July 2015 - tbb-commits - lists.torproject.org

[tor-browser/tor-browser-38.1.0esr-5.0-1] fixup! Bug 12827: Create preference to disable SVG.
by brade＠torproject.org 24 Jul '15

24 Jul '15

commit 11ae3936ba9ff583f06e3b25585443fe01d8cee3 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Jul 24 10:42:31 2015 -0400 fixup! Bug 12827: Create preference to disable SVG. Fix typo in comment. --- dom/base/Element.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp index bd795b2..0e40d5b 100644 --- a/dom/base/Element.cpp +++ b/dom/base/Element.cpp @@ -144,7 +144,7 @@ using namespace mozilla; using namespace mozilla::dom; // These IsSVG() methods were moved here from nsIContent.h because including -// nsSVGUtils.h in nsIContent.h (needed to to pick up the NS_SVGEnabled() +// nsSVGUtils.h in nsIContent.h (needed to pick up the NS_SVGEnabled() // prototype) creates a circular dependency: nsSVGUtils.h includes other // headers that define functions that require the complete definition of // nsPresContext... but nsPresContext.h includes nsIPresShell.h, which in turn

1 0

[tor-browser-bundle/master] Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt
by gk＠torproject.org 24 Jul '15

24 Jul '15

commit 748c56459b1304207502754d8541c089edc4051a Author: Nicolas Vigier <boklm(a)mars-attacks.org> Date: Mon Jul 20 19:59:27 2015 +0200 Bug #15864: rename sha256sums.txt to sha256sums-unsigned-build.txt And sha256sums.incrementals.txt to sha256sums-unsigned-build.incrementals.txt. --- gitian/README.build | 13 +++++++------ gitian/check-match.sh | 20 ++++++++++---------- gitian/hash-bundles.sh | 13 ++++++++++--- gitian/upload-signature.sh | 12 ++++++------ tools/authenticode_check.sh | 4 ++-- tools/update-responses/update_responses | 12 +++++++----- 6 files changed, 42 insertions(+), 32 deletions(-) diff --git a/gitian/README.build b/gitian/README.build index 4b211a0..656dddd 100644 --- a/gitian/README.build +++ b/gitian/README.build @@ -118,14 +118,15 @@ Detailed Explanation of Scripts: inputs for inclusion in the 'Docs/sources' subdirectory of the bundles themselves. - 10. hash-bundles.sh: This script generates a 'sha256sums.txt' file in sorted, - reproducible order. + 10. hash-bundles.sh: This script generates a 'sha256sums-unsigned-build.txt' + file in sorted, reproducible order. - 11. check-match.sh: This script checks your 'sha256sums.txt' file against - any signed, published builds. + 11. check-match.sh: This script checks your 'sha256sums-unsigned-build.txt' + file against any signed, published builds. - 12. upload-signature.sh: This script signs and uploads your 'sha256sums.txt' - file (for use if you are an official builder). + 12. upload-signature.sh: This script signs and uploads your + 'sha256sums-unsigned-build.txt' file (for use if you are an official + builder). 13. signmars.sh: This script generates the signatures on the update (.mar) files. It expects an nssdb directory, containing the key, in the same directory (i.e. tor-browser-bundle/gitian where it is located, too) and diff --git a/gitian/check-match.sh b/gitian/check-match.sh index 71a57f2..e264ef3 100755 --- a/gitian/check-match.sh +++ b/gitian/check-match.sh @@ -37,24 +37,24 @@ do mkdir -p $TORBROWSER_BUILDDIR/$u cd $TORBROWSER_BUILDDIR/$u - wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt || continue - wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.txt.asc || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc || continue keyring="../../gpg/$u.gpg" # XXX: Remove this dir gpghome=$(mktemp -d) GNUPGHOME="$gpghome" gpg --import "$keyring" - GNUPGHOME="$gpghome" gpg sha256sums.txt.asc || exit 1 + GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.txt.asc || exit 1 - diff -u ../sha256sums.txt sha256sums.txt || exit 1 + diff -u ../sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt || exit 1 VALID="$u $VALID" done cd ../.. # XXX: We should refactor this code into a shared function -if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ] +if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ] then for u in $USERS do @@ -64,17 +64,17 @@ then mkdir -p $TORBROWSER_BUILDDIR/$u cd $TORBROWSER_BUILDDIR/$u - wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt || continue - wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc || continue keyring="../../gpg/$u.gpg" # XXX: Remove this dir gpghome=$(mktemp -d) GNUPGHOME="$gpghome" gpg --import "$keyring" - GNUPGHOME="$gpghome" gpg sha256sums.incrementals.txt.asc || exit 1 + GNUPGHOME="$gpghome" gpg sha256sums-unsigned-build.incrementals.txt.asc || exit 1 - diff -u ../sha256sums.incrementals.txt sha256sums.incrementals.txt || exit 1 + diff -u ../sha256sums-unsigned-build.incrementals.txt sha256sums-unsigned-build.incrementals.txt || exit 1 VALID_incrementals="$u $VALID_incrementals" done @@ -91,7 +91,7 @@ else echo "Matching bundles exist from the following users: $VALID" fi -if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ] +if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ] then if [ -z "$VALID_incrementals" ] then diff --git a/gitian/hash-bundles.sh b/gitian/hash-bundles.sh index fe04699..006ed0b 100755 --- a/gitian/hash-bundles.sh +++ b/gitian/hash-bundles.sh @@ -19,11 +19,11 @@ eval $(./get-tb-version $TORBROWSER_VERSION_TYPE) export LC_ALL=C cd $TORBROWSER_BUILDDIR -rm -f sha256sums.txt sha256sums.incrementals.txt -sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums.txt +rm -f sha256sums-unsigned-build.txt sha256sums-unsigned-build.incrementals.txt +sha256sum `ls -1 | grep -v '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.txt if ls -1 | grep -q '\.incremental\.mar$' then - sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums.incrementals.txt + sha256sum `ls -1 | grep '\.incremental\.mar$' | sort` > sha256sums-unsigned-build.incrementals.txt echo echo "If this is an official build, you should now sign your result with: " echo " make sign" @@ -42,4 +42,11 @@ else echo " make incrementals && make hash" fi +cat > .htaccess <<EOF +RewriteEngine On +RewriteRule ^sha256sums.txt$ sha256sums-unsigned-build.txt +RewriteRule ^sha256sums.txt.asc$ sha256sums-unsigned-build.txt.asc +RewriteRule ^sha256sums.incrementals.txt$ sha256sums-unsigned-build.incrementals.txt +RewriteRule ^sha256sums.incrementals.txt.asc$ sha256sums-unsigned-build.incrementals.txt.asc +EOF diff --git a/gitian/upload-signature.sh b/gitian/upload-signature.sh index c403cd5..41a01f6 100755 --- a/gitian/upload-signature.sh +++ b/gitian/upload-signature.sh @@ -23,20 +23,20 @@ fi . $VERSIONS_FILE eval $(./get-tb-version $TORBROWSER_VERSION_TYPE) -if [ ! -f $TORBROWSER_BUILDDIR/sha256sums.txt.asc ]; +if [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.txt.asc ]; then - pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.txt + pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.txt popd fi -if [ -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt ] \ - && [ ! -f $TORBROWSER_BUILDDIR/sha256sums.incrementals.txt.asc ] +if [ -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt ] \ + && [ ! -f $TORBROWSER_BUILDDIR/sha256sums-unsigned-build.incrementals.txt.asc ] then - pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums.incrementals.txt + pushd $TORBROWSER_BUILDDIR && gpg -abs sha256sums-unsigned-build.incrementals.txt popd fi ssh $HOST "mkdir -p $BASE_DIR/$TORBROWSER_BUILDDIR" -scp $TORBROWSER_BUILDDIR/sha256sums*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/ +scp $TORBROWSER_BUILDDIR/.htaccess $TORBROWSER_BUILDDIR/sha256sums-unsigned-build*.txt* $HOST:$BASE_DIR/$TORBROWSER_BUILDDIR/ ssh $HOST "chmod 755 $BASE_DIR/$TORBROWSER_BUILDDIR && chmod 644 $BASE_DIR/$TORBROWSER_BUILDDIR/*" diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh index 646fdce..32b1f92 100755 --- a/tools/authenticode_check.sh +++ b/tools/authenticode_check.sh @@ -32,7 +32,7 @@ # Usage: # 1) Let OSSLSIGNCODE point to your osslsigncode binary -# 2) Change into the directory containing the .exe files and the sha256sums.txt +# 2) Change into the directory containing the .exe files and the sha256sums-unsigned-build.txt # 3) Run /path/to/authenticode_check.sh if [ -z "$OSSLSIGNCODE" ] @@ -47,7 +47,7 @@ BADSIGNED_BUNDLES=0 mkdir tmp for f in `ls *.exe`; do - SHA256_TXT=`grep "$f" sha256sums.txt` + SHA256_TXT=`grep "$f" sha256sums-unsigned-build.txt` # Test 1: Is the .exe file still unsigned? I.e. does its SHA 256 sum still # match the one we had before we signed the .exe file? If so, notify us diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses index 07efc7c..d238d3a 100755 --- a/tools/update-responses/update_responses +++ b/tools/update-responses/update_responses @@ -415,20 +415,22 @@ sub download_version { my $destdir = "$releases_dir/$version"; my $urldir = "$config->{download}{archive_url}/$version"; print "Downloading version $version\n"; - foreach my $file (qw(sha256sums.txt sha256sums.txt.asc)) { + foreach my $file (qw(sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { exit_error "Error downloading $urldir/$file"; } } if (system('gpg', '--no-default-keyring', '--keyring', $config->{download}{gpg_keyring}, '--verify', - "$tmpdir/sha256sums.txt.asc", "$tmpdir/sha256sums.txt")) { + "$tmpdir/sha256sums-unsigned-build.txt.asc", + "$tmpdir/sha256sums-unsigned-build.txt")) { exit_error "Error checking gpg signature for version $version"; } mkdir $destdir; - move "$tmpdir/sha256sums.txt.asc", "$destdir/sha256sums.txt.asc"; - move "$tmpdir/sha256sums.txt", "$destdir/sha256sums.txt"; - my %sums = map { chomp; reverse split ' ', $_ } read_file "$destdir/sha256sums.txt"; + move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + my %sums = map { chomp; reverse split ' ', $_ } + read_file "$destdir/sha256sums-unsigned-build.txt"; foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) { print "Downloading $file\n"; exit_error "Error downloading $urldir/$file\n"

