11bfca6212
Author: Kathy Brade
Date: Tue Jun 28 15:13:05 2016 -0400
Bug 19273: Avoid JavaScript patching of the external app helper dialog.
When handling an external URI or downloading a file, invoke Torbutton's
external app blocker component (which will present a download warning
dialog unless the user has checked the "Automatically download files
from now on" box).
For e10s compatibility, avoid using a modal dialog and instead use
a callback interface (nsIHelperAppWarningLauncher) to allow Torbutton
to indicate the user's desire to cancel or continue each request.
Other bugs fixed:
Bug 21766: Crash with e10s enabled while trying to download a file
Bug 21886: Download is stalled in non-e10s mode
Bug 22471: Downloading files via the PDF viewer download button is broken
Bug 22472: Fix FTP downloads when external helper app dialog is shown
Bug 22610: Avoid crashes when canceling external helper app downloads
Bug 22618: Downloading pdf file via file:/// is stalling
---
.../exthandler/nsExternalHelperAppService.cpp | 178 ++---
uriloader/exthandler/nsExternalHelperAppService.h | 3 +
.../exthandler/nsIExternalHelperAppService.idl | 47 ++
3 files changed, 210 insertions(+), 18 deletions(-)
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp
b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 228c6ba51be4..d7de04694c62 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -133,6 +133,9 @@ static const char NEVER_ASK_FOR_SAVE_TO_DISK_PREF[] =
static const char NEVER_ASK_FOR_OPEN_FILE_PREF[] =
"browser.helperApps.neverAsk.openFile";
+static const char WARNING_DIALOG_CONTRACT_ID[] =
+"@torproject.org/torbutton-extAppBlocker;1";
+
// Helper functions for Content-Disposition headers
/**
@@ -423,6 +426,22 @@ static nsresult GetDownloadDirectory(nsIFile** _directory,
return NS_OK;
}
+static already_AddRefed GetDialogParentAux(
+BrowsingContext* aBrowsingContext, nsIInterfaceRequestor* aWindowContext) {
+ nsCOMPtr dialogParent = aWindowContext;
+
+ if (!dialogParent && aBrowsingContext) {
+dialogParent = do_QueryInterface(aBrowsingContext->GetDOMWindow());
+ }
+ if (!dialogParent && aBrowsingContext && XRE_IsParentProcess()) {
+RefPtr element = aBrowsingContext->Top()->GetEmbedderElement();
+if (element) {
+ dialogParent = do_QueryInterface(element->OwnerDoc()->GetWindow());
+}
+ }
+ return dialogParent.forget();
+}
+
/**
* Structure for storing extension->type mappings.
* @see defaultMimeEntries
@@ -627,6 +646,96 @@ static const char* descriptionOverwriteExtensions[] = {
"avif", "jxl", "pdf", "svg", "webp", "xml",
};
+//
+// begin nsExternalLoadURIHandler class definition and implementation
+//
+class nsExternalLoadURIHandler final : public nsIHelperAppWarningLauncher {
+ public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSIHELPERAPPWARNINGLAUNCHER
+
+ nsExternalLoadURIHandler(nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+ nsIPrincipal* aTriggeringPrincipal,
+ BrowsingContext* aBrowsingContext,
+ bool aTriggeredExternally);
+
+ protected:
+ ~nsExternalLoadURIHandler();
+
+ nsCOMPtr mHandlerInfo;
+ nsCOMPtr mURI;
+ nsCOMPtr mTriggeringPrincipal;
+ RefPtr mBrowsingContext;
+ bool mTriggeredExternally;
+ nsCOMPtr mWarningDialog;
+};
+
+NS_IMPL_ADDREF(nsExternalLoadURIHandler)
+NS_IMPL_RELEASE(nsExternalLoadURIHandler)
+
+NS_INTERFACE_MAP_BEGIN(nsExternalLoadURIHandler)
+ NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIHelperAppWarningLauncher)
+ NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher)
+NS_INTERFACE_MAP_END
+
+nsExternalLoadURIHandler::nsExternalLoadURIHandler(
+nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+nsIPrincipal* aTriggeringPrincipal, BrowsingContext* aBrowsingContext,
+bool aTriggeredExternally)
+: mHandlerInfo(aHandlerInfo),
+ mURI(aURI),
+ mTriggeringPrincipal(aTriggeringPrincipal),
+ mBrowsingContext(aBrowsingContext),
+ mTriggeredExternally(aTriggeredExternally)
+
+{
+ nsresult rv = NS_OK;
+ mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, );
+ if (NS_SUCCEEDED(rv) && mWarningDialog) {
+// This will create a reference cycle (the dialog holds a reference to us
+// as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest
+// or CancelRequest.
+nsCOMPtr dialogParent =
+GetDialogParentAux(aBrowsingContext, nullptr);
+rv = mWarningDialog->MaybeShow(this, dialogParent);
+ }
+
+ if (NS_FAILED(rv)) {
+// If
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 21830: Copying large text from web console leaks to /tmp
commit 7c41223f801b99f2cd1d6fb2866cd924d5265b6f
Author: Georg Koppen
Date: Fri Aug 4 05:55:49 2017 +
Bug 21830: Copying large text from web console leaks to /tmp
Patch written by Neill Miller
---
widget/nsTransferable.cpp | 6 ++
1 file changed, 6 insertions(+)
diff --git a/widget/nsTransferable.cpp b/widget/nsTransferable.cpp
index c82549a4d1d1..f8ecfbff0983 100644
--- a/widget/nsTransferable.cpp
+++ b/widget/nsTransferable.cpp
@@ -33,6 +33,7 @@ Notes to self:
#include "nsILoadContext.h"
#include "nsXULAppAPI.h"
#include "mozilla/UniquePtr.h"
+#include "mozilla/Preferences.h"
using namespace mozilla;
@@ -195,6 +196,11 @@ nsTransferable::Init(nsILoadContext* aContext) {
if (aContext) {
mPrivateData = aContext->UsePrivateBrowsing();
+ } else {
+// without aContext here to provide PrivateBrowsing information,
+// we defer to the active configured setting
+mPrivateData =
+mozilla::Preferences::GetBool("browser.privatebrowsing.autostart");
}
#ifdef DEBUG
mInitialized = true;
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 21431: Clean-up system extensions shipped in Firefox
commit 27dafa74c1351a3c620aabda5cb553625ca97c32
Author: Kathy Brade
Date: Tue May 23 17:05:29 2017 -0400
Bug 21431: Clean-up system extensions shipped in Firefox
Only ship the pdfjs extension.
---
browser/components/BrowserGlue.jsm| 6 ++
browser/extensions/moz.build | 10 +-
browser/installer/package-manifest.in | 1 -
browser/locales/Makefile.in | 8
browser/locales/jar.mn| 7 ---
5 files changed, 7 insertions(+), 25 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm
b/browser/components/BrowserGlue.jsm
index 3beb2da3ce52..7c3a7ace3ae9 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1967,6 +1967,9 @@ BrowserGlue.prototype = {
const ID = "screensh...@mozilla.org";
const _checkScreenshotsPref = async () => {
let addon = await AddonManager.getAddonByID(ID);
+ if (!addon) {
+return;
+ }
let disabled = Services.prefs.getBoolPref(PREF, false);
if (disabled) {
await addon.disable({ allowSystemAddons: true });
@@ -1983,6 +1986,9 @@ BrowserGlue.prototype = {
const ID = "webcompat-repor...@mozilla.org";
Services.prefs.addObserver(PREF, async () => {
let addon = await AddonManager.getAddonByID(ID);
+ if (!addon) {
+return;
+ }
let enabled = Services.prefs.getBoolPref(PREF, false);
if (enabled && !addon.isActive) {
await addon.enable({ allowSystemAddons: true });
diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
index b3cd1f249c40..72a9c9e9a636 100644
--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
@@ -4,15 +4,7 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-DIRS += [
-"doh-rollout",
-"formautofill",
-"screenshots",
-"webcompat",
-"report-site-issue",
-"pictureinpicture",
-"proxy-failover",
-]
+DIRS += []
if CONFIG["NIGHTLY_BUILD"]:
DIRS += [
diff --git a/browser/installer/package-manifest.in
b/browser/installer/package-manifest.in
index fb4993acbe7f..dd71fb6e196f 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -259,7 +259,6 @@
@RESPATH@/browser/chrome/icons/default/default64.png
@RESPATH@/browser/chrome/icons/default/default128.png
#endif
-@RESPATH@/browser/features/*
; [DevTools Startup Files]
@RESPATH@/browser/chrome/devtools-startup@JAREXT@
diff --git a/browser/locales/Makefile.in b/browser/locales/Makefile.in
index 496379c4306f..0946188813da 100644
--- a/browser/locales/Makefile.in
+++ b/browser/locales/Makefile.in
@@ -58,10 +58,6 @@ l10n-%:
@$(MAKE) -C ../../toolkit/locales l10n-$*
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) -C ../../services/sync/locales AB_CD=$* XPI_NAME=locale-$*
@$(MAKE) -C ../../extensions/spellcheck/locales AB_CD=$*
XPI_NAME=locale-$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
- @$(MAKE) -C ../extensions/formautofill/locales AB_CD=$*
XPI_NAME=locale-$*
-endif
- @$(MAKE) -C ../extensions/report-site-issue/locales AB_CD=$*
XPI_NAME=locale-$*
@$(MAKE) -C ../../devtools/client/locales AB_CD=$* XPI_NAME=locale-$*
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) -C ../../devtools/startup/locales AB_CD=$* XPI_NAME=locale-$*
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) l10n AB_CD=$* XPI_NAME=locale-$* PREF_DIR=$(PREF_DIR)
@@ -75,14 +71,10 @@ chrome-%:
@$(MAKE) -C ../../toolkit/locales chrome-$*
@$(MAKE) -C ../../services/sync/locales chrome AB_CD=$*
@$(MAKE) -C ../../extensions/spellcheck/locales chrome AB_CD=$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
- @$(MAKE) -C ../extensions/formautofill/locales chrome AB_CD=$*
-endif
@$(MAKE) -C ../../devtools/client/locales chrome AB_CD=$*
@$(MAKE) -C ../../devtools/startup/locales chrome AB_CD=$*
@$(MAKE) chrome AB_CD=$*
@$(MAKE) -C $(DEPTH)/$(MOZ_BRANDING_DIRECTORY)/locales chrome AB_CD=$*
- @$(MAKE) -C ../extensions/report-site-issue/locales chrome AB_CD=$*
package-win32-installer: $(SUBMAKEFILES)
$(MAKE) -C ../installer/windows CONFIG_DIR=l10ngen ZIP_IN='$(ZIP_OUT)'
installer
diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn
index c6fdccea7d70..90bc7a0d4757 100644
--- a/browser/locales/jar.mn
+++ b/browser/locales/jar.mn
@@ -48,10 +48,3 @@
# the following files are browser-specific overrides
locale/browser/netError.dtd(%chrome/overrides/netError.dtd)
locale/browser/appstrings.properties
(%chrome/overrides/appstrings.properties)
-
-#ifdef XPI_NAME
-# Bug 1240628, restructure how l10n repacks work with feature addons
-# This is hacky, but ensures the chrome.manifest chain is complete
-[.] chrome.jar:
-% manifest features/chrome.manifest
-#endif
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
commit 395027be64cccd5edfd3191b741d1f71717436d2 Author: Mike Perry Date: Fri May 5 03:41:57 2017 -0700 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed. Also: Bug 16322: Update DuckDuckGo search engine We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well. Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly. Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for. Also regression tests. squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40494: Update Startpage search provider squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40438: Add Blockchair as a search engine --- .../search/extensions/blockchair-onion/favicon.png | Bin 0 -> 947 bytes .../extensions/blockchair-onion/manifest.json | 26 ++ .../search/extensions/blockchair/favicon.png | Bin 0 -> 947 bytes .../search/extensions/blockchair/manifest.json | 26 ++ .../search/extensions/ddg-onion/favicon.ico| Bin 0 -> 973 bytes .../search/extensions/ddg-onion/manifest.json | 26 ++ .../components/search/extensions/ddg/favicon.ico | Bin 5430 -> 0 bytes .../components/search/extensions/ddg/favicon.png | Bin 0 -> 1150 bytes .../components/search/extensions/ddg/manifest.json | 38 ++--- .../extensions/google/_locales/b-1-d/messages.json | 23 - .../extensions/google/_locales/b-1-e/messages.json | 23 - .../extensions/google/_locales/b-d/messages.json | 23 - .../extensions/google/_locales/b-e/messages.json | 23 - .../extensions/google/_locales/en/messages.json| 24 - .../search/extensions/google/manifest.json | 17 + .../search/extensions/startpage/favicon.png| Bin 0 -> 1150 bytes .../search/extensions/startpage/manifest.json | 26 ++ .../search/extensions/twitter/favicon.ico | Bin 0 -> 1650 bytes .../search/extensions/twitter/manifest.json| 26 ++ .../extensions/wikipedia/_locales/NN/messages.json | 20 --- .../extensions/wikipedia/_locales/NO/messages.json | 20 --- .../extensions/wikipedia/_locales/af/messages.json | 20 --- .../extensions/wikipedia/_locales/an/messages.json | 20 --- .../extensions/wikipedia/_locales/ar/messages.json | 20 --- .../wikipedia/_locales/ast/messages.json | 20 --- .../extensions/wikipedia/_locales/az/messages.json | 20 --- .../wikipedia/_locales/be-tarask/messages.json | 20 --- .../extensions/wikipedia/_locales/be/messages.json | 20 --- .../extensions/wikipedia/_locales/bg/messages.json | 20 --- .../extensions/wikipedia/_locales/bn/messages.json | 20 --- .../extensions/wikipedia/_locales/br/messages.json | 20 --- .../extensions/wikipedia/_locales/bs/messages.json | 20 --- .../extensions/wikipedia/_locales/ca/messages.json | 20 --- .../extensions/wikipedia/_locales/cy/messages.json | 20 --- .../extensions/wikipedia/_locales/cz/messages.json | 20 --- .../extensions/wikipedia/_locales/da/messages.json | 20 --- .../extensions/wikipedia/_locales/de/messages.json | 20 --- .../wikipedia/_locales/dsb/messages.json | 20 --- .../extensions/wikipedia/_locales/el/messages.json | 20 --- .../extensions/wikipedia/_locales/en/messages.json | 20 --- .../extensions/wikipedia/_locales/eo/messages.json | 20 --- .../extensions/wikipedia/_locales/es/messages.json | 20 --- .../extensions/wikipedia/_locales/et/messages.json | 20 --- .../extensions/wikipedia/_locales/eu/messages.json | 20 --- .../extensions/wikipedia/_locales/fa/messages.json | 20 ---
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 21724: Make Firefox and Tor Browser distinct macOS apps
commit 35b33e9324791d32af0fcb8226cf83247ea42e35 Author: teor Date: Mon Mar 13 23:06:23 2017 +1100 Bug 21724: Make Firefox and Tor Browser distinct macOS apps When macOS opens a document or selects a default browser, it sometimes uses the CFBundleSignature. Changing from the Firefox MOZB signature to a different signature TORB allows macOS to distinguish between Firefox and Tor Browser. --- browser/app/Makefile.in | 2 +- browser/app/macbuild/Contents/Info.plist.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in index 54d6b43fe126..8dd3a9a65661 100644 --- a/browser/app/Makefile.in +++ b/browser/app/Makefile.in @@ -102,5 +102,5 @@ ifdef MOZ_UPDATER mv -f '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' '$(dist_dest)/Contents/Library/LaunchServices' ln -s ../../../../Library/LaunchServices/org.mozilla.updater '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' endif - printf APPLMOZB > '$(dist_dest)/Contents/PkgInfo' + printf APPLTORB > '$(dist_dest)/Contents/PkgInfo' endif diff --git a/browser/app/macbuild/Contents/Info.plist.in b/browser/app/macbuild/Contents/Info.plist.in index 9ceaf88f15c1..d8858e9f01bf 100644 --- a/browser/app/macbuild/Contents/Info.plist.in +++ b/browser/app/macbuild/Contents/Info.plist.in @@ -179,7 +179,7 @@ CFBundleShortVersionString @APP_VERSION@ CFBundleSignature - MOZB + TORB CFBundleURLTypes ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
commit 4470d54df8c125e1a13a61c2fe0fb2ada5cbe249
Author: Kathy Brade
Date: Thu Apr 21 10:40:26 2016 -0400
Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
Instead of using the local computer's IP address within
symlink-based profile lock signatures, always use 127.0.0.1.