1 0

[tor-browser-bundle/master] Bug 16634: Use new CDN endpoint for meek-azure
by gk＠torproject.org 24 Jul '15

24 Jul '15

commit dc8b7fd3bc7308dbe64d40c4b901507a066e7175 Author: David Fifield <david(a)bamsoftware.com> Date: Tue Jul 21 21:43:17 2015 -0700 Bug 16634: Use new CDN endpoint for meek-azure The old endpoint is currently not working because of an account snafu (https://lists.torproject.org/pipermail/tor-talk/2015-July/038496.html) We use https://az786092.vo.msecnd.net/ instead now. --- Bundle-Data/PTConfigs/bridge_prefs.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 5137356..5f7a5ae 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -33,4 +33,4 @@ pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 104.131.108.182:568 pref("extensions.torlauncher.default_bridge.meek-google.1", "meek 0.0.2.0:1 46D4A71197B8FA515A826C6B017C522FE264655B url=https://meek-reflect.appspot.com/ front=www.google.com"); pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 4EE0CC769EB4B15A872F742EDE27D298A59DCADE url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com"); -pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az668014.vo.msecnd.net/ front=ajax.aspnetcdn.com"); +pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com");

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] Merge branch 'bug_16523' into tor-browser-38.1.0esr-5.0-1
by gk＠torproject.org 24 Jul '15

24 Jul '15

commit 620bf44ce7db28abb88cdddbf2e8004fe48726b8 Merge: f5fb906 dea08c8 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Jul 24 07:51:33 2015 +0000 Merge branch 'bug_16523' into tor-browser-38.1.0esr-5.0-1 browser/app/profile/000-tor-browser.js | 4 ++++ 1 file changed, 4 insertions(+)

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 24 Jul '15

24 Jul '15

commit dea08c89c60f955a28252b8ce9523fcd50133e56 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Jul 23 10:59:26 2015 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. Bug 16523: Chrome JavaScript debugger is broken --- browser/app/profile/000-tor-browser.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 52fa327..aee7a83 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -158,6 +158,10 @@ pref("devtools.webide.autoinstallADBHelper", false); pref("devtools.webide.autoinstallFxdtAdapters", false); pref("devtools.webide.enabled", false); pref("devtools.appmanager.enabled", false); +// The in-browser debugger for debugging chrome code is not coping with our +// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as +// a workaround. See bug 16523 for more details. +pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); // Security slider pref("svg.in-content.enabled", true);

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] fixup! Bug 12827: Create preference to disable SVG.
by mikeperry＠torproject.org 24 Jul '15

24 Jul '15

commit 9e59dae7fdb9527f688b03fa314e917712024d4b Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Jul 21 15:46:12 2015 -0400 fixup! Bug 12827: Create preference to disable SVG. Add NS_SVGEnabled() checks to the nsIContent::IsSVG() methods to avoid crashing due to code that assumes elements with an SVG namespace are always represented by nsSVGElement objects (some existing Mozilla code uses static_cast to convert to an nsSVGElement pointer). Also, cache the SVG enabled/disabled status within each document so that it persists until the document is reloaded. Also fix another case where the HTML parser failed to check for a failed QI. Fixes ticket #16495. --- dom/base/Element.cpp | 20 ++++++++++++++++ dom/base/nsDocument.cpp | 5 +++- dom/base/nsIContent.h | 10 ++------ dom/base/nsIDocument.h | 25 ++++++++++++++++++++ layout/svg/nsSVGUtils.cpp | 39 +++++++++++++++++++++++++++----- layout/svg/nsSVGUtils.h | 1 + parser/html/nsHtml5DocumentBuilder.cpp | 24 ++++++++++---------- 7 files changed, 97 insertions(+), 27 deletions(-) diff --git a/dom/base/Element.cpp b/dom/base/Element.cpp index 02035f4..bd795b2 100644 --- a/dom/base/Element.cpp +++ b/dom/base/Element.cpp @@ -143,6 +143,26 @@ using namespace mozilla; using namespace mozilla::dom; +// These IsSVG() methods were moved here from nsIContent.h because including +// nsSVGUtils.h in nsIContent.h (needed to to pick up the NS_SVGEnabled() +// prototype) creates a circular dependency: nsSVGUtils.h includes other +// headers that define functions that require the complete definition of +// nsPresContext... but nsPresContext.h includes nsIPresShell.h, which in turn +// includes nsIContent.h. +bool +nsIContent::IsSVG() const +{ + return NS_SVGEnabled(mNodeInfo->GetDocument()) && + IsInNamespace(kNameSpaceID_SVG); +} + +bool +nsIContent::IsSVG(nsIAtom* aTag) const +{ + return NS_SVGEnabled(mNodeInfo->GetDocument()) && + mNodeInfo->Equals(aTag, kNameSpaceID_SVG); +} + nsIAtom* nsIContent::DoGetID() const { diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 47f611e..c30306f 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -1575,7 +1575,8 @@ nsIDocument::nsIDocument() mIsBeingUsedAsImage(false), mHasLinksToUpdate(false), mPartID(0), - mDidFireDOMContentLoaded(true) + mDidFireDOMContentLoaded(true), + mSVGStatus(mozilla::dom::SVGStatus_Unknown) { SetInDocument(); @@ -2420,6 +2421,8 @@ nsDocument::ResetToURI(nsIURI *aURI, nsILoadGroup *aLoadGroup, mXMLDeclarationBits = 0; + mSVGStatus = SVGStatus_Unknown; + // Now get our new principal if (aPrincipal) { SetPrincipal(aPrincipal); diff --git a/dom/base/nsIContent.h b/dom/base/nsIContent.h index b0a251f3..135e79e 100644 --- a/dom/base/nsIContent.h +++ b/dom/base/nsIContent.h @@ -274,15 +274,9 @@ public: return mNodeInfo->Equals(aTag, kNameSpaceID_XHTML); } - inline bool IsSVG() const - { - return IsInNamespace(kNameSpaceID_SVG); - } + bool IsSVG() const; - inline bool