---
toolkit/profile/nsProfileLock.cpp | 17 -
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/toolkit/profile/nsProfileLock.cpp
b/toolkit/profile/nsProfileLock.cpp
index 28d38c11684e..a1b3edc54a05 100644
--- a/toolkit/profile/nsProfileLock.cpp
+++ b/toolkit/profile/nsProfileLock.cpp
@@ -304,18 +304,17 @@ nsresult nsProfileLock::LockWithSymlink(nsIFile*
aLockFile,
if (!mReplacedLockTime)
aLockFile->GetLastModifiedTimeOfLink();
+ // For Tor Browser, avoid a DNS lookup here so the Tor network is not
+ // bypassed. Instead, always use 127.0.0.1 for the IP address portion
+ // of the lock signature, which may cause the browser to refuse to
+ // start in the rare event that all of the following conditions are met:
+ // 1. The browser profile is on a network file system.
+ // 2. The file system does not support fcntl() locking.
+ // 3. Tor Browser is run from two different computers at the same time.
+
struct in_addr inaddr;
inaddr.s_addr = htonl(INADDR_LOOPBACK);
- char hostname[256];
- PRStatus status = PR_GetSystemInfo(PR_SI_HOSTNAME, hostname, sizeof
hostname);
- if (status == PR_SUCCESS) {
-char netdbbuf[PR_NETDB_BUF_SIZE];
-PRHostEnt hostent;
-status = PR_GetHostByName(hostname, netdbbuf, sizeof netdbbuf, );
-if (status == PR_SUCCESS) memcpy(, hostent.h_addr, sizeof inaddr);
- }
-
mozilla::SmprintfPointer signature =
mozilla::Smprintf("%s:%s%lu", inet_ntoa(inaddr),
aHaveFcntlLock ? "+" : "", (unsigned long)getpid());
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 16620: Clear window.name when no referrer sent
commit ec3153d503fa7a5d1aafc2d25dcde041cd9b170f
Author: Kathy Brade
Date: Fri Oct 30 14:28:13 2015 -0400
Bug 16620: Clear window.name when no referrer sent
Convert JS implementation (within Torbutton) to a C++ browser patch.
---
docshell/base/nsDocShell.cpp | 60 +++
docshell/test/mochitest/mochitest.ini | 5 +
docshell/test/mochitest/test_tor_bug16620.html | 211 +
docshell/test/mochitest/tor_bug16620.html | 51 ++
docshell/test/mochitest/tor_bug16620_form.html | 51 ++
modules/libpref/init/StaticPrefList.yaml | 2 +-
6 files changed, 379 insertions(+), 1 deletion(-)
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index e17c7c805992..68d5621b41e7 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -7672,11 +7672,71 @@ nsresult nsDocShell::CreateContentViewer(const
nsACString& aContentType,
aOpenedChannel->GetURI(getter_AddRefs(mLoadingURI));
}
FirePageHideNotification(!mSavingOldViewer);
+
if (mIsBeingDestroyed) {
// Force to stop the newly created orphaned viewer.
viewer->Stop();
return NS_ERROR_DOCSHELL_DYING;
}
+
+ // Tor bug 16620: Clear window.name of top-level documents if
+ // there is no referrer. We make an exception for new windows,
+ // e.g., window.open(url, "MyName").
+ bool isNewWindowTarget = false;
+ nsCOMPtr props(do_QueryInterface(aRequest, ));
+ if (props) {
+props->GetPropertyAsBool(u"docshell.newWindowTarget"_ns,
+ );
+ }
+
+ if (!isNewWindowTarget) {
+nsCOMPtr httpChannel(do_QueryInterface(aOpenedChannel));
+nsCOMPtr httpReferrer;
+if (httpChannel) {
+ nsCOMPtr referrerInfo;
+ rv = httpChannel->GetReferrerInfo(getter_AddRefs(referrerInfo));
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (referrerInfo) {
+// We want GetComputedReferrer() instead of GetOriginalReferrer(),
since
+// the former takes into consideration referrer policy, protocol
+// whitelisting...
+httpReferrer = referrerInfo->GetComputedReferrer();
+ }
+}
+
+bool isTopFrame = mBrowsingContext->IsTop();
+
+#ifdef DEBUG_WINDOW_NAME
+printf("DOCSHELL %p CreateContentViewer - possibly clearing
window.name:\n",
+ this);
+printf(" current window.name: \"%s\"\n",
+ NS_ConvertUTF16toUTF8(mName).get());
+
+nsAutoCString curSpec, loadingSpec;
+if (this->mCurrentURI) mCurrentURI->GetSpec(curSpec);
+if (mLoadingURI) mLoadingURI->GetSpec(loadingSpec);
+printf(" current URI: %s\n", curSpec.get());
+printf(" loading URI: %s\n", loadingSpec.get());
+printf(" is top document: %s\n", isTopFrame ? "Yes" : "No");
+
+if (!httpReferrer) {
+ printf(" referrer: None\n");
+} else {
+ nsAutoCString refSpec;
+ httpReferrer->GetSpec(refSpec);
+ printf(" referrer: %s\n", refSpec.get());
+}
+#endif
+
+bool clearName = isTopFrame && !httpReferrer;
+if (clearName) SetName(u""_ns);
+
+#ifdef DEBUG_WINDOW_NAME
+printf(" action taken: %s window.name\n",
+ clearName ? "Cleared" : "Preserved");
+#endif
+ }
+
mLoadingURI = nullptr;
// Set mFiredUnloadEvent = false so that the unload handler for the
diff --git a/docshell/test/mochitest/mochitest.ini
b/docshell/test/mochitest/mochitest.ini
index cea63f080117..efc991ef1eee 100644
--- a/docshell/test/mochitest/mochitest.ini
+++ b/docshell/test/mochitest/mochitest.ini
@@ -53,6 +53,10 @@ support-files =
start_historyframe.html
url1_historyframe.html
url2_historyframe.html
+ tor_bug16620.html
+ tor_bug16620_form.html
+prefs =
+ gfx.font_rendering.fallback.async=false
[test_anchor_scroll_after_document_open.html]
[test_bfcache_plus_hash.html]
@@ -120,6 +124,7 @@ support-files =
[test_framedhistoryframes.html]
support-files = file_framedhistoryframes.html
[test_pushState_after_document_open.html]
+[test_tor_bug16620.html]
[test_navigate_after_pagehide.html]
[test_redirect_history.html]
support-files =
diff --git a/docshell/test/mochitest/test_tor_bug16620.html
b/docshell/test/mochitest/test_tor_bug16620.html
new file mode 100644
index ..46fff5a04711
--- /dev/null
+++ b/docshell/test/mochitest/test_tor_bug16620.html
@@ -0,0 +1,211 @@
+
+
+
+
+
+ Test for Tor Bug 16620 - Clear window.name when no referrer
sent
+
+
+
+
+https://trac.torproject.org/projects/tor/ticket/16620;>Tor Bug 16620
+
+// ## Test constants
+const kTestPath = "/tests/docshell/test/mochitest/";
+const kLinkFile = "tor_bug16620.html";
+const kFormFile = "tor_bug16620_form.html";
+const kBaseURL1 = "http://example.com";;
+const kBaseURL1_https = "https://example.com";;
+const kBaseURL2 = "http://example.net";;
+const
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 18821: Disable libmdns for Android and Desktop
commit 80b1a060a270251b97b70e88b543f6c87220a9b4
Author: Georg Koppen
Date: Wed Apr 20 14:34:50 2016 +
Bug 18821: Disable libmdns for Android and Desktop
There should be no need to remove the OS X support introduced in
https://bugzilla.mozilla.org/show_bug.cgi?id=1225726 as enabling this
is governed by a preference (which is actually set to `false`). However,
we remove it at build time as well (defense in depth).
This is basically a backout of the relevant passages of
https://hg.mozilla.org/mozilla-central/rev/6bfb430de85d,
https://hg.mozilla.org/mozilla-central/rev/609b337bf7ab and
https://hg.mozilla.org/mozilla-central/rev/8e092ec5fbbd.
Fixed bug 21861 (Disable additional mDNS code to avoid proxy bypasses)
as well.
Mozilla removed the Presentation API piece of this patch in Bug 1697680.
---
netwerk/dns/mdns/libmdns/components.conf | 15 ---
netwerk/dns/mdns/libmdns/moz.build | 28
2 files changed, 43 deletions(-)
diff --git a/netwerk/dns/mdns/libmdns/components.conf
b/netwerk/dns/mdns/libmdns/components.conf
index 6e64140c820e..1b50dbf673a4 100644
--- a/netwerk/dns/mdns/libmdns/components.conf
+++ b/netwerk/dns/mdns/libmdns/components.conf
@@ -5,20 +5,5 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
Classes = [
-{
-'cid': '{14a50f2b-7ff6-48a5-88e3-615fd111f5d3}',
-'contract_ids':
['@mozilla.org/toolkit/components/mdnsresponder/dns-info;1'],
-'type': 'mozilla::net::nsDNSServiceInfo',
-'headers': ['/netwerk/dns/mdns/libmdns/nsDNSServiceInfo.h'],
-},
]
-if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'cocoa':
-Classes += [
-{
-'cid': '{f9346d98-f27a-4e89-b744-493843416480}',
-'contract_ids':
['@mozilla.org/toolkit/components/mdnsresponder/dns-sd;1'],
-'jsm': 'resource://gre/modules/DNSServiceDiscovery.jsm',
-'constructor': 'nsDNSServiceDiscovery',
-},
-]
diff --git a/netwerk/dns/mdns/libmdns/moz.build
b/netwerk/dns/mdns/libmdns/moz.build
index f9c025fa823e..e6e70a6d803c 100644
--- a/netwerk/dns/mdns/libmdns/moz.build
+++ b/netwerk/dns/mdns/libmdns/moz.build
@@ -4,34 +4,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
-UNIFIED_SOURCES += [
-"MDNSResponderOperator.cpp",
-"MDNSResponderReply.cpp",
-"nsDNSServiceDiscovery.cpp",
-]
-
-LOCAL_INCLUDES += [
-"/netwerk/base",
-]
-
-else:
-EXTRA_JS_MODULES += [
-"DNSServiceDiscovery.jsm",
-"fallback/DataReader.jsm",
-"fallback/DataWriter.jsm",
-"fallback/DNSPacket.jsm",
-"fallback/DNSRecord.jsm",
-"fallback/DNSResourceRecord.jsm",
-"fallback/DNSTypes.jsm",
-"fallback/MulticastDNS.jsm",
-]
-
-if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
-EXTRA_JS_MODULES += [
-"MulticastDNSAndroid.jsm",
-]
-
UNIFIED_SOURCES += [
"nsDNSServiceInfo.cpp",
]
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 13028: Prevent potential proxy bypass cases.
commit bbf93d56bf283c4d0f28e66ac27931ea4b9a
Author: Mike Perry
Date: Mon Sep 29 14:30:19 2014 -0700
Bug 13028: Prevent potential proxy bypass cases.