IsSVG(nsIAtom* aTag) const - { - return mNodeInfo->Equals(aTag, kNameSpaceID_SVG); - } + bool IsSVG(nsIAtom* aTag) const; inline bool IsXUL() const { diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index 8c8fd7b..201d59f 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -143,6 +143,12 @@ struct FullScreenOptions { nsRefPtr<gfx::VRHMDInfo> mVRHMDDevice; }; +typedef enum { + SVGStatus_Unknown = 0, + SVGStatus_Enabled, + SVGStatus_Disabled +} SVGStatus; + } // namespace dom } // namespace mozilla @@ -617,6 +623,22 @@ public: } /** + * Get the cached SVG status for this document. + */ + mozilla::dom::SVGStatus GetSVGStatus() const + { + return mSVGStatus; + } + + /** + * Set the cached SVG status for this document. + */ + void SetSVGStatus(mozilla::dom::SVGStatus svgStatus) + { + mSVGStatus = svgStatus; + } + + /** * Access HTTP header data (this may also get set from other * sources, like HTML META tags). */ @@ -2874,6 +2896,9 @@ protected: // Our live MediaQueryLists PRCList mDOMMediaQueryLists; + + // Cached value that indicates whether SVG is enabled for this document. + mozilla::dom::SVGStatus mSVGStatus; }; NS_DEFINE_STATIC_IID_ACCESSOR(nsIDocument, NS_IDOCUMENT_IID) diff --git a/layout/svg/nsSVGUtils.cpp b/layout/svg/nsSVGUtils.cpp index 0b820ee..c2b6608 100644 --- a/layout/svg/nsSVGUtils.cpp +++ b/layout/svg/nsSVGUtils.cpp @@ -54,6 +54,7 @@ #include "nsContentUtils.h" #include "SVGContentUtils.h" #include "mozilla/unused.h" +#include "nsIDocument.h" using namespace mozilla; using namespace mozilla::dom; @@ -67,11 +68,27 @@ static bool sSVGNewGetBBoxEnabled; // Determine if SVG should be enabled for aDoc. The svg.in-content.enabled // preference is checked as well as whether aDoc is a content or chrome doc. -// If aChannel is NULL, the pref. value is returned. +// If aDoc is NULL, the pref. value is returned. +// Once we determine whether SVG is allowed for a given document, we record +// that fact inside the document. This is necessary to avoid crashes due +// to code that uses static_cast to cast an element object to an nsSVGElement +// object. When SVG is disabled, <svg> and related tags are not represented +// by nsSVGElement objects. bool NS_SVGEnabled(nsIDocument *aDoc) { - return NS_SVGEnabledForChannel(aDoc ? aDoc->GetChannel() : nullptr); + if (!aDoc) + return NS_SVGEnabledForChannel(nullptr); + + mozilla::dom::SVGStatus svgStatus = aDoc->GetSVGStatus(); + if (svgStatus == mozilla::dom::SVGStatus_Unknown) + { + svgStatus = NS_SVGEnabledForChannel(aDoc->GetChannel()) ? + mozilla::dom::SVGStatus_Enabled : mozilla::dom::SVGStatus_Disabled; + aDoc->SetSVGStatus(svgStatus); + } + + return (svgStatus == mozilla::dom::SVGStatus_Enabled); } // Determine if SVG should be enabled for aChannel. The svg.in-content.enabled @@ -948,10 +965,11 @@ nsSVGUtils::GetBBox(nsIFrame *aFrame, uint32_t aFlags) // needs investigation to check that we won't break too much content. // NOTE: When changing this to apply to other frame types, make sure to // also update nsSVGUtils::FrameSpaceInCSSPxToUserSpaceOffset. - MOZ_ASSERT(content->IsSVG(), "bad cast"); - nsSVGElement *element = static_cast<nsSVGElement*>(content); - matrix = element->PrependLocalTransformsTo(matrix, + if (content->IsSVG()) { + nsSVGElement *element = static_cast<nsSVGElement*>(content); + matrix = element->PrependLocalTransformsTo(matrix, nsSVGElement::eChildToUserSpace); + } } bbox = svg->GetBBoxContribution(ToMatrix(matrix), aFlags).ToThebesRect(); // Account for 'clipped'. @@ -1151,7 +1169,9 @@ nsSVGUtils::GetNonScalingStrokeTransform(nsIFrame *aFrame, } nsIContent *content = aFrame->GetContent(); - MOZ_ASSERT(content->IsSVG(), "bad cast"); + if (!content->IsSVG()) { + return false; + } *aUserToOuterSVG = ThebesMatrix(SVGContentUtils::GetCTM( static_cast<nsSVGElement*>(content), true)); @@ -1442,6 +1462,10 @@ nsSVGUtils::GetStrokeWidth(nsIFrame* aFrame, gfxTextContextPaint *aContextPaint) content = content->GetParent(); } + if (!aFrame->GetContent()->IsSVG()) { + return 0.0; + } + nsSVGElement *ctx = static_cast<nsSVGElement*>(content); return SVGContentUtils::CoordToFloat(ctx, style->mStrokeWidth); @@ -1455,6 +1479,9 @@ GetStrokeDashData(nsIFrame* aFrame, { const nsStyleSVG* style = aFrame->StyleSVG(); nsIContent *content = aFrame->GetContent(); + if (!content->IsSVG()) { + return false; + } nsSVGElement *ctx = static_cast<nsSVGElement*> (content->IsNodeOfType(nsINode::eTEXT) ? content->GetParent() : content); diff --git a/layout/svg/nsSVGUtils.h b/layout/svg/nsSVGUtils.h index 7b3edbb..16e73b6 100644 --- a/layout/svg/nsSVGUtils.h +++ b/layout/svg/nsSVGUtils.h @@ -30,6 +30,7 @@ class gfxContext; class gfxPattern; class nsFrameList; +class nsIChannel; class nsIContent; class nsIDocument; class nsIFrame; diff --git a/parser/html/nsHtml5DocumentBuilder.cpp b/parser/html/nsHtml5DocumentBuilder.cpp index 08e4d8a..4a705c5 100644 --- a/parser/html/nsHtml5DocumentBuilder.cpp +++ b/parser/html/nsHtml5DocumentBuilder.cpp @@ -67,18 +67,18 @@ nsHtml5DocumentBuilder::UpdateStyleSheet(nsIContent* aElement) } nsCOMPtr<nsIStyleSheetLinkingElement> ssle(do_QueryInterface(aElement)); - NS_ASSERTION(ssle, "Node didn't QI to style."); - - ssle->SetEnableUpdates(true); - - bool willNotify; - bool isAlternate; - nsresult rv = ssle->UpdateStyleSheet(mRunsToCompletion ? nullptr : this, - &willNotify, - &isAlternate); - if (NS_SUCCEEDED(rv) && willNotify && !isAlternate && !mRunsToCompletion) { - ++mPendingSheetCount; - mScriptLoader->AddExecuteBlocker(); + if (ssle) { + ssle->SetEnableUpdates(true); + + bool willNotify; + bool isAlternate; + nsresult rv = ssle->UpdateStyleSheet(mRunsToCompletion ? nullptr : this, + &willNotify, + &isAlternate); + if (NS_SUCCEEDED(rv) && willNotify && !isAlternate && !mRunsToCompletion) { + ++mPendingSheetCount; + mScriptLoader->AddExecuteBlocker(); + } } if (aElement->IsHTML(nsGkAtoms::link)) {