It looks like these cases should only be invoked in the NSS command line
tools, and not the browser, but I decided to patch them anyway because there
literally is a maze of network function pointers being passed around, and
it's
very hard to tell if some random code might not pass in the proper proxied
versions of the networking code here by accident.
---
security/nss/lib/certhigh/ocsp.c| 8
.../lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c | 21 +
2 files changed, 29 insertions(+)
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index cea8456606bf..86fa971cfbef 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
PRNetAddr addr;
char *netdbbuf = NULL;
+// XXX: Do we need a unittest ifdef here? We don't want to break the
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n",
host,
+port);
+goto loser;
+#endif
+
sock = PR_NewTCPSocket();
if (sock == NULL)
goto loser;
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
index e8698376b5be..85791d84a932 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(
plContext),
PKIX_COULDNOTCREATESOCKETOBJECT);
+// XXX: Do we need a unittest ifdef here? We don't want to break the
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct socket connect\n");
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
socket->isServer = isServer;
socket->timeout = timeout;
socket->clientSock = NULL;
@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(
localCopyName = PL_strdup(serverName);
+// XXX: Do we need a unittest ifdef here? We don't want to break the
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct connect to %s\n",
serverName);
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
sepPtr = strchr(localCopyName, ':');
/* First strip off the portnum, if present, from the end of the name */
if (sepPtr) {
@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(
PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
+// XXX: Do we need a unittest ifdef here? We don't want to break the
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct connect to %s, port
%u\n", hostname,
+portnum);
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), );
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 14631: Improve profile access error messages.
commit 821d2ab123039a4a69a232eb407a0fd51f3e503d
Author: Kathy Brade
Date: Tue Feb 24 13:50:23 2015 -0500
Bug 14631: Improve profile access error messages.
Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".
To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.
---
.../mozapps/profile/profileSelection.properties| 5 +
toolkit/profile/nsToolkitProfileService.cpp| 57 +++-
toolkit/profile/nsToolkitProfileService.h | 13 +-
toolkit/xre/nsAppRunner.cpp| 157 ++---
4 files changed, 208 insertions(+), 24 deletions(-)
diff --git
a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
index d326083202b2..aa38bda24347 100644
--- a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
+++ b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
@@ -12,6 +12,11 @@ restartMessageUnlocker=%S is already running, but is not
responding. The old %S
restartMessageNoUnlockerMac=A copy of %S is already open. Only one copy of %S
can be open at a time.
restartMessageUnlockerMac=A copy of %S is already open. The running copy of %S
will quit in order to open this one.
+# LOCALIZATION NOTE (profileProblemTitle, profileReadOnly, profileReadOnlyMac,
profileAccessDenied): Messages displayed when the browser profile cannot be
accessed or written to. %S is the application name.
+profileProblemTitle=%S Profile Problem
+profileReadOnly=You cannot run %S from a read-only file system. Please copy
%S to another location before trying to use it.
+profileReadOnlyMac=You cannot run %S from a read-only file system. Please
copy %S to your Desktop or Applications folder before trying to use it.
+profileAccessDenied=%S does not have permission to access the profile. Please
adjust your file system permissions and try again.
# Profile manager
# LOCALIZATION NOTE (profileTooltip): First %S is the profile name, second %S
is the path to the profile folder.
profileTooltip=Profile: â%Sâ â Path: â%Sâ
diff --git a/toolkit/profile/nsToolkitProfileService.cpp
b/toolkit/profile/nsToolkitProfileService.cpp
index b2920c88345d..1a5c80a86af3 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -1247,9 +1247,10 @@ nsToolkitProfileService::SelectStartupProfile(
}
bool wasDefault;
+ ProfileStatus profileStatus;
nsresult rv =
SelectStartupProfile(, argv.get(), aIsResetting, aRootDir,
aLocalDir,
- aProfile, aDidCreate, );
+ aProfile, aDidCreate, , profileStatus);
// Since we were called outside of the normal startup path complete any
// startup tasks.
@@ -1282,7 +1283,8 @@ nsToolkitProfileService::SelectStartupProfile(
nsresult nsToolkitProfileService::SelectStartupProfile(
int* aArgc, char* aArgv[], bool aIsResetting, nsIFile** aRootDir,
nsIFile** aLocalDir, nsIToolkitProfile** aProfile, bool* aDidCreate,
-bool* aWasDefaultSelection) {
+bool* aWasDefaultSelection, ProfileStatus& aProfileStatus) {
+ aProfileStatus = PROFILE_STATUS_OK;
if (mStartupProfileSelected) {
return NS_ERROR_ALREADY_INITIALIZED;
}
@@ -1375,6 +1377,13 @@ nsresult nsToolkitProfileService::SelectStartupProfile(
rv = XRE_GetFileFromPath(arg, getter_AddRefs(lf));
NS_ENSURE_SUCCESS(rv, rv);
+aProfileStatus = CheckProfileWriteAccess(lf);
+if (PROFILE_STATUS_OK != aProfileStatus) {
+ NS_ADDREF(*aRootDir = lf);
+ NS_ADDREF(*aLocalDir = lf);
+ return NS_ERROR_FAILURE;
+}
+
// Make sure that the profile path exists and it's a directory.
bool exists;
rv = lf->Exists();
@@ -2169,3 +2178,47 @@ nsresult XRE_GetFileFromPath(const char* aPath,
nsIFile** aResult) {
# error Platform-specific logic needed here.
#endif
}
+
+// Check for write permission to the profile directory by trying to create a
+// new file (after ensuring that no file with the same name exists).
+ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess(
+nsIFile* aProfileDir) {
+#if defined(XP_UNIX)
+ constexpr auto writeTestFileName = u".parentwritetest"_ns;
+#else
+ constexpr auto writeTestFileName = u"parent.writetest"_ns;
+#endif
+
+ nsCOMPtr writeTestFile;
+ nsresult rv = aProfileDir->Clone(getter_AddRefs(writeTestFile));
+ if (NS_SUCCEEDED(rv)) rv = writeTestFile->Append(writeTestFileName);
+
+ if (NS_SUCCEEDED(rv)) {
+bool doesExist = false;
+rv = writeTestFile->Exists();
+if (NS_SUCCEEDED(rv) && doesExist) rv = writeTestFile->Remove(true);
+ }
+
+ if (NS_SUCCEEDED(rv)) {
+rv = writeTestFile->Create(nsIFile::NORMAL_FILE_TYPE, 0666);
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 13252: Do not store data in the app bundle
commit d4404c82cace8e6708bb93bc426ffa32c12a3c76
Author: Kathy Brade
Date: Fri Mar 18 14:20:02 2016 -0400
Bug 13252: Do not store data in the app bundle
When --enable-tor-browser-data-outside-app-dir is enabled,
all user data is stored in a directory named
TorBrowser-Data which is located next to the application directory.
Display an informative error message if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.
On Mac OS, add support for the --invisible command line option which
is used by the meek-http-helper to avoid showing an icon for the
helper browser on the dock.
---
toolkit/xre/nsAppRunner.cpp| 73 +++---
toolkit/xre/nsXREDirProvider.cpp | 43 +--
toolkit/xre/nsXREDirProvider.h | 6 ++
xpcom/io/TorFileUtils.cpp | 133 +
xpcom/io/TorFileUtils.h| 32
xpcom/io/moz.build | 5 ++
xpcom/io/nsAppFileLocationProvider.cpp | 53 ++---
7 files changed, 278 insertions(+), 67 deletions(-)
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 61458386067c..351766bdbdcd 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -2453,6 +2453,8 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport*
aNative) {
}
}
+// If aUnlocker is NULL, it is also OK for the following arguments to be NULL:
+// aProfileDir, aProfileLocalDir, aResult.
static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
nsIFile* aProfileLocalDir,
ProfileStatus aStatus,
@@ -2461,17 +2463,19 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile*
aProfileDir,
nsIProfileLock** aResult) {
nsresult rv;
- bool exists;
- aProfileDir->Exists();
- if (!exists) {
-return ProfileMissingDialog(aNative);
+ if (aProfileDir) {
+bool exists;
+aProfileDir->Exists();
+if (!exists) {
+ return ProfileMissingDialog(aNative);
+}
}
ScopedXPCOMStartup xpcom;
rv = xpcom.Initialize();
NS_ENSURE_SUCCESS(rv, rv);
- mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
+ if (aProfileDir) mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
rv = xpcom.SetWindowCreator(aNative);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
@@ -2682,6 +2686,23 @@ static ReturnAbortOnError ShowProfileManager(
return LaunchChild(false, true);
}
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+static ProfileStatus CheckTorBrowserDataWriteAccess(nsIFile* aAppDir) {
+ // Check whether we can write to the directory that will contain
+ // TorBrowser-Data.
+ nsCOMPtr tbDataDir;
+ RefPtr dirProvider = nsXREDirProvider::GetSingleton();
+ if (!dirProvider) return PROFILE_STATUS_OTHER_ERROR;
+ nsresult rv =
+ dirProvider->GetTorBrowserUserDataDir(getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+ nsCOMPtr tbDataDirParent;
+ rv = tbDataDir->GetParent(getter_AddRefs(tbDataDirParent));
+ NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+ return nsToolkitProfileService::CheckProfileWriteAccess(tbDataDirParent);
+}
+#endif
+
static bool gDoMigration = false;
static bool gDoProfileReset = false;
static nsCOMPtr gResetOldProfile;
@@ -3725,6 +3746,14 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
if (PR_GetEnv("XRE_MAIN_BREAK")) NS_BREAK();
#endif
+#if defined(XP_MACOSX) && defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ bool hideDockIcon = (CheckArg("invisible") == ARG_FOUND);
+ if (hideDockIcon) {
+ProcessSerialNumber psn = {0, kCurrentProcess};
+TransformProcessType(, kProcessTransformToBackgroundApplication);
+ }
+#endif
+
IncreaseDescriptorLimits();
#ifdef USE_GLX_TEST
@@ -4562,7 +4591,34 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
}
#endif
+#if (defined(MOZ_UPDATER) && !defined(MOZ_WIDGET_ANDROID)) || \
+defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ nsCOMPtr exeFile, exeDir;
+ bool persistent;
+ rv = mDirProvider.GetFile(XRE_EXECUTABLE_FILE, ,
+getter_AddRefs(exeFile));
+ NS_ENSURE_SUCCESS(rv, 1);
+ rv = exeFile->GetParent(getter_AddRefs(exeDir));
+ NS_ENSURE_SUCCESS(rv, 1);
+#endif
+
rv = NS_NewToolkitProfileService(getter_AddRefs(mProfileSvc));
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ if (NS_FAILED(rv)) {
+// NS_NewToolkitProfileService() returns a generic NS_ERROR_FAILURE error
+// if creation of the TorBrowser-Data directory fails due to access denied
+// or because of a read-only disk volume. Do an extra check here to detect
+// these errors so we can display an informative error message.
+ProfileStatus status = CheckTorBrowserDataWriteAccess(exeDir);
+if ((PROFILE_STATUS_ACCESS_DENIED == status) ||
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 9173: Change the default Firefox profile directory to be TBB-relative.
commit f443a4528bb3312143f31eeed4e309ea05d74c41
Author: Kathy Brade
Date: Fri Oct 18 15:20:06 2013 -0400
Bug 9173: Change the default Firefox profile directory to be TBB-relative.
This should eliminate our need to rely on a wrapper script that
sets /Users/arthur and launches Firefox with -profile.
---
toolkit/profile/nsToolkitProfileService.cpp | 5 +-
toolkit/xre/nsAppRunner.cpp | 2 +-
toolkit/xre/nsConsoleWriter.cpp | 2 +-
toolkit/xre/nsXREDirProvider.cpp| 149 ++--
toolkit/xre/nsXREDirProvider.h | 16 +--
xpcom/io/nsAppFileLocationProvider.cpp | 97 +++---
6 files changed, 84 insertions(+), 187 deletions(-)
diff --git a/toolkit/profile/nsToolkitProfileService.cpp
b/toolkit/profile/nsToolkitProfileService.cpp
index 1a5c80a86af3..9f8168c07a4f 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -819,10 +819,11 @@ nsresult nsToolkitProfileService::Init() {
NS_ASSERTION(gDirServiceProvider, "No dirserviceprovider!");
nsresult rv;
- rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(mAppData));
+ rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(mAppData));
NS_ENSURE_SUCCESS(rv, rv);
- rv = nsXREDirProvider::GetUserLocalDataDirectory(getter_AddRefs(mTempData));
+ rv =
+
gDirServiceProvider->GetUserLocalDataDirectory(getter_AddRefs(mTempData));
NS_ENSURE_SUCCESS(rv, rv);
rv = mAppData->Clone(getter_AddRefs(mProfileDBFile));
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 864b3a03a29a..61458386067c 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -3844,7 +3844,7 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
if ((mAppData->flags & NS_XRE_ENABLE_CRASH_REPORTER) &&
NS_SUCCEEDED(CrashReporter::SetExceptionHandler(xreBinDirectory))) {
nsCOMPtr file;
-rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(file));
+rv = mDirProvider.GetUserAppDataDirectory(getter_AddRefs(file));
if (NS_SUCCEEDED(rv)) {
CrashReporter::SetUserAppDataDirectory(file);
}
diff --git a/toolkit/xre/nsConsoleWriter.cpp b/toolkit/xre/nsConsoleWriter.cpp
index d89ea3bde31d..4a9a6d28034a 100644
--- a/toolkit/xre/nsConsoleWriter.cpp
+++ b/toolkit/xre/nsConsoleWriter.cpp
@@ -29,7 +29,7 @@ void WriteConsoleLog() {
} else {
if (!gLogConsoleErrors) return;
-rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(lfile));
+rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(lfile));
if (NS_FAILED(rv)) return;
lfile->AppendNative("console.log"_ns);
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index d6def8aee83d..b958258424a2 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -32,6 +32,7 @@
#include "nsArrayEnumerator.h"
#include "nsEnumeratorUtils.h"
#include "nsReadableUtils.h"
+#include "nsXPCOMPrivate.h" // for XPCOM_FILE_PATH_SEPARATOR
#include "SpecialSystemDirectory.h"
@@ -255,9 +256,6 @@ nsresult nsXREDirProvider::GetUserProfilesRootDir(nsIFile**
aResult) {
nsresult rv = GetUserDataDirectory(getter_AddRefs(file), false);
if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
-rv = file->AppendNative("Profiles"_ns);
-#endif
// We must create the profile directory here if it does not exist.
nsresult tmp = EnsureDirectoryExists(file);
if (NS_FAILED(tmp)) {
@@ -273,9 +271,6 @@ nsresult
nsXREDirProvider::GetUserProfilesLocalDir(nsIFile** aResult) {
nsresult rv = GetUserDataDirectory(getter_AddRefs(file), true);
if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
-rv = file->AppendNative("Profiles"_ns);
-#endif
// We must create the profile directory here if it does not exist.
nsresult tmp = EnsureDirectoryExists(file);
if (NS_FAILED(tmp)) {
@@ -1370,7 +1365,7 @@ nsresult
nsXREDirProvider::SetUserDataProfileDirectory(nsCOMPtr& aFile,
nsresult nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
bool aLocal) {
// Copied from nsAppFileLocationProvider (more or less)
- nsresult rv;
+ NS_ENSURE_ARG_POINTER(aFile);
nsCOMPtr localDir;
if (aLocal && gDataDirHomeLocal) {
@@ -1380,80 +1375,39 @@ nsresult
nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
return gDataDirHome->Clone(aFile);
}
-#if defined(XP_MACOSX)
- FSRef fsRef;
- OSType folderType;
- if (aLocal) {
-folderType = kCachedDataFolderType;
- } else {
-# ifdef MOZ_THUNDERBIRD
-folderType = kDomainLibraryFolderType;
-# else
-folderType = kApplicationSupportFolderType;
-# endif
- }
- OSErr err = ::FSFindFolder(kUserDomain, folderType, kCreateFolder, );
- NS_ENSURE_FALSE(err, NS_ERROR_FAILURE);
-
- rv =
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Add TorStrings module for localization
commit a1d9f744e1b599131da49ea6d628872845cccfbe
Author: Alex Catarineu
Date: Fri Jul 24 21:15:20 2020 +0200
Add TorStrings module for localization
---
browser/modules/TorStrings.jsm | 490 +
browser/modules/moz.build | 1 +
2 files changed, 491 insertions(+)
diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
new file mode 100644
index ..e8a8d37ae373
--- /dev/null
+++ b/browser/modules/TorStrings.jsm
@@ -0,0 +1,490 @@
+"use strict";
+
+var EXPORTED_SYMBOLS = ["TorStrings"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+const { Services } = ChromeUtils.import(
+ "resource://gre/modules/Services.jsm"
+);
+const { getLocale } = ChromeUtils.import(
+ "resource://torbutton/modules/utils.js"
+);
+
+XPCOMUtils.defineLazyGlobalGetters(this, ["DOMParser"]);
+XPCOMUtils.defineLazyGetter(this, "domParser", () => {
+ const parser = new DOMParser();
+ parser.forceEnableDTD();
+ return parser;
+});
+
+/*
+ Tor DTD String Bundle
+
+ DTD strings loaded from torbutton/tor-launcher, but provide a fallback in
case they aren't available
+*/
+class TorDTDStringBundle {
+ constructor(aBundleURLs, aPrefix) {
+let locations = [];
+for (const [index, url] of aBundleURLs.entries()) {
+ locations.push(`%dtd_${index};`);
+}
+this._locations = locations;
+this._prefix = aPrefix;
+ }
+
+ // copied from testing/marionette/l10n.js
+ localizeEntity(urls, id) {
+// Use the DOM parser to resolve the entity and extract its real value
+let header = ``;
+let elem = `&${id};`;
+let doc = domParser.parseFromString(header + elem, "text/xml");
+let element = doc.querySelector("elem[id='elementID']");
+
+if (element === null) {
+ throw new Error(`Entity with id='${id}' hasn't been found`);
+}
+
+return element.textContent;
+ }
+
+ getString(key, fallback) {
+if (key) {
+ try {
+return this.localizeEntity(this._bundleURLs, `${this._prefix}${key}`);
+ } catch (e) {}
+}
+
+// on failure, assign the fallback if it exists
+if (fallback) {
+ return fallback;
+}
+// otherwise return string key
+return `$(${key})`;
+ }
+}
+
+/*
+ Tor Property String Bundle
+
+ Property strings loaded from torbutton/tor-launcher, but provide a fallback
in case they aren't available
+*/
+class TorPropertyStringBundle {
+ constructor(aBundleURL, aPrefix) {
+try {
+ this._bundle = Services.strings.createBundle(aBundleURL);
+} catch (e) {}
+
+this._prefix = aPrefix;
+ }
+
+ getString(key, fallback) {
+if (key) {
+ try {
+return this._bundle.GetStringFromName(`${this._prefix}${key}`);
+ } catch (e) {}
+}
+
+// on failure, assign the fallback if it exists
+if (fallback) {
+ return fallback;
+}
+// otherwise return string key
+return `$(${key})`;
+ }
+}
+
+/*
+ Security Level Strings
+*/
+var TorStrings = {
+ /*
+Tor Browser Security Level Strings
+ */
+ securityLevel: (function() {
+let tsb = new TorDTDStringBundle(
+ ["chrome://torbutton/locale/torbutton.dtd"],
+ "torbutton.prefs.sec_"
+);
+let getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+};
+
+// read localized strings from torbutton; but use hard-coded en-US strings
as fallbacks in case of error
+let retval = {
+ securityLevel: getString("caption", "Security Level"),
+ customWarning: getString("custom_warning", "Custom"),
+ overview: getString(
+"overview",
+"Disable certain web features that can be used to attack your security
and anonymity."
+ ),
+ standard: {
+level: getString("standard_label", "Standard"),
+tooltip: getString("standard_tooltip", "Security Level : Standard"),
+summary: getString(
+ "standard_description",
+ "All Tor Browser and website features are enabled."
+),
+ },
+ safer: {
+level: getString("safer_label", "Safer"),
+tooltip: getString("safer_tooltip", "Security Level : Safer"),
+summary: getString(
+ "safer_description",
+ "Disables website features that are often dangerous, causing some
sites to lose functionality."
+),
+description1: getString(
+ "js_on_https_sites_only",
+ "JavaScript is disabled on non-HTTPS sites."
+),
+description2: getString(
+ "limit_typography",
+ "Some fonts and math symbols are disabled."
+),
+description3: getString(
+ "click_to_play_media",
+ "Audio and video (HTML5 media), and WebGL are click-to-play."
+),
+ },
+ safest: {
+level: getString("safest_label", "Safest"),
+tooltip: getString("safest_tooltip", "Security Level : Safest"),
+summary: getString(
+
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 16439: Remove screencasting code
commit d92c62ebce5e50fe4bf600e3a54b816ef1a8723f Author: Kathy Brade Date: Wed Jun 24 11:01:11 2015 -0400 Bug 16439: Remove screencasting code We avoid including the screencasting code on mobile (it got ripped out for desktop in bug 1393582) by simply excluding the related JS modules from Tor Browser. --- toolkit/modules/moz.build | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build index c6b2c421f447..9d349d9f3394 100644 --- a/toolkit/modules/moz.build +++ b/toolkit/modules/moz.build @@ -255,10 +255,11 @@ if "Android" != CONFIG["OS_TARGET"]: ] else: DEFINES["ANDROID"] = True -EXTRA_JS_MODULES += [ -"secondscreen/RokuApp.jsm", -"secondscreen/SimpleServiceDiscovery.jsm", -] +if not CONFIG["TOR_BROWSER_VERSION"]: +EXTRA_JS_MODULES += [ +"secondscreen/RokuApp.jsm", +"secondscreen/SimpleServiceDiscovery.jsm", +] if CONFIG["MOZ_WIDGET_TOOLKIT"] == "windows": ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 12974: Disable NTLM and Negotiate HTTP Auth
commit 76947a06a331b0ac75705f40dbd9b1efb888bc4c
Author: Mike Perry
Date: Wed Aug 27 15:19:10 2014 -0700
Bug 12974: Disable NTLM and Negotiate HTTP Auth
This is technically an embargoed Mozilla bug, so I probably shouldn't
provide
too many details.
Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I
doubt
very many (or any of them) actually need it.
The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
---
extensions/auth/nsHttpNegotiateAuth.cpp | 4
netwerk/protocol/http/nsHttpNTLMAuth.cpp | 3 +++
2 files changed, 7 insertions(+)
diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp
b/extensions/auth/nsHttpNegotiateAuth.cpp
index fde44d6ce9ef..a3b3422e2c42 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -155,6 +155,10 @@
nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
*identityInvalid = false;
+
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
if (rawModule) {
return NS_OK;
}
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index a98093b484fa..e44fc4153e2e 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -169,6 +169,9 @@
nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
*identityInvalid = false;
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
// Start a new auth sequence if the challenge is exactly "NTLM".