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] Merge remote-tracking branch 'brade/bug16495-02' into tor-browser-38.1.0esr-5.0-1
by mikeperry＠torproject.org 24 Jul '15

24 Jul '15

commit f5fb906af1ffd5078e8f70aec1e7852f109ce0d5 Merge: 9de178c 9e59dae Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Jul 24 00:00:46 2015 -0700 Merge remote-tracking branch 'brade/bug16495-02' into tor-browser-38.1.0esr-5.0-1 dom/base/Element.cpp | 20 ++++++++++++++++ dom/base/nsDocument.cpp | 5 +++- dom/base/nsIContent.h | 10 ++------ dom/base/nsIDocument.h | 25 ++++++++++++++++++++ layout/svg/nsSVGUtils.cpp | 39 +++++++++++++++++++++++++++----- layout/svg/nsSVGUtils.h | 1 + parser/html/nsHtml5DocumentBuilder.cpp | 24 ++++++++++---------- 7 files changed, 97 insertions(+), 27 deletions(-)

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] Bug #16005: Restrict WebGL minimal mode a bit.
by mikeperry＠torproject.org 22 Jul '15

22 Jul '15

commit 9de178cec5b92e32934d206009a6804f7b1a9188 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Jul 21 21:10:46 2015 -0700 Bug #16005: Restrict WebGL minimal mode a bit. Georg found an old netbook with slightly lower values for some properties. --- dom/canvas/WebGLContext.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/dom/canvas/WebGLContext.h b/dom/canvas/WebGLContext.h index f72d552..5a769aa 100644 --- a/dom/canvas/WebGLContext.h +++ b/dom/canvas/WebGLContext.h @@ -54,27 +54,27 @@ class nsIDocShell; * Exceptions: some of the following values are set to higher values than in the spec because * the values in the spec are ridiculously low. They are explicitly marked below * - * Tor Browser Modifications: The following values are the minimum between a 2009 laptop, and a 2013 Moto E + * Tor Browser Modifications: The following values are the minimum between an ancient netbook and a 2013 Moto E */ -#define MINVALUE_GL_MAX_TEXTURE_SIZE 4096 // Different from the spec, which sets it to 64 on page 162 -#define MINVALUE_GL_MAX_CUBE_MAP_TEXTURE_SIZE 2048 // Different from the spec, which sets it to 16 on page 162 -#define MINVALUE_GL_MAX_VERTEX_ATTRIBS 16 // Page 164 -#define MINVALUE_GL_MAX_FRAGMENT_UNIFORM_VECTORS 224 // Page 164 +#define MINVALUE_GL_MAX_TEXTURE_SIZE 2048 // Different from the spec, which sets it to 64 on page 162 +#define MINVALUE_GL_MAX_CUBE_MAP_TEXTURE_SIZE 2048 // Different from the spec, which sets it to 16 on page 162 +#define MINVALUE_GL_MAX_VERTEX_ATTRIBS 16 // Page 164 +#define MINVALUE_GL_MAX_FRAGMENT_UNIFORM_VECTORS 224 // Page 164 #define MINVALUE_GL_MAX_VERTEX_UNIFORM_VECTORS 256 // Page 164 -#define MINVALUE_GL_MAX_VARYING_VECTORS 16 // Page 164 -#define MINVALUE_GL_MAX_TEXTURE_IMAGE_UNITS 16 // Page 164 -#define MINVALUE_GL_MAX_VERTEX_TEXTURE_IMAGE_UNITS 16 // Page 164 -#define MINVALUE_GL_MAX_RENDERBUFFER_SIZE 4096 // Different from the spec, which sets it to 1 on page 164 -#define MINVALUE_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS 32 // Page 164 +#define MINVALUE_GL_MAX_VARYING_VECTORS 8 // Page 164 +#define MINVALUE_GL_MAX_TEXTURE_IMAGE_UNITS 8 // Page 164 +#define MINVALUE_GL_MAX_VERTEX_TEXTURE_IMAGE_UNITS 8 // Page 164 +#define MINVALUE_GL_MAX_RENDERBUFFER_SIZE 2048 // Different from the spec, which sets it to 1 on page 164 +#define MINVALUE_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS 16 // Page 164 /* The following additional values were set specifically for fingerprinting. - * These ranges came from a 2013 Moto E. + * These ranges came from a 2013 Moto E and an old macbook. * * These values specify the upper end of the maximum size of line and point * elements. The lower bounds are 1 in both cases (and the minimum of 1 is * guaranteed by OpenGL). */ #define MINVALUE_GL_ALIASED_LINE_WIDTH_RANGE 5 -#define MINVALUE_GL_ALIASED_POINT_SIZE_RANGE 255 +#define MINVALUE_GL_ALIASED_POINT_SIZE_RANGE 63 /* This value is used to cap the resolution of the viewport to (MAX x MAX) */ #define MINVALUE_GL_MAX_VIEWPORT_DIMS 4096

1 0

[tor-browser/tor-browser-38.1.0esr-5.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by mikeperry＠torproject.org 22 Jul '15

22 Jul '15

commit e3fae7ba7211c2c843ef3bd86998f146ae74ecdc Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Jul 21 20:13:44 2015 -0700 fixup! TB4: Tor Browser's Firefox preference overrides. Bug #16625: Fully disable network prediction. It was already partially disabled anyhow. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index af0ffdd..52fa327 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -114,6 +114,7 @@ pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562 pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review +pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 // Proxy and proxy security pref("network.proxy.socks", "127.0.0.1");

1 0

[torbutton/master] Bug 15781: Remove the sessionstore filter
by mikeperry＠torproject.org 22 Jul '15