// If native NTLM auth apis are available and enabled through prefs,
// try to use them.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 10760: Integrate TorButton to TorBrowser core
commit e534c0d9f1be46a063c2ab334cbf6e1ad5225907 Author: Alex Catarineu Date: Wed Feb 19 23:05:08 2020 +0100 Bug 10760: Integrate TorButton to TorBrowser core Because of the non-restartless nature of Torbutton, it required a two-stage installation process. On mobile, it was a problem, because it was not loading when the user opened the browser for the first time. Moving it to tor-browser and making it a system extension allows it to load when the user opens the browser for first time. Additionally, this patch also fixes Bug 27611. Bug 26321: New Circuit and New Identity menu items Bug 14392: Make about:tor behave like other initial pages. Bug 25013: Add torbutton as a tor-browser submodule --- .gitmodules| 3 ++ browser/base/content/aboutDialog.xhtml | 38 +++--- browser/base/content/appmenu-viewcache.inc.xhtml | 28 +- browser/base/content/browser-doctype.inc | 6 +++ browser/base/content/browser-menubar.inc | 45 -- browser/base/content/browser-sets.inc | 2 + browser/base/content/browser.js| 1 + browser/base/content/browser.xhtml | 9 + .../controlcenter/content/identityPanel.inc.xhtml | 22 +++ browser/installer/package-manifest.in | 2 + browser/themes/shared/menupanel.inc.css| 2 +- docshell/base/nsAboutRedirector.cpp| 6 ++- docshell/build/components.conf | 1 + mobile/android/installer/package-manifest.in | 4 ++ toolkit/moz.build | 1 + .../mozapps/extensions/internal/XPIProvider.jsm| 9 + toolkit/torproject/torbutton | 1 + .../lib/environments/browser-window.js | 6 ++- 18 files changed, 157 insertions(+), 29 deletions(-) diff --git a/.gitmodules b/.gitmodules new file mode 100644 index ..2f03bd8e22df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "toolkit/torproject/torbutton"] + path = toolkit/torproject/torbutton + url = https://git.torproject.org/torbutton.git diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml index 55c8b1c2c5f7..4eb122b0b2d8 100644 --- a/browser/base/content/aboutDialog.xhtml +++ b/browser/base/content/aboutDialog.xhtml @@ -7,11 +7,11 @@ + + http://www.w3.org/1999/xhtml; @@ -28,7 +28,7 @@ data-l10n-id="aboutDialog-title" #endif role="dialog" -aria-describedby="version distribution distributionId communityDesc contributeDesc trademark" +aria-describedby="version distribution distributionId projectDesc helpDesc trademark trademarkTor" > #ifdef XP_MACOSX #include macWindow.inc.xhtml @@ -146,24 +146,36 @@ - -https://www.mozilla.org/?utm_source=firefox-browserutm_medium=firefox-desktoputm_campaign=about-dialog; data-l10n-name="community-mozillaLink"/> - + + + + + +https://www.torproject.org/;> + + - -https://donate.mozilla.org/?utm_source=firefoxutm_medium=referralutm_campaign=firefox_aboututm_content=firefox_about; data-l10n-name="helpus-donateLink"/> -https://www.mozilla.org/contribute/?utm_source=firefox-browserutm_medium=firefox-desktoputm_campaign=about-dialog; data-l10n-name="helpus-getInvolvedLink"/> + + +https://donate.torproject.org/;> + + + +https://community.torproject.org/;> + + - - - -https://www.mozilla.org/privacy/?utm_source=firefox-browserutm_medium=firefox-desktoputm_campaign=about-dialog; data-l10n-id="bottomLinks-privacy"/> + +https://support.torproject.org/;> +https://community.torproject.org/relay/;> + + diff --git a/browser/base/content/appmenu-viewcache.inc.xhtml b/browser/base/content/appmenu-viewcache.inc.xhtml index 204b84f0..5eb8448065ae 100644 --- a/browser/base/content/appmenu-viewcache.inc.xhtml +++ b/browser/base/content/appmenu-viewcache.inc.xhtml @@ -45,7 +45,8 @@ class="subviewbutton subviewbutton-iconic" data-l10n-id="appmenuitem-new-private-window" key="key_privatebrowsing" - command="Tools:PrivateBrowsing"/> + command="Tools:PrivateBrowsing" + hidden="true"/> #ifdef NIGHTLY_BUILD + command="Browser:RestoreLastSession" + hidden="true"/> + + +
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 40069: Add helpers for message passing with extensions
commit 33b97544371cff78632a99efb31131d7f5f85613
Author: Alex Catarineu
Date: Sun Aug 2 19:12:25 2020 +0200
Bug 40069: Add helpers for message passing with extensions
---
toolkit/components/extensions/ExtensionParent.jsm | 47 +++
1 file changed, 47 insertions(+)
diff --git a/toolkit/components/extensions/ExtensionParent.jsm
b/toolkit/components/extensions/ExtensionParent.jsm
index 39ce6d608b86..32d264ed6a4f 100644
--- a/toolkit/components/extensions/ExtensionParent.jsm
+++ b/toolkit/components/extensions/ExtensionParent.jsm
@@ -263,6 +263,8 @@ const ProxyMessenger = {
/** @type Map */
ports: new Map(),
+ _torRuntimeMessageListeners: [],
+
init() {
this.conduit = new BroadcastConduit(ProxyMessenger, {
id: "ProxyMessenger",
@@ -328,6 +330,10 @@ const ProxyMessenger = {
},
async recvRuntimeMessage(arg, { sender }) {
+// We need to listen to some extension messages in Tor Browser
+for (const listener of this._torRuntimeMessageListeners) {
+ listener(arg);
+}
arg.firstResponse = true;
let kind = await this.normalizeArgs(arg, sender);
let result = await this.conduit.castRuntimeMessage(kind, arg);
@@ -1881,6 +1887,45 @@ for (let name of StartupCache.STORE_NAMES) {
StartupCache[name] = new CacheStore(name);
}
+async function torSendExtensionMessage(extensionId, message) {
+ // This should broadcast the message to all children "conduits"
+ // listening for a "RuntimeMessage". Those children conduits
+ // will either be extension background pages or other extension
+ // pages listening to browser.runtime.onMessage.
+ const result = await ProxyMessenger.conduit.castRuntimeMessage("messenger", {
+extensionId,
+holder: new StructuredCloneHolder(message),
+firstResponse: true,
+sender: {
+ id: extensionId,
+ envType: "addon_child",
+},
+ });
+ return result
+? result.value
+: Promise.reject({ message: ERROR_NO_RECEIVERS });
+}
+
+async function torWaitForExtensionMessage(extensionId, checker) {
+ return new Promise(resolve => {
+const msgListener = msg => {
+ try {
+if (msg && msg.extensionId === extensionId) {
+ const deserialized = msg.holder.deserialize({});
+ if (checker(deserialized)) {
+const idx = ProxyMessenger._torRuntimeMessageListeners.indexOf(
+ msgListener
+);
+ProxyMessenger._torRuntimeMessageListeners.splice(idx, 1);
+resolve(deserialized);
+ }
+}
+ } catch (e) {}
+};
+ProxyMessenger._torRuntimeMessageListeners.push(msgListener);
+ });
+}
+
var ExtensionParent = {
GlobalManager,
HiddenExtensionPage,
@@ -1892,6 +1937,8 @@ var ExtensionParent = {
promiseExtensionViewLoaded,
watchExtensionProxyContextLoad,
DebugUtils,
+ torSendExtensionMessage,
+ torWaitForExtensionMessage,
};
// browserPaintedPromise and browserStartupPromise are promises that
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 28044: Integrate Tor Launcher into tor-browser
commit 6fba68e9b39f3ea97609b97ae061da6e828428ba
Author: Kathy Brade
Date: Tue Feb 26 10:07:17 2019 -0500
Bug 28044: Integrate Tor Launcher into tor-browser
Build and package Tor Launcher as part of the browser (similar to
how pdfjs is handled).
If a Tor Launcher extension is present in the user's profile, it is
removed.
---
browser/extensions/moz.build| 3 +++
browser/installer/package-manifest.in | 5 +
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 10 ++
3 files changed, 18 insertions(+)
diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
index 26d059a21aef..b3cd1f249c40 100644
--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
@@ -18,3 +18,6 @@ if CONFIG["NIGHTLY_BUILD"]:
DIRS += [
"translations",
]
+
+if not CONFIG["TOR_BROWSER_DISABLE_TOR_LAUNCHER"]:
+DIRS += ["tor-launcher"]
diff --git a/browser/installer/package-manifest.in
b/browser/installer/package-manifest.in
index 00ab86fcdb4d..a0b18d19d922 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -239,6 +239,11 @@
@RESPATH@/browser/chrome/browser.manifest
@RESPATH@/chrome/pdfjs.manifest
@RESPATH@/chrome/pdfjs/*
+#ifndef TOR_BROWSER_DISABLE_TOR_LAUNCHER
+@RESPATH@/browser/chrome/torlauncher.manifest
+@RESPATH@/browser/chrome/torlauncher/*
+@RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js
+#endif
@RESPATH@/chrome/toolkit@JAREXT@
@RESPATH@/chrome/toolkit.manifest
@RESPATH@/chrome/recording.manifest
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 5bd7cabb0f73..acabe8cad3bc 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1472,6 +1472,16 @@ var XPIStates = {
for (let [id, file] of loc.readAddons()) {
knownIds.delete(id);
+// Since it is now part of the browser, uninstall the Tor Launcher
+// extension. This will remove the Tor Launcher .xpi from user
+// profiles on macOS.
+if (id === "tor-launc...@torproject.org") {
+ logger.debug("Uninstalling the Tor Launcher extension.");
+ loc.installer.uninstallAddon(id);
+ changed = true;
+ continue;
+}
+
let xpiState = loc.get(id);
if (!xpiState) {
// If the location is not supported for sideloading, skip new
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] TB4: Tor Browser's Firefox preference overrides.
commit 50267dffb75b56d295c7ac7a36ffde964aa4f27f Author: Mike Perry Date: Tue Sep 10 18:20:43 2013 -0700 TB4: Tor Browser's Firefox preference overrides. This hack directly includes our preference changes in omni.ja. Bug 18292: Staged updates fail on Windows Temporarily disable staged updates on Windows. Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 23404: Add Noto Sans Buginese to the macOS whitelist Bug 23745: Set dom.indexedDB.enabled = true Bug 13575: Disable randomised Firefox HTTP cache decay user tests. (Fernando Fernandez Mancera ) Bug 17252: Enable session identifiers with FPI Session tickets and session identifiers were isolated by OriginAttributes, so we can re-enable them by allowing the default value (true) of "security.ssl.disable_session_identifiers". The pref "security.enable_tls_session_tickets" is obsolete (removed in https://bugzilla.mozilla.org/917049) Bug 14952: Enable http/2 and AltSvc In Firefox, SPDY/HTTP2 now uses Origin Attributes for isolation of connections, push streams, origin frames, etc. That means we get first-party isolation provided "privacy.firstparty.isolate" is true. So in this patch, we stop overriding "network.http.spdy.enabled" and "network.http.spdy.enabled.http2". Alternate Services also use Origin Attributes for isolation. So we stop overriding "network.http.altsvc.enabled" and "network.http.altsvc.oe" as well. (All 4 of the abovementioned "network.http.*" prefs adopt Firefox 60ESR's default value of true.) However, we want to disable HTTP/2 push for now, so we set "network.http.spdy.allow-push" to false. "network.http.spdy.enabled.http2draft" was removed in Bug 1132357. "network.http.sped.enabled.v2" was removed in Bug 912550. "network.http.sped.enabled.v3" was removed in Bug 1097944. "network.http.sped.enabled.v3-1" was removed in Bug 1248197. Bug 26114: addons.mozilla.org is not special * Don't expose navigator.mozAddonManager on any site * Don't block NoScript from modifying addons.mozilla.org or other sites Enable ReaderView mode again (#27281). Bug 29916: Make sure enterprise policies are disabled Bug 2874: Block Components.interfaces from content Bug 26146: Spoof HTTP User-Agent header for desktop platforms In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent header and to JavaScript code via navigator.userAgent. To avoid leaking the OS inside each HTTP request (which many web servers log), always use the Windows 7 OS value in the desktop User-Agent header. We continue to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs. Bug 12885: Windows Jump Lists fail for Tor Browser Jumplist entries are stored in a binary file in: %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\ and has a name in the form [a-f0-9]+.customDestinations-ms The hex at the front is unique per app, and is ultimately derived from something called the 'App User Model ID' (AUMID) via some unknown hashing method. The AUMID is provided as a key when programmatically creating, updating, and deleting a jumplist. The default behaviour in firefox is for the installer to define an AUMID for an app, and save it in the registry so that the jumplist data can be removed by the uninstaller. However, the Tor Browser does not set this (or any other) regkey during installation, so this codepath fails and the app's AUMID is left undefined. As a result the app's AUMID ends up being defined by windows, but unknowable by Tor Browser. This unknown AUMID is used to create and modify the jumplist, but the delete API requires that we provide the app's AUMID explicitly. Since we don't know what the AUMID is (since the expected regkey where it is normally stored does not exist) jumplist deletion will fail and we will leave behind a mostly empty customDestinations-ms file. The name of the file is derived from the binary path, so an enterprising person could reverse engineer how that hex name is calculated, and generate the name for Tor Browser's default Desktop installation path to determine whether a person had used Tor Browser in the past. The 'taskbar.grouping.useprofile' option that is enabled by this patch works around this AUMID problem by having firefox.exe create it's own AUMID based on the profile path (rather than looking for a regkey). This way, if a user goes in and enables and disables jumplist entries, the backing store is properly deleted. Unfortunately, all windows users currently have this file lurking in the above mentioned
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 12620: TorBrowser regression tests
commit 48e4372946d4e3d163f601c5ace4b8b0dae46dac
Author: Arthur Edelstein
Date: Wed Aug 27 16:25:00 2014 -0700
Bug 12620: TorBrowser regression tests
Regression tests for Bug #2950: Make Permissions Manager memory-only
Regression tests for TB4: Tor Browser's Firefox preference overrides.
Note: many more functional tests could be made here
Regression tests for #2874: Block Components.interfaces from content
Bug 18923: Add a script to run all Tor Browser specific tests
Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
---
run-tbb-tests| 66 +++
tbb-tests-ignore.txt | 13 +++
tbb-tests/browser.ini| 5 +++
tbb-tests/browser_tor_TB4.js | 35 +++
tbb-tests/browser_tor_bug2950.js | 74
tbb-tests/mochitest.ini | 3 ++
tbb-tests/moz.build | 9 +
tbb-tests/test_tor_bug2874.html | 25 ++
toolkit/toolkit.mozbuild | 3 +-
9 files changed, 232 insertions(+), 1 deletion(-)
diff --git a/run-tbb-tests b/run-tbb-tests
new file mode 100755
index ..bc09839f9f05
--- /dev/null
+++ b/run-tbb-tests
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# This script runs all the Mochitest tests that have been added or
+# modified since the last ffxbld commit.
+#
+# It does not currently run XPCShell tests. We should change this if we
+# start using this type or other types of tests.
+#
+# The logs of the tests are stored in the tbb-tests.log file.
+# Ignored tests are listed in the tbb-tests-ignore.txt file.
+#
+# https://trac.torproject.org/projects/tor/ticket/18923
+
+IFS=$'\n'
+
+if [ -n "$USE_TESTS_LIST" ] && [ -f tbb-tests-list.txt ]
+then
+echo "Using tests list from file tbb-tests-list.txt"
+tests=($(cat tbb-tests-list.txt))
+else
+ffxbld_commit=$(git log -500 --format='oneline' | grep "TB3: Tor Browser's
official .mozconfigs." \
+| head -1 | cut -d ' ' -f 1)
+
+tests=($(git diff --name-status "$ffxbld_commit" HEAD | \
+grep -e '^[AM].*/test_[^/]\+\.\(html\|xul\)$' \
+ -e '^[AM].*/browser_[^/]\+\.js$' \
+ | sed 's/^[AM]\s\+//'))
+fi
+
+echo 'The following tests will be run:'
+for i in "${!tests[@]}"
+do
+if [ -z "$USE_TESTS_LIST" ] \
+&& grep -q "^${tests[$i]}$" tbb-tests-ignore.txt
+then
+unset "tests[$i]"
+continue
+fi
+echo "- ${tests[$i]}"
+done
+
+if [ -n "$WRITE_TESTS_LIST" ]
+then
+rm -f tbb-tests-list.txt
+for i in "${!tests[@]}"
+do
+echo "${tests[$i]}" >> tbb-tests-list.txt
+done
+exit 0
+fi
+
+rm -f tbb-tests.log
+echo $'\n''Starting tests'
+# We need `security.nocertdb = false` because of #18087. That pref is
+# forced to have the same value as `browser.privatebrowsing.autostart` in
+# torbutton, so we just set `browser.privatebrowsing.autostart=false` here.
+./mach mochitest --log-tbpl tbb-tests.log \
+--setpref network.file.path_blacklist='' \
+--setpref extensions.torbutton.use_nontor_proxy=true \
+--setpref browser.privatebrowsing.autostart=false \
+ "${tests[@]}"
+
+echo "*"
+echo "*"
+echo "Summary of failed tests:"
+grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log
diff --git a/tbb-tests-ignore.txt b/tbb-tests-ignore.txt
new file mode 100644
index ..ee3927a9e7c4
--- /dev/null
+++ b/tbb-tests-ignore.txt
@@ -0,0 +1,13 @@
+browser/extensions/onboarding/test/browser/browser_onboarding_accessibility.js
+browser/extensions/onboarding/test/browser/browser_onboarding_keyboard.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_2.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_3.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_4.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_5.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_click_auto_complete_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_select_default_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_skip_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tours.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tourset.js
+browser/extensions/onboarding/test/browser/browser_onboarding_uitour.js
diff --git a/tbb-tests/browser.ini b/tbb-tests/browser.ini
new file mode 100644
index ..f481660f1417
--- /dev/null
+++ b/tbb-tests/browser.ini
@@ -0,0 +1,5 @@
+[DEFAULT]
+
+[browser_tor_bug2950.js]
+[browser_tor_omnibox.js]
+[browser_tor_TB4.js]
diff --git a/tbb-tests/browser_tor_TB4.js b/tbb-tests/browser_tor_TB4.js
new file mode 100644
index
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 1732360 - Add headers needed by MOZ_BUNDLED_FONTS. r?jfkthame
commit 1a182f4df6dac29df9f334c1e45128d4010a40d4 Author: Matthew Finkel Date: Sun Sep 12 14:44:33 2021 + Bug 1732360 - Add headers needed by MOZ_BUNDLED_FONTS. r?jfkthame Differential Revision: https://phabricator.services.mozilla.com/D126817 --- gfx/thebes/gfxPlatformMac.cpp | 5 + 1 file changed, 5 insertions(+) diff --git a/gfx/thebes/gfxPlatformMac.cpp b/gfx/thebes/gfxPlatformMac.cpp index 56a8271b8279..56ac6bef9652 100644 --- a/gfx/thebes/gfxPlatformMac.cpp +++ b/gfx/thebes/gfxPlatformMac.cpp @@ -29,6 +29,11 @@ #include "GeckoProfiler.h" #include "nsThreadUtils.h" +#ifdef MOZ_BUNDLED_FONTS +# include "mozilla/Telemetry.h" +# include "nsDirectoryServiceDefs.h" +#endif + #include #include ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] TB3: Tor Browser's official .mozconfigs.
commit c4498a200329fd180b850c6858659a05652f0f8a Author: Mike Perry Date: Mon May 6 15:51:06 2013 -0700 TB3: Tor Browser's official .mozconfigs. Also: Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24 Changes needed to build Mac in 64bit Bug 10715: Enable Webgl for mingw-w64 again. Disable ICU when cross-compiling; clean-up. Bug 15773: Enable ICU on OS X Bug 15990: Don't build the sandbox with mingw-w64 Bug 12761: Switch to ESR 38 for OS X Updating .mozconfig-asan Bug 12516: Compile hardenend Tor Browser with -fwrapv Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 13419: Add back ICU for Windows Bug 21239: Use GTK2 for ESR52 Linux builds Bug 23025: Add hardening flags for macOS Bug 24478: Enable debug assertions and tests in our ASan builds --enable-proxy-bypass-protection Bug 27597: ASan build option in tor-browser-build is broken Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 21849: Don't allow SSL key logging. Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 25741 - TBA: Disable features at compile-time MOZ_NATIVE_DEVICES for casting and the media player MOZ_TELEMETRY_REPORTING for telemetry MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo) Bug 25741 - TBA: Add default configure options in dedicated file Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 29859: Disable HLS support for now Add --disable-tor-launcher build option Add --enable-tor-browser-update build option Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40061: Omit the Windows default browser agent from the build Bug 40107: Adapt .mozconfig-asan for ESR 78 Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files --- .mozconfig| 39 .mozconfig-android| 36 ++ .mozconfig-asan | 45 .mozconfig-mac| 56 +++ .mozconfig-mingw | 31 +++ browser/base/moz.build| 3 ++ browser/installer/Makefile.in | 8 + browser/moz.configure | 8 ++--- build/moz.configure/old.configure | 5 mobile/android/confvars.sh| 9 ++ mobile/android/geckoview/build.gradle | 1 + mobile/android/moz.configure | 21 +++-- mobile/android/torbrowser.configure | 30 +++ old-configure.in | 49 ++ security/moz.build| 2 +- security/nss/lib/ssl/Makefile | 2 +- toolkit/modules/AppConstants.jsm | 15 ++ toolkit/modules/moz.build | 3 ++ 18 files changed, 355 insertions(+), 8 deletions(-) diff --git a/.mozconfig b/.mozconfig new file mode 100755 index ..18cd1f9b6487 --- /dev/null +++ b/.mozconfig @@ -0,0 +1,39 @@ +. $topsrcdir/browser/config/mozconfig + +# This mozconfig file is not used in official Tor Browser builds. +# It is only intended to be used when doing incremental Linux builds +# during development. The platform-specific mozconfig configuration +# files used in official Tor Browser releases can be found in the +# tor-browser-build repo: +# https://gitweb.torproject.org/builders/tor-browser-build.git/ +# under: +# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 +
[tor-commits] [tor-browser/tor-browser-91.2.0esr-11.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
commit 7ed0992f877c447f0605a0e430eedd69aa1fe64d
Author: Matthew Finkel
Date: Tue Nov 2 20:42:40 2021 +
fixup! TB4: Tor Browser's Firefox preference overrides.
---
browser/app/profile/000-tor-browser.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index 867bcf2b662f..0011f4d72c9d 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -201,6 +201,7 @@ pref("dom.textMetrics.baselines.enabled", false);
pref("dom.textMetrics.emHeight.enabled", false);
pref("dom.textMetrics.fontBoundingBox.enabled", false);
pref("pdfjs.enableScripting", false);
+pref("javascript.options.large_arraybuffers", false);
// Third party stuff
pref("privacy.firstparty.isolate", true); // Always enforce first party
isolation
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] i have splitted the job in two now
commit a733b6e3291106289935699c5b198406161df48a Author: emma peel Date: Tue Nov 2 21:42:35 2021 +0100 i have splitted the job in two now --- .gitlab-ci.yml | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index de48258..8d56434 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -128,8 +128,10 @@ l10n_QA: - echo '==START Translations QA==' - rm -rf l10n - git clone --depth=1 https://gitlab.torproject.org/tpo/community/l10n.git -- echo 'lets see if there are any BROKEN LINKS on the translations' -- l10n/bin/check_markdown_links.py i18n/ +- echo 'lets see if there are any problems with the translations' +- l10n/bin/check_common_errors.py i18n/ +- echo 'Enabled translations and their completion' +- l10n/bin/check_completion.py build_tests_page: stage: test_l10n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] less build time, we dont need to build the l10n tests page so much
commit 32825581f058f61687269ae3c2f9580cf6215ad8 Author: emma peel Date: Tue Nov 2 21:41:18 2021 +0100 less build time, we dont need to build the l10n tests page so much --- .gitlab-ci.yml | 21 - 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c62b4b9..35e1548 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -58,16 +58,15 @@ pages: stage: build script: - *apt-template -- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-babel python3-pip git python3-inifile python3-dev python3-setuptools python3-openssl python3-cryptography i18nspector apt-utils ca-certificates -y +- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-babel python3-pip python3-inifile python3-dev python3-setuptools python3-openssl python3-cryptography -y - pip3 install virtualenv - virtualenv venv - source venv/bin/activate - pip3 install lektor - echo 'checking out translations' - rm -rf i18n -- git clone --branch $TRANSLATION_BRANCH https://git.torproject.org/translation.git i18n +- git clone --branch $TRANSLATION_BRANCH --depth=1 https://git.torproject.org/translation.git i18n - echo 'reinstall lektor plugins' -- lektor project-info --output-path - lektor plugins reinstall - echo 'building lektor 3 more times to get translations in place' - lektor build --output-path public && lektor build --output-path public && lektor build --output-path public @@ -76,7 +75,10 @@ pages: - public - i18n rules: -- when: always +- if: $TRANSLATION_BRANCH +- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' +- if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' + when: never new_strings: cache: @@ -87,17 +89,18 @@ new_strings: - apt-cache - venv - .cache/pip - stage: test_l10n needs: [pages] allow_failure: true rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - +- if: '$CI_COMMIT_BRANCH == "translations"' +- if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' + when: never script: - *apt-template -- DEBIAN_FRONTEND=noninteractive apt-get install gettext git python3-dev python3-setuptools i18nspector python3-polib python3-requests ca-certificates apt-utils -y +- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-dev python3-setuptools i18nspector python3-polib python3-requests -y - git clone --depth=1 https://gitlab.torproject.org/tpo/community/l10n.git - echo 'lets see if there are any UPDATES ON THE STRINGS for translation after this changes' - l10n/bin/check_po_status.py $TRANSLATION_BRANCH @@ -123,7 +126,8 @@ l10n_QA: - translations script: - *apt-template -- DEBIAN_FRONTEND=noninteractive apt-get install gettext i18nspector python3-polib ca-certificates -y +- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-polib -y +- echo '==START Translations QA==' - rm -rf l10n - git clone --depth=1 https://gitlab.torproject.org/tpo/community/l10n.git - echo 'lets see if there are any BROKEN LINKS on the translations' @@ -135,5 +139,4 @@ build_tests_page: trigger: tpo/community/l10n rules: - changes: - - content/**/*.lr - i18n/contents.pot ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] just move it to after the other test, is not urgent
commit f657e4e9be35089eca8b610ac5e6c0e4539e2906 Author: emma peel Date: Tue Nov 2 21:42:13 2021 +0100 just move it to after the other test, is not urgent --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35e1548..de48258 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -121,9 +121,7 @@ l10n_QA: - i18n - .cache/pip stage: test_l10n - needs: [pages] - only: -- translations + needs: [new_strings] script: - *apt-template - DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-polib -y ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] with this, we can use the same file through all lektors with translation
commit fb50f6d7f95f525dca51a53304325980f64774e8 Author: emma peel Date: Tue Nov 2 21:03:28 2021 +0100 with this, we can use the same file through all lektors with translation --- .gitlab-ci.yml | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4e7a6b2..34b0934 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,7 +24,21 @@ image: debian:buster-slim variables: GIT_SUBMODULE_STRATEGY: recursive PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" - TRANSLATION_BRANCH: "tbmanual-contentspot" + +workflow: + rules: +- if: $CI_PROJECT_NAME == "support" + variables: +TRANSLATION_BRANCH: "support-portal" +- if: $CI_PROJECT_NAME == "manual" + variables: +TRANSLATION_BRANCH: "tbmanual-contentspot" +- if: $CI_PROJECT_NAME == "community" + variables: +TRANSLATION_BRANCH: "communitytpo-contentspot" +- if: $CI_PROJECT_NAME == "tpo" + variables: +TRANSLATION_BRANCH: "tpo-web" stages: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] better names for the tests
commit a152efc0947ea8e3863552d211e328eeb1e2cb19
Author: emma peel
Date: Tue Nov 2 21:04:40 2021 +0100
better names for the tests
---
.gitlab-ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 34b0934..c62b4b9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -78,7 +78,7 @@ pages:
rules:
- when: always
-check_new_strings:
+new_strings:
cache:
key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG}
paths:
@@ -106,7 +106,7 @@ check_new_strings:
- public
- i18n
-check_l10n:
+l10n_QA:
allow_failure: true
cache:
key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG}
@@ -129,7 +129,7 @@ check_l10n:
- echo 'lets see if there are any BROKEN LINKS on the translations'
- l10n/bin/check_markdown_links.py i18n/
-translation_tests_page:
+build_tests_page:
stage: test_l10n
allow_failure: true
trigger: tpo/community/l10n
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] we need non-interactive apt, we were getting errors
commit dde82d0d47ee06f3aed094320d757c671468ae3a
Author: emma peel
Date: Tue Nov 2 21:02:18 2021 +0100
we need non-interactive apt, we were getting errors
---
.gitlab-ci.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 272e6da..4e7a6b2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,8 +17,9 @@ image: debian:buster-slim
'Dpkg::Use-Pty "0";' \
"Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
>> /etc/apt/apt.conf.d/99gitlab
- apt-get update -qq
- apt-get upgrade -qy
+ DEBIAN_FRONTEND=noninteractive apt-get update -qq
+ DEBIAN_FRONTEND=noninteractive apt-get upgrade -qy
+ DEBIAN_FRONTEND=noninteractive apt-get install git apt-utils
ca-certificates -y
variables:
GIT_SUBMODULE_STRATEGY: recursive
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-91.2.0esr-11.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
commit 57b1cff33bc2e2d3902978dda1c4098805691138
Author: Matthew Finkel
Date: Mon Nov 1 20:29:48 2021 +
fixup! TB4: Tor Browser's Firefox preference overrides.