22 Jul '15

commit 3df4216be7d681a000546ede7558801e42a40f57 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Jul 21 18:38:03 2015 -0700 Bug 15781: Remove the sessionstore filter It is now obsolete. Firefox now properly disables session store if private browsing mode is enabled. --- src/chrome.manifest | 4 -- src/components/tbSessionStore.js | 126 -------------------------------------- 2 files changed, 130 deletions(-) diff --git a/src/chrome.manifest b/src/chrome.manifest index 4dc08da..8323e66 100644 --- a/src/chrome.manifest +++ b/src/chrome.manifest @@ -141,9 +141,6 @@ contract @mozilla.org/mime;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} contract @mozilla.org/uriloader/external-protocol-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} contract @mozilla.org/uriloader/external-helper-app-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} -component {aef08952-b003-4697-b935-a392367e214f} components/tbSessionStore.js -contract @torproject.org/torbutton-ss-blocker;1 {aef08952-b003-4697-b935-a392367e214f} - component {06322def-6fde-4c06-aef6-47ae8e799629} components/startup-observer.js contract @torproject.org/startup-observer;1 {06322def-6fde-4c06-aef6-47ae8e799629} @@ -163,6 +160,5 @@ component {e33fd6d4-270f-475f-a96f-ff3140279f68} components/domain-isolator.js contract @torproject.org/domain-isolator;1 {e33fd6d4-270f-475f-a96f-ff3140279f68} category profile-after-change CookieJarSelector @torproject.org/cookie-jar-selector;1 -category profile-after-change TBSessionBlocker @torproject.org/torbutton-ss-blocker;1 category profile-after-change StartupObserver @torproject.org/startup-observer;1 category profile-after-change DomainIsolator @torproject.org/domain-isolator;1 diff --git a/src/components/tbSessionStore.js b/src/components/tbSessionStore.js deleted file mode 100644 index 7281bcf..0000000 --- a/src/components/tbSessionStore.js +++ /dev/null @@ -1,126 +0,0 @@ -// Bug 1506 P4: This code blocks the session store from being written to -// disk. It is fairly important, but only one small piece is needed. Search -// this file for 1506 for more details. - -/************************************************************************* - * Torbutton Session Store Control - * - * Uses the new Firefox 3.5+ session store APIs to prevent writing - * of tor-loaded tabs to disk. - * - *************************************************************************/ - -// Module specific constants -const kMODULE_NAME = "Torbutton Session Store Blocker"; -const kMODULE_CONTRACTID = "@torproject.org/torbutton-ss-blocker;1"; -const kMODULE_CID = Components.ID("aef08952-b003-4697-b935-a392367e214f"); - -const Cr = Components.results; -const Cc = Components.classes; -const Ci = Components.interfaces; -const Cu = Components.utils; - -function TBSessionBlocker() { - this.logger = Components.classes["@torproject.org/torbutton-logger;1"] - .getService(Components.interfaces.nsISupports).wrappedJSObject; - this.logger.log(3, "Torbutton Session Store Blocker initialized"); - - var obsSvc = Components.classes["@mozilla.org/observer-service;1"] - .getService(Ci.nsIObserverService); - obsSvc.addObserver(this, "sessionstore-state-write", false); - this.prefs = Components.classes["@mozilla.org/preferences-service;1"] - .getService(Components.interfaces.nsIPrefBranch); - - this.wrappedJSObject = this; -} - -TBSessionBlocker.prototype = -{ - QueryInterface: function(iid) { - if (!iid.equals(Ci.nsIClassInfo) && - !iid.equals(Ci.nsIObserver) && - !iid.equals(Ci.nsISupports)) { - Components.returnCode = Cr.NS_ERROR_NO_INTERFACE; - return null; - } - return this; - }, - - wrappedJSObject: null, // Initialized by constructor - - // make this an nsIClassInfo object - flags: Ci.nsIClassInfo.DOM_OBJECT, - - // method of nsIClassInfo - classDescription: kMODULE_NAME, - classID: kMODULE_CID, - contractID: kMODULE_CONTRACTID, - - // Hack to get us registered early enough to observe the session store. - _xpcom_categories: [{category:"profile-after-change"}], - - // method of nsIClassInfo - getInterfaces: function(count) { - var interfaceList = [Ci.nsIClassInfo]; - count.value = interfaceList.length; - return interfaceList; - }, - - // method of nsIClassInfo - getHelperForLanguage: function(count) { return null; }, - - _walkObj: function(soFar, obj) { - for (let m in obj) { - this.logger.log(2, soFar+"."+m); - if (obj[m] != obj) - this._walkObj(soFar+"."+m, obj[m]); - } - }, - - // observer interface implementation - // topic: what event occurred - // subject: what nsIPrefBranch we're observing - // data: which pref has been changed (relative to subject) - observe: function(subject, topic, data) - { - if (topic != "sessionstore-state-write") return; - this.logger.log(3, "Got Session Store observe: "+topic); - // In ESR 31 |subject| is |null| in non-private browsing mode. Thus, we - // are not able to clean anything. In Private Browsing Mode nothing is - // written in the first place and therefore no |sessionstore-state-write| - // notification is emitted. - try { - subject = subject.QueryInterface(Ci.nsISupportsString); - } catch (e) { - this.logger.log(3, "We got no data to clean"); - } - // Bug 1506: This is the only important bit, other than - // the registration goop. You don't even need the JSON - // garbage... - // - // Simply block sessionstore writes entirely in Tor Browser - try { - if (this.prefs.getBoolPref("extensions.torbutton.block_disk")) { - this.logger.log(3, "Blocking SessionStore write in Tor Browser"); - subject.data = null; - return; - } - } catch(e) { - this.logger.log(5, "Error blocking SessionStore write in Tor Browser: "+e); - } - - return; - } - -}; - -/** -* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4). -* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6). -*/ -Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); -// XXX: This won't work for FF3... We need to not register ourselves here.. -if (XPCOMUtils.generateNSGetFactory) - var NSGetFactory = XPCOMUtils.generateNSGetFactory([TBSessionBlocker]); -else - var NSGetModule = XPCOMUtils.generateNSGetModule([TBSessionBlocker]);

1 0