---
browser/app/profile/000-tor-browser.js | 25 -
1 file changed, 25 deletions(-)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index ed8c4c8c80dd..867bcf2b662f 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -48,7 +48,6 @@ pref("browser.disableResetPrompt", true);
// Disk activity: Disable Browsing History Storage
pref("browser.privatebrowsing.autostart", true);
pref("browser.cache.disk.enable", false);
-pref("browser.cache.offline.enable", false);
pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("security.nocertdb", true);
@@ -69,8 +68,6 @@ pref("browser.sessionstore.privacy_level", 2);
// Use the in-memory media cache and increase its maximum size (#29120)
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
pref("media.memory_cache_max_size", 16384);
-// Disable site-specific browsing to avoid sharing site icons with the OS.
-pref("browser.ssb.enabled", false);
// Misc privacy: Remote
pref("browser.send_pings", false);
@@ -164,7 +161,6 @@ pref("dom.serviceWorkers.enabled", false);
pref("dom.push.enabled", false);
// Fingerprinting
-pref("webgl.disable-extensions", true);
pref("webgl.disable-fail-if-major-performance-caveat", true);
pref("webgl.enable-webgl2", false);
pref("gfx.downloadable_fonts.fallback_delay", -1);
@@ -177,9 +173,7 @@ pref("privacy.resistFingerprinting", true);
pref("privacy.resistFingerprinting.block_mozAddonManager", true); // Bug 26114
pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API
pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
-pref("dom.w3c_pointer_events.enabled", false);
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
-// Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web
Authentication API for now
// Disable SAB, no matter if the sites are cross-origin isolated.
pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
@@ -241,8 +235,6 @@ pref("network.protocol-handler.warn-external.snews", true);
// Make sure we don't have any GIO supported protocols (defense in depth
// measure)
pref("network.gio.supported-protocols", "");
-pref("plugin.disable", true); // Disable to search plugins on first start
-pref("plugin.state.flash", 0); // Disable for defense-in-depth
pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
// Disables media devices but only if `media.peerconnection.enabled` is set to
// `false` as well. (see bug 16328 for this defense-in-depth measure)
@@ -278,9 +270,6 @@ pref("network.file.disable_unc_paths", true);
// Enhance our treatment of file:// to avoid proxy bypasses (see Mozilla's bug
// 1412081)
pref("network.file.path_blacklist", "/net");
-// Make sure no enterprise policy can interfere with our proxy settings, see
-// #29916.
-pref("browser.policies.testing.disallowEnterprise", true);
// Security slider
pref("svg.in-content.enabled", true);
@@ -308,24 +297,15 @@ pref("extensions.autoDisableScopes", 0);
pref("extensions.bootstrappedAddons", "{}");
pref("extensions.checkCompatibility.4.*", false);
pref("extensions.databaseSchema", 3);
-pref("extensions.enabledAddons",
"https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5");
-pref("extensions.enabledItems",
"langpack-en...@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8");
pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 |
AddonManager.SCOPE_APPLICATION=4
pref("extensions.pendingOperations", false);
-pref("xpinstall.whitelist.add", "");
-pref("xpinstall.whitelist.add.36", "");
// We don't know what extensions Mozilla is advertising to our users and we
// don't want to have some random Google Analytics script running either on the
// about:addons page, see bug 22073, 22900 and 31601.
pref("extensions.getAddons.showPane", false);
pref("extensions.htmlaboutaddons.recommendations.enabled", false);
-// Show our legacy extensions directly on about:addons and get rid of the
-// warning for the default theme.
-pref("extensions.legacy.exceptions",
"{972ce4c6-7e08-4474-a285-3208198ce6fd},torbut...@torproject.org");
// Bug 26114: Allow NoScript to access addons.mozilla.org etc.
pref("extensions.webextensions.restrictedDomains", "");
-// Bug 28896: Make sure our bundled WebExtensions are running in Private
Browsing Mode
-pref("extensions.allowPrivateBrowsingByDefault",
[tor-commits] [tor-browser/tor-browser-91.2.0esr-11.0-1] squash! TB4: Tor Browser's Firefox preference overrides.
commit 1559973d238a958aad947367881c0678cda4dbb9
Author: Matthew Finkel
Date: Mon Nov 1 16:28:22 2021 +
squash! TB4: Tor Browser's Firefox preference overrides.
Bug 40177: Update prefs for Fx91esr
---
browser/app/profile/000-tor-browser.js | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/browser/app/profile/000-tor-browser.js
b/browser/app/profile/000-tor-browser.js
index 0952a3ad5cfc..ed8c4c8c80dd 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -53,6 +53,9 @@ pref("permissions.memory_only", true);
pref("network.cookie.lifetimePolicy", 2);
pref("security.nocertdb", true);
+// Enabled LSNG
+pref("dom.storage.next_gen", true);
+
// Disk activity: TBB Directory Isolation
pref("browser.download.useDownloadDir", false);
pref("browser.shell.checkDefaultBrowser", false);
@@ -119,11 +122,12 @@ pref("privacy.annotate_channels.strict_list.enabled",
false);
// Disable the Pocket extension (Bug #18886 and #31602)
pref("extensions.pocket.enabled", false);
-pref("network.http.referer.hideOnionSource", true);
// Disable use of WiFi location information
pref("browser.region.network.scan", false);
pref("browser.region.network.url", "");
+// Bug 40083: Make sure Region.jsm fetching is disabled
+pref("browser.region.update.enabled", false);
// Don't load Mozilla domains in a separate tab process
pref("browser.tabs.remote.separatedMozillaDomains", "");
@@ -177,6 +181,8 @@ pref("dom.w3c_pointer_events.enabled", false);
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
// Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web
Authentication API for now
+// Disable SAB, no matter if the sites are cross-origin isolated.
+pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
// Disable intermediate preloading (Bug 30682)
pref("security.remote_settings.intermediates.enabled", false);
// Bug 2874: Block Components.interfaces from content
@@ -190,8 +196,17 @@ pref("privacy.resistFingerprinting.letterboxing", true);
pref("dom.netinfo.enabled", false);
pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer
behavior consistent regardless of private browing mode status
pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148:
disable until audited in #40147
+pref("network.http.referer.hideOnionSource", true);
+// Bug 40463: Disable Windows SSO
+pref("network.http.windows-sso.enabled", false);
// Bug 40383: Disable new PerformanceEventTiming
pref("dom.enable_event_timing", false);
+// Disable API for measuring text width and height.
+pref("dom.textMetrics.actualBoundingBox.enabled", false);
+pref("dom.textMetrics.baselines.enabled", false);
+pref("dom.textMetrics.emHeight.enabled", false);
+pref("dom.textMetrics.fontBoundingBox.enabled", false);
+pref("pdfjs.enableScripting", false);
// Third party stuff
pref("privacy.firstparty.isolate", true); // Always enforce first party
isolation
@@ -199,6 +214,8 @@ pref("privacy.partition.network_state", false); // Disable
for now until audit
pref("network.cookie.cookieBehavior", 1);
pref("network.http.spdy.allow-push", false); // Disabled for now. See
https://bugs.torproject.org/27127
pref("network.predictor.enabled", false); // Temporarily disabled. See
https://bugs.torproject.org/16633
+// Bug 40177: Make sure tracker cookie purging is disabled
+pref("privacy.purge_trackers.enabled", false);
// Proxy and proxy security
pref("network.proxy.socks", "127.0.0.1");
@@ -207,6 +224,8 @@ pref("network.proxy.socks_remote_dns", true);
pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local
service vulns (#10419)
pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for
localhost (#31065)
pref("network.proxy.type", 1);
+// Bug 40548: Disable proxy-bypass
+pref("network.proxy.failover_direct", false);
pref("network.security.ports.banned", "9050,9051,9150,9151");
pref("network.dns.disabled", true); // This should cover the #5741 patch for
DNS leaks
pref("network.dns.disablePrefetch", true);
@@ -307,6 +326,8 @@ pref("extensions.legacy.exceptions",
"{972ce4c6-7e08-4474-a285-3208198ce6fd},tor
pref("extensions.webextensions.restrictedDomains", "");
// Bug 28896: Make sure our bundled WebExtensions are running in Private
Browsing Mode
pref("extensions.allowPrivateBrowsingByDefault", true);
+// Don't give Mozilla-recommended third-party extensions special privileges.
+pref("extensions.postDownloadThirdPartyPrompt", false);
// Toolbar layout
pref("browser.uiCustomization.state",
[tor-commits] [torbutton/master] fixup! Bug 40051: Implement 2021 Year End Campaign look in about:tor
commit dc009780a0dd76e8b4b2ab45e05fa3f29653d9e6
Author: Richard Pospesel
Date: Tue Nov 2 15:45:05 2021 +0100
fixup! Bug 40051: Implement 2021 Year End Campaign look in about:tor
---
chrome/skin/yec-activist.svg | 96 +---
chrome/skin/yec-placard.svg | 74 --
2 files changed, 53 insertions(+), 117 deletions(-)
diff --git a/chrome/skin/yec-activist.svg b/chrome/skin/yec-activist.svg
index cf874272..6a443a61 100644
--- a/chrome/skin/yec-activist.svg
+++ b/chrome/skin/yec-activist.svg
@@ -1,95 +1 @@
-http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink;>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+http://www.w3.org/2000/svg;
xmlns:xlink="http://www.w3.org/1999/xlink;>
\ No newline at end of file
diff --git a/chrome/skin/yec-placard.svg b/chrome/skin/yec-placard.svg
index 5d5637f2..dc35b73a 100644
--- a/chrome/skin/yec-placard.svg
+++ b/chrome/skin/yec-placard.svg
@@ -53,6 +53,13 @@
/* 22px font override */
text.font22 > tspan { font-size: 22px; }
+
+/* 20px font override */
+text.font20 > tspan { font-size: 20px; }
+
+/* 18px font override */
+text.font18 > tspan { font-size: 18px; }
+
@@ -95,13 +102,22 @@
-
+
+HÃNDE
+WEG
+VON MEINEN
+DATEN
-
+
+ÎÎΤΩ ΤÎ
+ΧÎΡÎÎ
+ÎΠΠΤÎ
+ÎÎÎÎÎÎÎÎ
+ÎÎÎ¥
@@ -135,17 +151,21 @@
-
-NE
-TOUCHEZ
-PAS Ã MES
-DONNÃES
+
+NE TOUCHEZ
+PAS
+Ã MES
+DONNÃES
-
+
+NÃ DRANN
+LE MO
+CHUID
+SONRAÃ
@@ -158,9 +178,10 @@
-EL A
-KEZEKKEL AZ
-ADATAIMTÃL
+EL A
+KEZEKKEL
+AZ
+ADATAIMTÃL
@@ -208,7 +229,12 @@
-
+
+Ð ÐЦÐТÐ
+ÐÐÐÐСТРÐÐÐ
+ÐÐ
+ÐÐÐТÐ
+ÐÐÐÐТÐЦÐ
@@ -232,7 +258,10 @@
-
+
+HANDEN AF
+VAN MIJN
+GEGEVENS
@@ -270,10 +299,11 @@
-
-HÃNDERNA
-BORT FRÃ
N
-MINA DATA
+
+HÃNDERNA
+BORT FRÃ
N
+MINA
+DATA
@@ -318,13 +348,13 @@
-
-
+
+
-
+
@@ -334,11 +364,11 @@
-
+
-
+
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torbutton/master] Merge remote-tracking branch 'richardgl/40680'
commit 39c11ad666eceb9b145d5825ad24a050e5c09aa2 Merge: 8fc112b7 dc009780 Author: Matthew Finkel Date: Tue Nov 2 18:55:38 2021 + Merge remote-tracking branch 'richardgl/40680' chrome/skin/yec-activist.svg | 96 +--- chrome/skin/yec-placard.svg | 74 -- 2 files changed, 53 insertions(+), 117 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tpo/master] Update lego
commit 0bfc1de821734e5d9ac996cebcb754cd65c1da72 Author: gus Date: Tue Nov 2 15:32:37 2021 -0300 Update lego --- lego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lego b/lego index c615f285..637cc6c7 16 --- a/lego +++ b/lego @@ -1 +1 @@ -Subproject commit c615f285b3ecdde226b02809f2181aeb30ee7ca7 +Subproject commit 637cc6c7d5997334be6c0ef7dc63500919ae7e22 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [styleguide/master] Update lego
commit 726c939f6d3ab4c61bdca411f36aeda78204 Author: gus Date: Tue Nov 2 15:32:06 2021 -0300 Update lego --- lego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lego b/lego index c8ed9e1..637cc6c 16 --- a/lego +++ b/lego @@ -1 +1 @@ -Subproject commit c8ed9e1d9cd895cdfb1a9b18822310b40cc93f58 +Subproject commit 637cc6c7d5997334be6c0ef7dc63500919ae7e22 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [manual/master] Update lego
commit 6b6c5011e6efce3dec7c5f7e23336bbcb81f7d77 Author: gus Date: Tue Nov 2 15:31:39 2021 -0300 Update lego --- lego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lego b/lego index 796f47c..637cc6c 16 --- a/lego +++ b/lego @@ -1 +1 @@ -Subproject commit 796f47cab97c1b574411006bc1c832ba205c3acd +Subproject commit 637cc6c7d5997334be6c0ef7dc63500919ae7e22 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/master] Update lego
commit 253a712d191ddcb61f2b7fcfd377ef20bc8397ae Author: gus Date: Tue Nov 2 15:30:58 2021 -0300 Update lego --- lego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lego b/lego index bc96ee5..637cc6c 16 --- a/lego +++ b/lego @@ -1 +1 @@ -Subproject commit bc96ee58985e63529559653e14b42430ad972c10 +Subproject commit 637cc6c7d5997334be6c0ef7dc63500919ae7e22 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tpo/master] Add brand designer job posting
commit 8d3832ca070a6585377e9d047d264b1359c19df7 Author: HackerNCoder Date: Tue Nov 2 00:31:30 2021 + Add brand designer job posting Fix #252 --- content/about/jobs/brand-designer/contents.lr | 78 +++ 1 file changed, 78 insertions(+) diff --git a/content/about/jobs/brand-designer/contents.lr b/content/about/jobs/brand-designer/contents.lr new file mode 100644 index ..e7f20e1b --- /dev/null +++ b/content/about/jobs/brand-designer/contents.lr @@ -0,0 +1,78 @@ +_model: job +--- +_template: about.html +--- +section: about +--- +section_id: about +--- +active: yes +--- +title: Brand Designer For User Experience (UX) Team +--- +color: primary +--- +summary: +Internet Freedom Nonprofit Seeks Brand Designed for User Experience Team + +The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking a Brand Designer to be a part of the User Experience Team. + +As a Brand Designer, you will be responsible for the creative direction of The Tor Project's identity wherever it is presented, ensuring our visual language is both compelling and cohesive across the organization. + +Though small, the UX Team at the Tor Project is a "full stack" design team â encompassing the disciplines of graphic design, interface design, experience design, and ethical user research. Our mission is to promote the principles of human-centered design across the organization and the wider Tor community, improving our users' experiences at each point along the way. + +This is a full-time remote position. Salary T.B.D. +--- +description: + +## Brand Designer for User Experience (UX) Team +*November 2, 2021* + +## Job Requirements + +In this role, you will: + +- Establish a clear identity and brand voice, including the development of a multi-platform brand style guide to provide greater consistency going forward. +- Lead the creative development of our annual Year End Campaign, alongside other major fundraising and awareness campaigns throughout the year. - Support broader content marketing efforts on social media, email, the Tor Project blog, press releases and more. +- Produce and manage the Tor Project's documentation templates, including reports, presentations, workshop and training materials, and anything else required by the team. +- Create high-fidelity web designs, particularly for the websites we operate that are less technical and more brand focussed (e.g. www.torproject.org). +- Collaborate extensively with and receive design critiques from the User Experience, Communications, and Fundraising teams. + +Additionally, you will occasionally be expected to provide ad hoc product design support for the UX Team, including the creation of high-fidelity user interface designs and helping to maintain our web and product design systems. However, you will not be expected to undertake complex User Experience and/or Information Architecture tasks, and support from a dedicated UX Designer will always be available. + +### Required Experience + +- Experience designing primarily for digital brands. Although we do some print material, our audience and brand is online. +- Ability to produce original illustrations, iconography and a good understanding of typography (on that last point, we advocate for using Free and Open Source fonts wherever possible). +- Excellent proficiency with vector design tools. +- High level of organization in all aspects of the design process, from producing clean vectors, to the organization of your design files, and maintaining consistency with established style guides wherever possible. +- Comfortable working remotely with a global team distributed across many timezones. +- Sufficient proficiency in English to be able to accurately present and receive feedback on your work. + +### Preferred Experience (not required) + +- Experience collaborating with other designers in Figma, our vector design tool of choice. However should you not have experience with Figma directly â don't worry! It should be easy for anyone used to Adobe Illustrator, Inkscape, Sketch, Adobe XD or similar software to pick up. +- A history of designing or advocating for the causes of free-software, open source technology, human-rights, privacy, censorship-circumvention or an interest in internet-freedom in general. +- Familiarity with the challenges faced by our users who are subject to surveillance and censorship. - Experience producing 3D graphics or short animations â although this is not neccessary for the role, and would simply be an added bonus. + +## How to Apply + +To apply, submit a cover letter, your CV/resumé and a link to or copy of a portfolio featuring recent samples of your work. In your cover letter, please include the reason you want to work at the Tor Project and explain how your
[tor-commits] [newsletter/master] Small fix
commit 199740ec08c3c877b175c9e4c334eb326bcbdbc9 Author: gus Date: Tue Nov 2 15:21:21 2021 -0300 Small fix --- content/archive/privacy-is-a-human-right/text/contents.lr | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/archive/privacy-is-a-human-right/text/contents.lr b/content/archive/privacy-is-a-human-right/text/contents.lr index 2bf9db7..96e2dec 100644 --- a/content/archive/privacy-is-a-human-right/text/contents.lr +++ b/content/archive/privacy-is-a-human-right/text/contents.lr @@ -16,7 +16,7 @@ Every year, the 501(c)(3) nonprofit that builds and distributes the technology b This year, our message is simple: Privacy is a human right. Privacy is about protecting what makes us humans: our day-to-day behavior, our personality, our fears, our relationships, and our vulnerabilities. Everyone deserves privacy. -However, governments, corporations, and other powerful entities block us from exercising our right to privacy in many different ways. And that's why Tor is hereâto help you exercise your human right to privacy even when itâs not easy. +However, governments, corporations, and other powerful entities block us from exercising our right to privacy in many different ways. And that's why Tor is hereâto help you exercise your human right to privacy even when it's not easy. Stand up for the human right to privacy by supporting Tor. Your donations will be matched, 1:1, by Friends of Tor now through the end of the year: https://torproject.org/donate/donate-phr-tn1. @@ -30,7 +30,7 @@ We invite the Tor community to join the Tor Forum and contribute with us! https: ## [Celebrating the first Global Encryption Day](https://blog.torproject.org/first-global-encryption-day) -This month we celebrated the very first Global Encryption Day, organized by the Global Encryption Coalition, where we are a member. Global Encryption Day is an opportunity for businesses, civil society organizations, technologists, and millions of Internet users worldwide to show our communities why encryption matters. Itâs also a day for all of us to pledge to Make the Switch to encrypted services (like Tor!) and prioritize our privacy and security online. +This month we celebrated the very first Global Encryption Day, organized by the Global Encryption Coalition, where we are a member. Global Encryption Day is an opportunity for businesses, civil society organizations, technologists, and millions of Internet users worldwide to show our communities why encryption matters. It's also a day for all of us to pledge to Make the Switch to encrypted services (like Tor!) and prioritize our privacy and security online. On our blog, learn more about Global Encryption Day and the Global Encryption Day Statement, which the Tor Project and more than 140 other organizations signed this year: https://blog.torproject.org/first-global-encryption-day. @@ -54,7 +54,7 @@ https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Monthly-Tor-Localizatio * Arti 0.0.1 https://forum.torproject.net/t/arti-0-0-1-is-released-an-embeddable-tor-client-in-rust/ -(Oct. 29) An embeddable Tor client in Rust. Our main goal for the 0.0.1 release has been to have no critical missing security features. There are probably still a lot of bugs, though, so you shouldnât use this in production yet. +(Oct. 29) An embeddable Tor client in Rust. Our main goal for the 0.0.1 release has been to have no critical missing security features. There are probably still a lot of bugs, though, so you shouldn't use this in production yet. * Tor Browser 10.5.10 https://blog.torproject.org/new-release-tor-browser-10510 @@ -82,7 +82,7 @@ https://blog.torproject.org/new-release-tor-browser-1058 ## What We're Reading -* Beyond the VPN: Ultimate online privacy, with The Tor Projectâs Isabela Bagueros, Fast Company. https://blog.malwarebytes.com/podcast/2021/10/beyond-the-vpn-ultimate-online-privacy-with-the-tor-projects-isabella-bagueros-lock-and-code-s02e20/ +* Beyond the VPN: Ultimate online privacy, with The Tor Project's Isabela Bagueros, Fast Company. https://blog.malwarebytes.com/podcast/2021/10/beyond-the-vpn-ultimate-online-privacy-with-the-tor-projects-isabella-bagueros-lock-and-code-s02e20/ * Will the Right to Protest survive its migration online?, Access Now. https://www.accessnow.org/right-to-protest-migration-online/ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [lego/master] Merge branch 'new-yec-assets'
commit 637cc6c7d5997334be6c0ef7dc63500919ae7e22 Merge: e8a3708 b3c42c9 Author: gus Date: Tue Nov 2 15:17:30 2021 -0300 Merge branch 'new-yec-assets' .../css/images/home/png/yec-activist-de_2x.png | Bin 0 -> 110663 bytes .../css/images/home/png/yec-activist-de_3x.png | Bin 0 -> 195473 bytes .../css/images/home/png/yec-activist-el_2x.png | Bin 0 -> 112030 bytes .../css/images/home/png/yec-activist-el_3x.png | Bin 0 -> 203742 bytes .../static/css/images/home/png/yec-activist-en.png | Bin 113486 -> 46095 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 101683 -> 109376 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 184475 -> 193432 bytes .../css/images/home/png/yec-activist-es...@2x.png | Bin 101819 -> 109527 bytes .../css/images/home/png/yec-activist-es...@3x.png | Bin 184973 -> 193872 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 101735 -> 109432 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 184868 -> 193701 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 103750 -> 110670 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 188187 -> 195745 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 103724 -> 111450 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 188633 -> 196999 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 102212 -> 109911 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 185483 -> 194222 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 101985 -> 109736 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 184955 -> 199093 bytes .../css/images/home/png/yec-activist-mk_2x.png | Bin 0 -> 111282 bytes .../css/images/home/png/yec-activist-mk_3x.png | Bin 0 -> 196934 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 103811 -> 60 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 188400 -> 196135 bytes .../css/images/home/png/yec-activist-pt...@2x.png | Bin 104309 -> 111899 bytes .../css/images/home/png/yec-activist-pt...@3x.png | Bin 188719 -> 197411 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 102749 -> 110552 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 187370 -> 196092 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 104389 -> 111680 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 189594 -> 197226 bytes .../css/images/home/png/yec-activist...@2x.png | Bin 101266 -> 108915 bytes .../css/images/home/png/yec-activist...@3x.png | Bin 183810 -> 192693 bytes .../css/images/home/png/yec-activist-zh...@2x.png | Bin 102251 -> 109923 bytes .../css/images/home/png/yec-activist-zh...@3x.png | Bin 185914 -> 194696 bytes .../static/css/images/home/svg/yec-activist-de.svg | 1 + .../static/css/images/home/svg/yec-activist-el.svg | 1 + .../static/css/images/home/svg/yec-activist-en.svg | 2 +- .../css/images/home/svg/yec-activist-es-AR.svg | 2 +- .../static/css/images/home/svg/yec-activist-es.svg | 2 +- .../static/css/images/home/svg/yec-activist-fr.svg | 2 +- .../static/css/images/home/svg/yec-activist-ga.svg | 2 +- .../static/css/images/home/svg/yec-activist-hr.svg | 2 +- .../static/css/images/home/svg/yec-activist-hu.svg | 2 +- .../static/css/images/home/svg/yec-activist-mk.svg | 1 + .../static/css/images/home/svg/yec-activist-nl.svg | 2 +- .../css/images/home/svg/yec-activist-pt-BR.svg | 2 +- .../static/css/images/home/svg/yec-activist-ru.svg | 2 +- .../static/css/images/home/svg/yec-activist-sv.svg | 2 +- .../static/css/images/home/svg/yec-activist-tr.svg | 2 +- .../css/images/home/svg/yec-activist-zh-CN.svg | 2 +- 49 files changed, 16 insertions(+), 13 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [lego/master] Merge branch 'missing-string'
commit e8a370880cfd329d7c92498f0fe1e2688ba9df5b Merge: 73a55e5 a8d732e Author: gus Date: Tue Nov 2 15:13:35 2021 -0300 Merge branch 'missing-string' templates/navbar.html | 1 + 1 file changed, 1 insertion(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
